ISE AI/ML Profiling

Identity Services Engine (ISE) Profiling is a feature that identifies and classifies endpoints on the network based on their characteristics. 

This process helps ISE to determine what type of endpoints are authenticating and how to handle them based on their profile.

Endpoints in ISE are profiled and categorized via Profiling Probes. ISE Profiling Probes collect information from endpoints connecting to the network in order to help classify them. Profiling probes in ISE can include, but are not limited to methods such as SNMP, DHCP, NMAP Scan, etc.

Although ISE comes with over 600+ Device Profiles built-in, effectively Profiling Endpoints in ISE can still entail a cumbersome and somewhat manual process, especially when the chosen Profile Probe Scan(s) return endpoints that are deemed to be “unknown” or if the organization requires profiling for high volumes of endpoints.

New in ISE 3.3 is the addition of AI/ML Rule Proposals for profiling in ISE, which provides profiling suggestions based on continuous learning across networks, helping to enhance endpoint profiling and management.

Multi-Factor Classification:

Also new in ISE 3.3 is the Multi-Factor Classification (MFC) profiler, which utilizes various profiling probes to profile endpoints and categorize them into four factors:

• MFC-Manufacturer
• MFC-Model
• MFC-OS
• MFC-Endpoint Type

Once MFC has been enabled, administrators can easily set policy based on MFC Attributes determined.

AI-ML Rule Proposals:

Previously, creating correct profiling policy could be both challenging & time consuming, especially with high volumes of endpoints, with each endpoint exhibiting unique attributes.

With AI Proposed Profiles, ISE incorporates data from the organization’s endpoints, both Profiled and Unknown endpoints, and will forward this endpoint attribute data to the Cisco-Managed Cisco AI Analytics engine, which must be enabled in order for the feature to work.

Endpoints will then be categorized into groups or “clusters”, which will fall under the MFC Categories of Manufacturer, Model, OS, Endpoint Type.

From there, the ISE Admin will have the opportunity to review the AI proposals and either accept recommendations and apply the AI profiling proposals or reject the cluster entirely.

Accepting the profiling rule applies the proposal to the unknown endpoints in the selected endpoint group. If the admin rejects the grouping, the proposal is removed from ISE. If an endpoint has already been profiled by existing system rules, it will not be re-profiled.

By adding proposed Profiles via AI/ML into ISE, ISE Administrators  now have the option to simplify the profiling process and be able to classify endpoints quicker and more efficiently.

For more information around ISE implementations, and POVs, please reach out to the ModernCyber team for more information around our Professional Services, Deployment Evaluation, and Enablement services.