Cisco ISE is a security policy management platform that provides secure access to network resources. Cisco ISE functions as a policy decision point and enables enterprises to ensure compliance, enhance infrastructure security, and streamline service operations. Cisco ISE allows enterprises to gather real-time contextual information from networks, users, and devices. The administrator can then use that information to make proactive governance decisions by tying identity to various network elements including access switches, wireless LAN controllers (WLCs), Virtual Private Network (VPN) gateways, and data center switches. Cisco ISE acts as the policy manager in the Cisco TrustSec solution and supports TrustSec software-defined segmentation.
What is the Cisco Identity Services Engine?
Today’s enterprise network is rapidly changing, especially when it comes to employee mobility. Employees are no longer tethered to desktop workstations, but instead access enterprise resources via a variety of devices: tablets, smartphones, and personal laptops, just to name a few. Being able to access resources from anywhere greatly increases productivity, but it also increases the probability of data breaches and security threats because you may not control the security posture of devices accessing the network. Keeping track of all devices accessing the network is a huge task in itself, and as the need for more access arises, the more unsustainable it becomes to manage.
The Cisco Identity Services Engine (ISE) is an identity-based network access control and policy enforcement system. ISE allows a network administrator to centrally control access policies for wired and wireless endpoints based on information gathered via RADIUS messages passed between the device and the ISE node, also known as profiling. The profiling database is updated on a regular basis to keep up with the latest and greatest devices so there are no gaps in device visibility.
Essentially, ISE attaches an identity to a device based on user, function, or other attributes to provide policy enforcement and security compliance before the device is authorized to access the network. Based on the results from a variety of variables, an endpoint can be allowed onto the network with a specific set of access rules applied to the interface it is connected to, else it can be completely denied or given guest access based on your specific company guidelines.
Cisco ISE Features
Cisco ISE is a security policy management platform that provides secure access to network resources. Cisco ISE functions as a policy decision point and enables enterprises to ensure compliance, enhance infrastructure security, and streamline service operations. Cisco ISE allows enterprises to gather real-time contextual information from networks, users, and devices. The administrator can then use that information to make proactive governance decisions by tying identity to various network elements including access switches, wireless LAN controllers (WLCs), Virtual Private Network (VPN) gateways, and data center switches. Cisco ISE acts as the policy manager in the Cisco TrustSec solution and supports TrustSec software-defined segmentation. Key Functions Cisco ISE is a consolidated policy-based access controlsystem that incorporates a superset of features available in existing Cisco policy platforms. Cisco ISE performs the following functions:
• Combines authentication, authorization, accounting (AAA), posture, and profiler into one appliance
• Provides for comprehensive guest access management for Cisco ISE administrators, sanctioned sponsor administrators, or both
• Enforces endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for all endpoints that access the network, including 802.1X environments
• Provides support for discovery, profiling, policy-based placement, and monitoring of endpoint devices on the network
• Enables consistent policy in centralized and distributed deployments that allows services to be delivered where they are needed
• Employs advanced enforcement capabilities including Trustsec through the use of Security Group Tags (SGTs) and Security Group Access Control Lists (SGACLs)
• Supports scalability to support a number of deployment scenarios from small office to large enterprise environments
• Facilitates TACACS-enabled device administration through its Work Center. The Work Center menu contains all the device administration pages, which acts as a single start point for ISE administrators. However, pages such as Users, User Identity Groups, Network Devices, Default Network Devices, Network Device Groups, Authentication and Authorization Conditions, are shared with other menu options.
Increase Visibility, Control Access, Contain Threats
Get a security policy management platform that automates and enforces context-aware security access to network resources. Cisco Identity Services Engine delivers superior user and device visibility to support enterprise mobility experiences and to control access. It shares data with integrated partner solutions to accelerate their capabilities to identify, mitigate, and remediate threats.
Features and Capabilities
Cisco ISE helps IT professionals conquer enterprise mobility challenges and secure the evolving network across the attack continuum. ISE provides you with several capabilities, some of which are listed below.
Centralize and unify network access policy management to provide consistent, secure access to end users, whether they connect to your network over a wired, wireless, or VPN connection.
Gain greater visibility and more accurate device identification. ISE’s superior device profiling and zero-day device profile feed service provides updated profiles for the latest devices. Combined, these two features help reduce the number of unknown endpoints (and potential threats) on your network.
Implement software-defined segmentation based on enterprise roles by using Cisco TrustSec technology embedded in existing infrastructure. Use Identity Services Engine to create flexible, role-based access control policies that dynamically segment access without added complexity. Traffic classification is based on endpoint identity, which can enable policy change without network redesign.
Simplify guest experiences for easier guest onboarding and administration. Use ISE’s easily-customizable, branded mobile and desktop guest portals to create access in just minutes. ISE’s dynamic visual let you fully manage every aspect of guest access.
For more info on Cisco products and services visit>>>>www.royalctech.com