Imagine a network administrator is troubleshooting a device that suddenly can’t connect to the network. The credentials look valid, the policy appears correct, and the device was trusted yesterday, but access is blocked. At the same time, security teams need to know whether this is a posture issue, an identity risk signal, or suspicious behavior.
To understand the risk and restore the right level of access, team needs to answer several questions quickly:
- Who or what is behind this access?
- Is the device trusted?
- What network and application access does it have?
- Has this identity shown risky behavior before?
- What changed since the last successful connection?
- Should the team restore access, restrict access, or escalate the investigation?
In many organizations, answering those questions means pivoting across multiple tools and teams. Security teams see risks. Identity teams see authentication activity. Network teams see access policies. Each view is useful, but none tells the full story.
Identity Has Outgrown the User
Every modern organization is filling up with identities that are not people: A login is no longer just a person entering a password. It may be a device joining the network, an application calling an API, a workload connecting to another service, or an AI agent taking action on behalf of a user or process. Every one of these identities can access something valuable, and every one of those can introduce risk.
Yet most organizations still manage this expanded identity landscape through fragmented systems. So, when a device suddenly can’t connect to the network, teams are forced to reconstruct the story manually; identity state in one tool, device trust in another, network policy elsewhere, and application context in yet another view. That prolongs incident investigation, and that added delay matters. In identity security, the gap between detecting a signal and taking action is where risk grows.
Introducing Identity in Cisco Cloud Control
Identity in Cisco Cloud Control brings identity, device, network, application and agentic activity context together in a single, unified operational view. By unifying capabilities across Duo, Cisco Identity Intelligence (CII), Cisco Identity Services Engine (ISE), and supported vendor sources, Cisco enables teams to investigate, assess, and act on identity risk without switching tools or losing context.
Unlike traditional approaches that stitch various signals together after the fact, Identity in Cloud Control correlate’s identity, device, network and application activity in one place—so teams can move from detection to enforcement faster and with greater confidence.
What’s New
With the introduction of Identity in Cisco Cloud Control, customers gain new capabilities designed to simplify identity operations and make identity risk more actionable.
- Unified identity visibility: A centralized workspace to view and monitor human and non-human identities across Cisco sources such as Duo, ISE, and CII, along with supported vendor sources such as identity providers, endpoint security tools, developer platforms and various AI-agent sources.
- Enhanced Trust Score: Cisco Identity Intelligence Trust Score now incorporates ISE data, giving teams a broader context across identity, device, and network access risk.
- Operational monitoring: A dashboard for monitoring distributed ISE Policy Administration Node (PAN) and Cisco Identity Intelligence integrations. This enables teams to now see integration status, related events, and data flow issues in one place so they can identify unhealthy nodes or broken integrations faster.
- Identity context in AI Canvas: AI Canvas now uses identity context from Duo, ISE, CII and supported vendor sources to help teams investigate identity-related issues faster.
- AI agent visibility: Identity context now extends to AI agents and other non-human identities, helping teams understand when automated actors, workloads, or applications are involved in access decisions. Agent discovery can now draw information from sources such as Open AI, DefenseClaw, Entra, Okta, Jamf, select Github copilot data and agent-workflow logs, Snowflake Cortex agent activity, AD Defense.
From Signals to Action
Let’s return to our original scenario.
With Identity in Cisco Cloud Control, the network administrator can immediately see the full picture instead of pivoting between tools: the identity involved, the device posture, recent behavior, network policy, and application access context—all in one place.
With Trust Score now incorporating network context, risk is not just visible—it is prioritized and actionable. And with AI Canvas, teams can follow guided investigation paths to accelerate response. From there, action is immediate and informed. The analyst can:
- Trigger step-up authentication via Duo
- Restrict network access through ISE
- Revoke active sessions or isolate the device
The result is a closed loop: from identity signal to native enforcement across security and network domains.
Operationalizing Identity Across the Environment
Point solutions focus on slices of identity—users, devices, or authentication events. But modern environments require a complete view across all identity types, including users, devices, applications, workloads, AI agents, and machine identities.
Identity in Cisco Cloud Control provides a unified way to operationalize identity across your entire network.
For SecOps, IdentityOps, NetOps, CISOs, and IAM architects, this can help:
- Shorten investigation and containment cycles by giving teams identity, device, application, security, and network context in a cohesive experience.
- Reduce identity blind spots by extending visibility beyond users and devices, to applications, workloads, AI agents, and other non-human identities.
- Improve enforcement decisions by using enhanced Trust Scoring with ISE network access context and signals from vendor sources to guide downstream security and network policies.
- Reduce operational overhead by centralizing identity monitoring, ISE deployment health, and CII integration status with Cisco solutions and vendor solutions in Cloud Control.
- Accelerate responses with AgenticOps by helping teams move from identity risk signals to guided investigation and action faster.
A Shift to Identity-Driven Security
Identity can no longer be viewed in isolation.
With Identity in Cisco Cloud Control, Cisco is enabling organizations to move from fragmented visibility to identity-driven security—where every identity, human or non-human, is understood, monitored, and enforced as part of a unified system.
Because visibility alone is no longer enough. Security teams need the ability to turn identity signals into operational action across their environment.
Availability
Identity in Cisco Cloud Control is planned for alpha availability in June 2026, followed by beta and general availability planned for second half of the calendar year 2026.
We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.
Cisco Security Social Media
