{"id":16142,"date":"2025-10-26T11:28:15","date_gmt":"2025-10-26T11:28:15","guid":{"rendered":"https:\/\/dmsretail.com\/RetailNews\/dynamic-use-of-identity-behavior-posture-data-in-sse\/"},"modified":"2025-10-26T11:28:15","modified_gmt":"2025-10-26T11:28:15","slug":"dynamic-use-of-identity-behavior-posture-data-in-sse","status":"publish","type":"post","link":"https:\/\/dmsretail.com\/RetailNews\/dynamic-use-of-identity-behavior-posture-data-in-sse\/","title":{"rendered":"Dynamic use of identity, behavior, & posture data in SSE"},"content":{"rendered":"

\"Retail<\/a><\/p>
\n<\/p>\n

\n

Cisco Secure Access brings adaptive, contextual, identity-driven security to every connection.<\/em><\/strong><\/p>\n

Security used to start with IP addresses and end with firewall rules. That world is history.<\/p>\n

Today, IPs are disposable, devices roam, and users spin up from anywhere on the planet. Yet many SSE solutions still treat security as primarily a network issue and don\u2019t adequately embrace identity as foundational.<\/p>\n

Cisco\u2019s changing that. Identity is the new perimeter, and with Cisco Identity Intelligence, Secure Access brings continuous, adaptive access decisions to every user, device, and application.<\/p>\n

The Blind Spot: Static View of Identity, Behavior, and Posture in a Dynamic World<\/h2>\n

Most SSE platforms assume a user is just a login. Authenticate once, and you\u2019re good for the session. But identity and identity-based risks aren\u2019t static. Trust levels shift. User behavior fluctuates. Posture changes. Risk increases. Attackers love to hide behind trusted credentials that have not been adjusted to reflect these dynamic changes.<\/p>\n

A non-identity-aware SSE can\u2019t keep up because it treats identity as static versus a living signal. It fails to correlate signals from logins, behaviors, and devices that deviate from typical patterns or guidelines.<\/p>\n

When identity, behavior, and posture verifications stay static, attackers move faster.<\/p>\n

Cisco Identity Intelligence: Leverage User Trust Level to Reduce Risk<\/h2>\n

Cisco Secure Access integrates with Cisco Identity Intelligence (CII) to make SSE identity-focused, risk-aware and self-adjusting. Policies can enable access decisions to evolve dynamically based on live identity data, not guesswork.<\/p>\n

In September of this year, Cisco extended Secure Access integration with CII beyond user trust levels being visible in the Secure Access dashboard. Policies for ZTNA-protected private traffic can now define when a user\u2019s access should be blocked or reauthenticated, based on a user trust profile that adjusts dynamically with user behavior and posture. For example, a policy may define that when a user\u2019s trust level is untrusted, access should be blocked.<\/p>\n

As a safeguard, administrators have the option to bypass blocking an untrusted user, for a specific amount of time. Consider an executive who is traveling to a conference. She connects to an airport Wi-Fi network which she doesn\u2019t normally use, with an IP address that\u2019s questionable, to log into a sensitive\/critical application, and she recently had to reset her password.<\/p>\n

Those events combined would make her appear \u201cuntrusted.\u201d This option allows an administrator to bypass the block, restore the executive\u2019s access, so she can continue her conference activities.<\/p>\n

The administrator may enable, for all ZTNA-protected private traffic, a capability that prompts reauthentication according to user trust level. At lower user trust levels, reauthentication will occur more frequently. For example, let\u2019s say a user doing her work and has a trust level of \u201cfavorable,\u201d but over time, behavior or posture changes cause her trust level to decrease to \u201cneutral.\u201d This would prompt her reauthentication to occur more frequently.<\/p>\n

With this capability, Secure Access is increasingly using dynamic trust data to enrich the organization\u2019s ability to implement least-privilege access controls, heighten security, and reduce risk.<\/p>\n

User and Entity Behavior Analytics: Detect Anomalous Behavior<\/h2>\n

Secure Access\u2019s User and Entity Behavior Analytics (UEBA), also available in September this year, can detect anomalous file operations and impossible travel that could indicate an insider threat. That threat may come from an actual insider with malicious intent or an outsider impersonating a valid user.<\/p>\n

Administrators can set Secure Access policies to detect when file uploads, downloads, or deletes exceed the level deemed acceptable for an organization. Additionally, Secure Access can detect impossible travel, such as a user trying to login from San Jose and Paris at times that aren\u2019t possible, suggesting a stolen credential.<\/p>\n

Administrators now have clear visibility into these risky behaviors that may indicate account compromise or malicious behavior via detailed UEBA reports and \u201ctop risky users\u201d in the dashboard main screen.<\/p>\n

We will continue expanding UEBA such that in the future, the behavioral\/analytics data will inform automated action (as chosen by the customer and defined in policy) to increase security protection.<\/p>\n

Continuous Posture: Adapt to High-Risk Posture Changes<\/h2>\n

Cisco Secure Access continuous device posture feature, released in September, enables organizations to detect any reduction in endpoint posture compliance during a live session and quickly react by ending the session to avoid undue risk. For example, if the local firewall is disabled part way through a session, Secure Access will identify the action and can automatically terminate the session.<\/p>\n

This capability provides a quick reaction to any change that represents an increased endpoint risk in the middle of ongoing user activities. \u00a0The detection and adaptive reaction are captured and presented in the user\u2019s activity logs for administrators.<\/p>\n

Now and Going Forward: Cisco Guides Your Journey to Dynamic, Adaptive Access<\/h2>\n

Today, Secure Access is enriched with identity intelligence, user and entity behavior analytics (UEBA), and continuous device posture analysis. Organizations can benefit now from powerful features\u2014such as policies that adjust access based on trust profiles, detection of anomalous user behavior, and automated responses to risky device changes\u2014empowering them to implement granular, risk-aware security at scale.<\/p>\n

Looking ahead, continued Cisco innovation will bring these capabilities closer together, resulting in ever-more sophisticated adaptive access controls that improve the ability to respond swiftly to threats, tailor access policies for evolving security needs, and reduce business risk. Our commitment to enriching Secure Access capability is unwavering, as is our commitment to help our customers remain a step (or two or three steps) ahead in today\u2019s dynamic threat landscape.<\/p>\n

Click here to learn more about Secure Access and its many capabilities.<\/p>\n

\n

We\u2019d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.<\/em><\/p>\n

Cisco Security Social Media<\/mark><\/strong><\/p>\n

LinkedIn
Facebook
Instagram
X<\/a><\/p>\n<\/p><\/div>\n