Cisco (CSCO) is rolling out new security products that it says aims to improve protection against hackers that manage to break into companies using employee credentials.
The service, called Cisco Identity Intelligence, is designed to recognize inconsistencies in how a user is moving through a company’s network and alert security personnel, allowing them to track, block, and kick out intruders from their networks.
“By analyzing the entire attack surface of an organization’s users, machines, services, apps, data and their behaviors, Cisco Identity Intelligence bridges the chasm between authentication and access,” Cisco EVP and GM of Security and Collaboration, Jeetu Patel, said in a statement.
“We are the first vendor bringing together identity, networking and security into a complete solution to address the largest cyber challenge of modern times,” he added.
According to Patel, hackers are using increasingly sophisticated means to get a hold of employees’ login credentials. In some instances, he said, attackers will call up a company’s internal help center and, using a deepfake of an employee’s voice, get the help center workers to give the hacker login credentials believing they are a legitimate employee.
This is the kind of high-level attack that hackers could use to target important infrastructure and major corporations. So don’t expect someone to use it to get into your Facebook account.
But in instances where an attacker is able to break a corporate network using stolen credentials, Patel says Cisco Identity Intelligence will continue monitoring their actions for any suspicious activity. If, for instance, a person logs in from a location they don’t normally log in from, or uses a new device, or starts trying to escalate their network privileges, Identity Intelligence will fire off an alert to the company’s cybersecurity professionals who can take action against the intruder.
In addition to tracking usage patterns, Patel said Identity Intelligence can also determine if it’s been a long time since a user has logged into specific apps or tried to access a corporate network from certain devices.
If a company believes that the employee no longer needs access to those apps, or that those devices are outdated, cybersecurity workers can restrict access to the apps and cut off those old devices.
The thinking is that by eliminating unnecessary access points to corporate networks, hackers will have fewer avenues to attack companies.
While cybersecurity measures like multi-factor authentication, which requires you to both log in via a username and password, as well as a secret code generated by an app or sent to your device through a text, have made it more difficult for hackers to break into companies’ networks, there are still plenty of ways to sneak in unnoticed.
There are plenty of companies with employees that don’t abide by proper cybersecurity protocols, such as reusing usernames and passwords for multiple accounts, that hackers can exploit with ease.
But if companies can see if someone who logged in should be allowed on a network, they might be able to keep hackers out before they do major damage.