DefenseCisco Network SecurityBlogCiscoPublic Sector
Blog • • 5 minute read

Technology Spotlight: Cisco Identity Services Engine (ISE) Version 3.3

Cisco Identity Services Engine (ISE) empowers organizations to strengthen and simplify network security. Upgrading to ISE 3.3 Premier unlocks advanced capabilities beyond Essentials, enhancing your network's value, optimizing operations and providing robust protection against emerging security threats.

Cisco Identity Services Engine (ISE) version 3.3 is a robust security policy management platform designed to provide secure access to network resources. This latest release introduces several new features and enhancements that significantly improve network security, visibility, and management. Here are some of the key features and benefits of Cisco ISE version 3.3:

Key Features:

1.  Enhanced Security and Compliance:

  • API Keys and Certificate Authentication: Cisco ISE 3.3 supports API keys and certificate authentication for Tenable Security Center, enhancing security by providing more robust authentication methods.
  • Enhanced Password Security: This version includes improved password security measures, ensuring that user credentials are better protected against unauthorized access.
  • Support for OSquery Condition: This feature allows administrators to use OSquery conditions to enhance endpoint visibility and security.

2.  Improved Network Visibility and Management:

  • Wi-Fi Device Analytics: Cisco ISE 3.3 integrates with Cisco Catalyst 9800 Wireless LAN Controllers to provide detailed analytics on Wi-Fi devices, helping administrators monitor and manage wireless networks more effectively.
  • Enhanced Endpoint Classification: This feature enhances endpoint visibility by classifying devices based on multiple factors, improving the accuracy of device identification and management.
  • IPv6 Support: The new release includes IPv6 support for agentless posture, portal, and profiler features, ensuring compatibility with modern network environments.

3.  Enhanced User Experience:

  • Localized ISE Installation: Cisco ISE 3.3 supports localized installations, making it easier for global organizations to deploy and manage the platform in different regions.
  • Ukrainian Language Support: This version includes support for the Ukrainian language in portals, enhancing accessibility for Ukrainian-speaking users.
  • Navigation Improvements: The user interface has been improved to provide a more intuitive and efficient navigation experience.

4.  Advanced Integration and Automation:

  • Cisco Duo Integration:  Cisco ISE now directly integrates Cisco Duo as an external identity source for multifactor authentication (MFA) workflows. This is an improvement over the previous integration option to integrate DUO as an external RADIUS proxy server in ISE.
  • pxGrid Enhancements: The platform includes several enhancements to pxGrid, such as context-in API support and direct data synchronization, improving integration with other security tools and systems.
  • Native IPsec Configuration: Administrators can now configure Virtual Tunnel Interfaces (VTI) with native IPsec, simplifying the setup of secure network connections.

Benefits:

1.  Increased Security: Cisco ISE 3.3 provides comprehensive security features that help protect network resources from unauthorized access and cyber threats. The enhanced authentication methods, improved password security, and multifactor authentication integration ensure that only authorized users and devices can access the network.

2.  Improved Network Visibility: The platform's advanced analytics and classification features provide detailed insights into network activity and device behavior. This improved visibility helps administrators quickly identify and respond to potential security threats, ensuring a more secure network environment.

3.  Enhanced User Experience: With its localized installation options and improved user interface, Cisco ISE 3.3 offers a more user-friendly experience. The support for multiple languages and intuitive navigation makes it easier for administrators to manage the platform and for users to interact with network resources.

4.  Better Integration and Automation: Cisco ISE 3.3's integration with other security tools and systems, such as Cisco Duo and pxGrid, allows for more streamlined and automated security management. This integration reduces the complexity of managing multiple security solutions and enhances the overall efficiency of network security operations.

5.  Future-Proofing: By supporting modern network protocols like IPv6 and providing advanced security features, Cisco ISE 3.3 ensures that organizations are prepared for future network challenges. The platform's scalability and flexibility make it suitable for a wide range of network environments, from small businesses to large enterprises.

Finally, there are three ways that a user can generate reports from Cisco ISE; a concise way, a pretty way, and a detailed way. The first concise view is from the dashboards where you can edit widgets as needed to provide the exact information required with graphs and charts. Secondly, if the options on the dashboard aren't sufficient, then users have a full spectrum of options with Grafana built-in reporting options to make the best-looking report your leadership may have ever seen. The final option is inside the Cisco ISE reporting tool itself. Here users may choose granular information around any element of AAA or integration information that ISE has access to. This last option is the most detailed of the bunch and helps match DISA requirements. 

In conclusion, Cisco ISE version 3.3 offers a comprehensive set of features and benefits that enhance network security, visibility, and management. Its advanced security measures, improved user experience, and seamless integration with other security tools make it an essential platform for modern network environments.

How can WWT's Army GEMSS Team help you integrate Cisco ISE 3.3 into your network?

Under the Army's GEMSS contract, Cisco ISE 3.3 is available to Army commands world-wide.  Please contact us at: usarmyciscogemss@wwt.com or fill out a support request form at: https://app.smartsheet.com/b/form/8bcc9625b5d44b9788fd5ba1de63cbde for further assistance.

For more information on Cisco ISE 3.3 – see this link on the DISA APLITS portal:  https://aplits.disa.mil/downloadFileAPL.action?trackingNumber=2121101

-----------------------------------

The Army GEMSS EA is your one-stop-shop for Cisco network security, software, design and support services, and training. World Wide Technology is a Cisco Systems Gold Partner, combining our shared expertise to provide the U.S. Army with the latest Cisco products and innovations to serve the American Soldier.

Technologies