Cisco boosts IoT access control, management

Cisco boosts IoT access control, management

Tweaks to ISE, DNA Center can better track, secure internet of things devices

Cisco has rolled out software tools for helping customers control access and more easily manage the burgeoning amount of enterprise IoT devices in their networks. 

The company has also begun filling out its Catalyst 9000 line of intent-based networking (IBN) switches with new boxes aimed at customers wanting 100G/sec and 25G/sec network migration options.

IoT access control, security, management

The need for much better enterprise IoT access control is obvious, Cisco says: According to its Midyear Cybersecurity Report for 2017 most companies are not aware of what IoT devices are connected to their network.

These devices are generally not build with security in mind, many of them lagging behind the security of desktops, the report says. Security issues can take months or years to resolve, and typically they have no reporting or updating on common vulnerabilities and exposures. They often have unpatched or outdated applications that cannot be easily accessed or reached at all, making it hard to remediate compromised systems.

ISE upgrades

With all of that in mind, Cisco has bolstered its Identity Service Engine (ISE) by doubling the amount of IoT device and user device groups that can be automatically classified and identified, including those using industrial and building protocols such as BACNet, Profinet, CIP and Modbus.

“With ISE 2.4 we have added 620 new profiles that can now be populated in ISE,” said Prashanth Shenoy, VP of enterprise network marketing at Cisco. “With this increased support ISE customers can set policies for IoT devices, segment IoT devices and control access all from one location.”

Cisco ISE is available as hardware appliances or virtual servers. The software recognizes devices as they connect to the network, reporting data like manufacturer, model number and software installed. ISE controls access across wired, wireless and VPN connections to the corporate network, Cisco said.

DNA Center, SD-Access

Cisco also said it was expanding a central component of its DNA Center provisioning package to support IoT devices. Introduced last year as a key part of its IBN initiative, DNA Center is network-automation software. A key part of it is SD-Access software, which uses an identity-centric approach to manage users and devices coming onto and operating within the network, Cisco said.  

Cisco is extending SD-Access from the campus to what Cisco calls the extended enterprise, such as distribution centers, warehouses and manufacturing plants where IoT devices, sensors and robots are common. Extending SD-Access means customers can push policy and automate operations across their enterprise, manufacturing or outdoor environments – all through DNA Center, Shenoy said.

SD-Access Extension for IoT and SD-Access for Distributed Campus should be in in the 3Q with general availability in 4Q, Cisco said.

Cisco said its Operational Insights cloud-based management service and Cisco Connected Mobile Experiences (CMX) appliance, version 10.3 or later can now use data acquired from IoT devices to track and monitor the location and environmental state of machines, sensors and other assets. By applying business rules that define the expected range of locations and telemetry, the service is able to more effectively identify problems and streamline business operations.

“Operational Insights continually monitors data from the sensors attached to your assets — including telemetry data such as temperature and humidity. When any measure deviates from the norm established by your workflows, policies and business rules, the solution swings into action. It can give you an immediate alert or, if you prefer, can trigger an automated action that is predefined by your workflows and business rules,” Cisco said.

Catalyst switches for intent-based networking

Cisco added the Catalyst 9500 100/40G 32-port switch and the Catalyst 9500 25G 24- and 48-port switches to its Catalyst family.  

The Catalyst 9500 is Cisco’s core aggregation enterprise switch that offers myriad services such as Encrypted Traffic Analytics and Netflow, and offers customers an  upgrade path from older models. The boxes are available now.

Cisco also rolled out an Aironet 4800 Access Point,which it described as an all-in-one access point that “includes a 24x7 dedicated radio for security and analytics, real-time telemetry with deep visibility and industry-leading hyperlocation.”

The 4800 features what Cisco calls “Intelligent Capture” which probes the network and can send DNA Center the results, which can be used to set policies or track and react to anomalies.

“The software can track over 240 anomalies and instantaneously review all packets on demand, emulating the onsite network administrator,” Cisco said. The box includes a supplemental radio that constantly monitors the wireless network looking for anything that can cause a threat or interfere with performance, the company said. The box will be available in the third quarter, Cisco said.

(Michael Cooney is a freelance Digital Journalist who has written about the IT world for more than 25 years.  He can be reached at

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Reseller News has honoured the leading female front runners of the New Zealand ICT industry at the 2019 Women in ICT Awards (WIICTA) in Auckland. The awards recognised standout individuals across six categories, spanning Entrepreneur, Rising Star, Shining Star, Community, Technical and Achievement. Photos by Gino Demeer.

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA
Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Show Comments