Network Access Control (NAC) has come a long way since 2004, when it was all the rage. As a young CCIE at the time, Cisco's acquisition of Perfigo made me realize how necessary it was for a solution that recognizes users, their devices and roles; evaluates the security posture of the endpoint and scans for vulnerabilities; and enforces policy in the network. Fast forward over 20 years later, and NAC is still an illustrious solution critical to modern security architecture including Zero Trust. As an example, the US Department of Defense views Comply-to-Connect (C2C): The foundation for DoD’s zero trust journey.
Cisco Identity Services Engine or ISE in short, is a market-leading NAC solution that offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives you intelligent, integrated protection through intent-based policy and compliance solutions. And it is all delivered with streamlined, centralized management that lets you scale securely in today's market. According to Cisco, the average ISE customer has seen $1.6M saved by avoiding security events over three years and 200 fewer hours spent remediating major network security events. Cisco ISE addresses many challenges with a broad set of mission-critical Network Access Control (NAC) use cases:
With ISE having so many capabilities, organizations have a plethora of design and configuration options that require a lot of expert knowledge. In most instances, leveraging an expert to provide Planning, Design, and Implementation services is typically highly recommended by Cisco and Partners.
Many organizations limit their initial deployment scope to accelerate Cisco ISE adoption, but that leads to a bigger question....
As with many network and security solutions, organizations will be required to perform routine activities to maintain ISE, including:
Most organizations will also need to address new networking and security requirements and use cases, for example:
Building engineering and operations capabilities around Cisco ISE can be a struggle for many organizations. Most organizations look to train existing staff on ISE or hire the necessary expertise.
With gaps in network and security skills, resources, and expertise, IT teams are stretched thin already, and security breaches, network performance issues, and delayed IT projects are commonplace. With the Cisco ISE Administrator Guide being 1,470 pages, asking anyone to learn, understand, and apply this knowledge is difficult. If you are a smaller organization you might have a small team with shared responsibilities and ISE might be 5% of their job responsibility. Far too often, the end result is, "I refuse to touch ISE!" or much worse, "that change we made just broke network access."
Tech moves at warp speed, and so do the skills it demands. Many organizations are struggling to find candidates with the specific skills and expertise they need, especially in solutions like Zero Trust, NAC, and Cisco ISE. A staggering 86% of CIOs surveyed by Gartner said they faced increasing competition for hiring top tech talent, with 71% also concerned about talent attrition. To make matters worse, many of the individuals with existing Cisco ISE & NAC expertise are extremely rare which equates to higher salary demands. Unless you are a fairly large organization, you probably do not need a full time ISE expert on staff.
ISE Expert as a Service (ISEEaaS) is designed to augment and supplement your IT Team by providing on-demand access to experts to manage, maintain, and optimize Cisco ISE. This service helps organizations enhance their existing Cisco ISE deployment, ensuring an up-to-date deployment and configuration in accordance with Cisco & industry best practices.
Available as a 1 or 3 year subscription. ISEEaaS includes a full ISE Health Assessment, ISE Software Upgrade, Certificate Maintenance, Software Patch Installation, and a quarterly allocation of Consulting & Advisory hours.
CONSISTENT ONGOING OPTIMIZATION, MAINTENANCE, AND SUPPORT
ISEEaaS was created as a result of our implementation customers requesting assistance after initial deployment with operationalizing, maintaining & supporting Cisco ISE. With ISEEaaS, organizations can focus on supporting existing technologies and innovation, and leverage ISE Experts to provide:
Schedule a FREE Cisco ISE Express Health Assessment with one of our experts!