Call a Specialist Today! 800-886-5369
Cisco Identity Services Engine
Cisco ISE is the policy decision point at the heart of zero trust. It gathers intelligence from across your stack to authenticate users and endpoints, enforce granular access policies, and automatically contain threats — across wired, wireless, and VPN connections.
Managing who and what connects to your network has never been more complex. Users work from everywhere, devices span from managed laptops to unmanaged IoT sensors, and the network extends across campus, branch, and cloud. Cisco ISE gives you a single platform to authenticate every user, profile every device, and enforce access policies based on identity, location, device posture, and more — integrating with the rest of your stack through pxGrid to share context and automate threat response.
Zero Trust Architecture
In zero-trust architecture, Cisco ISE is the policy decision point. It gathers intel from the stack to authenticate users and endpoints and automatically contains threats. Common Policy provides users with the ability to send each domain the same user, endpoint, and application context — giving every part of your stack the flexibility to enforce policies on its own terms.
ISE delivers the full spectrum of network access security services from a single management console, supporting physical and virtual deployments across on-premises and cloud environments.
Define granular access rules based on user identity, device type, location, time of day, and posture compliance. ISE enforces these policies using RADIUS, TACACS+, and Security Group Tags across your entire network.
ISE automatically identifies, classifies, and profiles every endpoint that connects to your network — from laptops and phones to IoT sensors — using passive network telemetry and predefined device templates.
Cisco Security Group Tags (SGTs) let you segment your network based on business roles rather than IP addresses. This simplifies firewall rule management and reduces IT operations effort by up to 80%.
Verify that connecting devices meet your security requirements — OS patches, antivirus status, disk encryption, and firewall configuration — before granting any level of network access.
From guest onboarding to device administration, ISE covers the full range of network access requirements enterprises face every day.
Provide customizable guest portals with hotspot, self-service, and sponsored access workflows. Track guest activity for compliance and audit purposes with built-in time limits and SMS verification.
Reduce help desk tickets and deliver a better user experience by empowering employees to add and manage their own devices through self-service portals, including SAML 2.0 support.
Set up and secure connections with VLAN assignments, downloadable ACLs (dACLs), URL redirects, and named ACLs — all designed to enforce least-privilege access efficiently and consistently.
Centrally manage who can access and configure network devices. Grant granular command-level permissions based on user credentials, groups, and location, with full audit trails for compliance.
Automatically quarantine compromised endpoints using Adaptive Network Control. ISE integrates with your security stack to change access levels in real time based on vulnerability scores and threat intelligence.
Deploy ISE as a physical appliance or virtual machine on VMware, KVM, Hyper-V, Nutanix AHV, VMware Cloud, or AWS. Create high-availability clusters for enterprise redundancy requirements.
Cisco ISE integrates with Cisco solutions and third-party tools through pxGrid to share user, device, and threat context in real time — enabling automated, coordinated responses across your entire security stack.
Automate network management and secure access. Catalyst Center and ISE work together to enforce policy-based segmentation and streamline network operations from a single management plane.
Explore Cisco Catalyst Center
Define and enforce device and access policies through effective segmentation to mitigate risks from unknown IoT devices. ISE provides the identity and policy engine that powers SD-Access segmentation.
Explore Cisco SD-Access
Secure applications and enable frictionless access with strong MFA and device trust. Duo and ISE together establish user and device trust, provide visibility into all devices, and enable secure access to every application.
Explore Cisco DuoShare the identity context of users and devices — including IoT/OT — with Cisco’s Hybrid Mesh Firewall for granular, identity-aware segmentation policies that follow users across the network.
Explore Cisco Secure FirewallGain deep visibility into OT and industrial IoT devices. Cyber Vision shares endpoint data with ISE through pxGrid, enabling automated segmentation policies for operational technology environments.
Explore Cisco Cyber VisionExtend zero trust policies from the network to cloud-delivered SSE. ISE and Secure Access work together to enforce consistent access control across on-premises and remote users with shared identity context.
Explore Cisco Secure AccessCisco ISE is available on major cloud marketplaces, making it easy to integrate into your existing cloud procurement and billing workflows.
Optimize applications and workloads running on AWS. Deploy Cisco ISE directly from AWS Marketplace to enforce access policies for cloud-hosted resources and hybrid environments.
Connect with Microsoft Azure to enhance your application resources. Review buying options on Azure Marketplace to deploy Cisco ISE alongside your existing Azure infrastructure.
Organizations in healthcare, transportation, manufacturing, and higher education rely on Cisco ISE to protect their networks and users.
A zero-trust approach to security protects the privacy of patients’ personal data at this Ohio children’s hospital. ISE enables granular access control across medical devices, staff endpoints, and guest networks.
An expert in industrial cybersecurity uses Cisco ISE to help leading manufacturing and critical infrastructure organizations implement digital safety solutions and enforce OT/IT network segmentation.
Ampol’s global business includes refineries, fueling stations, and corporate offices. The company’s infrastructure and retail operations are protected and connected with Cisco technology including ISE.
A Georgia Department of Transportation deployed an intelligent transportation systems network that digitizes traffic control to support efficient, accessible transportation, secured by Cisco ISE.
Baldwin Wallace University deployed a modern network infrastructure using Cisco ISE to increase accessibility, enhance the student wireless experience, and improve security across its Ohio campus.
Cisco ISE 3.4
Business continuity demands a strong resilient security posture that goes beyond initial authentication and session-long protection. Cisco ISE 3.4, our latest version, provides your network with operational flexibility, increased security, and cohesiveness with intelligent insights. ISE 3.x delivers that resilience while limiting risk of disruption — verifying device posture and ensuring easy compliance with your security policy.
Our Cisco-certified team can help you plan, license, and deploy ISE across your organization. Whether you need basic network access control or full microsegmentation with pxGrid integrations, we will help you build a zero trust foundation that scales.