思科系统公司(Cisco Systems Inc.)今天宣布推出思科安全云(Cisco Security Cloud)的一些新功能,思科安全云现在可以利用人工智能简化安全及抵御基于身份的攻击。
思科系统公司(Cisco Systems Inc.)今天宣布推出思科安全云(Cisco Security Cloud)的一些新功能,思科安全云现在可以利用人工智能简化安全及抵御基于身份的攻击。
First up is Cisco Identity Intelligence, a new solution that Cisco claims is the industry’s first attempt to combines identity, networking and security. The company says the combination better protects organizations’ complex identity stacks against increasingly sophisticated attacker techniques.
首先是思科身份智能(Cisco Identity Intelligence),思科称思科身份智能是业界首次尝试将身份、网络和安全结合在一起的新解决方案。思科表示这种组合能更好地保护企业复杂的身份堆栈及抵御攻击者日益复杂的技术。
Cisco argues that today, there is blind trust between authentication and access solutions and because of this, threat actors successfully compromised large organizations in 2023 by targeting these weaknesses. Last year, more than 26% of all Cisco Talos Incident Response engagements involved adversaries using compromised credentials on valid accounts.
思科认为,如今在身份验证和访问解决方案之间存在盲目的信任,因此,威胁者在2023年成功地利用这些弱点入侵了一些大型组织。在去年的所有 Cisco Talos 响应事件中,超过 26% 的案例涉及对手在有效账户上使用一些被泄露的凭据。
The problem, as seen by Cisco, is that a user is often mapped to many digital identities and accounts — drastically increasing entry points for attackers and the possibility of lateral movement across identities. Often, legacy permissions have not been removed and security teams miss crucial context about historical identity behavior, actions across systems, and current risk levels needed to make trusted access decisions.
思科认为,问题在于一个用户往往被映射到多个数字身份和账户,这样会大大增加攻击者的切入点和跨身份横向移动的可能性。通常情况下,传统权限没有被移除,安全团队缺乏有关历史身份行为、跨系统操作和当前风险水平的关键上下文信息,这些信息都是作出可信访问决策所必需的。
This is where the new Cisco Identity Intelligence solution steps in. It runs on top of customers’ existing identity stores and provides unified visibility, as well as AI-driven analytics.
新的思科身份智能解决方案的作用正是要介入到这些地方。思科身份智能解决方案在客户现有的身份存储上运行,可以提供统一的可见性以及基于人工智能的分析。
Using the solution, customers can discover their whole identity population, clean up vulnerable accounts, eliminate unused and risky privileges, detect behavior anomalies and block high-risk access attempts – without needing to replace existing solutions.
客户使用思科身份智能解决方案可以发现自己的整个身份群体,清理易受攻击的账户,移除未使用和有风险的权限,检测行为异常并阻止高风险访问尝试,而且无需更换现有解决方案。
Identity Intelligence is built on an identity graph that pulls data from existing third-party sources that manage identity and access. Using AI-driven behavioral analytics and reaching into the network, organizations can choose to take a graduated response, such as quarantining an identity, killing active sessions or isolating the network by leveraging the Cisco Identity Services Engine.
思科身份智能建立在身份图上,从管理身份和访问的现有第三方来源获取数据。组织可以利用基于人工智能的行为分析及深入到网络之中,可以选择采取分级响应的办法,例如隔离身份、杀死活动会话或利用思科身份服务引擎隔离网络。
The solution provides critical insights from existing solutions, including Smart Authentication with Cisco Duo, which detects unusual patterns based on behavior and third-party signals. Smart Access with Cisco Secure Access is used to verify the authentication decision and block unusual or high-risk behaviors and Smart Threat Detection with Cisco XDR correlates identity signals to provide missing information that traditional endpoint and network security solutions miss.
思科身份智能解决方案可提供来自现有解决方案的重要见解,包括利用思科 Duo 进行智能身份验证,根据行为和第三方信号检测异常模式。思科安全访问(Cisco Secure Access)的智能访问功能可用于验证身份验证决策并阻止异常或高风险行为,而 思科 XDR 的智能威胁检测功能则可以将身份信号关联起来,提供传统端点和网络安全解决方案所遗漏的信息。
“Organizations need to adopt an identity-first approach to security, which, among other things, allows them to evolve from just asking ‘can’ a user access a system to continuously assessing whether a user ‘should’ be able to do what they are doing once they are authenticated,” said Jeetu Patel, executive vice president and general manager of Security and Collaboration at Cisco. “By analyzing the entire attack surface of an organization’s users, machines, services, apps, data and their behaviors, Cisco Identity Intelligence bridges the chasm between authentication and access.”
思科执行副总裁兼安全与协作部总经理 Jeetu Patel表示,“组织需要采用身份优先的安全方法,这种方法具有各种功能,例如可以使企业不只是问用户‘能否’访问系统,而是持续评估用户在通过身份验证后是否‘应该’能做他们正在做的事情。思科身份智能技术通过分析企业用户、机器、服务、应用程序、数据及其行为的整个攻击面弥合了身份验证与访问之间的鸿沟。”
### Artificial intelligence
人工智能
Along with the announcement of Cisco Identity Intelligence, Cisco also announced an expansion in AI capabilities in Cisco AI Assistant for Cloud. Announced in December, the service is designed to enhance cybersecurity measures by providing advanced data analysis, policy recommendation and automated task management.
思科在宣布思科身份智能的同时还宣布了对思科云人工智能助理(Cisco AI Assistant for Cloud)的人工智能功能的扩展。思科云人工智能助理服务于 12 月发布,旨在通过提供高级数据分析、策略建议和自动任务管理进而加强网络安全措施。
The expanded features include AI Assistant in Secure Access, a new tool that uses generative AI to allow customers to craft security access policies by using natural language prompts. Integrated within Cisco’s Secure Services Edge solution, the assistant offers a more intuitive interface for policy creation.
扩展功能包括安全访问中的人工智能助理,人工智能助理是一种使用生成式人工智能的新工具,客户可以利用人工智能助理通过自然语言提示制定安全访问策略。思科的安全服务边缘解决方案整合了人工智能助理,可以为创建策略提供更直观的界面。
New capabilities in Secure Access now automatically detect and protect intellectual property as it flows in and out of AI systems. Additionally, Cisco Email Threat Defense now uses AI to simultaneously evaluate different portions of an incoming email for markers of malicious intent.
安全访问(Secure Access)的新功能现在可以自动检测和保护进入及离开人工智能系统的知识产权。此外,思科电子邮件威胁防御(Cisco Email Threat Defense)现在使用人工智能同时评估传入电子邮件的不同部分,以发现恶意意图的标记。
Finally, Cisco announced it’s integrating its robust networking capabilities with Cisco Secure Access. Experience Insights, powered by Cisco’s ThousandEyes, improves productivity for hybrid workers by quickly revealing connectivity and application issues and fostering faster resolution. There is no additional cost for this feature, as it is included in all Secure Access licenses.
思科还宣布将旗下强大的网络功能与思科安全访问整合在一起。由思科千眼(ThousandEyes)提供支持的体验洞察(Experience Insights)利用快速揭示连接和应用问题并促进更快的解决方案,可以提高混合型员工的工作效率。体验洞察功能无需额外费用,因为已经包含在所有安全访问的许可证中。