topic Re: Cisco ISE Agentless Posture in Network Access Control

Cisco ISE Agentless Posture

ahmedsaif — Thu, 06 Jun 2024 07:18:41 GMT

We are trying to implement Agentless Posture ( ISE 3.1 Patch 8 ) 😎in our environment. However, there are some concerns that are raised by risk assesment team regarding some of the configurations.

1. Why the account configured for posturing (under Endpoint Scripts --> Endpoint Login Configuration) cannot be linked directly to the AD so that there is no password management on the ISE itself and password policies get applied on the AD.

2. Why the account would require local admin privileges on each and every machine in the organization and open the door to possibilities for password leakage and threat of comprimising all machines as a result.

Anyone faced the above in their environments and what workarounds they considered for them?

Re: Cisco ISE Agentless Posture

ahmedsaif — Thu, 11 Jul 2024 10:35:50 GMT

When configuring the admin account for Agentless posture we need to manually enter the password as well which is a security risk. Is there a way around this?

Re: Cisco ISE Agentless Posture

ahollifield — Mon, 15 Jul 2024 00:37:09 GMT

If these are of concern to you, don't use agentless posture. You raise some of the exact concerns I share with my customers when they want to use Agentless Posture. What is your use-case? Why not use Cisco Secure Client ISE Posture or an MDM compliance check instead? The Agentless Posture user experience is also very poor.