Case Study

A Leading Bank Secures its Complete Infrastructure and Customers Critical Data with Cisco Identity Services Engine

Based in Sharjah and operating with 25 branches throughout UAE, the bank offers its clients tailor-made financial services in both corporate and retail banking, and has mainly established itself as a leading solutions provider for a growing commercial and industrial base across the seven emirates. Bank has its priorities on IT security for the current year wishes to secure the complete infrastructure and thereby Customers critical data. In this process they wanted to control all devices that are connected to their infrastructure to be compliant with their IT policies and restrict access for different type of users based on their authority.

Business Scenario

The bank maintains a complete Cisco infrastructure across their network. They currently have implemented 802.1X authentication across their network devises and have made progress in restricting access. They wish to move to the next level of IT security by enabling advanced features of ISE.

Bank requires to have a secured network with restricted access for all users to its IT resources. The current requirements can be briefed as follows:

  • Device Administration to move from ACS to ISE
  • Posturing and Profiling of all the 802.1x Clients
  • Integration with McAfee EPO as Antivirus and Microsoft SCCM for Patching
  • Deployment of SGT based Firewall Rules across all Firewalls through CSM
  • Accelerate Cisco IOS Software standardization in the face of frequent strategic business decision changes
  • Implement coherent security policy to enable more granular controls of approved, suspect, and rogue devices
  • Prohibit non-compliant devices from accessing critical applications
  • Help ensure segmentation of development and production systems

Challenge

  • Lack of ability to detect and identify rogue devices on the network
  • Lack of network standardization
  • Inability to create a coherent policy to comply with the latest regulations around security

Tool & Technologies

  • Cisco Identity services engine
  • Cisco® Compliance Management and configuration
    Service (CMCS)

Solution

Intertec worked with the bank to design and implement a solution that would unroll in two phases.

In phase 1, the focus was on IOS standardization. Led by Cisco® Compliance Management and Configuration Service (CMCS), whereas phase 2
involved a major software image management (SWIM) action to deploy a single standard of IOS on a massive scale. CMCS combines Intertec’s Product Domain expertise, intellectual property, and best-inclass Cisco software automation to simplify the whole range of configuration management, up to and including the design, implementation, and maintenance of custom organizational standards. Together, these capabilities help the company develop reporting and validation against its internal security policies, in compliance with the Sarbanes Oxley Act, the Payment Card Industry Data Security Standard (PCI DSS), and other regulatory standards.

Some of the key features and functionalities of Cisco Identity Services Engine that the Bank uses:

  • version 2.2 of Cisco ISE
  • User and Endpoint Visibility
  • Access Control
  • Guest Access Services
  • BYOD
  • Device Administration

Result

  • Ease of integration with other existing Cisco products and technologies
  • Superior user and device visibility
  • Range of capabilities
  • Scalability
  • Post purchase services and support