Device Security is an IoT (Internet of Things) security solution that uses deep machine learning to discover and categorize every IoT device on your network. It creates a baseline of normal behavior for each individual IoT device, continuously monitors for anomalous behavior, and then alerts administrators whenever it finds such anomalies.

Cisco pxGrid (Platform Exchange Grid) is a platform that enables various network security products to share information so they can discover and respond to threats quickly. A pxGrid controller coordinates connections among partner nodes and runs on Cisco ISE (Identity Services Engine), a product for creating and enforcing network access and security policies. The pxGrid controller provides a means for partners to publish services to ISE and other connected nodes and subscribe to services from them.

You can integrate Device Security through Cortex XSOAR and pxGrid with Cisco ISE. By integrating these solutions, you can respond to security alerts by quarantining IoT devices to mitigate risk and later removing them from quarantine after the threat subsides.

Ensure the XSOAR engine can form an HTTPS connection to your Cisco pxGrid controller/ISE instance on TCP port 8910. The engine uses this port when authenticating with pxGrid and when sending it IoT device data and quarantine commands. In addition, ensure that the XSOAR engine can form an HTTP connection on TCP port 443 with Cortex XSOAR.

In a distributed environment, multiple firewalls report metadata to the Device Security Cloud, which then sends it through Cortex XSOAR to the XSOAR engine designated to communicate through pxGrid to the ISE admin node.

Integrating with Cisco ISE pxGrid requires either a full-featured Cortex XSOAR™ server or the activation of a Device Security free cohosted Cortex XSOAR instance.