[ad_1]
If you have been at Cisco Live in Las Vegas earlier this week you absolutely noticed that Cisco had lots of new merchandise to announce. One of those new merchandise was the replace to Cisco Identity Services Engine (ISE 3.3).
Every community admin or safety operator has the identical subject: you’re making an attempt to boost your community’s safety, whereas including visibility and boosting effectivity, all with out sacrificing flexibility. In different phrases, you need extra options with out the problems. Cisco ISE 3.3 has that.
Split Upgrade and Multi-Factor Classification provides flexibility
When it involves flexibility, Cisco ISE 3.3’s Split Upgrade function will change the best way you take a look at ISE upgrades. Customers might be hesitant to replace to the latest model of Cisco ISE, as a result of it could actually take a very long time for ISE nodes with giant databases to finish the improve. Split Upgrades is a brand new course of that’s much less advanced, as recordsdata are downloaded earlier than upgrades and prechecks are achieved. Split Upgrade offers you higher management on which ISE nodes to improve at any given time, with none downtime.
Another function in Cisco ISE 3.3 supplies a technique to simply establish clusters of unidentified endpoints discovered on the community. These endpoints are unidentified as a result of oftentimes quite a lot of endpoints connect with the community that aren’t immediately provisioned by IT. This function makes use of AI/ML Profiling and multi-factor classification (MFC) to shortly establish clusters of an identical unknown endpoints through a cloud-based ML engine. From there, the units might be reviewed by proposed profiling insurance policies through the ML engine and have the units labeled as both MFC Hardware Manufacturer, MFC Hardware Model, MFC Operating System and MFC Endpoint Type.
By putting the unidentified system into considered one of these 4 buckets, Cisco ISE has taken a giant chunk of guessing what goes the place out of the equation. From there it’s simpler for the client to find out what the endpoints are and what insurance policies ought to govern them when on the community.
Unique to Cisco: Wi-Fi Edge Analytics
A Cisco-only function referred to as Wi-Fi Edge Analytics will permit community admins to mine knowledge from Apple, Intel and Samsung units to higher enhance profiling. Cisco Catalyst 9800 wi-fi controllers will cross alongside endpoint-specific attributes, equivalent to mannequin, OS model, firmware, amongst others, to ISE through RADIUS. From there this info shall be used to profile widespread endpoints discovered on the community. Network Admins will now have extra knowledge permitting them to create extra outlined profiles. The extra info that’s on the fingertips of the admin, the extra exact the profile.
Even More Flexibility with Controlled Application Restart
To enhance effectivity, predictability and scale back downtime, Cisco ISE 3.3 gives Controlled Application Restart. It advantages clients by saving them time and eliminating lots of the complications that include managing ISE admin certificates. Customers at the moment are given the power to regulate the alternative of the ISE administrative certificates permitting them the power to plan for upkeep as soon as their present certificates expires. Prior to this new function, a certification alternative required a whole reboot of all of the PSNs within the deployment with out the power to know or management the order to the reboot, which might trigger some admins to permit the certification to lapse.
Changes to certificates require a restart because it impacts systemwide configuration and can’t be achieved throughout operational hours because it requires important downtime. However, Cisco ISE 3.3 now supplies flexibility for these certifications to be scheduled the restart on the community admins’ comfort; through the midnight or on weekend when community utilization is low. This eliminates the necessity for that downtime and helps to easy safety updates with out disruption.
Controlled Application Restart is a response to an trade pattern the place clients are shifting to a short-term certificates attributable to added safety. This new function is helpful as the upkeep wanted to replace the certification—which might take upwards of half-hour per certificates—might be scheduled for the midnight, when community use is low, saving each time and sources.
Improved Insights with pxGrid Direct Visibility
pxGrid Direct Visibility has improved visibility from the final iteration of Cisco ISE (ISE 3.2) and now clients get improved endpoint attributes through exterior databases equivalent to Service Now. These attributes can now be proven in Context Visibility. Whether the information comes from endpoints, customers, units or which apps are working over the community and its totally different attributes, it supplies lots of info such because the system sort, system proprietor and different issues like whether or not the system is operational.
Getting this endpoint knowledge in an simply accessible trend means that you can make higher community selections based mostly on details. This knowledge can then be spun to run the community in a extra environment friendly method permitting for a safer community and fewer time spent on translating info.
Tougher Security with the TPM Chip
The new TPM Chip (for supported {hardware}) is a response to the necessity for elevated safety. Found on the brand new SNS-3700 fashions and in some digital environments (in a type of Virtual TPM), the TPM chip is a devoted chip the place delicate info might be saved. Previously if Cisco ISE used a password to hook up with a database, it was saved within the file system, which is much less safe. But now with the knowledge housed on the bodily TPM Chip, and with the power to create true random numbers for key era, it has confirmed to be tougher to entry thus offering a safer place for info to be saved.
With the variety of new options and performance that involves you with the most recent Cisco ISE 3.3 replace, your community’s safety be enhanced, and you’ll discover a rise in effectivity and visibility.
Watch the Cisco ISE website online for extra particulars on availability: https://www.cisco.com/site/us/en/products/security/identity-services-engine/index.html
Share: