SOCFortress Integrations — Cisco ISE

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of Cisco ISE events and alerts using a single pane of glass.

About Cisco ISE

Cisco Identity Services Engine (ISE) is a network security policy management platform that enables organisations to enforce access control across wired, wireless, and VPN networks.

ISE helps ensure secure access to corporate networks by authenticating and re authorising devices and users based on identity, device type, and security posture.

ISE ensures that only authorised users and compliant devices can access the network, reducing the attack surface. IT teams can manage security policies from a single platform across the entire network, simplifying administration.

ISE plays a critical role in securing modern, complex networks, particularly in environments that emphasise Zero Trust or have to manage large numbers of devices and users.

Key Features of Cisco ISE:

• Network Access Control (NAC): Cisco ISE enforces network access policies based on user identity, role, device type, and compliance posture. This ensures that only authorised users and devices can access network resources.
• Identity-Based Access Control: It integrates with user identity systems like Active Directory, LDAP, and others to authenticate users. Policies can be set for different user types (employees, contractors, guests, etc.), giving specific access rights based on identity.
• Guest Access Management: ISE allows organisations to provide secure guest access to their networks, offering a customisable guest portal and policies to regulate the level of access guests have.
• Posture Assessment: Cisco ISE checks endpoint compliance (e.g., whether the device has up-to-date software, anti-virus, or meets other security policies) before allowing it onto the network. Non-compliant devices can be placed into a quarantine or remediation network.
• Segmentation and TrustSec: ISE allows for software-defined segmentation (trust-based network segmentation) using Cisco TrustSec technology. This limits lateral movement by segmenting traffic within the network based on policy.
• Security Group Tags (SGTs): ISE uses SGTs to assign a specific security label to users or devices, enabling dynamic segmentation and enforcement of security policies across the network.
• Visibility and Analytics: ISE provides deep visibility into who and what is on the network, enabling IT administrators to see connected devices, applications, and users. The platform generates comprehensive reports on network activity and policy enforcement.
• BYOD Support: Cisco ISE supports Bring Your Own Device (BYOD) policies, allowing employees to securely use their personal devices on the corporate network. It provides automated provisioning of devices while enforcing security policies.
• Integration with Other Cisco Products: ISE integrates seamlessly with other Cisco security solutions such as Cisco DNA Center, Cisco Stealthwatch, and Cisco AnyConnect. This enables comprehensive network security and management.

Ingesting Cisco ISE Security Logs and Events

Reference: https://docs.trendmicro.com/en-us/documentation/article/trend-micro-web-security-online-help-cloud-syslog-forward

Visualizations

Landing page:

Total auth logs, logs by severyti and logs by UserType:

Log histogram by NAS:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html