Cisco Stealthwatch and Identity Services Engine (ISE) are key components required to transform your network into a sensor capable of enforcing your security policies. But how do you incorporate automation on your network to full advantage? How do you validate that the existing policy aligns with the company’s overall security posture? And how can you utilize ISE and Stealthwatch to simplify your security in an ever-growing network of devices, IoT, and applications?
After many years deploying these products for our top clients, here’s an inside look from Cisco Security Services and our best practices for implementing a Cisco Digital Network Architecture (Cisco DNA):
You can’t protect what you don’t know, so know what’s on your network
As more devices enter the enterprise, the requirement for visibility into the environment is more important than ever. We are far removed from the days of simple device characteristics as profile criteria. The benefit of ISE, combined with Stealthwatch, allows you to increase the fidelity of profile characteristics of devices in your network. However, if you don’t know your network and the devices accessing it, you can’t write good policies for those profiles. In order to understand how assets should communicate, you need, with a high degree of certainty, to be able to classify it.
One of the first steps we take in Cisco Services is to help our clients better identify internal assets that are critical to the business. Our subject matter experts create device profiles based on multiple variables, including traffic analysis to ensure that each device has the appropriate level of access. We are able to audit existing device profiles to ensure that they align with the appropriate security policy. There is a wealth of information provided via Netflow that we can utilize to understand device classification. This will allow you refine existing and create new policies that align with critical assets.
Bad guys don’t sleep and neither should your network security
Oftentimes, due to the advancing nature of technology and talent shortage in cybersecurity, once profiles are set, clients are not auditing policies as their network grows. Most often administrators don’t find out about new applications until they mysteriously appear on the network or we get a request that the applications aren’t working. This typically kicks of a series of meetings with application and network owners to identify what applications are required for communication and what level of access is needed. Security issues can arise as new devices or applications are added without knowledge, or there may be availability issues along with angry business stakeholders who want their latest SaaS application.
Get the full benefit of automation
Imagine having alerts and information the minute new applications show up on your network. Even better, what if the network was smart enough to understand not only are they new, but would have the ability to combine them into applications and group them by specified criteria?
You can’t always have eyes on glass, so when our Cisco Services team is implementing ISE and Stealthwatch for clients, we’re always on the lookout for ways we can automate more security. With ISE and Stealthwatch, we create automated responses to alerts that are generated in your environment. Take the new application use case, we can create a network through learning and automation that allows it to create application groups. The network then sends that information to ISE, and based on predetermined criteria, allows you set the policy automatically if desired.
The time taken to deploy new services with Cisco has been drastically reduced, which enables allows you to spend less time with the network and more time on running your business. These ideas are all key to the network intuitive and with Cisco ISE, Stealthwatch and Cisco Services you will be well on your way to a digital ready network with Cisco DNA.