Cisco ISE Profiling Service

by Matthew Demers ISE, ISE, Networking, Resources, Security

Cisco Identity Services Engine (ISE) is a comprehensive network access control solution that enables organizations to manage their network security policies and enforce them consistently across all devices and users. One of the key features of Cisco ISE is its profiling service, which provides visibility into the type of devices and operating systems accessing the network.

Profiling is the process of identifying the attributes and characteristics of a device on the network. It involves collecting data about the device, such as its operating system, manufacturer, model, and other relevant details. This information is then used to create a profile for the device, which can be used to enforce network security policies and enable access to network resources.

Cisco ISE’s profiling service uses a variety of methods to identify and classify devices on the network. These methods include passive and active profiling, endpoint probes, and network-based device identification. Passive profiling involves monitoring network traffic to identify devices and their characteristics, while active profiling involves actively querying devices to collect information about them.

Endpoint probes are used to gather information about devices that are not sending traffic over the network. These probes can be configured to collect information about specific types of devices or operating systems, allowing organizations to gain visibility into their network environment. Network-based device identification involves using techniques such as port scanning and fingerprinting to identify devices on the network.

Once a device is identified and classified by the profiling service, it can be assigned to a specific group or policy based on its characteristics. For example, devices running a specific operating system can be assigned to a group with specific access permissions, or devices manufactured by a specific vendor can be assigned to a group with specific security policies.

In addition to providing visibility into the network environment, Cisco ISE’s profiling service also enables organizations to enforce security policies based on device characteristics. For example, devices that are not compliant with security policies can be prevented from accessing the network, or devices with specific vulnerabilities can be isolated from the rest of the network.

Overall, Cisco ISE’s profiling service is a powerful tool for organizations looking to gain visibility into their network environment and enforce consistent security policies. By identifying and classifying devices on the network, organizations can improve their overall security posture and ensure that only authorized devices are allowed access to network resources.