I was pretty excited when Cisco came to Rapid7 last year and offered for us to be one of their launch partners for their Identity Services Engine (ISE) Ecosystem. Flash forward one year, and the public unveiling of Rapid7 joining the ISE partner ecosystem was announced earlier this week at Cisco Live in San Diego, California.

If you are not familiar with Cisco Live, it's a massive conference that attracts more than 26,000 attendees who fly into beautiful San Diego to network, learn and potentially drink too much during evening activities. While the attendees are arguably less interestingly dressed than the 130,000 Comic Con International attendees which takes place in the same venue, the content at Cisco Live is top notch and is focused on advancing the state of IT, communications and security.

Why is this partnership with Cisco such a big deal, might you ask?

By integrating Rapid7 Nexpose and UserInsight with Cisco Identity Services Engine (ISE) using the Cisco pxGrid security integration framework, we can provide our customers with extremely fast assessments and mitigation of vulnerabilities while reducing incident detection blind spots from the endpoint to the cloud.

Through this partnership we are allowing security pros to comprehensively view their entire network, its users' behavior, rich context of user interaction with assets, associated vulnerabilities with the added benefit of being able to deploy easy and effective quarantine measures.

All of this is in addition to the long-standing partnership and integration capabilities we have had in place with the SourceFire team at Cisco.

Cisco made the announcement earlier this week on their blog, see their post below:
http://blogs.cisco.com/security/ise-ecosystem-expands-to-drive-deeper-visibility-and-control-with-cisco-identity-services-engine

Now, let's dive in a bit more on the benefits of integrating Nexpose and UserInsight integrate with ISE & pxGrid.

Nexpose brings real-time vulnerability assessment and mitigation to ISE environments

Nexpose enables better threat exposure management with unified analysis of vulnerabilities, controls, and configurations, and determines compliance with security best practices and external regulations, such as PCI and HIPAA. With Nexpose's powerful analytics, customers can quickly identify impactful steps that they can take to address vulnerabilities and reduce security risks in their environments. Integration with Cisco's ISE enables security professionals to go a step further to block or quarantine assets if deemed too risky. Users can then remediate vulnerabilities to lower the organization's risk score, removing barriers to the network, and mitigate security exposures with a rapid understanding of their risk posture.

Nexpose will also work with ISE to enable faster assessment and policy-based mitigation of endpoint security risks. This includes the ability to perform the following functions:

  • Real-time vulnerability assessment. The integrated solution will invoke real-time discovery and assessment of devices as they connect to the network, including transient ones. ISE can detect a device when it connects to the network, triggering Nexpose to scan the device. Customers will have an accurate, real-time picture of the risks associated with the devices connected to their networks.
  • Reduce the gap between detection and mitigation of risks. ISE can act on information received from Nexpose to improve compliance by protecting endpoints, initiating external remediation processes, and limiting network access of devices that present a high security risk to the network.

UserInsight allows ISE users to detect and investigate attacks faster

UserInsight is an intruder analytics solution that provides visibility into intruder behavior across an entire ecosystem, from the endpoint to the cloud. UserInsight monitors endpoints, networks, cloud services, and mobile devices, setting traps for intruders, detecting attacks, and enabling faster investigation to mitigate the risks presented by compromised accounts.

By building a baseline understanding of a user's behavior, UserInsight identifies changes that indicate suspicious activity and helps security professionals detect an attack. Once suspicious behavior is detected, security teams and incident responders can quickly investigate, leveraging UserInsight's ability to link users, assets and actions, build incident timelines, and determine the magnitude and impact of the attack.

UserInsight will work with ISE to reduce incident detection blind spots and add context to user activity to improve security from the endpoint to the cloud. This includes the ability to perform the following functions:

  • Fast detection and investigations. UserInsight allows ISE users to detect and investigate security incidents faster by identifying intruders that use stealthy attack methods, such as stolen credentials and lateral movement.
  • Reduce blind spots and add activity context. UserInsight works with ISE to map IP addresses assigned through network access control to end users, reducing incident detection blind spots, which is especially important for machines that have been quarantined.

We're excited about this partnership and would be happy to discuss it with you in detail if you have any questions or want to learn more – feel free to leave a comment here or get in touch with me by email.

Related: What is User Behavior Analytics?