Post on 06-Jul-2018
Cisco Identity Services EngineSee it all, secure it now
Dan Stotts, Cisco Product Marketing Manager
PSOSEC-2009
• Where we are
• What’s new
• ISE 2.0
• ISE 2.1
• Where we’re going
• Conclusion
Agenda
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
With Cisco Identity Services Engine You Can
Stop and contain threatsSee and share rich user
and device details
Control all access
throughout the network
from one place
4
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Identity Services Engine (ISE)Global Traction Across All Market Segments
60+%Fortune 500 ISE Technology
Partners
60+
PSOSEC-2009
TrustSec Supported
Platforms
40+
Catalyst 2960-S/-C/-
Plus/-X/-XR
Catalyst 3560-E/-C/-X/-
CX
Catalyst 3750-E/-X
Catalyst 3850/3650
Catalyst 4500E
(Sup6E/7E)
Catalyst 4500E (Sup8)
Catalyst 6500E
(Sup720/2T)
Catalyst 6800
WLC
2500/5500/5400/WiSM2/
8510/8540
WLC 5760
Nexus 7000
Nexus 6000
Nexus 5500/2200
Nexus 1000v
ISRG2, CGR2000,
ISR4000
IE2000/3000/CGR2000
ASA5500 (RAS VPN)
5
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Cisco ISE unifies and automates access control to proactively enforce role-based access to
enterprise networks and resources.”
— SC Company 2016
Don’t Just Take It from Us
Recognized as a LEADER, four years in a row
— Gartner Magic Quadrant for NAC: 2014, 2013, 2012, 2011
“Cisco outstripped the competition on the strength of its superior security features, access
controls, innovations, and rapid threat containment.”
— Frost & Sullivan, 2016
A CHAMPION in Info-Tech Vendor Landscape for NAC
— Info-Tech Research Group, 2014
PSOSEC-2009 6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Introducing Cisco Identity Services Engine (ISE)
A centralized security solution that automates context-aware access to network resources and shares
contextual data
Network ResourcesAccess Policy
TraditionalCisco
TrustSec®
BYOD Access
Threat Containment
Guest Access
Role-Based
Access
Identity Profiling
and Posture
Network
Door
Physical or VM
ISE pxGrid
Controller
Who
Compliant
What
When
Where
How
Context
Threat (New!)
Vulnerability (New!)
PSOSEC-2009 7
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is new in ISE 2.0 and 2.1
TrustSec
• ACI Integration
• Change
Management
Secure Access
• Easy Connect
• BYOD
• MSE Integration
Stop and contain threatsSee and share rich user
and device details
Control all access
throughout the network
from one place
Control All Access
PSOSEC-2009
Guest
• Wireless Guest
Setup Wizard
• ISE Express
Device
Administration
• TACACS+
• ACS-to-ISE
Migration
8
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simplify security management with role-based accessTACACS+ Device Administration Support starting with ISE 2.0
Role-based access control
• Role-based access control
• Flow-based user experience
• Command level authorization with detailed logs for auditing
• Dedicated TACACS+ workcenter for network administrators
• Support for core ACS5 features
Capabilities
TACACS+ Device Administration
Benefits
What’s new for ISE?
Customers can now use Terminal
Access Controller Access Control
System Plus (TACACS+) with ISE to
simplify device administration and
enhance security through flexible,
granular control of access to network
devices.
Simplified, centralized device
administration
Increase security, compliancy,
auditing for a full range of
administration use cases
Flexible, granular control
Control and audit the
configuration of network devices
Security Admin Team
TACACS+
Work Center
Network Admin Team
TACACS+
Work Center
Holistic, centralized visibility
Get a comprehensive view
of TACACS+ configurations with
the TACACS+ administrator work
center
PSOSEC-2009
Control All Access
9
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ISE now includes all of the core device
administration capabilities found in
ACS, delivering contextual awareness
and device administration capabilities
in a single, central solution.
Unify device administration and access controlEnhanced device administration support
• Migration tool automatically migrates ACS
configuration data to ISE
• Support for core ACS5 features and dedicated device
administration Work Center supporting TACACS+
• Command-level authorization with detailed logs
for auditing
• Dynamic, role-based access control
• Discover, identify & monitor all IP-enabled endpoints
Capabilities
Manage device administration and access control policies in a single place
Benefits
What’s new for ISE?
Richer contextual policies
Build policies informed by
contextual data from devices,
infrastructure, and services
Flexible, granular control
Control and audit network device
configuration
Unified, centralized management
Get a full view of all policy
elements in a single management
console
Cisco ISE
Threat &
Vulnerability
Who
WhatWhen
How
Where
Devic
e a
dm
inis
trati
on
ACS
ISE
Co
nte
xt
Aw
are
ne
ss
Security
Admin Team
TACACS+
Work Center
Network
Admin Team
TACACS+
Work Center
Control All Access
10
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ISE is best for guest
1 million
# of supported
Guest accounts Guest account notification options
API
Portal language
customizationManage guest
accounts via REST
EMAIL PRINT SMS
Hotspot Self Sponsored Sponsored Guest Access
Immediate, un-credentialed
Internet access
Self-registration by guests,
Sponsors may approve access
Authorized sponsors create
account and share credentials
The 3 types of guest access
Control All Access
PSOSEC-2009 11
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Guest Services – Wireless Guest Setup
Control All Access
Complete Cisco ISE Wireless Guest Setup
Closest Competitor Guest Setup
Total Number of Steps: 13
Average Number of Mouse Clicks: 25
Ease of Use Rating:
Total Number of Steps: 13
Average Number of Mouse Clicks: 94
Ease of Use Rating:
PSOSEC-2009 12
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ISE Express License BundleEnterprise Guest Made Simple
Now Available: Entry-Level Bundle for the Market-Leading Cisco ISE
The Offer: One (1) ISE VM (5,000 Active Licensed Endpoints) with ISE Base Licenses for 150 Endpoints* for Single Site Deployment (Non-Distributed, No High-Availability)
The Features: Guest, RADIUS/AAA, Unlimited Custom Portals with ISE Portal Builder; Easy Installation Guide
Learn More: www.cisco.com/go/iseexpress
*SKU upgrade available so the VM can be
used for up to 10,000 endpoints and in high
availability and distribution.
Control All Access
PSOSEC-2009 13
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Secure Access SimplifiedEasy Connect
Benefits
What’s new for ISE?
Easy Connect is a quick, flexible user
authentication method that applies
when endpoints don’t support 802.1x.
Easy Connect monitors user login via
Active Directory and maps the user’s
identity to give access.
Capabilities
• Active-session monitoring across
both AD and Network log-ins
• Session maintenance from Wired
MAB clients to NADs
• Directory notification publication via
pxGrid
• Address legacy and unsupported
NADs with TrustSec
• Assignment of VLANs, dACLs, SGTs
and more for users authorized via
Easy Connect
Easy Connect merges RADIUS identity with AD
Login identity to deliver differentiated access
Most securewith integrated 802.1x,
supplicants
and certificates
Basic with whitelisting
Access
Security
Better and flexiblewith ISE Easy Connect
Complexity
Identity
mapping
Active Directory
(AD) Login
Publish
to pxGrid
SXP
speaker
Access Security
Complexity
Access
Security Complexity
Easy Connect, a secure alternative to whitelisting Increased visibility
into active network sessions
authenticated against AD
Immediate value
with no need to touch each
endpoint or require users to
authenticate again
Flexible deployment
that doesn’t require a supplicant
or PKI, allowing ISE to issue
COA for added security
Publish
to pxGrid
MnTNetwork
Access Device
w/o 802.1x
Control All Access
14
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Get the same great security across more devicesWith non-Cisco device integration
Customers can now deploy ISE
services such as Profiling, Posture,
Guest and BYOD on Network Access
Devices (NADs) manufactured by non-
Cisco vendors.
Benefits
What’s new for ISE?
Protect consistently
Deploy ISE across network
devices, including non-Cisco
NADs
Simplify administration
Leverage pre-configured profile
templates for automatically
configuring non-Cisco
NAD access
Maximize value
Realize additional value from
your existing infrastructure
Compatible device vendors*
Aruba Wireless HP Wireless
Motorola Wireless Brocade Wired
HP Wired Ruckus Wireless
• Templatized MAB configuration for select
non-Cisco vendor devices
• CoA and URL re-direction to work with ISE
• Non-Cisco NADs enabled to drive regular
802.1x operations
Capabilities
ISE services now available for non-Cisco network access devices
ISE 1.0 802.1x
New Use
Cases
Profiling
Posture
Guest
BYOD
*For additional information, refer to the Cisco Compatibility Matrix
2.0
2.1
Control All Access
PSOSEC-2009 15
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enable an easier and faster device onboarding
• Full onboarding solution that does not require IT work
• Flexible solution supporting single and multiple SSID deployments
• Built in Certificate authority and portal to simplify certificate deployments. Also integrates with PKI Infrastructure
• End User “Mydevices” Portal for personal device administration
• Supports integration with most MDM solutions including Cisco Meraki, MobileIron, Citrix, JAMF Software and
many more
Capabilities
Bring Your own Device (BYOD)
Effectively design, manage and control the access of BYOD
User tries to connect to
the network using a
personal device
ISE identifies the user as an
employee using a personal
device and directs the user
to BYOD device registration
After successful Authentication
ISE on boards the device by
installing a certificate and
applying the right policy
Now that the device has
been registered the user
is allowed access to the
network
New! Chromebook Support
• Controlled through Google Admin Console
• ISE installs EAP-TLS client certificate
• Single/Duel SSID• Chrome OS 37+
Control All Access
PSOSEC-2009 16
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enhance control with location-based authorization With the integration of Cisco Mobility Services Engine (MSE)
Control All Access
Location-based authorization
Admin defines location
hierarchy and grants users
specific access rights
based on their location.
Benefits
What’s new for ISE?
The integration of Cisco Mobility
Services Engine (MSE) adds the
physical location of a user and/or
endpoint to the context by which
access is authorized.
Enhanced policy enforcement
with automated location check
and reauthorization
Simplified management
by configuring authorization with
ISE management tools
Granular control
of network access with
location-based authorization for
individual users
Capabilities
• Enables configuration of location hierarchy across all location entities
• Applies MSE location attributes into access request to be used in authorization policy
• Checks MSE periodically for location changes
• Reauthorizes access based on new location
LobbyPatient
roomLab ER
Doctor
No access
to patient
data
Access to
patient
data
No access
to patient
data
Access to
patient
data
Patient
dataPatient data
access locations
Patient
room
ER
Lab
Lobby
PSOSEC-2009 17
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
TrustSec
Existing infrastructure
Compliance
adherence
Simplified
policy
management
Rapid
threat
containment
Data Center/
Branch/
Campus
segmentation
BYOD/
Mobility
access
control
Instant
Turn on TrustSec functionality already
embedded in your existing network
infrastructure
Adaptable
Use TrustSec’s policy enforcement
capabilities across a number of different
scenarios
Scalable
Start small and grow at your own pace,
extending into different use cases as your
business demands
Managing
IoT
proliferation
ASA
firewalls
Nexus and
Catalyst switchesIntegrated
Service Routers
Identity Services
EngineWireless
LAN
VPN
appliances
TrustSec Overview
Control All Access
PSOSEC-2009 18
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Integration of TrustSec and ACI policy
groups enables customers to address
breach, segmentation and compliance
challenges by sharing policy groups
between TrustSec-enabled networks
and ACI data centers.
Enable consistent security policy across the enterpriseTrustSec - ACI policy plane integration
Consistent security policy groups can be shared between TrustSec and ACI domains:
• Campus security groups can be used in ACI policies: ACI learns TrustSec Security Group Tags (SGTs), and
these SGTs are available for use by the APIC policy
• Endpoint groups (EPGs) can be used in campus policies: ISE retrieves EPGs and creates SGTs in harmony
Capabilities
Policy integration example – Campus and Data Center
Benefits
What’s new for ISE?
Unified security policyleveraging user, device, application &
threat state in group-based policies
Simplified security managementComplementary group-based policy
approaches simplify security design,
operations and compliance
Consistent segmentationacross the datacenter, branches,
users and devices
Campus / BranchTrustSec Policy Domain
Voice BYODAuditorEmployeeNon-
Compliant
Campus
Networks
Branch WAN
APICData CenterACI Policy DomainTrustSec SGTs mapped to and from ACI EPGs
ACI FabricTrustSec domain
AppWeb
www
Database
Point of
Sale
Control All Access
19PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Make policy changes in a flexible mannerTrustSec change management and workflow capabilities
• Modify SGACLs using a Staging Matrix and test them
before pushing to production
• View changes in comparison to the production matrix
• Leverage seamless integration with ISE RBAC
• Choose to apply changes to all TrustSec-enabled
network devices or only to selected devices
• Request and gain approval on policy changes using a
new workflow
Capabilities
Stage and test policy changes to verify impact, and roll out on your terms
Benefits
What’s new for ISE?
New change management capabilities
enable you to test TrustSec security
policy changes before deployment,
and gradually deploy changes to
different parts of the network.
Reduced risk
Minimize the likelihood of
changes causing problems
Greater control
See impact of policy adjustments
in a controlled environment and
fine-tune them before deployment
Increased flexibility
Roll out policies when you want,
where you want
Control All Access
HR FinanceBYOD-
Corp
BYOD-
Vendor
HR PERMIT DENY PERMIT PERMIT
Finance DENY PERMIT PERMIT PERMIT
BYOD-
CorpDENY DENY PERMIT DENY
BYOD-
VendorDENY DENY DENY PERMIT
Sourc
e
Protected Assets
Stage policy changes Deploy changes in production
to all devices or a selected sub-set
HR FinanceBYOD-
Corp
BYOD-
Vendor
HR DENY PERMIT PERMIT PERMIT
Finance DENY DENY PERMIT DENY
BYOD-
CorpPERMIT PERMIT DENY PERMIT
BYOD-
VendorDENY DENY PERMIT DENY
Sourc
e
Protected Assets
X X
Test and
fine-tune
20PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
With Cisco Identity Services Engine You Can
Stop and contain threatsSee and share rich user
and device details
Control all access
throughout the network
from one place
Share Consume
• pxGrid • Customizations
• New Work Centers
See
• Streamlined
Visibility Wizard
• Context Visibility
• Medical NAC
See and Share
PSOSEC-2009 21
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ISE Visibility
See and Share
?
And you can’t protect what you don’t see
?
of surveyed organizations are
not “fully aware” of the devices
accessing their network90%
of companies say their mobile
devices were targeted by
malware in the last 12 months75%
?
PSOSEC-2009 22
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Deploy quickly and easily; network access device
discovery is set up as an asynchronous process
• Get the data you need for network access device
configuration in a few clicks
• View network devices and user details in a
convenient, easily-consumable interface
• Access historical context data on endpoints that have
been on the network in prior weeks and months
Capabilities
Benefits
What’s new for ISE?
ISE 2.1 delivers a new level of visibility
into users & endpoints by making data
more consumable. It includes a
redesigned user interface (UI) that
enables you to get set up and gain
insights faster and more easily.
Improve visibility through an intuitive interfaceStreamlined Visibility Wizard
Faster time to value
with extensive, easy-to-read
reports in a matter of hours
Insightful reporting
That pulls from a rich, broad set
of network and user data
Plug-and-play setup
that takes just a few clicks and
as little as 10 minutes
User
Location
User
Location
Company Network
?
?
? ???
?
??
??
?
Visibility Wizard
See and Share
23PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Gain a deeper understanding of endpoint activityContext Visibility
• Store data on 1.5M endpoints across 50 attributes,
not just endpoints that are currently active
• Benefit from in-disk storage (elastic search)
• Get insight more easily through a better UI
• Perform forensic analysis on endpoints on the
network in a previous week or month
• Import/export data as needed
• Aggregate endpoint information in one place
Capabilities
Benefits
What’s new for ISE?
The ability to aggregate, store and
search high volumes of endpoint data,
giving you greater visibility. ISE 2.1
collects data from multiple sources into
one place, and its enhanced database
stores more historical data than ever.
Unified view
Access all of the endpoint data
you need from one place
Simple, fast discovery
Get to the information you’re
looking for in a few seconds
Deeper visibility
Perform detailed, retroactive
forensic analysis after an
endpoint has left the network
LogsSys logsReports
II00 I0I0 0I
John on his iPad in Building
8 has Vulnerability <XYZ>
See and Share
24PSOSEC-2009
Five Minute Visibility Demo
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Introducing Medical NAC
Cisco Medical NAC protects your organization by increasing your network
visibility by finding both clinical and non-clinical devices attached to the network,
fingerprinting those devices based on the built-in device profile libraries, and
automating device classification for better policy management.
Increased visibility Over 250 medical device fingerprints are built-into ISE profile
Open API enables endpoint information sharing with other 3rd vendor products including SIEM
products, Vulnerability Assessment products, and others
Improved policy management Endpoint posture validation ensures antivirus software and firewalls are up-to-date
Strong role-based network & resource access control restricts unauthorized access to both
sensitive data as well as critical medical networked medical devices
Integration with individual network components including network switches, routers, and
firewall, making sure that all the security measurements and policies are in sync and resources are
segmented
Better experience Superior BYOD experience to enable physicians and staff to work on their own devices
Total guest access management for both patients and visitors on their mobile devices, while
protecting critical data and equipment from unwanted access by compromised devices.
See and Share
26PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Leverage our growing partner ecosystemIntegration with new ecosystem solutions across many use cases
Threat-Centric NAC Cloud Access Security Broker User Behavior Analytics
Partner use cases
Identity Access Management Network Visibility Mobile Device Management
Rapid Threat Containment & Threat Defense
Benefits
What’s new for ISE?
Integration with new ecosystem
partner solutions through the pxGrid
framework, and expansion of existing
partnerships to new use cases.
Improved responsiveness & control
Unify security and network event
data and respond faster by
facilitating access to the Cisco
network
Greater visibility
Gain visibility into user and device
activity, threats, vulnerabilities, and
more for deeper analytics & reports
Simplified management
Manage policy in a single place by
integrating ISE with other vendor
solutions
See and Share
SIEM EMM/MDM UBAVulnerability
Assessment
Threat
DefenseIoT IAM/SSO PCAP
Network
VisibilityCASB
Performance
Management27PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Get the information YOU need faster than everDashboard customization and workflow enhancements
• Build custom dashboards; user controls what to view
• Add/remove/rename tabs and dashboard
components (“dashlets”)
• Adjust layout – re-order dashlets, select from
layout templates, and drag and drop dashlets
• Export to Excel and PDF
• Use new task-oriented Work Centers focused on
BYOD, Posture, and Profiling
Capabilities
Benefits
What’s new for ISE?
Enhanced reporting and easier
customization using dashlets to quickly
adjust and create views that fit your
specific needs. New task-oriented
workcenters for guest, BYOD, posture,
profiling, and network access.
See the details that matter to you
Easily create your own single
pane of glass for quick insights
Integrate with existing analytics
Connect with your Office
analytics through Excel exports
Get things done more easily
Use new Work Centers to
accelerate core activities
Each individual can customize the
main screen easily and quickly
Three new Work Centers streamline management activities
Director of Security
NOC EngineerSecurity Engineer
Dashboard Customization New Work Centers
See and Share
28PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
With Cisco Identity Services Engine You Can
Stop and contain threatsSee and share rich user
and device details
Control all access
throughout the network
from one place
Rapid Threat Containment
Stop and Contain
29PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Use the latest rapid threat containment (RTC) capabilitiesFeaturing Firepower Management Center (FMC) and Identity Service Engine (ISE) integration
• Integrated pxGrid remediation module - no more
pxGrid connection agent
• Session information obtained from ISE via pxGrid
• SGTs can be used in FMC access control policies
• Ability to integrate with AMP for malware protection
• Remediation options: Quarantine, Unquarantine, Port
Shutdown
• Quarantine actions triggered per policy with Cisco
Firepower and ISE integration
• Infected users can be notified and directed to a portal
for remediation
Capabilities
Benefits
What’s new for ISE?
Cisco Firepower Management Center
integrates with ISE, helping you
automatically address suspicious
activity on your network based on pre-
defined policies and dynamically stop
threats before they spread.
Automate threat defense
by leveraging ISE to alert the
network of suspicious activity
according to policy
Gain greater scalability
by using the pxGrid framework
Leverage a growing ecosystem
of partners that provide rapid
threat containment by integrating
with ISE
Stop and Contain
Automatically defend against threats with FMC and ISE
FMC correlates
sensor data,
detects file and
alerts ISE to
change access
policy to
suspicious
Device is
contained; user is
redirected to
remediation portal
User downloads a
malicious file;
sensors scan user
activity and file
Network access is
restored after
remediation
ISE automatically
restricts access
based on new
policy
Improved
scalability
pxGrid
controller
30PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Gain greater visibility and control
Threat-centric NAC
• Author intelligent policies informed with new threat
and vulnerability data
• Eliminate unknowns and ensure device compliance
• Take immediate action on high-priority issues
• Gain awareness when a vulnerability score changes
or a threat is detected, and adjust network privileges
• Automate containment of vulnerable endpoints
based on vulnerability score
Capabilities
Benefits
What’s new for ISE?
ISE now incorporates vulnerability
assessments from Qualys and threat
incident intelligence from Talos and
AMP, helping you ensure your policies
account for the latest vulnerabilities
and threats.
Deeper visibility
that extends to all endpoints on
the network
Expanded control
driven by threat intelligence and
vulnerability assessment data
Faster response
with automated, real-time policy
updates based on vulnerability
data
Rapid Threat Containment now offering Threat-centric NAC
Stop and Contain
Compliant
Where
How
VulnerabilityThreat
Who
What
When
Cisco ISE
AMP
31PSOSEC-2009
Rapid Threat Containment Demo
Where are we going
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Managing policy based on ‘Trust’Connecting Trusted Devices to Trusted Services
✕ ✕ ✓ ✓ ✕ ✕
✕ ✓ ✓ ✓ ✓ ✕
✓ ✕ ✓ ✓ ✓ ✓Trusted Asset
Trusted User
Partners
Tru
ste
d U
se
r
Pa
rtn
ers
Clo
ud
Ap
p A
Clo
ud
Ap
p B
Se
rve
r A
Se
rve
r B
Cloud
On Prem
Tru
ste
d A
pp /
Se
rvic
es
No
n-T
ruste
d A
pp /
Se
rvic
es
Improved Visibility and DecisionSoftware-Defined Segmentation,
Service Access & Entitlement
Location-Free App/Service
Access
Vulnerability
Threats
Posture
Behavior
Time
Location
User-Groups Device-type
CISCO IDENTITY SERVICES ENGINE
34
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Let’s Get Started
Visit cisco.com/go/ise or connect with
us at cisco.com/go/ise-community
PSOSEC-2009 35
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.
36PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
37PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
More Ways to Learn about ISE at Cisco Live!Topic When Where Session ID Speaker
Deploying TrustSec Security Group Tagging Tuesday, July 12 - 1:30 pmIslander I, Lower
Level
BRKSEC
2203
Kevin Regan
Mobile Devices and BYOD Security -
Deployment and Best PracticesTuesday, Jul 12, 4:00 p.m.
Mandalay Bay E,
Level 2
BRKSEC-
2045
Sylvain Levesque
Choice of Segmentation and Group-based
Policies for Enterprise NetworksThursday, July 14 - 8:00 am South Seas C
BRKCRS
2893
Hariprasad Holla
Building an Enterprise Access Control
Architecture using ISE and TrustSecWednesday, July 13 - 8:00 am Oceanside D
BRKSEC
2695
Imran Bashir
Advanced ISE Services, Tips & Tricks Wednesday, July 13 - 8:00 am
Thursday, July 14 - 8:00 amSouth Pacific I
South Seas I
BRKSEC
3697
Aaron Woland
Advanced Security Groups Tags:
The Detailed Walk Through
Wednesday, July 13 - 1:30 pmSouth Pacific I
BRKSEC
3690
Darrin Miller
Building Network Security Policy:
Through Data IntelligenceThursday, July 14 - 1:00 pm South Pacific B
BRKSEC
2026
Darrin Miller
Designing ISE for Scale & High Availability Thursday, July 14 - 8:00 amMandalay Bay
A, Level 2
BRKSEC
3699
Craig Hyps
Cisco IT's Assured Network Access: (ISE)
Deployment and Best Practices Thursday, July 14 - 10:30 am
Mandalay Bay
D, Level 2
BRKCOC-
2015
Bassem Khalife
38PSOSEC-2009
Thank you
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Resources
ISE Public Community http://cs.co/ise-community
ISE Partner Community http://cs.co/selling-ise
ISE Compatibility Guides http://cs.co/ise-compatibility
ISE Design Guides http://cs.co/ise-guides
ISE Proof of Value (PoV) http://cs.co/ise-pov
ISE Champions [Internal] http://cs.co/ise-champions
PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Public ISE Community@ http://cs.co/ise-community
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Selling ISE @ http://cs.co/selling-ise
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ISE Compatibility Guides@ http://cs.co/ise-compatibility
√ — Fully supported
X — Not supported
! — Limited support, some functionalities not supported
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ISE Design Guides @ http://cs.co/ise-guides
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ISE Champions @ http://cs.co/ise-champions
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Security Joins the Customer Connection ProgramVirtual Customer User Group Program
19,000+
Members
Strong• Who can join: Cisco customers, service
providers, solution partners and training partners
• Private online community to connect with peers & Cisco’s Security product teams
• Monthly technical & roadmap briefings via WebEx
• Opportunities to influence product direction
• Local in-person meet ups starting Fall 2016
• New member thank you gift* & badge ribbon when you join in the Cisco Security booth
• Other CCP tracks: Collaboration & Enterprise Networks
Join in World of Solutions
Security zone Customer Connection stand
Learn about CCP and Join
New member thank-you gift*
Customer Connection Member badge ribbon
Join Online
www.cisco.com/go/ccp
Come to Security zone to get your new member gift*
and ribbon
* While supplies last
PSOSEC-2009
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Security Cisco Education OfferingsCourse Description Cisco Certification
CCIE Security Expert Level certification in Security, for comprehensive understanding of security
architectures, technologies, controls, systems, and risks.
CCIE® Security
Implementing Cisco Edge Network Security Solutions
(SENSS)
Implementing Cisco Threat Control Solutions (SITCS)
Implementing Cisco Secure Access Solutions (SISAS)
Implementing Cisco Secure Mobility Solutions
(SIMOS)
Configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco
Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls
Deploy Cisco’s Next Generation Firewall (NGFW) as well as Web Security, Email
Security and Cloud Web Security
Deploy Cisco’s Identity Services Engine and 802.1X secure network access
Protect data traversing a public or shared infrastructure such as the Internet by
implementing and maintaining Cisco VPN solutions
CCNP® Security
Implementing Cisco Network Security (IINS 3.0) Focuses on the design, implementation, and monitoring of a comprehensive
security policy, using Cisco IOS security features
CCNA® Security
Securing Cisco Networks with Threat Detection and
Analysis (SCYBER)
Designed for security analysts who work in a Security Operations Center, the
course covers essential areas of security operations competency, including event
monitoring, security event/alarm/traffic analysis (detection), and incident response
Cisco Cybersecurity Specialist
Network Security Product Training For official product training on Cisco’s latest security products, including Adaptive
Security Appliances, NGIPS, Advanced Malware Protection, Identity Services
Engine, Email and Web Security Appliances.
For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com
48PSOSEC-2009