Threat actors are now using compromised credential attacks, a strategy involving the use of various credentials to log into organization accounts. In 2023, more than 26 percent of all Cisco Talos Incident Response engagements involved threat actors using compromised credentials on valid accounts. Because of this growing threat, Cisco is prioritizing identity within its security strategy with Cisco’s Identity Intelligence, an innovative security solution driven by data analytics and artificial intelligence.
Identifying compromised credentials is crucial for preventing network security breaches. Detecting suspicious activity, however, becomes challenging when attackers possess valid and authorized credentials. “Organizations are facing identity sprawl, and the tools used to manage identity exist within a range of unconnected — and often varied — identity providers and toolsets,” explained Chad Skipper, Global Security Technologist at Cisco. “To combat this, enterprise customers need a layer of identity intelligence that runs on top of their identity stores and bridges this gap between authentication and access.”
Cisco Identity Intelligence will bridge the gap between authentication and access, bringing together identity, networking, and security. And through AI-driven behavioral analytics and Cisco’s extensive network reach, organizations can implement a graduated response, including actions like quarantining an identity, terminating active sessions, or isolating the network, utilizing Cisco Identity Services Engine (ISE). Partners can expect to see this integrated into Cisco Duo, Cisco’s Extended Detection and Response (XDR) solution, and Cisco Secure Access.
Oftentimes users are susceptible to exploitation because of vulnerabilities within their system or security and password choices. Once access is gained, traditional security measures may not detect unauthorized access, giving threat actors ample time to take advantage of weaknesses without being noticed. “Identity is the fabric that connects humans, devices and applications in the workplace, and has become an easy target for modern cybersecurity attacks,” said Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco. “Organizations need to adopt an identity-first approach to security, which, among other things, allows them to evolve from just asking ‘can’ a user access a system to continuously assessing whether users ‘should’ be able to do what they are doing once they are authenticated.”
Patel further expressed how Cisco’s ambition is to play a significant role in identity management without becoming an Identity Provider (IdP). The aim is to function as an intelligence layer above various identity providers, allowing companies to retain their investments in these providers while leveraging the wealth of identity-related data.
Cisco’s Identity Intelligence initiative promises enhanced visibility for customers and partners using their current solutions. For instance, Cisco Duo will offer intelligent authentication that detects unusual patterns based on behavior. Meanwhile, Cisco Secure Access ensures smart access by analyzing authentication decisions and blocking suspicious activity. Additionally, Cisco XDR enhances threat detection by correlating identity signals, providing insights that conventional security tools might overlook. This transformative capability is set to become available within Cisco’s fiscal year in 2024.
Learn more about how security and AI innovation is creating new opportunities for partner growth here.
