CISCO ISE (Identity Services Engine)
Offer a reference bonus

CISCO ISE (Identity Services Engine)



PitchCisco Identity Services Engine - усовершенствование мониторинга, контроль доступа, сдерживание угроз

Product features


The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives you intelligent, integrated protection through intent-based policy and compliance solutions. And it is all delivered with streamlined, centralized management that lets you scale securely in today's market.

Username is a key element in determining access to a network. Username can also help you alert you users to potentially suspicious activity with their devices. It answers the all-important question of who is connected to your network.

The Cisco Identity Services Engine (ISE) Passive Identity Connector centralizes, consolidates, and distributes identity information, including IP addresses, MAC addresses, and usernames. At the same time it offloads work from key infrastructure such as Microsoft Active Directory.

Many servers on the network are active participants in user authentication. They take user credentials and either verify them or look them up in a dedicated repository such as Active Directory. Rather than being actively involved in user authentication, the Passive Identity Connector listens to the various authentication servers on the network. It centralizes the authentication information, becoming the single source of truth for its subscribers.

The Passive Identity Connector distributes the session identity information to other devices on the network that are natural consumers of such information. These devices include firewalls, web security appliances, and traffic analyzers. Using the Cisco Platform Exchange Grid (pxGrid), the Cisco ISE Passive Identity Connector can support up to 20 subscribers.


  • Centralized information
  • Improved performance
  • Syslog server support
  • Active Directory support
  • Kerberos SPAN support
  • Endpoint probes
  • Active Directory agent
  • Support for custom APIs
  • Citrix Terminal Server support
  • High availability
  • Migration support
  • Virtual machine support
  • Scalability


  • Consolidates data from multiple authentication sources, eliminating the need for every system that requires authentication data to interact with every authentication source
  • Eliminates the burden on an often-overtaxed infrastructure with a single system that caches data for other authentication data consumers
  • Gathers authentication data from systems that support syslog
  • Gathers authentication data from Active Directory through the Microsoft Windows Management Interface (WMI)
  • Gathers Active Directory authentication data from switches supporting Kerberos SPAN
  • Understands when endpoints log off
  • Gathers authentication data from up to 10 Microsoft Active Directory domain controllers
  • Gathers authentication data from systems that support a custom interface
  • Gathers authentication data from Citrix Terminal Server
  • Supports active/passive redundancy
  • Customers may upgrade from the Cisco ISE Passive Identity Connector to Cisco ISE, adding the Passive Identity Connector node to an existing Cisco ISE cluster.
  • Supports KVM, VMware, and Hyper-V
  • Tailored to fit your organization with support for 3,000 and 300,000 sessions


Reduce Costs

Enhance Staff Productivity

Ensure Security and Business Continuity

Improve Customer Service

Characteristics (Network Admission Control (NAC))

Ease of Implementation

Requires network pre-requisites


Virtual or hardware appliance

Heterogeneous Network

Works best with Cisco environment

Centrally Managed

Recommends appliances for remote locations

VLAN Segmentation

Available only with 802.1X

Standardized API

Offers scalable context

Role-Based Policies

More effective with 802.1X


Requires an agent for posture assessment

Full Non-802.1X Deployment

Requires 802.1X to authenticate devices

No Requirement for Topology Changes

Network firmware upgrades, complex configuration, RADIUS

Scalable Deployments

802.1X limits scalability of deployments

Remote Branch Deployments

Requires on site configuration and challenges branch availability

Wireless Support

Wireless via 802.1X

Device Visibility

Visibility enhanced with 802.1X compatible devices

Application Visibility

Requires agent

IOT Device Visibility & Control

Basic profiling of IoT devices

Network View

No capability for full network view

Incident Response

Lack of context, requires manual intervention

Guest Access

Full capabilities for guest access


BYOD control and visibility with captive portal

Scheme of work

 Scheme of work

Competitive products