Network security basics: A Buyer's Guide
A collection of articles that takes you from defining technology needs to purchasing options
Editor's Note: This Cisco ISE product overview is part of a series on buying network security products for the enterprise. The series explores the evolution of network security and lays out some major use cases. It also looks at the buying criteria for network security products and compares the leading network security vendors in the market.
Cisco's Identity Services Engine (ISE) is a great product to implement if your network is primarily comprised of other Cisco infrastructure gear. The tool integrates well with other Cisco products, including routers, switches, wireless LANs and next-generation firewalls (NGFWs). The technology used to simplify provisioning, management and communication between network components is called TrustSec. TrustSec is a network segmentation approach that reduces much of the hassle in providing an end-to-end security framework.
There are different licensing packages for the Cisco Identity Services Engine, depending on what security functions your organization needs. The base license includes basic network access functions, guest management and encryption. The plus license includes compatibility for BYOD, profiling, endpoint protection and TrustSec features. The advanced license package includes all base and plus features with mobile device management (MDM), posture and compliance or remediation features. There also is a wireless license to oversee wireless devices.
NAC platform options
Cisco ISE SNS-3415 appliance
The SNS-3415 appliance is a Cisco Identity Services Engine platform for smaller deployments. The hardware is equipped with four 1 GbE interfaces, and is driven by a single 2.4 GHz Intel Xeon processor. The device has 16 GB of memory and a single high-speed 600 GB hard disk drive (HDD).
Cisco ISE SNS-3495 appliance
The Cisco Identity Services Engine SNS-3495 appliance is the larger NAC hardware appliance from Cisco. The hardware, with four 1 GbE interfaces, is based on two 2.4 GHz Intel Xeon processors, doubles the memory of the SNS-3415 to 32 GB, and includes two high-speed 600 GB drives, set up in a RAID 1 configuration.
Cisco ISE virtual appliance
Cisco recommends users build their virtual machines with specifications equal to, or greater than, equivalent hardware appliances. At minimum, a Cisco Identity Services Engine deployment requires at least 4 GB of memory and 200 GB of disk space.
Pricing and support
Cisco ISE hardware and support is purchased through Cisco partners, which set the final purchase price. Cisco's list price for an SNS-3415 hardware appliance, with a one-year ISE Plus license for 1,000 devices, lists for just over $50,000.
Cisco's Smart Net Total Care support includes phone and email support, remote troubleshooting, firmware upgrades and defective hardware replacement. Prices are based on how quickly replacement hardware is shipped to a customer.
Read our buyer's guide on network access control.
Examine how network access control has adapted to IoT.
Check out our five tips for managing guest access to your network.