Cisco Identity Intelligence Defends Against Persistent Cyber Threats

Cisco has recently announced new advancements in the Cisco Security Cloud, to make security simpler for users. The latest milestones in this effort include the introduction of the first-ever Cisco Identity Intelligence, as well as continued innovation in artificial intelligence (AI) capabilities. These developments are in line with Cisco's vision of a unified, AI-driven, cross-domain security platform.

Cisco is introducing a new approach that combines identity, networking, and security to better protect complex identity stacks against sophisticated attackers.

In 2023, many large organizations were successfully attacked by threat actors who took advantage of the blind trust that exists between authentication and access solutions. Shockingly, over a quarter of all Cisco Talos Incident Response engagements that year involved attackers who gained access to valid accounts by using compromised credentials.

Many users have several digital identities and accounts, which can make it simple for hackers to gain access to different systems via lateral movement. Unfortunately, old permissions are usually not revoked, and security teams do not have crucial information about past identity behavior, actions across systems, and current risk levels. This information is essential for making accurate trusted access decisions.

Cisco Identity Intelligence is a tool that works on top of customers' current identity stores. It provides a comprehensive view of identities and utilizes AI-driven analytics. With this tool, customers can identify all their identities, eliminate vulnerable accounts, get rid of unused and risky privileges, detect unusual behavior, and block high-risk access attempts. The best part is that users can achieve all this without replacing their current solutions.

While multifactor authentication (MFA) remains a critical first line of defense against identity-based attacks, malicious actors are using new and creative ways to steal credentials. According to the 2024 Duo Trusted Access Report, Cisco Duo processed 16 billion authentications in 2023, up 41% annually, and saw weaker forms of MFA like SMS and phone calls dip to an all-time low of 5%, yet the volume of identity attacks is higher than ever.

“Identity is the fabric that connects humans, devices, and applications in the workplace and has become an easy target for modern cybersecurity attacks. Organizations need to adopt an identity-first approach to security, which among other things allows them to evolve from just asking 'can' a user access a system to continuously assessing whether a user 'should' be able to do what they are doing once they are authenticated,” said Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco. “By analyzing the entire attack surface of an organization’s users, machines, services, apps, data, and their behaviors, Cisco Identity Intelligence bridges the chasm between authentication and access. We are the first vendor bringing together identity, networking, and security into a complete solution to address the largest cyber challenge of modern times.”

Cisco Identity Intelligence is built on a powerful identity graph that pulls data from customers’ many existing third-party sources that manage identity and access. With AI-driven behavioral analytics and Cisco's unmatched reach into the network, organizations can take a graduated response, such as quarantining an identity, killing active sessions, or isolating the network by leveraging the Cisco Identity Services Engine (ISE). Cisco customers will gain visibility with these critical insights through their existing solutions, including:

• Smart Authentication with Cisco Duo: Detect unusual patterns based on behavior and third-party signals.
• Smart Access with Cisco Secure Access: Verify the authentication decision and block unusual or high-risk behaviors.
• Smart Threat Detection with Cisco XDR: Correlate identity signals to provide missing information that traditional endpoint and network security solutions miss.

Cisco Identity Intelligence will be available in July 2024, enhancing the value of existing investments in the Cisco Security Cloud.

"Hybrid work and modern multi, hybrid cloud IT architectures have evolved the perimeter to be based on Identity. The reality is that this modern identity includes islands of embedded legacy identity and corresponding directories, creating a complex, forever-evolving problem. Thus, a zero-trust future does not exist without identity having a prominent seat at the cybersecurity table," said Frank Dickson, Group Vice President, Security & Trust, IDC. "Cisco now bridges the two worlds of identity and security to offer actionable visibility."

"Identity is the new perimeter to protect and it's an ongoing challenge for enterprises as witnessed by recent security breaches. Identity threat detection and response (ITDR) aims to converge identity and security, strengthening controls tied to authenticated access leveraging multiple data sources and analytics," said Will Townsend, Vice President & Principal Analyst, Moor Insights & Strategy. "Cisco's announcement is a step forward, combining identity intelligence and actionable insights with its existing network visibility, XDR orchestration, Secure Access, and Duo access capabilities."

Continued AI Momentum

Cisco is working to introduce AI technology throughout their Cisco Security Cloud to assist defenders. They have recently revealed the Cisco AI Assistant for Security which can help customers make informed decisions, improve their tool capabilities, and automate complex tasks. Additionally, after launching the AI Assistant for firewalls, Cisco is now introducing more innovative AI capabilities.

• AI Assistant in Secure Access: Leverage generative AI to create security policies using natural language within Cisco’s Secure Services Edge (SSE) solution.
• Securing AI: New capabilities in Secure Access will now automatically detect and protect intellectual property (IP) as it flows in and out of AI systems.
• AI-based Email Threat Detection: Cisco Email Threat Defense now utilizes AI to evaluate multiple parts of an incoming email for indicators of malicious intent simultaneously.

Secure Connectivity

Cisco has integrated its strong networking capabilities with Cisco Secure Access. This integration has resulted in the launch of Experience Insights, which is powered by Cisco ThousandEyes. Experience Insights can improve the productivity of hybrid workers by quickly identifying any connectivity or application issues and facilitating faster resolution.

This feature is included in all Secure Access licenses and does not require any additional cost. Furthermore, Catalyst SD-WAN has been integrated into Cisco Secure Access to provide a complete Secure Access Service Edge (SASE) offering.