The world of cybersecurity by no means stops altering. Every single day unhealthy actors develop bolder and extra devious as they attempt to break your safety, steal your knowledge, and provide it again to you for ransom. They’ve turn out to be excellent at what they do, they usually solely want one small crack in your safety to wreak probably the most havoc. There are community sentries that guard your community, however the place one resolution is sweet—two is a a lot stronger possibility.
Fortunately for you, Cisco Duo and ISE are the right pair to guard your community.
Why are Duo and ISE higher collectively?
Consider Cisco Duo’s multi-factor authentication (MFA) because the added layer of safety that verifies a person’s id on the time of login, like a high-tech forcefield that solely lets within the good guys by—if they’ve their secret passcodes. Contemplate Cisco ISE because the clever cohort, analyzing the whole lot from customers to gadgets. Collectively, they supply deep visibility into the customers and gadgets requesting entry to Digital Personal Community (VPN) and Terminal Entry Controller Entry Management System (TACACS+), guaranteeing that community entry is granted solely to those that efficiently authenticate utilizing Duo MFA.
This weblog will cowl how Cisco Duo and ISE have partnered to strengthen organizational safety by making the Duo MFA integration course of with ISE simpler for IT admins. However you too can find out about how Cisco ISE and Duo work along with our newest At-A-Look.
What to anticipate from this replace?
Launched in November 2023, current prospects using Cisco ISE with Duo not want to keep up an exterior VM or server for the Duo Authentication Proxy, in any other case referred to as a Duo Auth Proxy. (Duo Auth Proxy is an on-premises software program service that performs main authentication in opposition to LDAP listing, or RADIUS after which in flip contacts Duo for secondary authentication.)
This replace replaces Auth Proxy with Duo APIs to forestall unauthorized customers requesting confidential entry to VPN community or their community entry machine (TACACS+).
Right here is how we’re enhancing integration expertise for IT admins:
Making authentication workflow less complicated
Cisco ISE will now deal with the first authentication and immediately transmit authentication requests to the Cisco Duo cloud for secondary authentication by way of APIs- Auth API and Admin API, eliminating the need to ascertain an exterior Duo Authentication proxy.
Natively integrating and managing MFA
Integration Wizard: Situated within the ‘Exterior Id Sources’ menu and underneath the ‘MFA’ tab.
- Now within the Cisco ISE GUI, IT admins are guided by easy step-by-step wizard to combine ISE and Duo MFA eliminating intensive coaching or time required to do the duty. This upgraded ISE GUI for IT admins comes with none interference to the end-user expertise.
- Along with the setup expertise, immediately within the ISE GUI, IT admins may also simply handle their Duo connections to re-specify which customers of Lively Listing teams that they want to proceed with MFA and create insurance policies for particular person teams.
Create your MFA Insurance policies within the ‘Coverage Units’ Web page: Situated throughout the ISE coverage tab underneath the sidebar
- Now within the ISE coverage set web page, directors can create insurance policies catered particularly for multi-factor authentication guidelines. Every rule will specify the Duo connection(s) and the situations which have to be met to proceed by the multi-factor authentication course of.
Decreasing IT burden and prices
A good portion of Cisco Duo and ISE customers are leveraging Duo’s MFA capabilities by the present Duo Auth Proxy. Nevertheless, as we delve into the intricacies and expansiveness of those environments, it turns into clear that many purchasers not solely incur extra prices with deploying an equipment to host the Duo Auth Proxy but in addition allocate manpower to handle them. On account of leveraging Auth and Admin APIs-
- No extra prices are incurred for exterior servers internet hosting the Duo Auth Proxy.
- IT admins can spend much less time establishing, sustaining, and troubleshooting the mixing and extra time doing different extra significant issues.
Simpler authentication workflow with Auth API and Admin API
With elimination of the Duo Auth Proxy, the authentication workflow is less complicated and faster. Right here is the 4 steps course of for VPN and TACACS+ customers:
- Admin syncs record of AD teams from ISE to Duo utilizing the Admin API. Within the case of current teams or customers, ISE solely sends a listing of up to date ones stopping duplication.
- Cisco ISE receives a RADIUS authentication request and performs the first authentication in opposition to configured id supply.
- Cisco ISE invokes the Auth API which permits Duo to carry out the secondary authentication, or also called MFA
- Cisco ISE upon acknowledgement from MFA acceptance from Duo grant person entry to the community.
Because of Cisco ISE and Duo, not solely are you able to be the chief of your community’s safety resolution, but in addition put together your group for licensed entry with MFA, bolstering your defenses in opposition to digital threats and advancing safe authentication.
To study extra about what Cisco ISE and Duo can do collectively, overview this At-A-Look.
We’d love to listen to what you assume. Ask a Query, Remark Under, and Keep Related with Cisco Safety on social!
Cisco Safety Social Channels
Share:
