Extending Zero Trust with Secure Endpoint

It’s no longer secure enough to verify users once because, inevitably, attackers will find a way to exploit any weakness to get into your network.

Zero Trust is a strategic approach that centers on the concept of eliminating blind trust for an organizations network architecture. Unlike traditional security where trust is both binary and permanent, a Zero Trust model considers all access requests to be verified before access is granted. It’s a desirable state because it means having better understanding of users, devices, containers, networks, and applications. It reduces the attack surface by segmenting resources and only granting the minimum access needed.

A comprehensive approach to Zero Trust facilitates this minimum-access paradigm at three levels – the workforce, the workload, and workplace. Secure Endpoint delivers critical endpoint prevention and response controls for zero trust at the workforce level and helps to ensure users and devices can be trusted as they access systems, even as they access them remotely.

Multi-factor Authentication (MFA) is an important step in a Zero-Trust approach, especially when securing remote workers. MFA verifies the identity of the user or application requesting access. It can use device posture assessments to reject or deny access requests, like blocking access for devices that are running outdated and vulnerable operating systems. But it is not designed to know if the device that is about to access the network has been compromised by malware.

Interested in learning about our complete approach to Zero Trust?

Learn how we can help you secure the workforce, workload and workplace.

“Secure Endpoint (formerly AMP for Endpoints) gives us unprecedented visibility into our environment. It’s like a time machine that allows us to analyze threats and intrusions even before they become known malware.

Incident response has become a matter of minutes with the actionable alerts in the security console.”

Wouter Hindriks
Team Lead Network & Security,Missing Piece

That’s where Cisco Secure Endpoint steps in.

Because it has that deep knowledge in to each device, it is able to provide that last line of defense and context for those remote access requests. Secure Endpoint protects the user and the data on every device. Not only does it know the current security posture of the endpoint, but it also takes the necessary action to stop the threat at the endpoint before compromise. Because Secure Endpoint uses continuous monitoring and behavioral analytics, it’s always aware of any confirmed or potential threats. With this endpoint telemetry readily available, access can now be granted in a dynamic way that takes all of these elements into account.

Secure Endpoint automatically sends deep endpoint telemetry data to Cisco Secure Access by Duo to enrich the data used in its routine posture check during an access request. In the event that a device is found to be compromised, Duo will automatically reject the access request, effectively blocking the device from accessing Duo protected resources until the issue is remediated. This automated, condition-specific access greatly increases the security posture of the organization while decreasing the tedious work of the teams in keeping the bad guys out of the corporate network.