Nov 06 2018

How Feds Can Get the Most from Cisco’s Identity Service Engine

A powerful tool for identity management requires careful consideration during deployment.

Cisco SystemsIdentity Services Engine provides cybersecurity and networking teams with visibility into the identity of users accessing their networks. These suggestions can help organizations efficiently and effectively implement the solution across wired networks, wireless networks and VPNs.

1. Understand What ISE Can (and Can’t) Do

ISE is powerful, but it’s not magic. Agencies must understand its capabilities before they make the financial and time commitment to deploy the product. For example, ISE is capable of probing systems across the network and identifying those that respond to its polling requests, but it does not monitor network traffic for signs of activity.

2. Tap User Authentication for Added Value

ISE can authenticate either devices or users. Many organizations benefit from integrating ISE with other components of their security infrastructure, such as Cisco Stealthwatch and Firepower. Those integrations are much more powerful when they have access to user data, so pursue user authentication whenever possible.

3. Check Device Compatibility Far in Advance

Older network equipment may not be compatible with ISE. Perform hardware compatibility checks early in the process to identify switches that require firmware upgrades or hardware replacement. Upgrading in advance speeds up ISE deployment, especially in environments where it’s difficult to schedule downtime. 

4. Tune Alarms to Cut Down on False Positives

ISE alerts you to almost every event that takes place, and that’s too much information. Only important incidents should cause alerts: spikes in CPU use, increases in authentication latency, failed backups, certificate expiration warnings and loss of contact with Active Directory domain ­controllers.


erhui1979/Getty Images