Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
950
Views
2
Helpful
2
Replies

ISE Posture checks for multiple vendors

Go to solution
rwehe
Cisco Employee
Cisco Employee

‎04-30-2018 11:12 AM

I have a use case where our ISE deployment will need to authenticate computers from many different contractors and vendors (the computers will not be corporate managed). The security policy that we have dictates that full disk encryption, up-to-date patching, up-to-date anti-virus, and an enabled firewall are all present on the endpoint.


The question is as follows; is there a way to have a posture condition that includes *all* disk encryption vendors? In this use case it doesn't matter if the encryption is Bitlocker, Symantec PGP, McAfee, etc., just that encryption is enabled. The same goes for the A/V and Firewall. We don't necessarily care which software vendor is being used, just that it is present, activated and up-to-date.

With the wide variety of vendors and contractor computers coming onto the network it will be difficult to create conditions for each of the different vendors and scenarios for encryption, AV and FW.

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to Rob4

‎04-30-2018 03:23 PM

There is an ANY option for Anti-Malware and for Firewall, but not Disk Encryption today. 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob4
Cisco Employee
Cisco Employee

‎04-30-2018 11:43 AM

I have a use case similar where the customer is looking to conduct posture assessment for contractors entering the network. They are concerned with whether or not any Anti-Malware is installed, and whether the contractor has any public file sharing applications on the endpoint.

We've set up a small lab for the testing and found that while we could define conditions by category, those conditions did not have an effect on the compliance status, just merely for reporting. Ideally, when you defined conditions by category, it would be tied to compliance status, so if any of those applications in a given category were present on the endpoint, the user would be non-compliant. 

Yes, we know that posture compliance works when defining conditions by name, but that use case does not work for contractors when you have no set vendor or application set.

Go to solution
Craig Hyps
Level 10
Level 10
In response to Rob4

‎04-30-2018 03:23 PM

There is an ANY option for Anti-Malware and for Firewall, but not Disk Encryption today. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents