The Radiflow iSID & Cisco ISE pxGRID-Certified Integration enables enforcing an effective zero-trust policy, where personnel are granted only the least extent of access privilege to systems and networks needed for them to perform tasks.
Cisco Identity Services Engine (ISE)® provides automated access policy enforcement for highly-secure networks, which can be safely extended to the ICS network with full contextual data related to OT devices and their full properties, provided by Radiflow’s iSID industrial threat detection and management system.
Use Case: iSID OT Data Enrichment for ISE
Radiflow iSID’s integration with Cisco’s Identity Services Engine (ISE) allows enriching the network’s security enforcement capabilities with contextual data from OT operations. The ISE-iSID integration provides OT network visibility and enables users to enforce various security and access policies across the organizational network, including the OT network.
iSID’s Deep Packet Inspection (DPI) engine is able to non-intrusively identify industrial assets, along with all their properties, on running industrial processes, and convey the OT contextual data to Cisco ISE using the pxGrid (Platform Exchange Grid) API, an open, scalable, and IETF standards-driven platform for sharing data among multiple security products across the organization.
ISE is able to use iSID’s detailed OT asset information to apply customer defined network access policies, for orchestrating appropriate levels of network access and security controls on a per-device basis.
Use Case: Threat Containment & Prevention Using ANC (Adaptive Network Control)
Devices can be “quarantined” based on alerts/anomalies detected by iSID. While it’s extremely unlikely for a production OT asset to be intentionally quarantined from network access, OT security engineers or OT network administrators can activate iSID’s ANC capability and apply a relevant quarantine policy to increase OT security. This is done in iSID by restricting devices which were involved in security violation alerts, which is useful in cases of disabling remote access to devices and preventing new connections to and from devices, among other cases.
The iSID-Cisco ISE integration combines the following capabilities and functionality to deliver powerful OT network detection and policy enforcement solution:
- OT asset information, communication patterns and network anomalies gathered and detected by iSID
- Detection of sensitive OT management commands by iSID
- ISE’s policy engine allows network engineers to set up access policies according to specific cyber-security policies
- Authorization and authentication capabilities to control access to the network per device
- Utilization of Cisco’s pxGrid framework for ISE integration, and ISE Adaptive Network Control capabilities to enforce quarantine policy for rogue endpoint