Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE) - Image 2
Cisco Identity Services Engine (ISE) - Image 3
Cisco Identity Services Engine (ISE) - Image 4
,

Cisco Identity Services Engine (ISE)

Availability:

Available on backorder
Compare

Cisco ISE is a next-generation NAC solution that enforces Zero Trust access control, providing pervasive visibility, dynamic policy enforcement, and automated threat containment for wired, wireless, and VPN networks, with seamless integration into Cisco and third-party ecosystems.

Compare

Cisco ISE is a policy-based security platform that provides centralized control over network access across wired, wireless, VPN, and 5G connections. It ensures that only trusted users and devices access network resources by leveraging contextual data such as user identity, device type, location, security posture, and access type. ISE supports Zero Trust principles by continuously verifying trust, enforcing granular policies, and automating threat containment. It integrates with Cisco and third-party security solutions to enhance visibility, streamline operations, and mitigate risks from IoT, BYOD, guest, and corporate devices. Key capabilities include authentication (802.1X, MAB, WebAuth), device profiling, posture assessment, and software-defined segmentation using Cisco Security Group Tags (SGTs).

SKU: CISCO-ISE Categories: , Tags: , , , , , , , , , , , , , , , , , , , , , , , , , Brand:
  • Architecture:
    • Deployment Nodes:
      • Policy Administration Node (PAN): Configures policies and system settings, pushing changes to Policy Service Nodes.
      • Policy Service Node (PSN): Handles authentication, authorization, profiling, posture, and guest services.
      • Monitoring Node (MnT): Collects logs and generates reports for troubleshooting.
      • pxGrid Node: Shares contextual data with Cisco and third-party systems via Cisco pxGrid (supports pxGrid 2.0 with WebSockets).
    • Deployment Options: Physical appliances (SNS-3600 series), virtual appliances (VMware, AWS, Azure, OCI), or cloud-native deployments.
    • Scalability: Supports single-node (all personas) or distributed multi-node clusters for redundancy and high availability (active/passive or active/active).
  • Authentication:
    • Protocols: 802.1X, MAB, Web Authentication, EAP (EAP-MD5, PEAP, EAP-FAST, EAP-TLS, EAP-TTLS, TEAP), PAP, MS-CHAP.
    • Unique Feature: Supports EAP chaining for machine and user credentials.
    • Integrations: Active Directory, LDAP, SAML 2.0, ODBC, RSA SecurID, and other IdPs.
  • Authorization:
    • Mechanisms: VLAN assignments, downloadable ACLs (dACLs), named ACLs, Security Group Tags (SGTs), Security Group ACLs (SGACLs), URL redirects.
    • Policy Enforcement: Role-based, context-aware policies using attributes (user, device, location, posture, threat).
  • Profiling:
    • Methods: Device Sensor (CDP, LLDP, DHCP, HTTP via Cisco switches/WLCs), Deep Packet Inspection (DPI) for advanced visibility, and Passive Identity Connector for syslog/Kerberos data.
    • Tracks: Device type, manufacturer, capabilities, and application details.
  • Posture Assessment:
    • Checks: Compliance with security policies (e.g., antivirus, OS updates, firewall status).
    • Methods: Agent-based (Cisco AnyConnect) or agentless (temporal web agent via ActiveX/Java).
    • Dynamic Updates: Adjusts policies based on posture changes or threat scores (CVSS, STIX).
  • Segmentation:
    • Cisco TrustSec: Uses SGTs for software-defined segmentation, reducing reliance on VLANs/ACLs.
    • Reduces IT operations by up to 80% and change implementation time by 98%.
  • Threat Containment:
    • Threat-Centric NAC (TC-NAC): Adjusts access based on CVSS vulnerability and STIX threat scores.
    • Adaptive Network Control (ANC): Quarantines, unquarantines, bounces, or shuts down ports.
    • Integrations: Over 100+ Cisco and third-party products (e.g., SourceFire FireAMP, Qualys, CrowdStrike) via pxGrid.
  • Guest Access:
    • Portals: Hotspot, self-registration, sponsored access, customizable via on-box or cloud portal editor.
    • Features: SAML 2.0 self-service, automated onboarding for BYOD.
  • Visibility:
    • Stores detailed endpoint and user histories (e.g., applications, firewall status, connection types).
    • Real-time dashboards and logs for monitoring and troubleshooting.
  • Integrations:
    • Cisco Products: DNA Center, Catalyst Center, Secure Firewall, AnyConnect, Umbrella, Secure Network Analytics.
    • Third-Party: Microsoft Azure AD, ServiceNow, Splunk, Qualys, and more via pxGrid or REST APIs.
  • Standards and Certifications:
    • FIPS 140-2, Common Criteria, Unified Capabilities Approved Product List.
    • IPv6-ready for RADIUS, TACACS+, REST API, DNS, NTP, and management.
  • Certificate Management:
    • Internal Certificate Authority (CA) for managing endpoints and certificates.
    • Supports OCSP for certificate status and automatic revocation.
  • Licensing:
    • Essentials: Guest access, secure wireless, basic asset visibility.
    • Advantage: SGT/SGACL, advanced visibility, BYOD onboarding, threat containment, segmentation.
    • Premier: Device compliance analysis, posture assessment.
    • Device Admin: Per PSN for network device administration (TACACS+).
    • Terms: 1, 3, or 5-year subscriptions; 90-day trial (100 endpoints).
    • Smart Licensing via Cisco Smart Software Manager (CSSM).
  • Cloud Support:
    • AWS, Azure, OCI for cloud-native deployments.
    • Infrastructure as Code (IaC) for automated hybrid deployments.
  • Performance:
    • SNS-3655: Mid-size deployments, supports thousands of concurrent endpoints.
    • SNS-3695: Large-scale enterprise, high availability, and failover.
    • Virtual appliances scale based on allocated resources (CPU, RAM, storage).

Related products

Select at least 2 products
to compare