Cisco Blogs
Share

Visibility is the new perimeter; It’s time for Cisco ISE 2.2


January 24, 2017 - 4 Comments

Visibility doesn’t just mean seeing data move within the network – it also means seeing who and what is on the network. Trends like the Internet of Things (IoT) and Enterprise Mobility – that will result in tens of billions of connected devices and users – are fundamentally changing the enterprise networking environment. Not knowing who or what is generating traffic is no longer an option.

But what’s the use of visibility without control? Companies, unable to dynamically segment their network, can’t contain lateral movement fast enough once they realize they’ve been breached. Attackers are taking advantage of this and costing organizations millions.

In an effort to help, governments and industries are stepping in so that companies follow best-practices, such as segmentation, and mandating stringent rules and regulations. But compliance using traditional segmentation methods means organizations spend approximately $4M on average yearly, on incremental expenses like IT operational costs and network downtime.

Given this environment, I am proud to announce that we’re launching version 2.2 of the Cisco Identity Services Engine, or ISE. ISE gives you the visibility and control you need to defend the network from an ever-increasing number of attack vectors, contain advanced persistent threats, and secure access across today’s distributed networks. And it does this without sacrificing operational efficiency by providing advanced technology to …

See and Share Rich User and Device Details

  • Get additional user and endpoint visibility that spans from guest users in the network down to endpoint application details.
  • Remove deployment complexity particularly in “monitor” stage with the Cisco AnyConnect agent in stealth-mode for always-on endpoint security and visibility.

See how ISE can take your network visibility to the next-level:

Control All Access throughout the Network

  • Introducing greater control for endpoints. Coupled with much richer endpoint and application visibility, Cisco ISE can now enforce very granular user behavior and device compliance. Major improvements to architecture and functionality provide even greater access control including additional AnyConnect distribution options, more robust deployment resiliency, and the ability to support more posture functionality with non-Cisco network access devices.
  • The new, built-in ISE Setup tool makes it easier and faster than ever to get started with enterprise-grade network access security. This includes out-of-the-box wireless setup for secure access, guest services, and BYOD in as little as 10 minutes with Cisco Wireless LAN Controllers!
  • Customers of any size can now take advantage of efficient and scalable role-based segmentation through a TrustSec-enabled border router such as the Cisco ASR 1000.
  • ISE Device Administration is better than ever with the addition of features Cisco ACS customers enjoy. And migrating from ACS to ISE has been streamlined with new migration tools and resources. With the recent announcement of the ACS End-of-Sale (EoS) as well as the ACS-to-ISE Migration Program, there’s never been a better time to deploy device administration with Cisco ISE.
  • Separate administrative domains for differentiated control based on flexible criteria such as place in network, geographical location, or role and responsibilities, using multiple TrustSec matrixes.

Stop and Contain Threats

  • Don’t just block bad devices from entering your network, get deep visibility at the application-level so you can set policy based on what the user is doing.
  • Quickly raise the drawbridges and effectively wall off your crown jewels from threats with simplified and agile threat responsiveness. Develop a next-level segmentation strategy with ISE DEFCON. Set multiple policy scenarios pre-defined within multiple TrustSec matrixes for software-defined segmentation that can be dynamically deployed immediately based on an organization’s threat climate.
  • Stop malicious devices before they connect to your network by consuming more Indications of Compromise (IoCs) from your vulnerability assessment and threat incident intelligence solutions such as Tenable, Cisco Cognitive Threat Analytics (CTA) and Rapid7. We call this new layer of posture assessment Threat-Centric NAC.

Such deep visibility enables granular access control so that users and devices are granted the right level of network privilege.  And through the sharing of vital contextual data with technology partner integrations via pxGrid and the implementation of Cisco TrustSec software-defined segmentation, Cisco ISE can transform the network from simply a conduit for data into a security sensor and enforcer that accelerates the time-to-detection and time-to-resolution of threats.

Learn more about ISE 2.2 by going to www.cisco.com/go/ise.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

4 Comments

  1. Hi Dan, Is there any comparison with other NAC products? Is ISE a real leader? I wonder if you can post a real comparison between ISE, Aruba and Forescout.

    • Hi Kaveh, I'm happy to report that Cisco ISE recently won SC Magazine's 2017 Best NAC Solution award. The award was in large part due to its open architecture, which is enabled by Cisco pxGrid. See for yourself: https://media.scmagazine.com/documents/286/botn2017_71287.pdf

  2. Hi Dan, When will ISE 2.2 be released? Right now there's nothing but this blog entry. Cheers Anders

    • Thanks for the question Anders. 2.2 is scheduled for release early the week of January 30th.