Product Review: Cisco Identity Services Engine (ISE)
Protecting data and network access is one of the greatest challenges in the business world today, especially with the increasing demand and popularity of cloud networking and working in remote locations – whether that’s from home, a trade show, or an airport across the world. Some of the various defense systems used to protect businesses’ data include firewalls, antivirus software, mobile device management solutions, and vulnerability management tools. These tools, however, aren’t good enough on their own or even when operated simultaneously if they are also operating independently of one another.
Cisco ISE can support monitoring for up to 20,000 endpoints on a given network. This endpoint monitoring allows for extensive device profiling. Cisco ISE can determine the user, time, location, and type of device trying to access the network and then apply relevant policies and appropriate access levels to that device.
Network access control (NAC) products historically managed access for specific devices within a network. More recently, vendors like Cisco have been working towards a next-generation NAC solution to continue to perform essential network access tasks while additionally offering network protection benefits like endpoint visibility, bidirectional communication (uniting IT and various security platforms), contextual awareness, and network orchestration to make all of these components work together seamlessly. Next generation NAC looks to facilitate data sharing between various security devices so that a bigger picture can be easily obtained.
Cisco’s Identity Service Engine (Cisco ISE) offers key next-generation NAC features on top of basic network access control tools. Based on the size of the network and server used, Cisco ISE can support monitoring for up to 20,000 endpoints on a given network. This endpoint monitoring allows for extensive device profiling. Cisco ISE can determine the user, time, location, and type of device trying to access the network and then apply relevant policies and appropriate access levels to that device. Cisco’s pxGrid acts as the framework for ISE by combining all the various NAC components on one screen for IT and security personnel to see and monitor. Users can also tell ISE to stop threats using Cisco Rapid Threat Containment through pxGrid. The network can then be leveraged to kill any suspicious or unauthorized activity with the click of a button on a screen.
Cisco also offers and Express version of ISE (Cisco ISE Express) that acts as an entry-level solution at a discounted price. The Express solution acts as an easy introduction to the full Cisco ISE solution. Key benefits of the Express solution include: multiple access levels, highly secure access (using RADIUS protocol for authentication, authorization and accounting), custom portals, and an easy installation wizard.
Key Features and Specifications
– Control all access from one place using Cisco TrustSec software-defined segmentation
– Increase visibility with more accurate device identification
– Simplify guest experiences through customizable mobile and desktop portals with dynamic visuals
– Accelerate bring-your-own-device (BYOD) and enterprise mobility
– Automatically contain threats with Cisco Rapid Threat Containment and Cisco Firepower Management Center
Frost & Sullivan recognized Cisco with the 2016 Market Leadership Award based on its dominant performance in the NAC market. The details behind this award can be read in this report. Frost & Sullivan compared other NAC providers against Cisco when handing out this award. Though no competitors were mentioned by name, some of the other top NAC providers and long-time Cisco competitors include Aruba Networks and Bradford Networks. Cisco’s huge chunk (~39 percent) of the overall NAC market revenue and advanced technology sets it apart from other competitors and keeps its customer base loyal.
Cisco offers a series of webinars and Cisco Live events online throughout the year in addition to numerous trade shows where you can speak to a representative. Some of the upcoming events for Cisco include the Consumer Electronics Show 2017 in Las Vegas, Nevada (January) and the RSA Conference 2017 in San Francisco, California (February). A full list of upcoming events and details can be found here.
Cisco ISE Overview Video
Cisco ISE Data Sheet
Cisco Medical NAC White Paper
Cisco ISE At-a-Glance
Frost & Sullivan 2016 Global Network Access Control Market Leadership Award