Avatar

In 2023, threat actors struck quickly, hitting identities and identity providers hard and compromising some of the largest organizations on the planet. With that in mind, Cisco is placing identity at the heart of its security strategy and pioneering new identity intelligence capabilities powered by data analytics and AI.

At its core, identity intelligence revolves around the understanding and management of identity information within an organization. This includes not only the who and what of access, but also the when, where, and how of interactions between systems and data. By leveraging identity intelligence, organizations gain a clear picture of potential vulnerabilities and threats based on identity behaviors and access patterns.

A year of compromised credentials

According to the Talos 2023 Year in Review report, compromised credentials were responsible for a quarter of Cisco Talos Incident Response engagements. A quick scan of headlines from last year only reinforces this: big manufacturing companies and even identity providers have all been hit. The resulting data breaches are still having an impact, costing organizations millions of dollars in recovery fees.

Today, there is blind trust between our access and our identity solutions. This breaks zero trust. Organizations are facing identity sprawl, and the tools used to manage identity exist within a range of unconnected — and often varied — identity providers and toolsets. To combat this, enterprise customers need a layer of identity intelligence that runs on top of their identity stores and bridges this gap between authentication and access. This isn’t an outright replacement of their current tools. Rather, it’s something that adds new insights and telemetry while leveraging the information that already exists in their environments.

There is a big disconnect between authentication and access — a blank space, the darkness of active identity behaviors. But what if we could shine the light into this dark space? Instead of asking, “CAN the user get access to these resources like Workday or Concur?” we should be asking, “SHOULD the user get access based on current identity intelligence?”

Cisco Identity Intelligence will bridge the gap between authentication and access, bringing together identity, networking and security. With this, Cisco is infusing advanced identity intelligence into Cisco Duo, Cisco’s Extended Detection and Response (XDR) solution and Cisco Secure Access.

Cisco Identity Intelligence & Duo

Identity intelligence sits on top of customers’ disparate directories and identity tools to provide unique insights into how identities are being actively used. This is used, along with Trust Monitor, Risk-Based Authentication and other security data in Duo, to provide actionable insights and automated scaled policy enforcement. This can help security teams detect, remediate and prevent both identity compromise and account takeover.

Currently in private preview, Cisco Identity Intelligence will be available in the Duo Advantage and Premier editions. Organizations will now have visibility into identity infrastructure with a single, comprehensive interface to identify user access, protect user identities, detect changes in activities and respond to posture risk and security threats.

Identity intelligence sits on top of customers’ disparate directories and identity tools to provide unique insights into how identities are being actively used.

 

Cisco Identity Intelligence & XDR

The same identity intelligence being injected into Duo is also being integrated into Cisco’s XDR solution.

Cisco Identity Intelligence enriches this integration by offering detailed insights into user behaviors and access patterns, enabling a more comprehensive and nuanced understanding of potential security threats. Cisco XDR deeply understands email, web, endpoint and the network already. With the addition of Identity Intelligence, Cisco is offering a first-of-its-kind Identity Threat Detection and Response (ITDR) stack to organizations of any shape or size.

 

With the addition of identity intelligence, Cisco is offering a first-of-its-kind Identity Threat Detection and Response (ITDR) stack for organization of any shape or size.

 

Cisco Identity Intelligence & Secure Access

Finally, we will be using Cisco Identity Intelligence to bring smarter zero trust access decisions to Cisco Secure Access, empowering security teams to defend against identity-based attacks.

Before you deploy Cisco Secure Access, Identity Intelligence will collect data from the existing fabric of identity and access management tools. This enables administrators to clean up unused and vulnerable identities that leave your network exposed to account takeover threats, improving your zero-trust readiness. Identity Intelligence will also expose subtle shifts in identity posture by aggregating extended attributes and user behavior factors from a wide range of Cisco and third-party sources. The resulting identity graph represents a composite view of every identity and continuously tracks changes that empower administrators to create and enforce sophisticated Secure Access policies.

And finally, Identity Intelligence will allow security teams to block or challenge unusual identity behaviors based on risk. In the future, this would enable unpredictable behaviors to be evaluated against the baselines of users and their peers, detecting user-based risk according to who the user is and the resource they’re accessing. This could then initiate an incremental reduction in access rights or full session termination to reduce the blast radius of a compromised identity.

 

We’re using Cisco Identity Intelligence to bring smarter zero trust access decisions to Cisco Secure Access, empowering security teams to defend against identity-based attacks.

 

Streamlining security operations with AI

While Identity Intelligence is the emerging innovation, Cisco isn’t sitting idle on our AI innovations. During Cisco Live Amsterdam, we’ll be launching the AI Assistant for Security in Secure Access. This AI Assistant will simplify access policy creation by automatically converting conversational English phrases into security policies. Using the assistant, administrators can save time, improve operational efficiency, and reduce complexity.

Secure Access is also introducing data loss prevention (DLP) for Generative AI applications, which addresses the risks and concerns surrounding the growing usage and adoption of AI in the enterprise.

The new integration between Secure Access and Cisco’s Identity Services Engine (ISE) will use AI-driven identity intelligence to enable administrators to use detailed, identity-based information to make proactive governance decisions (via policy).

Secure Access with Experience Insights will address health and performance issues for users, apps and network connectivity. It will also enable IT and security teams to optimize user productivity by quickly revealing connectivity issues and fostering faster resolution.

In Email Threat Defense, AI is coming to the front and using various detectors to simultaneously evaluate different portions of an incoming email for markers of malicious intent. Finally, Cisco XDR has been enhanced and will provide real-time MITRE ATT&CK mapping, promoting automated mapping for adversary behaviors into XDR detections.

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

Instagram
Facebook
Twitter
LinkedIn



Authors

Chad Skipper

Global Security Technologist

Security Business Group