What is Cisco ISE?

Cisco Identity Services Engine (Cisco ISE) is a network security policy management platform that provides highly secure access control to network resources. It serves as a foundational component for securing enterprise networks by using identity-based access policies, providing visibility, context, and control over network users and devices.

Cisco ISE enables organizations to enforce policies based on identity. This means you can control who can access the network and what they can do once they're connected.

Access policies can be created based on user roles, device types, and security posture, allowing for granular access control (different permissions for employees, contractors, or guests).

It supports both wired and wireless network access, including VPNs.

Cisco ISE uses various methods to authenticate users and devices trying to connect to the network, such as RADIUS, TACACS+, and multi-factor authentication (MFA).

It supports integration with existing directory services like Active Directory (AD), LDAP, and SAML for identity management.

Authorization policies determine what level of access users and devices have, based on their identity, device posture, or other contextual information.

Cisco ISE identifies and categorizes devices (e.g., Windows, macOS, IoT devices) attempting to connect to the network, using profiling techniques based on device behavior, MAC addresses, and protocols.

The platform performs posture assessments to check for compliance with security policies (antivirus status, OS version, firewall status). Devices that don’t meet requirements can be restricted or quarantined.

Cisco ISE provides customizable guest access portals, allowing temporary network access for visitors or non-employee devices. Administrators can set up policies for how long guests are permitted access and what resources they can use.

Cisco ISE allows for network segmentation based on user and device roles. By segmenting the network, Cisco ISE helps limit the spread of threats and restricts access to sensitive areas.

Integration with software-defined access (SD-Access) enables dynamic segmentation across wired and wireless networks.

Cisco ISE offers extensive visibility into network activity. This includes real-time and historical data on users, devices, and security posture. Its detailed reporting capabilities help network administrators monitor network health, audit access events, and generate compliance reports.

Cisco ISE integrates with Cisco’s broader security ecosystem, including Firepower, Stealthwatch, and TrustSec, to enhance security capabilities.

It also supports APIs to integrate with third-party security solutions, extending its functionality within a heterogeneous environment.

Cisco ISE is widely used across industries where secure, scalable, and compliant network access is critical. It can be complex to set up and requires a thorough understanding of the network architecture, but its powerful policy control and monitoring capabilities make it an essential tool for network security.

Trio enrolls devices and collects essential device data to enhance security. This data is then transmitted to Cisco ISE servers, where it can be analyzed to manage and secure access to the organization’s network. The integration is valuable because Trio's Mobile Device Management (MDM) functionality enables seamless data synchronization with Cisco ISE, ensuring that devices stay compliant with security policies. Through MDM, Trio can enforce security settings, manage device configurations, and track compliance, helping Cisco ISE maintain up-to-date information on each device’s security posture. This coordinated approach improves access control and network protection across all enrolled devices.

Trio could be especially useful with different industries of importance such as:

This will help organizations to keep their assets compliant at all times.

If you have more questions regarding Trio integration with Cisco ISE, please contact Trio support.