Announcing Cisco ISE 3.3 – Cisco Blogs

For those who had been at Cisco Stay in Las Vegas earlier this week you certainly noticed that Cisco had plenty of new merchandise to announce. Considered one of these new merchandise was the replace to Cisco Id Providers Engine (ISE 3.3).

Each community admin or safety operator has the identical problem: you’re making an attempt to reinforce your community’s safety, whereas including visibility and boosting effectivity, all with out sacrificing flexibility. In different phrases, you need extra options with out the problems. Cisco ISE 3.3 has that.

Cut up Improve and Multi-Issue Classification provides flexibility

In terms of flexibility, Cisco ISE 3.3’s Cut up Improve function will change the way in which you have a look at ISE upgrades. Clients might be hesitant to replace to the latest model of Cisco ISE, as a result of it could take a very long time for ISE nodes with massive databases to finish the improve. Cut up Upgrades is a brand new course of that’s much less complicated, as information are downloaded earlier than upgrades and prechecks are executed. Cut up Improve provides you higher management on which ISE nodes to improve at any given time, with none downtime.

One other function in Cisco ISE 3.3 supplies a approach to simply determine clusters of unidentified endpoints discovered on the community. These endpoints are unidentified as a result of oftentimes a wide range of endpoints connect with the community that aren’t instantly provisioned by IT. This function makes use of AI/ML Profiling and multi-factor classification (MFC) to rapidly determine clusters of equivalent unknown endpoints by way of a cloud-based ML engine. From there, the units might be reviewed by proposed profiling insurance policies by way of the ML engine and have the units labeled as both MFC {Hardware} Producer, MFC {Hardware} Mannequin, MFC Working System and MFC Endpoint Sort.

By inserting the unidentified gadget into certainly one of these 4 buckets, Cisco ISE has taken an enormous chunk of guessing what goes the place out of the equation. From there it’s simpler for the client to find out what the endpoints are and what insurance policies ought to govern them when on the community.

Distinctive to Cisco: Wi-Fi Edge Analytics

A Cisco-only function known as Wi-Fi Edge Analytics will permit community admins to mine knowledge from Apple, Intel and Samsung units to higher enhance profiling. Cisco Catalyst 9800 wi-fi controllers will go alongside endpoint-specific attributes, equivalent to mannequin, OS model, firmware, amongst others, to ISE by way of RADIUS. From there this data can be used to profile widespread endpoints discovered on the community. Community Admins will now have extra knowledge permitting them to create extra outlined profiles. The extra data that’s on the fingertips of the admin, the extra exact the profile.

Even Extra Flexibility with Managed Software Restart

To extend effectivity, predictability and scale back downtime, Cisco ISE 3.3 gives Managed Software Restart. It advantages prospects by saving them time and eliminating plenty of the complications that include managing ISE admin certificates. Clients at the moment are given the flexibility to regulate the alternative of the ISE administrative certificates permitting them the flexibility to plan for upkeep as soon as their present certificates expires. Previous to this new function, a certification alternative required a whole reboot of all of the PSNs within the deployment with out the flexibility to know or management the order to the reboot, which might trigger some admins to permit the certification to lapse.

Modifications to certificates require a restart because it impacts systemwide configuration and can’t be executed throughout operational hours because it requires vital downtime. Nonetheless, Cisco ISE 3.3 now supplies flexibility for these certifications to be scheduled the restart on the community admins’ comfort; through the nighttime or on weekend when community utilization is low. This eliminates the necessity for that downtime and helps to easy safety updates with out disruption.

Managed Software Restart is a response to an trade pattern the place prospects are shifting to a short-term certificates on account of added safety. This new function is helpful as the upkeep wanted to replace the certification—which might take upwards of half-hour per certificates—might be scheduled for the nighttime, when community use is low, saving each time and sources.

Improved Insights with pxGrid Direct Visibility

pxGrid Direct Visibility has improved visibility from the final iteration of Cisco ISE (ISE 3.2) and now prospects get improved endpoint attributes by way of exterior databases equivalent to Service Now. These attributes can now be proven in Context Visibility. Whether or not the info comes from endpoints, customers, units or which apps are operating over the community and its completely different attributes, it supplies plenty of data such because the gadget kind, gadget proprietor and different issues like whether or not the gadget is operational.

Getting this endpoint knowledge in an simply accessible trend lets you make higher community selections based mostly on info. This knowledge can then be spun to run the community in a extra environment friendly method permitting for a safer community and fewer time spent on translating data.

More durable Safety with the TPM Chip

The brand new TPM Chip (for supported {hardware}) is a response to the necessity for elevated safety. Discovered on the brand new SNS-3700 fashions and in some digital environments (in a type of Digital TPM), the TPM chip is a devoted chip the place delicate data might be saved. Beforehand if Cisco ISE used a password to connect with a database, it was saved within the file system, which is much less safe. However now with the knowledge housed on the bodily TPM Chip, and with the flexibility to create true random numbers for key technology, it has confirmed to be harder to entry thus offering a safer place for data to be saved.

With the variety of new options and performance that involves you with the most recent Cisco ISE 3.3 replace, your community’s safety be enhanced, and you’ll discover a rise in effectivity and visibility.

Watch the Cisco ISE web page for extra particulars on availability: https://www.cisco.com/website/us/en/merchandise/safety/identity-services-engine/index.html

Share: