cisco virtual update on duochef, microsoft sccm, airwatch, etc. alternative: cisco duo has a generic...
TRANSCRIPT
Cisco Virtual Update on DUO
4/3– 2020
Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified
Technical Solutions Architect, Cyber Security, Denmark
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
How Cisco Duo delivers Zero Trust for your Workforce
Every Application
Trusted Devices
Trusted Users
Visibility & Policies
Cisco Duo protects organizations by verifying the identity of users and the health of their devices before connecting to the applications they need.
INFORMATION PROPERTY OF DUO SECURITY, INC.
User TrustEstablish user trustwith MFA.
INFORMATION PROPERTY OF DUO SECURITY, INC.
World’s Easiest and Most Secure MFA
Instantly integrates with all apps
Users self-enroll in minutes
Users authenticate in seconds; no codes to enter
INFORMATION PROPERTY OF DUO SECURITY, INC.
Push Soft Token SMS
Phone Call U2F Wearables
Biometrics
Broadest Range of Multi-Factor Authentication (MFA) Options
Hardware Tokens
● Configure authentication options for each application or group of users
● Enable multiple option for users for ease of use and flexibility
Temporary Offline Authentication for Windows
Supported Auth Methods for Windows Offline
● Grab a yubikey or other security key
● Just tap the key!
Users need to authenticate with MFA into their machines before they can access internet / secure portal.
WHY IT’S NEEDEDOFFLINE AUTH VIA OTP WITH DUO MOBILE
● Use the smartphone you own● Enter one-time passcode
OR AUTH WITH A SECURITY KEY
WHO IT’S FOR
Remote users who need to perform 2FA while they are temporarily disconnected from the internet.
INFORMATION PROPERTY OF DUO SECURITY, INC.
REST APIS
WEB SDK
RADIUS
SAML
OIDC
CustomVPN RA SSO
RRAS
Multicloud Email/MSFT On-Prem
Start Here Then Expand
Cisco Duo Supports Your Work Applications
Learn more about application integrations
INFORMATION PROPERTY OF DUO SECURITY, INC.
Enroll Users Easily at Scale
Automatic Enrollment
Admins can import users from existing Azure, LDAP and AD directories
Self Enrollment
Users can self-enroll into Cisco Duo in less than 1 minute
Import Users
Provision users using Cisco Duo’s REST API or add users manual one at a time or through CSV
Learn more about Enrollment Options
INFORMATION PROPERTY OF DUO SECURITY, INC.
Self-Enrollment: Easily enroll users in minutes
● Users easily self-enroll in minutes
● Users leverage their own device
● Enroll thousands of users in hours.
● Reduce TCO by enabling the user to easily enroll with no help needed
Learn more about self-enrollment
INFORMATION PROPERTY OF DUO SECURITY, INC.
User Self-Service
● Users can manage their own 2FA devices during login.
● Add, Remove and Configure Devices
● Reduce TCO by enabling the user to easily manage their own device.
Learn more about Device Management
Device TrustAssess the health and security posture of any device.
INFORMATION PROPERTY OF DUO SECURITY, INC.
Compromised Devices Can Access Your Data
Source: Gartner, Dale Gardner, 2018 Security Summit
of vulnerabilities exploited will be ones
known by security team for at least one year
(through 2021)
Source: Gartner, Dale Gardner, 2018 Security Summit
99%Attackers exploit known vulnerabilities
Patching devices (especially user-owned) is complex
End users continue to access data from potentially vulnerable devices
Accessing critical data from vulnerable devices can be risky
INFORMATION PROPERTY OF DUO SECURITY, INC.
Assess Security PostureEasily identify device security posture, and if they are managed or not based on enrollment in MDMs/EMMs.
Complete Visibility Gain complete visibility into all laptops and mobile devices using native device visibility.Improve
Device Trust with Cisco Duo
Continuous InspectionContinuously monitor if devices are infected with malware by using solutions such as AMP to prevent them from reaching sensitive apps.
INFORMATION PROPERTY OF DUO SECURITY, INC.
How Cisco Duo gathers visibility
Mobile DeviceMobile browsers and the Duo Mobile application
Laptops / DesktopsLaptop/desktop browsers and
Duo Device Health application (New!)
Deep visibility into laptops and desktops
● New functionality (GA Dec 2019)
● Laptop / desktop security health
● Check devices before they login
● Corporate managed and BYO devices
● Supports web-based applications
● Windows 10 and MacOS
INFORMATION PROPERTY OF DUO SECURITY, INC.
Assess Mobile Device Posture without MDM
● Check if mobile devices are up-to-date
● Verify encryption and passcode lock
● Check if devices are jailbroken or tampered
● Works for managed and unmanaged mobile devices
● Corp managed asset status● Biometrics (Touch/Face) status● Screen lock status● OS condition (tampered) status● Encryption status● Platform type● Device OS type● Device OS version● Device owner● Duo Mobile version
● Disk encryption● Firewall enabled● Device password● OS patch level (Win 10)● Third party agents
● Corp managed asset status*● OS type & versions● Browser type & versions● Flash & Java plugins versions● OS, browser and plugins status
Mobile Devices Laptops / Desktops
What information does Cisco Duo gather?
Learn more about Unified Device Visibility
NEW!Duo Device Health App
Native: Microsoft AD, Ivanti (Landesk), AMP
Script based: Symantec Altiris, Chef, Microsoft SCCM, AirWatch, etc.
Alternative: Cisco Duo has a generic cert deployment
Mobile Windows MacOS
Duo: Duo Mobile app can be used to trust mobile devices. (Great for customers w/o MDM)
Native: AirWatch, MobileIron, Google G Suite, Sophos
Alternative: Cisco Duo has a generic cert deployment
Native: Jamf, AMP
Script based: Symantec Altiris, Chef, Microsoft SCCM, AirWatch, etc.
Alternative: Cisco Duo has a generic cert deployment
Learn more about Trusted Endpoints
Identify managed vs BYO devices
Learn more about Trusted Endpoints
NEW
Users use their devices to access application.
Cisco AMP running on the device detected malware.
AMP notifies Cisco Duo about the infected device.
Cisco Duo blocks that device from accessing apps.
Continuous InspectionCisco Duo and AMP work together to provide stronger access security.
AMPAMP
INFORMATION PROPERTY OF DUO SECURITY, INC.
1. Gather AMP credentials from your AMP admin panel
2. Enter AMP credentials in Cisco Duo admin panel
3. Set policies in Cisco Duo to protect against risky devices
Cisco Duo and AMP can be integrated in minutes
INFORMATION PROPERTY OF DUO SECURITY, INC.
Configure AMP policy in Cisco Duo to instantly block risky devices
INFORMATION PROPERTY OF DUO SECURITY, INC.
Protect Every Application
Manage and control who is allowed to access applications.
INFORMATION PROPERTY OF DUO SECURITY, INC.
Example:
User-Based Policies
Learn more about Policy and Control
• Allowed authentication methods
• User enrollment status
• Geolocation
• IP Network Address / Range
• Block Anonymous networks/Tor
INFORMATION PROPERTY OF DUO SECURITY, INC.
Example:
Device-Based Policies• Corporate-owned/BYO (Trusted endpoint)
• OS, browsers, Flash/Java
o Software Type
o Out of Date / Up to Date
• Mobile security status
o Screen lock, biometrics, encryption, jailbroken/tampered
• Remembered / previously known device
Learn more about Policy and Control
INFORMATION PROPERTY OF DUO SECURITY, INC.
Use Cases
All integrations and network diagrams are available at: duo.com/docs
Cisco Duo supports hundreds of apps out of the box.
Secure Any Corporate Application
Integration documents are available at duo.com/docs
INFORMATION PROPERTY OF DUO SECURITY, INC.
USE CASE
Cisco Duo for VPNFor remote access use caseswith any VPN
INFORMATION PROPERTY OF DUO SECURITY, INC.
USE CASE
Cisco Duo & AnyConnect Secure Remote Access• Secure AnyConnect in < 30 minutes
• Users authentication in seconds
• Block unmanaged devices
• Several integration options
• *AVAILABLE ON* ASA and FTD
INFORMATION PROPERTY OF DUO SECURITY, INC.
Cisco Duo for Cloud Applications
Improve End User Productivity SSO
● Easily access all cloud applications from a single dashboard
● Enable consistent security controls across cloud applications
● Secure every cloud application
Duo SSO for Cloud apps
INFORMATION PROPERTY OF DUO SECURITY, INC.
Cisco Duo for MicrosoftO365, RDP/Windows Logon, and Azure AD use cases
https://demo.duo.com/ssh-remote-access
Demo: SSH Access with Duo Beyond
INFORMATION PROPERTY OF DUO SECURITY, INC.
Feature Highlights
Cisco Duo MFA
Cisco Duo Access
Cisco Duo Beyond
● Multi-Factor Authentication● Single Sign-On (SSO)● Protect Any Application● Protect Federated
Cloud Apps
● Adaptive Groups Based Policy Controls
● Unified Device Visibility● User Based Policy● Device Based Policy● Phishing Assessment
● Trusted Endpoints● Secure Remote Access● Duo Mobile as Trusted
Full Capabilities: https://duo.com/pricing
Følg med§ Talos blog
§ Cisco security blog
§ Afholdte seminarer
§ Security Chalk Talks
§ DUO dokumentation
§ DUO demoer
§ DUO PoV / Trial
§ DUO på Youtube
§ DUO sessioner på Cisco Live 2020 Barcelona
§ AMP4E + DUO Integration
§ DUO Zerotrust
§ DUO Zerotrust på Cisco Live 2020 Barcelona
§ DUO Behavioral Security Analytics
§ Join Cisco Security på Blackhat, Defcon etc. ogpå Talos Threat Research Summit @ Cisco Live
Tag fat i jeres Account Manager eller Jesper Rathsach, Tue Frei Noergaard, Kristian Von Staffeldt, Kim Andersen, Kenneth Schwartz eller Mikael Grotrian for en dybere gennemgang, Proof of Value eller en Dcloud demo adgang.