Cisco’s announcement of Cisco Identity Intelligence at Cisco Live 2024 Amsterdam signals a strategic move to integrate identity into its Security Cloud. This move aligns with the increasing recognition among IT leaders that identity plays a crucial role in organizational security strategies.
Why is identity intelligence so critical? Compromised credentials are no joke. The second annual Cisco Talos Year in Review report breaks down the major trends that shaped the threat landscape in 2023 by sorting through massive amounts of data covering things like incident response engagements, network traffic, email corpus, sandboxes, honeypots, and endpoint detections. The report showed that compromised credentials on valid accounts were responsible for almost one-quarter of incidents in 2023.
Image source: Cisco Talos Year in Review
It’s long been clear to me that security is a key component of Cisco’s overall value proposition, but sometimes Cisco doesn’t immediately come to mind when thinking about best-in-class security solutions. The company isn’t just a networking behemoth; it’s a security powerhouse. This infusion of identity intelligence capabilities into Security Cloud is a smart move.
The report mirrored other cybersecurity-focused findings identifying an increase in the targeting of network devices from APTs and ransomware actors. These threat actors quickly exploit vulnerabilities and rely on the ability to consistently discover and exploit weak and/or default credentials. In fact, the report showed that exploits in public-facing applications and compromised credentials represent 51% of initial access vectors observed by Talos IR.
Image Source: Cisco Talos Year in Review
Compromised credentials provide an attractive threat vector. As Jeetu Patel, Cisco’s EVP/GM Security & Collab BUs succinctly said: “Why hack when you can just log in.” It’s hard to argue that.
Patel cited the stat that stolen credentials and human elements make up 74% of cyberattacks – which we often discuss on our SecurityANGLE podcast. Humans are the most attractive entry points into organizations, and threat actors take full advantage of that.
Additionally, networking equipment is a very attractive target for threat actors because it offers up a large attack surface and access to a victim network. Even though networks are vulnerable, the Cisco Talos report showed that, in many instances, they are transmitting massive amounts of sensitive data. Networks are often not scrutinized from a security standpoint as they should be and are often left unpatched or poorly patched. High-value targets with weak security — that’s everything a cyber criminal dreams of. With its massive presence in networking, Cisco’s move to bring enhanced security to the network is key.
Cisco Identity Intelligence: An Open Solution Providing Continuous Analysis Capabilities
Cisco Identity Intelligence was designed as an open solution offering, which means that Cisco’s Identity Intelligence is a thin analytics layer that sits above customer identity sources and directories and works with any identity providers customers might already be using. That means no rip and replace; instead, the analytics layer works with what’s already in your tech stack. This “meeting customers where they are” mindset is something that I think customers find incredibly valuable today and I like seeing this functionality on Cisco’s part.
AI-powered, machine-scale tactics employed by savvy threat actors and machine-scale defense are needed today to thwart them. Continuous analysis capabilities are part of the Cisco Identity Intelligence solution, providing the continuous monitoring of access requests/attempts with a view toward which humans and also machine identities should have access before that access is granted. In my opinion, that’s a question we are collectively not asking enough: “Should they (or it) have access,” not “Can they (or it) have access.”
Cisco Identity Intelligence is designed to bring together networking, security, and identity and will enhance Cisco Duo, Cisco’s Extended Detection and Response (XDR) solution, and Cisco Secure Access. Cisco Identity Intelligence is currently in private preview — Duo Advantage and Premium customers can request access to the Duo Advanced Identity Protection platform with Cisco Identity Intelligence here
Improving Zero Trust Readiness
Cisco Identity Intelligence will play an outsized role in helping security teams defend against identity attacks with the zero-trust decisioning capabilities it brings to Cisco Secure Access. Admins can improve their zero trust readiness, find and fix vulnerable identities that expose the network, and identify user behavior gathered from both Cisco and third-party sources. This will allow admins to more effectively enforce their organization’s Secure Access policies.
AI Assistant for Security in Secure Access
Cisco also announced the launch of the AI Assistant for Security in Secure Access, designed to help reduce complexity and improve productivity/efficiency — exactly what every customer today seeks. A Data Loss Prevention for generative AI apps was introduced, as was Email Threat Defense, which uses AI to evaluate incoming emails for threats. These last two: data loss prevention and email threat defense were topics that my colleague Jo Peterson and I covered in a recent episode of our podcast, the SecurityANGLE. Email is the most attractive threat vector, and data acquisition is a threat actor’s prize — I’m glad to see Cisco coming to the plate with these timely solutions.
I’m always encouraged to see Cisco lean more heavily into its security chops and work to simply its solution set. While Cisco has a major presence in the security market, I don’t believe the company is often top of the mind as a top security vendor, which is a key challenge for Cisco. We have talked about Cisco’s success in the security sector here at theCUBE Research before, but what has largely been missing is a definitive security narrative from Cisco. The infusion of these capabilities into Cisco Security Cloud is a step forward regarding messaging and solving for this. I like it.
Related reads on this topic:
Cybersecurity: Evolution of the AI Threat, Three Stages to Watch in 2024
Breaking Analysis: Cisco Needs to Simply, Here’s How
Cisco Unveils Identity Intelligence to Enhance Cloud Security with AI and Networking Integration
