Solution Brief

Cisco Public

ISE 3.x
Flexibility and choice power security
resilience for zero-trust architectures
What if IT and security operations could respond to change
and reduce risk with seamless access to network resources
from anywhere, to everywhere, and on anything? And, what
if controlling and managing access to the workplace was
radically simplified and modernized to build security
resilience into the network?

© 2022 Cisco and/or its affiliates. All rights reserved.


Resilience begins with securing the network connection
For the digitally connected organization, having security
resilience is paramount to maintain business continuity
amidst unpredictable threats and change. The world has
gone hybrid, and most, if not all of, business success
depends on secure, connected experiences. And with
today’s IT operating across multiple environments,
ensuring only trusted users and devices gain access
to trusted network resources is more important than
ever to protect the integrity of the business amidst the
expanding attack surface and unprecedented levels of
global uncertainty.
© 2022 Cisco and/or its affiliates. All rights reserved.
Cisco® Identity Services Engine (ISE) gives customers
the flexibility and choice they require to tether Network
Access Control workloads to multiple clouds and
maintain business continuity through uncertainty.
Customers gain a modernized way to deploy NAC
services. Moving from managing infrastructure in a
box to leveraging infrastructure as code (IaC) across
hybrid deployments, teams can accelerate the delivery
of pervasive visibility and dynamic control to secure
access across the distributed network and preserve the
integrity of the business.
Solution Brief
Cisco Public
Benefits
• Security resilience. Rapidly deploy Network
Access Control workloads across multiple
clouds and achieve security resilience for the
self-managed infrastructure
• Pervasive visibility and dynamic control.
See, know, and control what is connecting to
your network and ensure their posture doesn’t
jeopardize your business.
• Fully mature zero trust. Integrate intelligence
from across your stack into policy enforcement
points throughout the network for continuous
trusted access.
• Automated threat containment. Don’t just
block threats—remove them with integrated
intelligence into enforcement points within
the network.
• Merge speed and agility. Move Ops
from managing infrastructure in a box to
infrastructure in code (IaC) with automated
deployments to accelerate secure
network access.

In today’s connected world
Uncertainty has become
the new normal
Because change comes faster than
ever, businesses are making massive
investments across the enterprise to
strengthen resilience. From financial
resilience to operations resilience, from
organizational to supply chain resilience,
these initiatives are designed to help
businesses operate in the new normal.
And these investments will fall short
without security resilience because
security cuts through every aspect of
these initiatives. Security resilience is the
ability to protect the integrity of every
aspect of your business to withstand
unpredictable threats, or changes, and
then emerge stronger.
© 2022 Cisco and/or its affiliates. All rights reserved.
Resilience begins with securing
the network connection
If organizations are to be resilient, they
require flexibility and choice in deploying
secure Network Access Control
services to protect the integrity of the
business amidst unpredictable threats
and change. To emerge stronger from
security incidents, pervasive visibility and
dynamic control into users and endpoints
connecting to network resources is a top
concern for IT as they secure network
access across multiple environments.
Reducing risk, and
emerging stronger
As uncertainty breeds risk, resilient
organizations are reducing risk by closing
the gaps between siloed solutions and
looking to activate intelligence across
the entire security stack. Integrated
intelligence with a platform approach
enables continuous trusted access
that goes beyond building trust just at
authentication and provides security
throughout the entire session for mature
zero-trust architectures.
Solution Brief
Cisco Public
IT is Hybrid—Don’t forget your
infrastructure in your network security
The hybrid reality of IT is driving
resiliency. Organizations are demanding
solutions that provide the flexibility and
choice they need to tailor deploying
network resources in line with reducing
risk. In addition, the self-managed
infrastructure remains a critical
environment for IT as they look to
secure their most prized IT assets from
unknown threat vectors and enable
the connect-from-anywhere and
connect-on-anything workforce.
 Solution Brief
Cisco Public

How ISE enforces Zero Trust

Connecting trusted users and endpoints with trusted resources

Endpoint request access Endpoint classified, and

• Endpoint is identified and trust profiled into groups
is established • Endpoints are tagged w/SGTs
• Posture of endpoint verified to • Policy applied to profiled groups
meet compliance based on least privilege

Trust continually verified

Cisco ISE Endpoint authorized access
• Continually monitors and verifies based on least privilege
endpoint trust level • Access granted
• Vulnerability assessments to • Network segmentation achieved
identify indicators of compromise
• Automatically updates access policy

© 2022 Cisco and/or its affiliates. All rights reserved.


How it works
Cisco Identity Services Engine (ISE) activates
intelligence from across the security stack to become
the policy decision point in a zero-trust architecture for
the workplace. ISE enables an automated approach to
discover, profile, authenticate, and authorize trusted
endpoints and users connecting to the self-managed
network infrastructure, regardless of access medium.
ISE has maintained market dominance for over ten
years with its unique ability to receive and share context
from the network as well as integrate intelligence.
With integrated intelligence, ISE builds zero-trust
policy decision points into the network for continuous
trusted access and automated threat containment.
© 2022 Cisco and/or its affiliates. All rights reserved.
Solution Brief
Cisco Public
“Without ISE, we would
Network administrators can develop and maintain
dynamic risk-based polices to ensure that only trusted
be spending a lot more
users and devices gain access to trusted resources,
moving protection beyond authentication and
time helping people
maintaining trust throughout the entirety of the session. connect. Now, we can
With ISE, organizations are confidently moving from a
point solution approach that only solves for a single, diagnose 90% of the
immediate “compliance task” and aligning to strategic
business objectives with a zero-trust policy enforcement problems in 10 minutes.
platform that will handle what’s now, and what’s next, in
the self-managed infrastructure. Doing it the old-school
way would have taken a
lot more time.”
Network engineering services assistant
director, higher education
From the commissioned study conducted by Forrester Consulting on
behalf of Cisco, March 2022, “The Total Economic Impact™ of Cisco
Identity Service Engine (ISE)”
Read the report

“We now have better Use Cases
visibility, more granular Cisco ISE addresses these challenges with a broad set
of mission-critical NAC use cases to support zero trust
segmentation, better across the distributed network.
• Pervasive visibility. See and know everything
policy enforcement, connecting. The first step to building a resilient security
posture is gaining the ability to see and know everything
and better identity and that is connecting to the network. ISE automates the
access management.” discovery of devices connecting to the network. With
ISE, teams can identify, classify, and track endpoints
connected to the network to allow the automation of
CIO, financial services organization
policy provisioning before allowing access to network
From the commissioned study conducted by Forrester Consulting on
behalf of Cisco, March 2022, “The Total Economic Impact™ of Cisco resources. IT teams have the flexibility they need to
Identity Service Engine (ISE)” balance business objectives with security and can
choose between an agent or agentless approach to
Read the report gain the visibility required to look deep into the device
and ensure endpoint compliance. Any changes to
the overall posture of any endpoint automatically and
dynamically updates the policy to control access,
ensure compliance, reduce risk, and contain threats.
© 2022 Cisco and/or its affiliates. All rights reserved.
Solution Brief
Cisco Public
• Dynamic control. Confidently build security
into your network with visibility-driven network
segmentation. Network segmentation builds zero
trust into the network with policy-based access to
contain and prevent the lateral movement of threats.
Organizations can shrink the attack surface, limit
the spread of ransomware, and enable rapid threat
containment, all while continually assuring this level
of protection will not disrupt business outcomes.
• Automated threat containment. Don’t just block
threats—remove them. ISE integrates with Cisco
Security products and third-party ecosystem
partners through pxGrid and pxGrid Cloud to gain
contextual information from on-prem and cloud-
native solutions. This open integration ecosystem
brings an active arm of policy enforcement into
your security stack to automate threat containment,
remove threats, and reduce mean time to repair.

Forrester Consulting recently conducted an
independent analysis of five organizations using
ISE. The commissioned study conducted by
Forrester Consulting on behalf of Cisco, March
2022, “The Total Economic Impact™ of Cisco
Identity Service Engine (ISE),” highlighted:
191%
ROI in first 3 years
50%
Reduction in access-related security events
11-month
Payback period
66%
Avoided increasing NetOps headcount by 66%
with automation
88%
Uplift of additional benefits when deployed for SDA
Download and read the entire study to learn all the
business benefits of ISE.
© 2022 Cisco and/or its affiliates. All rights reserved.
• Endpoint compliance. Business continuity relies on
a strong, resilient security posture. ISE continually
verifies that device posture complies with your
security policy so that risky, unpatched, and outdated
devices cannot threaten the network. ISE 3.x
increases organizational posture with a customizable
approach to gaining continuous posture assessments
for endpoints connecting to your managed
infrastructure. With a limitless number of posture
checks, customers can now customize and
enforce dynamic policy and gain continuous
trusted access to ensure business resiliency,
while limiting organizational risk without disrupting
business objectives.
Solution Brief
Cisco Public
• Secure access. Accelerates value by simplifying
the provisioning of policies and devices. ISE enables
self-registration, automates device configuration
and manages certificates and mobile policy
compliance. With granular visibility and controls IT
admins can confidently and quickly provision new
resources to allow connection to the network without
sacrificing protection.
 Solution Brief
Cisco Public

Why ISE?
Other standalone solutions end up “bolting on” security to the network, often resulting in operational complexity and Check out ESG’s whitepaper on
performance issues. Cisco Identity Services Engine (ISE) has gained market dominance with a focus on security that
is built directly into the network. Our customers can provide secure network access to trusted users and endpoints
strategic zero trust:
through a flexible, simple solution that accelerates their value. “Zero Trust Must Include
Our key differentiators are: the Workforce, Workloads,
1. Security Resilience built into the network. Cisco 3. Unrivaled scalability. With the rise of the connected
AND Workplace”.
is the only vendor who leads in both enterprise everything, organizations need scale more than
networking and cybersecurity, and ISE builds ever before. ISE is the only solution that is proven
pervasive security directly into the network. With to support more than two million concurrent
flexibility and choice in deployment and purchasing, endpoint sessions. Visit the ISE webpage to learn
ISE enables organizations to tether secure network 4. Network admin access control. ISE is the only how we can enable your secure
access across the distributed network their way. NAC solution that includes TACACS+ for
2. Integrations and partner ecosystem. With integrated
network access initiatives, and
role-based administrative access control to
intelligence, ISE builds zero-trust policy decision networking equipment. SD Access webpage to learn
points into the network for continuous trusted access
and to automate threat containment. Effective
more about our complete secure
cyber programs require integrated technologies to access solution.
break down silos and reduce complexity. ISE has
the most extensive partner ecosystem for Cisco
Secure and third-party solutions through pxGrid and
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo
pxGrid Cloud to bring a platform approach to secure are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S.
and other countries. To view a list of Cisco trademarks, go to this URL: www.
network access and zero trust. cisco.com/go/trademarks. Third-party trademarks mentioned are the property of
their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. 883227226 05/22