Cisco Identity Services Engine (ISE) is a network access
control and policy enforcement platform. Cisco ISE
simplifies the delivery of secure access control across
wired and wireless multivendor networks and remote
VPN connections. With intelligent sensor and profiling
capabilities, ISE penetrates deep to deliver visibility into
who and what is accessing your networks and resources.
Cisco ISE provides the following benefits:
It identifies every device and every user ID across the network.
It enables simple provisioning for devices.
It is a simple policy management engine that is centralized and can
grant user access.
It enables flexible integration with other solutions to speed threat
detection, containment, and remediation.Identification is required in order to access any network
resources. Identification involves using credentials.
Credentials are of the form passwords, certificates,
tokens, or at the least the endpoint’s MAC address.
Credentials reach Cisco ISE in a process called
authentication. An enterprise can use various
authentication protocols, depending on the type of
network and the type of endpoints. With authentication,
you basically tell Cisco ISE who you are.
Authentication typically results in authorization. After
you reveal your identity to Cisco ISE, Cisco ISE
determines your level of access. The moment an
endpoint accesses the network access, the network
devices generate a session ID and share it with Cisco ISE.
Cisco ISE centrally knows what all the endpoints in the
network are and where they are connected.
Today, enterprises already have some kind of identity
services such as Microsoft Active Directory or LDAP; in
addition, there could be other ODBC servers hosting
some user and device accounts. A PKI infrastructure may
already exist to manage certificates, and there might be