Integrate IoT Security with Cisco ISE to provide network
access control (NAC) to IoT devices.
Palo Alto Networks IoT Security can integrate
through Cortex XSOAR with Cisco ISE (Identity Services Engine) to
populate custom endpoint attributes on one or more ISE instances
with data discovered in the network traffic that IoT Security analyzes.
If a device is already in the ISE inventory, ISE adds the attributes
from IoT Security to it. If IoT Security sends attributes for a device
that isn’t in the ISE inventory, ISE treats it as a new endpoint,
adds it to their inventory, and includes all the related attributes
that IoT Security sends.
ISE uses data in network access control
policies to segment the network for reduced risk exposure. In addition,
from the IoT Security portal, you can manually quarantine devices
through ISE and later remove them from quarantine in response to
the severity and status of detected security alerts. IoT Security
can also provide ISE with the information it needs to enforce access control
lists (ACLs), limiting devices to operate on the network
within normal parameters as determined by AI-powered behavioral
After the setup is complete, you initiate an initial
export of the entire device inventory from IoT Security through
XSOAR to Cisco ISE. After that, XSOAR requests incremental updates
at user-specified intervals. IoT Security determines if there are any
newly discovered devices or if there are changes in any attribute
fields of previously discovered devices within a user-specified
polling interval and, if found, responds with an update. In contrast
to these periodic automated updates, IoT Security sends user-initiated
commands to quarantine a device or remove it from quarantine immediately
to XSOAR, which immediately forwards them to ISE.
As is true with
all traffic entering the network, inbound communications from Cortex
XSOAR must pass through the firewall to reach the Cortex engine,
but the firewall itself plays no logical role in relaying the data
in their communications.
To provide redundancy, you
can configure an XSOAR engine to integrate with primary and secondary
ISE instances, and each instance can be an active/standby high availability
(HA) pair or a standalone device.
Integrating with Cisco ISE
requires the purchase and activation of
a third-party integration add-on. The basic integration plan includes
a license for three integration add-ons, one of which can be used
for Cisco ISE. The advanced plan includes a license for all supported