The Cisco Identity Services Engine (ISE) posture module provides a service that allows you to check the compliance of endpoints with corporate security policies. This service consists of three main components: client provisioning, posture policy, and authorization policy. Client provisioning ensures that the endpoints receive the appropriate posture agent, such as the AnyConnect ISE Posture Agent or the Network Admission Control (NAC) Agent. Posture policy defines the conditions and requirements that the endpoints must meet to be considered compliant, such as having the latest antivirus updates or patches installed. Authorization policy determines the level of network access granted to the endpoints based on their posture assessment results, such as allowing full access, limited access, or quarantine.
The two actions that the Cisco ISE posture module provides that ensure endpoint security are:
The latest antivirus updates are applied before access is allowed. This action prevents malware infections and protects the network from potential threats. The posture policy can include predefined or custom conditions that check the antivirus status of the endpoints, such as the product name, version, definition date, and scan result. If the endpoint does not meet the antivirus requirement, the posture agent can trigger a remediation action, such as launching the antivirus update or scan, before allowing network access.
Patch management remediation is performed. This action ensures that the endpoints have the latest security patches installed and are not vulnerable to known exploits. The posture policy can include predefined or custom conditions that check the patch status of the endpoints, such as the operating system, service pack, hotfix, or update. If the endpoint does not meet the patch requirement, the posture agent can trigger a remediation action, such as redirecting the endpoint to a patch management server or launching the patch installation, before allowing network access.
References :=
Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure Client Posture Policies
Configuring posture services with the Cisco Identity Services Engine
Cisco Identity Services Engine Administrator Guide, Release 2.0 - Posture Policy
