TrustSec

 

Cisco Trust Sec  CTS is a security architecture developed by Cisco comprised of three components.  When most of us think about CTS, we think of Security/Scalable Group Tags (SGT’s) and Security/Scalable Group Access Control Lists (SGACL’s).

TrustSec mitigates security risks by providing comprehensive visibility into who and what is connecting across the entire network infrastructure, and  control over what and where they can go.TrustSec builds on your existing identity-aware access layer infrastructure (switches, wireless controllers, and so on).

In addition to combining standards-based identity and enforcement models, such as IEEE 802.1X and VLAN control, the TrustSec system it also includes advanced identity and enforcement capabilities such as flexible authentication,

 

Cisco Identity Services Engine (ISE) enables a dynamic and automated approach to policy enforcement that simplifies the delivery of highly secure network access control. ISE empowers software-defined access and automates network segmentation within IT and OT environments.

Cisco Identity Services Engine (ISE) activates intelligence from across the security stack to become the policy decision point in a zero-trust architecture for the workplace

CIsco ISE use:Use Cisco Trustsec

1.  to assign a tag
2. Security Group Tag (SGT). Its use in routers, switches, and firewalls to make forwarding decisions
3. Tag dictates which action policies to dictate through the network

• 
  

Cisco TrustSec policies are centrally managed by Cisco Identity Services. Engine (ISE) with enforcement functions available in campus switches, data center

SGT functions like the VLANs but it doesn't work at that level, it uses tags instead.

Let's set another example of SGT

Cisco trustSec is high scalable and efficient and you don't need to make hard changes in the topology by alerting the  access control.or traditional methods like VLAN or subnet.

Cisco trusts is simply another option to give us some granular control in managing our secure access.