Context is Everything When it Comes to Securing Application Access

Context is everything. When information is taken out of context, we are most likely to miss the big picture, or worse, be misinformed. This is true for security as well because context provides crucial information for IT teams to establish user and device trust and to make an access decision. Today, companies are seeing the need to develop strategies that will enable employees to work on demand, either using employer-provided laptops or personal devices from anywhere. Your employees need access to critical business data and applications to remain productive. The added complexity of the hybrid IT environment can make security a blocker for your teams. In this layered environment, IT teams play a critical role in enabling businesses and they need to understand when to provide access to employees and when not to — without impacting user experience and productivity. They need a solution that can aggregate and correlate security events within seconds to provide a real-time understanding of your security environment.

The challenge of securing access

It is common for large teams to work in silos, resulting in multiple tools and solutions being deployed that do not share context with each other. With siloed visibility and toolsets, you may have to manually accomplish critical workflows like threat investigation and remediation. This leads to inefficiencies in security operations and efficacy gaps in your overall security environment.

Projects that aim to enforce security hygiene by strengthening breach defense, enabling secure remote workers, or adopting a zero-trust security approach could be regarded as siloed projects — even when there are communications among teams. One thing that each of the before-mentioned projects have in common is establishing trust and verifying that access attempts aren’t introducing additional risk. This function requires tools that collect context about the access attempts and enforce controls that will either allow or block each request. If projects use disconnected or multiple tools for these controls, it causes friction for end-users and increases overall spending — both capital expense and soft costs in maintenance overhead.

These security projects are not mutually exclusive, so organizations need an integrated security platform for teams and tools to work together in harmonious balance. A platform that can unify visibility across network and application access attempts via managed or unmanaged endpoints and remote workers, offering simpler, stronger and more cost-effective security. The good news is that we’ve built this platform into our broad security portfolio to transform your infrastructure from a series of disjointed solutions into a fully integrated environment.

Securing application access with SecureX and Duo

Cisco SecureX connects access controls across the workforce, workload, and workplace to help democratize our comprehensive zero-trust approach by removing the barriers between the teams responsible for each control. And Duo is an integral part of the platform that provides the contextual information required to establish user trust and device trust. With a relentless focus on ease of deployment and an intuitive user experience, Duo neither disrupts productivity for IT teams nor end-users.

  1. Establishing user trust: Verifying user credentials with multi-factor authentication (MFA) is considered basic security hygiene in today’s world. Duo gathers relevant context beyond just MFA to make an informed decision about the access request, such as the user’s role/privilege, location of access, time of access, and the network used to make an informed decision.
  2. Establishing device trust: Endpoints are a critical attack vector for most organizations. A unified view of your environment is important to keep up with the sudden exponential growth of remote workers and their devices. As organizations enable a larger remote workforce, Cisco is seeing the number of daily authentications from VPNs increase by 157 percent. Duo helps these organizations establish device trust by inventorying the endpoints that are accessing corporate applications. Administrators can get device insights from this inventory such as the status of management, out-of-date OS/browser version, disk encryption, and password/biometrics. On mobile devices, jailbroken/rooted status; and on desktops/laptops, status of host firewall and endpoint agents (e.g., Cisco AMP for Endpoints) are additionally checked.

With this contextual information about the user and their device, Duo’s policy engine enables administrators to set granular, adaptive access controls from a centralized location. Achieving the end goal that only trusted users and compliant endpoints gain access to critical applications.

The SecureX advantage

1. Sign-on: SecureX is a cloud-native platform that administrators access from any location and device. To ensure only verified users gain instant access to SecureX and all their security infrastructure while delivering the best login experience, Duo’s easy to use MFA secures the sign-on to SecureX. This is a built-in feature that does not require Duo licenses.
securex logon

2. Unified visibility: The SecureX dashboard provides ROI metrics and operational measures that help SecOps, ITOps and NetOps teams to understand the overall security hygiene of the organization. SecureX users can customize their dashboard with one or more widgets per app.

securex dash

SecureX is included with Duo, and one such dashboard widget shares:

  1. users not enrolled in MFA
  2. devices running out-of-date operating system (OS)
  3. access security events

3. Automated workflows: SecureX also frees up your teams by automating critical security workflows. If you are like most teams, completing workflows means following convoluted, manual processes that increase the dwell time of threats and the risk of human error leading to potential downtime. Think about how your SecOps, ITOps and NetOps teams can create workflows to automatically verify the user identity or their actions based on the context shared by the integrated product portfolio.

Let’s consider an example: If you are like most NetOps teams needing to support a much more massive remote workforce, you have dedicated people monitoring the VPN session device load. In the event of the load exceeding 70 percent, an additional head-end is deployed manually. With SecureX, a playbook runs to periodically query the VPN session device load. In the event that the load is 70% or more, a message is sent to your Webex Teams room and a Duo authorization is automatically sent to the administrator to approve an automated additional virtual head-end deployment. Enabling your teams to control more with less effort and act faster with your existing resources.

Additionally, through integrations with 3rd party SIEMs such as Splunk, one can create playbooks for security events, such as usage of stolen passwords, anomalous or suspicious login activity, non-compliant device access and more.

Sign up for SecureX

Learn how Cisco can help you maximize your existing security investments and empower your IT teams to do more through automated workflows and ready-to-use playbooks. SecureX becomes commercially available in June, but sign up today to be first in line.