An often overused yarn of our day is that “we live in an increasingly more connected world.” While overused, I can’t think of any better way to describe what Cisco is doing in our security ecosystem with Cisco Platform Exchange Grid (pxGrid). And it has been quite an active first year since release of pxGrid for use in customer deployments, from building an ecosystem of 30 partners to work in multiple security standards groups in the IETF.
Cisco pxGrid is an information grid that security and other IT platforms can integrate with to share relevant contextual information with any other platform connected to it. Cisco platforms can exchange information with Cisco platforms. Partners can exchange information with Cisco platforms. Partners can exchange information with other partners. It is one of the main methods used by technology partners to create use-case focused product integrations within the Cisco Security Technical Alliance Ecosystem Program.
Ecosystem partners can also leverage pxGrid to take “Rapid Threat Containment” actions, such as changing a user’s network access privileges or diverting their traffic for deeper investigation. In a nutshell pxGrid is a massively scalable and customizable framework that allows pretty much any system to talk to and even exact actions on any other system.
Cisco has now been shipping pxGrid for one year, almost to the day. And to celebrate its first year in production we’re announcing nine new pxGrid partner integrations. These are real, purpose-built integrations between Cisco security products and industry partners with the goal of meeting specific use-cases as driven by our customers. The overarching goal is better, more manageable security through multi-vendor collaboration. Strength through integration, if you will. And here’s who we’re integrating with:
Check Point Software Technologies
Check Point is utilizing Cisco pxGrid to integrate to the Cisco Identity Services Engine (ISE). Check Point’s Identity Awareness Software Blade will consume user identity, network privilege level and Cisco TrustSec Security Group Tags from ISE to enhance visibility and security policy enforcement consistency. Using ISE as the source of identity data for security policies delivers real-time identity data on a network-wide basis, not just for users/devices known to AD or LDAP. As a result, information is more accurate and encompasses any user or device authenticated to the network. Check Point is joining the “Firewall and Access Control” segment of the Cisco Security Technical Alliance program.
Infoblox is employing pxGrid on a couple of fronts: DNS-based malware detection and IP Address Management (IPAM). In both cases, Infoblox is integrating with Cisco ISE to consume real-time user identity and network privilege information. With their DNS Firewall, Infoblox analyzes domain name resolution behavior to identify botnet command & control servers, associates that activity to devices and users and notifies Cisco ISE of the DNS security event for appropriate action. This enables improved prioritization and faster response to these potential malware infections at their source. Rapid Threat Containment actions via Cisco ISE may also be used if the threat is severe enough. In IPAM deployments, Infoblox integration with ISE simplifies and expedites the often time-consuming and cumbersome task of associating an IP address, in real-time or in the past, with a specific user and device. The uses for this are numerous, such as data gathering for HR or legal needs. Infoblox is joining the Rapid Threat Containment, Firewall and Access Control and Network Infrastructure segments of the Cisco Security Technical Alliance program.
LogRhythm was the founding member of the Cisco ISE SIEM & Threat Defense ecosystem and integrates with numerous Cisco solutions. Building upon its existing integration with Cisco ISE, LogRhythm is deepening its Cisco support by leveraging the latest Adaptive Network Control functionality of pxGrid. Utilizing Cisco ISE user/device/network contextual information, LogRhythm’s analytics can provide an organization with highly corroborated risk-based alerts, such as deviations from customary patterns, and then take a network investigation or quarantine response via pxGrid.
New Rapid Threat Containment Partners
A key component of Cisco pxGrid is the Adaptive Network Control function, which enables Cisco platforms and ecosystem partners to take “Rapid Threat Containment” actions on the network via Cisco ISE. These real-time threat response actions can range from diverting suspicious user/device traffic through increased security inspection measures to actively adjusting user/device level of network access if the severity of the threat warrants it. Partners utilizing pxGrid Adaptive Network Control can invoke these actions directly from their management or incident response console. New partners are: E8 Security, Hawk Defense, Huntsman Security, Infoblox, Invincea, LogRhythm and SAINT.
SAINT Joins the Vulnerability Assessment Ecosystem
SAINT brings their vulnerability assessment capabilities to the Cisco Security Technical Alliance program in the form of a pxGrid integration with Cisco ISE. SAINT will utilize ISE user identity and device-type data to better categorize and prioritize vulnerabilities they detect, as well as being able to take action on the most severely vulnerable endpoints via Cisco Rapid Threat Containment.
SOTI Joins the Cisco EMM/MDM Ecosystem
I wanted to also highlight that SOTI is joining the EMM/MDM segment of the Cisco Security Technical Alliance program. The SOTI MobiControl EMM/MDM platform integrates with Cisco ISE to ensure mobile endpoints connecting to the enterprise network are compliant with IT security requirements and are assigned an appropriate level of network access privilege. SOTI’s diverse mobile device support, especially for specialized handheld devices used in retail, healthcare and transportation/logistics, will offer great utility to our joint customers.
Furthering Security Standards
For the past year Cisco has been active in the IETF Security Automation and Continuous Monitoring (SACM) workgroup to enable use of pxGrid as a standard method of enabling exchange of monitoring telemetry between the security systems that comprise the SACM architecture. In the past month we have increased our participation in the IETF security working groups by becoming active and submitting a standards draft in the Managed Incident Lightweight Exchange (MILE) working group which develops standards for security incident management.
Wow – quite a post, but is has been quite a year for pxGrid with a lot to celebrate at this first anniversary!