pxGRID-Certified Integration for OT Data Enrichment and Threat Containment & Prevention
Enhance security enforcement and visibility of sensitive OT environments using Radiflow ISID's OT visibility & threat monitoring integrated with Cisco ISE's Network Access Control
The Radiflow iSID & Cisco ISE pxGRID-Certified Integration enables enforcing an effective zero-trust policy, where personnel are granted only the least extent of access privilege to systems and networks needed for them to perform tasks.
Cisco Identity Services Engine (ISE)® provides automated access policy enforcement for highly-secure networks, which can be safely extended to the ICS network with full contextual data related to OT devices and their full properties, provided by Radiflow’s iSID industrial threat detection and management system.
Use Case: iSID OT Data Enrichment for ISE
Radiflow iSID’s integration with Cisco’s Identity Services Engine (ISE) allows enriching the network’s security enforcement capabilities with contextual data from OT operations. The ISE-iSID integration provides OT network visibility and enables users to enforce various security and access policies across the organizational network, including the OT network.
iSID’s Deep Packet Inspection (DPI) engine is able to non-intrusively identify industrial assets, along with all their properties, on running industrial processes, and convey the OT contextual data to Cisco ISE using the pxGrid (Platform Exchange Grid) API, an open, scalable, and IETF standards-driven platform for sharing data among multiple security products across the organization.
ISE is able to use iSID’s detailed OT asset information to apply customer defined network access policies, for orchestrating appropriate levels of network access and security controls on a per-device basis.
Use Case: Threat Containment & Prevention Using ANC (Adaptive Network Control)
Devices can be “quarantined” based on alerts/anomalies detected by iSID. While it’s extremely unlikely for a production OT asset to be intentionally quarantined from network access, OT security engineers or OT network administrators can activate iSID’s ANC capability and apply a relevant quarantine policy to increase OT security. This is done in iSID by restricting devices which were involved in security violation alerts, which is useful in cases of disabling remote access to devices and preventing new connections to and from devices, among other cases.
Solution Overview
The iSID-Cisco ISE integration combines the following capabilities and functionality to deliver powerful OT network detection and policy enforcement solution:
OT asset information, communication patterns and network anomalies gathered and detected by iSID
Detection of sensitive OT management commands by iSID
ISE’s policy engine allows network engineers to set up access policies according to specific cyber-security policies
Authorization and authentication capabilities to control access to the network per device
Utilization of Cisco’s pxGrid framework for ISE integration, and ISE Adaptive Network Control capabilities to enforce quarantine policy for rogue endpoint
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.