- Posted by Duografik
- On March 1, 2019
- 0 Comments
Why Cisco ISE?
Cisco ISE is Cisco’s Identity Services Engine, and it is at the heart of Cisco’s Digital Network Architecture strategy to provide visibility and security in the most demanding Enterprise networks.
What makes Cisco ISE unique in a sea of alternatives?
Of course, other Radius/TACACS servers have some similar features and capabilities, but there are some distinctive features that Cisco ISE provides that put it in a different league.And surprisingly, Cisco ISE remains simple to operate, whether you deploy it on one server, or 50 servers.
Here are five unique aspects that make Cisco ISE stand out from the rest
Best profiling available on the market
Over 1000 device profiles out of the box to quickly identify what devices are on your network, and the ability to create your own profiles. Profiles are a handy way to deal with the proliferation of devices on the network that may otherwise require special treatment to be identified and granted access to the network. This powerful profiling ability ensures better reporting of what device types are on the network, and also to build Cisco ISE policies that easily classify devices into their respective segments.Best of all, Cisco ISE allows end users to define their own profiles with almost endless capabilities.
A somewhat overlooked feature in Cisco ISE, but very compelling.Many enterprises aspire to segment their network based on user categories, but may be put off deploying certificate based authentication using 802.1X due to the complexity involved in managing the client certificates. EasyConnect is an alternative to 802.1X by leveraging the Cisco ISE integration with Microsoft Active Directory. Cisco ISE can dynamically place the user in the correct secure VLAN as soon as they login to AD.The gold standard is still 802.1X but for some customers EasyConnect may be the first feasible step in the right direction to secure their network.
Cisco ISE web Portals are highly customisable and the job of creating appealing web portals does not have to be done by the Cisco ISE admin teams, whose expertise may lie elsewhere. PortalBuilder is a Cisco free web service that allows the creative teams to build the web pages offline, and make the web content available for the Cisco ISE teams to deploy within the product.
Adding secure access from any location (wired, wireless, VPN) without needing to change firewall policies – TrustSec is built into Cisco ISE to allow Network Access Policies to be built, regardless of how the user accessed the network – and without involving changes to the firewalls.
The conversation of Network Access Control mainly revolves around securing the network from users.But Cisco ISE also supports MAC Security (MACsec) to secure the physical links between networking devices are dynamically secured. In addition, Cisco ISE has built in support to detect and contain client devices that exhibit strange networking behavior (e.g. printers that now report to be a Windows client), without the need of an agent in some cases.And when combined with Cisco AnyConnect agent on end devices, then full posture and remediation integration is available to quarantine users whose security posture does not meet requirements.
Cisco ISE is not simply a Radius or TACACS point-product from Cisco.It offers some unique selling points that sometimes get missed out when reading the standard marketing blurbs in the trade press. Cisco ISE enjoys a large portion of the Enterprise market share, and it has a thriving community of online supporters worldwide.
If you need any help with Cisco ISE, drop us a line at email@example.com
All images were taken from Cisco ISE Blog, https://blogs.cisco.com/enterprise/enterprise-netw…