Cisco unveils ‘Identity Intelligence'
Bron: artikel integraal overgenomen van Siliconangle
Origineel auteur: Duncan Riley
Cisco Systems Inc. today announced new advancements in its Cisco Security Cloud that simplify security with artificial intelligence and protect against identity-based attacks.
First up is Cisco Identity Intelligence, a new solution that Cisco claims is the industry’s first attempt to combines identity, networking and security. The company says the combination better protects organizations’ complex identity stacks against increasingly sophisticated attacker techniques.
Cisco argues that today, there is blind trust between authentication and access solutions and because of this, threat actors successfully compromised large organizations in 2023 by targeting these weaknesses. Last year, more than 26% of all Cisco Talos Incident Response engagements involved adversaries using compromised credentials on valid accounts.
The problem, as seen by Cisco, is that a user is often mapped to many digital identities and accounts — drastically increasing entry points for attackers and the possibility of lateral movement across identities. Often, legacy permissions have not been removed and security teams miss crucial context about historical identity behavior, actions across systems, and current risk levels needed to make trusted access decisions.
This is where the new Cisco Identity Intelligence solution steps in. It runs on top of customers’ existing identity stores and provides unified visibility, as well as AI-driven analytics.
Using the solution, customers can discover their whole identity population, clean up vulnerable accounts, eliminate unused and risky privileges, detect behavior anomalies and block high-risk access attempts – without needing to replace existing solutions.
Identity Intelligence is built on an identity graph that pulls data from existing third-party sources that manage identity and access. Using AI-driven behavioral analytics and reaching into the network, organizations can choose to take a graduated response, such as quarantining an identity, killing active sessions or isolating the network by leveraging the Cisco Identity Services Engine.
The solution provides critical insights from existing solutions, including Smart Authentication with Cisco Duo, which detects unusual patterns based on behavior and third-party signals. Smart Access with Cisco Secure Access is used to verify the authentication decision and block unusual or high-risk behaviors and Smart Threat Detection with Cisco XDR correlates identity signals to provide missing information that traditional endpoint and network security solutions miss.
�“Organizations need to adopt an identity-first approach to security, which, among other things, allows them to evolve from just asking ‘can’ a user access a system to continuously assessing whether a user ‘should’ be able to do what they are doing once they are authenticated,” said Jeetu Patel, executive vice president and general manager of Security and Collaboration at Cisco. “By analyzing the entire attack surface of an organization’s users, machines, services, apps, data and their behaviors, Cisco Identity Intelligence bridges the chasm between authentication and access.”
Artificial intelligence
Along with the announcement of Cisco Identity Intelligence, Cisco also announced an expansion in AI capabilities in Cisco AI Assistant for Cloud. Announced in December, the service is designed to enhance cybersecurity measures by providing advanced data analysis, policy recommendation and automated task management.
The expanded features include AI Assistant in Secure Access, a new tool that uses generative AI to allow customers to craft security access policies by using natural language prompts. Integrated within Cisco’s Secure Services Edge solution, the assistant offers a more intuitive interface for policy creation.
New capabilities in Secure Access now automatically detect and protect intellectual property as it flows in and out of AI systems. Additionally, Cisco Email Threat Defense now uses AI to simultaneously evaluate different portions of an incoming email for markers of malicious intent.
Finally, Cisco announced it’s integrating its robust networking capabilities with Cisco Secure Access. Experience Insights, powered by Cisco’s ThousandEyes, improves productivity for hybrid workers by quickly revealing connectivity and application issues and fostering faster resolution. There is no additional cost for this feature, as it is included in all Secure Access licenses.