Measuring the Security Impact of Zero Trust Access Controls: A Mixed-Methods Study of Identity-Based Policies (Cisco ISE + AD) and Incident Reduction

Abstract

This study measured the security impact of Zero Trust access controls implemented through identity-based policies integrating Cisco Identity Services Engine (ISE) with Active Directory (AD). A quantitative, quasi-experimental pretest–posttest design was employed using an interrupted time-series approach to evaluate security outcomes across pre-implementation and post-implementation observation windows. The analysis examined whether the enforcement of centralized authentication, authorization, and policy-driven segmentation was associated with measurable reductions in security incidents, improvements in identity governance outcomes, and enhanced Security Operations Center (SOC) performance. Findings indicated that Zero Trust implementation was associated with a substantial reduction in incident frequency and severity. Weekly total incident counts declined from 38.4 during the baseline period to 27.1 in the post-implementation period, representing a 29.4% reduction. High-severity incidents declined from 11.2 to 6.3 per week, reflecting a 43.8% reduction, while the proportional share of high-severity incidents decreased from 29.2% to 18.5. Unauthorized access attempts decreased from 145.6 to 118.4 per week (18.7% reduction), while authentication anomalies declined from 96.8 to 62.7 per week (35.2% reduction). Lateral movement alerts demonstrated the strongest proportional improvement, decreasing from 12.5 to 6.8 per week, representing a 45.6% reduction. SOC performance also improved significantly. Mean time to detect (MTTD) declined from 18.6 hours to 11.4 hours, indicating a 38.7% improvement, while mean time to respond (MTTR) declined from 26.3 hours to 17.9 hours, reflecting a 31.9% improvement. Time-to-containment improved from 42.8 hours to 28.5 hours, representing a 33.4% reduction. Regression models confirmed that post-implementation status significantly predicted lower incident rates (IRR = 0.71, p < .001) and lower high-severity incident rates (IRR = 0.60, p < .001). Logistic regression indicated that post-implementation incidents were 46% less likely to be classified as high severity (OR = 0.54, p < .001). Overall, the findings provided quantitative evidence that Cisco ISE and AD-integrated Zero Trust access controls were associated with statistically significant reductions in incident frequency, escalation risk, and response latency, supporting the effectiveness of identity-driven security governance in enterprise environments.