The complexity of network environments has driven the need for increased granularity in security visibility, network analysis, and compliance assessment. With the advent of IoT, BYOD policies, and SaaS, it is no longer sufficient to analyze network activity solely with a broad identifier like an IP address. Today’s diverse networks require effective security event visibility and integration with accurate contextual data such as user identity, user privilege levels, endpoint device type, and endpoint security posture to provide a meaningful picture of network events and their significance.
The Cisco® Identity Services Engine (ISE) integrates with the NetIQ Sentinel security event management platform to deliver in-depth security event analysis supplemented with relevant identity and device context. This integration provides network and security analysts the context they need to quickly assess the significance of security events by being able to answer questions like “who is this event associated with and what level of access do they have on the network” and “what type of device is it coming from.”
Providing ISE user and device context to the NetIQ Sentinel platform enables a new range of security monitoring capabilities enabling IT organizations to increase the speed of security threat detection and simplifies threat response.