Cisco Secure Access brings adaptive, contextual, identity-driven security to every connection.
Security used to start with IP addresses and end with firewall rules. That world is history.
Today, IPs are disposable, devices roam, and users spin up from anywhere on the planet. Yet many SSE solutions still treat security as primarily a network issue and don’t adequately embrace identity as foundational.
Cisco’s changing that. Identity is the new perimeter, and with Cisco Identity Intelligence, Secure Access brings continuous, adaptive access decisions to every user, device, and application.
The Blind Spot: Static View of Identity, Behavior, and Posture in a Dynamic World
Most SSE platforms assume a user is just a login. Authenticate once, and you’re good for the session. But identity and identity-based risks aren’t static. Trust levels shift. User behavior fluctuates. Posture changes. Risk increases. Attackers love to hide behind trusted credentials that have not been adjusted to reflect these dynamic changes.
A non-identity-aware SSE can’t keep up because it treats identity as static versus a living signal. It fails to correlate signals from logins, behaviors, and devices that deviate from typical patterns or guidelines.
When identity, behavior, and posture verifications stay static, attackers move faster.
Cisco Identity Intelligence: Leverage User Trust Level to Reduce Risk
Cisco Secure Access integrates with Cisco Identity Intelligence (CII) to make SSE identity-focused, risk-aware and self-adjusting. Policies can enable access decisions to evolve dynamically based on live identity data, not guesswork.
In September of this year, Cisco extended Secure Access integration with CII beyond user trust levels being visible in the Secure Access dashboard. Policies for ZTNA-protected private traffic can now define when a user’s access should be blocked or reauthenticated, based on a user trust profile that adjusts dynamically with user behavior and posture. For example, a policy may define that when a user’s trust level is untrusted, access should be blocked.
As a safeguard, administrators have the option to bypass blocking an untrusted user, for a specific amount of time. Consider an executive who is traveling to a conference. She connects to an airport Wi-Fi network which she doesn’t normally use, with an IP address that’s questionable, to log into a sensitive/critical application, and she recently had to reset her password.
Those events combined would make her appear “untrusted.” This option allows an administrator to bypass the block, restore the executive’s access, so she can continue her conference activities.
The administrator may enable, for all ZTNA-protected private traffic, a capability that prompts reauthentication according to user trust level. At lower user trust levels, reauthentication will occur more frequently. For example, let’s say a user doing her work and has a trust level of “favorable,” but over time, behavior or posture changes cause her trust level to decrease to “neutral.” This would prompt her reauthentication to occur more frequently.
With this capability, Secure Access is increasingly using dynamic trust data to enrich the organization’s ability to implement least-privilege access controls, heighten security, and reduce risk.
User and Entity Behavior Analytics: Detect Anomalous Behavior
Secure Access’s User and Entity Behavior Analytics (UEBA), also available in September this year, can detect anomalous file operations and impossible travel that could indicate an insider threat. That threat may come from an actual insider with malicious intent or an outsider impersonating a valid user.
Administrators can set Secure Access policies to detect when file uploads, downloads, or deletes exceed the level deemed acceptable for an organization. Additionally, Secure Access can detect impossible travel, such as a user trying to login from San Jose and Paris at times that aren’t possible, suggesting a stolen credential.
Administrators now have clear visibility into these risky behaviors that may indicate account compromise or malicious behavior via detailed UEBA reports and “top risky users” in the dashboard main screen.
We will continue expanding UEBA such that in the future, the behavioral/analytics data will inform automated action (as chosen by the customer and defined in policy) to increase security protection.
Continuous Posture: Adapt to High-Risk Posture Changes
Cisco Secure Access continuous device posture feature, released in September, enables organizations to detect any reduction in endpoint posture compliance during a live session and quickly react by ending the session to avoid undue risk. For example, if the local firewall is disabled part way through a session, Secure Access will identify the action and can automatically terminate the session.
This capability provides a quick reaction to any change that represents an increased endpoint risk in the middle of ongoing user activities. The detection and adaptive reaction are captured and presented in the user’s activity logs for administrators.
Now and Going Forward: Cisco Guides Your Journey to Dynamic, Adaptive Access
Today, Secure Access is enriched with identity intelligence, user and entity behavior analytics (UEBA), and continuous device posture analysis. Organizations can benefit now from powerful features—such as policies that adjust access based on trust profiles, detection of anomalous user behavior, and automated responses to risky device changes—empowering them to implement granular, risk-aware security at scale.
Looking ahead, continued Cisco innovation will bring these capabilities closer together, resulting in ever-more sophisticated adaptive access controls that improve the ability to respond swiftly to threats, tailor access policies for evolving security needs, and reduce business risk. Our commitment to enriching Secure Access capability is unwavering, as is our commitment to help our customers remain a step (or two or three steps) ahead in today’s dynamic threat landscape.
Click here to learn more about Secure Access and its many capabilities.
We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.
Cisco Security Social Media