More than two-thirds of current security breaches are based on inefficient authentication systems and/or stolen passwords. (*) If you want to eliminate identity and access management issues and increase the level of protection of the entire organization, Datanet Systems offers the solution of a complete security architecture based on the Cisco ISE solution, over which applications from different vendors can be integrated.
According to Datanet Systems security specialists, the main disruptive factors faced by companies regarding users’ identity and access control to information resources are:
- Increased mobile workforce: the large number of mobile users generates new types of security risks, IT departments having limited control over how they access the resources of organizations;
- logging data management: Managing user credentials “manually” affects end-user efficiency and may lead to increased security risks in the case of revocation or limitation of access rights;
- BYOD strategies adoption: the heterogeneity of mobile device fleets within organizations and a large number of versions of operating systems creates problems for IT departments that have to control the level of protection of each equipment used to access resources and its compliance with internal security policies and legal requirements.
To keep all these risk factors under control, Datanet proposes an architecture model that is based on the Cisco Identity Service Engine solution, over which it integrates security solutions from many vendors.
The advantages of a proven solution
By customizing Cisco ISE’s functionality according to the specific requirements of each organization, Datanet helps companies to:
- Simplify access management effort by centralizing and unifying authentication and authorization methods;
- Define and apply uniform access policies across the organization, based on roles and rights categories;
- Extend visibility to users’ activity, regardless of the type of network (wired, wireless or VPN);
- Effectively manage any device that attempts to access the network by granting or blocking access to the network according to the level of compliance of the equipment with the default security requirements;
- Facilitate and secure access for occasional external users;
- Accelerate and expand the adoption of mobility within the organization.
In addition, by integrating with other applications (both from Cisco and other vendors), Datanet can increase the level of automation of security measures, sharing information about user identity, device status, location, types of accessed resources, the log of log data, patterns of behavior, etc.
An important competitive advantage put forward by Datanet in its implementation is that ISE is a complete solution with a solid market-confirmed status where Cisco continuously invests. For example, version 2.0, released last August, has brought many other simultaneous support improvements for RADIUS and TACACS + protocols, simplification of administrator management effort (through the introduction of Device Administration Work Center), new reporting and monitoring tools (from ISE Administrator Portal) and extensive abilities on user behavior analysis and traceability. And the solution continues to evolve rapidly – within a year Cisco ISE has reached version 2.3, adding new features.
Extensive integration capabilities
Another advantage of Cisco ISE is that it is designed to function as a centralized management platform of the resource access policies, over which various other solutions can be integrated. The capabilities that Datanet exploits by creating flexible mechanisms for authentication, authorization, monitoring, filtering, and automation of access management. For example, ISE being an integral part of Cisco TrustSec technology can do networking segmentation, users’ access to different levels being permitted according to their identity, rights, the status of devices used to access, etc. Integration with Cisco Advance Malware Protection (AMP) ensures real-time monitoring and blocking of malicious applications download – once an event has been detected, based on defined rules, ISE can automatically quarantine the device by limiting the associated risks. Contextual information can also be retrieved from Cisco StealtWach, which has advanced functionality to analyze and identify user behavioral anomalies by integrating with ISE the response speed against threats and their detection time improves.
ISE platform integration capabilities don’t limit only to Cisco applications, this is why Datanet is constantly executing deployments with security solutions by Symantec, Qualys, LogRythm SIEM solution type or EMM applications, like AirWatch. The list of solutions that Cisco ISE can be integrated with is even more extended, popular names like Brocade, MobileIron, SAP Afaria, Citrix XenMobile, Juniper, VMware being part of it.
Datanet has three major competitive advantages and can bring added value to the extended integration capacities of the Cisco platform:
- it has the main Cisco partner in Romania;
- it has the biggest Cisco team of highly certified specialists;
- it has an impressive portfolio of security solution integrations.
Additionally, Datanet has the experience and operational capacity to cover a large scale of services, from developing, implementation and customization of a solution to consultancy services, maintenance, and specialized training capabilities.
(*) 81% according to Verizon 2017 Data Breach Investigations Report.