Cisco‘s most recent product may assist thwart social engineering and identity theft attempts.
Jeetu Patel, EVP & GM, Security and Collaboration Business Units, Cisco, claims that exploiting the human factor has made breaking through firewalls easier than ever before.
This is where a new level of network security and observability may be provided by Cisco Identity Intelligence.
The difference between ‘if’ and ‘should’
With how advanced social engineering attacks have become, it has never been easier for a hacker to impersonate your voice, disable your multi-factor authentication (MFA), and add their own device onto your network to steal your intellectual property (IP) and ransom your data.
Speaking as Cisco Live in Amsterdam, Patel states that hackers have switched to the mindset of, “why log in… when you can hack in?”
This is especially relevant, he added, when 74% of attacks utilize a human element to breach an organizations network, such as the example above, or through phishing and malicious emails.
Traditionally, internal access is granted on the basis of asking ‘if’ a user can access a network, but Patel argues that the question should be changed to ask ‘should’ a user have access to a network, and this should be based on their behavior.
This latest security offering from Cisco provides the ability to monitor human and machines/services within a network to identify threats based on their behaviors and interactions. The Identity Intelligence platform will generate an identity graph to correlate the behaviors of users, machines and applications.
These behaviors will be based on the role of the users, their physical location and device to identify if there is a threat potential. For example, a user may have previously accessed the network on an old device and forgot to log out.
If this device begins exhibiting unusual behavior on the network, such as existing in a different location or attempting to access applications and services outside of the users role, the device will be flagged as a potential intrusion.
The identity graph will provide observability on old devices and access permissions, allowing network administrators to quickly decommission both of these vulnerabilities through the Cisco Security Cloud.
The platform’s ease of use is further enhanced by access to an AI Assistant in CISCO Security Cloud which provides natural language prompts to generate security access policies for their network and firewall, alongside an AI-based email threat detection.
Speaking on the announcement, Patel said, “Identity is the fabric that connects humans, devices and applications in the workplace, and has become an easy target for modern cybersecurity attacks.
“By analyzing the entire attack surface of an organization’s users, machines, services, apps, data and their behaviors, Cisco Identity Intelligence bridges the chasm between authentication and access. We are the first vendor bringing together identity, networking and security into a complete solution to address the largest cyber challenge of modern times.”
The Identity Intelligence platform will be available as an embedded part of the Security Cloud from July 2024.
