Solution Overview
Cisco Identity Services Engine Technology Partner
Ecosystem
BENEFITS
 Increase effectiveness of existing
operations and security platforms
through identity and device awareness.
 Decrease time spent identifying,
assessing, and responding to network
events.
 Align IT platforms to a consistent
source of user, device, and policy
visibility and network control.
The Cisco® Identity Services Engine (ISE) is
the market-leading security policy management
platform. Partner platforms can use the
identity, device, and policy information that ISE
generates to bring a variety of other useful
capabilities to users.
The integration of these products with ISE makes it possible for
these partner solutions to reach into the Cisco network
infrastructure and implement network actions on users and
devices. These include quarantining and blocking access and providing inputs to ISE for network access policy
decisions.
Greater Complexity, More Concern
The enterprise network continues to grow in complexity, with more connected devices and applications to manage
than ever before. This increase in devices and applications has led to an increased lack of visibility into who and
what is connecting to the network as well as increased security concerns, since more devices mean more possible
ways to compromise the network. IT departments have generally addressed these security concerns by continually
adding more security systems and vendors to their networks.
However, multiple solutions from multiple vendors also produce disconnected repositories of information. All these
disparate systems generate disparate data that needs to be pieced together to accurately identify a network threat
and determine which remediating action should be taken. ISE can help simplify and streamline this process. ISE
collects valuable contextual data from across the network that can be consolidated and shared across multiple
systems and vendors, so you can see exactly where the root cause of a threat is located. By eliminating the timeconsuming manual process of piecing together data from multiple systems, you can pinpoint network threats more
quickly and resolve security incidents before they cause damage.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Cisco Platform Exchange Grid and Ecosystem Highlights
ISE ISE is the market-leading security policy management platform that unifies and automates highly secure
access control to enforce role-based access to networks and network resources. It delivers superior user and
device visibility and collects a tremendous amount of contextual data from a myriad of sources across the network
(for example, endpoints, users, Active Directory lists, and network sensors). Integrated within ISE is the Cisco
Platform Exchange Grid (pxGrid). Cisco pxGrid is a robust context-sharing platform that shares this collected
contextual data with external and internal ecosystem partner solutions in order to improve their efficacy and
accelerate these solutions’ capabilities. Partner solutions in the ecosystem can use this contextual data in
innovative ways to improve network management and security.
The ISE ecosystem offers the following integrations:
●
Enterprise mobility management and mobile device management (EMM/MDM). Integration between
ISE and EMM/MDM partner platforms helps enable posture compliance assessment and device control of
mobile endpoints attempting to access the network. Integrating EMM/MDM with ISE helps the solution
perform ongoing posture checks so that compliance and the correct network access level are maintained.
●
Security information and event management and threat defense (SIEM/TD). Integration between Cisco
ISE and SIEM/TD partner platforms helps enable these platforms to supplement their networkwide security
event visibility with user identity, network authorization levels, endpoint device identification, and security
posture information. This capability provides a composite view of a security event from the SIEM/TD partner
console.
●
Identity-access management and single sign-on (IAM/SSO). IAM/SSO partner integrations are able to
supplement existing authentication and authorization policy attributes with network context information. This
capability helps enable authentication policy to be set and adjusted based on network and device risk
levels. Network context information from ISE can also be used by partners to influence web application
authorization decisions, providing more effective access controls to critical information. Policies can be
created for different levels of users based on their device, location, and the application they are trying to
access. For example, a mobile user on an iPad trying to connect over VPN to access sensitive human
resources information would have a more complex authentication policy than a user trying to connect to that
same information from a company-issued laptop in the corporate office.
●
Vulnerability assessment. Vulnerability assessment partner integrations help enable partners to
supplement their vulnerability analytics with information from ISE about user identity, network authorization
levels, network access method, and security posture. This capability provides a composite view from the
vulnerability assessment management console. Security analysts can respond to severe events from a
single interface.
●
Network and security forensics. Forensics and packet-capture partner integrations help partners to
supplement network traffic visibility with information from ISE about user identity, network authorization
levels, endpoint device identification, and security posture. This integration delivers a composite view of
packet capture from the partner’s management console and the ability to use ISE to implement mitigation
actions on users or devices in response to a forensics analysis.
●
OT access policy and segmentation on control and SCADA networks. Operational technology (OT)
networks have their own needs. Using ISE (for access policy) and pxGrid (for context sharing), OT security
partners can supplement their existing OT security policy attributes with device- and network-context data to
deliver more detailed and adaptable security policy. OT monitoring and reporting capabilities use deviceand network-context data from ISE to get a detailed view of the different types of devices that are accessing
the types of resources on the network.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
●
Cloud access security brokers (CASBs). Cloud access security products monitor and detect software-asa-service (SaaS) policy abuse, such as malicious data exfiltration. CASB security partners integrate with
ISE to obtain user context and to associate identity, devices, and access with cloud security events. CASB
security partners can also take mitigation actions like user quarantine through the pxGrid Adaptive Network
Control (ANC).
●
Network and Application performance. By integrating with ISE through pxGrid, partners can gain clarity
around network and application performance issues. ISE context associates identity, devices, access, and
location with performance events. This information helps customers prioritize events for faster root cause
analysis and remediation of performance issues.
Through these integrations with ISE, partner solutions gain vital contextual data, which they can use to be more
effective, more quickly remediate threats or issues, and dynamically implement quarantine actions through ISE to
restrict compromised users or devices (Figure 1).
Figure 1.
Ecosystem Integration Points
Cisco Capital
Financing to Help You Achieve Your Objectives
Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We
can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital
financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment.
And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Next Steps
To learn more about the Cisco Identity Services Engine (ISE), visit http://www.cisco.com/go/ise.
To view the list of ISE ecosystem partners, visit the Cisco Security Partner Ecosystem page at
http://www.cisco.com/c/en/us/products/security/partner-ecosystem.html.
Additional detailed information regarding specific partners is searchable in the Cisco Marketplace Solutions
Catalog at http://marketplace.cisco.com/catalog.
Printed in USA
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
C22-735909-00
10/15
Page 4 of 4