More employees need access to more enterprise resources from more devices than ever, and attacker ingenuity and persistence have reached new heights. As a result, organizations are losing sight of who and what is accessing the network – and the threats that may take hold. And the problem is only going to grow as 500 billion new devices are expected to be connected to the network by 2030.

How can you protect what you can’t see?

In the face of an ever-increasing number of attack vectors and advanced threats, Cisco is committed to helping organizations extend security everywhere – in effect, to wherever employees are and wherever data is – without sacrificing operational efficiency. Cisco ISE 2.0 extends security further into the network with new capabilities that help you see and control what’s on your network like never before and accelerate threat mitigation.

Introducing Cisco ISE 2.0

The newly redesigned Cisco ISE security management platform provides greater visibility, usability, and control.

Deeper Visibility Provides Superior Network Insight and Control

Expanding ISE’s Reach and Scope within Diverse Network Environments. Customers can now deploy ISE services such as Profiling, Posture, Guest, and BYOD with 802.1x NADs manufactured by non-Cisco vendors. This extends the reach and scope of advanced authorization capabilities in ISE to ensure endpoint compliance across a more varied range of networks.

Access Policy become geo-location driven! Create and enforce access policy controls based on specific geo-location information thanks to the integration with the Cisco Mobility Services Engine (MSE). For example, a healthcare organization can control a doctor’s access to patient records only while in the hospital, a corporation can grant executives’ access to confidential information for a board meeting while only in the board room, a school can control a student’s ability to stream content only when physically inside the classroom.

Streamlined Access Policy Management Simplifies Security and Compliance

TACACS+ Device Administration. Customers now have simplified authentication, authorization, and accounting (AAA) device management and administration with the new work center for TACACS+ and RADIUS protocol support. From a “single pane of glass” in ISE, customers have flexible and granular control over who can access which network device and change the associated network device settings. New ISE customers can manage both their device administration as well as endpoint access use cases from a common platform.

New User Experience. ISE 2.0 enhances the user experience for ISE administrators by leveraging workflow-focused work centers for centralized management and administration; simplified administration and navigation with new menu structures; a redesigned GUI with new search capability; and enhanced reporting features.

Streamlined TrustSec Deployments. ISE 2.0 introduces the TrustSec work center, including a brand new operational dashboard that ensures simple monitoring during the entire lifecycle of TrustSec in the network – deployment, operational “day 2” monitoring and troubleshooting. The work center also includes a complete renovation of the actual heart of TrustSec – the security policy matrix have been overhauled and now includes icons, colors, patterns, multiple save-able views that can serve both for specific policy configuration and also for a higher-level overview of the state of TrustSec policy. To learn more about TrustSec, watch the TrustSec overview video | URL to be added.

Faster Time to Deployment of New Services. ISE 2.0 includes new out-of-the-box configuration that allow new services to be deployed instantaneously, cutting the time to value immensely by allowing administrators to turn on features by just enabling already-built rules and configuration snippets.

Distribution of Rich Contextual Data Accelerates Threat Mitigation

Expanded Partner Ecosystem. A new wave of partners have joined the ISE Partner Ecosystem designed to accelerate threat mitigation with the introduction of pxGrid Adaptive Network Control (ANC). ISE can now leverage partner data to adapt network access policy and ecosystem partners are able to execute an even greater number of threat response actions through ISE. For example, Infoblox, a leader in IP address management, can now provide reports on the who, what, where of IP information to reduce manual effort and in-house development. Other new ecosystem partners include: E8 Security, Hawk Defense, SAINT, SOTI, and Huntsman Security. More info on these partnerships will be posted to the Partner Ecosystem Page.

Rapid Threat Containment. Introducing Cisco Rapid Threat Containment with Cisco FireSIGHT Management Center 5.4 and Cisco ISE. Cisco FireSIGHT Management Center, upon detecting compromised endpoints, can now instruct Cisco ISE to automatically quarantine these malware-infected endpoints. Cisco ISE, in turn, contains infected endpoints by automatically updating the endpoint’s access policy to quarantine the endpoint from the network. This endpoint can then be remediated or completely blocked from accessing the network. Please note this solution is currently available for FireSIGHT Management Center 5.4 only and NOT for Firepower Management Center 6.0.

To learn more, watch the video below and visit www.cisco.com/go/ise.



Dan Stotts

Product Marketing Manager

Security Product Marketing organization