Cisco's Software-Defined Access (SD-Access) provides automated end-to-end segmentation to separate user, device and application traffic without redesigning the network. Cisco SD-Access automates user access policy so organizations can make sure the right policies are established for any user or device with any application across the network.
N/A
Tempered Airwall
Score 10.0 out of 10
N/A
Tempered Networks is network security technology from the company of the same name in Seattle, Washington.
It's well suited in our corporate offices, where all our business users resides and where we can control all their accesses. What doesn't really fit well is when we have our branch fronts, where all the software domain access features aren't utilized to its fullest, due to the fact that customers and users don't really need to have all the security features that SDA provides.
It's very well suited for geographically dispersed organizations, where deploying and managing remote firewalls and other network security functions aren't practical. Once deployed, and the deployment isn't difficult after planning and understanding the data flows of the IoT devices, the system is easily managed and flexible. You're able to allow front line operations people to add devices into a role without sacrificing the integrity of the security model.
As far as my experience with SD-Access -I'd say things that can be improved are - better functionality with ISE, ease to understand licensing and better documentation for configuration (add-ons, etc), and licensing.
It's pretty darned good for a new company. We had to hash through a couple of instances that no one had ever run into, but once we got to the right person on the engineering team, they were able to work through the solution pretty quickly. The nice thing is, unlike Cisco, once you fix something, you don't find three new things that have to be changed.
Automation, pushing template-based configuration to multiple devices in one push saves time and manpower. Assurance helps trace issues related to devices, clients, and provide the troubleshoot as the best practices. Segmentation, with the use of the SGT tags, we are able to achieve segmentation and micro-segmentation securely.
The cost and complexity vs. ISE is as different as Uber and Lift are from trying to take a taxi in Duluth, Minnesota. The complexity of Cisco's IoT security is a joke. It was going to take us over a year just to deploy all the Cisco equipment, and that was if we could have gotten it all working together. We got the entire project deployed in just under 3 months, and that includes working out all the bugs and logistics. Honestly, I don't think all the Cisco parts would have ever been running like Cisco promised it would. It's just way too complicated.
