October 2, 2024 • 50 mins
Cisco’s Identity and Access Management (IAM) tools, such as the Identity Services Engine (ISE), are designed to provide secure access to networks by ensuring that the right people or devices can access the appropriate resources. Some of the key features include: Centralized Access Control: ISE provides policy-based network access control, enabling administrators to define rules based on user identity, device type, and other contextual data. This is critical in enforcing security policies. Zero Trust Architecture: It supports a Zero Trust model, which requires users and devices to authenticate every time they request access to resources, reducing the risk of security breaches. Endpoint Visibility and Profiling: Cisco ISE identifies and profiles devices that are connected to the network, enabling administrators to monitor, segment, and control access based on device type and security posture. Multi-factor Authentication (MFA): Integrating with MFA, Cisco IAM solutions provide added layers of security by ensuring that users must prove their identity with multiple factors. Integration with Other Cisco Solutions: Cisco’s IAM integrates seamlessly with other Cisco security and networking solutions, like Secure Network Analytics and Cisco Umbrella, to provide enhanced visibility and protection.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Appreciate everybody joining in.
(00:02):
See, Andres, today, May 24th,
and welcome to the Security in 45 show, everybody.
Today, we've got a pretty cool topic, identity management,
something that everybody is using
and could probably simplify.
I like this topic, Andres.
Users are the biggest threats in the network
(00:23):
that we see every day.
Proper identity management rules can make our lives
as network and security engineers a lot simpler
once we get kind of centralized management control.
So I'm excited to learn a little bit more about that today.
Yeah, and it's gonna be interesting.
(00:43):
Identity management, what we see today is that very vital
for any company doing hybrid work,
users working from home,
users working from anywhere or even in the office.
So it's gonna make a lot of sense in basically,
identity management is how we define roles
and force role-based access,
(01:04):
which is one of the things that we hear a lot
from our customers nowadays.
It is also one of the things that we want to make sure
we know when we start planning our zero trust frameworks
or implementations and things like that.
And today we have John and we have Sam
(01:26):
and these guys are amazing.
They've been doing security for a while.
So super excited to have them on the show today
just to talk about identity management.
And with that, John and Sam, I'm gonna give it to you.
John, if you wanna introduce yourself
and then pass it to Sam.
Awesome, thank you very much.
(01:46):
So a little bit about myself.
I've been with Cisco for a little over a decade
at this point, so I think pushing 11, 12 years,
about 10 of those years I was in tech,
specifically around security, around ICE,
and then literally every single piece of security
we have out there.
And then from there I got pulled over to pre-sales
where I got to meet back up with Mike and Andreas and Sam,
(02:09):
pushing commercial East.
And now I am one of the two TSAs in the Navy for the DoD.
Again, all things secured.
Sam.
Hi everyone, so my name's Sam Baxter
and I'm a Solutions Engineer as well at Cisco.
I've been here going on nine years.
The first half of that I worked as a consulting engineer,
(02:31):
doing a lot of post-sales delivery
for multiple technologies.
I moved into pre-sales,
so got to work with these fine gentlemen
with commercial East.
And now I'm working to support our enterprise customers.
So just focusing on all things security.
And my background has been focused on identity.
(02:52):
So looking forward to the conversation today.
Nice to meet you all.
I'm pretty fortunate to have been able to work
with all of you on the same team
at different times throughout our career.
John, you were always the guy I could ask
all my ICE questions to back in the TAT days
and then coming to pre-sales,
being on the same team with you and Sam
and now with Andreas.
Guys are already getting some good compliments
in the chat here.
(03:14):
Ferdinand and Lucas and Anthony,
appreciate the comments.
Any comments or questions you guys have,
just throw them in there.
And if we can't answer them live on the show,
happy to sync up with you guys one-on-one
or we'll of course answer those all through email as well.
All right.
IAM, like what is IAM Sam?
What does it do?
(03:35):
Is IAM Active Directory?
Could you elaborate kind of high level
what IAM stands for and what we're talking about here?
Yeah, yeah, so IAM stands for Identity and Access Management.
It's important to understand that IAM
is not a specific product.
It's really like a strategy and a framework.
(03:57):
Multiple different products can provide IAM capabilities.
But essentially the core objective of IAM
is to make sure that you protect your assets.
As users are accessing your resources,
you wanna make sure you're giving the right level of access
to the right people.
And Active Directory can play a big part there
(04:20):
as a user directory,
but it doesn't have to be just Active Directory, right?
Could be a SAML IDP, could be another authentication source.
But there are a lot of capabilities within IAM.
So things like single sign-on, focusing on helping users,
to eliminate friction with users.
(04:41):
And then you also have like your security components, right?
Device trust, lightweight posturing.
So a lot of that stuff we'll get into in the future
on this call, but IAM also should allow you
to do governance of your policies.
So you really wanna make sure you have adequate logging.
(05:03):
Wanna make sure that you can look back at the access request
and make sure that this user logging into this resource
is tracked, right?
So you can have a trail of these requests.
But yeah, it's not a specific product.
At Cisco we have Duo,
(05:24):
and that's gonna provide a lot of IAM capabilities,
but we can integrate with other solutions as well
to strengthen that identity security.
Just to kind of really continue on
with what Sam is mentioning.
It is a full solution.
We have to make sure that you are looking
at the right product for the features
that you are trying to secure.
(05:45):
So IAM is not gonna be a single vendor.
Cisco has multiple different pieces that can do IAM,
or can do parts of IAM,
but it's not gonna be a single vendor.
It's not gonna be a single product
that we're gonna be looking forward to really
lock down an entire environment.
And that's where pretty much this whole conversation
is gonna go into is what pieces and parts
(06:07):
that we can look at to make sure
that your full solution is ready.
Very nice.
So thinking of it more holistically in terms of a solution,
maybe it takes a while,
a journey to get to where you really wanna be
since it's not a particular product, but great stuff.
And Sam, I like to call about the accounting portion
of it as well, kind of having those logs
(06:28):
so we can see if we need to look back in time
for any type of threats or access control.
Yeah, just to add onto that, right?
Like we just wanna make sure
if there is unauthorized access
or any type of breach or anything, right?
Session theft, we wanna make sure
that we're able to track that.
And a big component of IAM is being able to respond
(06:51):
to those threats in real time, right?
So that's a capability that Cisco has improved upon.
So we can definitely talk about that later on the call.
And would that be just people running around
like manually unplugging ports out of walls
and stuff like that?
Is that what we're talking about?
No, no, you wanna make sure you can tie it back
into that directory, right?
(07:12):
Maybe to adjust those rights in real time
or just remove the user from the network, right?
Adjusting the session or making that session invalid.
Yeah, glad to hear there's a better way.
And honestly, you could still run around
and unplug and plug for us.
That's where I am.
I'm just using the old scissors.
Just to cut the cable.
Just updating myself here.
(07:34):
That was awesome.
And it's a good, interesting just conversation
about capabilities features,
things that we can do with IAM.
So pretty cool with that.
John, the next question I have
and it's just to dig deeper into identity management
or IAM capabilities,
(07:55):
if we can share a little bit about that.
Yeah, so the main purpose of IAM
is to validate users and devices coming onto the network.
So that can be done many different ways.
And then from there, the authorization of it.
So we're really talking AAA across the board.
Authentication for the users, for the devices,
pieces and parts coming onto,
(08:16):
whether it's your network accessing applications,
your workloads, what have you.
And then the authorization part.
What are they doing?
What are they allowed to be doing?
Should we allow access, block access,
really kind of give it restrictive pieces?
If somebody's coming in,
they have a vulnerability on their machine.
How can we quarantine them so we can fix them later?
(08:38):
It may not just be restriction that's going on here.
We could also redirect.
So if we're looking at user or guest user access
that's coming onto the network,
we can redirect them to a portal, make people log in.
So you know anything and everything that's going on.
And really leaning back on that,
that's where we can go onto the last A of AAA,
(08:59):
the accounting portion of it.
Where are we getting those logs?
What logs do we need?
Where are we sending those logs
that we can go back and look at?
Like Sam was mentioning earlier.
What is our audit trail?
How do we prevent the sensitive data from getting out there?
And of course, as Mike mentioned at the very beginning,
it's all about, first we wanna protect the users with IAM.
Then we also wanna protect the devices
(09:21):
when it comes to whether it's ICE doing posture,
or Duo doing device insights.
How can we see things coming into your environment?
And a lot of it's going to kind of circle back
into a conversation of zero trust.
Andrea, as you mentioned earlier,
zero trust is a big term that's gonna be out there.
And I'm sure we're gonna be talking more and more about it.
So I don't wanna belabor it right now.
(09:42):
But IAM starts off with let's validate everybody.
And now let's make sure that we have the
correct authorization for them within the network,
accessing the application, your workload, what have you.
That's great info, John.
Thank you, thank you so much.
And yeah, that is also one of the pillars for zero trust.
(10:04):
And that's good segue for what we're gonna talk
in a few minutes.
John, the part you mentioned about the authorization,
do you, in your opinion, do you feel that that's a part
that maybe gets overlooked too frequently?
Because I think of the first A, the authentication,
that's something everyone's doing.
But how common is it, or are people doing a great job
(10:27):
with authorization that you generally find?
It is a very mixed bag that's out there.
So it's easy to give somebody all access,
and it's easy to give somebody no access.
So the no access is usually the most secure.
That's where we start talking zero trust.
Zero access, zero trust.
We don't trust anybody that's out there.
(10:48):
But then it's very easy to give somebody full access.
So when it comes to modern IAM capabilities,
a lot of this can be dynamic.
So as a user comes in, they authenticate,
maybe as you mentioned, they go through,
they pulled a cable,
but then they plug the cable in somewhere else.
How do we make sure that they have the same authorization
(11:09):
from port to port?
Or if they're trying to spoof a phone
or something like that,
how do we make sure that they stay
where they're supposed to be?
How do we make sure that they stay in their lane
is the easiest way I can say it.
And all of that is going to come down
to that authorization side.
Most users out there, again, zero or all.
(11:29):
It doesn't have to be that way.
Everything can be configured on the central side.
Again, whether it's gonna be off of Duo,
it's gonna be off of ICE, secure workload.
We can start locking things down
based off of segmentation rules.
So we're looking at macro segmentation,
micro segmentation.
However, we can really start limiting it down.
And for me, the implementation is gonna be key.
(11:49):
So you always start off large
and you start scoping it down.
I'm sure we'll talk about that more here in a bit too.
That's great.
Excellent.
A live question did come in
in terms of what are the key benefits
of using Cisco as an identity solution?
So any thoughts on that?
(12:10):
I know we're not trying to plug Cisco here.
We're talking more industry concepts,
but any call-outs there?
So I'll jump onto that.
Sam, back me up with whatever you wanna put in there.
Interoperability is the biggest thing that comes from Cisco.
So when it comes to whether we're looking at ICE and Duo
or really just ICE is kind of a linchpin
(12:33):
across your whole system,
the interoperability that we put out there,
we follow the RFCs for anything and everything.
So if we're looking at specifically say radius,
if we're looking at communication between them,
we have open APIs across all of our platform now.
We'll use PXGrid to be able to communicate,
share information back and forth.
And we're not looking at just our IAM solutions
(12:57):
when it comes to that interoperability.
So we'll integrate with our secure firewalls,
our secure workload,
our email access is gonna be out there,
our web access is out there.
The amount that we can operate,
and it's not just with Cisco products,
it's kind of across the whole board.
Our whole goal is that we want to interoperate
with everything that's in your network.
(13:18):
We want to be the central part of your security,
but we don't want to overload your system.
We don't wanna change out what's there.
If something's working, let's work with it.
Instead of pulling out your whole IAM solution now
and adding in something else
and trying to change everything all at once, let's build.
Let's utilize what you have,
(13:39):
let's build and make it stronger.
Let's fill those holes within your security.
Yeah, I'll just add,
just based on where Cisco is going,
from our identity portfolio.
So we've been doing a lot of development acquisitions,
and now we do have the capability
(14:01):
for identity threat detection and response.
So that's another market that Gartner is putting out there
that a lot of organizations are starting to look into.
So we do have that capability where,
like I said earlier,
you might have multiple authentication sources.
So we can track a user that may be coming in
(14:23):
from a workday or an HR system.
We can look at, if you have like an Okta
or another IAM vendor, we can look at session theft
and be able to remove that user session from the network
or from an asset.
So there's a lot of innovation going in at Cisco.
(14:46):
So we can definitely provide links
and give you some direction on where we're going.
But I think that's one of the biggest selling points
or the biggest advantages of looking at Cisco for identity.
Just the direction that we're going is huge.
That's really good information on both fronts.
(15:07):
And just, as you guys mentioned,
multi-factor authentication is probably the easiest thing
to knock out on a security strategy.
That's great.
All right.
So I do have the-
Sam, what tools or methods do we have specific to IAM
(15:28):
that you see customers utilizing to harden their security
for the identity of the users and the devices
that are connecting onto the network?
Yeah, so number one, we really recommend customers
to move beyond just a single factor.
So not just relying on username and password
(15:50):
to grant access to resources.
So one of the biggest components of IAM
solution is multi-factor authentication.
It's going to be table stakes to protect some of these user
accounts against unauthorized access.
So within Duo, within a lot of solutions,
(16:11):
there are multiple authentication methods you can use.
Some of the more legacy ones are SMS,
text messages or phone callbacks.
But we're seeing a lot of customers moving
towards stronger authentication methods.
So things like security keys, so like UB keys
or using biometrics or platform authenticators
(16:31):
on the end points.
So those are some of the components, right?
And then we talked about role-based access control.
We'll talk about zero trust in the future,
but we're really seeing a lot of focus
on layering security on top of just MFA,
(16:52):
in general.
Of course you have the user directory,
which is a key component, but for the security,
you have the MFA, you have the single sign-on, right?
So that's going to help with just the friction
of users access and resources.
And then that's going to help with security as well.
(17:14):
So a lot of users are reusing passwords.
You know, bad actors can go on the dark web,
download a lot of passwords and do like credential stuffing
or a lot of common attacks.
So just having MFA in place on an account
is going to stop that threat actor.
(17:34):
And that's something that they're looking for today.
They're just looking for accounts
that don't have MFA protection, right?
So they can bypass any security you have.
But yeah, those are some of the things
that we're seeing with our customers, right?
Focusing on like public key cryptography
with password lists and the biometrics,
(17:56):
like I discussed earlier.
No, I think at that MFA is just,
when I talk to customers daily,
that's one of the things I definitely make sure of,
that MFA is there because it's just the low hanging fruit.
It's like one of the easiest things to get in place
(18:17):
and talk about bang for your buck.
Like I think back about, was it two years ago,
we had that colonial pipeline cyber attack.
I mean, that costs like $5 million.
And I remember just here in North Carolina,
you couldn't get like gasoline for like two weeks
because of that.
And that was an absence of MFA on a VPN connection,
(18:40):
something that was very easily preventable
and pretty light investment to be proactive
about your security there.
Yeah, and I mean, that's a real world impact, right?
We all consume those services.
So security should be in the forefront.
And like you said, I mean, that's just a simple check
(19:02):
that could have been added, but it is easy to miss.
Within like the average enterprise these days,
it's not just one identity source, right?
You could have a contractors coming in.
It's not just gonna be just one active directory.
So the combination of something like duo with ICE, right?
(19:23):
Locking down the network as well.
So you can prevent some lateral movement.
Definitely a defense in depth type of conversation
is needed, but having MFA
is definitely gonna shut the door
that first access attempt.
Sam, I think you're hitting it right on the head.
If we look back at a lot of the attacks
(19:44):
that have been happening over the last five years, really,
well, you had the target, you've had, I mean, not Pegasus,
but you've had really below is the Home Depot,
all of these different attacks that have come in
and it's always been user phishing.
So getting access into contractor devices coming in,
getting their VPN access,
(20:05):
getting just their username, passwords,
whether they're doing a SIM swap
or anything along those lines,
being able to really go into that.
And that's where multifactor authentication
is really gonna come in to protect.
Again, it doesn't have to be SMS.
A lot of us don't suggest even do SMS anymore.
Let's switch over to biometrics.
Let's switch over to pen and cat cards.
(20:26):
Let's switch over to something that is more secure,
more central to your location.
And I'm sure we'll talk about it more,
but if we look at the notification alert drag,
that's kind of out there,
everyone's getting so used to seeing those notifications,
they just click approve and move on.
It's all these different things that are,
(20:47):
it's just hitting us all at once.
So multifactor authentication is gonna be a big one
to really hit that low hanging fruit, as you said, Mike.
Yeah.
We got a live question that just came in.
Sorry, Andres.
Next question, and this one's gonna be for you, John,
hearing a lot from the customers that I talk to
in a daily basis about a NAC solution,
(21:09):
network access control.
And it's getting more and more and more attention.
And I see a lot of customers coming in and saying,
hey, we need NAC, but what can you tell us
a little bit about that if you can share some info?
John, I can just see you smiling,
getting excited as that question was being asked.
(21:29):
Yeah, I mean, I've been dealing with NAC
for my entire tenure here at Cisco.
Network access control, that's really where ICE and ACS
has lived, but it's been around much further than that.
So if we look back into the olden days,
and we look at port security and sticky Macs,
that's where NAC control really started.
(21:52):
How do we limit who comes into it?
With the introduction and the adoption of laptops
and phones and movement and VPN and blah, blah, blah,
wireless is gonna be a big one that comes to it as well.
Basically, users aren't sitting with a desktop
at the same desk every single day.
(22:13):
I mean, they may still come into the same desk,
but they're still getting up, they're moving around,
they're using wireless, they're switching ports.
NAC now is a dynamic functionality.
So you might say you come in, you plugged in
to your standard desk, you work for the morning,
and then you get up and you wanna go home
and work remotely for the rest of it.
(22:35):
How do we make sure that your same access is done?
And that's where NAC is really gonna come in.
It is the authentication of the users,
it's the authentication of the machines,
and then we're also gonna give the authorization.
So I do like to put out there that we're not looking
at just users out there.
We want to know what machines,
that's where our compliance piece is gonna come in,
(22:57):
that's where posture is gonna really, really weigh in
of what antivirus is running on your system,
is your system up to date, is it patched?
Do you have a specific file or registry setting?
One of my favorite things is there a USB plugged
into your machine that's not supposed to be there.
Whether or not that endpoint is gonna be vulnerable
(23:17):
is a big piece of when it comes to NAC control.
So it is something that's been around for a long time,
but the way that we've made it dynamic,
the way that just users keep moving
changes that front for us.
Of course, we always wanna look at it
of what logs are going out there, what are people doing,
where are they moving, where can we see things going through?
(23:40):
But the most important that we're gonna go into
is what devices are there and how can we prevent it?
And I've used this example before,
so anybody that's talked with me
is that what device comes in,
it doesn't matter who it's from.
So say you have an executive that comes in,
that they have access to your entire network
at any given time, because that's what they require.
(24:02):
Great, fantastic.
Most people are gonna base that off the user,
but what if they have an iPhone
that comes into your environment?
Sure, it could be on an MDM,
it could have gone through the compliance checks
off of an MDM that we can integrate with,
they pass all their user information,
but what if Pegasus got to them?
(24:23):
That is where our profiles wanna come in.
We can make sure that it is an iPhone,
it's being checked the right way,
we glean that information that's out there.
We can validate that they are not vulnerable
before they come onto the network with their own device.
There's a lot of extra information
that we can actually pull and push coming across it,
but again, kind of circling back to the beginning,
that control is what access are we giving at that port level,
(24:48):
so at that access layer, and that can be limiting them,
whether it's based off of VLANs, whether it's ACLs,
or TrustSec, so security group tags or scalable group tags,
whatever we're calling them nowadays,
that are going to go through the entire network
to be able to protect everything down.
Yeah, and that part of AAA, the authorization,
(25:10):
I know we were talking about the other day,
it's probably the most fun of it,
like when you're implementing some security there,
that you can take advantage of those ACLs,
those dynamic VLANs, the security,
so it just makes a lot of sense
when you start working with that.
(25:30):
It is always fun being able to block somebody
and then showing them why they're blocked.
That is always gonna be the most fun,
but to add onto that authorization side,
I kind of mentioned at the end, the security group tags,
so they get put onto the port,
but it can be enforced anywhere within your network,
(25:51):
so it can be dropped off to the firewall,
it can be dropped off to secure workload,
if you want to add the visibility functionality to it,
secure network analytics, it's gonna follow that packet,
so the fun work for me is going to start
really coming down to, I put you onto the network,
I gave you layer two access to be able to see some things,
but you hit my firewall, and I want to make sure
(26:13):
my firewall is blocking everything
that isn't supposed to be out there,
and that simple integration between ICE
and our secure firewall is able to see
those security group tags,
and then really just lock everything down.
They're network agnostic,
so now I don't have to worry about VLANs,
I don't have to worry about changing my routing system,
my routing tables, just to be able to add on
(26:34):
a new VLAN in there or anything along those lines,
just add somebody into the same network,
give them a new tag, whether they even change positions
in the same company, they get a quick tag change,
and their whole access is now modified.
Yeah.
Before we go on to the next question I have for you, Sam,
(26:54):
we did get a question in the chat,
and I can actually take this one,
regarding integrations that we have,
and we were talking about the benefits of Cisco
integrating with what we have.
Roger had a good call out in the Q&A here about
the cloud FMC, which is a newer offering,
and how it does integrate, but has little bit differences
(27:20):
in terms of a lack of logging compared to an on-prem FMC.
So for that, and that is true,
and you'll see that addressed in the near future,
but in the meantime, you will always have the on-prem option
in which, to be specific, you can run the on-prem FMC
with your cloud FMC, and your cloud FMC
(27:43):
do the deployment and management.
Your on-prem FMC can still remain there,
and will do all the logging,
so you won't actually have any loss of logs.
But a great call out I wanna do, bring that one up.
Thank you again for this.
It's not limited to just like the on-prem FMC,
we also have FDM that's gonna be on-prem and on-box.
Yeah.
(28:03):
So we have a lot of different options
that are coming out there.
So while Cisco is moving a lot to the cloud,
and I speak to this specifically because I do support DoD.
DoD's not allowed to touch cloud 90% of the time.
So the on-prem functionalities aren't going away.
Our air gap pieces are still remaining there.
So we have FDM, we have FMC, those integrations are there.
(28:26):
I'll be the first to admit, there are some issues
when it comes to certain integrations
when we have to run, say, FIPS mode,
or compliance modes or anything along those lines.
But there are pieces that we're working through,
we're fixing, we're getting more and more pieces
and parts coming.
So if we watch our FMC, we watch our FDM,
it's just getting bigger and bigger.
So keep an eye into it.
(28:47):
Our on-prem stuff will not go away.
We're just adding more functionality to it
as we're really looking through.
Perfect, thank you for that, John.
Appreciate the question, Roger.
John, what is, we get a lot of confusion
with like profiling versus posturing,
especially when it comes to something like Cisco ICE.
Can you just briefly differentiate that?
(29:09):
Briefly is gonna be the challenge.
So profiling is one of my favorite parts
when it comes to ICE.
And it's really not limited to just ICE,
Duo can do some of it as well.
But it is gleaning information from the network
that's already there to see what that specific device is.
(29:30):
And also this is the most terrifying part
when it comes to all of it.
We're not asking for anything extra from a device.
We're not asking you to put an agent onto your machine
for us to be able to see, again, if it's an iPhone,
is it a Samsung or anything along those lines.
We're able to gank the information from packets
that are already there.
So whether we're looking at CDP, LLDP information,
(29:53):
we're looking at DHCP, Dora requests.
So we're gonna discover the requests,
HTTP packets with the user agent string inside of it.
We can see say a Windows XP device
is running in your environment.
A lot of customers in their IT are gonna say,
no, that's not possible, we don't have it.
I've proven many, many wrong before.
(30:16):
Simply based off of the profiling,
it's a checkbox to be able to turn it on.
On the other hand, posturing, that's our compliance side.
That is to make sure that inside the system,
the actual software that's running on the system
is up to date.
So if we're looking at specifically Windows,
are your patches up to date?
Does that box need to reach out to SCCM?
(30:38):
We've said it many times before,
users are the number one way into a network.
Easiest way that users are gonna be out there is,
hey, I've got a Windows update, defer.
I've deferred it now for a week.
I'll admit, I'm to blame as well.
I've got an update sitting on my machine
that's ready to go right after this call.
(31:00):
But that is now a vulnerability
that could come into the system.
Posture is gonna be that piece that makes sure of,
hey, you have a vulnerability there.
We're going to patch this before you're even allowed
onto the system.
Or your antivirus is out of date by five days.
Or you don't have a specific registry on there.
So I don't know if you're actually a machine
that we can control or somebody else has gotten it
(31:21):
into it.
A lot of different pieces and parts
that we can look into it.
And then the remediation side of it.
Not only are we looking, but if we are running our agent,
we can now fix it as well for a lot of things.
Not everything, but a lot of things
that are gonna be out there.
So short profiling is what the device is.
Posture is what is running on that device.
(31:41):
Excellent.
Great answer.
Next question, Sam.
We talked about MFA.
Beyond MFA though, can you tell me what we see
a lot of literature about?
We call it what adaptive risk-based security
or dynamic risk adjustment.
(32:03):
We see this in Cisco Duo a lot.
Maybe Cisco ICE with PX grid.
Can you touch on this risk-based authentication
a little bit?
Yeah, so the risk-based authentication
is gonna really take in authentication behavior
(32:24):
from a user over a certain period of time.
And then we'll combine that with a lot of known
threat vectors, understanding if a user has
like impossible travel or maybe there's like a ASN mismatch
for BGP.
So on the backend, Duo is monitoring authentications,
(32:47):
looking at the history for that user,
the devices they're coming in.
And then if anything changes, we're able to adjust
which authentication method that user can use.
So instead of being able to use SMS,
we've determined this is a riskier authentication request.
So you have to use a biometric
(33:09):
or you have to use a security key.
So that's just one part of it.
Within Duo, we also offer remembered devices.
And that's gonna help with the usability
for users access to resources
and not having to authenticate a lot.
But maybe that user has already authenticated,
they have a remembered session,
(33:30):
but then they go to access another resource
and something's changed on their machine, right?
The posture's changed or the wifi fingerprint
has changed, right?
The list of wifi SSIDs around them has changed.
Then we can adjust that remembered device session
(33:55):
and make that user authenticate again, right?
So we can determine if they're changing locations.
There are a lot of different risk signals
that go into the risk-based authentication.
But another thing we've added is like a verified push, right?
So- I wanted to ask you about that
because yeah, I think that's a big one.
Yeah, so I think John was talking about that earlier.
(34:18):
A user, for example, users at dinner,
they're getting a bunch of push requests
to their smartphone, right?
Maybe they might just approve that request
and that attacker is in.
So for push harassment, push fatigue,
we've added our verified push.
So now if an attacker does compromise that first factor,
(34:38):
that username and password, and they're at that application,
now they're gonna see a screen where it has a four digit
or up to six digits where they're gonna have to put
that code in on the smartphone.
Obviously they're not gonna have access to that smartphone.
That end user at dinner is not gonna be
(34:59):
at that browser session.
So they're not gonna know what those codes are.
So it's just a quick way to lock out that attacker, right?
And then the user can alert the help desk
that their primary, their username and password is compromised.
So that's just one layer of security that Duo has added.
(35:20):
But we also have device trust.
So as John talked about, we can do profiling,
we can do some posturing.
We can look at the user agent string
as a user goes to a web browser, right?
So we can see like the operating system,
some of those attributes, but we also have a Duo desktop,
which is a piece of software that sits
(35:42):
on the operating system.
And we can look at, is the disk encryption on
on this machine?
If you have a EDR running, right?
It's not just a Cisco secure endpoint,
it can be a competitor's endpoint.
We can make sure that that's running at the time of off,
we can make sure the local firewall is on, right?
(36:06):
There's a lot of different controls.
So if you wanna start blocking based on operating systems
and browsers and things like that, we have those controls,
but also that Duo desktop will allow you to do
access based on corporate versus non-corporate devices.
(36:26):
So we can report back to Duo that machine identifier
for that computer.
So as a user goes to access a resource, right?
We can look to make sure their domain joint, right?
Looking at the security identifier field
from Active Directory, we can tie in with a Google workspace,
we can tie in with another MDM, right?
(36:47):
And check with that MDM to make sure that this is
a device we recognize before we give access.
So there are a lot of security controls
on top of that initial MFA.
So long one answer, so hopefully that answers.
No, that's great.
I just think that that verified push
is just such a simple way to prevent that MFA push fatigue.
(37:11):
Thank you for that, Sam.
Quick time check.
So we've got about six minutes left.
Still got some good questions here we wanna ask.
We'll have to maybe keep it to just 60 seconds or less
for the next questions coming up here,
because gotta leave some time for the dad jokes.
That is the important part of this show.
(37:35):
All right, I do have the next question.
This one is really nice.
I get asked this one a lot of the times
in probably you guys too,
but when it comes to Cisco Ice versus Duo,
which one we pick?
Is that a thing?
Is...
Oh man, let the battle begin.
So I'll admit when I first saw Duo when Cisco acquired it,
(38:03):
I was against it in full.
Again, full Ice background
and stayed solid with it for many years.
But really they have two different spots.
Duo is looking more at the application access side of things,
as well as doing multifactor authentication
and so on and so forth.
Ice is going to be that linchpin
that's in the middle of your network.
(38:24):
So as network access pieces are coming in,
as people are hitting VPN,
switching or wired and wireless,
that is where Ice is going to shine.
The two complement each other.
So you can utilize Duo
as the multifactor authentication behind Ice.
There is a new integration with it.
Now we're kind of getting rid of some of the old pieces
(38:46):
at utilizing the APIs that we talked about earlier
to really get that Ice and Duo story together
so they can work together to be as solid as possible.
But in reality, both of them are necessary
for two different spots within the network.
As we kind of mentioned earlier, it's a solution.
It's not a single product.
And both sides are going to give you
different parts of visibility
(39:07):
that we're really going to be looking for.
Excellent.
And they do integrate together as well
as we kind of touched on earlier.
Sam, I'm going to give you this question
that just came in on the live chat here
because I think it'll line up
with what I was essentially going to ask anyway.
But I'll just read this off from Ferdinand here.
So for a company just starting a zero trust journey,
(39:30):
what are the initial steps they should take
to effectively implement zero trust?
Any common challenges you'd want to call out?
Anything they want to do to prepare for that?
And again, maybe about 60 seconds or so.
Oh yeah, yeah.
Yeah, so visibility is going to be key.
So you want to make sure that you have a good grasp
(39:52):
of what's running in your environment,
what type of applications users are trying to access.
And then you really want to look at the business
and the compliance requirements for your organization.
So breaking down the assets that you have
and then understanding,
are there some compliance standards that we have to abide by?
(40:14):
That's going to help you roll out your policy first.
You get visibility and then you want to start
building your policies.
Then understanding which type of endpoints
are on the network as well is going to allow you to say,
for this application, you have to be using
this sanctioned device, right?
So you can't get to that point until you have visibility.
(40:38):
So definitely the first step is going to be do a review
of your compliance requirements,
get visibility into your network.
And you can do a lot of that with Duo and ICE.
So ICE you can utilize like monitor only mode,
and start seeing what devices are attempting
to authenticate on the network.
(40:59):
And then you can start building policies from there.
That's great, Sam.
I think the visibility call out upfront is really important.
And it's interesting that Duo and ICE
both give you that visibility
to kind of help you build that inventory.
John, you talked about device profiling,
so we're able to see what is on the network.
And Sam, you talked about Duo having that same capability
(41:20):
to see kind of what operating systems.
So we can find those old XP devices that you mentioned,
which we know are out there.
Yeah. Yeah.
We've seen them.
All right, I do have the last question.
This one's going to be around zero trust.
And again, we're bringing another buzz word into the mix,
(41:41):
but we hear about it, we think we understand,
we know about it.
And if you don't mind, John,
going over a little bit of what is the strategy,
for example, the take from Cisco standpoint,
what do we use to tackle zero trust?
Yeah, I know we're up against a time wall,
so I'll do this as quick as I can.
(42:02):
Zero trust is exactly that.
It is no trust to anything or everything
that comes through your network.
But it's not, but if you think of your network,
you have multiple areas of it.
So we kind of split that out within Cisco of our workforce.
So those are the users,
the devices that are going to be out there.
The workplace, that's going to be your network,
and then the workload, your data center, your cloud.
(42:24):
We have different pieces and parts across all of that.
Of course, your workforce,
we're going to be protecting that with Duo specifically.
So what users are logging in?
Can we do that MFA?
Can we double check all of that?
Of course, device insights for posture and all of that.
The workplace, we're going to wrap ICE into that one.
That is making sure that the pieces and parts
(42:44):
that are coming in,
we're confirming them off the workforce.
We're kind of overlapping a little bit with ICE
when it comes to posture, profile,
and make sure those right pieces are coming in,
working with Duo,
or we're protecting their network at the network access.
Now, finally, the workload side of things,
again, your data centers, your cloud, all your applications,
that is going to be protected by secure workload.
(43:05):
So that is going to be the piece that sits out there
that's monitoring everything.
Again, ICE sits in the middle.
It integrates with both sides of it.
Across all of that,
across all of the zero trust that we're looking at,
as Sam mentioned, visibility is key.
So we're also going to want to look
at secure network analytics.
Let's see the east, west, north, south,
every direction you can imagine traffic
(43:25):
that's coming through.
All the pieces and parts that you put in,
the policies you develop,
how do you know that they have actually been implemented?
That's where secure network analytics comes from.
So really those four products that we're looking at,
Cisco's going to really tell you three,
ICE, Duo, secure workload.
I like to throw secure network analytics
to really round out the whole picture.
(43:46):
Great.
That was great.
And as a tongue twister,
how fast can you say workplace, workforce, workload,
as many times as you can?
No, I'm just kidding.
All right.
Did you guys all bring a dad joke for today?
Well, I mean, I don't know.
Well, I'll wing it as we go into it.
Okay.
Sam, would you like to kick us off?
(44:07):
Yeah, this one is very corny,
but yeah, so my question is,
why was the computer so good at golf?
I was going to say something about like a whole,
a whole one.
Keystrokes.
(44:30):
Good answer though, I like it.
Thanks.
All right.
Want me to answer?
Sure.
All right, so yeah, the answer is because it has,
it had a hard drive.
Very cool.
All right, let's keep this rolling.
Andres, what do you got?
(44:51):
I actually brought three,
but I'm going to say only one because I think it was fun.
So how does a hacker propose?
Short.
Yeah.
The answer is going to be on the next episode.
No, I'm good.
(45:12):
Something was like ransomware or something, I don't know.
No, with a fishing ring.
John?
All right, so it reminds me more of a pun.
My wife was complaining that her computer
was cold the other day.
So she asked me to take a look at it.
(45:34):
So I walked over, took a look.
Her windows was open.
She didn't have her firewall turned on.
That's good.
That's awesome, that's awesome.
All right, I'll go last here.
Which social dating platform has had the most user traffic
(45:55):
since the invention of SAML?
Single sign on.com.
Closing remarks, Sam,
anything you'd like to close out with here?
Yeah, we talked about this.
I think it's very important to know that
(46:16):
you're only as strong as your weakest link.
Typically in users or legacy systems
are going to be those weakest links.
So I think that's a good point.
In users or legacy systems are going to be those
weakest links.
And it only takes one place for a successful initial access
for a bad actor.
So you definitely want to have
(46:38):
multi-factor authentication turned on.
Defense in depth is very big as well and useful.
But if you have any interest in seeing what Duo is,
working on any of the innovations,
you can go to duo.com,
or 30 day trial, reach out to Mike,
any of us on the calls and we can work with you.
(47:01):
Sam, that was great.
And I can see you still
chuckling about the dad jokes a little bit.
Yeah, that was good.
That was good.
We made him cry.
John, closing remarks?
I mean, really, let's go back to the very beginning
of the whole conversation that
remember it's not going to be a single shot.
It's not going to be a single product.
(47:21):
It's a solution that we're going to be looking at.
I am as a big piece,
but really look at the zero trust conversation
coming into it.
Look at exactly what we're trying to lock down,
pieces and parts.
One product's not going to do it.
One vendor is not going to do it.
Really look at it as that holistic solution
and you'll set yourself up more for success than anything.
(47:44):
That's excellent.
I mean, big takeaways for me,
really just that identity management is a solution,
not a product,
and it's going to be customized for each implementation.
Not forgetting about the authorization
and the accounting piece.
A lot of people just do that authentication,
but don't forget about limiting the scope of access.
And then working on that profile and posture,
(48:07):
knowing what is on the network
as well as the hygiene of what's on the network.
Yeah, that was good, Mike.
And for my takeaway,
dual more than an MFA.
Probably you've heard it more than you know,
and there's so many features,
(48:28):
capabilities that we have there.
Always that question about eyes versus dual.
Just remember eyes for the network,
dual for applications,
and they integrate together.
The other thing that I have,
and those are the last two things,
implementation of an IM solution.
(48:48):
Remember, planning is key.
One of the things that I always hear
and incorporate it into my talk tracks lately
is measure twice, cut once.
So make sure you have your planning in order.
And the same thing for zero trust.
Understand the framework.
The framework doesn't have to be the same for everybody,
but remember you're securing the workplace,
(49:11):
the workloads or your applications,
and then you're also securing your workforce.
So that's my takeaway.
That's excellent.
John and Sam, thank you guys so much.
I've had the pleasure of knowing you both a long time,
but in all sincerity,
thanks for the security aspect you do in the world,
keeping people safe,
(49:33):
especially when we're talking about healthcare,
DOD type stuff.
Protecting our customers and the world
is something we all are very involved with
and you guys do a great contribution there.
Next episode, Andres, Zero Trust.
So that's kind of cool that we talked about that
(49:54):
a little bit today.
We'll get into talking about modern security principles
that as Andres said, frustrate attackers,
not the users.
Maybe Sam that said that.
I really enjoyed today's conversation.
Stay secure and we'll see everybody on the next show.
Thank you all.
Have a good one.
Appreciate everybody joining in.
(00:02):
See, Andres, today, May 24th,
and welcome to the Security in 45 show, everybody.
Today, we've got a pretty cool topic, identity management,
something that everybody is using
and could probably simplify.
I like this topic, Andres.
Users are the biggest threats in the network
(00:23):
that we see every day.
Proper identity management rules can make our lives
as network and security engineers a lot simpler
once we get kind of centralized management control.
So I'm excited to learn a little bit more about that today.
Yeah, and it's gonna be interesting.
(00:43):
Identity management, what we see today is that very vital
for any company doing hybrid work,
users working from home,
users working from anywhere or even in the office.
So it's gonna make a lot of sense in basically,
identity management is how we define roles
and force role-based access,
(01:04):
which is one of the things that we hear a lot
from our customers nowadays.
It is also one of the things that we want to make sure
we know when we start planning our zero trust frameworks
or implementations and things like that.
And today we have John and we have Sam
(01:26):
and these guys are amazing.
They've been doing security for a while.
So super excited to have them on the show today
just to talk about identity management.
And with that, John and Sam, I'm gonna give it to you.
John, if you wanna introduce yourself
and then pass it to Sam.
Awesome, thank you very much.
(01:46):
So a little bit about myself.
I've been with Cisco for a little over a decade
at this point, so I think pushing 11, 12 years,
about 10 of those years I was in tech,
specifically around security, around ICE,
and then literally every single piece of security
we have out there.
And then from there I got pulled over to pre-sales
where I got to meet back up with Mike and Andreas and Sam,
(02:09):
pushing commercial East.
And now I am one of the two TSAs in the Navy for the DoD.
Again, all things secured.
Sam.
Hi everyone, so my name's Sam Baxter
and I'm a Solutions Engineer as well at Cisco.
I've been here going on nine years.
The first half of that I worked as a consulting engineer,
(02:31):
doing a lot of post-sales delivery
for multiple technologies.
I moved into pre-sales,
so got to work with these fine gentlemen
with commercial East.
And now I'm working to support our enterprise customers.
So just focusing on all things security.
And my background has been focused on identity.
(02:52):
So looking forward to the conversation today.
Nice to meet you all.
I'm pretty fortunate to have been able to work
with all of you on the same team
at different times throughout our career.
John, you were always the guy I could ask
all my ICE questions to back in the TAT days
and then coming to pre-sales,
being on the same team with you and Sam
and now with Andreas.
Guys are already getting some good compliments
in the chat here.
(03:14):
Ferdinand and Lucas and Anthony,
appreciate the comments.
Any comments or questions you guys have,
just throw them in there.
And if we can't answer them live on the show,
happy to sync up with you guys one-on-one
or we'll of course answer those all through email as well.
All right.
IAM, like what is IAM Sam?
What does it do?
(03:35):
Is IAM Active Directory?
Could you elaborate kind of high level
what IAM stands for and what we're talking about here?
Yeah, yeah, so IAM stands for Identity and Access Management.
It's important to understand that IAM
is not a specific product.
It's really like a strategy and a framework.
(03:57):
Multiple different products can provide IAM capabilities.
But essentially the core objective of IAM
is to make sure that you protect your assets.
As users are accessing your resources,
you wanna make sure you're giving the right level of access
to the right people.
And Active Directory can play a big part there
(04:20):
as a user directory,
but it doesn't have to be just Active Directory, right?
Could be a SAML IDP, could be another authentication source.
But there are a lot of capabilities within IAM.
So things like single sign-on, focusing on helping users,
to eliminate friction with users.
(04:41):
And then you also have like your security components, right?
Device trust, lightweight posturing.
So a lot of that stuff we'll get into in the future
on this call, but IAM also should allow you
to do governance of your policies.
So you really wanna make sure you have adequate logging.
(05:03):
Wanna make sure that you can look back at the access request
and make sure that this user logging into this resource
is tracked, right?
So you can have a trail of these requests.
But yeah, it's not a specific product.
At Cisco we have Duo,
(05:24):
and that's gonna provide a lot of IAM capabilities,
but we can integrate with other solutions as well
to strengthen that identity security.
Just to kind of really continue on
with what Sam is mentioning.
It is a full solution.
We have to make sure that you are looking
at the right product for the features
that you are trying to secure.
(05:45):
So IAM is not gonna be a single vendor.
Cisco has multiple different pieces that can do IAM,
or can do parts of IAM,
but it's not gonna be a single vendor.
It's not gonna be a single product
that we're gonna be looking forward to really
lock down an entire environment.
And that's where pretty much this whole conversation
is gonna go into is what pieces and parts
(06:07):
that we can look at to make sure
that your full solution is ready.
Very nice.
So thinking of it more holistically in terms of a solution,
maybe it takes a while,
a journey to get to where you really wanna be
since it's not a particular product, but great stuff.
And Sam, I like to call about the accounting portion
of it as well, kind of having those logs
(06:28):
so we can see if we need to look back in time
for any type of threats or access control.
Yeah, just to add onto that, right?
Like we just wanna make sure
if there is unauthorized access
or any type of breach or anything, right?
Session theft, we wanna make sure
that we're able to track that.
And a big component of IAM is being able to respond
(06:51):
to those threats in real time, right?
So that's a capability that Cisco has improved upon.
So we can definitely talk about that later on the call.
And would that be just people running around
like manually unplugging ports out of walls
and stuff like that?
Is that what we're talking about?
No, no, you wanna make sure you can tie it back
into that directory, right?
(07:12):
Maybe to adjust those rights in real time
or just remove the user from the network, right?
Adjusting the session or making that session invalid.
Yeah, glad to hear there's a better way.
And honestly, you could still run around
and unplug and plug for us.
That's where I am.
I'm just using the old scissors.
Just to cut the cable.
Just updating myself here.
(07:34):
That was awesome.
And it's a good, interesting just conversation
about capabilities features,
things that we can do with IAM.
So pretty cool with that.
John, the next question I have
and it's just to dig deeper into identity management
or IAM capabilities,
(07:55):
if we can share a little bit about that.
Yeah, so the main purpose of IAM
is to validate users and devices coming onto the network.
So that can be done many different ways.
And then from there, the authorization of it.
So we're really talking AAA across the board.
Authentication for the users, for the devices,
pieces and parts coming onto,
(08:16):
whether it's your network accessing applications,
your workloads, what have you.
And then the authorization part.
What are they doing?
What are they allowed to be doing?
Should we allow access, block access,
really kind of give it restrictive pieces?
If somebody's coming in,
they have a vulnerability on their machine.
How can we quarantine them so we can fix them later?
(08:38):
It may not just be restriction that's going on here.
We could also redirect.
So if we're looking at user or guest user access
that's coming onto the network,
we can redirect them to a portal, make people log in.
So you know anything and everything that's going on.
And really leaning back on that,
that's where we can go onto the last A of AAA,
(08:59):
the accounting portion of it.
Where are we getting those logs?
What logs do we need?
Where are we sending those logs
that we can go back and look at?
Like Sam was mentioning earlier.
What is our audit trail?
How do we prevent the sensitive data from getting out there?
And of course, as Mike mentioned at the very beginning,
it's all about, first we wanna protect the users with IAM.
Then we also wanna protect the devices
(09:21):
when it comes to whether it's ICE doing posture,
or Duo doing device insights.
How can we see things coming into your environment?
And a lot of it's going to kind of circle back
into a conversation of zero trust.
Andrea, as you mentioned earlier,
zero trust is a big term that's gonna be out there.
And I'm sure we're gonna be talking more and more about it.
So I don't wanna belabor it right now.
(09:42):
But IAM starts off with let's validate everybody.
And now let's make sure that we have the
correct authorization for them within the network,
accessing the application, your workload, what have you.
That's great info, John.
Thank you, thank you so much.
And yeah, that is also one of the pillars for zero trust.
(10:04):
And that's good segue for what we're gonna talk
in a few minutes.
John, the part you mentioned about the authorization,
do you, in your opinion, do you feel that that's a part
that maybe gets overlooked too frequently?
Because I think of the first A, the authentication,
that's something everyone's doing.
But how common is it, or are people doing a great job
(10:27):
with authorization that you generally find?
It is a very mixed bag that's out there.
So it's easy to give somebody all access,
and it's easy to give somebody no access.
So the no access is usually the most secure.
That's where we start talking zero trust.
Zero access, zero trust.
We don't trust anybody that's out there.
(10:48):
But then it's very easy to give somebody full access.
So when it comes to modern IAM capabilities,
a lot of this can be dynamic.
So as a user comes in, they authenticate,
maybe as you mentioned, they go through,
they pulled a cable,
but then they plug the cable in somewhere else.
How do we make sure that they have the same authorization
(11:09):
from port to port?
Or if they're trying to spoof a phone
or something like that,
how do we make sure that they stay
where they're supposed to be?
How do we make sure that they stay in their lane
is the easiest way I can say it.
And all of that is going to come down
to that authorization side.
Most users out there, again, zero or all.
(11:29):
It doesn't have to be that way.
Everything can be configured on the central side.
Again, whether it's gonna be off of Duo,
it's gonna be off of ICE, secure workload.
We can start locking things down
based off of segmentation rules.
So we're looking at macro segmentation,
micro segmentation.
However, we can really start limiting it down.
And for me, the implementation is gonna be key.
(11:49):
So you always start off large
and you start scoping it down.
I'm sure we'll talk about that more here in a bit too.
That's great.
Excellent.
A live question did come in
in terms of what are the key benefits
of using Cisco as an identity solution?
So any thoughts on that?
(12:10):
I know we're not trying to plug Cisco here.
We're talking more industry concepts,
but any call-outs there?
So I'll jump onto that.
Sam, back me up with whatever you wanna put in there.
Interoperability is the biggest thing that comes from Cisco.
So when it comes to whether we're looking at ICE and Duo
or really just ICE is kind of a linchpin
(12:33):
across your whole system,
the interoperability that we put out there,
we follow the RFCs for anything and everything.
So if we're looking at specifically say radius,
if we're looking at communication between them,
we have open APIs across all of our platform now.
We'll use PXGrid to be able to communicate,
share information back and forth.
And we're not looking at just our IAM solutions
(12:57):
when it comes to that interoperability.
So we'll integrate with our secure firewalls,
our secure workload,
our email access is gonna be out there,
our web access is out there.
The amount that we can operate,
and it's not just with Cisco products,
it's kind of across the whole board.
Our whole goal is that we want to interoperate
with everything that's in your network.
(13:18):
We want to be the central part of your security,
but we don't want to overload your system.
We don't wanna change out what's there.
If something's working, let's work with it.
Instead of pulling out your whole IAM solution now
and adding in something else
and trying to change everything all at once, let's build.
Let's utilize what you have,
(13:39):
let's build and make it stronger.
Let's fill those holes within your security.
Yeah, I'll just add,
just based on where Cisco is going,
from our identity portfolio.
So we've been doing a lot of development acquisitions,
and now we do have the capability
(14:01):
for identity threat detection and response.
So that's another market that Gartner is putting out there
that a lot of organizations are starting to look into.
So we do have that capability where,
like I said earlier,
you might have multiple authentication sources.
So we can track a user that may be coming in
(14:23):
from a workday or an HR system.
We can look at, if you have like an Okta
or another IAM vendor, we can look at session theft
and be able to remove that user session from the network
or from an asset.
So there's a lot of innovation going in at Cisco.
(14:46):
So we can definitely provide links
and give you some direction on where we're going.
But I think that's one of the biggest selling points
or the biggest advantages of looking at Cisco for identity.
Just the direction that we're going is huge.
That's really good information on both fronts.
(15:07):
And just, as you guys mentioned,
multi-factor authentication is probably the easiest thing
to knock out on a security strategy.
That's great.
All right.
So I do have the-
Sam, what tools or methods do we have specific to IAM
(15:28):
that you see customers utilizing to harden their security
for the identity of the users and the devices
that are connecting onto the network?
Yeah, so number one, we really recommend customers
to move beyond just a single factor.
So not just relying on username and password
(15:50):
to grant access to resources.
So one of the biggest components of IAM
solution is multi-factor authentication.
It's going to be table stakes to protect some of these user
accounts against unauthorized access.
So within Duo, within a lot of solutions,
(16:11):
there are multiple authentication methods you can use.
Some of the more legacy ones are SMS,
text messages or phone callbacks.
But we're seeing a lot of customers moving
towards stronger authentication methods.
So things like security keys, so like UB keys
or using biometrics or platform authenticators
(16:31):
on the end points.
So those are some of the components, right?
And then we talked about role-based access control.
We'll talk about zero trust in the future,
but we're really seeing a lot of focus
on layering security on top of just MFA,
(16:52):
in general.
Of course you have the user directory,
which is a key component, but for the security,
you have the MFA, you have the single sign-on, right?
So that's going to help with just the friction
of users access and resources.
And then that's going to help with security as well.
(17:14):
So a lot of users are reusing passwords.
You know, bad actors can go on the dark web,
download a lot of passwords and do like credential stuffing
or a lot of common attacks.
So just having MFA in place on an account
is going to stop that threat actor.
(17:34):
And that's something that they're looking for today.
They're just looking for accounts
that don't have MFA protection, right?
So they can bypass any security you have.
But yeah, those are some of the things
that we're seeing with our customers, right?
Focusing on like public key cryptography
with password lists and the biometrics,
(17:56):
like I discussed earlier.
No, I think at that MFA is just,
when I talk to customers daily,
that's one of the things I definitely make sure of,
that MFA is there because it's just the low hanging fruit.
It's like one of the easiest things to get in place
(18:17):
and talk about bang for your buck.
Like I think back about, was it two years ago,
we had that colonial pipeline cyber attack.
I mean, that costs like $5 million.
And I remember just here in North Carolina,
you couldn't get like gasoline for like two weeks
because of that.
And that was an absence of MFA on a VPN connection,
(18:40):
something that was very easily preventable
and pretty light investment to be proactive
about your security there.
Yeah, and I mean, that's a real world impact, right?
We all consume those services.
So security should be in the forefront.
And like you said, I mean, that's just a simple check
(19:02):
that could have been added, but it is easy to miss.
Within like the average enterprise these days,
it's not just one identity source, right?
You could have a contractors coming in.
It's not just gonna be just one active directory.
So the combination of something like duo with ICE, right?
(19:23):
Locking down the network as well.
So you can prevent some lateral movement.
Definitely a defense in depth type of conversation
is needed, but having MFA
is definitely gonna shut the door
that first access attempt.
Sam, I think you're hitting it right on the head.
If we look back at a lot of the attacks
(19:44):
that have been happening over the last five years, really,
well, you had the target, you've had, I mean, not Pegasus,
but you've had really below is the Home Depot,
all of these different attacks that have come in
and it's always been user phishing.
So getting access into contractor devices coming in,
getting their VPN access,
(20:05):
getting just their username, passwords,
whether they're doing a SIM swap
or anything along those lines,
being able to really go into that.
And that's where multifactor authentication
is really gonna come in to protect.
Again, it doesn't have to be SMS.
A lot of us don't suggest even do SMS anymore.
Let's switch over to biometrics.
Let's switch over to pen and cat cards.
(20:26):
Let's switch over to something that is more secure,
more central to your location.
And I'm sure we'll talk about it more,
but if we look at the notification alert drag,
that's kind of out there,
everyone's getting so used to seeing those notifications,
they just click approve and move on.
It's all these different things that are,
(20:47):
it's just hitting us all at once.
So multifactor authentication is gonna be a big one
to really hit that low hanging fruit, as you said, Mike.
Yeah.
We got a live question that just came in.
Sorry, Andres.
Next question, and this one's gonna be for you, John,
hearing a lot from the customers that I talk to
in a daily basis about a NAC solution,
(21:09):
network access control.
And it's getting more and more and more attention.
And I see a lot of customers coming in and saying,
hey, we need NAC, but what can you tell us
a little bit about that if you can share some info?
John, I can just see you smiling,
getting excited as that question was being asked.
(21:29):
Yeah, I mean, I've been dealing with NAC
for my entire tenure here at Cisco.
Network access control, that's really where ICE and ACS
has lived, but it's been around much further than that.
So if we look back into the olden days,
and we look at port security and sticky Macs,
that's where NAC control really started.
(21:52):
How do we limit who comes into it?
With the introduction and the adoption of laptops
and phones and movement and VPN and blah, blah, blah,
wireless is gonna be a big one that comes to it as well.
Basically, users aren't sitting with a desktop
at the same desk every single day.
(22:13):
I mean, they may still come into the same desk,
but they're still getting up, they're moving around,
they're using wireless, they're switching ports.
NAC now is a dynamic functionality.
So you might say you come in, you plugged in
to your standard desk, you work for the morning,
and then you get up and you wanna go home
and work remotely for the rest of it.
(22:35):
How do we make sure that your same access is done?
And that's where NAC is really gonna come in.
It is the authentication of the users,
it's the authentication of the machines,
and then we're also gonna give the authorization.
So I do like to put out there that we're not looking
at just users out there.
We want to know what machines,
that's where our compliance piece is gonna come in,
(22:57):
that's where posture is gonna really, really weigh in
of what antivirus is running on your system,
is your system up to date, is it patched?
Do you have a specific file or registry setting?
One of my favorite things is there a USB plugged
into your machine that's not supposed to be there.
Whether or not that endpoint is gonna be vulnerable
(23:17):
is a big piece of when it comes to NAC control.
So it is something that's been around for a long time,
but the way that we've made it dynamic,
the way that just users keep moving
changes that front for us.
Of course, we always wanna look at it
of what logs are going out there, what are people doing,
where are they moving, where can we see things going through?
(23:40):
But the most important that we're gonna go into
is what devices are there and how can we prevent it?
And I've used this example before,
so anybody that's talked with me
is that what device comes in,
it doesn't matter who it's from.
So say you have an executive that comes in,
that they have access to your entire network
at any given time, because that's what they require.
(24:02):
Great, fantastic.
Most people are gonna base that off the user,
but what if they have an iPhone
that comes into your environment?
Sure, it could be on an MDM,
it could have gone through the compliance checks
off of an MDM that we can integrate with,
they pass all their user information,
but what if Pegasus got to them?
(24:23):
That is where our profiles wanna come in.
We can make sure that it is an iPhone,
it's being checked the right way,
we glean that information that's out there.
We can validate that they are not vulnerable
before they come onto the network with their own device.
There's a lot of extra information
that we can actually pull and push coming across it,
but again, kind of circling back to the beginning,
that control is what access are we giving at that port level,
(24:48):
so at that access layer, and that can be limiting them,
whether it's based off of VLANs, whether it's ACLs,
or TrustSec, so security group tags or scalable group tags,
whatever we're calling them nowadays,
that are going to go through the entire network
to be able to protect everything down.
Yeah, and that part of AAA, the authorization,
(25:10):
I know we were talking about the other day,
it's probably the most fun of it,
like when you're implementing some security there,
that you can take advantage of those ACLs,
those dynamic VLANs, the security,
so it just makes a lot of sense
when you start working with that.
(25:30):
It is always fun being able to block somebody
and then showing them why they're blocked.
That is always gonna be the most fun,
but to add onto that authorization side,
I kind of mentioned at the end, the security group tags,
so they get put onto the port,
but it can be enforced anywhere within your network,
(25:51):
so it can be dropped off to the firewall,
it can be dropped off to secure workload,
if you want to add the visibility functionality to it,
secure network analytics, it's gonna follow that packet,
so the fun work for me is going to start
really coming down to, I put you onto the network,
I gave you layer two access to be able to see some things,
but you hit my firewall, and I want to make sure
(26:13):
my firewall is blocking everything
that isn't supposed to be out there,
and that simple integration between ICE
and our secure firewall is able to see
those security group tags,
and then really just lock everything down.
They're network agnostic,
so now I don't have to worry about VLANs,
I don't have to worry about changing my routing system,
my routing tables, just to be able to add on
(26:34):
a new VLAN in there or anything along those lines,
just add somebody into the same network,
give them a new tag, whether they even change positions
in the same company, they get a quick tag change,
and their whole access is now modified.
Yeah.
Before we go on to the next question I have for you, Sam,
(26:54):
we did get a question in the chat,
and I can actually take this one,
regarding integrations that we have,
and we were talking about the benefits of Cisco
integrating with what we have.
Roger had a good call out in the Q&A here about
the cloud FMC, which is a newer offering,
and how it does integrate, but has little bit differences
(27:20):
in terms of a lack of logging compared to an on-prem FMC.
So for that, and that is true,
and you'll see that addressed in the near future,
but in the meantime, you will always have the on-prem option
in which, to be specific, you can run the on-prem FMC
with your cloud FMC, and your cloud FMC
(27:43):
do the deployment and management.
Your on-prem FMC can still remain there,
and will do all the logging,
so you won't actually have any loss of logs.
But a great call out I wanna do, bring that one up.
Thank you again for this.
It's not limited to just like the on-prem FMC,
we also have FDM that's gonna be on-prem and on-box.
Yeah.
(28:03):
So we have a lot of different options
that are coming out there.
So while Cisco is moving a lot to the cloud,
and I speak to this specifically because I do support DoD.
DoD's not allowed to touch cloud 90% of the time.
So the on-prem functionalities aren't going away.
Our air gap pieces are still remaining there.
So we have FDM, we have FMC, those integrations are there.
(28:26):
I'll be the first to admit, there are some issues
when it comes to certain integrations
when we have to run, say, FIPS mode,
or compliance modes or anything along those lines.
But there are pieces that we're working through,
we're fixing, we're getting more and more pieces
and parts coming.
So if we watch our FMC, we watch our FDM,
it's just getting bigger and bigger.
So keep an eye into it.
(28:47):
Our on-prem stuff will not go away.
We're just adding more functionality to it
as we're really looking through.
Perfect, thank you for that, John.
Appreciate the question, Roger.
John, what is, we get a lot of confusion
with like profiling versus posturing,
especially when it comes to something like Cisco ICE.
Can you just briefly differentiate that?
(29:09):
Briefly is gonna be the challenge.
So profiling is one of my favorite parts
when it comes to ICE.
And it's really not limited to just ICE,
Duo can do some of it as well.
But it is gleaning information from the network
that's already there to see what that specific device is.
(29:30):
And also this is the most terrifying part
when it comes to all of it.
We're not asking for anything extra from a device.
We're not asking you to put an agent onto your machine
for us to be able to see, again, if it's an iPhone,
is it a Samsung or anything along those lines.
We're able to gank the information from packets
that are already there.
So whether we're looking at CDP, LLDP information,
(29:53):
we're looking at DHCP, Dora requests.
So we're gonna discover the requests,
HTTP packets with the user agent string inside of it.
We can see say a Windows XP device
is running in your environment.
A lot of customers in their IT are gonna say,
no, that's not possible, we don't have it.
I've proven many, many wrong before.
(30:16):
Simply based off of the profiling,
it's a checkbox to be able to turn it on.
On the other hand, posturing, that's our compliance side.
That is to make sure that inside the system,
the actual software that's running on the system
is up to date.
So if we're looking at specifically Windows,
are your patches up to date?
Does that box need to reach out to SCCM?
(30:38):
We've said it many times before,
users are the number one way into a network.
Easiest way that users are gonna be out there is,
hey, I've got a Windows update, defer.
I've deferred it now for a week.
I'll admit, I'm to blame as well.
I've got an update sitting on my machine
that's ready to go right after this call.
(31:00):
But that is now a vulnerability
that could come into the system.
Posture is gonna be that piece that makes sure of,
hey, you have a vulnerability there.
We're going to patch this before you're even allowed
onto the system.
Or your antivirus is out of date by five days.
Or you don't have a specific registry on there.
So I don't know if you're actually a machine
that we can control or somebody else has gotten it
(31:21):
into it.
A lot of different pieces and parts
that we can look into it.
And then the remediation side of it.
Not only are we looking, but if we are running our agent,
we can now fix it as well for a lot of things.
Not everything, but a lot of things
that are gonna be out there.
So short profiling is what the device is.
Posture is what is running on that device.
(31:41):
Excellent.
Great answer.
Next question, Sam.
We talked about MFA.
Beyond MFA though, can you tell me what we see
a lot of literature about?
We call it what adaptive risk-based security
or dynamic risk adjustment.
(32:03):
We see this in Cisco Duo a lot.
Maybe Cisco ICE with PX grid.
Can you touch on this risk-based authentication
a little bit?
Yeah, so the risk-based authentication
is gonna really take in authentication behavior
(32:24):
from a user over a certain period of time.
And then we'll combine that with a lot of known
threat vectors, understanding if a user has
like impossible travel or maybe there's like a ASN mismatch
for BGP.
So on the backend, Duo is monitoring authentications,
(32:47):
looking at the history for that user,
the devices they're coming in.
And then if anything changes, we're able to adjust
which authentication method that user can use.
So instead of being able to use SMS,
we've determined this is a riskier authentication request.
So you have to use a biometric
(33:09):
or you have to use a security key.
So that's just one part of it.
Within Duo, we also offer remembered devices.
And that's gonna help with the usability
for users access to resources
and not having to authenticate a lot.
But maybe that user has already authenticated,
they have a remembered session,
(33:30):
but then they go to access another resource
and something's changed on their machine, right?
The posture's changed or the wifi fingerprint
has changed, right?
The list of wifi SSIDs around them has changed.
Then we can adjust that remembered device session
(33:55):
and make that user authenticate again, right?
So we can determine if they're changing locations.
There are a lot of different risk signals
that go into the risk-based authentication.
But another thing we've added is like a verified push, right?
So- I wanted to ask you about that
because yeah, I think that's a big one.
Yeah, so I think John was talking about that earlier.
(34:18):
A user, for example, users at dinner,
they're getting a bunch of push requests
to their smartphone, right?
Maybe they might just approve that request
and that attacker is in.
So for push harassment, push fatigue,
we've added our verified push.
So now if an attacker does compromise that first factor,
(34:38):
that username and password, and they're at that application,
now they're gonna see a screen where it has a four digit
or up to six digits where they're gonna have to put
that code in on the smartphone.
Obviously they're not gonna have access to that smartphone.
That end user at dinner is not gonna be
(34:59):
at that browser session.
So they're not gonna know what those codes are.
So it's just a quick way to lock out that attacker, right?
And then the user can alert the help desk
that their primary, their username and password is compromised.
So that's just one layer of security that Duo has added.
(35:20):
But we also have device trust.
So as John talked about, we can do profiling,
we can do some posturing.
We can look at the user agent string
as a user goes to a web browser, right?
So we can see like the operating system,
some of those attributes, but we also have a Duo desktop,
which is a piece of software that sits
(35:42):
on the operating system.
And we can look at, is the disk encryption on
on this machine?
If you have a EDR running, right?
It's not just a Cisco secure endpoint,
it can be a competitor's endpoint.
We can make sure that that's running at the time of off,
we can make sure the local firewall is on, right?
(36:06):
There's a lot of different controls.
So if you wanna start blocking based on operating systems
and browsers and things like that, we have those controls,
but also that Duo desktop will allow you to do
access based on corporate versus non-corporate devices.
(36:26):
So we can report back to Duo that machine identifier
for that computer.
So as a user goes to access a resource, right?
We can look to make sure their domain joint, right?
Looking at the security identifier field
from Active Directory, we can tie in with a Google workspace,
we can tie in with another MDM, right?
(36:47):
And check with that MDM to make sure that this is
a device we recognize before we give access.
So there are a lot of security controls
on top of that initial MFA.
So long one answer, so hopefully that answers.
No, that's great.
I just think that that verified push
is just such a simple way to prevent that MFA push fatigue.
(37:11):
Thank you for that, Sam.
Quick time check.
So we've got about six minutes left.
Still got some good questions here we wanna ask.
We'll have to maybe keep it to just 60 seconds or less
for the next questions coming up here,
because gotta leave some time for the dad jokes.
That is the important part of this show.
(37:35):
All right, I do have the next question.
This one is really nice.
I get asked this one a lot of the times
in probably you guys too,
but when it comes to Cisco Ice versus Duo,
which one we pick?
Is that a thing?
Is...
Oh man, let the battle begin.
So I'll admit when I first saw Duo when Cisco acquired it,
(38:03):
I was against it in full.
Again, full Ice background
and stayed solid with it for many years.
But really they have two different spots.
Duo is looking more at the application access side of things,
as well as doing multifactor authentication
and so on and so forth.
Ice is going to be that linchpin
that's in the middle of your network.
(38:24):
So as network access pieces are coming in,
as people are hitting VPN,
switching or wired and wireless,
that is where Ice is going to shine.
The two complement each other.
So you can utilize Duo
as the multifactor authentication behind Ice.
There is a new integration with it.
Now we're kind of getting rid of some of the old pieces
(38:46):
at utilizing the APIs that we talked about earlier
to really get that Ice and Duo story together
so they can work together to be as solid as possible.
But in reality, both of them are necessary
for two different spots within the network.
As we kind of mentioned earlier, it's a solution.
It's not a single product.
And both sides are going to give you
different parts of visibility
(39:07):
that we're really going to be looking for.
Excellent.
And they do integrate together as well
as we kind of touched on earlier.
Sam, I'm going to give you this question
that just came in on the live chat here
because I think it'll line up
with what I was essentially going to ask anyway.
But I'll just read this off from Ferdinand here.
So for a company just starting a zero trust journey,
(39:30):
what are the initial steps they should take
to effectively implement zero trust?
Any common challenges you'd want to call out?
Anything they want to do to prepare for that?
And again, maybe about 60 seconds or so.
Oh yeah, yeah.
Yeah, so visibility is going to be key.
So you want to make sure that you have a good grasp
(39:52):
of what's running in your environment,
what type of applications users are trying to access.
And then you really want to look at the business
and the compliance requirements for your organization.
So breaking down the assets that you have
and then understanding,
are there some compliance standards that we have to abide by?
(40:14):
That's going to help you roll out your policy first.
You get visibility and then you want to start
building your policies.
Then understanding which type of endpoints
are on the network as well is going to allow you to say,
for this application, you have to be using
this sanctioned device, right?
So you can't get to that point until you have visibility.
(40:38):
So definitely the first step is going to be do a review
of your compliance requirements,
get visibility into your network.
And you can do a lot of that with Duo and ICE.
So ICE you can utilize like monitor only mode,
and start seeing what devices are attempting
to authenticate on the network.
(40:59):
And then you can start building policies from there.
That's great, Sam.
I think the visibility call out upfront is really important.
And it's interesting that Duo and ICE
both give you that visibility
to kind of help you build that inventory.
John, you talked about device profiling,
so we're able to see what is on the network.
And Sam, you talked about Duo having that same capability
(41:20):
to see kind of what operating systems.
So we can find those old XP devices that you mentioned,
which we know are out there.
Yeah. Yeah.
We've seen them.
All right, I do have the last question.
This one's going to be around zero trust.
And again, we're bringing another buzz word into the mix,
(41:41):
but we hear about it, we think we understand,
we know about it.
And if you don't mind, John,
going over a little bit of what is the strategy,
for example, the take from Cisco standpoint,
what do we use to tackle zero trust?
Yeah, I know we're up against a time wall,
so I'll do this as quick as I can.
(42:02):
Zero trust is exactly that.
It is no trust to anything or everything
that comes through your network.
But it's not, but if you think of your network,
you have multiple areas of it.
So we kind of split that out within Cisco of our workforce.
So those are the users,
the devices that are going to be out there.
The workplace, that's going to be your network,
and then the workload, your data center, your cloud.
(42:24):
We have different pieces and parts across all of that.
Of course, your workforce,
we're going to be protecting that with Duo specifically.
So what users are logging in?
Can we do that MFA?
Can we double check all of that?
Of course, device insights for posture and all of that.
The workplace, we're going to wrap ICE into that one.
That is making sure that the pieces and parts
(42:44):
that are coming in,
we're confirming them off the workforce.
We're kind of overlapping a little bit with ICE
when it comes to posture, profile,
and make sure those right pieces are coming in,
working with Duo,
or we're protecting their network at the network access.
Now, finally, the workload side of things,
again, your data centers, your cloud, all your applications,
that is going to be protected by secure workload.
(43:05):
So that is going to be the piece that sits out there
that's monitoring everything.
Again, ICE sits in the middle.
It integrates with both sides of it.
Across all of that,
across all of the zero trust that we're looking at,
as Sam mentioned, visibility is key.
So we're also going to want to look
at secure network analytics.
Let's see the east, west, north, south,
every direction you can imagine traffic
(43:25):
that's coming through.
All the pieces and parts that you put in,
the policies you develop,
how do you know that they have actually been implemented?
That's where secure network analytics comes from.
So really those four products that we're looking at,
Cisco's going to really tell you three,
ICE, Duo, secure workload.
I like to throw secure network analytics
to really round out the whole picture.
(43:46):
Great.
That was great.
And as a tongue twister,
how fast can you say workplace, workforce, workload,
as many times as you can?
No, I'm just kidding.
All right.
Did you guys all bring a dad joke for today?
Well, I mean, I don't know.
Well, I'll wing it as we go into it.
Okay.
Sam, would you like to kick us off?
(44:07):
Yeah, this one is very corny,
but yeah, so my question is,
why was the computer so good at golf?
I was going to say something about like a whole,
a whole one.
Keystrokes.
(44:30):
Good answer though, I like it.
Thanks.
All right.
Want me to answer?
Sure.
All right, so yeah, the answer is because it has,
it had a hard drive.
Very cool.
All right, let's keep this rolling.
Andres, what do you got?
(44:51):
I actually brought three,
but I'm going to say only one because I think it was fun.
So how does a hacker propose?
Short.
Yeah.
The answer is going to be on the next episode.
No, I'm good.
(45:12):
Something was like ransomware or something, I don't know.
No, with a fishing ring.
John?
All right, so it reminds me more of a pun.
My wife was complaining that her computer
was cold the other day.
So she asked me to take a look at it.
(45:34):
So I walked over, took a look.
Her windows was open.
She didn't have her firewall turned on.
That's good.
That's awesome, that's awesome.
All right, I'll go last here.
Which social dating platform has had the most user traffic
(45:55):
since the invention of SAML?
Single sign on.com.
Closing remarks, Sam,
anything you'd like to close out with here?
Yeah, we talked about this.
I think it's very important to know that
(46:16):
you're only as strong as your weakest link.
Typically in users or legacy systems
are going to be those weakest links.
So I think that's a good point.
In users or legacy systems are going to be those
weakest links.
And it only takes one place for a successful initial access
for a bad actor.
So you definitely want to have
(46:38):
multi-factor authentication turned on.
Defense in depth is very big as well and useful.
But if you have any interest in seeing what Duo is,
working on any of the innovations,
you can go to duo.com,
or 30 day trial, reach out to Mike,
any of us on the calls and we can work with you.
(47:01):
Sam, that was great.
And I can see you still
chuckling about the dad jokes a little bit.
Yeah, that was good.
That was good.
We made him cry.
John, closing remarks?
I mean, really, let's go back to the very beginning
of the whole conversation that
remember it's not going to be a single shot.
It's not going to be a single product.
(47:21):
It's a solution that we're going to be looking at.
I am as a big piece,
but really look at the zero trust conversation
coming into it.
Look at exactly what we're trying to lock down,
pieces and parts.
One product's not going to do it.
One vendor is not going to do it.
Really look at it as that holistic solution
and you'll set yourself up more for success than anything.
(47:44):
That's excellent.
I mean, big takeaways for me,
really just that identity management is a solution,
not a product,
and it's going to be customized for each implementation.
Not forgetting about the authorization
and the accounting piece.
A lot of people just do that authentication,
but don't forget about limiting the scope of access.
And then working on that profile and posture,
(48:07):
knowing what is on the network
as well as the hygiene of what's on the network.
Yeah, that was good, Mike.
And for my takeaway,
dual more than an MFA.
Probably you've heard it more than you know,
and there's so many features,
(48:28):
capabilities that we have there.
Always that question about eyes versus dual.
Just remember eyes for the network,
dual for applications,
and they integrate together.
The other thing that I have,
and those are the last two things,
implementation of an IM solution.
(48:48):
Remember, planning is key.
One of the things that I always hear
and incorporate it into my talk tracks lately
is measure twice, cut once.
So make sure you have your planning in order.
And the same thing for zero trust.
Understand the framework.
The framework doesn't have to be the same for everybody,
but remember you're securing the workplace,
(49:11):
the workloads or your applications,
and then you're also securing your workforce.
So that's my takeaway.
That's excellent.
John and Sam, thank you guys so much.
I've had the pleasure of knowing you both a long time,
but in all sincerity,
thanks for the security aspect you do in the world,
keeping people safe,
(49:33):
especially when we're talking about healthcare,
DOD type stuff.
Protecting our customers and the world
is something we all are very involved with
and you guys do a great contribution there.
Next episode, Andres, Zero Trust.
So that's kind of cool that we talked about that
(49:54):
a little bit today.
We'll get into talking about modern security principles
that as Andres said, frustrate attackers,
not the users.
Maybe Sam that said that.
I really enjoyed today's conversation.
Stay secure and we'll see everybody on the next show.
Thank you all.
Have a good one.
Popular Podcasts
Are You A Charlotte?
In 1997, actress Kristin Davis’ life was forever changed when she took on the role of Charlotte York in Sex and the City. As we watched Carrie, Samantha, Miranda and Charlotte navigate relationships in NYC, the show helped push once unacceptable conversation topics out of the shadows and altered the narrative around women and sex. We all saw ourselves in them as they searched for fulfillment in life, sex and friendships. Now, Kristin Davis wants to connect with you, the fans, and share untold stories and all the behind the scenes. Together, with Kristin and special guests, what will begin with Sex and the City will evolve into talks about themes that are still so relevant today. "Are you a Charlotte?" is much more than just rewatching this beloved show, it brings the past and the present together as we talk with heart, humor and of course some optimism.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com