Cisco ISE - SaaS Platform Integration

Cisco^® Identity Services Engine (Cisco ISE)/pxGrid combined with Digital Defense’s Frontline.Cloud platform that includes Frontline Vulnerability Manager™ (Frontline VM™), Frontline Web Application Scanning™ (Frontline WAS™) and Frontline Advanced Threat Sweep™ (Frontline ATS™) integrated modules helps reduce risk of potential network cyber-attacks by identifying vulnerable and infected assets and thwarting access of these devices that could compromise networks and eventually breach critical systems.  Combining the automation power of Cisco ISE/pxGrid and Digital Frontline.Cloud creates greater device visibility and network access control, building improved workflow and rapid responses to infrastructure threats.

Increase Visibility, Improve Threat Detection, and Accelerate Response Time

Visualize:

• Discover devices instantly without requiring agents
• Profile and classify devices, users, applications and operating systems
• Continuously monitor managed devices, including corporate, BYOD and IoT endpoints

Control

• Allow, deny or limit network access through Cisco ISE based on device posture and security policies
• Assess, prioritize and remediate malicious or high-risk endpoints
• Improve compliance with industry mandates and regulations

Automate and Orchestrate 

• Share endpoint context from Cisco ISE via Cisco pxGrid with Frontline.Cloud
• Create actionable workflows to have Cisco ISE automatically restore based on Frontline scans and associated risk management
• Create dynamic policy changes system-wide response to quickly mitigate risks

Prioritzation and Automation Optimize Workflows

Digital Defense’s Frontline.Cloud digitally fingerprints the hosts as contiguous entities, reconciles asset changes from scan to scan utilizing patented correlation algorithms (helping to minimize duplicates or unknown devices), prioritizes vulnerabilities, and automates workflow across the hybrid network to make better risk management decisions, quickly. Frontline.Cloud delivers unparalleled accurate network and host assessments all the way to intelligent integration with Cisco ISE, forautomating security workflows and policies.

Restricts Devices that May Introduce Risk

Cisco ISE/pxGrid reduces risks and contain threats by dynamically controlling network access. ISE can assess vulnerabilities from Frontline.Cloud and apply threat intelligence. ISE monitors and denies network access to any device based on known information. United, Cisco ISE will use the vulnerability intel and Frontline Security GPA ® scoring intelligence as part of its access decision policies. Providing Cisco ISE with Frontline.Cloud scanning intelligence data allows it to take more granular action by restricting access of a device that may potentially introduce risk into the network.

The integration offers a policy for when a new device which has not yet been assessed by Frontline.Cloud comes onto the network, ISE can request an immediate vulnerability scan. That same policy can restrict access for the given device, until ISE has received the data from Frontline VM, whereupon it would then fall to other policies to determine what actions to take based on the findings.

The integration offers a more holistic approach to network access security:

Visibility

• As an endpoint attempts to connect to the network, ISE is immediately aware of it
• ISE requests the most recent scan results forthe endpoint from Frontline.Cloud
• Based on not having seen the device before, ISE can request Frontline.Cloud to scan endpoint for vulnerabilities

Automated Scanning

• ISE can launch a scan from the scan repositorybased on a condition (i.e. has not seen the preexisting device in 3 days on the network)

Policy Enforcement

• If critical vulnerabilities exist, ISE will quarantine or block the device so it does not become a launching point for advanced threats
• If vulnerabilities are present on the network foran extended time (e.g. 3 months), an ISE policy may quarantine or block the device

Automated Remediation

• ISE initializes automated remediation actions,or triggers external remediation via patch management