Network security policy management. Cisco Identity Services Engine (CISCO ISE)
CISCO ISE is a policy server that allows us to manage access to a corporate network to all types of users who want to enter the network with a variety of devices from laptops or desktops to ipads and smartphones. That is to say, the devices can be wired, wireless and even remote access through VPN.
Cisco Identity Services Engine(CISCO ISE) performs the functions analogous to those of a company security guard, who stands at the entrance of the organization and checks the authorization of personnel or visitors who want to enter the company.
What is CISCO ISE?
ISE is a centralized policy control solution that through radius authentication of users and integration with LDAP-like user directories, allows network access only to authorized users and can apply policies by user profiles to authorize access to network services appropriate to the profile to which they belong.
This solution also allows to identify the type of device used by the user to access the network and thus apply a policy accordingly, allowing the use of other personal devices of employees providing greater job satisfaction. Identifies user and device.
Other Use Cases: Guest Network
Another ISE use case is guest network access, where there are different ways to manage network access for this type of users. You can enable hotspot zones in the company where guests can connect to the wifi network only by accepting a usage policy to have access to the Internet. Another way is by means of a previous authorization to enter the guest network, and once this is done, their credentials are sent to these users by means of message, mail…
Increase visibility, control access and contain threats
Get a security policy management platform that automates and enforces context-sensitive security on access network resources. Identity Services Engine provides superior visibility into users and devices to support enterprise mobility experiences and control access. It shares data with integrated partner solutions to accelerate their threat identification, mitigation and remediation capabilities.
Features and functionalities
Identity Services Engine helps IT professionals overcome enterprise mobility challenges and protect the evolving network throughout the attack sequence. It provides a variety of capabilities, some of which are listed below.
-
Simplify the experience for temporary users:
for easy integration and management. Use the product’s desktop and mobile temporary user portals, which can be easily customized with your branding, to provide access in minutes. The engine’s dynamic, visual workflows allow you to fully manage every aspect of temporary user access.
-
Streamline the BYOD and enterprise mobility trend
through simple, automated configuration for self-service device integration and management. Identity Services Engine includes an internal certificate authority, support for multi-tenant Active Directory and integrated partner enterprise mobility management (EMM) software.
-
Centralize and unify the management of network access policies to provide uniform and highly secure access.
to end users, whether they connect to your network via wired, wireless or VPN.
-
Gain greater visibility and more accurate device identification.
Identity Services Engine’s superior device profiling functionality and zero-day profile delivery service provide up-to-date profiles for the most advanced devices. Together, these two features help reduce the number of unknown endpoints (and potential threats) on your network.
-
Deploy software-defined segmentation based on business functions
using Cisco TrustSec technology integrated into the existing infrastructure. Use Identity Services Engine to create flexible role-based access control policies that dynamically segment access without adding complexity. Traffic classification is based on endpoint identity, which can enable policy changes without redesigning the network. With support for 250,000 concurrently active endpoints, and up to 1,000,000 registered devices, our product enables enterprises to accelerate mobility projects across the extended network.
In summary, ISE provides greater visibility and control over who, how, where and when they access our corporate network, reducing the risk of misuse of network resources and quickly identifying the location of a user in the event of a security incident.
Don’t hesitate, ask us!
