StealthWatch and Cisco ISE – Enhanced Identity Awareness and Mobile Security
Lancope, an industry leader in flow-based security and network performance monitoring, now provides integration with the Cisco Identity Services Engine (ISE) to help enterprises advance their security strategy in light of increasingly complex technology and mobile environments. Cisco ISE is a next-generation network admission control system built on the 802.1x standard, which provides customized access to corporate resources based on user/endpoint identity and posture data. Network admission control is an important aspect of an effective security strategy.
In the midst of today’s ever-evolving threat landscape, enterprises also require end-to-end visibility of all activities happening across the internal network. Lancope’s StealthWatch® System conducts sophisticated behavioral analysis on NetFlow and other flow data from existing network infrastructure to deliver in-depth visibility across both physical and virtual environments, including mobile devices.
Through this integration, Cisco ISE users can expand their security efforts by leveraging StealthWatch to continuously monitor user behavior on the network – no matter which device they are using. With comprehensive network insight from edge to access, organizations can dramatically improve their network troubleshooting and risk posture. The ISE provides StealthWatch with additional identity data and valuable information on the types of devices being used to obtain network access, as well as where the device is physically located on the network. This data from the ISE allows Lancope to link the user, workstation, location, device type and other identity data to the actual network traffic, offering a thorough view of network activity.
Unlike other technologies that only block attacks at the perimeter, or that rely on signature updates, StealthWatch can quickly and easily uncover both externally-launched, zero-day attacks, as well as internal threats such as network misuse, policy violations, data leakage and device misconfigurations. Advanced features including application and identity awareness, as well as automatic threat prioritization and mitigation, further enhance troubleshooting and support other efforts such as forensic investigations and compliance initiatives.
How It Works
Cisco ISE is a key element of Cisco’s SecureX context-based security architecture for Borderless Networks, and Cisco’s TrustSec solution for intelligent access control. It enables tight security and compliance, consistent policy enforcement and a seamless user experience, no matter when, where or how a host is connecting to the network. The ISE authenticates users and denies or authorizes user access to corporate resources based on a wide range of identifying features including, but not limited to:
- Device type
- Operating system and patch level
- Applications and services running on the device and their respective versions
- Device security posture
- The location from which the user is trying to gain access
- Which security group the user belongs to
- Which resources the user is trying to access
- The time of day
- How the user is trying to obtain access – i.e., wired, wireless, VPN
StealthWatch aggregates valuable identity and device data from the ISE with additional network and security intelligence from flow-enabled devices to deliver a single, comprehensive view into an organization’s infrastructure. This complete picture makes it easier for administrators to quickly identify and address anomalous behavior that may lead to performance issues or security risks, without negatively impacting high-level users or traffic.
Mobile Device Security for BYOD Environments
In the wake of IT consumerization and bring-your-own-device (BYOD) environments, the network perimeter has vanished. Approximately 75 percent of companies allow employee-owned smartphones and/or tablets to be used at work.1 Today’s enterprises require a more effective means of monitoring and controlling users’ access to the network and sensitive resources no matter which device they use to connect.
Through the integration of StealthWatch and the Cisco ISE, organizations can achieve enhanced mobile device security for rapidly-evolving networks. StealthWatch delivers in-depth internal security monitoring that proactively detects issues stemming from any device on the network, without having to install additional software or deploy expensive probes.
StealthWatch can also now incorporate additional device and identity data from the Cisco ISE into its overall view of network activity to further advance security for personal smartphones, tablets and laptops, as well as differentiate traffic by user from multi-user workstations. Advanced network and host information also enables Lancope and Cisco to provide high levels of performance for mobile devices by quickly identifying the root cause of a network slowdown and tracking it to specific users and devices for efficient mitigation.