Getting To Know Cisco Identity Services Engine Ise Secure Your Network With Complete Dynamic Visibility

Getting to Know Cisco Identity Services Engine (ISE): Secure Your Network with Complete & Dynamic Visibility

Arraya Insights | February 3, 2022

A Zero Trust security framework has now become the cyber security industry standard, and for good reason. Zero Trust Security continually authorizes access of both users and devices, no matter the device’s location. As cyber threats continue to pose significant risk to every industry, this security model has become essential.  

Many companies face significant challenges in the visibility and control of their network. With employees working remotely, an increase in BYOD (bring-your-own-device) devices, and the use of cloud applications, endpoint visibility has become a challenge. With Cisco Identity Services Engine (ISE), companies can take full control of visibility within their network and fully embrace a Zero Trust security framework.  

With a broad range of use cases, Cisco ISE simplifies the delivery of a highly secure network by empowering software-defined access and automating network segmentation.  

Dynamic visibility 

Cyber threats are constantly changing. This is what makes them so dangerous and difficult to prevent. Therefore, your cyber security should also be dynamic. Just like the threats your network is fighting against, authentication and authorization must be continual.  

The dynamic visibility offered by Cisco ISE addresses endpoint visibility challenges by being all-seeing, all-knowing, and continuously updating without the use of agents. This also allows a company to create more agile security policies to ensure endpoints are assessed and authorized into the correct parts of their network environment.  

Network segmentation 

Network segmentation divides your network into multiple zones of trust, which reduces your attack surface. Limiting a threat’s ability to move laterally allows you to respond to threats quickly and automate threat containment. Zero Trust authorizes access continually, no matter the device’s location. 

Further, network segmentation simplifies the BYOD and guest access processes and boosts productivity by streamlining and automating policy enforcement. And while BYOD is often popular among employees due to its convenience, it presents security challenges to the customer’s network environment. With Cisco ISE, you can easily control approved personal devices and onboard or remove them, whenever necessary.  

Automated threat containment 

With automated threat containment, the network device closest to the resource that the threat is trying to access will automatically shut down. By automating the response to a suspected endpoint, your network will immediately stop the spread of the potential threat. This rapid threat containment approach is in line with Cisco’s vision of providing full visibility across all platforms within a user environment. Cisco ISE can work in conjunction with Secure Endpoint and Firepower Threat Defense to provide a coordinated rapid effort to contain any emerging threats on a customer’s network.  

Overall, this will significantly reduce the severity of potential damages and the time it takes to recover from a breach.  

Guest and secure wireless access 

The need for easy wireless access today is as crucial as indoor plumbing. But this can present security challenges with various employees, contractors, and visitors looking to log on. Cisco ISE allows companies to provide convenient wireless access without compromising security.  

Secure wireless access means your business can: 

  • Identify: Confirm who is logging on 
  • Authenticate: Ensure that users are who they claim to be 
  • Authorize: Control the level of access for each user and device 
  • Track: Account for what users and devices are doing and for how long  

Whether they’re simply browsing the internet or need partial access to your network, you can securely control how much access each individual and device is granted. 

Device compliance 

With Cisco ISE, each device that connects to your network is reviewed for its security posture to ensure compliance. You can easily locate and correct any potential vulnerabilities, including outdated software, unauthorized applications, weak security settings, and endpoints that lack the latest security technology.  

Any workstations or mobile devices trying to access your network must comply before they’re trusted.  

See Cisco ISE in Action: A Short Case Study  

A community hospital engaged Arraya Solutions for assistance in upgrading their wireless environment. The customer sought a cloud-based solution with enhanced security. The previous environment used weak security methods, such as pre-shared key and low-level encryption mechanisms, to secure their wireless.  

Arraya established a small, two node Cisco ISE deployment for redundancy and resiliency. Cisco ISE was configured to provide secure 802.1X Access on the newly configured wireless networks utilizing Meraki Cloud access points. Arraya was able to consolidate the customer’s wireless networks from 10 static SSIDs to 3 dynamic ones utilizing ISE.  

This design increased wireless performance and provided better airtime capabilities. 

Next Steps: Take Control of Visibility Within Your Network 

With Cisco ISE, users can expect secure network control through a dynamic and automated approach to policy enforcement.  

Cisco is leading the migration to the cloud as ISE supports a cloud-first strategy and Azure Active Directory. Cisco reported that the network segmentation and visibility offered through ISE resulted in a 98% reduction in the time it took to implement network changes.  

If you’re ready to start taking advantage of Cisco ISE, reach out to an Arraya expert today to start a conversation. 

Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.