The Unexpected Duo: Forescout and Cisco ISE

February 24, 2020

Table of Contents

    Forescout or Cisco ISE? A common conversation and debate when discussing network access control solutions.  But what if we told you that you don’t have to choose and that it can be Forescout AND Cisco ISE?

    Improving an organization’s overall security posture has been an on-going effort for the past few decades, but security risks have never been greater.  As threats continue to exponentially increase due to the explosion of devices and data, organizations cannot afford to have a stagnant, incomplete security plan and solutions.

    With that said, we understand that organizations cannot quickly or realistically adopt the latest and greatest technologies after investing in what was the right product at the time. Choosing the right security solution is not a lighthearted task.  Multiple factors play a role in the decision-making process from what works best with the organization’s configuration to budget, investment and ROI.

    Cisco ISE is well-known for authentication on both wired and wireless networks.  It requires a device be authenticated prior to being allowed on the network, either through cert, user or mac address authentication.  In today’s security threat landscape that’s not enough.  That’s where Forescout can help.  Forescout can complement and collaborate with Cisco ISE giving your organization more visibility and ultimately a stronger security program.  Here are 3 ways to utilize the power of Forescout with Cisco ISE –

    1. Gain agentless visibility and device compliance, categorization and control of IoT devices

    Security agents are extremely valuable and practical when it comes to communicating and monitoring Windows, Mac and Linux devices.  However, one restriction is with devices that cannot or do not have security agents installed.  Forescout’s solution of an agentless approach identifies and evaluates devices instantly when they connect to the network.  This allows for information such as device types, users, applications, operating systems to be gathered.

    2. Gain real-time device hygiene/compliance monitoring, assessment and device remediation – without the need for an agent

    Enforcing device hygiene is a critical step to protecting the entire network.  Once on the network, the platform can start and stop applications, update antivirus security agents, identify peripheral devices and request end-user acknowledgement.

    3. Improve rogue device detection through continuous, post-connect monitoring

    The main component of device visibility is detecting and understanding the devices connected to your network.  However, point-in-time detection is not enough in today’s security space.  With highly-skilled hackers and advanced methods, it’s important to continuously monitor where a device is and it’s state at all times.  Continuous post-connect monitoring greatly increases security and ensures no malicious activity happens anywhere on the network. Forescout automatically applies policies to continuously follow devices and their state within the corporate network, including into the datacenter and across the cloud.

    It’s never been easier to create a unified, complete security solution with Forescout and Cisco. Go beyond authentication on just wireless networks with Cisco ISE and secure your wired, wireless and VPN networks with Forescout.

    forescout_cisco_ise