Cisco Blogs


Cisco Blog > Security

More Than Just a Pretty Dashboard – Cisco ISE and Splunk Turn Event Data Analysis into Action

Previous blogs in this series, both by Splunk and Cisco, detail how Cisco Identity Services Engine (ISE) can be used to drive enhanced event visibility in Splunk.

Splunk is a machine data platform that allows you to search, report, alert, and visualize any data that it ingests. Cisco ISE brings an added dimension to analyzing all this data; it attaches key contextual data (for example, username, location, network policy status) to events and data analyzed by Splunk. The Splunk for ISE app, a free download from Splunk, comes with a number of built-in dashboards to correlate this machine data with user information and create customizable dashboards and reports.

However, this integration doesn’t just create pretty dashboards – it turns event analysis into action. Read More »

Tags: , , , ,

Why Isn’t It Easier to Customize Enterprise Mobility and Guest Portals?

Enterprises use Cisco ISE for securely granting access to visitors and on-boarding employee-owned devices over Wi-Fi. Portals for users to gain access are becoming more advanced, and the next step is for most customers to create a richer customized experience to:

Promote your brand to guests

AP_blog_1

Read More »

Tags: , , ,

Real-World Security Is the Ability to Protect the Ultimate Asset: the User

This week, we released the Cisco 2015 Annual Security Report and used it as a platform to introduce the inaugural Cisco Security Manifesto. Our motivation for creating this set of security principles was to underscore to organizations that they must be more dynamic in their approach to security so they can become more adaptive and innovative than adversaries—and better protect users.

Read More »

Tags: , , , , ,

Using Cisco ISE Data to Drive Enhanced Event Visibility in Splunk

Cisco Identity Services Engine (ISE) is commonly associated with use as a network access policy, BYOD and AAA platform. But to do its job in network policy, ISE collects a great breadth of telemetry about network users and devices. Whether a device is trying to access the network or is already connected, ISE knows specifics about:

  • What the device type is (e.g., iPad Air 2 running iOS 8.1.2)
  • How it is connected to the network (e.g., enterprise Wi-Fi)
  • From where (e.g., access point in “California/SanDiego/Building 2/Floor 3/South”)
  • Security and compliance posture of the device (e.g., Antimalware operating and up to date? PIN lock configured?)
  • Who the user is on the device…or if it even has a user (e.g., printer)
  • What policy and AD/LDAP group the user belongs to (e.g., “IT Admin” authorization group)
  • Related session IP address and MAC address

While ISE primarily uses all this telemetry to establish network policies, it also shares it for use by other IT platforms. By doing so, ISE helps these platforms become more identity and device aware and thus more effective in a variety of ways. And this is where Splunk comes in.

Read More »

Tags: , , , ,

Engaging All Layers of Defense: Incident Response in Action

The Cisco 2015 Annual Security Report highlights many creative techniques that attackers are exploiting to conceal malicious activity, often taking advantage of gaps in security programs. They are continually refining and developing new techniques to gain a foothold in environments and, increasingly, they are relying on users and IT teams as enablers of attacks to persistently infect and hide in plain sight on machines.

Given this complex and dynamic threat landscape, organizations need a mature and adaptable incident response process.

Read More »

Tags: , , , ,