At-A-Glance
• Increase network defense effectiveness by adding userbehavior analysis to your threat defense architecture.
• Decrease the time it takes to classify and respond to events with user, device type, and access level information.
• Expedite security event responses to high-severity events by quarantining a user or redirecting traffic for deeper investigation.
Gain Insight to High-Risk User Behavior and
Remediate Threats
Cisco® Identity Services Engine gathers a wealth of contextual user identity, endpoint, and network information that is useful for security purposes. To give you greater insight into risky user activities, the
Cisco ISE shares this contextual data with FortScale, a partner in userbehavior-based threat detection.
The result is that you can expedite security measures. You’ll gain the ability to quickly and easily assess the significance of security events by correlating expanded Identity Services Engine context with FortScale user-behavior security alerts. The Cisco platform shares contextual information about each security event with FortScale management consoles using Cisco Platform Exchange Grid (pxGrid) technology.
Contextual data can include each user’s identity and level of access and the type of device used. With this data, a security analyst can more quickly determine who is involved in a security event, whether it needs further investigation, and how urgent a threat is.
These enhanced capabilities streamline the process of threat detection, simplify IT response, and slash the time it takes to remediate network security threats.
How Cisco Identity Services Engine and FortScale
Integration Works
Identity Services Engine integration with FortScale is accomplished in the following way:
• The Cisco Identity Services Engine provides its user identity and device information to FortScale.
• Identity Services Engine contextual data is also appended to associated events in FortScale to provide the additional context of the user, device, and access level for better understanding of a security event’s significance.
• All these functions can be logged by the FortScale console for unified user-behavior security-threat reporting.
© 2015 Cisco and/or its affiliates. All rights reserved.

At-A-Glance
What Is pxGrid?
This cross-platform network system allows many IT infrastructure components to share contextual information using a single interface.
Security monitoring and detection systems, network policy platforms, asset and configuration management systems, and identity and accessmanagement platforms from Cisco or
Cisco pxGrid partners are among those that can share and correlate data for heightened security.
Some of the main Identity Services Engine attributes available for use by
FortScale for user- and device-related context are:
• User: User name, IP address, authentication status, location
• User class: Authorization group, guest, quarantine status
• Device: Manufacturer, model, OS, OS version, MAC address, IP address, network connection method (wired or wireless), location
• Posture: Posture compliance status, antivirus installed, antivirus version, OS patch level, mobile device posture compliance status (via
Cisco mobile device management partners)
Next Steps
To learn more about the Cisco Identity Services Engine, visit http://www.
cisco.com/c/en/us/products/security/identity-services-engine/index.
html .
To learn more about Cisco pxGrid, visit http://www.cisco.com/go/pxgrid .
For additional information regarding the Identity Services Engine and other security information and event management system (SIEM) and threat-defense integrations, visit http://www.cisco.com/c/en/us/ products/security/partner-ecosystem.html
.
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of
Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/ go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C45-734811-00 06/15