Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
2
Replies

Having lots of issues with Virus due to BYOD ,Contractor worker

Go to solution
Ibrahim Jamil
Level 6
Level 6

‎09-13-2018 03:02 AM

 

Hi overseas guys

 

Greeting

 

 Having lots of issues with Virus due to BYOD ,Contractor worker

 

How can i deal with that ,we recently got cisco ISE so how BYOD could be treated using ISE

 

pls help

 

 

Ibrahim


pls advise

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎09-13-2018 06:02 AM

If you’re worried about someone bringing in affected machine then require them to run the temporal agent

If they’re there long term and don’t want to load that everyday than have them install anyconnect posture

If this is too much or contractor doesn’t have Capability to run these then You can do more things additionally:

Segment them using SGT (from endpoint to endpoints and to appropriate systems) so they can not infect your other endpoints systems

deploy stealthwatch and integrate with ISE via pxgrid to watch to bad behavior and lock them down with rapid threat containment

Looks at Cisco overall portfolio to watch it all. AMP, Umbrella, and on

View solution in original post

0 Helpful

Go to solution
paul
Level 10
Level 10

‎09-13-2018 12:14 PM

As Jason said there are several options, but one of the main things you should be asking is "Why are we allowing contractors to connect to the network?".  If the contractor is a long term contractor then they should be given a company owned laptop or a VDI to do their work from.  A good VDI solution solves much of your issue.  If the contractor has specialized software installed on their laptop that can't be implemented in the VDI then you can allow them to VPN in and restrict their access to only the systems they need access to.  A contractor on their own equipment should never be given full access to the network in my opinion.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎09-13-2018 06:02 AM

If you’re worried about someone bringing in affected machine then require them to run the temporal agent

If they’re there long term and don’t want to load that everyday than have them install anyconnect posture

If this is too much or contractor doesn’t have Capability to run these then You can do more things additionally:

Segment them using SGT (from endpoint to endpoints and to appropriate systems) so they can not infect your other endpoints systems

deploy stealthwatch and integrate with ISE via pxgrid to watch to bad behavior and lock them down with rapid threat containment

Looks at Cisco overall portfolio to watch it all. AMP, Umbrella, and on
0 Helpful

Go to solution
paul
Level 10
Level 10

‎09-13-2018 12:14 PM

As Jason said there are several options, but one of the main things you should be asking is "Why are we allowing contractors to connect to the network?".  If the contractor is a long term contractor then they should be given a company owned laptop or a VDI to do their work from.  A good VDI solution solves much of your issue.  If the contractor has specialized software installed on their laptop that can't be implemented in the VDI then you can allow them to VPN in and restrict their access to only the systems they need access to.  A contractor on their own equipment should never be given full access to the network in my opinion.

0 Helpful
Customers Also Viewed These Support Documents