Cisco Cisco Identity Services Engine 1.2 白皮書
White Paper:
Cisco Systems and the Migration from NAC to EVAS
7
© 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Figure 2. EVAS Use Across An Organization
Source: Enterprise Strategy Group, 2014.
EVAS and Threat Management
As part of its maturation, EVAS gained increasing intelligence about endpoints, networks, and IT assets. This
intelligence has become essential for creating, enforcing, and monitoring security policies for enterprises, helping
CISOs balance day-to-day business operations with IT risk mitigation.
intelligence has become essential for creating, enforcing, and monitoring security policies for enterprises, helping
CISOs balance day-to-day business operations with IT risk mitigation.
As an example, EVAS has become a valuable technology that can help enterprise organizations improve threat
prevention, detection, and response. EVAS can mitigate risk in three phases (see Table 2):
prevention, detection, and response. EVAS can mitigate risk in three phases (see Table 2):
1. Before an attack, to decrease the threat surface.
2. During an attack, for threat detection and attack mitigation.
3. After an attack, for further risk mitigation and remediation.
2. During an attack, for threat detection and attack mitigation.
3. After an attack, for further risk mitigation and remediation.
EVAS Use Case: Before an Attack
The EVAS threat prevention role before an attack provides added value over legacy NAC utilization. CISOs can use
various EVAS capabilities to decrease the overall network and endpoint attack surface by:
various EVAS capabilities to decrease the overall network and endpoint attack surface by:
Identifying risky assets. EVAS is responsible for monitoring all assets connected to the network at any time.
This can help organizations identify risky and potentially vulnerable assets at a moment’s notice. Identifying
non-compliant users, devices, OS, applications, etc., and correlating that information with third-party
vulnerability assessment tools allows for a more rapid IT response. For example, when a critical
vulnerability is identified, the security operations team can immediately identify all systems with software
configurations representing the highest risks (i.e., non-compliant, no antivirus updates, etc.).
This can help organizations identify risky and potentially vulnerable assets at a moment’s notice. Identifying
non-compliant users, devices, OS, applications, etc., and correlating that information with third-party
vulnerability assessment tools allows for a more rapid IT response. For example, when a critical
vulnerability is identified, the security operations team can immediately identify all systems with software
configurations representing the highest risks (i.e., non-compliant, no antivirus updates, etc.).
Improving risk mitigation. With continuous monitoring and a database of assets and activities, the security
team can use EVAS for gathering actionable intelligence. This can help them improve workflows, streamline
operations, and prioritize remediation activity to remain in lockstep with constant changes to IT risk.
team can use EVAS for gathering actionable intelligence. This can help them improve workflows, streamline
operations, and prioritize remediation activity to remain in lockstep with constant changes to IT risk.