Enterprises use Cisco ISE for securely granting access to visitors and on-boarding employee-owned devices over Wi-Fi. Portals for users to gain access are becoming more advanced, and the next step is for most customers to create a richer customized experience to:
Cisco Identity Services Engine (ISE) is commonly associated with use as a network access policy, BYOD and AAA platform. But to do its job in network policy, ISE collects a great breadth of telemetry about network users and devices. Whether a device is trying to access the network or is already connected, ISE knows specifics about:
- What the device type is (e.g., iPad Air 2 running iOS 8.1.2)
- How it is connected to the network (e.g., enterprise Wi-Fi)
- From where (e.g., access point in “California/SanDiego/Building 2/Floor 3/South”)
- Security and compliance posture of the device (e.g., Antimalware operating and up to date? PIN lock configured?)
- Who the user is on the device…or if it even has a user (e.g., printer)
- What policy and AD/LDAP group the user belongs to (e.g., “IT Admin” authorization group)
- Related session IP address and MAC address
While ISE primarily uses all this telemetry to establish network policies, it also shares it for use by other IT platforms. By doing so, ISE helps these platforms become more identity and device aware and thus more effective in a variety of ways. And this is where Splunk comes in.
I’ve finally had a chance to stop and smell the roses. The roses being Cisco ISE 1.3 that is. It’s been a much anticipated update to Cisco’s core TrustSec component and there are a number of improvements, many dealing with Guest users. So what has Cisco done to improve? Let’s look at 5 areas related to Guest access:
1. End-User Web Portals
3. Guest Portals
4. Sponsor Portals
5. Non-Guest Portals
End-User Web Portals
One of the new features that I really like is how the interface has been modified to centralize the portal configuration tasks and customization into a single location. The first thing you notice when you navigate to Configure Guest Access and Sponsor Access is that the interface is designed to make life easy. Three steps to Guest Access are overviewed and each step is clearly identified. We don’t usually find this information in the user interface. Normally we’re looking for this in an End User Guide or a Lab Guide for one of the courses I teach. So, in my opinion, this is a fresh new approach to making a complex device like ISE much easier to use.
Today the web is a favorite vector for threat actors to launch their attacks. According to the Cisco 2014 Midyear Security Report, More than 90 percent of customer networks observed in the first half of 2014 were identified as having traffic going to websites that host malware. More recently, Talos uncovered a massive malvertising network known as Kyle and Stan. Some 31,151 connections were observed to the network’s 6,491 domains.
In an effort to continue offering the most comprehensive protection to our customers, today we are announcing several important new features and expanded threat protection for the Cisco Web Security Appliance (WSA).
Tags: Advanced Malware Protection, Cisco Advanced Malware Protection, Cisco Identity Service Engine (ISE), Cisco ISE, cisco web security appliance, cisco wsa, security, virtual security management application, web security appliance, wsa
New White Paper from Enterprise Strategy Group on the Evolution of and Need for Secure Network Access
Mention Network Access Control (NAC) to some security or network operations engineers, and they just might grimace. Why? Most people still associate NAC with a set of technologies that were complicated to deploy and implement effectively.
Today, however, those nightmare assumptions are far removed from the reality. In this newly released white paper, Jon Oltsik, Senior Principal Analyst for the Enterprise Strategy Group, discusses how NAC is transforming into something more—a technology he calls Endpoint Visibility, Access, and Security or EVAS. Mr. Oltsik discusses how the NAC market has changed to reduce complexity in both deployment and usage. Through this advancement, this evolved technology has become an increasingly more critical component in securing enterprise networks. In addition, Mr. Oltsik discusses how Cisco and the Cisco Identity Services Engine (ISE) are in the best position to meet IT security challenges in terms of what EVAS should be and how it helps.
Download the white paper on Cisco.com: