Cisco ISE is Cisco’s Identity Services Engine, and it is at the heart of Cisco’s Digital Network Architecture strategy to provide visibility and security in the most demanding Enterprise networks.
Background: Cisco ISE
Of course, other Radius/TACACS servers have some similar features and capabilities, but there are some distinctive features that Cisco ISE provides that put it in a different league.
Surprisingly, Cisco ISE remains simple to operate, whether you deploy it on one server, or 50 servers.
ISE is a fundamental part of the whole SDA Fabric eco system - without ISE you don't have the capability to authenticate - and authorize - based on the users identify.
Have a read of our associated blog on Zero Trust Architecture - ISE is a fundamental part of this eco-system.
As we move to the micro-segmented world of Zero Trust, this is going to be increasingly important.
What makes Cisco ISE Unique
Here are the Top 5 Features with Cisco ISE that are unique and make the platform stand out from the rest
Arne Bier, our resident Cisco ISE expert takes us through the Top 5 Cisco ISE Features.
1. Best Profiling Available on the Market
Over 1000 device profiles out of the box to quickly identify what devices are on your network, and the ability to create your own profiles.
Profiles are a handy way to deal with the proliferation of devices on the network that may otherwise require special treatment to be identified and granted access to the network.
This powerful profiling ability ensures better reporting of what device types are on the network, and also to build Cisco ISE policies that easily classify devices into their respective segments.
Best of all, Cisco ISE allows end users to define their own profiles with almost endless capabilities.
A somewhat overlooked feature in Cisco ISE, but very compelling. Many enterprises aspire to segment their network based on user categories, but may be put off deploying certificate based authentication using 802.1X due to the complexity involved in managing the client certificates.
Cisco ISE can dynamically place the user in the correct secure VLAN as soon as they login to AD.
The gold standard is still 802.1X but for some customers EasyConnect may be the first feasible step in the right direction to secure their network.
Cisco ISE web Portals are highly customisable and the job of creating appealing web portals does not have to be done by the Cisco ISE admin teams, whose expertise may lie elsewhere. PortalBuilder is a Cisco free web service that allows the creative teams to build the web pages offline, and make the web content available for the Cisco ISE teams to deploy within the product.
TrustSec is built into Cisco ISE to allow Network Access Policies to be built, regardless of how the user accessed the network.
Cisco ISE can do this without involving changes to the firewalls, making this a flexible technology to help secure your network.
- Prototyping RADIUS Policies (EAP-TLS, PEAP)
5. Ecosystem Integration
The conversation of Network Access Control mainly revolves around securing the network from users.
Cisco ISE also supports MAC Security (MACsec) to secure the physical links between networking devices are dynamically secured. In addition, Cisco ISE has built in support to detect and contain client devices that exhibit strange networking behavior (e.g. printers that now report to be a Windows client), without the need of an agent in some cases.
When combined with Cisco AnyConnect agent on end devices, then full posture and remediation integration is available to quarantine users whose security posture does not meet requirements.
Cisco ISE: Top 5 Features: Conclusion
Cisco ISE is not simply a Radius or TACACS point-product from Cisco.
It offers some unique selling points that sometimes get missed out when reading the standard marketing blurbs in the trade press. Cisco ISE enjoys a large portion of the Enterprise market share, and it has a thriving community of online supporters worldwide.
If you're interested to know more about the Cisco ISE lifecycle, we also have a blog which covers this topic.ASSOCIATED BLOGS:
- Security and Authentication
- Prototyping RADIUS Policies
- Zero Trust Architecture
- Deploying Zero Trust Architecture
Cisco ISE: Can we help?
All images were taken from the Cisco ISE Blog