Cisco introduced pxGrid, a new framework for sharing context-aware security information among different vendor platforms. The company said it will use pxGrid to make Cisco ISE the central repository for a context-aware security architecture via a new ecosystem of partners.
Cisco already has a broad set of mobile device management (MDM) vendor partners for Identity Services Engine (ISE). This week, however, Cisco added a new collection of Security Information and Event Management (SIEM) and threat detection vendors that are integrating with ISE via pxGrid. The initial set of partners includes HP ArcSight, IBM, Lancope, LogRhythm, Splunk, Symantec and Tibco.
PxGrid is a publish-and-subscribe framework through which security products can collect contextual information from ISE, such as user, device, network connection and location. They can then use that information to improve their own analytics. Since pxGrid is bi-directional, these SIEM and threat detection vendors can also send instructions to ISE to revoke or modify network access.
Cisco's decision to align with the SIEM market struck at least one analyst as an odd choice.
"SIEMs are an old technology," said John Katsaros, principal at Internet Research Group. "Some would call it ancient. If you look at it going forward, SIEMs are going to be phased out. I don't think they're going to be around for more than a couple more years."
Rather than interconnecting different security platforms, Katsaros thinks vendors should be helping enterprises build data warehouses for security management. "Big data makes it more affordable to capture, keep and mine security information. Why [Cisco isn't] going in that direction is beyond me. They didn't show us anything that shows they have a better way of doing things than with big data techniques."
With pxGrid, Cisco ISE adds context everywhere
Kevin Skahill, director of Cisco's secure access and mobility group, said the vendor's plans for pxGrid go well beyond the SIEM and threat-detection market.
"We see potential to do this integration with many other platforms," he said. "PxGrid is a publish-and-subscribe technique that provides a single framework that partners can develop once [with]. It allows partners to customize and secure what contexts get shared, because not every partner wants the 80 different attributes that ISE can provide."
Nor is Cisco ISE necessarily being pitched as the heart of a context-aware security architecture, Skahill said, adding that the pxGrid framework will allow vendor partners to share context directly with each other. Cisco is submitting pxGrid to the IETF and other standardization bodies for consideration, he added.
Carefusion, a global manufacturer of medical devices, is an alpha adopter of the pxGrid integration, using a combination of Cisco ISE and Lancope's StealthWatch NetFlow analyzer.
"We are using the ISE and Stealthwatch combination to help secure our wired VPN and wireless access," said Bart Lauwers, Carefusion's vice president of IT infrastructure. "One problem we were facing was how to correlate all this data [from Stealthwatch] and ensure that we're taking the right action. In our alpha deployment, we had the ability to examine historic behavior, determine what the impact [of an incident was] do a full assessment of what the threat was and when it happened and install a rule to prevent it from happening again."
Lauwers said the integration will allow his team to identify and remediate threats instantly, rather than the weeks or months it could sometimes take.
PxGrid also integrates Cisco ISE into SDN
Cisco will also integrate its software-defined networking strategy with pxGrid, said Dave Framptom, vice president and general manager of Cisco's secure access and mobility product group.
"The Cisco ONE controller will be one of the consumers of context from ISE with pxGrid," he said. "Then that controller can take that information and help direct an action in the network."
PxGrid is available now to prospective partners and will be generally available for customer use in the first quarter of 2014.
Let us know what you think about the story; email: Shamus McGillicuddy, News Director
Dig deeper on Network Security Monitoring and Analysis