Data is an asset to your business, but it’s also a threat. Your employees are demanding access to your work resources from more devices, and more outside networks than ever. This puts pressure on IT, increases your attack surface, and exposes your corporate network to threat vectors.To narrow your exposure and reduce risk, Cisco has come up with a new approach to managing and securing the enterprise network – Cisco Identity Services Engine (ISE).
Visibility, Control, and Security – All in One
Of course, you can’t control what you can’t see. And if you can’t control it, you can’t secure it. Getting ahead of threats requires visibility into the users, devices, and applications that access your network. It also requires achieving control to ensure that the right people and trusted devices get the appropriate level of access to your network services.
That’s what ISE does. It provides an unprecedented level of visibility into who and what is on your network – down to a mind-blowing level of granularity. From a single dashboard you can see contextual details about everyone and every device that logs onto your network. This includes user name, the device and OS system they’re using, their location, when they accessed the network, how, and contact information.
How it Works
Using this contextual identity information, ISE enforces a highly secure access policy that matches the individual’s business role. Highly controllable, IT admins can then apply precise controls over who, what, when, where, and how endpoints are allowed on the network. Policies are then enforced by multiple mechanisms, including software-defined segmentation using Cisco TrustSec. Users and endpoints gain access on a least privilege policy that’s constantly maintained as resources move across domains. And, if threats are detected, they’re immediately stopped by directing ISE to quarantine a user or device for rapid threat containment.
ISE also shares vital contextual data as well as additional insight into potential threats and vulnerabilities with integrated solutions from Cisco ISE technology partners, so you can automatically identify, contain, and remediate threats faster.
All this is delivered through a simple, intuitive graphical interface that distributes enforcement across the entire network and security infrastructure. From here you can centrally define a policy that differentiates guests from registered users and devices. This extensive policy enforcement also makes it easier to manage switch, router, and firewall rules and has been shown to reduce IT ops by 80% and increase time to implement changes by 98%.
From coffee shop-style hotspot access, self-registered access, or sponsored access, ISE also gives you the ability to implement and customize guest network access with corporate-branded guest experiences. It also supports BYOD policies. Users benefit from self-service device onboarding to the business policies defined by your network and security admins – without IT intervention.
Quickly Set Up ISE Services with Cisco DNA
ISE is strongly integrated with Cisco Digital Network Architecture (DNA) Center. This means that you can quickly set up ISE services such as guest and BYOD quickly and easily throughout the network. Cisco DNA also speeds deployment – making it easy to design, provision, and apply policy across the network in a matter of minutes, not days. Plus, instead of applying policy to network devices, DNA Center and ISE make it possible to apply it to users and applications while automating end-to-end segmentation.
Why Cisco ISE?
Many security network technologies lack user identity or device type as part of their operations. Reacting when you do not know critical details impedes productivity and raises costs. Recognized as one of the industry’s leading integrated and open platforms, Cisco ISE provides context at scale for actionable intelligence on a single pane of glass.
In summary, it delivers the following benefits:
- Ubiquitous software-defined access for internal customers
- Greater endpoint visibility and more accurate device identification
- Streamlined network access management
- Centralized and unified highly-secure access control
- Robust guest experiences
- Greater visibility of industrial IoT devices
- Enhanced PCI compliance
- And more.
Contact us to learn more about how Cisco ISE delivers a centralized security solution that automates context-aware access to connect trusted devices with trusted services.