Multi Factor Identity Integration Validation Services

Problem:

Devices can get on company's network without any true form of validation:

The most typical solution to that problem is the deployment of certificates and managing these certificates throughout the entire certificate lifecycle management process.  That means renewing certificates on devices such as video conferencing systems, phones, printers, security appliances, IoT devices, you name it.

Yet the reality is, not that many vendors out there actually support certificates.  Many IoT devices simply have no way of inserting certificates or do not support EAP-TLS 802.1x authentication.  Yet the need for security and validation of the devices is still there.

So how do you validate different types of devices and applications if certificates can not exactly be deployed?

Solution: 

The answer is to use multiple layers of validation.

  • For example if your environment consists of laptops that have operating systems such as Windows and MAC OS, then there are multiple validation tools that exist out there that makes the concept of recognizing that the the laptop is company's laptop and not just some rogue device. 
  • Yet the reality is that many of the tools on the market require sophisticated level of understanding about all the eccentric functionalities.
  • Many of the tools on the market makes concept of realizing what works or what doesn't difficult to decipher.
  • Managed windows devices maybe easier to handle with Enterprise application tools such as Microsoft Endpoint Manager (formerly known as in-tune), while MAC devices are easier to handle with tools like JAMF and Apple Business Manager.
  • Yet what about other devices such as the ones that do not have certificate validation capabilities or enterprise MDM system to handle the requests, how can such types of devices be handled from validation standpoint?  

The answer is through the use of Cisco Identity Service Engine to tackle your on premise connectivity needs, and through integration of Cisco Identity Service Engine with MDM or multiple MDMs such as JAMF and Microsoft Endpoint Manager In-Tunes, in order to allow devices that are either mobile communicating with your company's applications across multi cellular/wireless networks or on premise be able to connect securely, regardless if they are BYOD types of devices, IoT devices or any other enterprise appliances attempting to connect to your network such as printers, video conferencing systems or servers.

Beyond Certificate LifeCycle Management

Our company can go beyond just the certificate lifecycle management.  Relying on certificates to validate if the device is truly the company's devices, is all great and good, however, it still does not protect from the security unfortunate situations where the certificate is copied from your company's device to another on company's device and such device end up hopping on your network causing all sorts of damage... How do you combat that?  This is where our multi-factor monitoring and integration services come into play.

  • Imagine having a way to rely not just on certificate lifecycle management, but on other methods of validation to fortify your security, where our company can help you integrate your network with Cisco Identity Services solution and MDM solution such as Azure Microsoft Endpoint MDM that can manage compliance access through In-Tunes or JAMF and provide solid intelligence to Cisco ISE in regards to devices' compliance state.

Having a combination of both solutions side by side is like having brother and sister of network security and application security. 

Our company can help customers with their network security fortification, where we can help your organization deploy Cisco ISE, roll out certificates across multiple devices, turn on 802.1x on wired and wireless devices, on the WLC controller level as well as Cisco Switches or any other 802.1x supported switches.  We can help with deploying across the entire distributed environment, regardless if your company is national or multi-national.   

  • Think of Cisco ISE as a knight and shining armor who does not allow devices to hop on the network prior to devices validating themselves with ISE and MDM as truly trusted, based on the certificates that they contain or other types of posturing characteristics.    
  • Our company can also help customers move away from the traditional complex identity system and can help with integrating of Cisco ISE with Azure or other types of mult-factor IDPs.  This way you can log in across your routers, switches, and firewalls with the very same AD username and password, attached to the Microsoft Authenticator application or any other type of application that will recognize the user as a legitimate user and prompt the user on their phone to accept authentication request any time someone logs into your network.
  • Leveraging Cisco ISE for validating if the device that hops onto the network happens to be company's device, is dependent on not just certificates, but also on other characteristics such as if the devices have a CrowdStrike agent installed or if it has in-tunes installed, or if there is specific registry string that makes the device unique. 
  • Multiple levels of validation are often required to combat situations where a certificate is stolen and copied into another non-legitimate device. Our company has developed integration expertise specifically for different types of devices, where we leverage MDM solutions such as Azure Endpoint Manager In-Tunes to identify if the device that hops on the network doesn't just have a certificate, but also happens to be compliant with in-tunes.  If it is then we allow devices on the network.  

What exactly does our company offer for Multi Factor Identity Integration & Validation Services?

We offer CLM and PKI unified portal for your environment based on your infrastructure.

  • Meaning we get to create unified and centralized portal based on your devices, such as printers, phones, video conferencing systems, security systems, wireless devices, IOT devices etc...   
  • Within that portal you will be able to generate CSRs (certificate signing request for multiple devices).  You will be able to keep track of what team members renewed the certificates and how to renew them when one of your team members is no longer employed from compliance standpoint.
  • You will be able to view expiration dates for your certificates, schedule alerts for when certs will expire. 
  • You will be able to scan your network, and discover what devices you have on premise, we do this using SNMP, network subnet scan and other methods.
  • You will be able to see which devices fall out of compliance policy. (if you have standard to renew certs every 2 years) then we can show which devices all out of compliance.
  • You will be able to see inventory of devices, and either manually or automatically add/discover devices.
  • We will help you automate your CA signing process and your entire CLM process for your existing PKI.  The CLM portal will run across microservices scalable based architecture.  
  • We will help you integrate with other automation tools, ranging from Ansible, Chef, Puppet, Nornir, and others.
  • We can also integrate with your existing SIEM, or data analytics tool, whether it's Sumo Logic, Splunk or any other SIEM.
  • We can also integrate unified CLM and PKI portal with your existing ITSM, Service Now, Jira, or CMDB like Device 42 or others and fit the certificate lifecycle management process of your PKI into your company's workflow.
  • Our subject matter experts specializing in automation, security and development can put the solution together that fits customer needs based on your existing environment.

In addition, our company offers extenuation of our original CLM and PKI product offering for companies who would like to manage their Certificates Lifecycle process in combination with the PKI infrastructure and be able to have a centralized portal that allows customers to renew certificates in a single place vs jumping across different types of tools generating certificates and forgetting about them 3 years later only to result in outage. 

What kind of extenuation?

Multi Factor Identity Integration & Validation Services

  • Imagine in addition to taking control of your PKI and CLM needs, from the centralize portal without you having to generate certs with 100 different processes for different types of devices and applications and appliances, be able to actually use additional levels of validation.
  • Imagine being able to tell who is trusted and who is not with the help of intelligent Identity service engine?
  • Imagine being able to validate not only your devices that are trying to get onto your network physically, but also being able to validate your VPN/DTLS users connecting through major VPN appliances such as Zscaler, Pulse Secure, Cisco AnyConnect, FortiVPN or others.
  • Imagine being able to validate your users based on processes running on their pcs or file names or other attributes or characteristics.
  • Imagine being able to not only validate your users based on different types of attributes, but also being able to see which devices hop on your network that were not previously identified.
  • Imagine being able to see which new mac addresses showed up on your network regardless if they are wireless or wired or if they showed up through VPN.
  • Imagine being able to see which devices are in compliance and categorized as trusted device and which ones are most likely rogue.
  • Imagine being able to white list new mac-addresses or devices that are questionable and generate a ticket in Service Now.
  • Imagine being able to pass this information into ticketing systems, keeping security folks happy and leaving record trail.
  • Imagine being able to visualize graphically inventory of your trusted and not trusted devices geographically or using any other levels of grouping.
  • Imagine being able to view flow logs, ranging from Amazon CloudTrail, netflow and other data sources.
  • Imagine being able to have it all stitched together based on  your company's needs with the flexible logic that displays and visualizes everything for your Operation, Executive, and IT teams in a unified Tony Stark View.
  • Imagine being able to get notified if the device that hopped on the network meets certain characteristics, where such characteristics can be gathered from multiple security appliances and intelligence systems into your existing SIEM or specifically crafted unified tool that combines both Certificate Life Cycle Management of your PKI, mac address white listing functionality helping you determine what new device got on the network that wasn't recognized before and meets certain non-trustful characteristics. 

In addition to offering multi factor level of validation across either certificates or other validation characteristics also being able to visualize your entire environment in tools like New Relic,DataDog, LogicMonitor, SumoLogic, AppDynamics, Zenoss or Splunk, Solar Winds. 

  • Imagine being able to visualize your configuration changes on switches, routers or firewalls,  as well as changes within your infrastructure environment ranging from actual physical infrastructure as well as cloud, whether it's Kubernetes clusters or Serverless Microservices. 
  • Imagine being able to visualize business transactions as it pertains to generic health score of your entire application or business service, or being able to visualize unique business processes not just from metric standpoint, but from logs.  
  • Imagine being able to visualize distributed tracing patterns as users navigate through different types of business transactions and how overall health of your application depends on the infrastructure components, application components and other dependencies.
  • Imagine being able to visualize even complex recurring events that need to be factored into alerting, but require intelligent logic adjustment.
  • Imagine being able to suppress alerts and tackle seasonal type of data, in order to minimize risk of not being alerted when you needed vs when alert is not really needed.
  • Imagine being able to have predictive and forecasting monitoring that can combine previous cyclical data in combination with other factors that are relevant for your environment and be able to get alerted on that.
  • Imaging having different types of dashboards for compliance, operational level and many other levels, in combination with repots being sent to you or other team members helping your team minimize risk and look like a super hero.

Well with so many imaginative bullet points... described above, you do not have to imagine anymore. 

Simply reach out to our DBA Binary Fusion company tell us your use case and we'll hit the ground running supplementing your existing IT Staff with super charged monitoring and cyber security expertise, that can help your organization reduce risk and best of all tackle complicated tasks that otherwise would not be possible to tackle without a strong IT Security and Network/Application monitoring expertise.

When contacting us, simply let us know the use case you are working on, what you are trying to integrate, what you need monitored, how you are trying to integrate, what tools you already invested and need help with.  Or simply describe the challenge you are facing.  Our company is very agile and flexible in the way we conduct business.   If interested in our services feel free to reach out to us, so we can share with you some of our service offering demonstrations and see if we can do POC or POV for you.  

We work with financial organizations as our core expertise, but also service other types of industries ranging from real-estate, manufacturing, professional LLCs, accounting firms, health/medical dental, entertainment industries and other types of industries. 

 

Other Enterprise Monitoring Relevant Services that we offer

Industries We Service

 We also offer services for Health companies, medical, manufacturing and others.

Top Locations We service

We also have a presence nationally and globally.  Hence if you are outside any of these areas we can help you with your microservices and lambda monitoring needs