Cisco Subnet An independent Cisco community View more

Cisco looks to standardize context-aware security

Will offer pxGrid, an ISE development framework, to IETF

Cisco is looking to standardize a framework it developed for integrating disparate security products from multiple vendors. The framework is called the Platform Exchange Grid (pxGrid) and it allows third-party developers of security applications to add capabilities to Cisco's Identity Services Engine (ISE). ISE is designed to provide policy-based, context-aware security for Cisco networks.

By developing to pxGrid, third-parties will be able to add capabilities to ISE that allow the appliance to share network context information - user ID, type of device, access method, access media, privilege level - with other systems in the IT infrastructure and then allow those systems to instruct ISE on what remediation actions to take on Cisco network elements, if warranted.

[FOLLOW US: Where do Cisco's network security plans go from here?]

The pxGrid framework will also play a role in Cisco's Cisco ONE programmable network strategy in that it will allow ISE to share context information with a Cisco ONE controller, which can then re-program the network to take remedial action should a threat arise.

"This is so controllers can have a richer data set and take action on more informed set of context" for network programming, said David Frampton, vice president of Cisco Security.

Cisco will demonstrate such a capability at the Cisco Live conference the week of June 24.

Cisco has already formed an ecosystem of partners around ISE and the pxGrid. For SIEM and threat defense they include IBM, Splunk, HP ArcSight, Symantec, Tibco, Lancope and LogRhythm; and for mobile device management, they include IBM, Citrix, AirWatch, Good, Mobile Iron, SAP and MaaS360.

With such a roster intact, Cisco plans to submit pxGrid to the IETF and other standards organizations early next year as an industry-sanctioned framework for injecting context aware security and remediation into networks.

Frampton says the goal is to improve security analytics with context-based policies so threats can be mitigated when they're discovered. Without such a framework, remediation would be "complicated" or "impossible."

The ISE pxGrid is in early adopter customer use now. General availability of pxGrid-developed applications for ISE from third parties are expected early next year as well.

More from Cisco Subnet:

Skepticism follows Cisco-IBM led OpenDaylight SDN consortium

Network heavy hitters to pool SDN efforts in OpenDaylight project

Former switching chief McCool leaves Cisco

Cisco sees big plans for Big Data

Juniper losing its enterprise mojo

Cisco, others see run on data center switches

Silicon photonics "disruptive," Cisco says

CEO of Cisco competitor talking FUD

Cisco looking to make things right with West Virginia

West Virginia auditor blasts Cisco, state for "oversized" router buy

Follow all Cisco Subnet bloggers on Twitter.Jim Duffy on Twitter

Follow

 
From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies