Cisco ISE Identity Services Engine Overview

The Cisco Identity Services Engine (ISE) is your one-stop solution to streamline security policy management and reduce operating costs. With ISE, you can see users and devices, controlling access across wired, and wireless VPN connections, and 5G connections to the corporate network.

Cisco ISE Product Overview

Cisco ISE enables and allows you to provide highly secure network access control to users and mobile devices. It helps you gain visibility into what is happening in your network, such as who is connected, which applications are installed and running, and much more. It also shares vital contextual data, such as user and device identities, threats, and vulnerabilities with integrated solutions from Cisco technology partners, so you can identify, contain, and remediate threats faster.

Customer Advantages

Highly secure business and context-based access based on your company policies. ISE works with network devices to create an all-encompassing contextual identity with attributes such as user, time, location, threat, vulnerability, and access type. This identity can be used to enforce a highly secure access policy that matches the identity’s business role. IT administrators can apply precise controls over who, what, when, where, and how endpoints are allowed on the network. ISE uses multiple mechanisms to enforce policy, including Cisco Security Group software-defined segmentation.

Streamlined network visibility through a simple, flexible, and highly consumable interface. ISE stores a detailed attribute history of all the endpoints that connect to the network as well as users (including types such as guests, employees, and contractors) on the network, all the way down to endpoint application details and firewall status.

Extensive policy enforcement that defines easy, flexible access rules that meet your ever-changing business requirements. All are controlled from a central location that distributes enforcement across the entire network infrastructure and security infrastructure. IT administrators can centrally define a policy that differentiates guests from registered users and devices. Regardless of their location, users and endpoints are allowed access based on role and policy. Cisco Security Group Tags (SGT) allows organizations to base access control on business rules and not IP addresses or network hierarchy. These SGTs give users and endpoints access, on a least privilege policy, that is constantly maintained as resources move across domains. Managing switch, router, and firewall rules become easier and have been shown to help reduce IT Operations by 80% and increase time to implement changes by 98%.

Robust guest experiences that provide multiple levels of access to your network. You can provide guest access through a coffee shop-type hotspot access, self-service registered to access, or sponsored access. ISE provides you with the ability to highly customize various guest portals through an on-box or cloud-delivered portal editor that provides dynamic visual tools. You can see real-time previews of the portal screen and the experience a guest would have connecting to the network.

Self-service device onboarding for the enterprise’s Bring-Your-Own-Device (BYOD) or guest policies. Users can manage devices according to the business policies defined by IT administrators. The IT staff will have the automated device provisioning, profiling, and posturing needed to comply with security policies. At the same time, employees can get their devices onto the network without requiring IT assistance.

Cisco DNA Center Integration

Cisco DNA Center is the foundational controller and analytics platform at the heart of Cisco’s Intent-based Network. Cisco DNA Center simplifies network management and allows one to quickly set up various ISE services such as Guest and BYOD quickly and easily throughout the network, Cisco DNA Center also makes it easy to design, provision, and apply the policy in minutes, not days across the network. Analytics and assurance use network insights to optimize network performance. Cisco DNA Center integrates with ISE 2.3 or uses pxGrid to deploy group-based secure access and software-defined network segmentation based on business needs. With Cisco DNA Center and ISE, the policy can be applied to users and applications instead of to network devices. Security Group Policy (based on groups) provides software-defined segmentation to control network access, enforce security policies, and meet compliance requirements.

Automated device-compliance checks for device posture and remediation options using the Cisco AnyConnect® Unified Agent. The AnyConnect agent also provides advanced VPN services for desktop and laptop checks. ISE also integrates with market-leading Mobile Device Management/Enterprise Mobility Management (MDM/EMM) vendors. MDM integration helps ensure that a mobile device is both secure and policy compliant before it is given access to the network.

The ability to share user and device details throughout the network. Cisco pxGrid (Platform Exchange Grid) technology is a robust platform that you can use to share a deep level of contextual data about connected users and devices with Cisco and Cisco Security Technical Alliance solutions. ISE’s network and security partners use this data to improve their own network access capabilities and accelerate their ability to identify, mitigate, and rapidly contain threats.

Central network device management using TACACS+. Cisco ISE allows you to manage network devices using the TACACS+ security protocol to control and audit the configuration of network devices. ISE facilitates granular control of who can access which network device and change the associated network settings.

Integrated Solutions

Cisco pxGrid is a highly scalable IT clearinghouse for multiple security tools to communicate automatically with each other in real-time. With Cisco ISE 2.4 we introduced pxGrid 2.0, which provides a new WebSockets client and removes dependencies on underlying operating systems and languages. More than 50 integrations are available from Cisco and third-party vendors, notably Cisco Industrial Network Director (IND), which uses pxGrid to provide OT endpoint information to ISE. Additionally, pxGrid is used to share IP-to-SGT information about endpoints allowing security products to apply Security Group access control using SGTs. With ISE 3.1, pxGrid 1.0 connections are no longer supported.

RTC enables rapid threat containment to simplify and automates network mitigation and investigation actions in response to security events. It integrates Cisco ISE and Cisco security technology partner solutions in a broad variety of technology areas. With Threat-Centric Network Access Control (TC-NAC), it can change user access based on CVSS vulnerability and STIX threat scores. With the Cisco pxGrid Adaptive Network Control (ANC), gives you the ability to reset the network access status of an endpoint to quarantine, unquarantine, bounce, or shut down a port.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: