cisco virtual update on duochef, microsoft sccm, airwatch, etc. alternative: cisco duo has a generic...
TRANSCRIPT
![Page 1: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/1.jpg)
Cisco Virtual Update on DUO
4/3– 2020
Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified
Technical Solutions Architect, Cyber Security, Denmark
![Page 2: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/2.jpg)
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
How Cisco Duo delivers Zero Trust for your Workforce
Every Application
Trusted Devices
Trusted Users
Visibility & Policies
Cisco Duo protects organizations by verifying the identity of users and the health of their devices before connecting to the applications they need.
![Page 3: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/3.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
User TrustEstablish user trustwith MFA.
![Page 4: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/4.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
World’s Easiest and Most Secure MFA
Instantly integrates with all apps
Users self-enroll in minutes
Users authenticate in seconds; no codes to enter
![Page 5: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/5.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Push Soft Token SMS
Phone Call U2F Wearables
Biometrics
Broadest Range of Multi-Factor Authentication (MFA) Options
Hardware Tokens
● Configure authentication options for each application or group of users
● Enable multiple option for users for ease of use and flexibility
![Page 6: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/6.jpg)
Temporary Offline Authentication for Windows
Supported Auth Methods for Windows Offline
● Grab a yubikey or other security key
● Just tap the key!
Users need to authenticate with MFA into their machines before they can access internet / secure portal.
WHY IT’S NEEDEDOFFLINE AUTH VIA OTP WITH DUO MOBILE
● Use the smartphone you own● Enter one-time passcode
OR AUTH WITH A SECURITY KEY
WHO IT’S FOR
Remote users who need to perform 2FA while they are temporarily disconnected from the internet.
![Page 7: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/7.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
REST APIS
WEB SDK
RADIUS
SAML
OIDC
CustomVPN RA SSO
RRAS
Multicloud Email/MSFT On-Prem
Start Here Then Expand
Cisco Duo Supports Your Work Applications
Learn more about application integrations
![Page 8: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/8.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Enroll Users Easily at Scale
Automatic Enrollment
Admins can import users from existing Azure, LDAP and AD directories
Self Enrollment
Users can self-enroll into Cisco Duo in less than 1 minute
Import Users
Provision users using Cisco Duo’s REST API or add users manual one at a time or through CSV
Learn more about Enrollment Options
![Page 9: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/9.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Self-Enrollment: Easily enroll users in minutes
● Users easily self-enroll in minutes
● Users leverage their own device
● Enroll thousands of users in hours.
● Reduce TCO by enabling the user to easily enroll with no help needed
Learn more about self-enrollment
![Page 10: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/10.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
User Self-Service
● Users can manage their own 2FA devices during login.
● Add, Remove and Configure Devices
● Reduce TCO by enabling the user to easily manage their own device.
Learn more about Device Management
![Page 11: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/11.jpg)
Device TrustAssess the health and security posture of any device.
![Page 12: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/12.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Compromised Devices Can Access Your Data
Source: Gartner, Dale Gardner, 2018 Security Summit
of vulnerabilities exploited will be ones
known by security team for at least one year
(through 2021)
Source: Gartner, Dale Gardner, 2018 Security Summit
99%Attackers exploit known vulnerabilities
Patching devices (especially user-owned) is complex
End users continue to access data from potentially vulnerable devices
Accessing critical data from vulnerable devices can be risky
![Page 13: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/13.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Assess Security PostureEasily identify device security posture, and if they are managed or not based on enrollment in MDMs/EMMs.
Complete Visibility Gain complete visibility into all laptops and mobile devices using native device visibility.Improve
Device Trust with Cisco Duo
Continuous InspectionContinuously monitor if devices are infected with malware by using solutions such as AMP to prevent them from reaching sensitive apps.
![Page 14: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/14.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
How Cisco Duo gathers visibility
Mobile DeviceMobile browsers and the Duo Mobile application
Laptops / DesktopsLaptop/desktop browsers and
Duo Device Health application (New!)
![Page 15: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/15.jpg)
Deep visibility into laptops and desktops
● New functionality (GA Dec 2019)
● Laptop / desktop security health
● Check devices before they login
● Corporate managed and BYO devices
● Supports web-based applications
● Windows 10 and MacOS
![Page 16: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/16.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Assess Mobile Device Posture without MDM
● Check if mobile devices are up-to-date
● Verify encryption and passcode lock
● Check if devices are jailbroken or tampered
● Works for managed and unmanaged mobile devices
![Page 17: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/17.jpg)
● Corp managed asset status● Biometrics (Touch/Face) status● Screen lock status● OS condition (tampered) status● Encryption status● Platform type● Device OS type● Device OS version● Device owner● Duo Mobile version
● Disk encryption● Firewall enabled● Device password● OS patch level (Win 10)● Third party agents
● Corp managed asset status*● OS type & versions● Browser type & versions● Flash & Java plugins versions● OS, browser and plugins status
Mobile Devices Laptops / Desktops
What information does Cisco Duo gather?
Learn more about Unified Device Visibility
NEW!Duo Device Health App
![Page 18: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/18.jpg)
Native: Microsoft AD, Ivanti (Landesk), AMP
Script based: Symantec Altiris, Chef, Microsoft SCCM, AirWatch, etc.
Alternative: Cisco Duo has a generic cert deployment
Mobile Windows MacOS
Duo: Duo Mobile app can be used to trust mobile devices. (Great for customers w/o MDM)
Native: AirWatch, MobileIron, Google G Suite, Sophos
Alternative: Cisco Duo has a generic cert deployment
Native: Jamf, AMP
Script based: Symantec Altiris, Chef, Microsoft SCCM, AirWatch, etc.
Alternative: Cisco Duo has a generic cert deployment
Learn more about Trusted Endpoints
Identify managed vs BYO devices
![Page 20: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/20.jpg)
NEW
Users use their devices to access application.
Cisco AMP running on the device detected malware.
AMP notifies Cisco Duo about the infected device.
Cisco Duo blocks that device from accessing apps.
Continuous InspectionCisco Duo and AMP work together to provide stronger access security.
AMPAMP
![Page 21: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/21.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
1. Gather AMP credentials from your AMP admin panel
2. Enter AMP credentials in Cisco Duo admin panel
3. Set policies in Cisco Duo to protect against risky devices
Cisco Duo and AMP can be integrated in minutes
![Page 22: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/22.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Configure AMP policy in Cisco Duo to instantly block risky devices
![Page 24: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/24.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Protect Every Application
Manage and control who is allowed to access applications.
![Page 25: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/25.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Example:
User-Based Policies
Learn more about Policy and Control
• Allowed authentication methods
• User enrollment status
• Geolocation
• IP Network Address / Range
• Block Anonymous networks/Tor
![Page 26: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/26.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Example:
Device-Based Policies• Corporate-owned/BYO (Trusted endpoint)
• OS, browsers, Flash/Java
o Software Type
o Out of Date / Up to Date
• Mobile security status
o Screen lock, biometrics, encryption, jailbroken/tampered
• Remembered / previously known device
Learn more about Policy and Control
![Page 27: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/27.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Use Cases
All integrations and network diagrams are available at: duo.com/docs
Cisco Duo supports hundreds of apps out of the box.
![Page 28: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/28.jpg)
Secure Any Corporate Application
Integration documents are available at duo.com/docs
![Page 29: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/29.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
USE CASE
Cisco Duo for VPNFor remote access use caseswith any VPN
![Page 30: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/30.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
USE CASE
Cisco Duo & AnyConnect Secure Remote Access• Secure AnyConnect in < 30 minutes
• Users authentication in seconds
• Block unmanaged devices
• Several integration options
• *AVAILABLE ON* ASA and FTD
![Page 31: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/31.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Cisco Duo for Cloud Applications
![Page 32: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/32.jpg)
Improve End User Productivity SSO
● Easily access all cloud applications from a single dashboard
● Enable consistent security controls across cloud applications
● Secure every cloud application
Duo SSO for Cloud apps
![Page 33: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/33.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Cisco Duo for MicrosoftO365, RDP/Windows Logon, and Azure AD use cases
![Page 34: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/34.jpg)
https://demo.duo.com/ssh-remote-access
Demo: SSH Access with Duo Beyond
![Page 35: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/35.jpg)
INFORMATION PROPERTY OF DUO SECURITY, INC.
Feature Highlights
Cisco Duo MFA
Cisco Duo Access
Cisco Duo Beyond
● Multi-Factor Authentication● Single Sign-On (SSO)● Protect Any Application● Protect Federated
Cloud Apps
● Adaptive Groups Based Policy Controls
● Unified Device Visibility● User Based Policy● Device Based Policy● Phishing Assessment
● Trusted Endpoints● Secure Remote Access● Duo Mobile as Trusted
Full Capabilities: https://duo.com/pricing
![Page 36: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/36.jpg)
![Page 37: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/37.jpg)
Følg med§ Talos blog
§ Cisco security blog
§ Afholdte seminarer
§ Security Chalk Talks
§ DUO dokumentation
§ DUO demoer
§ DUO PoV / Trial
§ DUO på Youtube
§ DUO sessioner på Cisco Live 2020 Barcelona
§ AMP4E + DUO Integration
§ DUO Zerotrust
§ DUO Zerotrust på Cisco Live 2020 Barcelona
§ DUO Behavioral Security Analytics
§ Join Cisco Security på Blackhat, Defcon etc. ogpå Talos Threat Research Summit @ Cisco Live
Tag fat i jeres Account Manager eller Jesper Rathsach, Tue Frei Noergaard, Kristian Von Staffeldt, Kim Andersen, Kenneth Schwartz eller Mikael Grotrian for en dybere gennemgang, Proof of Value eller en Dcloud demo adgang.
![Page 38: Cisco Virtual Update on DUOChef, Microsoft SCCM, AirWatch, etc. Alternative: Cisco Duo has a generic cert deployment Learn more about Trusted Endpoints Identify managed vs BYO devices](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d3eed9b3c786802418596/html5/thumbnails/38.jpg)