Is CDO Secure?
CDO offers end-to-end security for customer data through the following
CDO requires multi-factor authentication for users to connect to their
cloud portal. Multi-factor authentication is a vital function needed
to protect the identity of customers.
All data, in flight and at rest, is encrypted. Communication from devices
on customer premises and CDO is encrypted with SSL, and all
customer-tenant data volumes are encrypted.
CDO's multi-tenant architecture isolates tenant data and encrypts traffic
between databases and application servers. When users authenticate
to gain access to CDO, they receive a token. This token is used to
fetch a key from a key-management service, and the key is used to
encrypt traffic to the database.
CDO provides value to customers quickly while making sure customer
credentials are secured. This is achieved by deploying a "Secure
Data Connector" in the cloud or a customer's own network (in
roadmap) that controls all inbound and outbound traffic to make sure
the credential data doesn't leave the customer premises.
I received the error "Could not validate your OTP" when logging into
CDO for the first time
Check that your desktop or mobile device clock is synchronized with a
world time server. Clocks being out of sync by less or more than a
minute can cause incorrect OTPs to be generated.
Is my device connected directly to Cisco Defense Orchestrator cloud
Yes. The secured connection is performed using the CDO SDC which is used
as a proxy between the device and CDO platform. CDO architecture,
designed with security first in mind, enables having complete
separation between data traversing back and forth to the device.
How can I connect a device which does not have a public IP
You can leverage CDO Secure Device
Connector (SDC) which can be deployed within your
network and doesn't need any outside port to be open. Once the SDC
is deployed you can onboard devices with internal (non-internet
routable) IP addresses.
Does the SDC requre any additional cost or license?
What types of Virtual Private Network are currently supported with
For ASA customers, CDO supports IPsec Site-to-Site VPN tunnel management only. Stay tuned for updates to our What's New page.
How can I check the tunnel status? State options
CDO performs the tunnel connectivity checks automatically every hour,
however ad-hoc VPN tunnel connectivity checks can be performed by
choosing a tunnel and requesting to check connectivity. Results may
take several seconds to process.
Can I search a tunnel based on the device name as well as its IP
address of one of its peers?
Yes. Search and pivot to a specific VPN tunnel details by using available
filters and search capabilities on both name and the peers IP