Integrate Device Security with Cisco ISE pxGrid
Focus
Focus
Device Security

Integrate Device Security with Cisco ISE pxGrid

Table of Contents

Integrate Device Security with Cisco ISE pxGrid

Integrate Device Security through pxGrid with Cisco ISE to provide network access control (NAC) to IoT devices.
Where Can I Use This?What Do I Need?
  • Device Security (Managed by Strata Cloud Manager)
  • (Legacy) IoT Security (Standalone portal)
One of the following subscriptions:
  • Device Security subscription for an advanced Device Security product (Enterprise Plus, Industrial OT, or Medical)
  • Device Security X subscription
One of the following Cortex XSOAR setups:
  • A free, cohosted, limited-featured Cortex XSOAR instance
    AND
    A Cortex XSOAR Engine (on-premises integration)
  • A full-featured Cortex XSOAR server
Device Security is an IoT (Internet of Things) security solution that uses deep machine learning to discover and categorize every IoT device on your network. It creates a baseline of normal behavior for each individual IoT device, continuously monitors for anomalous behavior, and then alerts administrators whenever it finds such anomalies.
Cisco pxGrid (Platform Exchange Grid) is a platform that enables various network security products to share information so they can discover and respond to threats quickly. A pxGrid controller coordinates connections among partner nodes and runs on Cisco ISE (Identity Services Engine), a product for creating and enforcing network access and security policies. The pxGrid controller provides a means for partners to publish services to ISE and other connected nodes and subscribe to services from them.
You can integrate Device Security through Cortex XSOAR and pxGrid with Cisco ISE. By integrating these solutions, you can respond to security alerts by quarantining IoT devices to mitigate risk and later removing them from quarantine after the threat subsides.
Ensure the XSOAR engine can form an HTTPS connection to your Cisco pxGrid controller/ISE instance on TCP port 8910. The engine uses this port when authenticating with pxGrid and when sending it IoT device data and quarantine commands. In addition, ensure that the XSOAR engine can form an HTTP connection on TCP port 443 with Cortex XSOAR.
In a distributed environment, multiple firewalls report metadata to the Device Security Cloud, which then sends it through Cortex XSOAR to the XSOAR engine designated to communicate through pxGrid to the ISE admin node.
Integrating with Cisco ISE pxGrid requires either a full-featured Cortex XSOAR server or the purchase and activation of an Device Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for this. The advanced plan includes a license for all supported third-party integrations.