06-13-2018 01:21 AM
In a small ISE deployment used for TACACS only, if it were to be integrated to Stealthwatch using pxGrid what if any useful information would be provided to Stealthwatch?
Solved! Go to Solution.
06-13-2018 02:00 AM
Not sure if I understand the query !
The use case with stealthwatch is that we have correlation between which endpoint is sending what pattern of traffic and if stealthwatch detects any anomaly, the request is sent to ISE to put the endpoint in quarantine access.
ISE provides context information for the endpoint and ability to control the access for these endpoints.
Hope this helps.
Thanks,
Nidhi
06-13-2018 02:00 AM
Not sure if I understand the query !
The use case with stealthwatch is that we have correlation between which endpoint is sending what pattern of traffic and if stealthwatch detects any anomaly, the request is sent to ISE to put the endpoint in quarantine access.
ISE provides context information for the endpoint and ability to control the access for these endpoints.
Hope this helps.
Thanks,
Nidhi
06-13-2018 02:24 AM
Hi Nidhi,
I understand the normal integration, but in this scenario the customer is only using ISE for device administration (TACACS) but their security department wants to integrate it with Stealthwatch which will mean them having to buy a small number of plus licenses. As this deployment is only TACACS I am not convinced they will get any value from the integration and will effectively waste money buying plus licenses. I wanted to understand if there is any value in integrating with Stealthwatch in a TACACS only deployment?
Hope that makes more sense!
Thanks
John
06-13-2018 04:38 AM
Pxgrid is for sharing context visibility information of your user endpoint devices (who what when where how of the user and it’s device) not for devices used for device administration
06-13-2018 04:42 AM
Please keep in mind maybe you can push them towards device user auth with radius and show them that value with their small number of plus licenses
Also they might be able to integrate using passive identity and maybe even easy connect down the road to further enhance the stealthwatch dashboard
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide