Cisco Identity Services Engine (ISE)

Cisco Identity Services Engine

Identity Services Engine formerly known as Policy Services Engine is Cisco’s unified solution for security policy management. ISE will enable you to allow secure network access to your organisations users, devices and guests.

Once deployed ISE can work with your network devices to build contextual identities based on attributes collected from your users and endpoints.

Book a Consultation

The Cyber Security Breaches Survey of 2020 reports that 46% of all UK businesses experienced cyber security breaches or attacks over the 12 months prior. Much like in previous years this figure increases with the size of the organisation with 68% of medium businesses (50 to 249 employees) and 75% of large businesses (250+ employees) reporting incidents.

Of the 46% one in five reported material outcomes (loss of money or data) and two in five were negatively impacted in some way (forced to introduce new security measures, divert resources etc.)

In a post pandemic world where over a quarter of UK employees are expecting to continue working from home and with over half of UK businesses allowing employees to regularly use their own personal devices for work, how can you maintain full visibility and control over the network?

The centrepiece in zero-trust security for the workplace

BYOD (Bring your own device)

Allow users to register their own devices to the network via a simple onboarding process.

Secure Wired Access

Enable secure network access based upon the identity of the connecting user and place them into the required VLAN regardless of the switchport they connect to.

DNA Centre Integration

ISE can fully integrate with Cisco DNA Centre to allow you to quickly and easily setup ISE services and policies that can be deployed across the network.

What can ISE do for you?

Secure Wireless and Guest Access

Allow guests to effortlessly gain access to the network via the use of Guest Portals that can be designed with various methods including Hotspot, Self-Registration or Sponsored access.

Asset Visibility

ISE can profile the devices on your network to gain information from them such as device type, device capabilities and manufacturer. This can enable ISE to differentiate between corporate guest or IoT devices and allow the appropriate level of network access to them.

Software Defined Network Segmentation

ISE can enable you to move away from traditional VLAN/ACL based segmentation that relies on the network topology. By leveraging Cisco TrustSec and Security Group Tags you can define access control policies that will maintain the desired segmentation even as resources are moved on the network.

Security Integrations

pxGrid technology allows ISE to share contextual information about connected users and devices to other Cisco security products and compatible third-party systems; thereby further enhancing their capabilities and accelerating their ability to identify and mitigate threats.

Compliance and Posture

Using Cisco AnyConnect or other Mobile Device Management/Enterprise Mobility Management agents you can automate device compliance and posture checks to ensure that a device meets the specified requirements before network access will be allowed.

Threat-Centric Network Access Control

Vulnerability and threat adaptors such as SourceFire FireAMP or Qualys can be configured to send Indications of Compromise (IoC), Threat Detected events and CVSS scores to ISE so that threat-centric policies can be created to alter the privileges and access of an endpoint accordingly.

Device Administration

ISE can be used as a TACACS+ or Radius server to enable secure identity-based access and authorisation to your network devices.

Cisco Identity Services Engine (ISE)