Белая книга для Cisco Cisco Identity Services Engine 1.0.4

Page 2 of 13

In the first place, those APIs just don’t exist. The on-going development effort for vendors to maintain dozens of

single-purpose APIs, and to retest all of them for every minor software update, would be enormous. And even if

they were able to do so, businesses would quickly be overwhelmed with information. APIs work on a basic polling

model, just sending requests for information over and over again. This type of communication might be fine for one

or two systems communicating this way. But 20 systems doing that at the same time would create a huge

performance and scalability problem.

APIs are also usually not secure. Often, they rely on simple (and relatively weak) username-and-password
authentication. They typically don’t offer authorization capabilities over how that data is used. Once an API opens a

doorway into a system, other systems can get access to that information and do what they want with it.

Businesses are left with a difficult security operations challenge that they can’t afford to lose, and no easy way to
address it. Wouldn’t it be better if all the diverse tools in the IT environment could talk to each other? What if

platform vendors could draw contextual information and capabilities from the other systems in the environment and

give the operations staff everything they need to solve real-world problems and respond to threats faster?

That’s exactly what Cisco pxGrid provides.

Introducing pxGrid

pxGrid provides a common transport language between the various network and security systems in the IT

environment. Instead of each system having to rely on single-purpose APIs, they can all be integrated once with

pxGrid to share contextual information with each other. Intersystem communications can now happen automatically

and immediately, with no manual intervention required.

pxGrid enables multivendor, cross-platform network system collaboration among multiple parts of the IT

infrastructure. These can include security monitoring and detection systems, network-policy platforms, asset and

configuration management, identity and access management platforms, and virtually any other IT operations

platform. IT and security vendors can use pxGrid to share context with Cisco platforms that use pxGrid, as well as

with systems from any other pxGrid ecosystem partner. With this unified framework, they can share context

bidirectionally with many other platforms without the need for platform-specific APIs. And they can implement

pxGrid once, and then use it again and again to integrate any pxGrid-enabled platform.

pxGrid is fully secured and customizable. Partners can share only what they want to share and consume only the

information from other platforms on the grid that is relevant to them. This level of customizability, along with the

pxGrid publish-subscribe-query architecture, makes it easy to scale this context sharing, even when

communicating with multiple systems. Furthermore, pxGrid enables ecosystem partner platforms to execute

network actions with Cisco network infrastructure. Not only can security operations teams gather the relevant threat

information faster, but they can also take responsive action immediately.

pxGrid is information model and data format agnostic, as it focuses on transport of security context data. As a

result, it is flexible and can work with a variety of data types as needed to suit a wide range of use cases.

Ultimately, these context-sharing and network-control capabilities make it possible for IT infrastructure providers to

address more use cases, undertake their functions more effectively, and extend their reach deeper into the network

infrastructure.