
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2017 09:33 PM
Hi Team,
We are working on a ISE feature sheet and need clarity on below features:
- L2 Security for various physical levels attacks MAC spoofing and flooding, ARP spoofing and poisoning, VLAN hopping and double tagging, DHCP exhaustion, switch impersonation and spanning tree attacks.
- During posture check AV/AS* has performed a full system scan and real time protection is enabled or not.
Appreciate quick reply on this
Thanks & Regards,
Yogesh Madhekar
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2017 12:43 PM
The features in your first bullet are switch & switchport functions. ISE authenticates and authorizes endpoints using the Layer 2, 802.1X protocol. We can potentially handle MAC spoofing with the new Ability to Detect Anomalous Behavior of Endpoints.
I don't know how you define "a full system scan" but we support the OESIS set of AV/AS systems as well as registry checks, USB and other things. We have a Periodic Reassessment (PRA) if that's what you mean by "real time protection".

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2017 12:43 PM
The features in your first bullet are switch & switchport functions. ISE authenticates and authorizes endpoints using the Layer 2, 802.1X protocol. We can potentially handle MAC spoofing with the new Ability to Detect Anomalous Behavior of Endpoints.
I don't know how you define "a full system scan" but we support the OESIS set of AV/AS systems as well as registry checks, USB and other things. We have a Periodic Reassessment (PRA) if that's what you mean by "real time protection".
