29.3 billion – that’s the approximate number of devices and network connections estimated globally by 2023, according to the latest Cisco Annual Internet Report. As we get more connected, we can expect to see a massive rise in cybersecurity threats – a trend that is predicted to double from 9 million in 2018 to 15.4 million by 2023 globally. The increasing consumerization of IT and growing distributed network of users who access business critical applications are posing a real and serious challenge for security teams.
You need a platform that can meet your evolving enterprise needs to securely connect trusted users to the right applications on the network fast. You need a solution that is continuously nourished with contextual insights from your network to make access control decisions. But the real question is: How do you continually verify trust for both users and devices at scale when massive data and device proliferation is part of today’s reality?
Unifying User and Device Protection with Cisco Endpoint Security and Duo
We are beyond excited to announce that the integration between Cisco® Advanced Malware Protection (AMP) for Endpoints with Duo is now available. This powerful tandem unifies secure user access and device protection, empowering your zero-trust security platform for all users, devices and applications. This means endpoints that deemed infected or compromised will be blocked from accessing Duo-protected applications. With AMP for endpoint you get a comprehensive cloud-delivered next-generation antivirus endpoint protection platform (EPP), and advanced endpoint detection and response (EDR). It’s the endpoint security you need to stop breaches and block malware; then rapidly detect, contain, and remediates advanced threats that evade front-line defenses. On the other hand, Duo enables unified access security and multi-factor authentication (MFA) and contextual user access policies that can verify a user’s identity to ensure they are who they say they are and add more checks on the trustworthiness of devices through security health inspections.
“It’s not about getting rid of the perimeter – but rather tightening security on the inside. The new perimeter is less about the edge of the network, and now more about any place you make an access control decision.”
Wendy Nather, Head of Advisory CISOs, Cisco Duo, Summarized from Zero Trust: Going Beyond the Perimeter
Trust is neither Binary nor Permanent
Duo’s Trusted Endpoints feature lets you define and manage trusted endpoints and grant secure access to your organization’s applications with device certificate verification policies. Every time a user logs into an application using Duo, it reaches out to its cloud service that applies the Trusted Endpoints policy setting to the access attempt. The Duo prompt checks for the Duo device certificate in the user’s personal store. If present. Duo reports the endpoint as trusted. If the Duo certificate isn’t present, we report that the endpoint does not have a certificate (and is therefore not a managed endpoint). Application access may be blocked from that device. This helps you distinguish between unmanaged endpoints and managed endpoints that access your browser-based applications and enable you to set create newer policies within AMP. These new endpoints policies that we create would then tracks whether users accessing the applications have the Duo device certificate present or can block access to various applications from systems without the Duo certificate. The platform enables us to create synergy and harness integration touchpoints between technologies to basically see once and block everywhere.
Establishing Device Trust to Secure the Workforce: Visibility that informs Policy
AMP for Endpoint continuously monitoring and can quickly detect a threat, identify it’s point of origin, track its rate of progression, show you where else it’s been, see exactly what it is doing, and if it has infected any other endpoints on the network. When Duo and Cisco AMP for Endpoints have shared visibility into a Windows or macOS endpoint, Duo can block user access to applications protected by Duo from endpoints deemed compromised by AMP.
With zero-trust security from Duo, Cisco protects access to 3,000 applications for 120,000 users and 400,000 devices worldwide. Check out the ‘Duo + Cisco: Workforce Zero Trust’ to learn more.
A Platform Approach to Security
Cisco’s vision for a security platform is built from a simple idea that we mentioned earlier -security solutions should act as a team, learning from each other, listening and responding as a coordinated unit. Our platform, Cisco SecureX, connects the breadth of Cisco’s integrated security portfolio and your entire security infrastructure for a consistent experience that unifies visibility, enables automation, and strengthens your security across your network, endpoints, cloud, and applications. We’re committed to creating a platform that delivers a better security experience at every point in your network. The seamless integration with other security technologies, backed by Talos threat intelligence, helps you block, detect, investigate, and respond to threats across your entire environment–not just at your endpoints.
Leverage Cisco Threat Response to accelerate threat investigations, Adaptive Multi-Factor Authentication (MFA) to enable zero trust and Cisco’s robust API to integrate with technology partners and get more value from your Cisco Security investment. With the AMP for Endpoint and Duo integration, we can ensure business agility by providing a secure, frictionless access to any application, from anywhere, while significantly reducing the attack surface.
If you are joining us this week at RSAC2020 come check out Endpoint Security and Duo to experience a demo within the Security area. Start securing your applications with a free trial of Duo and AMP for Endpoint today.
Our VPN uses DUO to authorize access. Does AMP enable DUO to disengage VPN’s?
Thank you for stopping by. Yes, this specific use case will stand true if Duo is deployed for AnyConnect client using SAML integration- then the Trusted Endpoint AMP policy will disengage VPNs .If your team is using Radius integration then the policy might not work and will allow access to devices irrespective of the device state. I recommend speaking with your account manager to understand how we can accomplish this for you.