ISE offers tight integration of identity services in a single RADIUS-based product from Cisco, the world leader in security, mobility, access control, and networking. It starts with rigorous identity enforcement that includes the industry-first automatic device feed service to keep the device profiler current with the latest smartphones, tablets, mobile computing devices, printers, servers, badge scanners, video surveillance cameras and even specialized mobile computing devices used in the retail, healthcare, and manufacturing. The product identifies a device, the user ID, location, time, and media and creates a contextual identity, applies a policy, and dynamically provisions the network so workers get dependable access to their resources from virtually anywhere.
And IT professionals can maintain control and manage control policies network-wide from a single dashboard so that compliance for audits and regulatory demands can be validated. ISE offers an easy on-boarding experience for BYOD (bring your own device) and guest workers so that personal devices can be secured and granted access via a simple self-service portal and meet security policy. And for comprehensive device security, ISE ensures a seamless integration with market leading Mobile Device Management (MDM) platforms to ensure enhanced device security and policy compliance. What's more, ISE can be provisioned to give workers the option to provision MDM on their device for full company access, or refuse MDM and receive only Internet access.
Rigorous identity enforcement
ISE offers the industry's most extensive device profiler to classify each device; match it to its user or function and other attributes, including time, location, and network; and create a contextual identity so IT professionals can apply granular control over who and what is allowed on the network. The feature profiles devices at the network edge using the sensing features embedded in Cisco devices.
Extensive policy enforcement
Based on the user's or device's contextual identity, ISE sends secure access rules to the network point of access so IT is assured of consistent policy enforcement whether the user or device is trying to access the network from a wired, wireless, or VPN connection.
A single dashboard simplifies policy creation, visibility, and reporting across all company networks so it's easy to validate compliance for audits, regulatory requirements, and mandated federal 802.1X guidelines.
The product's self-service registration portal for BYOD, guest, and IT device onboarding automates AAA user identification, device profiling and posturing, 802.1X provisioning, and remediation, so it's easy for employees to get their devices on-net and comply with security policy.
Automated device security
Provides device posture check and remediation options, including the lightweight Cisco NAC Client for desktop/laptop checks and integration with many market leading mobile MDM solutions so it's easy for users to keep their devices secure and policy-compliant.
Dependable anywhere access
ISE provisions policy on the network access device in real time, so mobile or remote users can get consistent access to their services from wherever they enter the network.
Onboarding and security automation, central policy control, visibility, troubleshooting and integration with Cisco Prime means IT and the helpdesk will spend far less time on user and network security fixes.
Device-sensing capabilities are built into most Cisco switches and wireless controllers to extend profiling network-wide without the costs and management of overlay appliances or infrastructure "rip and replace".
Solution ecosystemProduct Highlights
Technology partner platform integration with ISE provides IT organizations a consistent method of making their IT platforms identity, device and policy aware. Integration with ISE also enables partner platforms to provide context to ISE for inclusion in network access policy as well as the ability to reach into the Cisco network infrastructure so that executing network actions, like quarantining and limiting access, on users and devices is possible.
- Consistent enforcement of context-based policies across wired and wireless networks
- Systemwide visibility showing IT who and what is on the network's wired, wireless, or VPN
- Integrated AAA, profiling, posture, and guest services to simplify deployments and cut costs
- Device identification using ISE-based probes, embedded device sensors, endpoint scanning, and device feed service
- Greater visibility and control of the endpoint with Mobile Device Management solution integration
- Simplified BYOD onboarding through self-service registration