Network Security Policy Management with Cisco ISE
Cisco ISE is a network access policy server. It allows you to manage who enters your corporate network and from which device. It supports laptops, desktops, tablets, and smartphones. Furthermore, it works for wired and wireless connections as well as remote access via VPN.
In short, Cisco Identity Services Engine (CISCO ISE) acts as a security guard at your company’s door. It verifies the identity of every user or visitor before granting access. However, it does so in an automated way and at scale.
What is Cisco ISE?
ISE is a centralized policy control solution. It works by verifying user identity (authentication) via RADIUS. Additionally, it integrates with LDAP-type user directories, such as Active Directory. In this way, only authorized users can access the network.
On the other hand, ISE can apply different policies according to the user profile. That is, each person only accesses the resources that correspond to them. It also identifies the type of device the employee is using. Thus, it is possible to allow the use of personal mobile devices securely, which improves team satisfaction.
Use case: guest network
Another common use of ISE is the management of visitor networks. In this case, there are several ways to grant access. For example, you can enable hotspot zones where the guest simply accepts a usage policy to connect to the Internet. You can also opt for prior authorization. In that case, the system sends the credentials to the visitor via SMS or email.
Visibility, control, and threat protection
Cisco ISE offers a security policy management platform that automates network access. Additionally, it applies contextual security: it takes into account who is accessing, from where, and with what device. Consequently, the company gains total visibility over its network and can control access effectively.
Likewise, ISE shares data with third-party solutions. This allows for faster threat detection and automatic incident response.
Features and functionalities
Cisco ISE helps IT teams manage enterprise mobility and protect the network. Its main functionalities are described below.
-
Simplified guest user management
ISE includes customizable portals for guest users, both on desktop and mobile. Thanks to its visual workflows, you can manage every aspect of access in just a few minutes.
-
Support for personal devices (BYOD)
The solution facilitates the automatic integration of personal devices. It includes an internal certificate authority, support for Active Directory, and compatibility with enterprise mobility management tools.
-
Centralized network access policy management
With ISE, you can centralize and unify access policies. The result is secure and consistent access for all users, whether via cable, WiFi, or VPN.
-
Accurate device identification
ISE creates detailed profiles of each connected device. Additionally, it receives automatic updates to recognize the latest equipment. This reduces unknown devices on the network and, therefore, potential threats.
-
Network segmentation without redesigning infrastructure
Thanks to Cisco TrustSec technology, ISE allows the network to be divided into segments according to the user profile. There is no need to redesign the existing network. Policies are applied dynamically based on device identity. The solution supports up to 250,000 active devices and up to 1,000,000 registered ones.
In short, ISE gives you visibility and control over who accesses your network, how they do it, from where, and when. This reduces the risk of resource misuse and facilitates the quick location of users in the event of a security incident.
Have questions? Contact us without obligation!
