Network technologies and trends

Mar 9 2017   7:36AM GMT

What’s new in Cisco Identity Services Engine (ISE) 2.2? – Series 3

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
Analytics
application
Cisco
Cisco security
DHCP
end point
End-user
NAC
Security
Spoofing
threats
vulnerabilities

Cisco Identity Services Engine (ISE) 2.2 does offer lots of new features , in this post we will continue with those features which are focusing on stopping and containing the threats. These new features are quite helpful in reducing risk and contain threats by dynamically controlling network access.

  • Multiple Trustsec Matrices

Cisco Identity Services Engine (ISE) 2.2 offers flexibility to create different set of policies for different locations and scenarios. The Multiple Trustsec Matrices feature can now support up to 5 different policy sets and has an ability to assign different matrices to network devices

The feature addresses two use cases specifically:

  1. In the ISE DEFCON use case, administrators can create predefined policies to address different threat climates, and switch between them in the event that the nature or level of network threats changes. For major attacks, admins can immediately change policies to significantly restrict access

  1. The Separate Administrative Domains use case gives administrators the ability to create and implement policies that are specific to geographical locations, roles and responsibilities for their organization. Different admins can control their own policy sets, enabling greater flexibility.

figure-1-1-defcon-use-case

Source : Cisco Systems

The new enhancements in Multiple Trustsec Matrices  helps an ISE administrators to implement or apply predefined policy set based on threat levels or business location. This helps in

Increase the response time for threats.

Increases efficiency as policy changes can be applied to different operational zone with centralized management.

Offers Segmentation flexibility.

  • Threat-Centric NAC Enhancements

Cisco Identity Services Engine (ISE) 2.2 has expanded its  support for third-party vulnerability and threat data sources on an open platform. Now Cisco Identity Services Engine (ISE) 2.2  can take threat intelligence from Tenable, Rapid 7 and Cisco Cognitive Threat Analytics (CTA). These new capabilities will further enhance the posture assessments as there is an access for much broader range of threat-incident intelligence.

figure-1-2-threat-intelligence

Source : Cisco Systems

This enhancement comes very handy especially when the number of devices connected to networks are increasing day by day and at the same time their exposure to threats is increasing as well.  This can help in not only reducing the remediation time for undetected threats and vulnerabilities as the ISE 2.2 applies multiple vulnerabilities data sources but also an automated CoA is applied based on vulnerability intelligence.

  • Anomalous Behaviour Detection

Cisco Identity Services Engine (ISE) 2.2 can now detect device behaviour consistent with MAC Address spoofing. Now detections are based on

Any change to DHCP Class

Change in access method (Ex: Wired->Wireless

Significant Operating System change

Significant profile change

This enhancement helps in  quick threat  remediation by dynamically updating the policy to prevent or change access.

Cisco Identity Services Engine (ISE) 2.2 will certainly going add value to networks as they are focusing more controlling threats automatically and its worth to invest on this technology especially securing end points at an entry level.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: