Delivering Zero Trust security for the workforce and workplace
This blog series will highlight exciting new developments and integrations between solutions within the Cisco Security portfolio with our acquisition of Duo Security. These posts will cover details about the problems that are being solved by these integrations with links to helpful technical documentation if you are interested in seeing for yourself the benefits that are provided. If you would like further information on how you can improve your security posture by leveraging these integrations, please contact our sales team.
Zero-trust is a comprehensive security approach that secures access by your users, devices, applications and networks. This approach to security helps organizations implement practices that establish trust in the users and devices accessing sensitive applications and network resources, helping to prevent unauthorized access and reduce the risk of an attacker’s lateral movement through the network.
To protect the workforce, a zero-trust security approach ensures only the right users and secure devices can access applications. And for the workplace, it secures all user and device connections across the network, including IoT. The integrations provided between Duo Security and Cisco’s Identity Services Engine (ISE) provide zero-trust application and network access controls you need for the workforce and workplace.
ISE and the AnyConnect Secure Mobility Client empowers your mobile workforce with secure Virtual Private Network (VPN) access to the workplace. By integrating with Duo, you gain enhanced device visibility and multi-factor authentication (MFA) and establishing device trust.
Problem Solved: Customers who want to implement additional verification of the user when providing access to their corporate network via VPN. The motivators behind this requirement are:
Solution: You can enhance remote access security with Duo Security, Cisco ISE, and the AnyConnect Secure Mobility Client. It’s easy to add multi-factor authentication to VPN access so that you can verify the trust in remote users. Here’s how:
Cisco AnyConnect Client + Cisco ASA utilizes Cisco ISE for Access Control. Customers add the Duo Authentication Proxy as a 2nd authentication source in the Cisco ISE. Upon AnyConnect login, users are prompted for 2FA from Duo.
ISE controls network administrator access to critical network infrastructure equipment like switches and routers with the added security layer of Duo’s multi-factor authentication to mitigate the risks of unauthorized access which could result in intentional misconfigurations that cause severe network outages.
Problem Solved: Most customers have network devices (Routers, Switches etc) in their environments which require access to manage and configure. Many of these network devices utilize a Cisco protocol called TACACS+ to authenticate and authorize end user admin access to the network device. Customers want to enable MFA for admin access to these network devices.
Solution: With the Duo MFA Integration with ISE for TACACS+ Device Administration with Microsoft Active Directory Users customers can protect admin access to network devices which utilize the TACACS+ protocol for primary authentication to ISE and 2FA with Duo by utilizing the Duo Authentication Proxy.
Stay tuned for more integration stories and use cases. You can learn more about Cisco Zero Trust here, and if you want to see the powerful security controls that Duo offers you can sign-up for a free trial at sign-up.duo.com .
Source:blogs.cisco.com
Learn more about Duo
