By Katy Ring

February 15, 2024

Cisco is in the middle of an identity shift as it works to increase recurring revenue from subscription-based software and services. The high-profile deal to buy Splunk (which closes later this year) takes Cisco further into cybersecurity and data analytics, adding to its existing ability to gather insight from its hundreds of thousands of endpoints and connections. This is an ability strengthened via ThousandEyes, the Internet and Cloud visibility company it acquired in 2020. Building on this, one big contender for its new market identity is as the cybersecurity guardian of the network. And at Cisco Live in Amsterdam, it continued building this new identity by addressing identity theft.

Identity is the big attack vector 

Identity and access is an emerging cybersecurity battleground, with organised criminal operations targeting ID theft of members of an organization’s C-Suite, or of their SysAdmin roles. The theft often happens over social media platforms in the home or leisure environment. According to Identitytheft.org there is an identity theft case every 22 seconds with identity theft at an all-time high and set to become a bigger issue this year, largely because gen AI is making it easier for bad actors to work with more sophistication in order to steal Personal Identifiable Information (PII).  

This is enabling a huge change in how bad actors are attacking enterprise systems. With deepfake techniques it is increasingly easy to convince individuals to provide enough information for criminals to enter IT systems via the front door, rather than having to hack their way in. Increasingly, criminals are simply logging-in to the systems they want to access by using an authorised identity.

Such an approach is made easier by the sloppy management of SaaS environments, where legacy access privileges remain even though members of staff or contractors are no longer working for the organization. Enterprises themselves often have limited visibility across their environments from an access and identity perspective because they have invested in diverse identity systems over the years, which then creates the security vulnerability created by users trying to navigate different systems with different passwords who are perpetually having to reset passwords. Password reset is a common enough self-service request that criminals armed with stolen PII can take full advantage of.

Cisco’s identity-first approach 

Cisco’s proposition is to help solve the problem without becoming another identity provider because one aspect of the existing problem is that many organisations have far too many identity point solutions in place already. Instead, Cisco is offering enterprises the ability to get insights across their existing security estate via a common identity framework provided by Cisco.

The goal is to create identity intelligence based on human, machine and service identity to enable a continuous security enforcement method based on context and behaviour, using an identity graph. This means that organizations can more clearly see patterns of attack across systems and devices in the network as well as vulnerabilities. For example, Cisco Identity Intelligence can be used to disable accounts that have not been logged into for a while, and decommission laptops that have not been used for years.

Cisco Identity Intelligence works with any identity product that is already in place and pulls telemetry from them to create an identity graph upon which a thin layer of analytics is applied to continually assess each individual’s behaviour to understand whether they should be logging into, say, the customer database and downloading records.

In this way, Emma Carpenter, Chief Revenue Officer for Cisco Security, explains:

We identify insertion points and then look at behavioural changes to spot patterns of connections and lateral movement and if we see something out of synch, then we lock a node down based on this insight.

To take advantage of this capability, organizations do not have to have Cisco kit in place, as the approach does not require deployment of Cisco product. In July, the company is making its Identity and Security Assessment available, which means that Cisco and its partners can work with new and existing customers to help them assess their exposure to identity risk. Cisco Identity Intelligence then provides an easy, fast remedial measure for organizations to take to adopt a Zero Trust identity posture.

Of course, Cisco has a portfolio of security capabilities that further minimise security risk, including Cisco Duo with multi-factor authentication for secure access, its Cisco XDR (Extended Detection and Response) service, and the Cisco Security Cloud platform for multi-cloud environments.

AI is being used to enhance these capabilities for enterprise customers and, for example, one of the announcements at its recent Cisco Live event was the company’s new SaaS product, Motific, to streamline the process of provisioning and managing gen AI assistants and APIs, as well as integrating models across different providers. 

My take

Cisco remains one of the dominant enterprise networking companies, selling more routers and switches than any other company. It is steadily pivoting towards its proclaimed services model and celebrates 40 years of business later this year. The company emerged in the market shortly after the Internet was created but almost a decade before the WWW was released in the public domain. While it lacks the ethical insouciance and bad boy glamor of the 21st Century Big Tech firms, it has pedigree as a safe pair of hands for the network. This combined with its ability to acquire innovative companies is enabling it to raise its game as the go-to cybersecurity network guardian.