1 00:00:00,000 --> 00:00:01,640 Appreciate everybody joining in. 2 00:00:02,640 --> 00:00:06,240 See, Andres, today, May 24th, 3 00:00:06,240 --> 00:00:08,720 and welcome to the Security in 45 show, everybody. 4 00:00:08,720 --> 00:00:12,680 Today, we've got a pretty cool topic, identity management, 5 00:00:12,680 --> 00:00:16,200 something that everybody is using 6 00:00:16,200 --> 00:00:18,560 and could probably simplify. 7 00:00:18,560 --> 00:00:20,160 I like this topic, Andres. 8 00:00:20,160 --> 00:00:23,240 Users are the biggest threats in the network 9 00:00:23,240 --> 00:00:24,640 that we see every day. 10 00:00:25,560 --> 00:00:28,280 Proper identity management rules can make our lives 11 00:00:28,280 --> 00:00:32,480 as network and security engineers a lot simpler 12 00:00:32,480 --> 00:00:36,000 once we get kind of centralized management control. 13 00:00:36,000 --> 00:00:39,160 So I'm excited to learn a little bit more about that today. 14 00:00:40,160 --> 00:00:42,420 Yeah, and it's gonna be interesting. 15 00:00:43,440 --> 00:00:47,120 Identity management, what we see today is that very vital 16 00:00:47,120 --> 00:00:49,880 for any company doing hybrid work, 17 00:00:49,880 --> 00:00:51,320 users working from home, 18 00:00:51,320 --> 00:00:54,520 users working from anywhere or even in the office. 19 00:00:54,520 --> 00:00:59,520 So it's gonna make a lot of sense in basically, 20 00:01:00,120 --> 00:01:02,680 identity management is how we define roles 21 00:01:02,680 --> 00:01:04,920 and force role-based access, 22 00:01:04,920 --> 00:01:07,740 which is one of the things that we hear a lot 23 00:01:07,740 --> 00:01:10,560 from our customers nowadays. 24 00:01:10,560 --> 00:01:13,560 It is also one of the things that we want to make sure 25 00:01:13,560 --> 00:01:18,560 we know when we start planning our zero trust frameworks 26 00:01:20,580 --> 00:01:23,480 or implementations and things like that. 27 00:01:23,480 --> 00:01:26,000 And today we have John and we have Sam 28 00:01:26,000 --> 00:01:27,680 and these guys are amazing. 29 00:01:27,680 --> 00:01:30,520 They've been doing security for a while. 30 00:01:30,520 --> 00:01:34,040 So super excited to have them on the show today 31 00:01:34,040 --> 00:01:37,240 just to talk about identity management. 32 00:01:37,240 --> 00:01:40,960 And with that, John and Sam, I'm gonna give it to you. 33 00:01:40,960 --> 00:01:42,760 John, if you wanna introduce yourself 34 00:01:42,760 --> 00:01:44,840 and then pass it to Sam. 35 00:01:44,840 --> 00:01:46,480 Awesome, thank you very much. 36 00:01:46,480 --> 00:01:47,760 So a little bit about myself. 37 00:01:47,760 --> 00:01:50,680 I've been with Cisco for a little over a decade 38 00:01:50,680 --> 00:01:53,760 at this point, so I think pushing 11, 12 years, 39 00:01:53,760 --> 00:01:56,440 about 10 of those years I was in tech, 40 00:01:56,440 --> 00:01:59,240 specifically around security, around ICE, 41 00:01:59,240 --> 00:02:02,000 and then literally every single piece of security 42 00:02:02,000 --> 00:02:03,400 we have out there. 43 00:02:03,400 --> 00:02:05,120 And then from there I got pulled over to pre-sales 44 00:02:05,120 --> 00:02:09,560 where I got to meet back up with Mike and Andreas and Sam, 45 00:02:09,560 --> 00:02:11,360 pushing commercial East. 46 00:02:11,360 --> 00:02:16,360 And now I am one of the two TSAs in the Navy for the DoD. 47 00:02:17,040 --> 00:02:18,600 Again, all things secured. 48 00:02:18,600 --> 00:02:20,160 Sam. 49 00:02:20,160 --> 00:02:22,480 Hi everyone, so my name's Sam Baxter 50 00:02:22,480 --> 00:02:25,360 and I'm a Solutions Engineer as well at Cisco. 51 00:02:25,360 --> 00:02:27,840 I've been here going on nine years. 52 00:02:27,840 --> 00:02:31,160 The first half of that I worked as a consulting engineer, 53 00:02:31,160 --> 00:02:32,720 doing a lot of post-sales delivery 54 00:02:32,720 --> 00:02:34,720 for multiple technologies. 55 00:02:34,720 --> 00:02:36,160 I moved into pre-sales, 56 00:02:36,160 --> 00:02:38,360 so got to work with these fine gentlemen 57 00:02:39,440 --> 00:02:41,360 with commercial East. 58 00:02:41,360 --> 00:02:44,520 And now I'm working to support our enterprise customers. 59 00:02:44,520 --> 00:02:46,960 So just focusing on all things security. 60 00:02:46,960 --> 00:02:51,960 And my background has been focused on identity. 61 00:02:52,000 --> 00:02:54,040 So looking forward to the conversation today. 62 00:02:54,040 --> 00:02:55,720 Nice to meet you all. 63 00:02:55,720 --> 00:02:58,280 I'm pretty fortunate to have been able to work 64 00:02:58,280 --> 00:03:00,400 with all of you on the same team 65 00:03:00,400 --> 00:03:01,640 at different times throughout our career. 66 00:03:01,640 --> 00:03:03,920 John, you were always the guy I could ask 67 00:03:03,920 --> 00:03:06,120 all my ICE questions to back in the TAT days 68 00:03:06,120 --> 00:03:07,200 and then coming to pre-sales, 69 00:03:07,200 --> 00:03:08,960 being on the same team with you and Sam 70 00:03:08,960 --> 00:03:10,200 and now with Andreas. 71 00:03:10,200 --> 00:03:11,920 Guys are already getting some good compliments 72 00:03:11,920 --> 00:03:14,880 in the chat here. 73 00:03:14,880 --> 00:03:16,680 Ferdinand and Lucas and Anthony, 74 00:03:16,680 --> 00:03:18,000 appreciate the comments. 75 00:03:18,000 --> 00:03:19,760 Any comments or questions you guys have, 76 00:03:19,760 --> 00:03:20,600 just throw them in there. 77 00:03:20,600 --> 00:03:22,440 And if we can't answer them live on the show, 78 00:03:22,440 --> 00:03:24,760 happy to sync up with you guys one-on-one 79 00:03:24,760 --> 00:03:28,360 or we'll of course answer those all through email as well. 80 00:03:28,360 --> 00:03:29,200 All right. 81 00:03:31,040 --> 00:03:34,840 IAM, like what is IAM Sam? 82 00:03:34,840 --> 00:03:35,760 What does it do? 83 00:03:35,760 --> 00:03:38,000 Is IAM Active Directory? 84 00:03:38,000 --> 00:03:39,680 Could you elaborate kind of high level 85 00:03:39,680 --> 00:03:43,800 what IAM stands for and what we're talking about here? 86 00:03:43,800 --> 00:03:48,640 Yeah, yeah, so IAM stands for Identity and Access Management. 87 00:03:48,640 --> 00:03:50,760 It's important to understand that IAM 88 00:03:50,760 --> 00:03:53,720 is not a specific product. 89 00:03:53,720 --> 00:03:56,920 It's really like a strategy and a framework. 90 00:03:57,760 --> 00:04:02,200 Multiple different products can provide IAM capabilities. 91 00:04:02,200 --> 00:04:05,640 But essentially the core objective of IAM 92 00:04:05,640 --> 00:04:08,440 is to make sure that you protect your assets. 93 00:04:08,440 --> 00:04:11,320 As users are accessing your resources, 94 00:04:11,320 --> 00:04:14,760 you wanna make sure you're giving the right level of access 95 00:04:14,760 --> 00:04:16,440 to the right people. 96 00:04:16,440 --> 00:04:20,080 And Active Directory can play a big part there 97 00:04:20,080 --> 00:04:21,360 as a user directory, 98 00:04:21,360 --> 00:04:24,720 but it doesn't have to be just Active Directory, right? 99 00:04:24,720 --> 00:04:28,200 Could be a SAML IDP, could be another authentication source. 100 00:04:29,200 --> 00:04:32,480 But there are a lot of capabilities within IAM. 101 00:04:32,480 --> 00:04:37,480 So things like single sign-on, focusing on helping users, 102 00:04:37,480 --> 00:04:41,520 to eliminate friction with users. 103 00:04:41,520 --> 00:04:45,280 And then you also have like your security components, right? 104 00:04:45,280 --> 00:04:48,920 Device trust, lightweight posturing. 105 00:04:48,920 --> 00:04:52,120 So a lot of that stuff we'll get into in the future 106 00:04:52,120 --> 00:04:56,520 on this call, but IAM also should allow you 107 00:04:56,520 --> 00:04:59,000 to do governance of your policies. 108 00:04:59,000 --> 00:05:02,600 So you really wanna make sure you have adequate logging. 109 00:05:03,440 --> 00:05:06,880 Wanna make sure that you can look back at the access request 110 00:05:06,880 --> 00:05:11,880 and make sure that this user logging into this resource 111 00:05:13,520 --> 00:05:14,440 is tracked, right? 112 00:05:14,440 --> 00:05:18,920 So you can have a trail of these requests. 113 00:05:18,920 --> 00:05:21,800 But yeah, it's not a specific product. 114 00:05:22,800 --> 00:05:24,480 At Cisco we have Duo, 115 00:05:24,480 --> 00:05:27,600 and that's gonna provide a lot of IAM capabilities, 116 00:05:27,600 --> 00:05:29,960 but we can integrate with other solutions as well 117 00:05:29,960 --> 00:05:32,360 to strengthen that identity security. 118 00:05:33,560 --> 00:05:35,080 Just to kind of really continue on 119 00:05:35,080 --> 00:05:36,400 with what Sam is mentioning. 120 00:05:36,400 --> 00:05:38,960 It is a full solution. 121 00:05:38,960 --> 00:05:40,960 We have to make sure that you are looking 122 00:05:40,960 --> 00:05:42,640 at the right product for the features 123 00:05:42,640 --> 00:05:45,720 that you are trying to secure. 124 00:05:45,720 --> 00:05:48,360 So IAM is not gonna be a single vendor. 125 00:05:48,360 --> 00:05:52,480 Cisco has multiple different pieces that can do IAM, 126 00:05:52,480 --> 00:05:55,320 or can do parts of IAM, 127 00:05:55,320 --> 00:05:58,080 but it's not gonna be a single vendor. 128 00:05:58,080 --> 00:05:59,480 It's not gonna be a single product 129 00:05:59,480 --> 00:06:01,320 that we're gonna be looking forward to really 130 00:06:01,320 --> 00:06:03,000 lock down an entire environment. 131 00:06:03,000 --> 00:06:05,440 And that's where pretty much this whole conversation 132 00:06:05,440 --> 00:06:07,280 is gonna go into is what pieces and parts 133 00:06:07,280 --> 00:06:08,680 that we can look at to make sure 134 00:06:08,680 --> 00:06:11,000 that your full solution is ready. 135 00:06:12,000 --> 00:06:12,840 Very nice. 136 00:06:12,840 --> 00:06:16,200 So thinking of it more holistically in terms of a solution, 137 00:06:16,200 --> 00:06:17,880 maybe it takes a while, 138 00:06:17,880 --> 00:06:19,920 a journey to get to where you really wanna be 139 00:06:19,920 --> 00:06:22,680 since it's not a particular product, but great stuff. 140 00:06:22,680 --> 00:06:25,800 And Sam, I like to call about the accounting portion 141 00:06:25,800 --> 00:06:28,000 of it as well, kind of having those logs 142 00:06:28,000 --> 00:06:31,440 so we can see if we need to look back in time 143 00:06:31,440 --> 00:06:34,480 for any type of threats or access control. 144 00:06:34,480 --> 00:06:36,840 Yeah, just to add onto that, right? 145 00:06:36,840 --> 00:06:38,600 Like we just wanna make sure 146 00:06:38,600 --> 00:06:40,520 if there is unauthorized access 147 00:06:40,520 --> 00:06:44,080 or any type of breach or anything, right? 148 00:06:44,080 --> 00:06:45,960 Session theft, we wanna make sure 149 00:06:45,960 --> 00:06:47,840 that we're able to track that. 150 00:06:47,840 --> 00:06:51,240 And a big component of IAM is being able to respond 151 00:06:51,240 --> 00:06:54,200 to those threats in real time, right? 152 00:06:54,200 --> 00:06:59,200 So that's a capability that Cisco has improved upon. 153 00:06:59,280 --> 00:07:02,560 So we can definitely talk about that later on the call. 154 00:07:02,560 --> 00:07:04,280 And would that be just people running around 155 00:07:04,280 --> 00:07:06,400 like manually unplugging ports out of walls 156 00:07:06,400 --> 00:07:07,240 and stuff like that? 157 00:07:07,240 --> 00:07:08,640 Is that what we're talking about? 158 00:07:08,640 --> 00:07:10,880 No, no, you wanna make sure you can tie it back 159 00:07:10,880 --> 00:07:12,480 into that directory, right? 160 00:07:12,480 --> 00:07:15,220 Maybe to adjust those rights in real time 161 00:07:15,220 --> 00:07:18,760 or just remove the user from the network, right? 162 00:07:18,760 --> 00:07:21,520 Adjusting the session or making that session invalid. 163 00:07:21,520 --> 00:07:24,080 Yeah, glad to hear there's a better way. 164 00:07:24,080 --> 00:07:26,040 And honestly, you could still run around 165 00:07:26,040 --> 00:07:28,040 and unplug and plug for us. 166 00:07:28,040 --> 00:07:28,880 That's where I am. 167 00:07:28,880 --> 00:07:30,040 I'm just using the old scissors. 168 00:07:30,040 --> 00:07:31,800 Just to cut the cable. 169 00:07:31,800 --> 00:07:34,280 Just updating myself here. 170 00:07:34,280 --> 00:07:37,120 That was awesome. 171 00:07:37,120 --> 00:07:41,520 And it's a good, interesting just conversation 172 00:07:41,520 --> 00:07:43,320 about capabilities features, 173 00:07:43,320 --> 00:07:45,280 things that we can do with IAM. 174 00:07:45,280 --> 00:07:48,200 So pretty cool with that. 175 00:07:48,200 --> 00:07:50,280 John, the next question I have 176 00:07:50,280 --> 00:07:54,040 and it's just to dig deeper into identity management 177 00:07:54,040 --> 00:07:55,600 or IAM capabilities, 178 00:07:55,600 --> 00:07:58,280 if we can share a little bit about that. 179 00:07:58,280 --> 00:08:00,320 Yeah, so the main purpose of IAM 180 00:08:00,320 --> 00:08:04,040 is to validate users and devices coming onto the network. 181 00:08:04,040 --> 00:08:06,760 So that can be done many different ways. 182 00:08:06,760 --> 00:08:09,000 And then from there, the authorization of it. 183 00:08:09,000 --> 00:08:11,560 So we're really talking AAA across the board. 184 00:08:11,560 --> 00:08:15,040 Authentication for the users, for the devices, 185 00:08:15,040 --> 00:08:16,760 pieces and parts coming onto, 186 00:08:16,760 --> 00:08:18,960 whether it's your network accessing applications, 187 00:08:18,960 --> 00:08:20,800 your workloads, what have you. 188 00:08:20,800 --> 00:08:23,040 And then the authorization part. 189 00:08:23,040 --> 00:08:24,000 What are they doing? 190 00:08:24,000 --> 00:08:25,480 What are they allowed to be doing? 191 00:08:25,480 --> 00:08:28,200 Should we allow access, block access, 192 00:08:28,200 --> 00:08:31,160 really kind of give it restrictive pieces? 193 00:08:31,160 --> 00:08:32,320 If somebody's coming in, 194 00:08:32,320 --> 00:08:35,200 they have a vulnerability on their machine. 195 00:08:35,200 --> 00:08:38,080 How can we quarantine them so we can fix them later? 196 00:08:38,080 --> 00:08:42,080 It may not just be restriction that's going on here. 197 00:08:42,080 --> 00:08:43,520 We could also redirect. 198 00:08:43,520 --> 00:08:46,520 So if we're looking at user or guest user access 199 00:08:46,520 --> 00:08:48,280 that's coming onto the network, 200 00:08:48,280 --> 00:08:51,160 we can redirect them to a portal, make people log in. 201 00:08:51,160 --> 00:08:53,840 So you know anything and everything that's going on. 202 00:08:53,840 --> 00:08:55,680 And really leaning back on that, 203 00:08:55,680 --> 00:08:58,840 that's where we can go onto the last A of AAA, 204 00:08:59,840 --> 00:09:01,360 the accounting portion of it. 205 00:09:01,360 --> 00:09:02,720 Where are we getting those logs? 206 00:09:02,720 --> 00:09:03,840 What logs do we need? 207 00:09:03,840 --> 00:09:04,920 Where are we sending those logs 208 00:09:04,920 --> 00:09:06,080 that we can go back and look at? 209 00:09:06,080 --> 00:09:08,040 Like Sam was mentioning earlier. 210 00:09:08,040 --> 00:09:09,960 What is our audit trail? 211 00:09:09,960 --> 00:09:13,320 How do we prevent the sensitive data from getting out there? 212 00:09:13,320 --> 00:09:15,760 And of course, as Mike mentioned at the very beginning, 213 00:09:15,760 --> 00:09:19,560 it's all about, first we wanna protect the users with IAM. 214 00:09:19,560 --> 00:09:21,800 Then we also wanna protect the devices 215 00:09:21,800 --> 00:09:24,080 when it comes to whether it's ICE doing posture, 216 00:09:24,080 --> 00:09:26,280 or Duo doing device insights. 217 00:09:26,280 --> 00:09:29,080 How can we see things coming into your environment? 218 00:09:29,080 --> 00:09:31,480 And a lot of it's going to kind of circle back 219 00:09:31,480 --> 00:09:33,840 into a conversation of zero trust. 220 00:09:33,840 --> 00:09:35,440 Andrea, as you mentioned earlier, 221 00:09:35,440 --> 00:09:37,480 zero trust is a big term that's gonna be out there. 222 00:09:37,480 --> 00:09:39,320 And I'm sure we're gonna be talking more and more about it. 223 00:09:39,320 --> 00:09:42,240 So I don't wanna belabor it right now. 224 00:09:42,240 --> 00:09:46,560 But IAM starts off with let's validate everybody. 225 00:09:46,560 --> 00:09:49,000 And now let's make sure that we have the 226 00:09:49,000 --> 00:09:52,000 correct authorization for them within the network, 227 00:09:52,000 --> 00:09:54,800 accessing the application, your workload, what have you. 228 00:09:56,000 --> 00:09:57,760 That's great info, John. 229 00:09:57,760 --> 00:09:59,160 Thank you, thank you so much. 230 00:09:59,160 --> 00:10:04,080 And yeah, that is also one of the pillars for zero trust. 231 00:10:04,080 --> 00:10:06,640 And that's good segue for what we're gonna talk 232 00:10:06,640 --> 00:10:07,560 in a few minutes. 233 00:10:09,680 --> 00:10:13,320 John, the part you mentioned about the authorization, 234 00:10:13,320 --> 00:10:16,520 do you, in your opinion, do you feel that that's a part 235 00:10:16,520 --> 00:10:18,880 that maybe gets overlooked too frequently? 236 00:10:18,880 --> 00:10:22,160 Because I think of the first A, the authentication, 237 00:10:22,160 --> 00:10:23,440 that's something everyone's doing. 238 00:10:23,440 --> 00:10:27,200 But how common is it, or are people doing a great job 239 00:10:27,200 --> 00:10:30,240 with authorization that you generally find? 240 00:10:30,240 --> 00:10:32,760 It is a very mixed bag that's out there. 241 00:10:32,760 --> 00:10:36,820 So it's easy to give somebody all access, 242 00:10:36,820 --> 00:10:39,200 and it's easy to give somebody no access. 243 00:10:39,200 --> 00:10:41,360 So the no access is usually the most secure. 244 00:10:41,360 --> 00:10:44,240 That's where we start talking zero trust. 245 00:10:44,240 --> 00:10:45,880 Zero access, zero trust. 246 00:10:45,880 --> 00:10:48,160 We don't trust anybody that's out there. 247 00:10:48,160 --> 00:10:51,380 But then it's very easy to give somebody full access. 248 00:10:51,380 --> 00:10:56,380 So when it comes to modern IAM capabilities, 249 00:10:57,120 --> 00:10:58,520 a lot of this can be dynamic. 250 00:10:58,520 --> 00:11:01,560 So as a user comes in, they authenticate, 251 00:11:01,560 --> 00:11:03,240 maybe as you mentioned, they go through, 252 00:11:03,240 --> 00:11:04,300 they pulled a cable, 253 00:11:04,300 --> 00:11:06,200 but then they plug the cable in somewhere else. 254 00:11:06,200 --> 00:11:09,620 How do we make sure that they have the same authorization 255 00:11:09,620 --> 00:11:10,820 from port to port? 256 00:11:10,820 --> 00:11:12,960 Or if they're trying to spoof a phone 257 00:11:12,960 --> 00:11:13,800 or something like that, 258 00:11:13,800 --> 00:11:16,320 how do we make sure that they stay 259 00:11:16,320 --> 00:11:17,720 where they're supposed to be? 260 00:11:17,720 --> 00:11:19,240 How do we make sure that they stay in their lane 261 00:11:19,240 --> 00:11:21,160 is the easiest way I can say it. 262 00:11:21,160 --> 00:11:23,080 And all of that is going to come down 263 00:11:23,080 --> 00:11:24,980 to that authorization side. 264 00:11:26,300 --> 00:11:29,640 Most users out there, again, zero or all. 265 00:11:29,640 --> 00:11:31,280 It doesn't have to be that way. 266 00:11:31,280 --> 00:11:33,400 Everything can be configured on the central side. 267 00:11:33,400 --> 00:11:35,240 Again, whether it's gonna be off of Duo, 268 00:11:35,240 --> 00:11:37,400 it's gonna be off of ICE, secure workload. 269 00:11:37,400 --> 00:11:39,000 We can start locking things down 270 00:11:39,000 --> 00:11:41,220 based off of segmentation rules. 271 00:11:41,220 --> 00:11:43,080 So we're looking at macro segmentation, 272 00:11:43,080 --> 00:11:44,600 micro segmentation. 273 00:11:44,600 --> 00:11:47,000 However, we can really start limiting it down. 274 00:11:47,000 --> 00:11:49,940 And for me, the implementation is gonna be key. 275 00:11:49,940 --> 00:11:51,880 So you always start off large 276 00:11:51,880 --> 00:11:54,160 and you start scoping it down. 277 00:11:54,160 --> 00:11:56,640 I'm sure we'll talk about that more here in a bit too. 278 00:11:56,640 --> 00:11:57,680 That's great. 279 00:11:57,680 --> 00:11:58,840 Excellent. 280 00:11:58,840 --> 00:12:01,400 A live question did come in 281 00:12:01,400 --> 00:12:03,760 in terms of what are the key benefits 282 00:12:03,760 --> 00:12:08,500 of using Cisco as an identity solution? 283 00:12:08,500 --> 00:12:10,520 So any thoughts on that? 284 00:12:10,520 --> 00:12:13,420 I know we're not trying to plug Cisco here. 285 00:12:13,420 --> 00:12:14,840 We're talking more industry concepts, 286 00:12:14,840 --> 00:12:16,920 but any call-outs there? 287 00:12:17,880 --> 00:12:19,640 So I'll jump onto that. 288 00:12:19,640 --> 00:12:22,460 Sam, back me up with whatever you wanna put in there. 289 00:12:23,440 --> 00:12:26,960 Interoperability is the biggest thing that comes from Cisco. 290 00:12:26,960 --> 00:12:30,360 So when it comes to whether we're looking at ICE and Duo 291 00:12:30,360 --> 00:12:33,400 or really just ICE is kind of a linchpin 292 00:12:33,400 --> 00:12:35,080 across your whole system, 293 00:12:35,080 --> 00:12:37,960 the interoperability that we put out there, 294 00:12:37,960 --> 00:12:40,080 we follow the RFCs for anything and everything. 295 00:12:40,080 --> 00:12:43,560 So if we're looking at specifically say radius, 296 00:12:43,560 --> 00:12:45,680 if we're looking at communication between them, 297 00:12:45,680 --> 00:12:48,760 we have open APIs across all of our platform now. 298 00:12:48,760 --> 00:12:50,880 We'll use PXGrid to be able to communicate, 299 00:12:50,880 --> 00:12:52,760 share information back and forth. 300 00:12:52,760 --> 00:12:57,200 And we're not looking at just our IAM solutions 301 00:12:57,200 --> 00:12:58,680 when it comes to that interoperability. 302 00:12:58,680 --> 00:13:01,160 So we'll integrate with our secure firewalls, 303 00:13:01,160 --> 00:13:03,000 our secure workload, 304 00:13:03,000 --> 00:13:04,880 our email access is gonna be out there, 305 00:13:04,880 --> 00:13:06,440 our web access is out there. 306 00:13:06,440 --> 00:13:08,680 The amount that we can operate, 307 00:13:08,680 --> 00:13:10,720 and it's not just with Cisco products, 308 00:13:10,720 --> 00:13:12,480 it's kind of across the whole board. 309 00:13:12,480 --> 00:13:15,120 Our whole goal is that we want to interoperate 310 00:13:15,120 --> 00:13:18,480 with everything that's in your network. 311 00:13:18,480 --> 00:13:23,000 We want to be the central part of your security, 312 00:13:23,000 --> 00:13:25,760 but we don't want to overload your system. 313 00:13:25,760 --> 00:13:27,480 We don't wanna change out what's there. 314 00:13:27,480 --> 00:13:29,880 If something's working, let's work with it. 315 00:13:29,880 --> 00:13:34,520 Instead of pulling out your whole IAM solution now 316 00:13:34,520 --> 00:13:35,800 and adding in something else 317 00:13:35,800 --> 00:13:38,480 and trying to change everything all at once, let's build. 318 00:13:38,480 --> 00:13:39,760 Let's utilize what you have, 319 00:13:39,760 --> 00:13:41,080 let's build and make it stronger. 320 00:13:41,080 --> 00:13:43,440 Let's fill those holes within your security. 321 00:13:45,560 --> 00:13:47,200 Yeah, I'll just add, 322 00:13:48,480 --> 00:13:50,800 just based on where Cisco is going, 323 00:13:51,640 --> 00:13:54,040 from our identity portfolio. 324 00:13:54,040 --> 00:13:59,040 So we've been doing a lot of development acquisitions, 325 00:13:59,280 --> 00:14:01,560 and now we do have the capability 326 00:14:01,560 --> 00:14:05,800 for identity threat detection and response. 327 00:14:05,800 --> 00:14:10,720 So that's another market that Gartner is putting out there 328 00:14:10,720 --> 00:14:14,040 that a lot of organizations are starting to look into. 329 00:14:14,040 --> 00:14:16,720 So we do have that capability where, 330 00:14:16,720 --> 00:14:17,880 like I said earlier, 331 00:14:17,880 --> 00:14:20,440 you might have multiple authentication sources. 332 00:14:20,440 --> 00:14:23,640 So we can track a user that may be coming in 333 00:14:23,640 --> 00:14:26,840 from a workday or an HR system. 334 00:14:27,800 --> 00:14:31,120 We can look at, if you have like an Okta 335 00:14:31,120 --> 00:14:35,480 or another IAM vendor, we can look at session theft 336 00:14:35,480 --> 00:14:40,480 and be able to remove that user session from the network 337 00:14:40,760 --> 00:14:42,320 or from an asset. 338 00:14:42,320 --> 00:14:46,560 So there's a lot of innovation going in at Cisco. 339 00:14:46,560 --> 00:14:48,240 So we can definitely provide links 340 00:14:48,240 --> 00:14:51,000 and give you some direction on where we're going. 341 00:14:51,000 --> 00:14:53,560 But I think that's one of the biggest selling points 342 00:14:53,560 --> 00:14:58,560 or the biggest advantages of looking at Cisco for identity. 343 00:14:58,720 --> 00:15:02,120 Just the direction that we're going is huge. 344 00:15:02,120 --> 00:15:07,120 That's really good information on both fronts. 345 00:15:07,480 --> 00:15:09,800 And just, as you guys mentioned, 346 00:15:09,800 --> 00:15:13,520 multi-factor authentication is probably the easiest thing 347 00:15:13,520 --> 00:15:17,440 to knock out on a security strategy. 348 00:15:17,440 --> 00:15:18,280 That's great. 349 00:15:20,200 --> 00:15:21,040 All right. 350 00:15:21,040 --> 00:15:23,840 So I do have the- 351 00:15:23,840 --> 00:15:28,840 Sam, what tools or methods do we have specific to IAM 352 00:15:28,840 --> 00:15:33,840 that you see customers utilizing to harden their security 353 00:15:34,560 --> 00:15:37,360 for the identity of the users and the devices 354 00:15:37,360 --> 00:15:39,360 that are connecting onto the network? 355 00:15:40,400 --> 00:15:44,520 Yeah, so number one, we really recommend customers 356 00:15:44,520 --> 00:15:47,480 to move beyond just a single factor. 357 00:15:47,480 --> 00:15:50,440 So not just relying on username and password 358 00:15:50,440 --> 00:15:52,560 to grant access to resources. 359 00:15:52,560 --> 00:15:57,440 So one of the biggest components of IAM 360 00:15:57,440 --> 00:16:00,440 solution is multi-factor authentication. 361 00:16:00,440 --> 00:16:05,440 It's going to be table stakes to protect some of these user 362 00:16:05,520 --> 00:16:08,280 accounts against unauthorized access. 363 00:16:08,280 --> 00:16:11,440 So within Duo, within a lot of solutions, 364 00:16:11,440 --> 00:16:15,240 there are multiple authentication methods you can use. 365 00:16:15,240 --> 00:16:18,400 Some of the more legacy ones are SMS, 366 00:16:18,400 --> 00:16:21,160 text messages or phone callbacks. 367 00:16:21,160 --> 00:16:23,080 But we're seeing a lot of customers moving 368 00:16:23,080 --> 00:16:25,240 towards stronger authentication methods. 369 00:16:25,240 --> 00:16:28,800 So things like security keys, so like UB keys 370 00:16:28,800 --> 00:16:31,560 or using biometrics or platform authenticators 371 00:16:31,560 --> 00:16:32,640 on the end points. 372 00:16:34,200 --> 00:16:36,760 So those are some of the components, right? 373 00:16:36,760 --> 00:16:41,040 And then we talked about role-based access control. 374 00:16:41,040 --> 00:16:43,040 We'll talk about zero trust in the future, 375 00:16:43,040 --> 00:16:48,040 but we're really seeing a lot of focus 376 00:16:49,600 --> 00:16:52,800 on layering security on top of just MFA, 377 00:16:52,800 --> 00:16:56,600 in general. 378 00:16:56,600 --> 00:16:58,840 Of course you have the user directory, 379 00:16:58,840 --> 00:17:02,000 which is a key component, but for the security, 380 00:17:02,000 --> 00:17:06,640 you have the MFA, you have the single sign-on, right? 381 00:17:06,640 --> 00:17:09,160 So that's going to help with just the friction 382 00:17:09,160 --> 00:17:10,800 of users access and resources. 383 00:17:10,800 --> 00:17:13,400 And then that's going to help with security as well. 384 00:17:14,280 --> 00:17:18,200 So a lot of users are reusing passwords. 385 00:17:18,200 --> 00:17:23,000 You know, bad actors can go on the dark web, 386 00:17:23,000 --> 00:17:26,720 download a lot of passwords and do like credential stuffing 387 00:17:26,720 --> 00:17:28,440 or a lot of common attacks. 388 00:17:28,440 --> 00:17:32,000 So just having MFA in place on an account 389 00:17:32,000 --> 00:17:34,320 is going to stop that threat actor. 390 00:17:34,320 --> 00:17:36,520 And that's something that they're looking for today. 391 00:17:36,520 --> 00:17:37,600 They're just looking for accounts 392 00:17:37,600 --> 00:17:40,040 that don't have MFA protection, right? 393 00:17:40,040 --> 00:17:42,880 So they can bypass any security you have. 394 00:17:42,880 --> 00:17:45,720 But yeah, those are some of the things 395 00:17:45,720 --> 00:17:49,000 that we're seeing with our customers, right? 396 00:17:49,000 --> 00:17:53,080 Focusing on like public key cryptography 397 00:17:53,080 --> 00:17:56,720 with password lists and the biometrics, 398 00:17:56,720 --> 00:17:58,360 like I discussed earlier. 399 00:18:01,000 --> 00:18:03,080 No, I think at that MFA is just, 400 00:18:03,080 --> 00:18:06,840 when I talk to customers daily, 401 00:18:06,840 --> 00:18:10,440 that's one of the things I definitely make sure of, 402 00:18:10,440 --> 00:18:13,880 that MFA is there because it's just the low hanging fruit. 403 00:18:13,880 --> 00:18:17,600 It's like one of the easiest things to get in place 404 00:18:17,600 --> 00:18:19,840 and talk about bang for your buck. 405 00:18:19,840 --> 00:18:23,000 Like I think back about, was it two years ago, 406 00:18:23,000 --> 00:18:25,920 we had that colonial pipeline cyber attack. 407 00:18:26,800 --> 00:18:29,160 I mean, that costs like $5 million. 408 00:18:29,160 --> 00:18:30,880 And I remember just here in North Carolina, 409 00:18:30,880 --> 00:18:34,240 you couldn't get like gasoline for like two weeks 410 00:18:34,240 --> 00:18:35,080 because of that. 411 00:18:35,080 --> 00:18:40,080 And that was an absence of MFA on a VPN connection, 412 00:18:40,080 --> 00:18:44,320 something that was very easily preventable 413 00:18:44,320 --> 00:18:48,720 and pretty light investment to be proactive 414 00:18:48,720 --> 00:18:50,400 about your security there. 415 00:18:50,400 --> 00:18:53,720 Yeah, and I mean, that's a real world impact, right? 416 00:18:53,720 --> 00:18:56,080 We all consume those services. 417 00:18:56,080 --> 00:18:59,880 So security should be in the forefront. 418 00:18:59,880 --> 00:19:02,400 And like you said, I mean, that's just a simple check 419 00:19:02,400 --> 00:19:05,960 that could have been added, but it is easy to miss. 420 00:19:05,960 --> 00:19:10,960 Within like the average enterprise these days, 421 00:19:11,440 --> 00:19:14,560 it's not just one identity source, right? 422 00:19:14,560 --> 00:19:16,880 You could have a contractors coming in. 423 00:19:16,880 --> 00:19:19,120 It's not just gonna be just one active directory. 424 00:19:19,120 --> 00:19:23,880 So the combination of something like duo with ICE, right? 425 00:19:23,880 --> 00:19:25,880 Locking down the network as well. 426 00:19:25,880 --> 00:19:29,400 So you can prevent some lateral movement. 427 00:19:29,400 --> 00:19:32,560 Definitely a defense in depth type of conversation 428 00:19:32,560 --> 00:19:35,360 is needed, but having MFA 429 00:19:35,360 --> 00:19:37,520 is definitely gonna shut the door 430 00:19:37,520 --> 00:19:38,920 that first access attempt. 431 00:19:39,920 --> 00:19:42,120 Sam, I think you're hitting it right on the head. 432 00:19:42,120 --> 00:19:44,880 If we look back at a lot of the attacks 433 00:19:44,880 --> 00:19:48,640 that have been happening over the last five years, really, 434 00:19:48,640 --> 00:19:52,040 well, you had the target, you've had, I mean, not Pegasus, 435 00:19:52,040 --> 00:19:55,560 but you've had really below is the Home Depot, 436 00:19:55,560 --> 00:19:57,320 all of these different attacks that have come in 437 00:19:57,320 --> 00:19:59,840 and it's always been user phishing. 438 00:19:59,840 --> 00:20:04,160 So getting access into contractor devices coming in, 439 00:20:04,160 --> 00:20:05,840 getting their VPN access, 440 00:20:05,840 --> 00:20:08,160 getting just their username, passwords, 441 00:20:08,160 --> 00:20:10,320 whether they're doing a SIM swap 442 00:20:10,320 --> 00:20:11,440 or anything along those lines, 443 00:20:11,440 --> 00:20:13,440 being able to really go into that. 444 00:20:13,440 --> 00:20:15,120 And that's where multifactor authentication 445 00:20:15,120 --> 00:20:16,720 is really gonna come in to protect. 446 00:20:16,720 --> 00:20:19,280 Again, it doesn't have to be SMS. 447 00:20:19,280 --> 00:20:22,480 A lot of us don't suggest even do SMS anymore. 448 00:20:22,480 --> 00:20:23,800 Let's switch over to biometrics. 449 00:20:23,800 --> 00:20:26,240 Let's switch over to pen and cat cards. 450 00:20:26,240 --> 00:20:29,640 Let's switch over to something that is more secure, 451 00:20:29,640 --> 00:20:32,480 more central to your location. 452 00:20:32,480 --> 00:20:34,280 And I'm sure we'll talk about it more, 453 00:20:34,280 --> 00:20:39,280 but if we look at the notification alert drag, 454 00:20:39,920 --> 00:20:41,000 that's kind of out there, 455 00:20:41,000 --> 00:20:43,600 everyone's getting so used to seeing those notifications, 456 00:20:43,600 --> 00:20:45,880 they just click approve and move on. 457 00:20:45,880 --> 00:20:47,840 It's all these different things that are, 458 00:20:47,840 --> 00:20:49,360 it's just hitting us all at once. 459 00:20:49,360 --> 00:20:51,880 So multifactor authentication is gonna be a big one 460 00:20:51,880 --> 00:20:54,600 to really hit that low hanging fruit, as you said, Mike. 461 00:20:54,600 --> 00:20:55,920 Yeah. 462 00:20:55,920 --> 00:20:59,840 We got a live question that just came in. 463 00:20:59,840 --> 00:21:00,680 Sorry, Andres. 464 00:21:00,680 --> 00:21:03,400 Next question, and this one's gonna be for you, John, 465 00:21:03,400 --> 00:21:06,160 hearing a lot from the customers that I talk to 466 00:21:06,160 --> 00:21:09,560 in a daily basis about a NAC solution, 467 00:21:09,560 --> 00:21:11,240 network access control. 468 00:21:11,240 --> 00:21:15,000 And it's getting more and more and more attention. 469 00:21:15,000 --> 00:21:17,520 And I see a lot of customers coming in and saying, 470 00:21:17,520 --> 00:21:21,520 hey, we need NAC, but what can you tell us 471 00:21:21,520 --> 00:21:25,160 a little bit about that if you can share some info? 472 00:21:25,160 --> 00:21:26,800 John, I can just see you smiling, 473 00:21:26,800 --> 00:21:29,840 getting excited as that question was being asked. 474 00:21:29,840 --> 00:21:31,400 Yeah, I mean, I've been dealing with NAC 475 00:21:31,400 --> 00:21:34,800 for my entire tenure here at Cisco. 476 00:21:36,160 --> 00:21:39,880 Network access control, that's really where ICE and ACS 477 00:21:39,880 --> 00:21:44,120 has lived, but it's been around much further than that. 478 00:21:44,120 --> 00:21:46,120 So if we look back into the olden days, 479 00:21:46,120 --> 00:21:48,520 and we look at port security and sticky Macs, 480 00:21:48,520 --> 00:21:52,320 that's where NAC control really started. 481 00:21:52,320 --> 00:21:54,920 How do we limit who comes into it? 482 00:21:54,920 --> 00:21:59,920 With the introduction and the adoption of laptops 483 00:22:00,160 --> 00:22:03,800 and phones and movement and VPN and blah, blah, blah, 484 00:22:03,800 --> 00:22:06,720 wireless is gonna be a big one that comes to it as well. 485 00:22:06,720 --> 00:22:11,240 Basically, users aren't sitting with a desktop 486 00:22:11,240 --> 00:22:13,600 at the same desk every single day. 487 00:22:13,600 --> 00:22:15,200 I mean, they may still come into the same desk, 488 00:22:15,200 --> 00:22:16,680 but they're still getting up, they're moving around, 489 00:22:16,680 --> 00:22:20,320 they're using wireless, they're switching ports. 490 00:22:20,320 --> 00:22:23,160 NAC now is a dynamic functionality. 491 00:22:23,160 --> 00:22:27,480 So you might say you come in, you plugged in 492 00:22:27,480 --> 00:22:30,440 to your standard desk, you work for the morning, 493 00:22:30,440 --> 00:22:33,000 and then you get up and you wanna go home 494 00:22:33,000 --> 00:22:35,280 and work remotely for the rest of it. 495 00:22:35,280 --> 00:22:39,200 How do we make sure that your same access is done? 496 00:22:39,200 --> 00:22:41,280 And that's where NAC is really gonna come in. 497 00:22:41,280 --> 00:22:43,080 It is the authentication of the users, 498 00:22:43,080 --> 00:22:45,400 it's the authentication of the machines, 499 00:22:45,400 --> 00:22:48,000 and then we're also gonna give the authorization. 500 00:22:48,000 --> 00:22:51,000 So I do like to put out there that we're not looking 501 00:22:51,000 --> 00:22:53,320 at just users out there. 502 00:22:53,320 --> 00:22:55,120 We want to know what machines, 503 00:22:55,120 --> 00:22:57,640 that's where our compliance piece is gonna come in, 504 00:22:57,640 --> 00:23:00,360 that's where posture is gonna really, really weigh in 505 00:23:00,360 --> 00:23:02,880 of what antivirus is running on your system, 506 00:23:02,880 --> 00:23:06,120 is your system up to date, is it patched? 507 00:23:06,120 --> 00:23:08,960 Do you have a specific file or registry setting? 508 00:23:09,840 --> 00:23:12,360 One of my favorite things is there a USB plugged 509 00:23:12,360 --> 00:23:15,440 into your machine that's not supposed to be there. 510 00:23:15,440 --> 00:23:17,760 Whether or not that endpoint is gonna be vulnerable 511 00:23:17,760 --> 00:23:21,680 is a big piece of when it comes to NAC control. 512 00:23:21,680 --> 00:23:24,520 So it is something that's been around for a long time, 513 00:23:24,520 --> 00:23:26,440 but the way that we've made it dynamic, 514 00:23:26,440 --> 00:23:29,400 the way that just users keep moving 515 00:23:29,400 --> 00:23:31,800 changes that front for us. 516 00:23:31,800 --> 00:23:33,680 Of course, we always wanna look at it 517 00:23:33,680 --> 00:23:36,600 of what logs are going out there, what are people doing, 518 00:23:36,600 --> 00:23:40,760 where are they moving, where can we see things going through? 519 00:23:40,760 --> 00:23:43,360 But the most important that we're gonna go into 520 00:23:43,360 --> 00:23:46,960 is what devices are there and how can we prevent it? 521 00:23:46,960 --> 00:23:48,840 And I've used this example before, 522 00:23:48,840 --> 00:23:50,760 so anybody that's talked with me 523 00:23:50,760 --> 00:23:52,920 is that what device comes in, 524 00:23:52,920 --> 00:23:54,560 it doesn't matter who it's from. 525 00:23:54,560 --> 00:23:57,120 So say you have an executive that comes in, 526 00:23:57,120 --> 00:23:59,480 that they have access to your entire network 527 00:23:59,480 --> 00:24:02,600 at any given time, because that's what they require. 528 00:24:02,600 --> 00:24:03,920 Great, fantastic. 529 00:24:04,800 --> 00:24:07,160 Most people are gonna base that off the user, 530 00:24:07,160 --> 00:24:09,400 but what if they have an iPhone 531 00:24:09,400 --> 00:24:10,560 that comes into your environment? 532 00:24:10,560 --> 00:24:12,480 Sure, it could be on an MDM, 533 00:24:12,480 --> 00:24:14,040 it could have gone through the compliance checks 534 00:24:14,040 --> 00:24:16,880 off of an MDM that we can integrate with, 535 00:24:16,880 --> 00:24:18,840 they pass all their user information, 536 00:24:19,840 --> 00:24:22,280 but what if Pegasus got to them? 537 00:24:23,520 --> 00:24:25,360 That is where our profiles wanna come in. 538 00:24:25,360 --> 00:24:26,640 We can make sure that it is an iPhone, 539 00:24:26,640 --> 00:24:28,600 it's being checked the right way, 540 00:24:28,600 --> 00:24:31,760 we glean that information that's out there. 541 00:24:31,760 --> 00:24:33,960 We can validate that they are not vulnerable 542 00:24:33,960 --> 00:24:37,160 before they come onto the network with their own device. 543 00:24:37,160 --> 00:24:38,440 There's a lot of extra information 544 00:24:38,440 --> 00:24:40,840 that we can actually pull and push coming across it, 545 00:24:40,840 --> 00:24:43,440 but again, kind of circling back to the beginning, 546 00:24:43,440 --> 00:24:48,120 that control is what access are we giving at that port level, 547 00:24:48,120 --> 00:24:51,760 so at that access layer, and that can be limiting them, 548 00:24:51,760 --> 00:24:55,440 whether it's based off of VLANs, whether it's ACLs, 549 00:24:55,440 --> 00:25:00,040 or TrustSec, so security group tags or scalable group tags, 550 00:25:00,040 --> 00:25:01,680 whatever we're calling them nowadays, 551 00:25:01,680 --> 00:25:03,680 that are going to go through the entire network 552 00:25:03,680 --> 00:25:05,640 to be able to protect everything down. 553 00:25:06,800 --> 00:25:10,840 Yeah, and that part of AAA, the authorization, 554 00:25:10,840 --> 00:25:12,520 I know we were talking about the other day, 555 00:25:12,520 --> 00:25:14,520 it's probably the most fun of it, 556 00:25:14,520 --> 00:25:17,680 like when you're implementing some security there, 557 00:25:17,680 --> 00:25:20,960 that you can take advantage of those ACLs, 558 00:25:20,960 --> 00:25:24,920 those dynamic VLANs, the security, 559 00:25:24,920 --> 00:25:27,760 so it just makes a lot of sense 560 00:25:27,760 --> 00:25:29,840 when you start working with that. 561 00:25:30,880 --> 00:25:33,560 It is always fun being able to block somebody 562 00:25:33,560 --> 00:25:36,080 and then showing them why they're blocked. 563 00:25:36,080 --> 00:25:38,240 That is always gonna be the most fun, 564 00:25:38,240 --> 00:25:40,440 but to add onto that authorization side, 565 00:25:40,440 --> 00:25:44,680 I kind of mentioned at the end, the security group tags, 566 00:25:44,680 --> 00:25:47,520 so they get put onto the port, 567 00:25:47,520 --> 00:25:51,240 but it can be enforced anywhere within your network, 568 00:25:51,240 --> 00:25:53,560 so it can be dropped off to the firewall, 569 00:25:53,560 --> 00:25:55,680 it can be dropped off to secure workload, 570 00:25:55,680 --> 00:25:57,960 if you want to add the visibility functionality to it, 571 00:25:57,960 --> 00:26:01,200 secure network analytics, it's gonna follow that packet, 572 00:26:01,200 --> 00:26:04,840 so the fun work for me is going to start 573 00:26:04,840 --> 00:26:07,960 really coming down to, I put you onto the network, 574 00:26:07,960 --> 00:26:10,880 I gave you layer two access to be able to see some things, 575 00:26:10,880 --> 00:26:13,280 but you hit my firewall, and I want to make sure 576 00:26:13,280 --> 00:26:14,720 my firewall is blocking everything 577 00:26:14,720 --> 00:26:16,440 that isn't supposed to be out there, 578 00:26:16,440 --> 00:26:18,720 and that simple integration between ICE 579 00:26:18,720 --> 00:26:20,760 and our secure firewall is able to see 580 00:26:20,760 --> 00:26:22,280 those security group tags, 581 00:26:22,280 --> 00:26:25,440 and then really just lock everything down. 582 00:26:25,440 --> 00:26:26,640 They're network agnostic, 583 00:26:26,640 --> 00:26:28,240 so now I don't have to worry about VLANs, 584 00:26:28,240 --> 00:26:31,800 I don't have to worry about changing my routing system, 585 00:26:31,800 --> 00:26:34,080 my routing tables, just to be able to add on 586 00:26:34,080 --> 00:26:36,640 a new VLAN in there or anything along those lines, 587 00:26:36,640 --> 00:26:38,080 just add somebody into the same network, 588 00:26:38,080 --> 00:26:41,640 give them a new tag, whether they even change positions 589 00:26:41,640 --> 00:26:44,280 in the same company, they get a quick tag change, 590 00:26:44,280 --> 00:26:47,600 and their whole access is now modified. 591 00:26:47,600 --> 00:26:48,440 Yeah. 592 00:26:49,840 --> 00:26:54,840 Before we go on to the next question I have for you, Sam, 593 00:26:54,880 --> 00:26:56,160 we did get a question in the chat, 594 00:26:56,160 --> 00:26:57,960 and I can actually take this one, 595 00:26:59,120 --> 00:27:02,200 regarding integrations that we have, 596 00:27:02,200 --> 00:27:04,720 and we were talking about the benefits of Cisco 597 00:27:04,720 --> 00:27:06,160 integrating with what we have. 598 00:27:06,160 --> 00:27:10,320 Roger had a good call out in the Q&A here about 599 00:27:11,520 --> 00:27:14,520 the cloud FMC, which is a newer offering, 600 00:27:14,520 --> 00:27:19,520 and how it does integrate, but has little bit differences 601 00:27:20,600 --> 00:27:24,840 in terms of a lack of logging compared to an on-prem FMC. 602 00:27:25,680 --> 00:27:28,360 So for that, and that is true, 603 00:27:28,360 --> 00:27:31,200 and you'll see that addressed in the near future, 604 00:27:31,200 --> 00:27:35,560 but in the meantime, you will always have the on-prem option 605 00:27:35,560 --> 00:27:39,400 in which, to be specific, you can run the on-prem FMC 606 00:27:39,400 --> 00:27:43,000 with your cloud FMC, and your cloud FMC 607 00:27:43,000 --> 00:27:45,320 do the deployment and management. 608 00:27:45,320 --> 00:27:48,080 Your on-prem FMC can still remain there, 609 00:27:48,080 --> 00:27:49,240 and will do all the logging, 610 00:27:49,240 --> 00:27:52,640 so you won't actually have any loss of logs. 611 00:27:52,640 --> 00:27:55,920 But a great call out I wanna do, bring that one up. 612 00:27:55,920 --> 00:27:57,200 Thank you again for this. 613 00:27:57,200 --> 00:27:59,480 It's not limited to just like the on-prem FMC, 614 00:27:59,480 --> 00:28:02,760 we also have FDM that's gonna be on-prem and on-box. 615 00:28:02,760 --> 00:28:03,760 Yeah. 616 00:28:03,760 --> 00:28:05,240 So we have a lot of different options 617 00:28:05,240 --> 00:28:06,080 that are coming out there. 618 00:28:06,080 --> 00:28:09,560 So while Cisco is moving a lot to the cloud, 619 00:28:09,560 --> 00:28:12,840 and I speak to this specifically because I do support DoD. 620 00:28:12,840 --> 00:28:15,680 DoD's not allowed to touch cloud 90% of the time. 621 00:28:16,560 --> 00:28:20,360 So the on-prem functionalities aren't going away. 622 00:28:20,360 --> 00:28:22,760 Our air gap pieces are still remaining there. 623 00:28:22,760 --> 00:28:26,720 So we have FDM, we have FMC, those integrations are there. 624 00:28:26,720 --> 00:28:28,920 I'll be the first to admit, there are some issues 625 00:28:28,920 --> 00:28:31,720 when it comes to certain integrations 626 00:28:31,720 --> 00:28:33,440 when we have to run, say, FIPS mode, 627 00:28:33,440 --> 00:28:36,360 or compliance modes or anything along those lines. 628 00:28:36,360 --> 00:28:37,960 But there are pieces that we're working through, 629 00:28:37,960 --> 00:28:40,600 we're fixing, we're getting more and more pieces 630 00:28:40,600 --> 00:28:41,680 and parts coming. 631 00:28:41,680 --> 00:28:44,280 So if we watch our FMC, we watch our FDM, 632 00:28:44,280 --> 00:28:46,240 it's just getting bigger and bigger. 633 00:28:46,240 --> 00:28:47,760 So keep an eye into it. 634 00:28:47,760 --> 00:28:50,200 Our on-prem stuff will not go away. 635 00:28:50,200 --> 00:28:52,800 We're just adding more functionality to it 636 00:28:52,800 --> 00:28:54,800 as we're really looking through. 637 00:28:54,800 --> 00:28:56,320 Perfect, thank you for that, John. 638 00:28:56,320 --> 00:28:58,080 Appreciate the question, Roger. 639 00:28:58,080 --> 00:29:00,120 John, what is, we get a lot of confusion 640 00:29:00,120 --> 00:29:04,080 with like profiling versus posturing, 641 00:29:04,080 --> 00:29:06,280 especially when it comes to something like Cisco ICE. 642 00:29:06,280 --> 00:29:08,760 Can you just briefly differentiate that? 643 00:29:09,880 --> 00:29:11,520 Briefly is gonna be the challenge. 644 00:29:11,520 --> 00:29:16,520 So profiling is one of my favorite parts 645 00:29:16,680 --> 00:29:18,480 when it comes to ICE. 646 00:29:18,480 --> 00:29:20,680 And it's really not limited to just ICE, 647 00:29:20,680 --> 00:29:23,000 Duo can do some of it as well. 648 00:29:23,000 --> 00:29:26,000 But it is gleaning information from the network 649 00:29:26,000 --> 00:29:30,640 that's already there to see what that specific device is. 650 00:29:30,640 --> 00:29:33,120 And also this is the most terrifying part 651 00:29:33,120 --> 00:29:34,480 when it comes to all of it. 652 00:29:34,480 --> 00:29:36,760 We're not asking for anything extra from a device. 653 00:29:36,760 --> 00:29:40,240 We're not asking you to put an agent onto your machine 654 00:29:40,240 --> 00:29:43,240 for us to be able to see, again, if it's an iPhone, 655 00:29:43,240 --> 00:29:45,640 is it a Samsung or anything along those lines. 656 00:29:45,640 --> 00:29:48,680 We're able to gank the information from packets 657 00:29:48,680 --> 00:29:50,160 that are already there. 658 00:29:50,160 --> 00:29:53,960 So whether we're looking at CDP, LLDP information, 659 00:29:53,960 --> 00:29:58,520 we're looking at DHCP, Dora requests. 660 00:29:58,520 --> 00:30:01,000 So we're gonna discover the requests, 661 00:30:01,000 --> 00:30:04,680 HTTP packets with the user agent string inside of it. 662 00:30:04,680 --> 00:30:06,920 We can see say a Windows XP device 663 00:30:06,920 --> 00:30:09,080 is running in your environment. 664 00:30:09,080 --> 00:30:11,120 A lot of customers in their IT are gonna say, 665 00:30:11,120 --> 00:30:13,320 no, that's not possible, we don't have it. 666 00:30:13,320 --> 00:30:15,280 I've proven many, many wrong before. 667 00:30:16,760 --> 00:30:18,600 Simply based off of the profiling, 668 00:30:18,600 --> 00:30:21,200 it's a checkbox to be able to turn it on. 669 00:30:21,200 --> 00:30:23,600 On the other hand, posturing, that's our compliance side. 670 00:30:23,600 --> 00:30:27,000 That is to make sure that inside the system, 671 00:30:27,000 --> 00:30:29,160 the actual software that's running on the system 672 00:30:29,160 --> 00:30:30,160 is up to date. 673 00:30:30,160 --> 00:30:33,960 So if we're looking at specifically Windows, 674 00:30:33,960 --> 00:30:35,240 are your patches up to date? 675 00:30:35,240 --> 00:30:38,720 Does that box need to reach out to SCCM? 676 00:30:38,720 --> 00:30:39,880 We've said it many times before, 677 00:30:39,880 --> 00:30:43,240 users are the number one way into a network. 678 00:30:43,240 --> 00:30:46,400 Easiest way that users are gonna be out there is, 679 00:30:46,400 --> 00:30:49,560 hey, I've got a Windows update, defer. 680 00:30:49,560 --> 00:30:51,520 I've deferred it now for a week. 681 00:30:51,520 --> 00:30:53,920 I'll admit, I'm to blame as well. 682 00:30:53,920 --> 00:30:56,480 I've got an update sitting on my machine 683 00:30:56,480 --> 00:30:59,080 that's ready to go right after this call. 684 00:31:00,080 --> 00:31:01,440 But that is now a vulnerability 685 00:31:01,440 --> 00:31:02,640 that could come into the system. 686 00:31:02,640 --> 00:31:04,600 Posture is gonna be that piece that makes sure of, 687 00:31:04,600 --> 00:31:07,240 hey, you have a vulnerability there. 688 00:31:08,120 --> 00:31:10,960 We're going to patch this before you're even allowed 689 00:31:10,960 --> 00:31:12,040 onto the system. 690 00:31:12,040 --> 00:31:15,240 Or your antivirus is out of date by five days. 691 00:31:15,240 --> 00:31:17,680 Or you don't have a specific registry on there. 692 00:31:17,680 --> 00:31:19,320 So I don't know if you're actually a machine 693 00:31:19,320 --> 00:31:21,360 that we can control or somebody else has gotten it 694 00:31:21,360 --> 00:31:22,280 into it. 695 00:31:22,280 --> 00:31:23,680 A lot of different pieces and parts 696 00:31:23,680 --> 00:31:24,720 that we can look into it. 697 00:31:24,720 --> 00:31:27,280 And then the remediation side of it. 698 00:31:27,280 --> 00:31:29,880 Not only are we looking, but if we are running our agent, 699 00:31:29,880 --> 00:31:32,840 we can now fix it as well for a lot of things. 700 00:31:32,840 --> 00:31:34,320 Not everything, but a lot of things 701 00:31:34,320 --> 00:31:35,520 that are gonna be out there. 702 00:31:35,520 --> 00:31:38,640 So short profiling is what the device is. 703 00:31:38,640 --> 00:31:40,760 Posture is what is running on that device. 704 00:31:41,760 --> 00:31:42,600 Excellent. 705 00:31:42,600 --> 00:31:43,440 Great answer. 706 00:31:44,480 --> 00:31:46,840 Next question, Sam. 707 00:31:46,840 --> 00:31:49,600 We talked about MFA. 708 00:31:49,600 --> 00:31:54,440 Beyond MFA though, can you tell me what we see 709 00:31:54,440 --> 00:31:55,760 a lot of literature about? 710 00:31:55,760 --> 00:32:00,760 We call it what adaptive risk-based security 711 00:32:00,920 --> 00:32:03,200 or dynamic risk adjustment. 712 00:32:03,200 --> 00:32:05,760 We see this in Cisco Duo a lot. 713 00:32:05,760 --> 00:32:08,040 Maybe Cisco ICE with PX grid. 714 00:32:08,040 --> 00:32:10,760 Can you touch on this risk-based authentication 715 00:32:10,760 --> 00:32:11,720 a little bit? 716 00:32:15,240 --> 00:32:18,920 Yeah, so the risk-based authentication 717 00:32:18,920 --> 00:32:23,920 is gonna really take in authentication behavior 718 00:32:24,000 --> 00:32:27,160 from a user over a certain period of time. 719 00:32:27,160 --> 00:32:30,680 And then we'll combine that with a lot of known 720 00:32:30,680 --> 00:32:35,080 threat vectors, understanding if a user has 721 00:32:35,080 --> 00:32:40,080 like impossible travel or maybe there's like a ASN mismatch 722 00:32:42,400 --> 00:32:43,240 for BGP. 723 00:32:43,240 --> 00:32:47,640 So on the backend, Duo is monitoring authentications, 724 00:32:47,640 --> 00:32:49,520 looking at the history for that user, 725 00:32:49,520 --> 00:32:51,160 the devices they're coming in. 726 00:32:52,120 --> 00:32:56,640 And then if anything changes, we're able to adjust 727 00:32:58,240 --> 00:33:01,040 which authentication method that user can use. 728 00:33:01,040 --> 00:33:03,480 So instead of being able to use SMS, 729 00:33:03,480 --> 00:33:07,480 we've determined this is a riskier authentication request. 730 00:33:07,480 --> 00:33:09,240 So you have to use a biometric 731 00:33:09,240 --> 00:33:11,120 or you have to use a security key. 732 00:33:11,120 --> 00:33:13,600 So that's just one part of it. 733 00:33:13,600 --> 00:33:17,440 Within Duo, we also offer remembered devices. 734 00:33:17,440 --> 00:33:19,680 And that's gonna help with the usability 735 00:33:19,680 --> 00:33:21,880 for users access to resources 736 00:33:21,880 --> 00:33:24,120 and not having to authenticate a lot. 737 00:33:24,120 --> 00:33:28,480 But maybe that user has already authenticated, 738 00:33:28,480 --> 00:33:30,880 they have a remembered session, 739 00:33:30,880 --> 00:33:34,400 but then they go to access another resource 740 00:33:34,400 --> 00:33:37,080 and something's changed on their machine, right? 741 00:33:37,080 --> 00:33:42,080 The posture's changed or the wifi fingerprint 742 00:33:42,080 --> 00:33:44,400 has changed, right? 743 00:33:44,400 --> 00:33:48,840 The list of wifi SSIDs around them has changed. 744 00:33:48,840 --> 00:33:53,840 Then we can adjust that remembered device session 745 00:33:55,240 --> 00:33:57,880 and make that user authenticate again, right? 746 00:33:57,880 --> 00:34:01,040 So we can determine if they're changing locations. 747 00:34:01,040 --> 00:34:03,540 There are a lot of different risk signals 748 00:34:03,540 --> 00:34:05,900 that go into the risk-based authentication. 749 00:34:06,920 --> 00:34:10,160 But another thing we've added is like a verified push, right? 750 00:34:10,160 --> 00:34:12,480 So- I wanted to ask you about that 751 00:34:12,480 --> 00:34:14,640 because yeah, I think that's a big one. 752 00:34:14,640 --> 00:34:18,320 Yeah, so I think John was talking about that earlier. 753 00:34:18,320 --> 00:34:21,280 A user, for example, users at dinner, 754 00:34:21,280 --> 00:34:23,620 they're getting a bunch of push requests 755 00:34:23,620 --> 00:34:25,680 to their smartphone, right? 756 00:34:25,680 --> 00:34:27,720 Maybe they might just approve that request 757 00:34:27,720 --> 00:34:29,020 and that attacker is in. 758 00:34:30,060 --> 00:34:32,920 So for push harassment, push fatigue, 759 00:34:32,920 --> 00:34:34,800 we've added our verified push. 760 00:34:34,800 --> 00:34:38,960 So now if an attacker does compromise that first factor, 761 00:34:38,960 --> 00:34:41,860 that username and password, and they're at that application, 762 00:34:43,640 --> 00:34:47,800 now they're gonna see a screen where it has a four digit 763 00:34:47,800 --> 00:34:50,680 or up to six digits where they're gonna have to put 764 00:34:50,680 --> 00:34:53,360 that code in on the smartphone. 765 00:34:53,360 --> 00:34:56,160 Obviously they're not gonna have access to that smartphone. 766 00:34:56,160 --> 00:34:59,480 That end user at dinner is not gonna be 767 00:34:59,480 --> 00:35:00,480 at that browser session. 768 00:35:00,480 --> 00:35:02,640 So they're not gonna know what those codes are. 769 00:35:02,640 --> 00:35:06,580 So it's just a quick way to lock out that attacker, right? 770 00:35:06,580 --> 00:35:11,000 And then the user can alert the help desk 771 00:35:11,000 --> 00:35:14,640 that their primary, their username and password is compromised. 772 00:35:14,640 --> 00:35:19,560 So that's just one layer of security that Duo has added. 773 00:35:20,680 --> 00:35:22,120 But we also have device trust. 774 00:35:22,120 --> 00:35:25,640 So as John talked about, we can do profiling, 775 00:35:25,640 --> 00:35:26,880 we can do some posturing. 776 00:35:28,700 --> 00:35:30,800 We can look at the user agent string 777 00:35:30,800 --> 00:35:32,920 as a user goes to a web browser, right? 778 00:35:32,920 --> 00:35:35,440 So we can see like the operating system, 779 00:35:35,440 --> 00:35:39,720 some of those attributes, but we also have a Duo desktop, 780 00:35:39,720 --> 00:35:42,320 which is a piece of software that sits 781 00:35:42,320 --> 00:35:44,180 on the operating system. 782 00:35:44,180 --> 00:35:48,200 And we can look at, is the disk encryption on 783 00:35:48,200 --> 00:35:49,160 on this machine? 784 00:35:49,160 --> 00:35:52,600 If you have a EDR running, right? 785 00:35:52,600 --> 00:35:55,840 It's not just a Cisco secure endpoint, 786 00:35:55,840 --> 00:36:00,000 it can be a competitor's endpoint. 787 00:36:00,000 --> 00:36:02,100 We can make sure that that's running at the time of off, 788 00:36:02,100 --> 00:36:06,120 we can make sure the local firewall is on, right? 789 00:36:06,120 --> 00:36:08,120 There's a lot of different controls. 790 00:36:08,120 --> 00:36:12,440 So if you wanna start blocking based on operating systems 791 00:36:12,440 --> 00:36:16,360 and browsers and things like that, we have those controls, 792 00:36:16,360 --> 00:36:18,920 but also that Duo desktop will allow you to do 793 00:36:22,600 --> 00:36:26,720 access based on corporate versus non-corporate devices. 794 00:36:26,720 --> 00:36:31,480 So we can report back to Duo that machine identifier 795 00:36:31,480 --> 00:36:33,760 for that computer. 796 00:36:33,760 --> 00:36:35,880 So as a user goes to access a resource, right? 797 00:36:35,880 --> 00:36:38,560 We can look to make sure their domain joint, right? 798 00:36:38,560 --> 00:36:40,680 Looking at the security identifier field 799 00:36:40,680 --> 00:36:44,600 from Active Directory, we can tie in with a Google workspace, 800 00:36:44,600 --> 00:36:47,520 we can tie in with another MDM, right? 801 00:36:47,520 --> 00:36:50,040 And check with that MDM to make sure that this is 802 00:36:51,480 --> 00:36:54,100 a device we recognize before we give access. 803 00:36:55,300 --> 00:36:57,040 So there are a lot of security controls 804 00:36:57,040 --> 00:36:59,180 on top of that initial MFA. 805 00:36:59,180 --> 00:37:02,580 So long one answer, so hopefully that answers. 806 00:37:02,580 --> 00:37:04,460 No, that's great. 807 00:37:04,460 --> 00:37:06,340 I just think that that verified push 808 00:37:06,340 --> 00:37:11,340 is just such a simple way to prevent that MFA push fatigue. 809 00:37:11,580 --> 00:37:13,020 Thank you for that, Sam. 810 00:37:14,180 --> 00:37:15,000 Quick time check. 811 00:37:15,000 --> 00:37:17,760 So we've got about six minutes left. 812 00:37:17,760 --> 00:37:21,260 Still got some good questions here we wanna ask. 813 00:37:21,260 --> 00:37:25,220 We'll have to maybe keep it to just 60 seconds or less 814 00:37:25,220 --> 00:37:28,180 for the next questions coming up here, 815 00:37:28,180 --> 00:37:31,260 because gotta leave some time for the dad jokes. 816 00:37:31,260 --> 00:37:33,580 That is the important part of this show. 817 00:37:35,540 --> 00:37:37,860 All right, I do have the next question. 818 00:37:37,860 --> 00:37:40,700 This one is really nice. 819 00:37:40,700 --> 00:37:44,300 I get asked this one a lot of the times 820 00:37:44,300 --> 00:37:46,340 in probably you guys too, 821 00:37:46,340 --> 00:37:49,140 but when it comes to Cisco Ice versus Duo, 822 00:37:49,140 --> 00:37:50,380 which one we pick? 823 00:37:50,380 --> 00:37:51,780 Is that a thing? 824 00:37:51,780 --> 00:37:52,980 Is... 825 00:37:52,980 --> 00:37:54,780 Oh man, let the battle begin. 826 00:37:54,780 --> 00:37:59,780 So I'll admit when I first saw Duo when Cisco acquired it, 827 00:38:03,780 --> 00:38:06,420 I was against it in full. 828 00:38:06,420 --> 00:38:08,620 Again, full Ice background 829 00:38:08,620 --> 00:38:11,840 and stayed solid with it for many years. 830 00:38:12,780 --> 00:38:15,100 But really they have two different spots. 831 00:38:15,100 --> 00:38:18,360 Duo is looking more at the application access side of things, 832 00:38:18,360 --> 00:38:20,340 as well as doing multifactor authentication 833 00:38:20,340 --> 00:38:21,580 and so on and so forth. 834 00:38:21,580 --> 00:38:23,120 Ice is going to be that linchpin 835 00:38:23,120 --> 00:38:24,780 that's in the middle of your network. 836 00:38:24,780 --> 00:38:27,580 So as network access pieces are coming in, 837 00:38:27,580 --> 00:38:29,620 as people are hitting VPN, 838 00:38:29,620 --> 00:38:31,780 switching or wired and wireless, 839 00:38:31,780 --> 00:38:34,420 that is where Ice is going to shine. 840 00:38:34,420 --> 00:38:36,260 The two complement each other. 841 00:38:36,260 --> 00:38:38,540 So you can utilize Duo 842 00:38:38,540 --> 00:38:41,500 as the multifactor authentication behind Ice. 843 00:38:41,500 --> 00:38:43,860 There is a new integration with it. 844 00:38:43,860 --> 00:38:46,180 Now we're kind of getting rid of some of the old pieces 845 00:38:46,180 --> 00:38:49,060 at utilizing the APIs that we talked about earlier 846 00:38:49,060 --> 00:38:52,460 to really get that Ice and Duo story together 847 00:38:52,460 --> 00:38:55,460 so they can work together to be as solid as possible. 848 00:38:55,460 --> 00:38:57,620 But in reality, both of them are necessary 849 00:38:57,620 --> 00:39:00,100 for two different spots within the network. 850 00:39:00,100 --> 00:39:02,240 As we kind of mentioned earlier, it's a solution. 851 00:39:02,240 --> 00:39:03,660 It's not a single product. 852 00:39:03,660 --> 00:39:05,660 And both sides are going to give you 853 00:39:05,660 --> 00:39:07,340 different parts of visibility 854 00:39:07,340 --> 00:39:09,500 that we're really going to be looking for. 855 00:39:09,500 --> 00:39:10,320 Excellent. 856 00:39:10,320 --> 00:39:12,340 And they do integrate together as well 857 00:39:12,340 --> 00:39:14,020 as we kind of touched on earlier. 858 00:39:14,900 --> 00:39:16,900 Sam, I'm going to give you this question 859 00:39:16,900 --> 00:39:19,700 that just came in on the live chat here 860 00:39:19,700 --> 00:39:21,340 because I think it'll line up 861 00:39:21,340 --> 00:39:23,700 with what I was essentially going to ask anyway. 862 00:39:23,700 --> 00:39:26,020 But I'll just read this off from Ferdinand here. 863 00:39:26,020 --> 00:39:30,480 So for a company just starting a zero trust journey, 864 00:39:30,480 --> 00:39:33,260 what are the initial steps they should take 865 00:39:33,260 --> 00:39:37,460 to effectively implement zero trust? 866 00:39:37,460 --> 00:39:41,020 Any common challenges you'd want to call out? 867 00:39:41,020 --> 00:39:43,620 Anything they want to do to prepare for that? 868 00:39:43,620 --> 00:39:46,060 And again, maybe about 60 seconds or so. 869 00:39:46,060 --> 00:39:46,900 Oh yeah, yeah. 870 00:39:46,900 --> 00:39:48,900 Yeah, so visibility is going to be key. 871 00:39:48,900 --> 00:39:52,260 So you want to make sure that you have a good grasp 872 00:39:52,260 --> 00:39:54,220 of what's running in your environment, 873 00:39:54,220 --> 00:39:57,500 what type of applications users are trying to access. 874 00:39:57,500 --> 00:39:59,740 And then you really want to look at the business 875 00:39:59,740 --> 00:40:03,140 and the compliance requirements for your organization. 876 00:40:03,140 --> 00:40:07,100 So breaking down the assets that you have 877 00:40:07,100 --> 00:40:08,420 and then understanding, 878 00:40:09,580 --> 00:40:14,020 are there some compliance standards that we have to abide by? 879 00:40:14,860 --> 00:40:18,460 That's going to help you roll out your policy first. 880 00:40:18,460 --> 00:40:20,180 You get visibility and then you want to start 881 00:40:20,180 --> 00:40:21,400 building your policies. 882 00:40:22,540 --> 00:40:24,260 Then understanding which type of endpoints 883 00:40:24,260 --> 00:40:29,060 are on the network as well is going to allow you to say, 884 00:40:29,060 --> 00:40:31,820 for this application, you have to be using 885 00:40:31,820 --> 00:40:34,540 this sanctioned device, right? 886 00:40:34,540 --> 00:40:37,720 So you can't get to that point until you have visibility. 887 00:40:38,720 --> 00:40:42,320 So definitely the first step is going to be do a review 888 00:40:42,320 --> 00:40:44,260 of your compliance requirements, 889 00:40:44,260 --> 00:40:46,340 get visibility into your network. 890 00:40:46,340 --> 00:40:50,620 And you can do a lot of that with Duo and ICE. 891 00:40:50,620 --> 00:40:53,660 So ICE you can utilize like monitor only mode, 892 00:40:54,820 --> 00:40:57,260 and start seeing what devices are attempting 893 00:40:57,260 --> 00:40:59,300 to authenticate on the network. 894 00:40:59,300 --> 00:41:01,940 And then you can start building policies from there. 895 00:41:01,940 --> 00:41:02,780 That's great, Sam. 896 00:41:02,780 --> 00:41:06,100 I think the visibility call out upfront is really important. 897 00:41:06,100 --> 00:41:08,980 And it's interesting that Duo and ICE 898 00:41:08,980 --> 00:41:10,700 both give you that visibility 899 00:41:10,700 --> 00:41:13,060 to kind of help you build that inventory. 900 00:41:13,060 --> 00:41:14,780 John, you talked about device profiling, 901 00:41:14,780 --> 00:41:17,220 so we're able to see what is on the network. 902 00:41:17,220 --> 00:41:20,940 And Sam, you talked about Duo having that same capability 903 00:41:20,940 --> 00:41:22,540 to see kind of what operating systems. 904 00:41:22,540 --> 00:41:26,500 So we can find those old XP devices that you mentioned, 905 00:41:26,500 --> 00:41:28,460 which we know are out there. 906 00:41:28,460 --> 00:41:29,980 Yeah. Yeah. 907 00:41:29,980 --> 00:41:31,780 We've seen them. 908 00:41:31,780 --> 00:41:34,700 All right, I do have the last question. 909 00:41:34,700 --> 00:41:36,780 This one's going to be around zero trust. 910 00:41:36,780 --> 00:41:41,180 And again, we're bringing another buzz word into the mix, 911 00:41:41,180 --> 00:41:44,260 but we hear about it, we think we understand, 912 00:41:44,260 --> 00:41:45,100 we know about it. 913 00:41:45,100 --> 00:41:47,580 And if you don't mind, John, 914 00:41:47,580 --> 00:41:50,500 going over a little bit of what is the strategy, 915 00:41:50,500 --> 00:41:53,140 for example, the take from Cisco standpoint, 916 00:41:53,140 --> 00:41:58,140 what do we use to tackle zero trust? 917 00:41:58,300 --> 00:41:59,900 Yeah, I know we're up against a time wall, 918 00:41:59,900 --> 00:42:02,740 so I'll do this as quick as I can. 919 00:42:02,740 --> 00:42:04,180 Zero trust is exactly that. 920 00:42:04,180 --> 00:42:07,020 It is no trust to anything or everything 921 00:42:07,020 --> 00:42:08,740 that comes through your network. 922 00:42:08,740 --> 00:42:10,980 But it's not, but if you think of your network, 923 00:42:10,980 --> 00:42:12,860 you have multiple areas of it. 924 00:42:12,860 --> 00:42:16,340 So we kind of split that out within Cisco of our workforce. 925 00:42:16,340 --> 00:42:17,500 So those are the users, 926 00:42:17,500 --> 00:42:19,900 the devices that are going to be out there. 927 00:42:19,900 --> 00:42:21,860 The workplace, that's going to be your network, 928 00:42:21,860 --> 00:42:24,740 and then the workload, your data center, your cloud. 929 00:42:24,740 --> 00:42:27,060 We have different pieces and parts across all of that. 930 00:42:27,060 --> 00:42:28,340 Of course, your workforce, 931 00:42:28,340 --> 00:42:31,060 we're going to be protecting that with Duo specifically. 932 00:42:31,060 --> 00:42:33,060 So what users are logging in? 933 00:42:33,060 --> 00:42:34,500 Can we do that MFA? 934 00:42:34,500 --> 00:42:36,020 Can we double check all of that? 935 00:42:36,020 --> 00:42:38,580 Of course, device insights for posture and all of that. 936 00:42:38,580 --> 00:42:42,060 The workplace, we're going to wrap ICE into that one. 937 00:42:42,060 --> 00:42:44,980 That is making sure that the pieces and parts 938 00:42:44,980 --> 00:42:45,820 that are coming in, 939 00:42:45,820 --> 00:42:48,060 we're confirming them off the workforce. 940 00:42:48,060 --> 00:42:49,820 We're kind of overlapping a little bit with ICE 941 00:42:49,820 --> 00:42:51,140 when it comes to posture, profile, 942 00:42:51,140 --> 00:42:53,140 and make sure those right pieces are coming in, 943 00:42:53,140 --> 00:42:54,540 working with Duo, 944 00:42:54,540 --> 00:42:57,980 or we're protecting their network at the network access. 945 00:42:57,980 --> 00:42:59,860 Now, finally, the workload side of things, 946 00:42:59,860 --> 00:43:02,820 again, your data centers, your cloud, all your applications, 947 00:43:02,820 --> 00:43:05,220 that is going to be protected by secure workload. 948 00:43:05,220 --> 00:43:07,260 So that is going to be the piece that sits out there 949 00:43:07,260 --> 00:43:08,700 that's monitoring everything. 950 00:43:08,700 --> 00:43:10,140 Again, ICE sits in the middle. 951 00:43:10,140 --> 00:43:12,140 It integrates with both sides of it. 952 00:43:13,180 --> 00:43:14,700 Across all of that, 953 00:43:14,700 --> 00:43:16,860 across all of the zero trust that we're looking at, 954 00:43:16,860 --> 00:43:19,460 as Sam mentioned, visibility is key. 955 00:43:19,460 --> 00:43:20,980 So we're also going to want to look 956 00:43:20,980 --> 00:43:22,100 at secure network analytics. 957 00:43:22,100 --> 00:43:24,060 Let's see the east, west, north, south, 958 00:43:24,060 --> 00:43:25,900 every direction you can imagine traffic 959 00:43:25,900 --> 00:43:26,940 that's coming through. 960 00:43:26,940 --> 00:43:28,580 All the pieces and parts that you put in, 961 00:43:28,580 --> 00:43:29,900 the policies you develop, 962 00:43:29,900 --> 00:43:32,980 how do you know that they have actually been implemented? 963 00:43:32,980 --> 00:43:34,860 That's where secure network analytics comes from. 964 00:43:34,860 --> 00:43:37,340 So really those four products that we're looking at, 965 00:43:37,340 --> 00:43:38,940 Cisco's going to really tell you three, 966 00:43:38,940 --> 00:43:40,540 ICE, Duo, secure workload. 967 00:43:40,540 --> 00:43:42,100 I like to throw secure network analytics 968 00:43:42,100 --> 00:43:44,060 to really round out the whole picture. 969 00:43:46,420 --> 00:43:47,500 Great. 970 00:43:47,500 --> 00:43:48,340 That was great. 971 00:43:48,340 --> 00:43:49,820 And as a tongue twister, 972 00:43:49,820 --> 00:43:53,220 how fast can you say workplace, workforce, workload, 973 00:43:53,220 --> 00:43:54,220 as many times as you can? 974 00:43:54,220 --> 00:43:55,140 No, I'm just kidding. 975 00:43:55,140 --> 00:43:56,620 All right. 976 00:43:56,620 --> 00:43:58,940 Did you guys all bring a dad joke for today? 977 00:44:00,620 --> 00:44:02,500 Well, I mean, I don't know. 978 00:44:02,500 --> 00:44:04,740 Well, I'll wing it as we go into it. 979 00:44:04,740 --> 00:44:06,060 Okay. 980 00:44:06,060 --> 00:44:07,940 Sam, would you like to kick us off? 981 00:44:07,940 --> 00:44:10,020 Yeah, this one is very corny, 982 00:44:10,020 --> 00:44:12,420 but yeah, so my question is, 983 00:44:12,420 --> 00:44:15,140 why was the computer so good at golf? 984 00:44:19,580 --> 00:44:21,820 I was going to say something about like a whole, 985 00:44:21,820 --> 00:44:23,220 a whole one. 986 00:44:25,780 --> 00:44:27,180 Keystrokes. 987 00:44:30,100 --> 00:44:31,540 Good answer though, I like it. 988 00:44:31,540 --> 00:44:32,380 Thanks. 989 00:44:33,660 --> 00:44:34,500 All right. 990 00:44:35,740 --> 00:44:36,780 Want me to answer? 991 00:44:36,780 --> 00:44:38,060 Sure. 992 00:44:38,060 --> 00:44:41,140 All right, so yeah, the answer is because it has, 993 00:44:41,140 --> 00:44:43,100 it had a hard drive. 994 00:44:44,100 --> 00:44:44,940 Very cool. 995 00:44:47,820 --> 00:44:49,220 All right, let's keep this rolling. 996 00:44:49,220 --> 00:44:50,660 Andres, what do you got? 997 00:44:51,700 --> 00:44:53,100 I actually brought three, 998 00:44:53,100 --> 00:44:56,900 but I'm going to say only one because I think it was fun. 999 00:44:56,900 --> 00:45:00,420 So how does a hacker propose? 1000 00:45:04,460 --> 00:45:05,300 Short. 1001 00:45:05,300 --> 00:45:06,140 Yeah. 1002 00:45:08,180 --> 00:45:10,100 The answer is going to be on the next episode. 1003 00:45:10,100 --> 00:45:10,940 No, I'm good. 1004 00:45:12,940 --> 00:45:16,340 Something was like ransomware or something, I don't know. 1005 00:45:16,340 --> 00:45:18,220 No, with a fishing ring. 1006 00:45:22,260 --> 00:45:23,100 John? 1007 00:45:24,780 --> 00:45:27,380 All right, so it reminds me more of a pun. 1008 00:45:28,220 --> 00:45:30,260 My wife was complaining that her computer 1009 00:45:30,260 --> 00:45:32,540 was cold the other day. 1010 00:45:32,540 --> 00:45:34,660 So she asked me to take a look at it. 1011 00:45:34,660 --> 00:45:37,700 So I walked over, took a look. 1012 00:45:37,700 --> 00:45:39,660 Her windows was open. 1013 00:45:39,660 --> 00:45:41,660 She didn't have her firewall turned on. 1014 00:45:44,620 --> 00:45:45,460 That's good. 1015 00:45:45,460 --> 00:45:47,420 That's awesome, that's awesome. 1016 00:45:47,420 --> 00:45:48,980 All right, I'll go last here. 1017 00:45:50,340 --> 00:45:55,340 Which social dating platform has had the most user traffic 1018 00:45:55,940 --> 00:45:58,620 since the invention of SAML? 1019 00:45:58,620 --> 00:46:00,420 Single sign on.com. 1020 00:46:07,620 --> 00:46:09,260 Closing remarks, Sam, 1021 00:46:09,260 --> 00:46:12,500 anything you'd like to close out with here? 1022 00:46:12,500 --> 00:46:14,300 Yeah, we talked about this. 1023 00:46:14,300 --> 00:46:16,820 I think it's very important to know that 1024 00:46:16,820 --> 00:46:19,820 you're only as strong as your weakest link. 1025 00:46:19,820 --> 00:46:22,340 Typically in users or legacy systems 1026 00:46:22,340 --> 00:46:24,340 are going to be those weakest links. 1027 00:46:24,340 --> 00:46:26,180 So I think that's a good point. 1028 00:46:26,180 --> 00:46:28,700 In users or legacy systems are going to be those 1029 00:46:28,700 --> 00:46:29,540 weakest links. 1030 00:46:30,860 --> 00:46:34,820 And it only takes one place for a successful initial access 1031 00:46:34,820 --> 00:46:36,660 for a bad actor. 1032 00:46:36,660 --> 00:46:38,500 So you definitely want to have 1033 00:46:38,500 --> 00:46:41,700 multi-factor authentication turned on. 1034 00:46:41,700 --> 00:46:45,500 Defense in depth is very big as well and useful. 1035 00:46:46,580 --> 00:46:51,100 But if you have any interest in seeing what Duo is, 1036 00:46:51,100 --> 00:46:53,500 working on any of the innovations, 1037 00:46:53,500 --> 00:46:54,860 you can go to duo.com, 1038 00:46:54,860 --> 00:46:57,420 or 30 day trial, reach out to Mike, 1039 00:46:57,420 --> 00:47:00,380 any of us on the calls and we can work with you. 1040 00:47:01,380 --> 00:47:02,260 Sam, that was great. 1041 00:47:02,260 --> 00:47:03,100 And I can see you still 1042 00:47:03,100 --> 00:47:04,660 chuckling about the dad jokes a little bit. 1043 00:47:04,660 --> 00:47:05,500 Yeah, that was good. 1044 00:47:05,500 --> 00:47:06,340 That was good. 1045 00:47:06,340 --> 00:47:07,580 We made him cry. 1046 00:47:10,500 --> 00:47:12,220 John, closing remarks? 1047 00:47:13,300 --> 00:47:15,420 I mean, really, let's go back to the very beginning 1048 00:47:15,420 --> 00:47:17,500 of the whole conversation that 1049 00:47:17,500 --> 00:47:20,820 remember it's not going to be a single shot. 1050 00:47:20,820 --> 00:47:21,980 It's not going to be a single product. 1051 00:47:21,980 --> 00:47:24,260 It's a solution that we're going to be looking at. 1052 00:47:24,260 --> 00:47:26,540 I am as a big piece, 1053 00:47:26,540 --> 00:47:29,740 but really look at the zero trust conversation 1054 00:47:29,740 --> 00:47:31,060 coming into it. 1055 00:47:31,060 --> 00:47:33,540 Look at exactly what we're trying to lock down, 1056 00:47:33,540 --> 00:47:34,740 pieces and parts. 1057 00:47:34,740 --> 00:47:36,140 One product's not going to do it. 1058 00:47:36,140 --> 00:47:37,820 One vendor is not going to do it. 1059 00:47:37,820 --> 00:47:40,180 Really look at it as that holistic solution 1060 00:47:40,180 --> 00:47:43,180 and you'll set yourself up more for success than anything. 1061 00:47:44,100 --> 00:47:45,020 That's excellent. 1062 00:47:45,020 --> 00:47:47,060 I mean, big takeaways for me, 1063 00:47:47,060 --> 00:47:50,300 really just that identity management is a solution, 1064 00:47:50,300 --> 00:47:51,140 not a product, 1065 00:47:51,140 --> 00:47:54,220 and it's going to be customized for each implementation. 1066 00:47:54,220 --> 00:47:56,660 Not forgetting about the authorization 1067 00:47:56,660 --> 00:47:58,140 and the accounting piece. 1068 00:47:58,140 --> 00:47:59,900 A lot of people just do that authentication, 1069 00:47:59,900 --> 00:48:03,140 but don't forget about limiting the scope of access. 1070 00:48:03,140 --> 00:48:07,740 And then working on that profile and posture, 1071 00:48:07,740 --> 00:48:10,020 knowing what is on the network 1072 00:48:10,020 --> 00:48:13,460 as well as the hygiene of what's on the network. 1073 00:48:14,940 --> 00:48:16,140 Yeah, that was good, Mike. 1074 00:48:16,140 --> 00:48:19,460 And for my takeaway, 1075 00:48:19,460 --> 00:48:21,580 dual more than an MFA. 1076 00:48:21,580 --> 00:48:25,940 Probably you've heard it more than you know, 1077 00:48:25,940 --> 00:48:28,100 and there's so many features, 1078 00:48:28,100 --> 00:48:30,500 capabilities that we have there. 1079 00:48:30,500 --> 00:48:33,420 Always that question about eyes versus dual. 1080 00:48:33,420 --> 00:48:35,900 Just remember eyes for the network, 1081 00:48:35,900 --> 00:48:38,100 dual for applications, 1082 00:48:39,180 --> 00:48:41,060 and they integrate together. 1083 00:48:42,020 --> 00:48:43,220 The other thing that I have, 1084 00:48:43,220 --> 00:48:45,620 and those are the last two things, 1085 00:48:45,620 --> 00:48:48,500 implementation of an IM solution. 1086 00:48:48,500 --> 00:48:50,780 Remember, planning is key. 1087 00:48:50,780 --> 00:48:52,940 One of the things that I always hear 1088 00:48:52,940 --> 00:48:56,940 and incorporate it into my talk tracks lately 1089 00:48:56,940 --> 00:48:59,340 is measure twice, cut once. 1090 00:48:59,340 --> 00:49:02,020 So make sure you have your planning in order. 1091 00:49:02,020 --> 00:49:03,940 And the same thing for zero trust. 1092 00:49:03,940 --> 00:49:05,060 Understand the framework. 1093 00:49:05,060 --> 00:49:07,620 The framework doesn't have to be the same for everybody, 1094 00:49:07,620 --> 00:49:11,580 but remember you're securing the workplace, 1095 00:49:11,580 --> 00:49:14,220 the workloads or your applications, 1096 00:49:14,220 --> 00:49:16,780 and then you're also securing your workforce. 1097 00:49:16,780 --> 00:49:18,500 So that's my takeaway. 1098 00:49:18,500 --> 00:49:20,460 That's excellent. 1099 00:49:20,460 --> 00:49:22,980 John and Sam, thank you guys so much. 1100 00:49:22,980 --> 00:49:25,340 I've had the pleasure of knowing you both a long time, 1101 00:49:25,340 --> 00:49:28,100 but in all sincerity, 1102 00:49:28,100 --> 00:49:31,100 thanks for the security aspect you do in the world, 1103 00:49:31,100 --> 00:49:33,020 keeping people safe, 1104 00:49:33,020 --> 00:49:35,420 especially when we're talking about healthcare, 1105 00:49:35,420 --> 00:49:36,820 DOD type stuff. 1106 00:49:38,540 --> 00:49:41,180 Protecting our customers and the world 1107 00:49:41,180 --> 00:49:46,180 is something we all are very involved with 1108 00:49:46,180 --> 00:49:49,900 and you guys do a great contribution there. 1109 00:49:49,900 --> 00:49:52,780 Next episode, Andres, Zero Trust. 1110 00:49:52,780 --> 00:49:54,700 So that's kind of cool that we talked about that 1111 00:49:54,700 --> 00:49:55,980 a little bit today. 1112 00:49:55,980 --> 00:49:59,380 We'll get into talking about modern security principles 1113 00:49:59,380 --> 00:50:02,300 that as Andres said, frustrate attackers, 1114 00:50:02,300 --> 00:50:03,780 not the users. 1115 00:50:03,780 --> 00:50:05,580 Maybe Sam that said that. 1116 00:50:05,580 --> 00:50:07,980 I really enjoyed today's conversation. 1117 00:50:07,980 --> 00:50:12,780 Stay secure and we'll see everybody on the next show. 1118 00:50:12,780 --> 00:50:13,620 Thank you all. 1119 00:50:13,620 --> 00:50:16,380 Have a good one.