6 C
New York
Monday, November 25, 2024

Layered Safety for RADIUS With Cisco


Dream world for the CISO

Organizations have all kinds of sources to guard. And a few sources are simpler to guard than others. Nevertheless, it’s not the straightforward stuff that retains a CISO up at night time. Earlier than we dive into the more difficult examples, let’s think about a state of affairs that permits a CISO to sleep peacefully.

On this state of affairs, when a employee “goes to work” (both within the workplace or remotely), they open their company laptop computer and login to a SaaS utility. This employee sorts the URL into their browser, logs in with their SSO supplier and authenticates utilizing their fingerprint (biometric) on the system. Behind the scenes, this person is connecting to the applying by means of a Zero Belief Community Entry (ZTNA) resolution and authenticating with SAML protocol (or OIDC or OAuth2.0), the fashionable authentication methodology for cloud functions.

This state of affairs is the dream state of affairs (and simpler) to guard:

  • Trendy, cloud utility
  • Coverage-driven utility entry
  • Phishing-resistant authentication
  • Trusted, managed system

The fact verify

Nevertheless, the dream state of affairs can be the least prone to be the reason for a breach. As an alternative, attackers are exploiting legacy know-how or networks the place it’s troublesome to deploy additional safety and implement coverage, like phishing-resisting multi-factor authentication (MFA) or ZTNA. Whereas organizations are on their infrastructure modernization journey, we have to have a practical plan to guard the lengthy tails of legacy belongings which can be nonetheless in place and could also be troublesome to safe.

What will be carried out?

Layered safety with RADIUS

One in all these under-rated, however widespread, authentication protocols is RADIUS (Distant Authentication Dial-In Consumer Service). RADIUS is a standard network-based authentication protocol for customers and units that want to hook up with the community.

In case your group is able the place routers, switches, wi-fi entry factors and VPNs all use RADIUS, Cisco can assist. First, Cisco Id Companies Engine (ISE) offers a layer of Community Entry Management by providing AAA safety (Authentication, Authorization, and Entry). This safety exists for customers connecting to the community within the workplace and staff connecting to the community by means of the VPN.

The challenges and safety implications round legacy VPN entry are nicely documented, which is why organizations are transferring towards trendy structure with ZTNA. The issue is that many legacy functions should not suitable with ZTNA and organizations should grasp on to their VPN infrastructure. It isn’t a shock that whereas 86% of organizations have began to undertake zero belief, 98% haven’t reached maturity. Basically, they’re caught on this journey.

That’s the place Cisco Safe Entry is available in. Safe Entry has built-in each VPNaaS and ZTNA capabilities. This enables organizations to modernize VPN infrastructure and join utilizing Cisco’s cloud resolution, falling again to VPNaaS if ZTNA is just not attainable. In apply, all customers have the identical expertise when connecting to functions (legacy or trendy, VPN-required or ZTNA-compatible) and the know-how takes care of the work behind the scenes.

In relation to VPNaaS use instances, organizations with ISE deployment can leverage the distinctive integration between Safe Entry and Cisco ISE to offer an additional layer of safety. Because of this when customers connect with VPNaaS, they’re protected by ISE’s authentication, posture evaluation, and community segmentation, all by means of a single agent — Safe Consumer.

We begin with VPNaaS and Cisco ISE working collectively and subsequent we add an additional layer of protection with one other type of authentication (that’s the place the “multi” in MFA is available in). Cisco Duo can provide RADIUS assist for legacy VPNs by means of the Duo Authentication proxy by including servers to a company’s atmosphere. However while you use Duo with ISE and VPNaaS, there’s a distinctive API integration that permits RADIUS authentication with out the necessity for the extra server in your atmosphere. And all the tip person sees is the standard Duo push that they’re used to when accessing cloud functions.

Now, even when authenticating with RADIUS, customers have a seamless expertise, and organizations have layered safety to shut potential gaps within the assault floor.

Safe organizations with Consumer Safety Suite

Within the ultimate world, a company may shield all its sources utilizing essentially the most superior and trendy know-how and protocols. Nevertheless, organizations have a variety of belongings that every one want safety, no matter how straightforward or arduous it’s to guard. When combining the community safety by means of Cisco ISE with Consumer Safety Suite instruments, Cisco can present the options you want right now when you proceed to modernize for the long run. And permit CISOs to get night time’s relaxation.

To be taught extra about how Cisco’s Consumer Safety Suite can shield your workforce, join with an skilled right now.

Share:

Related Articles

Latest Articles