Руководство По Настройке для Cisco Cisco Identity Services Engine 2.0
At-a-Glance
Gain Visibility into Network Threats and Remediate
Cisco® Identity Services Engine (ISE) integrates with leading security
event and information management (SIEM) and threat defense (TD)
platforms to bring together a networkwide view of security event
analysis and relevant identity and device context.
event and information management (SIEM) and threat defense (TD)
platforms to bring together a networkwide view of security event
analysis and relevant identity and device context.
Cisco ISE uses Cisco Platform Exchange Grid (pxGrid) technology to
share contextual data with leading SIEM and TD partner solutions. The
combination of these integrated technologies gives security analysts the
ability to quickly and easily assess the significance of security events
by correlating expanded context with the security alerts. Cisco ISE,
using pxGrid technology, enables the SIEM and TD system management
consoles to display contextual information pulled from the engine about
each security event.
share contextual data with leading SIEM and TD partner solutions. The
combination of these integrated technologies gives security analysts the
ability to quickly and easily assess the significance of security events
by correlating expanded context with the security alerts. Cisco ISE,
using pxGrid technology, enables the SIEM and TD system management
consoles to display contextual information pulled from the engine about
each security event.
The data can include the identity and level of access of each user and
the type of device used. This information permits the analyst to more
quickly determine where the event is coming from, whether it needs
further investigation, and, if so, how urgent is the threat. Cisco ISE
can then be used to take mitigation actions. Identity Services Engine
integrations with SIEM and TD platforms also allow for enhanced
security monitoring, including mobility-aware security analytics. The
enhanced capabilities from The enhanced capabilities from Cisco ISE
with SIEM and TD integration streamline the process of threat detection,
simplify execution of responses by IT, and greatly reduce the time to
remediation of network security threats.
the type of device used. This information permits the analyst to more
quickly determine where the event is coming from, whether it needs
further investigation, and, if so, how urgent is the threat. Cisco ISE
can then be used to take mitigation actions. Identity Services Engine
integrations with SIEM and TD platforms also allow for enhanced
security monitoring, including mobility-aware security analytics. The
enhanced capabilities from The enhanced capabilities from Cisco ISE
with SIEM and TD integration streamline the process of threat detection,
simplify execution of responses by IT, and greatly reduce the time to
remediation of network security threats.
© 2015 Cisco and/or its affiliates. All rights reserved.
Cisco Identity Services
Engine with Integrated
Security Information
and Event Management
and Threat Defense
Platforms
Benefits
• Decrease time to event
classification by using Cisco®
Identity Services Engine (ISE)
contextual information to
expedite the classification of
security events.
• Improve SIEM analytic policies
by differentiating users, groups,
and devices using the engine’s
contextual information to create
analytic policies specific to
users, groups, or devices.
• Decrease security risk from
devices with security posture
failures by using Cisco ISE
endpoint posture information
to create analytic policies
specific to endpoints that have
a noncompliant posture status.
• Improve visibility and analysis of
Cisco ISE telemetry and event
data by analyzing and providing
alerts based on anomalies in
Cisco ISE event data, such
as excessive authentication
attempts.