ISE sd access integration Flashcards
things you can do in ise with sd access
Guest Access
Guest network automation
Host On-boarding
User authentication
Group Based Access Control
SDA Segmentation
Assurance
Client 360
Device Administration
TACACS
Endpoint Analytics
Everything & Everyone on Network
Policy Analytics
Group to Group Interaction with automated policy
Security Ecosystem Integration
Context Sharing
ISE policy
ISE does policy distribution and a central policy engine and auth authoritity.
what does ISE stand for
Identity Service Engine
Ise API ERS
used for certificate exchanges and updating ISE with catalyst center with orchestrated group based policies sgts
FQDN
fully qualified domain name
what is pxGrid
pgrid is an framework for excange of contextual infromation and policy data between ISE and other network security polatofroms in realtime.
Key functionalities of ise
sharing context info user identities, device details, compliance status, and security group tags (SGTs).
Allowing third-party systems to subscribe to event data (e.g., login/logoff, security alerts) generated by ISE.
Enabling dynamic policy enforcement and automation across the network based on the information shared through pxGrid.
How can pxGrid be used
Threat Detection and Response: Integrating with security platforms like firewalls, endpoint protection systems, and SIEMs to receive context-rich data (e.g., who the user is, where the device is located, compliance status) for faster response to incidents.
Dynamic Segmentation: Sharing contextual data with firewalls, switches, and routers so that dynamic access control policies can be applied based on user or device attributes (e.g., based on user role, location, or compliance posture).
Endpoint Compliance: Sharing endpoint information (e.g., OS version, antivirus status) with third-party systems to ensure compliance before allowing full network access.
Policy Enforcement: Security systems subscribing to pxGrid can trigger automated policies in response to certain events, like quarantining a device, reducing access, or pushing additional authentication requirements.
Firewalls from vendors like Palo Alto Networks or Fortinet, which use pxGrid data to dynamically apply segmentation policies.
For cisco catalyst center what is ISE
a policy server
for what credentials doest credentials does catalyst center need
cli, snmp , https rw
Catalyst Center uses ISE for radius