: Integrate IoT Security with Cisco ISE
Focus
Focus

Integrate IoT Security with Cisco ISE

Table of Contents

Integrate
IoT Security
with Cisco ISE

Integrate
IoT Security
with Cisco ISE to provide network access control (NAC) to IoT devices.
Palo Alto Networks
IoT Security
can integrate through
Cortex XSOAR
with Cisco ISE (Identity Services Engine) to populate custom endpoint attributes on one or more ISE instances with data discovered in the network traffic that
IoT Security
analyzes. If a device is already in the ISE inventory, ISE adds the attributes from
IoT Security
to it. If
IoT Security
sends attributes for a device that isn’t in the ISE inventory, ISE treats it as a new endpoint, adds it to their inventory, and includes all the related attributes that
IoT Security
sends.
ISE uses data in network access control policies to segment the network for reduced risk exposure. In addition, from the
IoT Security
portal, you can manually quarantine devices through ISE and later remove them from quarantine in response to the severity and status of detected security alerts.
IoT Security
can also provide ISE with the information it needs to enforce access control lists (ACLs), limiting devices to operate on the network within normal parameters as determined by AI-powered behavioral analysis.
After the setup is complete, you initiate an initial export of the entire device inventory from
IoT Security
through XSOAR to Cisco ISE. After that, XSOAR requests incremental updates at user-specified intervals.
IoT Security
determines if there are any newly discovered devices or if there are changes in any attribute fields of previously discovered devices within a user-specified polling interval and, if found, responds with an update. In contrast to these periodic automated updates,
IoT Security
sends user-initiated commands to quarantine a device or remove it from quarantine immediately to XSOAR, which immediately forwards them to ISE.
As is true with all traffic entering the network, inbound communications from Cortex XSOAR must pass through the firewall to reach the Cortex engine, but the firewall itself plays no logical role in relaying the data in their communications.
To provide redundancy, you can configure an XSOAR engine to integrate with primary and secondary ISE instances, and each instance can be an active/standby high availability (HA) pair or a standalone device.
Integrating with Cisco ISE requires either a full-featured Cortex XSOAR server or the purchase and activation of an
IoT Security
third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for Cisco ISE. The advanced plan includes a license for all supported third-party integrations.

Recommended For You