Cybersecurity - the final frontier, these are the trials and tribulations that network admins face on an ongoing basis. Sometimes it feels like network admins are Starfleet captainsnavigating unknown galaxies as the infrastructure oforganizations become more complex. Usinga complicated mix of cloud apps, on-prem systems, BYOD, IoT, and more, gone are the days of purely corporate-owned assets.

This means that it is more challenging totrust all the devices on your network anymore. Let's face it, the perimeter has shiftedand users and devices have become theprimary entry points for accessing the network and business applications, and more often thannot they rely on weak legacy password-based access controls. There must be a better way to boldly gowhere every admin has gone before to control both application and network access across your campus, Data Center, and cloud!

On today's modern networks, administrators requiresolutions that providedeep visibility into users, devices, and the applications both on and off the corporate network.

There is no need to set your phasers to stun for non-compliant users or devices, a'zero trust for the workforce' security model answers these challenges by treating every access attempt as if it were an invadingalien species coming from an unknown galaxy, or in this case and untrusted network.

This model focuses on authenticating users and checking the security posture of devices before granting access to applications.By combining the power of Duo Security with Cisco Identity Services Engine (ISE), you have a recipefor successfully implementingmodern access controls which are simple yet astonishingly effective to address some core use cases around these challenges, and more appetizing than a Klingon's RokegBlood Pie.

Decentralization of device management can leave administrators wondering how users are accessing resources. Determining the posture of devices connecting to resources is critical because outdated software often has vulnerabilities that are routinely exploited. Without current endpoint security protections, people can unwittingly turn their devices into a menace on the network, worse than a Tribbleinvasion.Two simple ingredients provide a delicious approach for strong access controls that is easy to replicate anywhere in theenvironment.

Cisco Identity Services Engine (ISE)makes it easy to gain visibilityand control over who and what's on your corporate network consistently across wireless, wired, and VPN connections. As users and devices connect to the network, ISE confirms identities against its own user repository and authenticates those users before it grantsand controls access based on who and what requested network access. Duo Securitycompliments this visibility by providing device insightsfor any device connecting to applications, including devices that are not connected to the corporate environment.

With multi-factor authenticationand adaptive access controls, Duo provides the ability to authenticate the user connecting to the resource and verify the access attempt. Through granular access policies at the application or group membership level, administrators can establish controls to grant or block access attempts by identity or device and based on contextual factors such as user location, network address ranges, biometrics, device security and more.

For devices connected to the corporate network ISE together with Cisco AnyConnectSecure Mobility Client checks the security postureof devices that connect to your network. Duo's Trusted Endpointsaugments these controls and lets you issue device certificates that are checked at login for greater insight into and control over your BYOD environment while limiting access by any personal devices that don't meet your security requirements. With ISE and Duo, you'll benefit from simplified, secure controls needed to grant appropriate access while protecting your organization from the risks of unauthorized people and devices.

