Authenticating a user does not mean that this person should have access to everything. Yet it often does. Attackers know this too. With Cisco Identity Intelligence, Cisco wants to do something about this.
Security and Identity and Access Management (IAM) are often quite separate worlds. That’s a problem, because these worlds impact each other. Authentication does not mean having access to an organization’s environment and data without additional scrutiny. At least, that shouldn’t be the case. In practice, that’s not a hard and fast rule, we hear from Cisco. According to Talos Incident Response, attackers used data from valid accounts in 26 percent of cases by 2023. With Cisco Identity Intelligence, the company wants to change that.
Cisco Identity Intelligence
It’s best to think of Cisco Identity Intelligence as a layer over existing offerings. It is emphatically not intended to become an IAM provider itself, according to Cisco, we hear during a session at Cisco Live EMEA in Amsterdam this week. In other words, Cisco Identity Intelligence works together with existing IAM solutions.
Cisco Identity Intelligence uses what is called an identity graph, which pulls in data from existing IAM solutions. On this data it unleashes the necessary analytics, with the help of AI, coupled with all kinds of information Cisco can extract from the network. It is then possible to deny an identity certain privileges, quarantine an identity, isolate it or close active sessions, among other things. These actions take place from Cisco Identity Services Engine (ISE), but are powered by Identity Intelligence.
Integration into existing offerings
Cisco Identity Intelligence is not a stand-alone product. It is linked to other parts of Cisco’s portfolio, as we saw above with Cisco ISE. It adds intelligence to authentication, access and threat detection.
When it comes to authentication, Cisco Identity Intelligence should be able to more intelligently detect unusual patterns in the behavior of identities. It should also make Cisco Secure Access, the company’s SSE offering, smarter and better. Identity Intelligence controls the decision to grant access to an identity and blocks unusual and risky behavior of these identities, according to Cisco. Finally, Identity Intelligence also feeds Cisco’s XDR platform. This should allow XDR to also properly incorporate input from identity into the analysis.
Cisco Identity Intelligence will be available from July 2024. It is part of a Cisco Security Cloud license.
Read also: Cisco XDR aims to reduce alert fatigue, increase signal to noise ratio
20 hours ago
