Cisco security upgrades strengthen access control, risk analysis

Cisco has strengthened some of its key security software packages with an eye toward better protecting distributed enterprise resources.

Specifically, Cisco added more intelligence to its Duo access-protection software and introduced a new application called Business Risk Observability that can help enterprises measure the impact of security risks on their core applications. The company also enhanced its secure access service edge (SASE) offering by expanding its SD-WAN integration options.

Cisco Duo enhancements strengthen access control

The cloud-based Duo service helps protect organisations against cyber breaches by using adaptive multi-factor authentication (MFA) to verify the identity of users and the health of their devices before granting access to applications.

Cisco paid US$2.35 billion in 2018 for Duo and has been enhancing and expanding its use across its product line. Most recently, Cisco rolled out Duo Passwordless Authentication with support for biometric authentication, including Microsoft Windows and Apple Macs.

Passwordless authentication is aimed at reducing the risk of phishing attacks and their ability to utilise stolen passwords as well as addressing MFA fatigue.

With that in mind, the Duo service now also supports features called Remembered Devices and Wi-Fi Fingerprint that allow users to avoid repeated authentications as they move from application to application in trusted operations.

Another new feature, called Verified Push, enables Duo to recognise behaviour from known attack patterns and require the user to enter a code instead of just pushing a button to confirm.

Using MFA fatigue as an attack vector has led to some high profile breaches, said Tom Gillis, senior vice president and general manager of security at Cisco.

“Attackers have built an attack that will look like an MFA request on your phone, but it's actually a way to get into the network,” he said. “So rather than have users mindlessly clicking through MFA requests, we have added the ability to intelligently and selectively let customers set a security policy that reduces that possibility.”

Business Risk Observability scores threat potential

Cisco’s new Business Risk Observability application is designed to help IT teams gauge the seriousness of vulnerabilities and prioritise which are most pressing to address.

The application combines data from multiple sources – score distribution data from Cisco’s Kenna Risk Meter, business transaction details from Cisco AppDynamics, API details from its Panoptica software and threat intelligence data from Talos – to generate a business risk score for applications or services that have a high likelihood of exploitation, Gillis said.

“If customers have 100 vulnerabilities across their network, they don’t want to hear that they need to patch them all because that just doesn’t happen – they need to know which ones to prioritise and that’s what Business Risk does,” Gillis said. “It gives customers a better understanding of the risk of problems and the business impact of fixing them.”

The Business Risk Observability application, available now, is part of Cisco’s emerging Full-Stack Observability architecture.

The broader platform employs a variety of technologies, including OpenTelemetry, to offer applications and services that correlate network and application data across multiple domains to help customers analyse software performance and behaviour using artificial intelligence (AI) and machine learning (ML) techniques.

Cisco's AppDynamics Cloud application-monitoring service uses OpenTelemetry, and additional applications will be added to the Full-Stack Observability architecture in the future, Cisco says.

For example, Cisco will be unveiling deeper, bi-directional integration between AppDynamics and Cisco’s ThousandEyes digital-experience monitoring software.

The tighter integration will enable correlation of business issues across application transactions and their dependencies, end-user experiences, the network path and internet routing, according to Liz Centoni, Cisco’s chief strategy officer and general manager, applications.

“Applications are moving targets. Managing and securing them requires insights on application behaviour, network intelligence, and ultimately the users and devices that interact with them,” Centoni wrote in a blog about this week’s news.

“Applications are no longer just another way to interact with customers, partners, and end users. They are the business and every organisation must deliver always-on, secure, exceptional application experiences to win in today’s experience economy.”

Cisco strengthens SASE, SD-WAN ties

In addition to the new applications, Cisco bolstered its SASE subscription service by expanding access to its core Cisco SD-WAN package (Viptela) for increased security, networking and application access.

Until now, the SASE subscription service, called Cisco+ Secure Connect, featured Cisco Meraki SD-WAN technology, which includes integrated branch connectivity, security, management, orchestration and automation support, manageable via a single dashboard.

To simplify network security and policy management, Cisco+ Secure Connect now supports integration into Cisco SD-WAN fabrics using Viptela technology. 

The idea is to offer customers an option to buy and implement SASE or SD-WAN technology where they need it, all via a cloud operating model that makes it simple to buy and consume the necessary components, Cisco said. 

Integrating Cisco+ Secure Connect with the core enterprise SD-WAN offering takes the package up a notch by offering centralised management for policy and monitoring and increased secure internet access for branch offices.