Lately, there has been a lot of chatter around the 3.x release designation for Cisco Identity Services Engine, known to over 45,000 customers as ISE. ISE has been the market’s leading network access and control solution for over ten years. So, as we look to end support for older versions, including ISE 2.7, what’s the big deal about 3.x?

ISE from the cloud 
3.x – A cloud-ready, modernized approach to securing access to your managed infrastructure. 

ISE 3.x is a radical leap forward in supplying secure network access and control for IT teams. The team at Cisco has focused on continual innovation, intending to remove the friction around how we provide and use security. We all want to be safe and secure, and we need to be able to achieve protection at scale across a distributed network with minimal impact on the business and the end-user. To achieve this goal, we focused on three main areas of improvement: cloud-ready NAC, simplifying operations, and increasing visibility and compliance. And the benefits are tremendous as organizations look to embrace and mature their zero-trust architectures. Below are a few of the key features and capabilities that customers achieve with ISE 3.x.

Cloud-ready NAC: 
Flexibility and choice brings innovation at scale

  • ISE is now cloud-ready and deployable from the cloud (ISE is on AWS Marketplace) to simplify the unification of policy across campus and branch.
  • Extend zero trust and apply consistent, intelligent policy decisions to any location; to extend the zero-trust workplace within a lean branch deployment.
  • Innovation springs forward in the cloud with automation, simplicity, and scale on-demand to radically simplify operations and move teams from managing infrastructure in a box to managing infrastructure as code (IaC).
  • MS Azure Active Directory Integration to enable single sign-on and MFA with cloud-based identity stores.
  • Integrate with cloud-native solutions. ISE is cloud-ready with pxGrid Cloud (GA 2H22) to enable integrated intelligence from cloud-native solutions and support cloud-first strategies.
  • Unify zero-trust controls across the distributed network with NAC from the cloud to centralize deployments and speed the delivery of services.

Simplifying operations
Remove the friction around providing secure access 

  • Unleash advanced use cases with a revamped UI and guided workflows for advanced use cases like network segmentation to simplify obtaining zero trust.
  • Simplify network policy management from anywhere and within any console through APIs.
  • Automate and accelerate deployments with Ansible, Terraform prebuilt playbooks that move teams from managing infrastructure in a box to infrastructure as code (IaC).
  • Upgrade with ease with a simplified two-step process that is more reliable with pre-deployment health checks and parallel processing.
  • API gateway acts as a single-entry point to multiple APIs to provide better security and traffic management.

Visibility and compliance
See more, control more, and mature zero trust 

  • Increased visibility for zero trust with AI-enhanced profiling. ISE 3.x closes the visibility gaps into endpoints with AI Endpoint Analytics. Customers can now leverage machine learning to automate endpoint identification and ensure access based on privilege, a critical tenant of zero trust.
  • Customers want fast, lightweight security, so we released Agentless Posture in 3.0, giving IT the freedom to choose between an agent or agentless approach to ensure the endpoint complies with organizational policy before allowing access.
  • Balance privacy with security with compliance for devices with randomized MAC addresses.

New outcome-based licensing 

Moving to a zero-trust architecture for most organizations won’t happen overnight. Secure network access has always been a fluid and evolutionary measure. With 3.x, we looked to improve two things within how customers gain protection with ISE. One was a need to align to new business models that focus on speed, with the delivery of services from the cloud, and two, to structure the licensing model to serve the secure network access journey. With 3.x, we move to a “nested doll” model. As organizations mature their security posture and zero trust deployments, the licensing moves with you. Before 3.x, to achieve any one outcome, customers required tactical features that may have been spread out across the licensing tiers. Now customers can align their approaches to one that is more strategic and focused on business outcomes. Such as taking a cloud-first strategy with Essentials or reducing risk for the expanding attack surface with deep packet inspection and AI-driven identification for IoT, as well as gaining continuous trusted access for zero trust in Advantage, or diving right in with ISE TC-NAC for mature zero trust deployments and continuous posture assessments available in the Premier license tier.

In addition to focusing on various deployment methods to embrace each organization’s unique cloud journey, we also recognized that customers require the same flexibility of choice when it comes to scaling. So, we increased scale within each deployment node and offer more sizes to enable smaller deployments and organizations to secure their network within a zero-trust framework. Secure network access and zero trust aren’t good ideas reserved for large organizations and networks. They are “doing good security” for everyone, and we are making that possible with ISE 3.x.  


ISE 3.x is an exciting time for the team at Cisco. Why? When we wake up, we dedicate ourselves to unlocking how we can make our customers’ lives easier. And let’s face it. Securing the network has never been easy. Only the crazy and “different” are drawn to such an endeavor. But we too are a little crazy, and a bit different. We are not afraid of jumping in with our customers, rolling up our sleeves, and taking on the expanding attack surface, enabling a hybrid world for business continuity, all while working toward shutting down the malware economy. So, jump into 3.x, and take that leap into providing mature zero trust for securing access to your most prized IT resources.

We have several resources for existing customers looking to migrate to ISE 3.x. Please look at this migration guide and this recorded webinar to accelerate your path to gaining all 3.x has to offer.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels



Paul Burdette

Product Marketing Manager