Learn how to use Cisco Identity Services Engine (ISE) to drive business agility while obliterating malware and data breaches.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9003Dqkhz
TechWiseTV: http://cs.co/9009DzrjN
1. Ziad Sarieddine
Security Policy and Access Technical Marketing
July 18, 2018
Monitor, Mitigate and Respond
Redefine Your Network Security
Architecture with ISE
2. The role of IT is more demanding than ever
New IT paradigms
Evolving security challenges
Growing system complexity
3. The need of the hour...
z
Reacts to business
needs and understands
business roles
Embraces the cloud,
mobility, IoT, BYOD,
and digitization
Provides network visibility
and security without
sacrificing agility
Achieves dynamic and
adaptive network
segmentation
Is to have a network and security infrastructure that,
5. Cisco DNA Center
Cisco DNA Center
Cisco DNA™ Center:
Simple workflows
Design Provision
PolicyAssurance
Software-Defined Access
APIC-EMNetwork data platform Identity Services Engine
Wireless
access points
Wireless
LAN controllers
SwitchesRouters
8. Visibility: ISE Profiling
Feed Service
(Online/Offline)
Netflow DHCP DNS HTTP RADIUS NMAP SNMP
CDP LLDP DHCP HTTP H323 SIP MDNS
ACTIVE PROBES
DEVICE SENSOR
1.5
million
1000
+
260+
devices with ‘50’ attributes
each can be stored
High-level canned
profiles. +Periodic feeds
Medical device profiles
Cisco ISE
Cisco Netw ork
9. Users
•Name
•Username
•contact
•Role
•Permissions/rights
Device
•Type
•Ownership
•Compliance / Posture
Location
•Physical
•Logical
•MSE Integration
Connectivity
•Medium (Wired /
Wireless / VPN)
•Network Access
Devices
•State (Active Session)
Time
•Time of day
•Day of Week
•Connection duration
Behavior
•Historical (Now and
before)
•Was the device doing
expected vs.
Unexpected?
Application and
Services
•Applications installed,
running, allowed
•Services and
Processes
Vulnerability
•CVE, CVSS scores
•Vulnerably scanfrom
3rd party scanners
Threat
•Malware / STIX
•Fidelity
•Spoofing
ISE Visibility
Attributes Collected
11. Visibility based on Threat
Threat Endpoints based on Incident and Indicators
12. New IOT Focus
3 major Pillars
Healthcare System Manufacturing Building Automation
• Biomed
• Radiology
• Instrumentation
• POS
• etc.
• HVAC
• Surveillance Camera
• Refrigerator
• Elevators
• Fire Alarms
• PLCs
• HMIs
• SCADA Servers
• Historian
• etc.
22. Context build, summarize, exchange
Directory
Services
Vulnerability
Scanners
System
managers
Threat
Intelligence
Mobility
Services Engine
Mobile Device
Managers
ENDPOINTS
CISCO ISE
Visibility and Access Control
ISE builds context and applies access control restrictions to users and devices
Context Reuse
by eco-system partners for analysis & control
Security Group
Who
What
When
Where
How
Posture
Threat
Vulnerability
STEALTHWATCH
FIREPOWER SERVICES
WEB SECURITY
+ 3rd PARTY PARTNERS
• pxGrid
• REST API
• Syslog
26. Context based ‘Web filtering’
With Cisco WebSecurityAppliance (WSA) and Identity Service Engine (ISE)
Who: Doctor
What: Laptop
Where: Office
Who: Doctor
What: iPad
Where: Office
Who: Guest
What: iPad
Where: Office
Enterprise
Backbone
Internet
W ww
Web
Security
Appliance
PxGRIDRADIUS
30. ISE and DNA-C Integration
PolicyAutomation and better usability
Campus Fabric
Authentication
Authorization
Policies
Fabric
Management
Policy
Authoring
Workflows
Groups and
Policies
pxGrid
REST APIs
Cisco Identity Services Engine
Cisco DNA Center
32. SDA policy workflow
Employees Contractors Production Development
Source Destination
FABRIC NODES
Contract
CISCO
DNA CENTER
CISCO ISE
FABRIC POLICIES
PERMIT
Employees Production
Employees Production
API
POLICY DOWNLOAD