Product Information
The enterprise network today no longer sits within four secure walls. Employees today demand access to enterprise resources and their work via more mediums than ever before - by personal laptop from home networks, by tablets, and by smartphones. Mobility is a real game-changer, and enterprise networks need to grant access to this mobile workforce to keep workers productive. However, the shadow of security threats, data breaches, and the subsequent effects on the company still looms large.
At the same time, IT professionals are being tasked with supporting these enterprise mobility initiatives on tighter budgets and under the watchful eye of government, regulatory, and other compliance requirements. These requirements demand visibility into network access and tighter controls. Security point solutions are often distributed and deployed in larger numbers across the entire enterprise network - from wired to wireless to remote access.
- Rigorous identity verification
Identity Services Engine (ISE) offers the industry's first device profiler to identify each device; match it to its user or function and other attributes, including time, location, and network; and create a contextual identity so IT can apply granular control over who and what is allowed on the network. An automated device feed service updates ISE in real time to ensure that new devices can be identified as soon as they are released to the market. - Extensive policy enforcement
ISE enables the organization to define access policy rules easily and with great flexibility to meet the ever-changing business requirement needs of the enterprise. For example, IT administrators can define policy in ISE that differentiates guest users/devices versus registered users/devices. Guest users receive limited access across the entire network, while registered users receive their policy-designated access. Further, policy in ISE can ensure that only trusted or compliant devices from registered users access the network. Based on the user's or device's contextual identity, ISE sends secure access rules to the network point of access, so IT is assured of consistent policy enforcement from wherever the user or device is trying to access the network. - Security compliance
A single dashboard simplifies policy creation, visibility, and reporting across all company networks, which makes it easy to validate compliance for audits, regulatory requirements, and mandated federal 802.1X guidelines. - Self-service device onboarding
ISE gives IT flexibility in deciding how to implement an enterprise's BYOD or Guest policies. ISE provides a self-service registration portal for users to register and provision new devices - according to the business policies defined by IT - automatically. This permits IT to get the automated device provisioning, profiling, and posturing it needs to comply with security policies while keeping it extremely simple for employees to get their devices onto the network without IT's help. - Automated device compliance checks
Provides device posture check and remediation options, including integrations with many market-leading mobile device management (MDM) solutions as well as the lightweight Cisco NAC Client for desktop/laptop checks. Users can easily keep their devices secure and policy-compliant. - Dependable anywhere access
ISE provisions policy on the network access device in real-time, so mobile or remote users can get the same consistent access to their services as they would from wired and wireless, from wherever they enter the network. - Operational efficiency
Onboarding and security automation, central policy control, visibility, troubleshooting and integration with Cisco Prime ensures that IT and the helpdesk will spend far less time on user and network security fixes. - Embedded enforcement
Device-sensing capabilities are built into most Cisco switches and wireless controllers to extend profiling network-wide, without the costs and management of overlay appliances or infrastructure "rip and replace". - Extend policy from access into the datacenter with TrustSec policy networking
ISE is the policy control point for Cisco TrustSec, unique network technology that provides policy-defined network segmentation to take the complexity out of network security. Cisco TrustSec makes it simple for customers to migrate their network infrastructure, thereby increasing the value of their ISE investment while ending the pain of excessive VLAN, ACL, and firewall rule administration. - Multivendor infrastructure support
Cisco ISE interoperates with multivendor infrastructure that is 802.1X-compliant. Cisco partners and support offer best-practice guidelines as well as detailed, hands-on design guidance. Enterprise customers leverage ISE with Cisco-designed network infrastructure and TrustSec to get even greater intelligence and enhanced visibility out of their networks. - Broad solution ecosystem
Integrated technology partners for Mobile Device Management (MDM), Security Information and Event Management (SIEM), and Threat Defense (TD) all leverage the deep, contextual identity awareness ISE provides to address far many more use cases than they could alone and subsequently undertake their functions even more effectively. With ISE, partner platforms can reach deep into the Cisco network infrastructure and execute network actions on users and devices.