April 17, 2018
These lessons, learned from years of deploying this security tool, can help organizations get the most from its capabilities.
Let’s take a look at the four most important things I’ve learned in the process of deploying ISE with my customers.
ISE is a powerful tool, but it’s not a magical one. It’s important that organizations understand the capabilities of ISE before they decide to make the financial and time commitment to deploy the product. The most common misconception is about how ISE identifies systems on the network. It is capable of probing systems over the network and identifying those that respond to its polling requests, but ISE does not monitor network traffic for signs of activity.
When you deploy ISE, you have the option of using it to authenticate devices or to authenticate users. In the past, most of my customers were primarily interested in making sure that only corporate-owned devices were connecting to their networks. That made device authentication the logical choice. Today, many organizations benefit from integrating ISE with other components of their security infrastructure, including StealthWatch and FirePower. Those integrations are much more powerful when they have access to user data, so I’m now encouraging clients to pursue user authentication whenever possible.
The most common problem organizations experience when deploying ISE is that some of their older network equipment may not be compatible with the technology. I now perform hardware compatibility checks early in the process to identify any switches that require firmware upgrades or hardware replacement. Performing these upgrades in advance will speed up the ISE deployment process, especially in environments where it’s difficult to schedule downtime, such as a hospital.
When you first deploy ISE, you’ll likely be overwhelmed by the number of security alerts that you receive from the system. Out of the box, ISE alerts you to almost every event that takes place, and that’s simply too much information for most security teams. As we deploy ISE, I work with my customers to make sure that we’re seeing the important alerts. Those include CPU usage spikes, increases in authentication latency, failed backups, certificate expiration warnings and ISE devices losing contact with Active Directory domain controllers. At the same time, I make sure that we tune out the noise that often occurs when clients temporarily stop responding or are misconfigured for the network. Reducing the number of false positive alerts makes everyone’s life easier.
To learn more about steps you can take to protect your organization from cyberthreats, read the CDW Cybersecurity Insight Report.
This blog post brought to you by: