Network security policy management. CISCO ISEMaria Cruz Alcocer
Network security policy management. Cisco Identity Services Engine (CISCO ISE)
CISCO ISE is a policy server that allows us to manage access to a corporate network for all types of users who want to enter the network with a wide variety of devices from laptops or desktops to ipads and smartphones. That is, the devices can be wired, wireless and even remote access through VPN.
Cisco Identity Services Engine (CISCO ISE) performs the functions analogous to those of a security guard of the company, who is at the entrance of the organization and reviews the authorization of the staff or visitor who wants to enter the company.
What is CISCO ISE?
ISE is a solution of centralized policy control that by means of the authentication via radius of the users and the integration with LDAP-type user directories, allows network access only to authorized users and can apply policies by user profiles to authorize access to network services appropriate to the profile to which it belongs.
This solution also allows the power identify device type that the user uses to enter the network and in this way apply a policy accordingly, allowing the use of other personal devices of the employees, providing them with greater job satisfaction. Identify user and device.
Other USE Cases: Guest Network
Another use case for ISE is the access to the guest network, where there are different ways of managing access to the network for this type of user. You can enable zones in the hotspot-type company where guests connect to the Wi-Fi network only by accepting a usage policy to access the Internet. Another way is by prior authorization to enter the guest network, and once this is done, their credentials are sent to these users by message, mail …
Increase Visibility, Control Access, and Contain Threats
Get a security policy management platform that automates and applies context-sensitive security to access network resources. Identity Services Engine provides superior visibility into users and devices to support enterprise mobility experiences and control access. Share data with integrated partner solutions to accelerate your threat identification, mitigation, and remediation capabilities.
Features and functionalities
Identity Services Engine helps IT professionals overcome business mobility challenges and protect the evolving network throughout the attack sequence. It provides various functionalities, some of which are listed below.
Simplify the Temporary User Experience:
to facilitate its integration and administration. Use the product’s mobile and desktop temporary user portals, which can be easily customized with your brand, to provide access in just minutes. The engine’s dynamic and visual workflows fully manage every aspect of guest access.
Accelerate BYOD Trend and Business Mobility
through simple and automated configuration for self-service device integration and management. Identity Services Engine includes an internal certificate authority, support for multi-forest Active Directory, and integrated partner enterprise mobility management (EMM) software.
Centralize and unify network access policy management to provide highly secure and consistent access
to end users, whether they connect to your network via wired, wireless or VPN connection.
Get greater visibility and more accurate device identification .
Identity Services Engine’s superior device profiling functionality and zero-day profile delivery service provide up-to-date profiles for the most advanced devices. Together, these two features help reduce the number of unknown endpoints (and potential threats) on your network.
Implement software-defined segmentation based on business functions
using technology Cisco TrustSec integrated into existing infrastructure. Use Identity Services Engine to create flexible role-based access control policies that dynamically segment access without adding complexity. Traffic classification is based on the identity of the endpoints, which can enable policy changes without redesigning the network. With support for 250,000 concurrent active endpoints, and up to 1,000,000 registered devices, our product enables companies to accelerate mobility projects across the extended network.
In summary, ISE allows greater visibility and control over who, how, where and when enters our corporate network, reducing the risk of misuse of network resources and quickly identifying the location of a user in the event of an incident of security.