No security program is complete without an effective means of identifying would-be network users and authenticating their credentials. Cisco Systems’s Identity Services Engine does just that.
Here’s how businesses can efficiently and effectively implement the solution across wired networks, wireless networks and VPNs.
Understand What ISE Can (and Can’t) Do
ISE is powerful, but it’s not magic. Businesses must understand its capabilities before they make the financial and time commitment to deploy the product. For example, ISE is able to probe systems across the network and identify those that respond to its polling requests, but it does not monitor network traffic for signs of activity.
Tap User Authentication for Added Value
ISE can be used to authenticate either devices or users. Many organizations benefit from integrating ISE with other components of their security infrastructure, such as Cisco Stealthwatch and Firepower. Those integrations are much more powerful when they have access to user data, so pursue user authentication whenever possible.
Check Network Device Compatibility Far in Advance
Older network equipment may not be compatible with ISE. Perform hardware compatibility checks early in the process to identify switches that require firmware upgrades or hardware replacement. Upgrading in advance speeds up ISE deployment, especially in environments where it’s difficult to schedule downtime.
Tune Alarms to Lower the False-Positive Rate
Out of the box, ISE alerts you to almost every event that takes place, and that’s simply too much information for most security teams. Make sure only the most important incidents cause alerts: CPU usage spikes, increases in authentication latency, failed backups, certificate expiration warnings and loss of contact with Active Directory domain controllers.