Xerox and Cisco Identity Services Engine (ISE) White Paper

Similar documents
ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Cisco Network Admission Control (NAC) Solution

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cisco Virtual Experience Infrastructure for Government. Virtualize Your Desktop and Increase Agency Efficiency

McAfee epolicy Orchestrator

Make security part of your client systems refresh

Cisco TrustSec How-To Guide: Phased Deployment Overview

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Securing BYOD With Network Access Control, a Case Study

Cyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks

CloudSOC and Security.cloud for Microsoft Office 365

Protecting your data. EY s approach to data privacy and information security

Sustainable Security Operations

Device Discovery for Vulnerability Assessment: Automating the Handoff

Accelerate Your Enterprise Private Cloud Initiative

Cisco TrustSec How-To Guide: Central Web Authentication

SIEM: Five Requirements that Solve the Bigger Business Issues

ForeScout Extended Module for Splunk

CA Security Management

Symantec Security Monitoring Services

TRUE SECURITY-AS-A-SERVICE

Industrial Defender ASM. for Automation Systems Management

Exam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.

The threat landscape is constantly

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

GDPR: An Opportunity to Transform Your Security Operations

Mobile Devices prioritize User Experience

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

CA Host-Based Intrusion Prevention System r8

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Vulnerability Management Policy

Best Practices in Securing a Multicloud World

Symantec Network Access Control Starter Edition

3-Part Guide to Developing a BYOD Strategy

The Context Aware Network A Holistic Approach to BYOD

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

The Device Has Left the Building

Five Tips to Mastering Enterprise Mobility

A Guide to Closing All Potential VDI Security Gaps

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Securing Today s Mobile Workforce

McAfee Endpoint Threat Defense and Response Family

Xerox ConnectKey. The ecosystem for workplace productivity.

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Cisco TrustSec How-To Guide: Monitor Mode

Enhancing Virtual Environments

BYOD: BRING YOUR OWN DEVICE.

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Meraki 2018 Solution Brochure

White Paper Taking Windows Mobile on Any Device Taking Windows Mobile on Any Device

Automating the Top 20 CIS Critical Security Controls

Cisco Connected Factory Accelerator Bundles

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

: Administration of Symantec Endpoint Protection 14 Exam

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

Securing Health Data in a BYOD World

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Client Computing Security Standard (CCSS)

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

A company built on security

Meraki Solution Brochure

POLICY 8200 NETWORK SECURITY

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Symantec Enterprise Solution Product Guide

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

the SWIFT Customer Security

Reviewer s guide. PureMessage for Windows/Exchange Product tour

align security instill confidence

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Security Architecture

deep (i) the most advanced solution for managed security services

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Unified Communications from West

Snort: The World s Most Widely Deployed IPS Technology

Xerox AltaLink Multifunction Printers Deliver Apple AirPrint to the Enterprise. White Paper

The Quick-Start Guide to Print Security. How to maximize your print environment and minimize security threats

SIEM Solutions from McAfee

McAfee Total Protection for Data Loss Prevention

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

ForeScout Extended Module for VMware AirWatch MDM

Symantec Network Access Control Starter Edition

FIREWALL BEST PRACTICES TO BLOCK

NETWORK ACCESS CONTROL OVERVIEW. CONVENIENCE. SECURITY.

ENTERPRISE MOBILITY IN THE INSURANCE INDUSTRY

SECURITY & PRIVACY DOCUMENTATION

THREE-PART GUIDE TO DEVELOPING A BYOD STRATEGY WHITE PAPER FEBRUARY 2017

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Symantec Network Access Control Starter Edition

McAfee Advanced Threat Defense

Xerox ConnectKey Devices Deliver Apple AirPrint to the Enterprise White Paper

How to Secure Your Cloud with...a Cloud?

ForeScout ControlFabric TM Architecture

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management

Transcription:

Xerox and Cisco Identity Services Engine (ISE) White Paper

Contents Securing Your Networked Printing Devices... 1 Providing Security in an Internet of Things World... 1 Cisco ISE: A Powerful, Simple and Scalable Solution... 2 Cisco Identity Services Engine... 2 Seamless Device Profiling Helps You Create Access Levels.... 3 Cisco ISE allows you to deploy the following controls and monitoring of Xerox devices... 3 Ready to deploy across your entire fleet of Xerox devices... 4 Collaborate with Confidence with Xerox and Cisco... 5 Obtain real-time visibility into who and what is accessing the network.... 5 Ensure that your access and security policies are enforced.... 5 Achieve greater value while managing print.... 5 Xerox Devices Currently Profiled in Cisco ISE... 6 References... 6 Authors... 6 i Xerox and Cisco Identity Services Engine (ISE) White Paper

Securing Your Networked Printing Devices Information security is a vital part of your business. As a leader in the development of digital technology, Xerox has demonstrated a commitment of keeping digital information safe and secure by identifying potential vulnerabilities and proactively addressing them to limit risk. Still, securing information within your devices is not enough in today s data-intensive business world. This is why Xerox has joined forces with Cisco, the worldwide leader in networking technology, to create a comprehensive approach to enhancing your total network security environment. This white paper is intended to give an overview of that initiative, highlighting the collaboration with the Cisco Identity Services Engine (ISE) product. Providing Security in an Internet of Things World Today, customers recognize Xerox as a trusted provider of secure solutions with a wide array of security capabilities. Xerox office devices are built with the most comprehensive security in the industry that prevents unauthorized access and protects the confidentiality of documents and data through a robust set of features. Xerox adheres to the highest security standards through industry certifications and our printers are full system Common Criteria certified. Our comprehensive security is based on four key principles: Intrusion Prevention Device Detection Document and Data Protection External Partnerships While Xerox provides comprehensive printer security that protects data sent to and from the printer over the network, many businesses recognize a need to bolster information security outside their devices at a network level. Our collaboration with Cisco, a worldwide leader in network security, addresses this challenge, taking information security beyond your device to enhance security across your total network environment. This comprehensive solution is based on the Cisco Identity Services Engine. 1 Xerox and Cisco Identity Services Engine (ISE) White Paper

Cisco ISE: A Powerful, Simple and Scalable Solution Cisco ISE is the market-leading intelligent security policy enforcement platform that mitigates security risks by providing a complete view of which users and what devices are being connected across the entire network infrastructure. It also provides exceptional control over what users can access on your network and where they can go. The solution, including all of its components, has been thoroughly vetted and rigorously tested as an integrated system. Cisco's ISE includes over 200 Xerox device profiles that are ready for security policy enablement. This allows ISE to automatically detect Xerox devices in your network. Xerox devices are organized in Cisco ISE under product families, such as Xerox AltaLink and Xerox VersaLink, enabling Cisco ISE to automatically detect and profile new Xerox devices from the day they are released. Customers who use Cisco ISE find that including Xerox devices in their security policies is simpler and requires minimal effort. With Cisco ISE, Xerox has elevated the multifunction device to have the same level of network manageability as the more traditional endpoints such as servers, routers and PCs. Xerox is making the multifunction printer (MFP) a true network citizen and allowing you to protect it as an integral part of today s security imperatives. Cisco Identity Services Engine Cisco ISE provides dynamic detection and classification of network endpoints to gain relevant insight and accuracy. As an endpoint attempts to connect to the network, Cisco ISE queries the characteristics of the endpoint and attempts to match it to a known profile in the database. Unknown endpoints only show IP and MAC addresses, while known endpoints like Xerox devices are identified and provide additional unique attributes. Policy Service performs various actions such as denying connection to out-of-policy endpoints, granting connections to known endpoints (e.g., Xerox) or controlling connectivity of endpoint ports. To enable the Cisco ISE to function, the network administrator defines the network policies to comply with their organization s security guidelines. Whenever an out-of-policy attempt is made, an alert is generated and sent to the administrator to investigate. To address known or alleged security events, the administrator can utilize logs and reports to remediate if needed. 2 Xerox and Cisco Identity Services Engine (ISE) White Paper

Seamless Device Profiling Helps You Create Access Levels. Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network. ISE collects various attributes for each network endpoint to build an endpoint database. The classification process matches the collected attributes to prebuilt or user-defined conditions, which are then correlated to an extensive library of device profiles. These profiles include a wide range of device types, including tablets, smartphones, cameras, desktop operating systems (for example, Windows, Mac OS X, Linux and others) and workgroup systems such as Xerox printers and MFPs. Once classified, endpoints can be authorized to the network and granted access based on their profile signature. For example, guests to your network will have a different level of access to printers and other endpoints in your network. As an example, you and your employees can get full printer access when accessing the network from a corporate workstation but be granted limited printer access when accessing the network from a personal Apple iphone. Cisco ISE allows you to deploy the following controls and monitoring of Xerox devices Automatically provision and grant network access rights to printers and MFPs to prevent inappropriate access (including automatically tracking new printing devices connecting to the network): Block non-printers from connecting on ports assigned to printers Prevent impersonation (aka spoofing) of a printer/mfp Automatically prevent connection of non-approved print devices Smart rules-based policies to govern user interaction with network printing devices Provide simplified implementation of security policies for printers and MFPs by: Providing real-time policy violation alerts and logging Enforcing network segmentation policy Isolating printing devices to prevent general access to printers and MFPs in restricted areas Automated access to policy enforcement Provide extensive reporting of printing device network activity A few real-life examples of these controls were demonstrated during an ISE pilot at Xerox: Automatically discovered and identified all network printing devices connected to the network on selected floors Configured network wall jacks to only allow a specific MFP and reject all other network-enabled devices Restricted access to network printing devices; configured ISE to only allow users connected in one floor to access that MFP but blocked users connecting from other floors Controlled network printing devices in a given area to only scan to a given file location in the network Customized the level of network printing devices access assigned to visitors and BYOD users to have different access level than users on companyissued desktop 3 Xerox and Cisco Identity Services Engine (ISE) White Paper

Ready to deploy across your entire fleet of Xerox devices Xerox has made it extremely easy to achieve an outstanding level of control with Cisco ISE. Xerox and Cisco engineers worked together to validate over 200 Xerox devices to work with ISE. When you buy Cisco ISE, you are ready to start deploying access and control policies across your Xerox MFP and printer fleet. You do not have to configure ISE to work with Xerox products and validate that all the device settings were entered correctly; we have done all of that for you ahead of time. Figure 1 illustrates an ISE screen that displays some of the Xerox devices available for policy creation. The ISE Feed Service from Cisco keeps you informed of new Xerox products and automatically adds them to your ISE solution in the proper product family. Figure 1: Over 200 Xerox devices ready for policy implementation right out of the box. Writing policies could not be easier. You can write policies for each individual device in the network or aggregate policies into logical groups (Figure 2 below). You can then apply access and security rules at the policy levels. Figure 2: Logical Profile of Xerox ConnectKey Devices Only, which groups all Xerox AltaLink and Xerox VersaLink devices and policies. 4 Xerox and Cisco Identity Services Engine (ISE) White Paper

Policies that grant global access to all Xerox devices referenced in the Logical Profile Xerox MFP Figure 3: Permit Access Xerox is a customized policy to authorize all Xerox devices in the Xerox MFP Logical Profile. Collaborate with Confidence with Xerox and Cisco Obtain real-time visibility into who and what is accessing the network. Ninety percent of surveyed organizations are not fully aware of the devices accessing their network. Moreover, 40% of network/endpoint infrastructure can become unknown or unmanaged when an organization lacks visibility, which can drive operational costs and lead to security blind spots. But with Xerox devices integrating with Cisco ISE, you now have comprehensive, real-time visibility into which people and what devices are connecting across the entire network infrastructure. Ensure that your access and security policies are enforced. As the number of connected devices that are accessing your network grows, creating access policies for different end users (i.e., guest, employee, BYOD) can be a cumbersome and time-consuming process. Additionally, if an infected device penetrates your network, it is critical to have the ability to quickly segment your network to prevent threats from spreading laterally across your network. Our integration with Cisco ISE allows users to collaborate and print securely in your enterprise while confidently protecting against the security risks brought about by the explosion of network-connected devices. Cisco ISE empowers you to define customized access control over your diverse user populations. Achieve greater value while managing print. Xerox Managed Print Services (MPS) delivers customers great value by controlling your printing costs while delivering value-added document services. MPS leverages Cisco ISE to deliver access control, visibility and enhanced security to your network printing devices. Cisco ISE is relevant to a wide range of our customers. Cisco ISE can help implement corporate governance through consistent access policy for all users and devices, addressing mandated monitoring, auditing and reporting requirements. And whether you re a mid-size organization needing to secure a hundred endpoints or a large enterprise with hundreds or thousands of endpoints, ISE is a scalable solution that can grow with your changing needs. Together, they dramatically reduce cost of ownership while delivering world-class monitoring and troubleshooting features designed to streamline operations for your help desk and support teams. Automating labor-intensive tasks, such as provisioning access policy and network segmentation, has the added benefits of saving time, reducing costs and simplifying service delivery. This gives you greater flexibility to shift IT resources from office print monitoring to mission-critical business assignments. It s just another way that Xerox and Cisco help you get the most out of your networked printing devices and IT resources. The bottom line: your network, content and printing costs are protected. 5 Xerox and Cisco Identity Services Engine (ISE) White Paper

Xerox Devices Currently Profiled in Cisco ISE https://www.xerox.com/en-us/connectkey/insights/cisco-ise-printers/devices References Xerox and Cisco Security Frequently Asked Questions (FAQ) http://www.office.xerox.com/latest/secfs-06u.pdf Cisco ISE Overview http://www.cisco.com/en/us/products/ps11640/index.html Cisco ISE Profiling Design Guide https://communities.cisco.com/servlet/jiveservlet/previewbody/68156-102-1-125076/how-to_30_ise_profiling_design_guide.pdf Authors Doug Tallinger, Platform Planning Manager, Xerox Corporation Zia Masoom, Product Marketing Manager, Xerox Corporation Kevin Gagnon, Product Manager, Cisco Systems Ed Cho, Marketing Manager, Cisco Systems 2018 Xerox Corporation. All rights reserved. Xerox, Xerox and Design, AltaLink, Brenva, ConnectKey and VersaLink are trademarks of Xerox Corporation in the United States and/or other countries. Updated 04/18 MASZI-146 BR24097 SECFS-04UC

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback