Upload
franz-mejorada-ccie
View
214
Download
0
Embed Size (px)
Citation preview
7/27/2019 at_a_glance_c45-728402
http://slidepdf.com/reader/full/ataglancec45-728402 1/2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.Third-party trademarks mentioned are the property of t heir respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
At-A-Glance
Overview
Increased complexity in network environments has driven the need for a consistent
approach to integrating user identity and device information across a variety of IToperations and network platforms. With the advent of mobility, “bring your own device”
(BYOD) policies, software as a service (SaaS), virtualization, and complex cyber
threats, it has become necessary to integrate identity and device information into many
aspects of network policy and operations to ensure effective network control and
oversight. This integration ranges from endpoint management to security analysis.
Integrating technology partner platforms with Cisco® Identity Services Engine (ISE)
enables IT organizations to apply consistent methods to make their platforms identity-,
device-, and policy-aware. ISE provides accurate, real-time identity, device, posture,
and network access policy context across many ecosystem partner platforms, enabling
them to address more use cases and undertake their functions more effectively.
Integration with ISE also allows partner platforms to use the Cisco network infrastructure
to execute network actions on users and devices, such as quarantine and blocking
access. These identity- and device-aware visibility and network response capabilities
increase efficiency of operations and help expedite network event resolution.
Highlights and Components
The Cisco ISE Ecosystem is composed of Cisco ISE with an Advanced Feature License
and a platform from one of our integration partners, including the following ecosystem
solutions:
• Mobile device management (MDM): Integration between Cisco ISE and MDM partner
platforms enables posture compliance assessment and network access control of mobile endpoints attempting to access the network. The solution performs ongoing
posture checks to ensure compliance and that the correct network access level is
maintained.
• Security event and information management and threat defense (SIEM/TD):
Integration with Cisco ISE enables SIEM/TD partner platforms to supplement their
networkwide security event visibility with information about user identity, network
authorization levels, endpoint device identification, and security posture. This
provides a composite, “single pane of glass” view of a security event from the
SIEM/TD partner console. Partners are also able to take remediation actions via ISE;
the solution provides complete visibility, contextual assessment, and remediation
capabilities from the partner platform.
ISE Ecosystem partner integration is accomplished by ISE sharing its user, device, and
policy context with the partner; by the partner sharing its context with ISE for use in
network access policy; or both. ISE network response capabilities may be extended tothe partner platform for executing network actions (Figure 1).
Figure 1. ISE Ecosystem Integration Points
ISE
Ecosystem Partner Context → ISE ISE Context → Ecosystem Partner
Extend the reach of partner
platforms into network access
Integrate with centralized policy
Make partner platforms more
eective with identity and
policy enablement
Make events actionable
Decrease time to response
Common Use Cases
• Decrease time to event classification – Utilize ISE user, device type, access level,
and posture information to answer common questions needed to expedite the
classification of and response to a network event.
• Analyze mobile- and device-aware systems – Utilize ISE device-type information
to create analytics and policies specific to mobile devices. This helps enable a
systemwide view of the mobility environment.
• Differentiate privileges of users and groups – Utilize ISE user information to enable
oversight for specific users or groups, such as populations with access to highly
sensitive data or less trusted populations (guests, for example).
7/27/2019 at_a_glance_c45-728402
http://slidepdf.com/reader/full/ataglancec45-728402 2/2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C45-728402-00 06/13
At-A-Glance
• Identify devices with security posture failures – Utilize ISE endpoint posture
information to identify and differentiate endpoints that have a noncompliant posture
status. These devices typically represent a higher security risk on the network.• Utilize ISE as a unified network access policy point – Ease operations with a central
policy point instead of numerous individual policy silos across the IT infrastructure.
ISE ecosystem partner platforms can provide context to ISE, which can then be
applied across the many attributes ISE uses to formulate network access policy.
Benefits
• Increased effectiveness of existing operations and security platforms through
identity and device awareness
• Extend the reach of existing operations and security platforms into network access
policy by integrating with ISE network policies
• Decreased time to identify, assess, and respond to network events
• IT platforms aligned to a consistent source of user, device, policy visibility, and
network control
For More Information
Refer to the individual ISE Ecosystem At-a-Glance documents for detailed information
regarding each Cisco ISE Ecosystem partner. Detailed information regarding specific
partners is available on the Cisco Developer Network Marketplace
at http://marketplace.cisco.com/catalog .