Cisco unveiled new innovations within the Cisco Security Cloud as part of its mission to simplify security. First-of-its kind Cisco Identity Intelligence and continued innovation in artificial intelligence (AI) capabilities are the latest milestones towards its vision of a unified, AI-driven, cross-domain security platform.
Cisco is introducing an industry-first approach that brings together identity, networking and security to better protect organisations’ complex identity stack against increasingly sophisticated attacker techniques.
Today there is blind trust between authentication and access solutions, and threat actors have successfully compromised some of the largest organisations in the world in 2023 by targeting these weaknesses. In fact, more than 26% of all Cisco Talos Incident Response engagements in 2023 involved adversaries using compromised credentials on valid accounts.
A user is often mapped to many digital identities and accounts – drastically increasing entry points for attackers and the possibility of lateral movement “across” identities. Too often legacy permissions have not been removed, and security teams are missing crucial context about historical identity behaviour, actions across systems and current risk levels that are needed to make trusted access decisions.
Cisco Identity Intelligence runs on top of customers’ existing identity stores and provides unified visibility, as well as AI-driven analytics. Customers can discover their whole identity population, clean up vulnerable accounts, eliminate unused and risky privileges, detect behaviour anomalies and block high-risk access attempts – without ripping and replacing their current solutions.
While multifactor authentication (MFA) remains a critical first line of defence against identity-based attacks, malicious actors are using new and creative ways to steal credentials. According to the 2024 Duo Trusted Access Report, Cisco Duo processed 16 billion authentications in 2023, up 41% annually, and saw weaker forms of MFA like SMS and phone calls dip to an all-time low of 5%, yet the volume of identity attacks is higher than ever.
“Identity is the fabric that connects humans, devices and applications in the workplace, and has become an easy target for modern cybersecurity attacks. Organisations need to adopt an identity-first approach to security, which among other things allows them to evolve from just asking ‘can’ a user access a system to continuously assessing whether a user ‘should’ be able to do what they are doing once they are authenticated,” said Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco. “By analysing the entire attack surface of an organisation’s users, machines, services, apps, data and their behaviours, Cisco Identity Intelligence bridges the chasm between authentication and access. We are the first vendor bringing together identity, networking and security into a complete solution to address the largest cyber challenge of modern times.”
Cisco Identity Intelligence is built on a powerful identity graph that pulls data from customers’ many existing third-party sources that manage identity and access. With AI-driven behavioural analytics and Cisco’s unmatched reach into the network, organisations can take a graduated response, such as quarantining an identity, killing active sessions or isolating the network leveraging Cisco Identity Services Engine (ISE). Cisco customers will gain visibility with these critical insights through their existing solutions, including:
• Smart Authentication with Cisco Duo: Detects unusual patterns based on behaviour and third-party signals.
• Smart Access with Cisco Secure Access: Verify the authentication decision and block unusual or high-risk behaviours.
• Smart Threat Detection with Cisco XDR: Correlate identity signals to provide missing information that traditional endpoint and network security solutions miss.
Cisco Identity Intelligence will be available July 2024. With the addition of Identity Intelligence to the Cisco Security Cloud, customers will get even more value from their existing investments.
“Hybrid work and modern multi, hybrid cloud IT architectures have evolved the perimeter to be based on Identity. The reality is that this modern identity includes islands of embedded legacy identity and corresponding directories, creating a complex, forever-evolving problem. Thus, a zero-trust future does not exist without identity having a prominent seat at the cybersecurity table,” said Frank Dickson, Group Vice President, Security & Trust, IDC. “Cisco now bridges the two worlds of identity and security to offer actionable visibility.”
“Identity is the new perimeter to protect and it’s an ongoing challenge for enterprises as witnessed by recent security breaches. Identity threat detection and response (ITDR) aims to converge identity and security, strengthening controls tied to authenticated access leveraging multiple data sources and analytics,” said Will Townsend, Vice President & Principal Analyst, Moor Insights & Strategy. “Cisco’s announcement is a step forward, combining identity intelligence and actionable insights with its existing network visibility, XDR orchestration, Secure Access and Duo access capabilities.”
Continued AI Momentum
Cisco continues to make AI pervasive across the Cisco Security Cloud to help to tip the scales in favour of defenders, including the recently unveiled Cisco AI Assistant for Security, which helps customers make informed decisions, augment their tool capabilities and automate complex tasks. On the heels of launching the AI Assistant for firewall, today, Cisco’s rapid pace of innovation is on display with additional groundbreaking AI capabilities:
• AI Assistant in Secure Access: Leveraging the power of generative AI, customers can create security access policies using natural language prompts within Cisco’s Secure Services Edge (SSE) solution.
• Securing AI: New capabilities in Secure Access will also automatically detect and protect intellectual property (IP) as it flows in and out of AI systems.
• AI-based Email Threat Detection: Cisco Email Threat Defence now uses AI to simultaneously evaluate different portions of an incoming email for markers of malicious intent.
Secure Connectivity
Cisco is integrating its robust Networking capabilities with Cisco Secure Access. Experience Insights, powered by Cisco ThousandEyes improves productivity for hybrid workers by quickly revealing connectivity and application issues and fostering faster resolution. There is no additional cost for this feature, as it is included in all Secure Access licences. Cisco Secure Access also now integrates Catalyst SD-WAN, for a complete Secure Access Service Edge (SASE) offering.