cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How-To Threat Centric NAC Qualys and Cisco Identity Service Engine (ISE) Integration using STIX Technology

1748
Views
2
Helpful
0
Comments

This document is for Cisco Engineers and customers deploying Cisco Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE) 2.1.  A cloud Qualys Managers license with API is required. Please speak to your Qualys representative to obtain the license.  Qualys integration does not use Cisco platform Exchange Grid (pxGrid) for ISE integration, instead it uses Structured Threat Information Expression (STIX). STIX is an information exchange language and used to exchange cyber threat intelligence with organizations. It allows a common framework for organizations to share cyber threat information and adapter quicker to computer-based attacks.

Cisco Threat Centric NAC using Qualys also falls into the Rapid Threat Containment category.  Cisco Security Solutions and Ecosystem and CSTA partner solutions that fall into this category use Adaptive Network Control (ANC) mitigation actions to respond to or contain threats by issuing mitigation actions either from pxGrid, ISE EPS RESTful API or STIX. 

Cisco Threat Centric NAC using Qualys performs vulnerability scans on the endpoint.  Based on the CVSS scoring rating in the Qualys reports and the ISE Threat mitigation CSVSS authorization condition rule, vulnerable endpoints can be quarantined or provided limited access based on the organization’s security policy.