Categories
CCNP Enterprise Core (350-401) Cisco Security

Cisco Identity Services Engine (ISE)

Cisco Identity Services Engine is a security management platform that provides network access control to users and devices across wired, wireless and VPN connections.

It allows for visibility of what is happening inside of the network, such as who is connected (endpoints, users, and devices), applications that are installed and running on endpoints plus more.

Some of the most important features of Cisco Identity Services Engine:

Streamlined Network Visibility

A simple web based interface, ISE can store a detailed attribute history of all devices, endpoints, and users

Cisco Digital Network Architecture (DNA) Centre Integration

Cisco DNA Centre is the intent-based network controller and analytics platform.

It makes it easy to design, provision and apply policy across the network

With DNA Centres integration into Cisco ISE, it can apply TrustSec software-defined segmentation through SGT tags and Security Group Access Control Lists.

Centralised Secure Network Access Control

ISE supports the RADIUS protocol. RADIUS is required to enable 802.1x, EAP, MAB and local and centralised WebAuth for consistent control for wired, wireless and VPN networks.

Centralised Device Access Control

ISE supports TACACS+, required for AAA device access control services.

Cisco TrustSec

ISE implements Cisco TrustSec policy for software-defined secure segmentation through SGT tags, SGACLs and SXP.

Guest Lifecycle Management

Cisco ISE can be used to create customisable guest user web portals for Web Authentication.

Streamlined Device Onboarding

Automates 802.1x supplicant provisioning and certificate enrolment. Integrates with mobile device management and enterprise mobility management venders for compliance and enrollment.

Internal Certificate Authority

ISE can act as an internal certificate authority

Device Profiling

ISE can profile devices and associate them with a endpoint specific policy based on the device type

Endpoint Posture Service

Cisco ISE can check endpoints to make sure they are compliant. This includes checking if the device has the latest operating system patch, see if a firewall is enabled, check for disk encryption and mobile locks.

Devices that to not much posture checking can be put into an remediation network until they can become compliant.

Active Directory Support

ISE can integrate with Active Directory 2003, 2008, 2008R2, 2012, 2012R2 and 2016

Cisco Platform Exchange Grid (pxGrid)

The Cisco Platform Exchange Grid exchanges contextual information using a single API between different Cisco platforms as well as another 50 technology partners.

pxGrid is an Internet Engineering Task Force framework that makes it possible to automatically and quickly identify, contain, mitigate and remediate security threats across a network.

Cisco ISE is a central pxGrid controller, known as a pxGrid Server, and all Cisco plus third party platforms can interface with it to publish, subscribe to, and query contextual information.

There are two versions of pxGrid.

pxGrid 1.0 is released with ISE 1.3 and is based on the Extensible Messaging and Presence Protocol (XMPP)

pxGrid 2.0 uses WebSocket and REST API over Simple Text Oriented Message Protocol (STOMP) 1.2

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.