Network security threats are a fact of life. But the modern security arsenal has highly effective tools like security information and event management. SIEM platforms can provide a wealth of information to help you quickly and accurately assess security threats and take immediate remediation actions, all from a single console. Yet analytics are not enough. To build a proactive defense against even the nastiest threats, organizations can integrate their SIEM with Cisco Identity Services Engine (ISE). IBM QRadar, one of the leading SIEM platforms, was an early adopter Cisco ISE integration. The integration provided a broader range of contextual information — about users, identities, privilege levels, device types, network conditions and events to QRadar.
Today we have taken that original integration even further with the announcement of the Cisco ISE Platform Exchange Grid (pxGrid) application for the IBM Security App Exchange. The app augments the tight integration with QRadar and consumes contextual information from Cisco ISE via pxGrid. Cisco pxGrid is a bi-directional Security Product Integration Framework (SPIF) that allows for any-to-any partner platform integration. Using pxGrid, this app obtains real-time context and highlights details into user and device activity. This provides QRadar with identity- and device-aware threat management functionality and an increase in confidence around event severity levels. These details include user and endpoint identity, privilege levels, posture compliance, locations, services being used, and device types. This information is displayed in the QRadar dashboard, giving the security analysts a holistic view of information from Cisco ISE.
What does the SIEM operator do after identifying a threat? This app now provides the QRadar analyst with a means to react to threats by providing a mechanism to take Rapid Threat Containment (RTC) actions. From within the QRadar console, the operator can now right-click on an “offense” of interest and instruct Cisco ISE to take a network containment action – quarantine, port bounce, etc. This is a very powerful feature as it helps reduction in time-to-respond to security events to stop attacks faster and protect critical data faster.
For more details and to obtain the Cisco ISE pxGrid App for QRadar visit: https://www-03.ibm.com/security/ca-en/engage/app-exchange/