SlideShare a Scribd company logo

TechWiseTV Workshop: Cisco Identity Services Engine (ISE)

Robb Boyd
Robb Boyd

Learn how to use Cisco Identity Services Engine (ISE) to drive business agility while obliterating malware and data breaches. Resources: Watch the related TechWiseTV episode: http://cs.co/9003Dqkhz TechWiseTV: http://cs.co/9009DzrjN

Technology
1 of 41
Download to read offline
Ziad Sarieddine Security Policy and Access Technical Marketing July 18, 2018 Monitor, Mitigate and Respond Redefine Your Network Security Architecture with ISE
The role of IT is more demanding than ever New IT paradigms Evolving security challenges Growing system complexity
The need of the hour... z Reacts to business needs and understands business roles Embraces the cloud, mobility, IoT, BYOD, and digitization Provides network visibility and security without sacrificing agility Achieves dynamic and adaptive network segmentation Is to have a network and security infrastructure that,
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential ISE connects trusted users and devices with trusted services Identity Services Engine (ISE): a centralized security solution that automates context-aware access Trusted Device Groups Trusted App/Services Trusted Group Partners Cloud App A Cloud App B Server A Server B Trusted Asset Trusted Group Partners Public/PrivateCloud Policy Enforcement Cloud On Prem Enforcement on every PIN on Premise Destination Source
Cisco DNA Center Cisco DNA Center Cisco DNA™ Center: Simple workflows Design Provision PolicyAssurance Software-Defined Access APIC-EMNetwork data platform Identity Services Engine Wireless access points Wireless LAN controllers SwitchesRouters
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Visibility ISE profiling, IOT and Contextual data sharing
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Any Threats from it? Is there a Malware? What is it accessing? The visibility problem Where is it located?Is it Vulnerable? MAC ADDRESS: 00-05-01-AA-E1-FF IP ADDRESS: 192.168.2.101 Who owns that device? What device is it? How to run the network with so many unknowns?
Visibility: ISE Profiling Feed Service (Online/Offline) Netflow DHCP DNS HTTP RADIUS NMAP SNMP CDP LLDP DHCP HTTP H323 SIP MDNS ACTIVE PROBES DEVICE SENSOR 1.5 million 1000 + 260+ devices with ‘50’ attributes each can be stored High-level canned profiles. +Periodic feeds Medical device profiles Cisco ISE Cisco Netw ork
Users •Name •Username •contact •Role •Permissions/rights Device •Type •Ownership •Compliance / Posture Location •Physical •Logical •MSE Integration Connectivity •Medium (Wired / Wireless / VPN) •Network Access Devices •State (Active Session) Time •Time of day •Day of Week •Connection duration Behavior •Historical (Now and before) •Was the device doing expected vs. Unexpected? Application and Services •Applications installed, running, allowed •Services and Processes Vulnerability •CVE, CVSS scores •Vulnerably scanfrom 3rd party scanners Threat •Malware / STIX •Fidelity •Spoofing ISE Visibility Attributes Collected
Visibility based on Vulnerability Integration with Vulnerability Scanners
Visibility based on Threat Threat Endpoints based on Incident and Indicators
New IOT Focus 3 major Pillars Healthcare System Manufacturing Building Automation • Biomed • Radiology • Instrumentation • POS • etc. • HVAC • Surveillance Camera • Refrigerator • Elevators • Fire Alarms • PLCs • HMIs • SCADA Servers • Historian • etc.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential New and Updated IoT Profile Libraries • Automation and Control • Industrial / Manufacturing • Building Automation • Power / Lighting • Transportation / Logistics • Financial (ATM, Vending, PoS, eCommerce) • IP Camera / Audio-Video / Surveillance and Access Control • Other (Defense, HVAC, Elevators, etc) • Windows Embedded • Medical NAC Profile Library – Updated Auto-detectand classifyAutomation and Control endpoints 2.4
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 600+ Automation and Control Profiles 2.4
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Windows Embedded Profiles CommonOS implemented for IoT Devices 2.4
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Endpoint Profiles in the Communities https://communities.cisco.com/tags/ise-endpoint-profile
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Manufacturing floor – Cell Area Zones Devices(process focused) Controller devices Human machine interface IND Asset Identity Device: PLC Vendor: Rockwell Model: CompactLogix Serial: 236456PTX Firmware: 12.3 SE
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential IND and ISE Integration – Bringing OT Visibility into ISE Enterprise Zone IE 5000s Industrial Zone Level 3 Industrial DMZ Enterprise Zone Levels 4 and 5 ISA 3000 IE 1000 IE 4010 Cell Area Zone Levels 0–2 PLC IO Drive HMI NGFW Stealthwatch IND ISE Asset Identity Dev ice: PLC Vendor: Rockwell Model: CompactLogix Serial: 236456PTX Firmware: 12.3 SE User Identity pxGrid Subscribe pxGrid Subscribe Netflow pxGrid Publish Internet Cloud 2.4
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential pxGrid “Context In” for IND Profiler Attributes • MAC Address • IP Address • iotAssetDeviceType • iotAssetProductCode • iotAssetProductName • iotAssetRetrievedFrom • iotAssetSerialNumber • iotAssetTrustLevel • iotAssetVendorName • iotAssetVendorID • iotAssetSwRevision • iotAssetHwRevision • iotAssetProtocol • iotAssetBusinessOwner • iotAssetLocation • iotAssetTag IND • MAC Address • IP Address • iotAssetDeviceType • iotAssetProductCode • iotAssetProductName • iotAssetRetrievedFrom • iotAssetSerialNumber • iotAssetTrustLevel • iotAssetVendorName • iotAssetVendorID • iotAssetSwRevision • iotAssetHwRevision • iotAssetProtocol • iotAssetBusinessOwner • iotAssetLocation • iotAssetTag • IND communicateswith Industrial Switchesand SecurityDevices and collects detailed informationabout the connectedmanufacturingdevices. • IND vX adds pxGridPublisher interface to communicateIoT attributesto ISE. pxGrid Controller Publisher Subscriber ISE
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DEMO | ISE Visibility
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ISE integration with IND – Use Case Simplified RBAC for Remote Maintenance IND ISE Context-In ISA 3000SXP SGFW Manufacturer X Controllers Field Engineer Maintenance From Manufacturer X Manufacturer Y Controllers Level 1~3 Level 1~2 DMZ 70+ Cisco and Ecosystem Partner Integrations Context-Out Open MAB (Monitor Only/Full Access) on IE switches tracks session/SGT IND gathers detailed inventory of Industrial Devices. Publishes the information via PxGrid to ISE
Context build, summarize, exchange Directory Services Vulnerability Scanners System managers Threat Intelligence Mobility Services Engine Mobile Device Managers ENDPOINTS CISCO ISE Visibility and Access Control ISE builds context and applies access control restrictions to users and devices Context Reuse by eco-system partners for analysis & control Security Group Who What When Where How Posture Threat Vulnerability  STEALTHWATCH FIREPOWER SERVICES WEB SECURITY + 3rd PARTY PARTNERS • pxGrid • REST API • Syslog
Firewall & Access Control Vulnerability Assessment Packet Capture & Forensics SIEM UEBA Threat Defense IAM & SSO Cisco ISE & pxGrid 80+ Partner integrations & Growing Net/App Performance IoT Security MDM Cisco WSA Cloud Access Security Cisco FirePower Cisco StealthWatch Rapid Threat Containment (RTC) DDI ? ISE PxGrid Growing Partner Ecosystem Benefits Improve Response Enhance Controls Simplify operations Deception Application
ISE PxGrid Ecosystem Sharing Contextual data with Stealthwatch pxGrid Real-time visibility at all networklayers • Data Intelligence throughout network • Assets discovery • Network profile • Security policy monitoring • Anomaly detection • Accelerated incident response Cisco ISE Mitigation Action Context Information NetFlow Cisco Stealthwatch
Cisco ISE Mitigation Action Context Information Splunk ISE PxGrid Ecosystem Sharing Contextual data with Splunk
Context based ‘Web filtering’ With Cisco WebSecurityAppliance (WSA) and Identity Service Engine (ISE) Who: Doctor What: Laptop Where: Office Who: Doctor What: iPad Where: Office Who: Guest What: iPad Where: Office Enterprise Backbone Internet W ww Web Security Appliance PxGRIDRADIUS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Policy Simplification ISE + DNA integration
How do you define your policy goals? What are your priorities? Business Intent? Compliance? Risk Reduction? Asset protection?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential How do you define your policy goals? • Segregate clinical devices in IT infra without disrupting current healthcare application flow • Disarm policy in case of emergency to ensure patient safety Healthcare • Ensure manufacture engineer performs remote maintenance securely for their devices only • Permit only intended communication from ICS devices in the manufacturing lines Manufacturing • Control access to regulated apps, simplify audit & compliance, accelerate security policy provisioning for new server Financial • Scope reduction for PCI compliance, protecting sensitive information from other connected devices Retail
ISE and DNA-C Integration PolicyAutomation and better usability Campus Fabric Authentication Authorization Policies Fabric Management Policy Authoring Workflows Groups and Policies pxGrid REST APIs Cisco Identity Services Engine Cisco DNA Center
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ISE-PAN ISE-PXG ISE-MNT ISE-PSN DNA-Center Employee VN/SGT-10If then Contractor VN/SGT-20If then Things VN/SGT-30If then Authorization Policy Exchange Topics TrustSecMetaData SessionDirectory* SGT Name: Employee = SGT-10 SGT Name: Contractor = SGT-20 ... Bob w ith Win10 on CorpSSID * - Not used today Network DevicesEndpoints REST pxGrid Admin/Operate Config Sync Context DNA-C knows all PSN IPs ISE and DNA-C Integration ISE and DNAC Node communication
SDA policy workflow Employees Contractors Production Development Source Destination FABRIC NODES Contract CISCO DNA CENTER CISCO ISE FABRIC POLICIES PERMIT Employees Production Employees Production API POLICY DOWNLOAD
ISE DEFCON Activate up-to 5 Failsafe Policies on Cloud and Premise Networks Destination LoB1Employee LoB2Employee Partner1 Partner2 PCIServer SharedApps LoB1Apps LoB2Apps Source LoB 1 Employee LoB 2 Employee Partner 1 Partner 2 POS Terminal Destination LoB1Employee LoB2Employee Partner1 Partner2 PCIServer SharedApps LoB1Apps LoB2Apps Source LoB 1 Employee LoB 2 Employee Partner 1 Partner 2 POS Terminal DEFCON3 Policy Stops Lateral Movement Multiple levels of “failsafe” policy setsStandard Policy 5 4 3 2 1 DEFCON
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Host Isolation to block Lateral Movement deny icmp deny udp employee employee eq domain deny tcp employee employee eq 3389 deny tcp employee employee eq 1433 deny tcp employee employee eq 1521 deny tcp employee employee eq 445 deny tcp employee employee eq 137 deny tcp employee employee eq 138 deny tcp employee employee eq 139 deny udp employee employee eq snmp deny tcp employee employee eq telnet deny tcp employee employee eq www deny tcp employee employee eq 443 deny tcp employee employee eq 22 deny tcp employee employee eq pop3 deny tcp employee employee eq 123 Employee Employee Supplier Quarantine Shared Server Server High Risk Segment Internet Block Lateral Movement & Privilege Escalation
Security Group Based Access Control for Firewalls Security Group Firewall (SGFW) 35 Source Tags Destination Tags
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Threat Containment
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Get Ahead of Threats with a Growing Intelligence Ecosystem Threat-Centric NAC Enhancements Quarantine and remediation Dynamic policy changes Cisco ISE NEW AMP CTA NEW 5 100 1 2 3 6 7 8 94 Common Vulnerability Scoring System (CVSS) CatastrophicUnknown Insignificant Distracting Painful Damaging STIX Framework Standardized Reporting With the 2.2 release, ISE now takes in threat intelligence from Tenable, Rapid7 and Cisco Cognitive Threat Analytics (CTA). These new solutions enhance posture assessment with a broader range of threat-incident intelligence. • Supports third-party vulnerability and threat data sources on an open platform • Automates CoA based on vulnerability intelligence • Supplements existing ISE reporting with easy- to-read STIX and CVSS-based reports • Decreases the time to threat remediation and supports dynamic policy changes Broader threat insight Apply multiple vulnerability data sources Expanded coverage Leverage an open platform and standards-based framew ork Fast remediation Update policy dynamically to prevent or change access NEW
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public BENEFITS 38DEVNET-1010 Cisco pxGrid – Context-Sharing & Network Mitigation Connecting Partners & Cisco Security Platforms, Connecting Partners-to-Partners ISE Makes Customer IT Platforms User/Identity, Device and Network Aware ISE Shares User/Device & Network Context with IT Infrastructure 1 ISE ECO-PARTNER CONTEXT Puts “Who, What Device, What Access” w ith Events. Way Better than Just IP Addresses! Make ISE a Better Network Policy Platform for Customers ISE Receives Context from Eco-Partners to Make Better Network Access Policy 2 ISE ECO-PARTNER Creates a Single Place for Comprehensive Netw ork Access Policy thru Integration CONTEXT 3 Help Customer IT Environments Reach into the Cisco Network ECO-PARTNER ISE CISCO NETWORK MITIGATE Decreases Time, Effort and Cost to Responding to Security and Netw ork Events ACTION
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Context based Threat Detection & Containment Employee Employee Supplier Quarantine Shared Server Server High Risk Segment Internet Lancope StealthWatch Or Firepower Event: TCP SYN Scan Source IP: 10.4.51.5 Role: Supplier Response: Quarantine ISE Change Authorization Quarantine Network Fabric W ww
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DEMO | Solution Demo
Thank you for watching.

Recommended

Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseRobb Boyd
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...Robb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsRobb Boyd
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6Robb Boyd
 
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...Robb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6Robb Boyd
 
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesTechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesRobb Boyd
 
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security Robb Boyd
 

Recommended

Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseRobb Boyd
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...
TechWiseTV Workshop - Q&A - Cisco Catalyst 9600: Deep Dive and Design Conside...Robb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsRobb Boyd
 
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop - Q&A - Cisco Catalyst 9100 Access Points for Wi-Fi 6Robb Boyd
 
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...
TechWiseTV Workshop - Q&A - Application Hosting on the Cisco Catalyst 9000 Sw...Robb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6Robb Boyd
 
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesTechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesRobb Boyd
 
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security
TechWiseTV Workshop 314 - Q&A Cisco SD-WAN Security Robb Boyd
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesRobb Boyd
 
The Enhanced Cisco Container Platform
The Enhanced Cisco Container PlatformThe Enhanced Cisco Container Platform
The Enhanced Cisco Container PlatformRobb Boyd
 
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlexTechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlexRobb Boyd
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityRobb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerRobb Boyd
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudRobb Boyd
 
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsIncredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsRobb Boyd
 
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleInfrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleRobb Boyd
 
TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200Robb Boyd
 
TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200Robb Boyd
 
TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000 TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000 Robb Boyd
 
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudRobb Boyd
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANRobb Boyd
 
TechWiseTV Workshop: Extending Intent-Based Networking to IoT
TechWiseTV Workshop: Extending Intent-Based Networking to IoTTechWiseTV Workshop: Extending Intent-Based Networking to IoT
TechWiseTV Workshop: Extending Intent-Based Networking to IoTRobb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...Robb Boyd
 
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google CloudRobb Boyd
 
Software Subscription for Enterprise Routing
Software Subscription for Enterprise RoutingSoftware Subscription for Enterprise Routing
Software Subscription for Enterprise RoutingRobb Boyd
 
TechWiseTV Workshop: Q&A HyperFlex 3.0
TechWiseTV Workshop: Q&A HyperFlex 3.0TechWiseTV Workshop: Q&A HyperFlex 3.0
TechWiseTV Workshop: Q&A HyperFlex 3.0Robb Boyd
 
TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture
TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture
TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture Robb Boyd
 
TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0Robb Boyd
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

More Related Content

More from Robb Boyd

Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesRobb Boyd
 
The Enhanced Cisco Container Platform
The Enhanced Cisco Container PlatformThe Enhanced Cisco Container Platform
The Enhanced Cisco Container PlatformRobb Boyd
 
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlexTechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlexRobb Boyd
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityRobb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerRobb Boyd
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudRobb Boyd
 
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsIncredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsRobb Boyd
 
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleInfrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleRobb Boyd
 
TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200Robb Boyd
 
TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200Robb Boyd
 
TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000 TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000 Robb Boyd
 
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudRobb Boyd
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANRobb Boyd
 
TechWiseTV Workshop: Extending Intent-Based Networking to IoT
TechWiseTV Workshop: Extending Intent-Based Networking to IoTTechWiseTV Workshop: Extending Intent-Based Networking to IoT
TechWiseTV Workshop: Extending Intent-Based Networking to IoTRobb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...Robb Boyd
 
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google CloudRobb Boyd
 
Software Subscription for Enterprise Routing
Software Subscription for Enterprise RoutingSoftware Subscription for Enterprise Routing
Software Subscription for Enterprise RoutingRobb Boyd
 
TechWiseTV Workshop: Q&A HyperFlex 3.0
TechWiseTV Workshop: Q&A HyperFlex 3.0TechWiseTV Workshop: Q&A HyperFlex 3.0
TechWiseTV Workshop: Q&A HyperFlex 3.0Robb Boyd
 
TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture
TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture
TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture Robb Boyd
 
TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0Robb Boyd
 

More from Robb Boyd (20)

Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
 
The Enhanced Cisco Container Platform
The Enhanced Cisco Container PlatformThe Enhanced Cisco Container Platform
The Enhanced Cisco Container Platform
 
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlexTechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
TechWiseTV Workshop: Improving Performance and Agility with Cisco HyperFlex
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN Security
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
 
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsIncredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
 
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at ScaleInfrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
Infrastructure Solutions for Deploying AI/ML/DL Workloads at Scale
 
TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200TechWiseTV Workshop Q&A: Cisco UCS C4200
TechWiseTV Workshop Q&A: Cisco UCS C4200
 
TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200TechWiseTV Workshop: Cisco UCS C4200
TechWiseTV Workshop: Cisco UCS C4200
 
TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000 TechWiseTV Workshop: ASR 9000
TechWiseTV Workshop: ASR 9000
 
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Q&A Cisco Hybrid Cloud Platform for Google Cloud
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WAN
 
TechWiseTV Workshop: Extending Intent-Based Networking to IoT
TechWiseTV Workshop: Extending Intent-Based Networking to IoTTechWiseTV Workshop: Extending Intent-Based Networking to IoT
TechWiseTV Workshop: Extending Intent-Based Networking to IoT
 
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...
 
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google CloudTechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
TechWiseTV Workshop: Cisco Hybrid Cloud Platform for Google Cloud
 
Software Subscription for Enterprise Routing
Software Subscription for Enterprise RoutingSoftware Subscription for Enterprise Routing
Software Subscription for Enterprise Routing
 
TechWiseTV Workshop: Q&A HyperFlex 3.0
TechWiseTV Workshop: Q&A HyperFlex 3.0TechWiseTV Workshop: Q&A HyperFlex 3.0
TechWiseTV Workshop: Q&A HyperFlex 3.0
 
TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture
TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture
TechWiseTV Workshop: Cisco Aironet 4800 Access Point with Intelligent Capture
 
TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0TechWiseTV Workshop: HyperFlex 3.0
TechWiseTV Workshop: HyperFlex 3.0
 

Recently uploaded

Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Recently uploaded (20)

Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

TechWiseTV Workshop: Cisco Identity Services Engine (ISE)

  • 1. Ziad Sarieddine Security Policy and Access Technical Marketing July 18, 2018 Monitor, Mitigate and Respond Redefine Your Network Security Architecture with ISE
  • 2. The role of IT is more demanding than ever New IT paradigms Evolving security challenges Growing system complexity
  • 3. The need of the hour... z Reacts to business needs and understands business roles Embraces the cloud, mobility, IoT, BYOD, and digitization Provides network visibility and security without sacrificing agility Achieves dynamic and adaptive network segmentation Is to have a network and security infrastructure that,
  • 4. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential ISE connects trusted users and devices with trusted services Identity Services Engine (ISE): a centralized security solution that automates context-aware access Trusted Device Groups Trusted App/Services Trusted Group Partners Cloud App A Cloud App B Server A Server B Trusted Asset Trusted Group Partners Public/PrivateCloud Policy Enforcement Cloud On Prem Enforcement on every PIN on Premise Destination Source
  • 5. Cisco DNA Center Cisco DNA Center Cisco DNA™ Center: Simple workflows Design Provision PolicyAssurance Software-Defined Access APIC-EMNetwork data platform Identity Services Engine Wireless access points Wireless LAN controllers SwitchesRouters
  • 6. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Visibility ISE profiling, IOT and Contextual data sharing
  • 7. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Any Threats from it? Is there a Malware? What is it accessing? The visibility problem Where is it located?Is it Vulnerable? MAC ADDRESS: 00-05-01-AA-E1-FF IP ADDRESS: 192.168.2.101 Who owns that device? What device is it? How to run the network with so many unknowns?
  • 8. Visibility: ISE Profiling Feed Service (Online/Offline) Netflow DHCP DNS HTTP RADIUS NMAP SNMP CDP LLDP DHCP HTTP H323 SIP MDNS ACTIVE PROBES DEVICE SENSOR 1.5 million 1000 + 260+ devices with ‘50’ attributes each can be stored High-level canned profiles. +Periodic feeds Medical device profiles Cisco ISE Cisco Netw ork
  • 9. Users •Name •Username •contact •Role •Permissions/rights Device •Type •Ownership •Compliance / Posture Location •Physical •Logical •MSE Integration Connectivity •Medium (Wired / Wireless / VPN) •Network Access Devices •State (Active Session) Time •Time of day •Day of Week •Connection duration Behavior •Historical (Now and before) •Was the device doing expected vs. Unexpected? Application and Services •Applications installed, running, allowed •Services and Processes Vulnerability •CVE, CVSS scores •Vulnerably scanfrom 3rd party scanners Threat •Malware / STIX •Fidelity •Spoofing ISE Visibility Attributes Collected
  • 10. Visibility based on Vulnerability Integration with Vulnerability Scanners
  • 11. Visibility based on Threat Threat Endpoints based on Incident and Indicators
  • 12. New IOT Focus 3 major Pillars Healthcare System Manufacturing Building Automation • Biomed • Radiology • Instrumentation • POS • etc. • HVAC • Surveillance Camera • Refrigerator • Elevators • Fire Alarms • PLCs • HMIs • SCADA Servers • Historian • etc.
  • 13. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential New and Updated IoT Profile Libraries • Automation and Control • Industrial / Manufacturing • Building Automation • Power / Lighting • Transportation / Logistics • Financial (ATM, Vending, PoS, eCommerce) • IP Camera / Audio-Video / Surveillance and Access Control • Other (Defense, HVAC, Elevators, etc) • Windows Embedded • Medical NAC Profile Library – Updated Auto-detectand classifyAutomation and Control endpoints 2.4
  • 14. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 600+ Automation and Control Profiles 2.4
  • 15. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Windows Embedded Profiles CommonOS implemented for IoT Devices 2.4
  • 16. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Endpoint Profiles in the Communities https://communities.cisco.com/tags/ise-endpoint-profile
  • 17. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Manufacturing floor – Cell Area Zones Devices(process focused) Controller devices Human machine interface IND Asset Identity Device: PLC Vendor: Rockwell Model: CompactLogix Serial: 236456PTX Firmware: 12.3 SE
  • 18. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential IND and ISE Integration – Bringing OT Visibility into ISE Enterprise Zone IE 5000s Industrial Zone Level 3 Industrial DMZ Enterprise Zone Levels 4 and 5 ISA 3000 IE 1000 IE 4010 Cell Area Zone Levels 0–2 PLC IO Drive HMI NGFW Stealthwatch IND ISE Asset Identity Dev ice: PLC Vendor: Rockwell Model: CompactLogix Serial: 236456PTX Firmware: 12.3 SE User Identity pxGrid Subscribe pxGrid Subscribe Netflow pxGrid Publish Internet Cloud 2.4
  • 19. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential pxGrid “Context In” for IND Profiler Attributes • MAC Address • IP Address • iotAssetDeviceType • iotAssetProductCode • iotAssetProductName • iotAssetRetrievedFrom • iotAssetSerialNumber • iotAssetTrustLevel • iotAssetVendorName • iotAssetVendorID • iotAssetSwRevision • iotAssetHwRevision • iotAssetProtocol • iotAssetBusinessOwner • iotAssetLocation • iotAssetTag IND • MAC Address • IP Address • iotAssetDeviceType • iotAssetProductCode • iotAssetProductName • iotAssetRetrievedFrom • iotAssetSerialNumber • iotAssetTrustLevel • iotAssetVendorName • iotAssetVendorID • iotAssetSwRevision • iotAssetHwRevision • iotAssetProtocol • iotAssetBusinessOwner • iotAssetLocation • iotAssetTag • IND communicateswith Industrial Switchesand SecurityDevices and collects detailed informationabout the connectedmanufacturingdevices. • IND vX adds pxGridPublisher interface to communicateIoT attributesto ISE. pxGrid Controller Publisher Subscriber ISE
  • 20. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DEMO | ISE Visibility
  • 21. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ISE integration with IND – Use Case Simplified RBAC for Remote Maintenance IND ISE Context-In ISA 3000SXP SGFW Manufacturer X Controllers Field Engineer Maintenance From Manufacturer X Manufacturer Y Controllers Level 1~3 Level 1~2 DMZ 70+ Cisco and Ecosystem Partner Integrations Context-Out Open MAB (Monitor Only/Full Access) on IE switches tracks session/SGT IND gathers detailed inventory of Industrial Devices. Publishes the information via PxGrid to ISE
  • 22. Context build, summarize, exchange Directory Services Vulnerability Scanners System managers Threat Intelligence Mobility Services Engine Mobile Device Managers ENDPOINTS CISCO ISE Visibility and Access Control ISE builds context and applies access control restrictions to users and devices Context Reuse by eco-system partners for analysis & control Security Group Who What When Where How Posture Threat Vulnerability  STEALTHWATCH FIREPOWER SERVICES WEB SECURITY + 3rd PARTY PARTNERS • pxGrid • REST API • Syslog
  • 23. Firewall & Access Control Vulnerability Assessment Packet Capture & Forensics SIEM UEBA Threat Defense IAM & SSO Cisco ISE & pxGrid 80+ Partner integrations & Growing Net/App Performance IoT Security MDM Cisco WSA Cloud Access Security Cisco FirePower Cisco StealthWatch Rapid Threat Containment (RTC) DDI ? ISE PxGrid Growing Partner Ecosystem Benefits Improve Response Enhance Controls Simplify operations Deception Application
  • 24. ISE PxGrid Ecosystem Sharing Contextual data with Stealthwatch pxGrid Real-time visibility at all networklayers • Data Intelligence throughout network • Assets discovery • Network profile • Security policy monitoring • Anomaly detection • Accelerated incident response Cisco ISE Mitigation Action Context Information NetFlow Cisco Stealthwatch
  • 25. Cisco ISE Mitigation Action Context Information Splunk ISE PxGrid Ecosystem Sharing Contextual data with Splunk
  • 26. Context based ‘Web filtering’ With Cisco WebSecurityAppliance (WSA) and Identity Service Engine (ISE) Who: Doctor What: Laptop Where: Office Who: Doctor What: iPad Where: Office Who: Guest What: iPad Where: Office Enterprise Backbone Internet W ww Web Security Appliance PxGRIDRADIUS
  • 27. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Policy Simplification ISE + DNA integration
  • 28. How do you define your policy goals? What are your priorities? Business Intent? Compliance? Risk Reduction? Asset protection?
  • 29. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential How do you define your policy goals? • Segregate clinical devices in IT infra without disrupting current healthcare application flow • Disarm policy in case of emergency to ensure patient safety Healthcare • Ensure manufacture engineer performs remote maintenance securely for their devices only • Permit only intended communication from ICS devices in the manufacturing lines Manufacturing • Control access to regulated apps, simplify audit & compliance, accelerate security policy provisioning for new server Financial • Scope reduction for PCI compliance, protecting sensitive information from other connected devices Retail
  • 30. ISE and DNA-C Integration PolicyAutomation and better usability Campus Fabric Authentication Authorization Policies Fabric Management Policy Authoring Workflows Groups and Policies pxGrid REST APIs Cisco Identity Services Engine Cisco DNA Center
  • 31. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ISE-PAN ISE-PXG ISE-MNT ISE-PSN DNA-Center Employee VN/SGT-10If then Contractor VN/SGT-20If then Things VN/SGT-30If then Authorization Policy Exchange Topics TrustSecMetaData SessionDirectory* SGT Name: Employee = SGT-10 SGT Name: Contractor = SGT-20 ... Bob w ith Win10 on CorpSSID * - Not used today Network DevicesEndpoints REST pxGrid Admin/Operate Config Sync Context DNA-C knows all PSN IPs ISE and DNA-C Integration ISE and DNAC Node communication
  • 32. SDA policy workflow Employees Contractors Production Development Source Destination FABRIC NODES Contract CISCO DNA CENTER CISCO ISE FABRIC POLICIES PERMIT Employees Production Employees Production API POLICY DOWNLOAD
  • 33. ISE DEFCON Activate up-to 5 Failsafe Policies on Cloud and Premise Networks Destination LoB1Employee LoB2Employee Partner1 Partner2 PCIServer SharedApps LoB1Apps LoB2Apps Source LoB 1 Employee LoB 2 Employee Partner 1 Partner 2 POS Terminal Destination LoB1Employee LoB2Employee Partner1 Partner2 PCIServer SharedApps LoB1Apps LoB2Apps Source LoB 1 Employee LoB 2 Employee Partner 1 Partner 2 POS Terminal DEFCON3 Policy Stops Lateral Movement Multiple levels of “failsafe” policy setsStandard Policy 5 4 3 2 1 DEFCON
  • 34. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Host Isolation to block Lateral Movement deny icmp deny udp employee employee eq domain deny tcp employee employee eq 3389 deny tcp employee employee eq 1433 deny tcp employee employee eq 1521 deny tcp employee employee eq 445 deny tcp employee employee eq 137 deny tcp employee employee eq 138 deny tcp employee employee eq 139 deny udp employee employee eq snmp deny tcp employee employee eq telnet deny tcp employee employee eq www deny tcp employee employee eq 443 deny tcp employee employee eq 22 deny tcp employee employee eq pop3 deny tcp employee employee eq 123 Employee Employee Supplier Quarantine Shared Server Server High Risk Segment Internet Block Lateral Movement & Privilege Escalation
  • 35. Security Group Based Access Control for Firewalls Security Group Firewall (SGFW) 35 Source Tags Destination Tags
  • 36. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Threat Containment
  • 37. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Get Ahead of Threats with a Growing Intelligence Ecosystem Threat-Centric NAC Enhancements Quarantine and remediation Dynamic policy changes Cisco ISE NEW AMP CTA NEW 5 100 1 2 3 6 7 8 94 Common Vulnerability Scoring System (CVSS) CatastrophicUnknown Insignificant Distracting Painful Damaging STIX Framework Standardized Reporting With the 2.2 release, ISE now takes in threat intelligence from Tenable, Rapid7 and Cisco Cognitive Threat Analytics (CTA). These new solutions enhance posture assessment with a broader range of threat-incident intelligence. • Supports third-party vulnerability and threat data sources on an open platform • Automates CoA based on vulnerability intelligence • Supplements existing ISE reporting with easy- to-read STIX and CVSS-based reports • Decreases the time to threat remediation and supports dynamic policy changes Broader threat insight Apply multiple vulnerability data sources Expanded coverage Leverage an open platform and standards-based framew ork Fast remediation Update policy dynamically to prevent or change access NEW
  • 38. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public BENEFITS 38DEVNET-1010 Cisco pxGrid – Context-Sharing & Network Mitigation Connecting Partners & Cisco Security Platforms, Connecting Partners-to-Partners ISE Makes Customer IT Platforms User/Identity, Device and Network Aware ISE Shares User/Device & Network Context with IT Infrastructure 1 ISE ECO-PARTNER CONTEXT Puts “Who, What Device, What Access” w ith Events. Way Better than Just IP Addresses! Make ISE a Better Network Policy Platform for Customers ISE Receives Context from Eco-Partners to Make Better Network Access Policy 2 ISE ECO-PARTNER Creates a Single Place for Comprehensive Netw ork Access Policy thru Integration CONTEXT 3 Help Customer IT Environments Reach into the Cisco Network ECO-PARTNER ISE CISCO NETWORK MITIGATE Decreases Time, Effort and Cost to Responding to Security and Netw ork Events ACTION
  • 39. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Context based Threat Detection & Containment Employee Employee Supplier Quarantine Shared Server Server High Risk Segment Internet Lancope StealthWatch Or Firepower Event: TCP SYN Scan Source IP: 10.4.51.5 Role: Supplier Response: Quarantine ISE Change Authorization Quarantine Network Fabric W ww
  • 40. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DEMO | Solution Demo
  • 41. Thank you for watching.