Augmenting Secure Access at the Service Edge with Cisco Secure Endpoint

Secure Access Service Edge is a network architecture that combines VPN and WAN capabilities with cloud-native security functions like web gateway, cloud access security brokers (CASB), firewall and identity and access.

By leveraging the cloud, SASE makes it possible to deliver security out to the edge without backhauling and the inevitable disruption and overhead that comes with it. It’s a vision for a secure networking model that the security market is reaching towards. However, the sudden change to the workforce has increased the market demand for flexible, cloud-delivered network and security.SASE represents the same business decision that cloud routinely offers – decentralizing data and bandwidth. And it’s a good business decision. But it doesn’t change the totality of control points required for security. SASE is an excellent evolution of the first line of security defense but not a final line of defense. Web gateways and cloud firewall will take care of block/allow. CASB will offer behavior controls and data protection inside cloud applications. But to get that last line of defense, you need the insight into the critical interactions that are taking place on the device itself.

“The flexibility and network visibility that is provided by Cisco Secure Endpoint and Umbrella has made our operations more effective.We have started to provide uninterrupted services to end users at more than 400 locations.”

Kadir Yildiz
Vice President of IT Governance, Turkish Airlines

In addition to the visibility described previously Secure Endpoint monitors behavior patterns such as including which applications are being used, how often, the manner in which they are being used, etc.)

These insight, and the individual event logs of everything happening within the endpoint, are a crucial element to making informed security decisions – especially with everyone off the corporate network. Secure Endpoint records where and when every file originated, how it behaves over time, and is constantly reassessing whether or not that file should be considered malicious.This means that when something does happen, a complete history of behavior is instantly available to investigation and remediation. Having the “what” and “why” to the degree available with Secure Endpoint further enrich the value a SASE solution provides to any organization.The behavioral data provided by Secure Endpoint is a very important factor in detecting and stopping advanced threats. A great example of this is the Living off the Land Attack (LotL) attacks, where bad actors only use the tools or features that already exist in the target environment. Operating systems typically carry automation and scripting tools to make administrative activities easier, which in turn can be used to help attackers accomplish their objectives. These attacks fly under the radar of typical detection tools because, fundamentally, they look like legitimate functions. But with a baseline understanding of how the admins usually use these tools, this sort of attack would be discovered and dealt with quickly.