Cisco has rolled out software tools for helping customers control access and more easily manage the burgeoning amount of enterprise IoT devices in their networks.\u00a0\nThe company has also begun filling out its Catalyst 9000 line of intent-based networking (IBN) switches with new boxes aimed at customers wanting 100G\/sec and 25G\/sec network migration options.\n\nIoT access control, security, management\nThe need for much better enterprise IoT access control is obvious, Cisco says: According to its Midyear Cybersecurity Report for 2017 most companies are not aware of what IoT devices are connected to their network.\nThese devices are generally not build with security in mind, many of them lagging behind the security of desktops, the report says. Security issues can take months or years to resolve, and typically they have no reporting or updating on common vulnerabilities and exposures. They often have unpatched or outdated applications that cannot be easily accessed or reached at all, making it hard to remediate compromised systems.\nISE upgrades\nWith all of that in mind, Cisco has bolstered its Identity Service Engine (ISE) by doubling the amount of IoT device and user device groups that can be automatically classified and identified, including those using industrial and building protocols such as BACNet, Profinet, CIP and Modbus.\n\u201cWith ISE 2.4 we have added 620 new profiles that can now be populated in ISE,\u201d said Prashanth Shenoy, VP of enterprise network marketing at Cisco. \u201cWith this increased support ISE customers can set policies for IoT devices, segment IoT devices and control access all from one location.\u201d\nCisco ISE is available as hardware appliances or virtual servers. The software recognizes devices as they connect to the network, reporting data like manufacturer, model number and software installed. ISE controls access across wired, wireless and VPN connections to the corporate network, Cisco said.\nDNA Center, SD-Access\nCisco also said it was expanding a central component of its DNA Center provisioning package to support IoT devices. Introduced last year as a key part of its IBN initiative, DNA Center is network-automation software. A key part of it is SD-Access software, which uses an identity-centric approach to manage users and devices coming onto and operating within the network, Cisco said. \u00a0\n\n\n\n\n\nCisco is extending SD-Access from the campus to what Cisco calls the extended enterprise, such as distribution centers, warehouses and manufacturing plants where IoT devices, sensors and robots are common. Extending SD-Access means customers can push policy and automate operations across their enterprise, manufacturing or outdoor environments \u2014 all through DNA Center, Shenoy said.\nSD-Access Extension for IoT and SD-Access for Distributed Campus should be in in the 3Q with general availability in 4Q, Cisco said.\nCisco said its Operational Insights cloud-based management service and Cisco Connected Mobile Experiences (CMX) appliance, version 10.3 or later can now use data acquired from IoT devices to track and monitor the location and environmental state of machines, sensors and other assets. By applying business rules that define the expected range of locations and telemetry, the service is able to more effectively identify problems and streamline business operations.\n\u201cOperational Insights continually monitors data from the sensors attached to your assets \u2014 including telemetry data such as temperature and humidity. When any measure deviates from the norm established by your workflows, policies and business rules, the solution swings into action. It can give you an immediate alert or, if you prefer, can trigger an automated action that is predefined by your workflows and business rules,\u201d Cisco said.\nCatalyst switches for intent-based networking\nCisco added the Catalyst 9500 100\/40G 32-port switch and the Catalyst 9500 25G 24- and 48-port switches to its Catalyst family. \u00a0\nThe Catalyst 9500 is Cisco\u2019s core aggregation enterprise switch that offers myriad services such as Encrypted Traffic Analytics and Netflow, and offers customers an\u00a0 upgrade path from older models. The boxes are available now.\nCisco also rolled out an Aironet 4800 Access Point,which it described as an all-in-one access point that \u201cincludes a 24x7 dedicated radio for security and analytics, real-time telemetry with deep visibility and industry-leading hyperlocation.\u201d\nThe 4800 features what Cisco calls \u201cIntelligent Capture\u201d which probes the network and can send DNA Center the results, which can be used to set policies or track and react to anomalies.\n\u201cThe software can track over 240 anomalies and instantaneously review all packets on demand, emulating the onsite network administrator,\u201d Cisco said. The box includes a supplemental radio that constantly monitors the wireless network looking for anything that can cause a threat or interfere with performance, the company said. The box will be available in the third quarter, Cisco said.