This blog post is going to be going over integration ISE 2.1 and WSA via pxGrid with CA-signed certificates. I personally like using CA-Signed certificates for my deployment because if I ever need to rebuild an ISE instance or pxGrid client, it's extremely easy to get it up and running again with a CA-signed certificate.
This post is going to go over the integration of ISE 2.1 and AMP for Endpoints. ISE 2.1 introduces the concept of a "Threat Centric NAC" which allows you to configure vulnerabiltiy and threat adapters to send high fidelity Indicators of Compromise (IoC), Threat Detected events, and CVSS scores to ISE so that threat-centric access policies can be created to change the privilege of the endpoint accordingly.
In this post, I'm going to go over host groups and why they're so critical to the StealthWatch system. Using host groups correctly in the StealthWatch system will ensure that you're alerted correctly on events and that the information given to you is more relevant to your enterprise
I'm definitely going to go over this more in future posts after I'm done with my StealthWatch series. I'll just post this high level information about some of the additional features of ISE 2.1 which I'm pretty excited about.
In this post, we're going to dig in to the SMC Client and learn the structure a bit better. This will help us navigate around the StealthWatch system and find valuable information.
In this blog post, I'll go over StealthWatch and ISE integration with pxGrid. With this integration, ISE will share contextual information such as username and device information with StealthWatch and it adds the ability to do rapid threat containment to quarantine misbehaving endpoints. I'm going to use a CA-signed certificate in this post and later I'll add a post with self-signed certificates.
In this blog post, I'm going to go over ProxyWatch with StealthWatch. Many enterprises utilize proxies to protect their networks. They provide protection at the cost of visibility to other security solutions. ProxyWatch is a licensed feature that allows StealthWatch to see the translated address and associate it with the other side of the proxy conversation which provides more accurate troubleshooting and forensics. It's a bit like NAT stitching for proxies.
In this post, I'm going to go through configuring custom Eternal Lookups. What External Lookups allow a user to do is to investigate external IP addresses and ranges utilizing external applications and lookups. StealthWatch already comes pre-configured with a few and allows an administrator to add their own.
In this blog post, I'm going to go over the common administration elements of the StealthWatch appliance.
In the last blog post, I went through the initial installation and setup of StealthWatch. In this blog post, I'll go through the dashboard of the SMC.
In this blog post, I'll be going through the installation and setup of StealthWatch. This is pretty easy stuff so I'll breeze through it here. In my lab, I'm going to set up a StealthWatch Management Console (SMC) VM and a FlowCollector (FC) VM.
Lancope was founded back in 2000 and is a leading provider of network visibility and security intelligence to protect enterprises against today's top threats. The StealthWatch System uses NetFlow, IPFIX and other types of network telemetry to detect a wide range of attacks from a variety of threats including APTs, DDoS, zero-day malware and insider threats. Lancope was just recently acquired by Cisco late last year but the company itself had a very close relationship with Cisco prior to that and thanks to that relationship, it integrates quite well with a variety of existing Cisco solutions. In this first post, I'm going to dig into some of the components of the StealthWatch System.
This is a continuation of my previous post. In this post, I'll go over NetFlow configuration on NX-OS, IOS Catalyst switches, routers and ASAs.
In this post, I'm going to go over Netflow configuration and some useful commands to troubleshoot issues with NetFlow.
I get a lot of PMs on forums I'm on asking for job/career advice and I know there's always a ton of threads on IT forums on that vein as well. While there are multiple ways to get to the same destination and different ways to be successful, I'd like to share things that really worked for me or that I've observed
Over the next couple of weeks, I'll be writing some different blog posts on Stealthwatch. To start out, I'm going to link the Lancope NetFlow configuration cheatsheet since it's pretty useful.
I've decided I'm going to be going after the CCIE Security next. There's a high likelihood that this track could change in the middle of my studying for it so I'm going to prepare using the latest technology. In this blog post, I'm going to chart out some of the different resources I'm going to use.
This is the continuation from my previous post. In this post, we're going to create some basic objects from the REST API and just push them out through POSTMAN.
I decided to play around with creating templates of my configs in XML and being able to push them via the RESTful API in ISE.
In a perfect world, you could authenticate your hosts onto the network with either dot1x or going through a guest portal but the reality is that not every device connected to your network will have the ability to navigate the guest flow or utilize dot1x. Unfortunately, most of us don't live in a perfect world and have to connect devices to our networks such as phones, IP cameras, printers, badge readers, access points, etc so for that reason, profiling comes in. What ISE will do is gather a series of attributes from the NADs that the endpoints are connected to and based on those collections of attributes, ISE is able to make a determination of what kind of device that endpoint is