- Introduction
- Why would you be interested in this Project Story ?
- What problem does this Project Story solve ?
- What are the outcomes of this Project Story ?
- What are the Talking Point of this Project Story ?
- Where you can find details about this Project Story ?
- What are the Security Knowledge Base Articles created from this Project ?
- What are the key Ideas & Enhancements to be implemented in ISE that would benefit Projects like this ?
- What impact is this Project having on other Customers ?
- What are the next steps ?
The Portuguese version of this Article can be found at: Implantação e Operação do ISE: Lições de Ambientes Grandes e Complexos .
 |
For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print > Print to PDF or Copy & Paste to any other document format you like. |
Introduction
This Project Story talks about the Challenges & Solutions faced by a huge Financial Institution, distributed across 26 States, to Deploy and Operate a very large heterogeneous Zero Trust Network Infrastructure of over 53K Access Points, 15K Switches, 250K Endpoints and 115K Users, with ISE (Identity Services Engine) as the "Heart of the Solution".
Best Practices and Lessons Learned acquired over the past years to successfully Deploy and Operate a Heterogeneous, Unconventional and in some cases Legacy Environment will be shared in this Project Story.
Automation Tools and APIs used to gain efficiency at scale and the initiatives to analyze Telemetry Data using AI will also be shared.
Why would you be interested in this Project Story ?
A real-world scenario with many adversities generates many Lessons Learned and Success Stories.
The Challenges & Solutions faced by a huge Customer provide all Readers with a unique opportunity to learn from the daily experience of this constant "battlefield".
What problem does this Project Story solve ?
This is a Project Story of a huge Financial Institution, with a very large and heterogeneous Network Environment that was looking to provide Zero Trust Access to their Employees, Contractors and Devices that need access to Company Applications and Internet Access.
The main Challenge was to find Technical and Operational Solutions that would provide Visibility and Control of Users and Devices, in a huge existing, diverse and, in many cases, legacy Infrastructure, with limited Security Capabilities.
The "Heart of the Solution" was to leverage Cisco ISE to centrally Operate and Automate daily tasks (through ISE APIs and Scripts), and capture Telemetry Data to understand the Business Behaviors (not only to identify Anomalous Behaviors or Threats, but also for AI Research).
What are the outcomes of this Project Story ?
This Project Story aimed to achieve four key outcomes:
- Reduce the risk of Data breaches
- Minimize disruption to Business operations
- Increase Workforce effectiveness
- Improve the overall Customer Experience
What are the Talking Point of this Project Story ?
- Designing and Deploying ISE in Heterogeneous, Unconventional and in some cases Legacy Environment.
- Best Practices to Operate and Automate daily tasks using ISE APIs and Scripts.
- Capturing Telemetry Data and analyzing with AI to get insights into Network Health through Business Behaviors.
Where you can find details about this Project Story ?
Navigating Security in a Chaotic Environment - Part I
Navigating Security in a Chaotic Environment - Part II
What are the Security Knowledge Base Articles created from this Project ?
ISE - What we need to know about SNS / VM
ISE - What we need to know about Support Bundle
ISE - What we need to know about pxGrid
ISE - What we need to know about Data Connect
Evolving IOT from MAB to 802.1x
Lições Aprendidas com a Paralisação Global de TI de 19-Julho-2024
What are the key Ideas & Enhancements to be implemented in ISE that would benefit Projects like this ?
CX Cloud: ISE "Global Parameters".
ISE: more than 20 concurrent Admin GUI Sessions.
ISE: possibility to generate Repeat Count Reports.
ISE: possibility to repurpose the SNS Appliance.
Note: for more ... please take a look at: Cisco Insider User Group Ideas - Security.
What impact is this Project having on other Customers ?
This Project was able to bring together other Cisco ISE Customers to:
- Share Knowledge
- improve Customer Experience when using ISE
- point out improvements to be implemented in ISE
Note: other Security Knowledge Base Articles used to Share Knowledge with other Cisco ISE Customers and Security Professionals:
ISE - Active Directory Identity Source
ISE - What we need to know about DNS Server
ISE - What we need to know about TACACS+
Vulnerabilidade que afeta o Cisco ISE (CVE-2025-20124 e 20125)
Vulnerabilidade que afeta o Cisco ISE (CVE-2024-20417)
ISE - Field Notice: FN74227 - Software Upgrade Recommended
Vulnerabilidade que afeta o Cisco ISE (CVE-2024-20296)
Vulnerabilidade que afeta o Cisco ISE (3.1 - 3.3)
Vulnerabilidade que afeta o Cisco ISE (3.x)
Vulnerabilidade que afeta o Secure Client (CVE-2025-20206)
Vulnerabilidade que afeta o Secure Client (CVE-2024-20474)
Vulnerabilidade que afeta o Secure Client/AnyConnect (CVE-2024-20337)
What are the next steps ?
With the aim of Sharing Knowledge and disseminate the Solutions learned from the daily experience of this constant “battlefield”, we submitted this Project Story to:
- the Cisco Live US 2025 (which will take place from June 08 to 12 in San Diego) Call for Participation (CFP) as a Customer Success Story (CSS)
- the Cisco Customer Achievement Awards 2025 in the CX Customer Hero and Cisco Insider of the Year Award Categories.
Note: to learn more about Cisco Live ... Viva experiência Cisco Live 2024 com a Nossa Comunidade !!!
6 Comments
