Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable and Cisco ISE

Integration Enables Swift Response to Vulnerabilities

Tenable and Cisco Integration

Cisco and Tenable Network Security have partnered to offer the first integration that binds user and device context from Cisco’s Identity Services Engine (ISE) with Tenable’s Nessus vulnerability assessment results.

Cisco ISE is the security policy management platform that unifies and automates access control to enforce role-based access to enterprises. Cisco ISE offers consistent network access policy for end users whether they connect via a wired or wireless networks or VPN.

Tenable’s Nessus® Manager now integrates with the Cisco® Identity Services Engine (ISE) to deliver in-depth vulnerability, assessment along with relevant user identity and device data.

Key Challenges

Modern IT architectures include multiple platforms that consist of network, security, and identity solutions. Each of these may be owned, operated, and managed by different teams within the organization leading to operational silos.

To perform risk assessment across these requires each team to piece together relevant device and user data with vulnerability assessment, analyze and prioritize impact, and initiate a response to mitigate the security and compliance issues. In light of this, organizations are left with key challenges in answering questions such as:

  • What systems in my network are at risk or out of compliance?
  • Who are the users associated with those systems? What risk do they pose?
  • What are the risks that require immediate action?
To answer these questions requires a framework that allows the sharing of user and device context with vulnerability and risk management solution. It not only allows the reuse of existing investments, but also provides a unified view to spotlight the offending device as well as the associated user and initiate appropriate response workflow.

The Answer

Tenable’s Nessus® Manager now integrates with the Cisco® Identity Services Engine (ISE) to deliver in-depth vulnerability, assessment along with relevant user identity and device data. This integration provides security analysts with the context they need to quickly assess and prioritize the severity of vulnerabilities by answering questions such as “Who is this vulnerability associated with?” and “What level of access do they have on the network?” Administrators can then quickly initiate actions from within the Nessus management console on offending devices within the Cisco network infrastructure.

The solution includes Tenable’s Nessus Manager and the Cisco ISE (with ISE Plus or Advanced Feature License) for context exchange. ISE is part of Cisco’s pxGrid unified framework that enables multi-vendor, cross-platform network system collaboration; it integrates security monitoring and detection systems, network policy platforms, identity and access management platforms, and virtually any other IT platform.

Integration Benefits

By using the Cisco ISE context, Nessus administrators enhance their traditional vulnerability assessments results with user identity and security posture information. This brings back a “single-pane-of-glass” view of the vulnerability from the Nessus management console. Nessus users can take advantage of ISE integration by investigating the event, then executing network mitigation actions and setting device/user policies directly from the Nessus management console.

The integration between Cisco ISE and Tenable Nessus offers several benefits to customers including:

  • Decreases time and increases granularity of risk analysis by joining user identity and device context with vulnerability scan results
  • Facilitates faster response by prioritizing critical issues based on device and user context
  • Allows immediate response to vulnerable or out-of-compliance systems directly from within Nessus
  • Enables Nessus to isolate systems and users that pose risk by requesting a quarantine action
  • Enables fast, closed loop management of the issue or event

System Hardening

Nessus also offers compliance and system hardening policies (“audit” files) via the plugin feed. Users can access out-of-the-box policies for Cisco routers, switches, and firewalls as well as others including storage devices, virtualization and cloud platforms, and a wide variety of major operating system platforms (including UNIX, Linux and Windows), and much more!

Learn More

Malware Detection

Nessus uses multiple malware feeds including Cisco's ThreatGRID malware feed to identify malicous processes and botnet communications as part of vulnerabiity scanning.  ThreatGRID, in conjunction with other malware feeds, helps detect known and rapidly changing malware and provides swift and early detection of malware actitivies often undetected by single AV vendor limitations.

Learn More

IPS Context

Nessus vulnerability scan results are used by many organizations to provide endpoint context to network security products such as the Cisco Sourcefire IPS and NGFW products.  This helps Cisco administrators tune signatures and policies as well as reduce false positivies by identifying whether the generated alert matches and is relevant to the target endpoint.

Learn More

Complementary Solutions

Nessus Vulnerability Scanner

Nessus is the industry’s most widely-deployed vulnerability, configuration, and compliance scanner. Nessus features high-speed discovery, configuration auditing, asset profiling, malware detection, sensitive data discovery, patch management integration and vulnerability analysis. With the world’s largest continuously-updated library of vulnerability and configuration checks and the support of Tenable’s expert vulnerability research team, Nessus sets the standard for speed and accuracy.

Learn More

SecurityCenter Continuous View

SecurityCenter Continuous View™ is the only integrated vulnerability, threat and compliance management solution on the market that combines data from vulnerability assessments, asset information, network sniffing and activity event logs. This capability provides crucial context that no other solution can provide, improving vulnerability management, threat detection, incident response time and accelerating forensic analysis.

Learn More

Resources

View More

Get Started

Buy Nessus Products

Purchase Nessus or Nessus Manager through a Partner or on the Tenable online store.

Buy

Questions?

Get immediate sales assistance or more information on Nessus.

Start Chat