Cisco Identity Services Engine (ISE) Reviews

I use Cisco Identity Services Engine (ISE) for wireless authentication and device administration.

Cisco Identity Services Engine (ISE) is good with device administration.

We use the product for TACACS, dot1x, authentication for some of our RADIUS devices, and authentication and authorization for our VPN clients.

We've become more secure. We see devices that lose certificates, and then they get denied. Before, we would only get to know that the network was down. Now, with the help of the solution, we can pull up reports, go through them and understand that the certificate has expired. So, the person who raised the ticket takes the certificate, and everything gets resolved.

We can also understand if posturing fails because the user doesn't have the current version of the software on. The product provides us with one place to look for all of these noncompliance issues. If a port keeps locking down, we can send somebody to check the devices and remove a bad device if needed. The issue doesn’t get on the network because the product ties in and locks the network down for us on that port.

I use the product for AAA authentication.

Before, we used to use Cisco ACS. After ACS retired, we started using Cisco Identity Services Engine. Right now, we are integrating Cisco Identity Services Engine with DNAC. Whatever we provision inside DNAC will send the information to Cisco Identity Services Engine, and the switch will be added. This process enables easy management.

We mainly use Cisco ISE for device authentication. We are now rolling out 802.1X.

Cisco ISE has provided us with a security posture that we desire, particularly for wired connections, enabling the identification of domain users and non-domain users.

I would rate Cisco ISE an eight out of ten for its capability to secure our infrastructure from end to end, enabling us to detect and address threats. This high rating is due to its ability to establish policies and dynamically configure switch components for users.

Cisco ISE has helped our IT staff save approximately 15 hours per week, as they no longer need to manually configure the switch components.

Cisco ISE has helped improve our cybersecurity resilience, particularly through the use of 802.1X. This aspect is something we are leveraging to a great extent.

The primary use case of Cisco Identity Services Engine (ISE) is to serve as a security solution that can specify the endpoints in an organization for segmentation. This involves defining the reachability domain for each endpoint in an organization. 

It automates pushing access lists or authorizations and offers profiling to define and manage endpoints. It provides profiling to help organizations define the type and points of the endpoints, building security rules, and providing health checks to ensure endpoints comply with rules.

The solution offers automation and real-time visibility, which aids in monitoring and troubleshooting issues with endpoints. 

The product provides feedback about the network based on endpoint behavior, assisting in understanding the network's current state.

Identity Services Engine for us has an incredible number of use cases, predominantly around identity and contact sharing within the enterprise or Endpoint onboarding for, authentication and authorization. Most recently, in the last few years, we've actually finally added device authentication and device management into that with the TACACS implementation. And now we have a comprehensive set of features to perform enterprise NAC, pure RADIUS authentication, and user authorization.

Cisco Identity Services Engine has provided two incredibly beneficial outcomes for our clients. First and foremost, they've been able to limit and minimize the number of different discrete platforms they need to use to deliver things such as network admission control, device authorization, and posturing, as well as do device and policy enforcement at the endpoint level. The second one that really is under sung is the ability to comprehensively manage guests in BYOD wireless access. The ability for the enterprise pretty much out of the box to deploy an end-to-end solution to manage guest onboarding, user self-service, as well as bring your own device has been a real boom to network access.

Using ISE to detect and remediate threats is really the hinge pin for pretty much everything in the Cisco security infrastructure. Without identity and without context, you really can't do any enforcement. It's fine to be able to detect a threat with an IPS, with a threat appliance, with anomaly detection, but being able to use things like RADIUS chains of authorization to then blacklist a host or remove a host from a production relay is an incredibly important outcome, not the least of which because that's all automated in ISE. And that's an incredible benefit to IT teams who perhaps don't have a NOC, don't have a SOC that can run out, and respond to a threat immediately. Having those SOAR automation capabilities inherent to the system is a really powerful feature set.

I think it's inevitable when a customer is deploying or using ISE that they're gonna find additional cycles that they can spend their time on. The rich automation and the quick startup out of the box, for instance, ISA has a really rich onboarding wizard. Pretty much out of the box, you can go through a series of steps, input your IP address, your domain names, etcetera. You don't have to do a lot of the upfront planning and design work that was required of previous systems that did network admission control, certainly more so than the old NAC. And so I believe that many customers will find they have extra cycles to go and use that IT talent to do more impactful projects than spending months and months and months deploying admission control.

Identity Services Engine has done a great advantage to our clients in the fact that Cisco has begun to move more capabilities into the platform over time. As they started out with the basic AAA capability, authentication, authorization, and accounting that was present in ACS and the older service architecture, they've now begun to move in, device administration in the form of the TACACS server and other capabilities within ISE. When they previously introduced the pxGrid capability, you now have the ability to bring other enterprise platforms such as your IPS, your threat systems, and your DNS security platforms directly into ISE for performing all those automation. And so it absolutely has consolidated the number of platforms that you need to deploy to achieve that secure outcome.

The effect of the consolidation of all of these functionalities within Identity Services Engine has had on IT is that now you have a single platform with which to maintain. I think sometimes we overlook the fact that security platforms themselves have a lifecycle associated with them. We have to patch these systems. We have to maintain currency on the devices. And over time, those devices like anything else become a little long in the tooth and require refreshing. The flexibility to deploy Identity Services Engine in multiple persona types on hardware or in a virtual machine is a huge advantage to customers who want to consolidate the number of vendors and hardware platforms that they have to support and manage.

Identity Services Engine has helped a lot of our clients as well as Logicalis simplify the way that we approach compliance governance and risk consulting within our own enterprise, being able to have a single source context for when devices were on the network when they were last authenticated, and, of course, that rich user context that we get. We can now share contextual information from Identity Services Engine within an Azure environment, within an AWS environment with our own active directory, and that's an enormous advantage when you're not only threat hunting, but when you're trying to pass those checks and balances that are required for cybersecurity insurance or your own internal compliance auditing.

I am a Cyber System Engineer, specifically working on the network team.

We use Cisco ISE mainly for authentication, accounting, authorization, and monitoring different devices that we have on many different sites within our company. 

The improvements that impacted our organization, specifically, my team who is in charge of the network of our program, are the different amounts of access and the different amount of features that it provides. Authorization, authentication, and accounting are the main three simple basics of cybersecurity. The ability to give access to specific users and what each one can do while being able to monitor them very well and even apply more secure protocols through them using TACACS is beneficial.

My team has gained a lot from Cisco ISE as it does also provide automation, which is a big asset in the eighth hour. After setting it up, it took a lot of the weight off in many ways. We have a co-worker, who we call the ISE Master because he's in charge of the ISE configurations. He's able to save a lot of time by being able to monitor everything from there. So it did take off a lot of time that we would waste by going individually to that different device and trying to figure out what was wrong. 

It definitely improved the security resilience in our company as it did provide more secure options for us you know, securing accounts, securing devices, allowing specific actions for the specific user, you know. Everything was in one place, which is an amazing thing.

This client has helped a lot with replacing different applications that we would use. We do use it hand in hand with other applications like SolarWinds and it did replace the main power itself. We get help desk tickets and try to figure out the problem with specific devices. So it did replace all of that and we can just control it from one place. It's a one-stop-shop kind of thing.