The enterprise network no longer sits within four secure walls. Employees today demand access to enterprise resources using more mediums than ever before, including personal laptops, tablets, and smartphones, and from home networks and mobile networks. Mobility, in particular, can expose networks to devastating attacks and data breaches, and the resulting economic costs to an organization can be huge. Yet today’s mobile workforce needs to work anytime, anywhere, to stay competitive and be productive. With the increasing complexity of this expanded network and the advent of the “Internet of a Thing,” and with network-enabled devices of all kinds connecting to private and public networks, the potential impact of failing to identify and remediate network security threats grows exponentially.
After years of innovation around Network Access Control, Cisco has released its next generation NAC solution: Identity Services Engine(ISE). ISE combines existing loosely coupled devices AAA, profiling, posture and guest management – in single, scalability appliance
Narrow Your Exposure and Reduce Your Risk
It all starts with getting ahead of threats by using visibility and control – visibility into the users and devices accessing your network and the control to help ensure that only the right people from the right devices get the right access to the enterprise services they need. This is where Cisco ISE can help. Cisco ISE is the market-leading security policy management platform that unifies and automates access control to proactively enforce role-based access to enterprise networks and resources, regardless of how a user chooses to connect – by wired or wireless networks or VPN.
Traditionally, security solutions, focused on preventing compromised devices or users from gaining access to network resources, have generally been too complex to configure and deploy, requiring weeks of setup and large investments in resources. The latest release of Cisco ISE is different. With out-of-the-box configured workflows, Cisco ISE accelerates the deployment of guest access and 802.1X RADIUS authentication. Enterprises can choose to expand their deployments and use Cisco ISE to create access policies using Cisco TrustSec® Security Group Tags (SGTs). These define access based on simple “plain English” rules and use built-in technology within the Cisco infrastructure to enforce policy across the network
Additionally, Cisco ISE uses Cisco Platform Exchange Grid (pxGrid) technology to share rich contextual data with integrated partner ecosystem solutions. This technology accelerates their capabilities to identify, mitigate, and remediate security threats across your extended network. Overall, secure access control is centralized and simplified to securely deliver vital business services, enhance infrastructure security, enforce compliance, and streamline service operations.
Reduced risk of security issues and major outbreaks: With ISE’s policy networking, unknown devices never gain access, and virus and malware issues, in conjunction with user and security management systems, can be quarantined before an outbreak can occur. In many cases issues canbe avoided even before that device can access thefull network, leading to significant improvements indata and security compliance.
Reduced infrastructure, management, andsupport costs for BOYD support(Bring Your Own Device): It can eliminate management and support time with policy-based network authentication that registers not only who and where the user is, but whether the user’s PC is up-to-date, what device is used, and what application is needed. It also eliminated the need to manage separate network access for wired, wireless, and VPN networks
Reduced infrastructure, management, and support costs for guest wireless access services: It can reduce guest access account setup, monitoring, and removal in favor of ISE’s nearly self-service guest management tools to save
Reduced help desk costs: With easier device management leading to fewer delays and issues, it can reduce organization’s significant drop in help desk calls related to network issues.
Deploy logical network segmentation based on business rules by using Cisco TrustSec technology tocreate a role-based access policy. This dynamically segments access without the complexity of multiple VLANs or the need to change the network architecture.
For deployment solution, contact: