Cisco is revamping its security ecosystem to increase the focus on its Identity Services Engine, which would help enterprises deploy layered defenses without increasing complexity.
In the new architecture, Cisco Identity Services Engine will become the unified source of identity and device context, as well as network control for IT platforms in the enterprise, Dave Frampton, general manager of Cisco Secure Access product group, and Kevin Skahill, director of product management of Cisco Secure Access, said in a press briefing on Tuesday. In order to achieve this goal, Cisco will also integrate the ISE with various platforms from other security information and event management (SIEM) and threat defense partners.
Cisco will also roll out a context sharing framework, Platform Exchange Grid (pxGrid), within ISE to allow information sharing across multi-vendor and cross-platform networks. With this framework, IT administrators will have visibility across multiple systems via a single user interface.
“By incorporating unique real-time network and device context from ISE they now have a single source of truth all from one screen,” Frampton said.
IT departments have to manage more devices and user identities on the network than ever before, and the challenge is increased with the bring-your-own-device trend. The growing complexity of threats also means defense-in-depth is more important than ever.
The problem is that with every layer of security they add to deal with each threat, they run the risk of creating silos of information that aren’t accessible to other products.
IT departments wind up rolling out multiple products and then managing them independently–and manually–because there is no way for various security platforms to talk with each other. IT departments have to switch between multiple control panels to understand what is going on, and then figure out how to remediate the problem.
“Unit now, SIEM systems have lacked a complete picture of mobility and BYOD security risks, but with our new ecosystem, they can use ISE network telemetry to correlate user, device, and policy context with their traditional threat defense data sets,” Frampton said.
The integration of ISE with other SIEM platforms using pxGrid will allow IT departments to identify new categories of possible threats on the network and target suspicious mobile devices. IT can also create analytics specific to devices, users, and groups for additional scrutiny, Frampton said.
Under Cisco’s new vision, ISE has a rich and deep contextual knowledge of all the devices connected to the network. IT can develop specific policies to handle an end-user using a specific device from a certain location to have particular access rights. If the user is on the LAN or Wi-Fi, the access rights to the applications may also change.
With pxGrid, ISE can provide contextual understanding of devices to the SIEM platform and receive instructions on how to remediate the issue, such as blocking devices or quarantining users.
To support the level of collaboration required with pxGrid, Cisco announced a series of partnerships with various SIEM vendors to form the Cisco Security Threat Defense Ecosystem. Partners include HP ArcSight, IBM, Lancope, LogRhythm, TIBCO LogLogic, Splunk, and Symantec. Mobile device management systems from IBM, Citrix, AirWatch, Good Technology, SAP, MaaS360, and MobileIron are also part of the Cisco Security Threat Defense Ecosystem.
“Through ISE, the Cisco Security Threat Defense Ecosystem provides this context, integrating with SIEM/threat defense systems to create policies and analytics based not just on network patterns, but also on type of device and class of user,” Cisco said.
The goal is to get past fragmented networks with silos of information that currently marks enterprise networks and build an integrated platform that can communicate openly between users on different networks.
CareFusion, a Cisco customer, has ISE in its labs and integrated with Lancop’e WebThreat and Cisco’s Netflow. The cyber-defense trifecta “gives CareFusion the network visibility and security context to respond to security threats much more efficiently,” said Bart Lauwers, vice-president of IT infrastructure at CareFusion. The company can now use ISE to figure out the “who/what/when/where/how associated with a potential threat,” and respond to the incident quickly, Lauwers said.
Cisco is testing pxGrid and ISE with select customers, with general availability expected during the first quarter of 2014.