Delivering Control with Context Across the Extended Network

Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Agenda

Current Challenges

Cisco ISE Overview

Introducing Cisco pxGrid

Customer Success Stories

33%

of Global Companies have already experienced a breach

The pain of managing, on average,

over 45

different security vendors in a network

What Keeps CIOs/CISOs Up at Night?

$300K

= Average Cost of a Single, Successful Cyberattack

66%

of Organizations fail to identify breaches for months or YEARS

Over 660 Million

personal records stolen from over 4,100 data

breaches since 2005

37%

of IT Leaders plan to implement a mobile strategy

Over 15 Billion

Connected Devices by 2015 (4.4 per person!)

Security is the Top of Mind Concern for CIOs/

CISOs

Cisco Confidential 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Network Threats Are Getting Smarter

1990

1995

2000

2005

2010

2015

2020

Phishing, Low

Sophistication

Hacking Becomes

an Industry

Sophisticated

Attacks, Complex

Landscape

Viruses

1990–2000

Worms

2000–2005

Spyware and Rootkits

2005–Today

APTs Cyberware

Cisco Confidential 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

More Connected Devices Expand Threat Surface

2003

2007

2012

2014+

IT Procured

Managed Endpoints

Guest Access

Simple Guest Access

Enterprise

Mobility

Procured & BYOD Mobile

Device Use

Internet

of Everything

Explosion of Network Enabled

Devices

Grow

ing Ev

olvin

g Ne

ed fo

r Sec

ure A

cces

s an

d Th

reat

Defe

nse

Enterprises Say Malware Targeted

Mobile Devices in the Last 12 Months

1

Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

The Resulting Challenges for Enterprise IT

Breakdown of

Traditional Network

Perimeters

Difficult Balance

Between Security &

Productivity

Increased Complexity

When Securing

Enterprise Networks

Bottom Line: What’s Missing Today?

Enterprises require even greater

visibility, context, and control

to

secure and control an increasing number of devices on their networks.

Capability to connect disparate network and security

solutions to more rapidly take action against threats

Rich, contextual information to grant the right people &

devices, the right levels of access to the network

Greater Visibility to accurately identify, rapidly onboard,

and secure connected devices across wired, wireless or

Cisco Confidential 8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Agenda

Current Challenges

Cisco ISE Overview

Introducing Cisco pxGrid

Customer Success Stories

Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Cisco Identity Services Engine (ISE)

Delivering Visibility, Context, and Control to Secure Network Access

NETWORK / USER

CONTEXT

How

What

Who

Where

When

DEVICE PROFILING

FEED SERVICE

REDUCE NETWORK UNKNOWNS AND APPLY THE RIGHT LEVEL OF

SECURE ACCESS CONSISTENTLY ACROSS WIRED, WIRELESS and VPN

Secure

Access

BYOD and

Enterprise

Mobility

Guest

Access

Why Cisco ISE?

Visibility Driven

–

Accurately Identify

and Assess Network Users & Devices

Access Control

–

Grant/Limit access

to align with appropriate business

policy

Context Focused

–

Use dynamic

contextual data to accelerate the

identification, mitigation, and remediation

across extended networks

Cisco ISE is the Market-Leading Security Policy Management Platform that

Unifies and Automates Secure Access Control Across Wired, Wireless, and VPN.

The Different Ways Customers Use ISE

Guest Access Management

Easily provide visitors secure guest Internet access

BYOD and Enterprise Mobility

Seamlessly identify & securely onboard devices with the right levels of access

Secure Access across the Entire Network

Streamline enterprise network access policy over wired, wireless, & VPN

Software-Defined Segmentation with Cisco TrustSec®

Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

The Past

ISE 1.3

End User Visibility

ISE updates the portal workflow

in real-time with each change.

Admin Friendly

Set up a Guest or BYOD

workflow in just a few clicks.

Cisco Confidential 14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Simplifying Guest Access for the Enterprise

Corporate Branding and Themes

Mobile Guest Sponsorship

Streamlined Guest Creation

Design Easily in Minutes, Deploy Securely in Just Hours

Your credentials username: trex42 password: littlearms Create Accounts

Print Email SMS

Guest Access Notification via SMS

Desktop

& Mobile

Cisco Confidential 15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Supports

1M Registered

Endpoints and

250K ACTIVE, Concurrent

Endpoints

Streamlining BYOD and Enterprise Mobility

Reducing the Complexity of Managing BYOD and Device Onboarding

Integrated Native Certificate Authority for Devices

Customizable Branded Experiences

Easy User Onboarding with Self-Service Device Portals

Improved Device Recognition

Desktop

& Mobile

Ready!

Dynamic Control with Rich Contextual Profiling

Simple Identity Simply Isn’t Helpful Enough Anymore

POOR context awareness à “Simple Identity”

-

Who are you?

à IP Address 192.168.1.51

RESULT: Any user, Any device, Anywhere gets on the

network

EXTENSIVE context awareness à

“RICHER Identity”

RESULT: The Right user, on Right device, from the Right

place is granted the

RIGHT ACCESS

Who? à

Bob

Where? à

Building 200, 1

st

_Floor

Cisco Confidential 17 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Increase Device Visibility with Profile Feed Service

Reduce Unknown Devices on Networks by 74%, on Average

*

DEVICE PROFILING

FEED SERVICE

IoT

Security

Camera

VoIP Office

Phone

Corporate

Managed

Tablet

Get New, Vetted Device Profiles

from Cisco & the Community

More Accurately Profiled Devices;

Cisco Confidential 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Enterprise Mobility Management Integrations

Enforce True Device Compliance for All Mobile Devices

Sees

ALL

devices on the network

Requires devices to comply with EMM policy

Provides guest access to non-EMM devices

Sees unregistered devices on the network?

Forces EMM Policy Compliance?

Keeps noncompliant devices off network?

ISE + EMM

Together

EMM

Secures Actual Device

Secures Network Access

Cisco ISE

Secure Access with Cisco ISE and TrustSec

Confidential

Patient Records

Internal Employee

Intranet

Internet

ü  Acquires Important Context & Identity from the Network

ü  Monitors & Provides Visibility into Unauthorized Access

ü  ISE provides Differentiated Access to the network; TrustSec

provides Segmentation throughout the network

Who: Guest

What: iPad

Where: Office

Who: Doctor

What: Laptop

Where: Office

Who: Doctor

What: iPad

Where: Office

Cisco Confidential 20 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

access-list 102 permit udp 126.183.90.85 0.0.0.255 eq 3256 114.53.254.245 255.255.255.255 lt 1780 access-list 102 deny icmp 203.36.110.37 255.255.255.255 lt 999 229.216.9.232 0.0.0.127 gt 3611 access-list 102 permit tcp 131.249.33.123 0.0.0.127 lt 4765 71.219.207.89 0.255.255.255 eq 606 access-list 102 deny tcp 112.174.162.193 0.255.255.255 gt 368 4.151.192.136 0.0.0.255 gt 4005 access-list 102 permit ip 189.71.213.162 0.0.0.127 gt 2282 74.67.181.47 0.0.0.127 eq 199 access-list 102 deny udp 130.237.66.56 255.255.255.255 lt 3943 141.68.48.108 0.0.0.255 gt 3782 access-list 102 deny ip 193.250.210.122 0.0.1.255 lt 2297 130.113.139.130 0.255.255.255 gt 526 access-list 102 permit ip 178.97.113.59 255.255.255.255 gt 178 111.184.163.103 255.255.255.255 gt 959 access-list 102 deny ip 164.149.136.73 0.0.0.127 gt 1624 163.41.181.145 0.0.0.255 eq 810

access-list 102 permit icmp 207.221.157.104 0.0.0.255 eq 1979 99.78.135.112 0.255.255.255 gt 3231 access-list 102 permit tcp 100.126.4.49 0.255.255.255 lt 1449 28.237.88.171 0.0.0.127 lt 3679 access-list 102 deny icmp 157.219.157.249 255.255.255.255 gt 1354 60.126.167.112 0.0.31.255 gt 1025 access-list 102 deny icmp 76.176.66.41 0.255.255.255 lt 278 169.48.105.37 0.0.1.255 gt 968 access-list 102 permit ip 8.88.141.113 0.0.0.127 lt 2437 105.145.196.67 0.0.1.255 lt 4167 access-list 102 permit udp 60.242.95.62 0.0.31.255 eq 3181 33.191.71.166 255.255.255.255 lt 2422 access-list 102 permit icmp 186.246.40.245 0.255.255.255 eq 3508 191.139.67.54 0.0.1.255 eq 1479 access-list 102 permit ip 209.111.254.187 0.0.1.255 gt 4640 93.99.173.34 255.255.255.255 gt 28 access-list 102 permit ip 184.232.88.41 0.0.31.255 lt 2247 186.33.104.31 255.255.255.255 lt 4481 access-list 102 deny ip 106.79.247.50 0.0.31.255 gt 1441 96.62.207.209 0.0.0.255 gt 631 access-list 102 permit ip 39.136.60.170 0.0.1.255 eq 4647 96.129.185.116 255.255.255.255 lt 3663 access-list 102 permit tcp 30.175.189.93 0.0.31.255 gt 228 48.33.30.91 0.0.0.255 gt 1388 access-list 102 permit ip 167.100.52.185 0.0.1.255 lt 4379 254.202.200.26 255.255.255.255 gt 4652 access-list 102 permit udp 172.16.184.148 0.255.255.255 gt 4163 124.38.159.247 0.0.0.127 lt 3851 access-list 102 deny icmp 206.107.73.252 0.255.255.255 lt 2465 171.213.183.230 0.0.31.255 gt 1392 access-list 102 permit ip 96.174.38.79 0.255.255.255 eq 1917 1.156.181.180 0.0.31.255 eq 1861 access-list 102 deny icmp 236.123.67.53 0.0.31.255 gt 1181 31.115.75.19 0.0.1.255 gt 2794 access-list 102 deny udp 14.45.208.20 0.0.0.255 lt 419 161.24.159.166 0.0.0.255 lt 2748 access-list 102 permit udp 252.40.175.155 0.0.31.255 lt 4548 87.112.10.20 0.0.1.255 gt 356 access-list 102 deny tcp 124.102.192.59 0.0.0.255 eq 2169 153.233.253.100 0.255.255.255 gt 327 access-list 102 permit icmp 68.14.62.179 255.255.255.255 lt 2985 235.228.242.243 255.255.255.255 lt 2286

access-list 102 deny tcp 91.198.213.34 0.0.0.255 eq 1274 206.136.32.135 0.255.255.255 eq 4191 access-list 102 deny udp 76.150.135.234 255.255.255.255 lt 3573 15.233.106.211 255.255.255.255 eq 3721 access-list 102 permit tcp 126.97.113.32 0.0.1.255 eq 4644 2.216.105.40 0.0.31.255 eq 3716

access-list 102 permit icmp 147.31.93.130 0.0.0.255 gt 968 154.44.194.206 255.255.255.255 eq 4533 access-list 102 deny tcp 154.57.128.91 0.0.0.255 lt 1290 106.233.205.111 0.0.31.255 gt 539 access-list 102 deny ip 9.148.176.48 0.0.1.255 eq 1310 64.61.88.73 0.0.1.255 lt 4570

access-list 102 deny ip 124.236.172.134 255.255.255.255 gt 859 56.81.14.184 255.55.255.255 gt 2754 access-list 102 deny icmp 227.161.68.159 0.0.31.255 lt 3228 78.113.205.236 255.55.255.255 lt 486 access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165 access-list 102 deny udp 32.124.217.1 255.255.255.255 lt 907 11.38.130.82 0.0.31.255 gt 428 access-list 102 permit ip 64.98.77.248 0.0.0.127 eq 639 122.201.132.164 0.0.31.255 gt 1511 access-list 102 deny tcp 247.54.117.116 0.0.0.127 gt 4437 136.68.158.104 0.0.1.255 gt 1945 access-list 102 permit icmp 136.196.101.101 0.0.0.255 lt 2361 90.186.112.213 0.0.31.255 eq 116 access-list 102 deny udp 242.4.189.142 0.0.1.255 eq 1112 19.94.101.166 0.0.0.127 eq 959 access-list 102 deny tcp 82.1.221.1 255.255.255.255 eq 2587 174.222.14.125 0.0.31.255 lt 4993 access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848 access-list 102 deny ip 32.15.78.227 0.0.0.127 eq 1493 72.92.200.157 0.0.0.255 gt 4878

access-list 102 permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216 access-list 102 deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111

access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175 access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462 access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384

access-list 102 permit icmp 136.237.66.158 255.255.255.255 eq 946 119.186.148.222 0.255.255.255 eq 878 access-list 102 permit ip 129.100.41.114 255.255.255.255 gt 3972 47.135.28.103 0.0.0.255 eq 467 access-list 102 permit udp 126.183.90.85 0.0.0.255 eq 3256 114.53.254.245 255.255.255.255 lt 1780 access-list 102 deny icmp 203.36.110.37 255.255.255.255 lt 999 229.216.9.232 0.0.0.127 gt 3611 access-list 102 permit tcp 131.249.33.123 0.0.0.127 lt 4765 71.219.207.89 0.255.255.255 eq 606 access-list 102 deny tcp 112.174.162.193 0.255.255.255 gt 368 4.151.192.136 0.0.0.255 gt 4005 access-list 102 permit ip 189.71.213.162 0.0.0.127 gt 2282 74.67.181.47 0.0.0.127 eq 199 access-list 102 deny udp 130.237.66.56 255.255.255.255 lt 3943 141.68.48.108 0.0.0.255 gt 3782 access-list 102 deny ip 193.250.210.122 0.0.1.255 lt 2297 130.113.139.130 0.255.255.255 gt 526 access-list 102 permit ip 178.97.113.59 255.255.255.255 gt 178 111.184.163.103 255.255.255.255 gt 959 access-list 102 deny ip 164.149.136.73 0.0.0.127 gt 1624 163.41.181.145 0.0.0.255 eq 810

access-list 102 permit icmp 207.221.157.104 0.0.0.255 eq 1979 99.78.135.112 0.255.255.255 gt 3231 access-list 102 permit tcp 100.126.4.49 0.255.255.255 lt 1449 28.237.88.171 0.0.0.127 lt 3679 access-list 102 deny icmp 157.219.157.249 255.255.255.255 gt 1354 60.126.167.112 0.0.31.255 gt 1025 access-list 102 deny icmp 76.176.66.41 0.255.255.255 lt 278 169.48.105.37 0.0.1.255 gt 968 access-list 102 permit ip 8.88.141.113 0.0.0.127 lt 2437 105.145.196.67 0.0.1.255 lt 4167 access-list 102 permit udp 60.242.95.62 0.0.31.255 eq 3181 33.191.71.166 255.255.255.255 lt 2422 access-list 102 permit icmp 186.246.40.245 0.255.255.255 eq 3508 191.139.67.54 0.0.1.255 eq 1479 access-list 102 permit ip 209.111.254.187 0.0.1.255 gt 4640 93.99.173.34 255.255.255.255 gt 28 access-list 102 permit ip 184.232.88.41 0.0.31.255 lt 2247 186.33.104.31 255.255.255.255 lt 4481 access-list 102 deny ip 106.79.247.50 0.0.31.255 gt 1441 96.62.207.209 0.0.0.255 gt 631 access-list 102 permit ip 39.136.60.170 0.0.1.255 eq 4647 96.129.185.116 255.255.255.255 lt 3663 access-list 102 permit tcp 30.175.189.93 0.0.31.255 gt 228 48.33.30.91 0.0.0.255 gt 1388 access-list 102 permit ip 167.100.52.185 0.0.1.255 lt 4379 254.202.200.26 255.255.255.255 gt 4652 access-list 102 permit udp 172.16.184.148 0.255.255.255 gt 4163 124.38.159.247 0.0.0.127 lt 3851 access-list 102 deny icmp 206.107.73.252 0.255.255.255 lt 2465 171.213.183.230 0.0.31.255 gt 1392 access-list 102 permit ip 96.174.38.79 0.255.255.255 eq 1917 1.156.181.180 0.0.31.255 eq 1861 access-list 102 deny icmp 236.123.67.53 0.0.31.255 gt 1181 31.115.75.19 0.0.1.255 gt 2794 access-list 102 deny udp 14.45.208.20 0.0.0.255 lt 419 161.24.159.166 0.0.0.255 lt 2748 access-list 102 permit udp 252.40.175.155 0.0.31.255 lt 4548 87.112.10.20 0.0.1.255 gt 356 access-list 102 deny tcp 124.102.192.59 0.0.0.255 eq 2169 153.233.253.100 0.255.255.255 gt 327 access-list 102 permit icmp 68.14.62.179 255.255.255.255 lt 2985 235.228.242.243 255.255.255.255 lt 2286

access-list 102 deny tcp 91.198.213.34 0.0.0.255 eq 1274 206.136.32.135 0.255.255.255 eq 4191 access-list 102 deny udp 76.150.135.234 255.255.255.255 lt 3573 15.233.106.211 255.255.255.255 eq 3721 access-list 102 permit tcp 126.97.113.32 0.0.1.255 eq 4644 2.216.105.40 0.0.31.255 eq 3716

access-list 102 permit icmp 147.31.93.130 0.0.0.255 gt 968 154.44.194.206 255.255.255.255 eq 4533 access-list 102 deny tcp 154.57.128.91 0.0.0.255 lt 1290 106.233.205.111 0.0.31.255 gt 539 access-list 102 deny ip 9.148.176.48 0.0.1.255 eq 1310 64.61.88.73 0.0.1.255 lt 4570

access-list 102 deny ip 124.236.172.134 255.255.255.255 gt 859 56.81.14.184 255.55.255.255 gt 2754 access-list 102 deny icmp 227.161.68.159 0.0.31.255 lt 3228 78.113.205.236 255.55.255.255 lt 486 access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165 access-list 102 deny udp 32.124.217.1 255.255.255.255 lt 907 11.38.130.82 0.0.31.255 gt 428 access-list 102 permit ip 64.98.77.248 0.0.0.127 eq 639 122.201.132.164 0.0.31.255 gt 1511 access-list 102 deny tcp 247.54.117.116 0.0.0.127 gt 4437 136.68.158.104 0.0.1.255 gt 1945 access-list 102 permit icmp 136.196.101.101 0.0.0.255 lt 2361 90.186.112.213 0.0.31.255 eq 116 access-list 102 deny udp 242.4.189.142 0.0.1.255 eq 1112 19.94.101.166 0.0.0.127 eq 959 access-list 102 deny tcp 82.1.221.1 255.255.255.255 eq 2587 174.222.14.125 0.0.31.255 lt 4993 access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848 access-list 102 deny ip 32.15.78.227 0.0.0.127 eq 1493 72.92.200.157 0.0.0.255 gt 4878

access-list 102 permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216 access-list 102 deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111

access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175 access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462 access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384

access-list 102 permit icmp 136.237.66.158 255.255.255.255 eq 946 119.186.148.222 0.255.255.255 eq 878 access-list 102 permit ip 129.100.41.114 255.255.255.255 gt 3972 47.135.28.103 0.0.0.255 eq 467

Cisco TrustSec Software-Defined Segmentation

Control Access to Resources Based on Business Policies

Traditional Security Policy

Segmentation Policy Enforced Across the Extended Network

Switch

Router

VPN &

Firewall

DC Switch

Controller

Wireless

Simplifies Firewall Rule, ACL, VLAN Management

Prevents Lateral Movement of Potential Threats

Eliminates Costly Network Re-architecture

Cisco Confidential 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Agenda

Current Challenges

Cisco ISE Overview

Introducing Cisco pxGrid

Customer Success Stories

Cisco Confidential 22 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

For security, which is more useful information?

“The compromised device is 192.168.100.123”

- OR -

“The compromised device is Paul Russell’s iPad in Bldg. 200”

Cisco ISE collects contextual “big data” from multiple

sources across the network. Via Cisco pxGrid technology,

this contextual data is shared with partners.

With ISE contextual data, Partner Solutions can more accurately

and more quickly identify, mitigate, and remediate security

threats across the network.

Cisco Platform Exchange Grid (pxGrid)

Accelerating Partner Technology Efficiencies via Context Sharing

NE

W

Cisco Confidential 23 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Faster Remediation of Threats with SIEM / TD

Extension of Access Policy & Compliance with MDM

Endpoint Vulnerability Remediation

Context-driven OT Policy and Segmentation for IoT

Simplified Network Troubleshooting and Forensics

SSO Secure Access to Sensitive Data on Mobile Devices

Streamline Security Operations with ISE Ecosystem

Connect Disparate Solutions and Reduce Threat Response Time

NE

W

Cisco Confidential 24 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Agenda

Current Challenges

Cisco ISE Overview

Introducing Cisco pxGrid

Customer Success Stories

Their Results:

ü

Speedier Guest Network, with Better Profiling

ü

Improved Compliance and Security

ü

IT Staff Operational Efficiencies

Industry: Finance

Employees: 1,300 in 75 Branches

Cisco ISE Success Story – Guest Lifecycle

“The

lack of expiry dates

on guest access accounts was

always a

security threat

. Using the Cisco ISE guest portal, we can flexibly

and securely create temporary access.”

Their Challenges:

•  Too Many Guests Needing Access

•  Security Risks from Open Guest Accounts

•  Compliance in a BYOD environment

Their Results:

ü

10% Reduction in IT Troubleshooting

ü

100% Network Uptime

ü

Vastly Improved End-User Experiences

Industry: Education

Students & Faculty: 13,500+

Cisco ISE Success Story – Campus BYOD

“Our goal is to get as many people on our network as quickly,

securely, and reliably as possible without our involvement.

ISE enables us to do that.

”

Their Challenges:

•  Better Control over Devices on Network

•  Providing Consistent Secure Access

Their Results:

ü

Granular Access Controls based on Context

ü

Implemented Port-Level Room Controls

ü

Comprehensive, Accurate Medical Endpoint Profiling

Industry: Healthcare

Endpoints: 35,000+

Cisco ISE Success Story – Secure Access

“

Cisco ISE met our high water mark

for use cases with

flying colors

. We are excited to be working with Cisco as we

extend the…model to other Sentara Healthcare facilities”

Their Challenges:

•  Separating Clinical vs. Consumer Data

•  Segregating Medical Devices, Based on Usage

•  Controlling Compliant Access without Disruption

Cisco Confidential 28 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Agenda

Current Challenges

Cisco ISE Overview

Introducing Cisco pxGrid

Customer Success Stories

Image: Gartner Magic Quadrant for Network Access Control 2013, Lawrence Orans, John Pescatore – 12 December 2013

“

The Cisco ISE 1.3 is Cisco’s most important NAC version since Cisco first offered the ISE

1.0.

Perhaps the

most exciting part

of Cisco ISE 1.3 NAC is the integration with

pxGrid

....

In this generation NAC platform, Cisco wanted to

make an easier, more intuitive platform

while adding

features and functionality.

Cisco has gone a long way toward achieving these objectives

.”

- Frost & Sullivan, 2014

Analysts Recognize Cisco ISE Industry Leadership

Analysts Continue to Position Cisco ISE as Market and Technology Leader

A

LEADER

in Gartner Magic Quadrant for NAC

- Gartner December 2013, 2012, 2011

“Cisco TrustSec and Cisco ISE are consistent with our view of

identity-centric end-to-end security that is

both needed and lacking in the

enterprise today

.”

- Forrester 2011

A

CHAMPION

in Info-Tech Vendor Landscape for NAC

Customers Around the World Trust Cisco ISE

Continuing to Drive the Market as the #1 Solution

600+

ATP Partners

|

7,000

Customers

|

36 Million+

Endpoints

Licensed

Purchased by…

50% of Fortune Global 500

80% of Fortune Global 25

Leading Technology Innovation

that Drives Industry Standards in

the NAC Market and Beyond

Cisco ISE is Core to Cisco Security

ISE Provides

Visibility, Context, and Control

Across the Entire Continuum

BEFORE

Control

Enforce

Harden

DURING

AFTER

Detect

Block

Defend

Scope

Contain

Remediate

Attack Continuum

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NGIPS

Web + Email Security

Advanced Malware Protection

Network Behavior Analysis

Single Plane of Glass

Management with

Cisco Prime

ONE MANAGEMENT

Cisco ISE Provides One Policy for Cisco Unified Access

ONE NETWORK

Simplified, Unified Policy

Management

with Cisco ISE

ONE POLICY

CISCO  

UNIFIED  

ACCESS  

Integrated

Wired and Wireless

in ONE Physical

Infrastructure,

with ONE Operating

System & Open APIs

Only Cisco ISE Can…

Reduce the Complexity

of Securing Access

Optimize Downstream

Security Services

Manage Simplified,

Unified Access Policy

across Wired, Wireless,

& VPN

Share Dynamic

Context with Partners

to Accelerate their

Security Capabilities

Offer Unparalleled

Network Visibility

Eliminate Unknowns to

Get a Clearer Picture

of Who & What Is On

Your Network

Identify Threats and

Prevent Lateral

Movement Across the

Network

Contain Advanced

Network Threats

Cisco ISE is the Key Component to Support Secure