Virtualization Featured Article

Cisco ISE 1.3 Handles Network Access and Authentication Challenges

October 15, 2014

Everybody wants to get on the network these days. How that network is defined, how people are connected and what devices they’re using to connect with are all important components in today’s connectivity. And these variables can present challenges as IT and security departments struggle to maintain access and authentication control in an increasingly complicated technological landscape.

Cisco has set out to simplify matters, and the company recently released version 1.3 of its Identity Services Engine (ISE). TMC CEO Rich Tehrani got a chance to discuss the intricacies of ISE with Sanjay Raja, CISSP at Cisco, at the recent INTEROP New York 2014 event.

“We’re trying to leverage the network infrastructure that you already have and combine security with networking,” said Raja of Cisco’s approach to networking security and authentication. “We’re able to integrate multiple security solutions together to provide better visibility and context to help you make better decisions around securing your network, to make better access decisions around allowing users and devices on the network, and really understanding when threats may have invaded your network as well.”

This holistic approach enables a variety of benefits; with the main advantage being simple network provisioning and deployment, which equals productivity and efficiency enhancements for users. ISE works by profiling devices and users using embedded TrustSect technology. This handles the creation of role-based access policies, offers inline access segmentation and tags traffic. The ultimate goal is to make it simple to get users onboarded and authorized quickly.

“We identify the users, devices, type of devices, where, when, and how people are connecting, and based on being able to create a device profile around that, we can actually look at traffic that’s going through the network and compare it to that device profile and decide where they can go within the network,” said Raja. “Because we have this tagging technology that actually interrogates the device, it can be a printer, it can be a video surveillance system – we talk about Internet of Things and Internet of Everything, we can actually look at those type of devices, have a profile for them and determine if they’re allowed in or not.”

He gave Tehrani a demonstration of the technology through which he set up guest access to a Wi-Fi hotspot. An intuitive dashboard allows administrators to easily change parameters and user profiles, convenient for customizing the GUI and changing access profiles based on user, location or device. Raja added that the technology is a great fit for retailers like Starbucks with multiple branch locations or for organizations like hospitals, which offer different types of access based on user or department. Tehrani was easily able to access the hotspot using his iPhone 6 Plus.

ISE supports up to 250,000 active concurrent endpoints and as many as one million registered devices. Cisco also offers its Platform Exchange Grid (pxGrid) partner program, which enables deep contextual data sharing with ecosystem partners using ISE. This helps all participants to better identify, mitigate and remediate network threats.

Edited by Maurice Nagle

Click here to share your opinion – Would color of equipment influence your purchasing decision, one way or another?

Featured Blog Entries

Day 4, Cisco Live! - The Wrap

Day 4 was the final day of our first ever Cisco Live! We had a great show, with many great conversations and new connections with existing and potential end users, resellers, partners and job hunters.

Day 3, Cisco Live!

Day 3 of Cisco Live is history! For Fiber Mountain, we continued to enjoy visits from decision makers and influencers who were eager to share their data center and structured cabling challenges.

Day 2, Cisco Live!

Tuesday was Day 2 of Cisco Live for Fiber Mountain and we continued to experience high levels of traffic, with many high value decision makers and influencers visiting our booth. One very interesting difference from most conferences I attend is that there are no titles on anyone's show badges. This allows open conversations without people being pretentious. I think this is a very good idea.

Day 1, Cisco Live!

Fiber Mountain is exhibiting at Cisco Live! In Las Vegas for the first time ever! Our first day was hugely successful from just about any perspective - from quantity and quality of booth visitors to successful meetings with customers.

Industry News