Руководство По Настройке для Cisco Cisco Identity Services Engine 1.2
At-a-Glance
Gain Early Insight into Botnet Threats and Contain Them
If you can’t see what’s happening on your network, how can you
protect it? Cisco® Identity Services Engine (ISE) provides a wealth
of user identity, endpoint device, and network context information
used by many IT management and security platforms. To bring greater
insight to risky network user activities and take mitigation actions on
those events, Cisco ISE uses Cisco Platform Exchange Grid (pxGrid)
technology to share this contextual data with Infoblox, a Cisco partner
with premier solutions for DNS, DHCP and IP address management
(DDI) and DNS-based botnet detection.
protect it? Cisco® Identity Services Engine (ISE) provides a wealth
of user identity, endpoint device, and network context information
used by many IT management and security platforms. To bring greater
insight to risky network user activities and take mitigation actions on
those events, Cisco ISE uses Cisco Platform Exchange Grid (pxGrid)
technology to share this contextual data with Infoblox, a Cisco partner
with premier solutions for DNS, DHCP and IP address management
(DDI) and DNS-based botnet detection.
For Infoblox DDI deployments, integration with ISE simplifies and
expedites association of an IP address ― in real time or in the past ― with a
specific user. This simplifies the often time-consuming task of answering
legal or human resources questions regarding which user held a specific
IP address at a specific point in time. ISE user identity information is also
integrated in Infoblox Network Insight monitoring and reporting to give
IPAM administrators easy real-time and historical access to user-to-IP
associations for standard network planning and reporting.
expedites association of an IP address ― in real time or in the past ― with a
specific user. This simplifies the often time-consuming task of answering
legal or human resources questions regarding which user held a specific
IP address at a specific point in time. ISE user identity information is also
integrated in Infoblox Network Insight monitoring and reporting to give
IPAM administrators easy real-time and historical access to user-to-IP
associations for standard network planning and reporting.
Cisco ISE + Infoblox: Identity & Network Aware IPAM and Botnet Detection
Identity/Network Context from ISE
Ecosystem Context & Network Actions to ISE
Cisco ISE
Infoblox
pxGrid
Context &
Containment
For the Infoblox DNS Firewall platform, integration with ISE also
associates user identity and network-privilege level with IP addresses
to aid in early detection and response to botnet activity. The Infoblox
DNS Firewall analyzes domain name resolution behavior to identify
botnet command-and-control servers. Once they’re identified, the DNS
Firewall also identifies what internal endpoints are currently accessing
or have accessed these command-and-control servers and which
ones have potentially been infected by the botnet. If an infection has
occurred, the user identity and network-privilege level from Cisco ISE
are used by Infoblox to help determine which clients are the highest
priority for potential malware remediation.
associates user identity and network-privilege level with IP addresses
to aid in early detection and response to botnet activity. The Infoblox
DNS Firewall analyzes domain name resolution behavior to identify
botnet command-and-control servers. Once they’re identified, the DNS
Firewall also identifies what internal endpoints are currently accessing
or have accessed these command-and-control servers and which
ones have potentially been infected by the botnet. If an infection has
occurred, the user identity and network-privilege level from Cisco ISE
are used by Infoblox to help determine which clients are the highest
priority for potential malware remediation.
Cisco Identity
Services Engine and
Infoblox Integration
© 2015 Cisco and/or its affiliates. All rights reserved.
Benefits
• Detect first point of contact
with Botnets with Infoblox DNS
Firewall, thereby increasing
the effectiveness of threat
defense deployments
Firewall, thereby increasing
the effectiveness of threat
defense deployments
• Decrease time-to-event
classification with Infoblox IP
address management (IPAM)
and DNS Firewall platforms that
use Cisco Identity Services
Engine (ISE) user, device type,
and access-level data to answer
common questions needed
expedite the classification of and
response to a security event
address management (IPAM)
and DNS Firewall platforms that
use Cisco Identity Services
Engine (ISE) user, device type,
and access-level data to answer
common questions needed
expedite the classification of and
response to a security event
• Simplify and expedite security
event response with Infoblox
through support of Cisco Rapid
Threat Containment, using the
Cisco pxGrid Adaptive Network
Control capabilities of Cisco ISE
to take actions on high-severity
security events in the Cisco
network, such as quarantining
a user or routing the traffic for
deeper investigation
through support of Cisco Rapid
Threat Containment, using the
Cisco pxGrid Adaptive Network
Control capabilities of Cisco ISE
to take actions on high-severity
security events in the Cisco
network, such as quarantining
a user or routing the traffic for
deeper investigation