An interesting thing happened while we were busy revolutionizing the workplace with cloud and mobile technologies. We upended conventional network security models in the process.
For decades, IT security involved creating a hardened network perimeter to separate the public Internet from the private corporate network. Trusted users, devices and applications were protected inside a barrier of firewalls, access controls, intrusion detection solutions and other measures. The model has been likened to an M&M – a hard outer shell protecting a soft, chewy center.
That outer shell is melting away, however. Mobile employees are using personal devices to access data and applications from the open Internet and a variety of public and private clouds. These practices produce undeniable productivity and efficiency benefits, but they are also eroding the traditional perimeter and creating openings for a wave of sophisticated and stealthy cyber threats.
A new security model is needed, and there’s growing support for an approach that makes identity the new perimeter. Identity-based security doesn’t replace conventional security measures, but it puts much greater emphasis on ensuring that all users, devices and applications accessing the network are properly identified and authorized.
Never Trust. Always Verify.
Identity and access management (IAM), multi-factor authentication, real-time user verification, device validation and privilege limitations are essential components of identity-based security. So are security policies that focus on users and groups rather than on legacy firewall rules and IP addresses.
The concept of an identity perimeter is also closely linked with the concept of “zero trust.” In this model, there are no trusted users or devices — everyone and everything accessing the network is presumed to be a threat until they’ve been properly identified and validated. Even after verification, all traffic is continually evaluated with a variety of inspection techniques such as event logging and correlation, anomaly detection, and resolution management.
By continuously inspecting and logging all traffic, the zero trust model improves network visibility and boosts IT’s ability to identify malicious activity. For additional protection inside the firewall, zero trust enforces the concept of least-privilege access. Users, devices and applications are restricted from accessing any resources they don’t specifically need.
Zero trust isn’t a single product or technology. Rather, it is a model requiring the integration of several technologies. Cisco has developed a deep portfolio of products that map directly to a zero-trust model.
The core components of Cisco’s approach are its Identity Services Engine (ISE) and Stealthwatch solutions, which combine to support authentication, policy enforcement, security visibility and more. ISE uses profiling to gain deep visibility into who and what is accessing the network, and it stores a detailed history about key attributes of all users, devices and apps. ISE also enables network-wide policy enforcement from a central location.
Stealthwatch, Cisco’s network security analytics solution, monitors and analyzes telemetry data from across the network to identify malicious patterns in traffic. When it detects an anomaly, it issues an alert and sends a quarantine command to the ISE dashboard. The offending user can be quarantined with a single click.
Several other Cisco solutions augment a zero trust platform. For instance, Cisco’s SD Access enables network segmentation to isolate sensitive areas of the network and restrict the movement of stealth malware. The Cisco Tetration analytics tool can be used to automate policy recommendations, conduct policy impact analyses and detect policy deviations. The entire portfolio can be managed and orchestrated through Cisco DNA Center.
The perimeter-focused approach to network security doesn’t address today’s realities. Give us a call to discuss identity-based security, the zero trust model or any other network security issues. As a Cisco Gold Partner with over two decades of network security experience, we can help you assess your current security posture and determine if changes could help your organization.