Solved: ISE and IoT

firefox · ‎03-20-2018

Hi All,

Is there a document/link or similar that talks about use of ISE in securing IoT devices? If so, can someone please share the same?

Thanks

TJ

Craig Hyps · ‎03-20-2018

Although focused on Healthcare IoT, the Whitepaper posted to this page also applies to general IoT:

Cisco Medical NAC - Cisco

Also, this month we will release and IoT Profile Library with over 600 Automation and Control profiles and post to Community at https://communities.cisco.com/tags/ise-endpoint-profile

In ISE 2.4 release (currently planned for end of this month), we will introduce a pxGrid probe for integration with IoT and other systems for sharing endpoint context. The first example is the integration with Cisco Industrial Network Director for learning endpoint details for manufacturing OT devices and visibility and policy enforcement from ISE on the IT side.

As mentioned, solutions like Stealthwatch are capable of monitoring the behavior of such devices and validate they continue to behave as expected, and alert/quarantine if they do not.

ISE also works with the Industrial Ethernet switches for secure access and policy enforcement. These are just a few things we are doing from the ISE side, and there are plenty of other Cisco integrations to secure IoT. For more details, see:

Cisco IoT Threat Defense - Cisco

View solution in original post

Jason Kunst · ‎03-20-2018

ISE can authenticate devices and profile them into categories to provide differentiated access via VLAN ACL or scalable group tags

If the device supports certificate authentication then its authentication is even more secure method of authentication

If threats are seen from a device using vulnerability or SIEM then they can be quarantined as part of the solution

Can you please explain what you’re looking for?

Craig Hyps · ‎03-20-2018

Although focused on Healthcare IoT, the Whitepaper posted to this page also applies to general IoT:

Cisco Medical NAC - Cisco

Also, this month we will release and IoT Profile Library with over 600 Automation and Control profiles and post to Community at https://communities.cisco.com/tags/ise-endpoint-profile

In ISE 2.4 release (currently planned for end of this month), we will introduce a pxGrid probe for integration with IoT and other systems for sharing endpoint context. The first example is the integration with Cisco Industrial Network Director for learning endpoint details for manufacturing OT devices and visibility and policy enforcement from ISE on the IT side.

As mentioned, solutions like Stealthwatch are capable of monitoring the behavior of such devices and validate they continue to behave as expected, and alert/quarantine if they do not.

ISE also works with the Industrial Ethernet switches for secure access and policy enforcement. These are just a few things we are doing from the ISE side, and there are plenty of other Cisco integrations to secure IoT. For more details, see:

Cisco IoT Threat Defense - Cisco

firefox · ‎03-20-2018

HI Jason/Chyps,

Thanks for your inputs.

I have a customer who is setting up a smart city with lot of smart devices like smart lamp posts/pole, cameras, digital signs, parking sensors, temperature sensors etc and is looking to securely control them. Many of these don't have the capability to have a certificate or other posturing mechanisms. So, in this regard was wondering how ISE can be positioned to secure these devices and also provide segmentation based control to these devices.

Thanks

TJ

firefox · ‎03-20-2018

Hi Jason,

I have a customer who is setting up a smart city with lot of smart devices like smart lamp posts/pole, cameras, digital signs, parking sensors, temperature sensors etc and is looking to securely control them. Many of these don't have the capability to have a certificate or other posturing mechanisms. So, in this regard was wondering how ISE can be positioned to secure these devices and also provide segmentation based control to these devices.

Thanks

TJ

Jason Kunst · ‎03-20-2018

Craig has discussed this before. I would recommend they look into ISE and see how it works and work through sales team to our Product managers to work on further enhancements to this project.