Administration of network security policies. CISCO ISEMaria Cruz Alcocer
Administration of network security policies. Cisco Identity Services Engine (CISCO ISE)
CISCO ISE is a policy server that allows us to manage access to a corporate network to all types of users who want to enter the network with a variety of devices from laptops or desktops to iPads and smartphones. In other words, the devices can be wired, wireless and even remote access through VPN.
Cisco Identity Services Engine (CISCO ISE) performs the functions analogous to those of a security guard of the company, who is at the entrance of the organization and reviews the authorization of the staff or visitor who wants to enter the company.
What is CISCO ISE?
ISE is a centralized policy control solution that by means of the user’s radius authentication and the integration with LDAP user directories, allows access to the network only to authorized users and can apply policies by user profiles to authorize access to network services appropriate to the profile to which it belongs.
This solution also allows to identify the type of device that the user uses to enter the network and thus apply a policy according to this, allowing the use of other personal devices of the employees, providing them with greater job satisfaction. Identify user and device.
Other cases of USE: Guest network
Another of the ISE use cases is the access to the guest network, where there are different ways to manage access to the network of this type of users. You can enable zones in the company type hotspot where guests connect to the Wi-Fi network only accepting a policy of use to access the Internet. Another way is through a prior authorization to enter the guest network, and once this is done, their credentials are sent to these users by means of message, mail …
Increase visibility, control access and contain threats
Obtain a security policy management platform that automates and applies context sensitive security to access network resources. Identity Services Engine offers superior visibility of users and devices to support business mobility experiences and control access. Share data with integrated partner solutions to accelerate your identification, mitigation and threat correction capabilities.
Characteristics and functionalities
Identity Services Engine helps IT professionals overcome business mobility challenges and protect the evolving network throughout the attack sequence. It provides various functionalities, some of which are indicated below.
Simplify the experience of temporary users:
to facilitate its integration and administration. Use the portals for temporary users of the product’s desktop and mobile devices, which can be easily customized with your brand, to provide access in just minutes. Visual and dynamic engine workflows allow you to fully manage every aspect of temporary user access.
Streamline the BYOD trend and business mobility
through a simple and automated configuration for the integration and administration of self-service devices. Identity Services Engine includes an internal certification authority, support for Active Directory multibosque and integrated business mobility management (EMM) software for partners.
Centralize and unify the administration of network access policies to provide uniform and highly secure access
to the end users, whether they connect to their network through a wired, wireless or VPN connection.
Get more visibility and more accurate device identification.
The superior device profiling functionality and Identity Services Engine’s zero-day profile delivery service provide updated profiles for the most advanced devices. Together, these two features help reduce the number of unknown terminals (and potential threats) in your network.
Implement software-defined segmentation based on business functions
using Cisco TrustSec technology integrated in the existing infrastructure. Use Identity Services Engine to create flexible access control policies based on functions that dynamically segment access without adding complexity. The classification of traffic is based on the identity of the terminals, which can enable changes in the policy without redesigning the network. With support for 250,000 simultaneous active terminals, and up to 1 000 000 registered devices, our product allows companies to accelerate mobility projects throughout the extended network.
In summary, ISE allows greater visibility and control over who, how, where and when it enters our corporate network, reducing the risk of misuse of network resources and quickly identifying the location of a user in the event of an incident security.