cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2763
Views
1
Helpful
1
Replies

ISE Posture Reassessments and Best Practices

nspasov
Cisco Employee
Cisco Employee

Hello ISE Experts-

We have a potential large customer with roughly 40,000 endpoints that are looking at rolling out ISE with Posture Assessment:

  • Patches Posture and SCCM Integration
  • Mobile posture with Intune

The customer wants to know how often posture re-assessment should be done based on based practices and other customers that are in similar size.

1 Accepted Solution

Accepted Solutions

howon
Cisco Employee
Cisco Employee

Nencho, there is no BP regarding posture re-assessment and it depends on the customer needs. It certainly provides better security to re-check endpoints periodically but at the same time the user may be quarantined as result of the assessment. You will need to balance between the convenience and the security in regards to enabling and also adjusting timer. One are that you should look into is how much impact it may have on the system, which you can reference here for the posture authentications per second:

ISE Performance & Scale

View solution in original post

1 Reply 1

howon
Cisco Employee
Cisco Employee

Nencho, there is no BP regarding posture re-assessment and it depends on the customer needs. It certainly provides better security to re-check endpoints periodically but at the same time the user may be quarantined as result of the assessment. You will need to balance between the convenience and the security in regards to enabling and also adjusting timer. One are that you should look into is how much impact it may have on the system, which you can reference here for the posture authentications per second:

ISE Performance & Scale

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: