Cisco Identity Services Engine (ISE)

Cisco Identity Services Engine (ISE) is the solution for centralized operation by politicians within the solution Cisco TrustSec. It allows to define effectively information security policies and to manage them on the scale of all organization. Cisco ISE:

• solves a problem of support of "any device" using access control policy taking into account a context;
• distinguishes corporate and personal user devices;
• automates functions of information security support on all organization using the control facilities of access and enciphering implemented at the level of network;
• simplifies daily work of IT department, allowing to develop the politicians reflecting rules of business taking into account users, devices, applications and location;
• it is integrated with a management system for corporate IT infrastructure of Cisco PrimeTM, providing management of connection of terminal units.

Application of Identity Services Engine (ISE) allows to create the entrusted environment on the scale of all organization on the basis of the uniform, centralized information security policy for any types of users, devices and connections.

Technology basis of the solution INLINE Technologies based on ISE is the architecture of Trusted Security (TrustSec). In it the ISE server acts as a key link of a management system for the network access implementing the analysis of connections not only on formal grounds the corresponding security policies but also taking into account a request context, including: who in what time, using what device and where it was connected to network and also what group of security at it. Functionality of Cisco ISE/TrustSec technology allows to extend such "intellectual" component to all infrastructure elements of information security of the enterprise or holding.

Cisco Identity Services Engine (ISE) allows to implement the concept of use of own devices (BYOD) among employees or to organize more secure access to resources of a data processing center. Thanks to a unique solution architecture of the enterprise can receive in real time from networks, from users and devices the context information necessary for adoption of anticipatory solutions on providing access. All decisions are made on the basis of the uniform policy of access extending to wiring segments of network, wireless network segments and connections of remote access. Thus, ISE helps to provide reliable control over observance of regulatory requirements, raises the security level of infrastructure and optimizes operations on service of network.

2017: Cisco Identity Services Engine (ISE) 2.3

The complexity of the devices connected to network and their quantity grow at the advancing rates. It is impossible to protect what you do not see and therefore receiving detailed up-to-date information about devices in the context of network is extremely important for elimination of vulnerabilities and execution the politician. In combination with the solution Cisco AnyConnect the ISE platform allows to obtain more detailed information on termination points, including such data of the BIOS level as serial number of the computer, connection of USB and loading of resources, including use disk and RAM. Such level of visibility is reached by different methods. Now the ISE platform uses temporary agents who on termination point do not demand either administrative privileges, or installation of expansions of the browser. The option when the hidden agent displays flexible notifications by means of the system of messages of OS is also possible.

Network information security policies are often formulated manually that is fraught with errors. If to automate these processes, then it will be possible to focus not on subtleties of implementation of controls, and on achievement of goals of business. Now automation of network information security policy for intuitive network became a reality thanks to the ISE platform, the most important element of the solution Cisco Software-Defined Access, and integration with a management system of DNA Center. ISE allows to formulate security policies (who can speak with whom what systems can communicate with each other on what ports and protocols all this can occur), relying on security classes which the customer defines, proceeding from business needs. Termination points and systems are automatically distributed on classes according to the extensive context information (who that where when and how it is connected to network), and then the network independently defines what users and devices will be able to get access to these or those business resources. Such level of control simplifies segmentation of network and accelerates reaction to the attacks, helping to reduce the caused damage, including thanks to prevention of horizontal distribution of threats.

Among potentialities of ISE there is a saving hundreds of working hours of administrators who are engaged in management of network politicians. The new interface of the platform significantly simplifies process of creation and editing the politician. Sets simplified, easily perceived the politician with the built-in rules of authentication and authorization using which the replicated access conditions are easily created are provided in it. After installation of updates action existing the politician remains the same, despite creation of additional sets the politician. For each set the politician is provided in the new user interface the operation counter. Also we added a feature for guest registration using Facebook that gives the chance to users to visit the guest portal without gaining access to corporate resources

2014: Partners in implementation in Russia

In January, 2014 it became known that Orange Business Services in Russia confirmed compliance to requirements of technology specialization of Cisco ATP Identity Services Engine Partner in Russia (ISE ATP). Receiving this specialization testifies to the high level of examination of the operator in the field of architecture of the Cisco ATP Identity Services platform and allows to propose to customers solutions on creation of information security systems.

Cisco Identity Services Engine ─ the management system for network politicians and user rights allowing to implement projects on access isolation to information resources of the companies and enterprises. For January, 2014 Orange ─ the only telecommunication operator in the Russian market having this specialization and the status Cisco Gold Partner.