cisco identity services engine see it all, secure it...

Cisco Identity Services EngineSee it all, secure it now

Dan Stotts, Cisco Product Marketing Manager

PSOSEC-2009

• Where we are

• What’s new

• ISE 2.0

• ISE 2.1

• Where we’re going

• Conclusion

Agenda

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

With Cisco Identity Services Engine You Can

Stop and contain threatsSee and share rich user

and device details

Control all access

throughout the network

from one place

4


Cisco Identity Services Engine (ISE)Global Traction Across All Market Segments

60+%Fortune 500 ISE Technology

Partners

60+

PSOSEC-2009

TrustSec Supported

Platforms

40+

Catalyst 2960-S/-C/-

Plus/-X/-XR

Catalyst 3560-E/-C/-X/-

CX

Catalyst 3750-E/-X

Catalyst 3850/3650

Catalyst 4500E

(Sup6E/7E)

Catalyst 4500E (Sup8)

Catalyst 6500E

(Sup720/2T)

Catalyst 6800

WLC

2500/5500/5400/WiSM2/

8510/8540

WLC 5760

Nexus 7000

Nexus 6000

Nexus 5500/2200

Nexus 1000v

ISRG2, CGR2000,

ISR4000

IE2000/3000/CGR2000

ASA5500 (RAS VPN)

5


“Cisco ISE unifies and automates access control to proactively enforce role-based access to

enterprise networks and resources.”

— SC Company 2016

Don’t Just Take It from Us

Recognized as a LEADER, four years in a row

— Gartner Magic Quadrant for NAC: 2014, 2013, 2012, 2011

“Cisco outstripped the competition on the strength of its superior security features, access

controls, innovations, and rapid threat containment.”

— Frost & Sullivan, 2016

A CHAMPION in Info-Tech Vendor Landscape for NAC

— Info-Tech Research Group, 2014

PSOSEC-2009 6


Introducing Cisco Identity Services Engine (ISE)

A centralized security solution that automates context-aware access to network resources and shares

contextual data

Network ResourcesAccess Policy

TraditionalCisco

TrustSec®

BYOD Access

Threat Containment

Guest Access

Role-Based

Access

Identity Profiling

and Posture

Network

Door

Physical or VM

ISE pxGrid

Controller

Who

Compliant

What

When

Where

How

Context

Threat (New!)

Vulnerability (New!)

PSOSEC-2009 7


What is new in ISE 2.0 and 2.1

TrustSec

• ACI Integration

• Change

Management

Secure Access

• Easy Connect

• BYOD

• MSE Integration


and device details

Control all access


from one place

Control All Access

PSOSEC-2009

Guest

• Wireless Guest

Setup Wizard

• ISE Express

Device

Administration

• TACACS+

• ACS-to-ISE

Migration

8


Simplify security management with role-based accessTACACS+ Device Administration Support starting with ISE 2.0

Role-based access control

• Role-based access control

• Flow-based user experience

• Command level authorization with detailed logs for auditing

• Dedicated TACACS+ workcenter for network administrators

• Support for core ACS5 features

Capabilities

TACACS+ Device Administration

Benefits

What’s new for ISE?

Customers can now use Terminal

Access Controller Access Control

System Plus (TACACS+) with ISE to

simplify device administration and

enhance security through flexible,

granular control of access to network

devices.

Simplified, centralized device

administration

Increase security, compliancy,

auditing for a full range of

administration use cases

Flexible, granular control

Control and audit the

configuration of network devices

Security Admin Team

TACACS+

Work Center

Network Admin Team

TACACS+

Work Center

Holistic, centralized visibility

Get a comprehensive view

of TACACS+ configurations with

the TACACS+ administrator work

center

PSOSEC-2009

Control All Access

9


ISE now includes all of the core device

administration capabilities found in

ACS, delivering contextual awareness

and device administration capabilities

in a single, central solution.

Unify device administration and access controlEnhanced device administration support

• Migration tool automatically migrates ACS

configuration data to ISE

• Support for core ACS5 features and dedicated device

administration Work Center supporting TACACS+

• Command-level authorization with detailed logs

for auditing

• Dynamic, role-based access control

• Discover, identify & monitor all IP-enabled endpoints

Capabilities

Manage device administration and access control policies in a single place

Benefits


Richer contextual policies

Build policies informed by

contextual data from devices,

infrastructure, and services

Flexible, granular control

Control and audit network device

configuration

Unified, centralized management

Get a full view of all policy

elements in a single management

console

Cisco ISE

Threat &

Vulnerability

Who

WhatWhen

How

Where

Devic

e a

dm

inis

trati

on

ACS

ISE

Co

nte

xt

Aw

are

ne

ss

Security

Admin Team

TACACS+

Work Center

Network

Admin Team

TACACS+

Work Center

Control All Access

10


ISE is best for guest

1 million

# of supported

Guest accounts Guest account notification options

API

Portal language

customizationManage guest

accounts via REST

EMAIL PRINT SMS

Hotspot Self Sponsored Sponsored Guest Access

Immediate, un-credentialed

Internet access

Self-registration by guests,

Sponsors may approve access

Authorized sponsors create

account and share credentials

The 3 types of guest access

Control All Access

PSOSEC-2009 11


Guest Services – Wireless Guest Setup

Control All Access

Complete Cisco ISE Wireless Guest Setup

Closest Competitor Guest Setup

Total Number of Steps: 13

Average Number of Mouse Clicks: 25

Ease of Use Rating:

Total Number of Steps: 13

Average Number of Mouse Clicks: 94

Ease of Use Rating:

PSOSEC-2009 12


Cisco ISE Express License BundleEnterprise Guest Made Simple

Now Available: Entry-Level Bundle for the Market-Leading Cisco ISE

The Offer: One (1) ISE VM (5,000 Active Licensed Endpoints) with ISE Base Licenses for 150 Endpoints* for Single Site Deployment (Non-Distributed, No High-Availability)

The Features: Guest, RADIUS/AAA, Unlimited Custom Portals with ISE Portal Builder; Easy Installation Guide

Learn More: www.cisco.com/go/iseexpress

*SKU upgrade available so the VM can be

used for up to 10,000 endpoints and in high

availability and distribution.

Control All Access

PSOSEC-2009 13

http://www.cisco.com/go/iseexpress


Secure Access SimplifiedEasy Connect

Benefits


Easy Connect is a quick, flexible user

authentication method that applies

when endpoints don’t support 802.1x.

Easy Connect monitors user login via

Active Directory and maps the user’s

identity to give access.

Capabilities

• Active-session monitoring across

both AD and Network log-ins

• Session maintenance from Wired

MAB clients to NADs

• Directory notification publication via

pxGrid

• Address legacy and unsupported

NADs with TrustSec

• Assignment of VLANs, dACLs, SGTs

and more for users authorized via

Easy Connect

Easy Connect merges RADIUS identity with AD

Login identity to deliver differentiated access

Most securewith integrated 802.1x,

supplicants

and certificates

Basic with whitelisting

Access

Security

Better and flexiblewith ISE Easy Connect

Complexity

Identity

mapping

Active Directory

(AD) Login

Publish

to pxGrid

SXP

speaker

Access Security

Complexity

Access

Security Complexity

Easy Connect, a secure alternative to whitelisting Increased visibility

into active network sessions

authenticated against AD

Immediate value

with no need to touch each

endpoint or require users to

authenticate again

Flexible deployment

that doesn’t require a supplicant

or PKI, allowing ISE to issue

COA for added security

Publish

to pxGrid

MnTNetwork

Access Device

w/o 802.1x

Control All Access

14


Get the same great security across more devicesWith non-Cisco device integration

Customers can now deploy ISE

services such as Profiling, Posture,

Guest and BYOD on Network Access

Devices (NADs) manufactured by non-

Cisco vendors.

Benefits


Protect consistently

Deploy ISE across network

devices, including non-Cisco

NADs

Simplify administration

Leverage pre-configured profile

templates for automatically

configuring non-Cisco

NAD access

Maximize value

Realize additional value from

your existing infrastructure

Compatible device vendors*

Aruba Wireless HP Wireless

Motorola Wireless Brocade Wired

HP Wired Ruckus Wireless

• Templatized MAB configuration for select

non-Cisco vendor devices

• CoA and URL re-direction to work with ISE

• Non-Cisco NADs enabled to drive regular

802.1x operations

Capabilities

ISE services now available for non-Cisco network access devices

ISE 1.0 802.1x

New Use

Cases

Profiling

Posture

Guest

BYOD

*For additional information, refer to the Cisco Compatibility Matrix

2.0

2.1

Control All Access

PSOSEC-2009 15

http://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/trustsec_matrix.html


Enable an easier and faster device onboarding

• Full onboarding solution that does not require IT work

• Flexible solution supporting single and multiple SSID deployments

• Built in Certificate authority and portal to simplify certificate deployments. Also integrates with PKI Infrastructure

• End User “Mydevices” Portal for personal device administration

• Supports integration with most MDM solutions including Cisco Meraki, MobileIron, Citrix, JAMF Software and

many more

Capabilities

Bring Your own Device (BYOD)

Effectively design, manage and control the access of BYOD

User tries to connect to

the network using a

personal device

ISE identifies the user as an

employee using a personal

device and directs the user

to BYOD device registration

After successful Authentication

ISE on boards the device by

installing a certificate and

applying the right policy

Now that the device has

been registered the user

is allowed access to the

network

New! Chromebook Support

• Controlled through Google Admin Console

• ISE installs EAP-TLS client certificate

• Single/Duel SSID• Chrome OS 37+

Control All Access

PSOSEC-2009 16


Enhance control with location-based authorization With the integration of Cisco Mobility Services Engine (MSE)

Control All Access

Location-based authorization

Admin defines location

hierarchy and grants users

specific access rights

based on their location.

Benefits


The integration of Cisco Mobility

Services Engine (MSE) adds the

physical location of a user and/or

endpoint to the context by which

access is authorized.

Enhanced policy enforcement

with automated location check

and reauthorization

Simplified management

by configuring authorization with

ISE management tools

Granular control

of network access with

location-based authorization for

individual users

Capabilities

• Enables configuration of location hierarchy across all location entities

• Applies MSE location attributes into access request to be used in authorization policy

• Checks MSE periodically for location changes

• Reauthorizes access based on new location

LobbyPatient

roomLab ER

Doctor

No access

to patient

data

Access to

patient

data

No access

to patient

data

Access to

patient

data

Patient

dataPatient data

access locations

Patient

room

ER

Lab

Lobby

PSOSEC-2009 17


TrustSec

Existing infrastructure

Compliance

adherence

Simplified

policy

management

Rapid

threat

containment

Data Center/

Branch/

Campus

segmentation

BYOD/

Mobility

access

control

Instant

Turn on TrustSec functionality already

embedded in your existing network

infrastructure

Adaptable

Use TrustSec’s policy enforcement

capabilities across a number of different

scenarios

Scalable

Start small and grow at your own pace,

extending into different use cases as your

business demands

Managing

IoT

proliferation

ASA

firewalls

Nexus and

Catalyst switchesIntegrated

Service Routers

Identity Services

EngineWireless

LAN

VPN

appliances

TrustSec Overview

Control All Access

PSOSEC-2009 18


Integration of TrustSec and ACI policy

groups enables customers to address

breach, segmentation and compliance

challenges by sharing policy groups

between TrustSec-enabled networks

and ACI data centers.

Enable consistent security policy across the enterpriseTrustSec - ACI policy plane integration

Consistent security policy groups can be shared between TrustSec and ACI domains:

• Campus security groups can be used in ACI policies: ACI learns TrustSec Security Group Tags (SGTs), and

these SGTs are available for use by the APIC policy

• Endpoint groups (EPGs) can be used in campus policies: ISE retrieves EPGs and creates SGTs in harmony

Capabilities

Policy integration example – Campus and Data Center

Benefits


Unified security policyleveraging user, device, application &

threat state in group-based policies

Simplified security managementComplementary group-based policy

approaches simplify security design,

operations and compliance

Consistent segmentationacross the datacenter, branches,

users and devices

Campus / BranchTrustSec Policy Domain

Voice BYODAuditorEmployeeNon-

Compliant

Campus

Networks

Branch WAN

APICData CenterACI Policy DomainTrustSec SGTs mapped to and from ACI EPGs

ACI FabricTrustSec domain

AppWeb

www

Database

Point of

Sale

Control All Access

19PSOSEC-2009


Make policy changes in a flexible mannerTrustSec change management and workflow capabilities

• Modify SGACLs using a Staging Matrix and test them

before pushing to production

• View changes in comparison to the production matrix

• Leverage seamless integration with ISE RBAC

• Choose to apply changes to all TrustSec-enabled

network devices or only to selected devices

• Request and gain approval on policy changes using a

new workflow

Capabilities

Stage and test policy changes to verify impact, and roll out on your terms

Benefits


New change management capabilities

enable you to test TrustSec security

policy changes before deployment,

and gradually deploy changes to

different parts of the network.

Reduced risk

Minimize the likelihood of

changes causing problems

Greater control

See impact of policy adjustments

in a controlled environment and

fine-tune them before deployment

Increased flexibility

Roll out policies when you want,

where you want

Control All Access

HR FinanceBYOD-

Corp

BYOD-

Vendor

HR PERMIT DENY PERMIT PERMIT

Finance DENY PERMIT PERMIT PERMIT

BYOD-

CorpDENY DENY PERMIT DENY

BYOD-

VendorDENY DENY DENY PERMIT

Sourc

e

Protected Assets

Stage policy changes Deploy changes in production

to all devices or a selected sub-set

HR FinanceBYOD-

Corp

BYOD-

Vendor

HR DENY PERMIT PERMIT PERMIT

Finance DENY DENY PERMIT DENY

BYOD-

CorpPERMIT PERMIT DENY PERMIT

BYOD-

VendorDENY DENY PERMIT DENY

Sourc

e

Protected Assets

X X

Test and

fine-tune

20PSOSEC-2009




and device details

Control all access


from one place

Share Consume

• pxGrid • Customizations

• New Work Centers

See

• Streamlined

Visibility Wizard

• Context Visibility

• Medical NAC

See and Share

PSOSEC-2009 21


Cisco ISE Visibility

See and Share

?

And you can’t protect what you don’t see

?

of surveyed organizations are

not “fully aware” of the devices

accessing their network90%

of companies say their mobile

devices were targeted by

malware in the last 12 months75%

?

PSOSEC-2009 22


• Deploy quickly and easily; network access device

discovery is set up as an asynchronous process

• Get the data you need for network access device

configuration in a few clicks

• View network devices and user details in a

convenient, easily-consumable interface

• Access historical context data on endpoints that have

been on the network in prior weeks and months

Capabilities

Benefits


ISE 2.1 delivers a new level of visibility

into users & endpoints by making data

more consumable. It includes a

redesigned user interface (UI) that

enables you to get set up and gain

insights faster and more easily.

Improve visibility through an intuitive interfaceStreamlined Visibility Wizard

Faster time to value

with extensive, easy-to-read

reports in a matter of hours

Insightful reporting

That pulls from a rich, broad set

of network and user data

Plug-and-play setup

that takes just a few clicks and

as little as 10 minutes

User

Location

User

Location

Company Network

?

?

? ???

?

??

??

?

Visibility Wizard

See and Share

23PSOSEC-2009


Gain a deeper understanding of endpoint activityContext Visibility

• Store data on 1.5M endpoints across 50 attributes,

not just endpoints that are currently active

• Benefit from in-disk storage (elastic search)

• Get insight more easily through a better UI

• Perform forensic analysis on endpoints on the

network in a previous week or month

• Import/export data as needed

• Aggregate endpoint information in one place

Capabilities

Benefits


The ability to aggregate, store and

search high volumes of endpoint data,

giving you greater visibility. ISE 2.1

collects data from multiple sources into

one place, and its enhanced database

stores more historical data than ever.

Unified view

Access all of the endpoint data

you need from one place

Simple, fast discovery

Get to the information you’re

looking for in a few seconds

Deeper visibility

Perform detailed, retroactive

forensic analysis after an

endpoint has left the network

LogsSys logsReports

II00 I0I0 0I

John on his iPad in Building

8 has Vulnerability <XYZ>

See and Share

24PSOSEC-2009

Five Minute Visibility Demo


Introducing Medical NAC

Cisco Medical NAC protects your organization by increasing your network

visibility by finding both clinical and non-clinical devices attached to the network,

fingerprinting those devices based on the built-in device profile libraries, and

automating device classification for better policy management.

Increased visibility Over 250 medical device fingerprints are built-into ISE profile

Open API enables endpoint information sharing with other 3rd vendor products including SIEM

products, Vulnerability Assessment products, and others

Improved policy management Endpoint posture validation ensures antivirus software and firewalls are up-to-date

Strong role-based network & resource access control restricts unauthorized access to both

sensitive data as well as critical medical networked medical devices

Integration with individual network components including network switches, routers, and

firewall, making sure that all the security measurements and policies are in sync and resources are

segmented

Better experience Superior BYOD experience to enable physicians and staff to work on their own devices

Total guest access management for both patients and visitors on their mobile devices, while

protecting critical data and equipment from unwanted access by compromised devices.

See and Share

26PSOSEC-2009


Leverage our growing partner ecosystemIntegration with new ecosystem solutions across many use cases

Threat-Centric NAC Cloud Access Security Broker User Behavior Analytics

Partner use cases

Identity Access Management Network Visibility Mobile Device Management

Rapid Threat Containment & Threat Defense

Benefits


Integration with new ecosystem

partner solutions through the pxGrid

framework, and expansion of existing

partnerships to new use cases.

Improved responsiveness & control

Unify security and network event

data and respond faster by

facilitating access to the Cisco

network

Greater visibility

Gain visibility into user and device

activity, threats, vulnerabilities, and

more for deeper analytics & reports

Simplified management

Manage policy in a single place by

integrating ISE with other vendor

solutions

See and Share

SIEM EMM/MDM UBAVulnerability

Assessment

Threat

DefenseIoT IAM/SSO PCAP

Network

VisibilityCASB

Performance

Management27PSOSEC-2009


Get the information YOU need faster than everDashboard customization and workflow enhancements

• Build custom dashboards; user controls what to view

• Add/remove/rename tabs and dashboard

components (“dashlets”)

• Adjust layout – re-order dashlets, select from

layout templates, and drag and drop dashlets

• Export to Excel and PDF

• Use new task-oriented Work Centers focused on

BYOD, Posture, and Profiling

Capabilities

Benefits


Enhanced reporting and easier

customization using dashlets to quickly

adjust and create views that fit your

specific needs. New task-oriented

workcenters for guest, BYOD, posture,

profiling, and network access.

See the details that matter to you

Easily create your own single

pane of glass for quick insights

Integrate with existing analytics

Connect with your Office

analytics through Excel exports

Get things done more easily

Use new Work Centers to

accelerate core activities

Each individual can customize the

main screen easily and quickly

Three new Work Centers streamline management activities

Director of Security

NOC EngineerSecurity Engineer

Dashboard Customization New Work Centers

See and Share

28PSOSEC-2009




and device details

Control all access


from one place

Rapid Threat Containment

Stop and Contain

29PSOSEC-2009


Use the latest rapid threat containment (RTC) capabilitiesFeaturing Firepower Management Center (FMC) and Identity Service Engine (ISE) integration

• Integrated pxGrid remediation module - no more

pxGrid connection agent

• Session information obtained from ISE via pxGrid

• SGTs can be used in FMC access control policies

• Ability to integrate with AMP for malware protection

• Remediation options: Quarantine, Unquarantine, Port

Shutdown

• Quarantine actions triggered per policy with Cisco

Firepower and ISE integration

• Infected users can be notified and directed to a portal

for remediation

Capabilities

Benefits


Cisco Firepower Management Center

integrates with ISE, helping you

automatically address suspicious

activity on your network based on pre-

defined policies and dynamically stop

threats before they spread.

Automate threat defense

by leveraging ISE to alert the

network of suspicious activity

according to policy

Gain greater scalability

by using the pxGrid framework

Leverage a growing ecosystem

of partners that provide rapid

threat containment by integrating

with ISE

Stop and Contain

Automatically defend against threats with FMC and ISE

FMC correlates

sensor data,

detects file and

alerts ISE to

change access

policy to

suspicious

Device is

contained; user is

redirected to

remediation portal

User downloads a

malicious file;

sensors scan user

activity and file

Network access is

restored after

remediation

ISE automatically

restricts access

based on new

policy

Improved

scalability

pxGrid

controller

30PSOSEC-2009


Gain greater visibility and control

Threat-centric NAC

• Author intelligent policies informed with new threat

and vulnerability data

• Eliminate unknowns and ensure device compliance

• Take immediate action on high-priority issues

• Gain awareness when a vulnerability score changes

or a threat is detected, and adjust network privileges

• Automate containment of vulnerable endpoints

based on vulnerability score

Capabilities

Benefits


ISE now incorporates vulnerability

assessments from Qualys and threat

incident intelligence from Talos and

AMP, helping you ensure your policies

account for the latest vulnerabilities

and threats.

Deeper visibility

that extends to all endpoints on

the network

Expanded control

driven by threat intelligence and

vulnerability assessment data

Faster response

with automated, real-time policy

updates based on vulnerability

data

Rapid Threat Containment now offering Threat-centric NAC

Stop and Contain

Compliant

Where

How

VulnerabilityThreat

Who

What

When

Cisco ISE

AMP

31PSOSEC-2009

Rapid Threat Containment Demo

Where are we going


Managing policy based on ‘Trust’Connecting Trusted Devices to Trusted Services

✕ ✕ ✓ ✓ ✕ ✕

✕ ✓ ✓ ✓ ✓ ✕

✓ ✕ ✓ ✓ ✓ ✓Trusted Asset

Trusted User

Partners

Tru

ste

d U

se

r

Pa

rtn

ers

Clo

ud

Ap

p A

Clo

ud

Ap

p B

Se

rve

r A

Se

rve

r B

Cloud

On Prem

Tru

ste

d A

pp /

Se

rvic

es

No

n-T

ruste

d A

pp /

Se

rvic

es

Improved Visibility and DecisionSoftware-Defined Segmentation,

Service Access & Entitlement

Location-Free App/Service

Access

Vulnerability

Threats

Posture

Behavior

Time

Location

User-Groups Device-type

CISCO IDENTITY SERVICES ENGINE

34


Let’s Get Started

Visit cisco.com/go/ise or connect with

us at cisco.com/go/ise-community

PSOSEC-2009 35

http://www.cisco.com/go/ise

https://communities.cisco.com/community/technology/security/pa/ise


Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.

36PSOSEC-2009

CiscoLive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/us

http://ciscolive.com/us


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions

37PSOSEC-2009


More Ways to Learn about ISE at Cisco Live!Topic When Where Session ID Speaker

Deploying TrustSec Security Group Tagging Tuesday, July 12 - 1:30 pmIslander I, Lower

Level

BRKSEC

2203

Kevin Regan

Mobile Devices and BYOD Security -

Deployment and Best PracticesTuesday, Jul 12, 4:00 p.m.

Mandalay Bay E,

Level 2

BRKSEC-

2045

Sylvain Levesque

Choice of Segmentation and Group-based

Policies for Enterprise NetworksThursday, July 14 - 8:00 am South Seas C

BRKCRS

2893

Hariprasad Holla

Building an Enterprise Access Control

Architecture using ISE and TrustSecWednesday, July 13 - 8:00 am Oceanside D

BRKSEC

2695

Imran Bashir

Advanced ISE Services, Tips & Tricks Wednesday, July 13 - 8:00 am

Thursday, July 14 - 8:00 amSouth Pacific I

South Seas I

BRKSEC

3697

Aaron Woland

Advanced Security Groups Tags:

The Detailed Walk Through

Wednesday, July 13 - 1:30 pmSouth Pacific I

BRKSEC

3690

Darrin Miller

Building Network Security Policy:

Through Data IntelligenceThursday, July 14 - 1:00 pm South Pacific B

BRKSEC

2026

Darrin Miller

Designing ISE for Scale & High Availability Thursday, July 14 - 8:00 amMandalay Bay

A, Level 2

BRKSEC

3699

Craig Hyps

Cisco IT's Assured Network Access: (ISE)

Deployment and Best Practices Thursday, July 14 - 10:30 am

Mandalay Bay

D, Level 2

BRKCOC-

2015

Bassem Khalife

38PSOSEC-2009

Thank you


Resources

ISE Public Community http://cs.co/ise-community

ISE Partner Community http://cs.co/selling-ise

ISE Compatibility Guides http://cs.co/ise-compatibility

ISE Design Guides http://cs.co/ise-guides

ISE Proof of Value (PoV) http://cs.co/ise-pov

ISE Champions [Internal] http://cs.co/ise-champions

PSOSEC-2009


Public ISE Community@ http://cs.co/ise-community

http://cs.co/ise-community


Selling ISE @ http://cs.co/selling-ise

http://cs.co/selling-ise


ISE Compatibility Guides@ http://cs.co/ise-compatibility

√ — Fully supported

X — Not supported

! — Limited support, some functionalities not supported

http://cs.co/ise-compatibility


ISE Design Guides @ http://cs.co/ise-guides

http://cs.co/ise-guides


ISE Champions @ http://cs.co/ise-champions

http://cs.co/ise-champions

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 46

Security Joins the Customer Connection ProgramVirtual Customer User Group Program

19,000+

Members

Strong• Who can join: Cisco customers, service

providers, solution partners and training partners

• Private online community to connect with peers & Cisco’s Security product teams

• Monthly technical & roadmap briefings via WebEx

• Opportunities to influence product direction

• Local in-person meet ups starting Fall 2016

• New member thank you gift* & badge ribbon when you join in the Cisco Security booth

• Other CCP tracks: Collaboration & Enterprise Networks

Join in World of Solutions

Security zone Customer Connection stand

Learn about CCP and Join

New member thank-you gift*

Customer Connection Member badge ribbon

Join Online

www.cisco.com/go/ccp

Come to Security zone to get your new member gift*

and ribbon

* While supplies last

PSOSEC-2009

http://www.cisco.com/go/ccp


Security Cisco Education OfferingsCourse Description Cisco Certification

CCIE Security Expert Level certification in Security, for comprehensive understanding of security

architectures, technologies, controls, systems, and risks.

CCIE® Security

Implementing Cisco Edge Network Security Solutions

(SENSS)

Implementing Cisco Threat Control Solutions (SITCS)

Implementing Cisco Secure Access Solutions (SISAS)

Implementing Cisco Secure Mobility Solutions

(SIMOS)

Configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco

Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls

Deploy Cisco’s Next Generation Firewall (NGFW) as well as Web Security, Email

Security and Cloud Web Security

Deploy Cisco’s Identity Services Engine and 802.1X secure network access

Protect data traversing a public or shared infrastructure such as the Internet by

implementing and maintaining Cisco VPN solutions

CCNP® Security

Implementing Cisco Network Security (IINS 3.0) Focuses on the design, implementation, and monitoring of a comprehensive

security policy, using Cisco IOS security features

CCNA® Security

Securing Cisco Networks with Threat Detection and

Analysis (SCYBER)

Designed for security analysts who work in a Security Operations Center, the

course covers essential areas of security operations competency, including event

monitoring, security event/alarm/traffic analysis (detection), and incident response

Cisco Cybersecurity Specialist

Network Security Product Training For official product training on Cisco’s latest security products, including Adaptive

Security Appliances, NGIPS, Advanced Malware Protection, Identity Services

Engine, Email and Web Security Appliances.

For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact [email protected]

48PSOSEC-2009

http://www.cisco.com/go/securitytraining

http://learningnetwork.cisco.com/

mailto:[email protected]

cisco identity services engine see it all, secure it...

Documents