Identity and Access Management –Securing Endpoints
Identity and Access Management –Securing Endpoints

Identity and Access Management or IAM is essential to defining roles and privileges to users and devices on an enterprise network. Monitoring and logging the access life-cycle of a customer or employees is critical to securing a system. Many software or appliances are available to perform these functions. Having these functions in your security plan will ensure that you remain in compliance and protect sensitive user data.

Cisco Identity Service Engine (ISE)

Cisco has pioneered technology that offers network security of all endpoints on a network. Cisco has developed the Identity service engine, otherwise known as ISE, as a next-generation identity and access control platform. Using challenges, certificates, and roles, ISE can authenticate a mobile device connecting remotely or a wired computer in an office, this is especially important with Bring your own device (BYOD) policies. By combining protocols such as RADIUS, TACACS+, 802.1x, and PKI, ISE will provide a network manager with a comprehensive dashboard of connected devices.

ISE can segment a network and show the different endpoint types, like VoIP phones, VPN mobile computers, wired systems, wireless, and even give a model description or location. ISE takes over the authentication, authorization, and accounting (AAA)server’s roles and enforces policy on every interface on a network. Using 802.1x protocols to authenticate systems with client certificates, ISE can determine if a endpoint is allowed to connect to a corporate network and establish user identity and access history.

With all this technology in one platform, a security administrator can see in real time every device connected on the network on a dashboard display. Additionally, managing segmented virtual LAN (VLAN) is much more simplified. Clients that authenticate will be given access to only the part of the network that it needs. Security groups and roles can be created based on the device or user if a device is not meeting policy, such as security vulnerability scans, the device can be quarantined until vulnerabilities are remediated.

Why do you need Identity and Access Management (IAM)?

Using tools to streamline and centralize access control is critical to defining your network’s boundaries and understanding where threats are coming from. Enforcing policy will ensure compliance with federal regulations. As more employees and users are demanding mobile technologies and freedom to work from anywhere, identity and access management control on your endpoints is the only way to confront the challenges associated with this trend. ISE is just one example of many access control platforms that can be used to administer this aspect of cyber security.

Share this content:
Related posts: