Cisco Zero Trust at Scale with Jamf
This first presentation leads with a breakdown of Cisco Zero Trust security, its enterprise implementation and how that integrates with Jamf Pro.
“Zero Trust is a security framework built around the concepts of never trust implicitly - always verify - and assuming breach both from inside and outside, the network”. - Lila Blum, Information Security Analyst, Cisco Systems, Inc.
Cisco’s implementation revolves around providing for more granular controls at the hardware and software levels to achieve its Zero Trust goals. For those that are familiar with Zero Trust in general, the added security both minimizes risk and helps security and IT teams to resolve incidents more efficiently, once detected. Blum presents a high-level tour of how exactly Zero Trust works to protect your organization’s devices and data for those that would like to know more about how this technology functions. Additionally, here are a few reasons why Cisco chose to implement Zero Trust:
- Improving the authentication experience for users
- Well-suited for remote and hybrid work environments
- Increased security measures = defense in depth
- Duo technology provides an additional safeguard, such as MFA, for enhanced protection
Jacob Davidson, Technical Systems Engineer, Cisco Systems, Inc., handles the demonstration of exactly how Cisco’s Zero Trust technology works with Mac by guiding attendees through the step-by-step process.
Similarly, a deep-dive into the full architecture behind Zero Trust, including many of the services enterprises commonly use, such as Directory Services to centrally manage user accounts, Jamf Pro for device & configuration management, SSO and MFA technologies for additional security and provide application access. All coming together with Cisco’s hardware and services to provide end users a seamless, yet highly secure experience.
The Cisco team also discuss some of the challenges that were faced along the way as this was deployed across Cisco’s organization to manage their Mac fleet. It should be noted that each organization is different and will no doubt encounter differing needs, issues and compliance requirements.
Since completing the deployment phase, Blum shares Cisco’s incredible results thus far to highlight some of the benefits organizations can come to expect by choosing to adopt Zero Trust, including:
- 170,000 devices enabled
- 140,000 employee accounts enabled
- 2.6 million device health checks per month
- 94 applications secured
- <1% of users contacting help desk for support
Automations, investigations and actions with Cisco SecureX and Jamf
The second presentation leans into providing an overview of SecureX, plus includes not one, but two demonstrations on Device Insights and Orchestration.
Cisco SecureX is a centralized Extended Detection and Response (XDR) tool, or as Aaron refers to it as, “a platform in the sky.” This cloud-based integration platform works together with other Cisco and non-Cisco products, such as Jamf software offerings, allowing organizations to achieve simplicity through visibility into their infrastructure and efficiency through the removal of bottlenecks that slow down a team’s ability to identify and resolve issues quickly.
According to Aaron Woland, Principal Engineer, Cisco, the SecureX platform is included at no additional charge to customers that already utilize SecureX-enabled products in the Cisco portfolio.
Device Insights Demo
“SecureX device insights provides a seamless, agent-less, unified view of the devices in your organization for attack surface reduction.” - Cisco
As the saying goes, that a picture is worth a thousand words, this rings true for the demonstrations provided by Cisco. The hands-on, in-depth demo provides attendees a look at just how SecureX works to protect your infrastructure in real-time.
A few of the agenda items covered are:
- Device Insights features
- Data sources (integrations with software, such as Jamf)
- Inventory tables, sorting, customizing and exporting data
- Endpoint protection details, including consolidated details and views, pivoting to consoles
Switching hosts, Matt Vander Horst, Technical Marketing Engineer, Cisco, takes over to demonstrate the orchestration capabilities of the SecureX platform. Specifically beginning with a simple breakdown of what to expect from SecureX’s automation and orchestration platform:
- No-to-low code
- Drag & drop
- Cloud-based with automatic scaling
- Included with existing SecureX licensing at no additional cost
As mentioned previously, SecureX integrates with a number of products. In the case of Jamf Pro, it leverages the Jamf API to automate investigation and response workflows, allowing admins to create a host of advanced functionality in response to detected threats, such as locking a device identified as being compromised, disabling access to the network or corporate resources temporarily and/or deploying remediation tasks to bring it back into compliance — all performed automatically and without relying on IT to “put a hand on the device”.
During the extensively detailed demonstration, Vander Horst discusses the Ribbon feature of SecureX and how this ubiquitous technology allows admins to gather, view or act upon a piece of intelligence to perform additional tasks. Consider something such as an IP address that is unique to a device and selecting a workflow to pivot into establishing Remote Desktop access or to execute threat hunting processes, based on pre-existing orchestration workflows.
Additional explanations of properties contained within SecureX’s orchestration feature that Vander Horst guides you through include:
- Workflows, Atomic actions and Components overview
- Editing workflows
- Run details
- Ribbon as part of the Response workflow
- Integration with Git repository
Visit the Jamf Marketplace for access to this and other powerful software integration options.