The Cisco Identity Services Engine is a next-generation identity and access control policy platform that enables enterprises to enable new business services, enhance infrastructure security, enforce compliance, and streamline service operations. Its unique architecture allows enterprises to gather real-time contextual information from networks, users, and devices to make proactive governance decisions by enforcing policy across the network infrastructure - wired, wireless, and remote. The Cisco Identity Services Engine is an integral component of the Cisco TrustSec solution and SecureX architecture.
The Cisco Identity Services Engine provides a single policy plane across the entire organization that combines multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management, on a common platform. This reduces complexity and provides consistency across the enterprise. Using the Cisco Identity Services Engine, administrators can centrally create and manage access control policies for users and endpoints in a consistent fashion and gain end-to-end visibility into everything that is connected to the network.
It utilizes standard RADIUS protocol for authentication, authorization, and accounting (AAA).
It supports a wide range of authentication protocols, including PAP, MS-CHAP, Extensible Authentication Protocol (EAP)-MD5, Protected EAP (PEAP), EAP-Flexible Authentication via Secure Tunneling (FAST), and EAP-Transport Layer Security (TLS).
It offers a rules-based, attribute-driven policy model for creating flexible and business-relevant access control policies. Provides the ability to create fine-grained policies by pulling attributes from predefined dictionaries that include information about user and endpoint identity, posture validation, authentication protocols, profiling identity, or other external attribute sources. Attributes can also be created dynamically and saved for later use.
It provides a wide range of access control mechanisms, including downloadable access control lists (dACLs), VLAN assignments, URL redirect, and Security Group Access (SGA) tagging using the advanced capabilities of Cisco network devices.
Allows end users to interact with a self-service portal for device on-boarding, providing a registration vehicle for all types of devices as well as automatic supplicant provisioning and certificate enrollment for standard PC and mobile computing platforms. This means fewer cases for IT staff and help-desk personnel, more secure access, and a seamless user experience.
Guest lifecycle management
Enables full guest lifecycle management, whereby guest users can access the network for a limited time, either through administrator sponsorship or by self-signing via a guest portal. It allows administrators to customize portals and policies based on specific needs of the enterprise.
Enables administrators to centrally configure and manage profiler, posture, guest, authentication, and authorization services in a single web-based GUI console, greatly simplifying administration by providing consistency in managing all these services.
Monitoring and troubleshooting
Includes a built-in web console for monitoring, reporting, and troubleshooting to assist help-desk and network operators in quickly identifying and resolving issues. It offers comprehensive historical and real-time reporting for all services, logging of all activities, and real-time dashboard metrics of all users and endpoints connecting to the network.