We’ve spoken before about the merits of Cisco’s Identity Services Engine (ISE) platform. As the market-leading, next-generation secure Network Access Control (NAC) solution, Cisco ISE provides the visibility and control that you need to safeguard your networks.
More specifically, Cisco ISE’s software-defined platform:
- Detects and defends against threats
- Delivers actionable threat and mitigation data
- Provides granular user and device access and authentication control
- Enables tiered authentication and access levels on corporate and guest wireless accounts
From one intuitive hub, your IT team has critical authentication, access, usage, and threat-detection control—from east to west across your environments. One of Cisco ISE’s greatest strengths is that it integrates seamlessly with other security and data-driven technologies, both third-party and Cisco-specific, to extend the technology’s reach and effectiveness.
One such powerhouse integration is Cisco ISE + Cisco DNA.
What is Cisco Digital Network Architecture (DNA)?
“Intent-based networking is the difference between a network that needs continuous attention and one that simply understands what your organization needs and makes it happen.”
Intent-based networking enables automation across your systems—removing the time-sink of repeated, manual tasks and giving your IT teams the opportunity to fundamentally transform how you construct and run your networks.
In the same way, Cisco DNA relies on intent-based networking to provide IT teams with automation and assurance capabilities across their local, WAN, and branch networks. Providing active insight for management purposes, Cisco DNA is an open, software-driven architecture that streamlines IT ops through:
- Centralized management design for broad-scale configuration management
- Enhanced application experiences (with APIs, adapters, and SDKs)
- Automated discovery and provisioning of new devices
- Faster threat detection (with end-to-end network segmentation and enforcement of security policies)
- Accelerated troubleshooting and predictive performance metrics
Cisco DNA runs off a software-defined networking (SND) controller and collects data from various sources, including your applications, users, and connected devices. From there, Cisco DNA network security leverages deep learning algorithms to provide contextual analytics and advanced remediation insights for detected threats or system degradations.
Cisco ISE Applies the Insights Created by Cisco DNA at the Edge
Cisco DNA Center integrates with Cisco ISE to create a trusted communications link for the two platforms to share data collaboratively about activity on your systems. More specifically, ISE + DNA create a software-defined access (SDA) fabric (ultimately removing the need for Layer2 and Spanning Tree) for your localized networks that provisions and delivers SGT tags and customized permissions to users.
Cisco DNA generates configurations and defines Security Group Tags (SGTs) and related rules; Cisco ISE applies those SGT tags programmatically. Consequently, any device or user that Cisco DNA network security discovers will immediately be known to ISE (including any subsequent changes to IP address, SNMP or CLI credentials, etc.).
When a user connects—either hard-wired or wirelessly—DNA alerts ISE to its existence. ISE then automatically determines the user’s identity by querying the user and then searching the Active Directory while DNA provides the corresponding SGT tag to permit access and authorization. Most importantly, if you have an unauthorized or compromised user online, ISE lets you remove access permission and essentially “kick them out” by revoking their SGT tag.
Insight and Action
It’s not enough to know what’s out there; you have to have the remote authority and policy control to grant access or revoke it as needed. Cisco ISE + DNA provides the SDA fabric you need to make it happen.