Cisco Identity Services Engine (ISE) Reviews

I do the designing and implementation and hand it over to the customer. Sometimes, I provide support to the customer. The solution is used for network access control. I have implemented almost all the features of the product.

TACACS is valuable. The product is useful for device administration.

We face many bugs. The vendor is trying to improve it by releasing new patches and hotfixes.

I have been using the solution for almost five years.

I rate the tool’s stability a six out of ten. It breaks down a lot.

I rate the tool’s scalability a seven out of ten. To scale the solution, we must decide which persona should be added. There are different personas for management, monitoring, and policy enforcement. It needs some calculations. I have a lot of clients. One of my clients has 20,000 to 50,000 users.

The initial setup is not easy. It should be designed properly. The solution has almost two or three personas. The design must be reviewed correctly. The implementation is not easy. It is a little bit complex compared to other NAC solutions. The time taken for deployment depends on the size of the implementation. It can take from one week to one year.

The solution is not that cheap.

We are partners. A lot of customers are using Cisco’s infrastructure. The product can be integrated easily. We have faced a lot of issues while integrating other tools. Overall, I rate the solution an eight out of ten.

Today, we are performing wireless client authentication and using it as a captive portal for our guest wireless network. Eventually, I am hoping to roll into 802.1X for the wire.

In our organization, we have about 2,000 employees and 12,000 other end users whom we service.

It has tremendously improved our organization through BYOD and guest wireless access. The sponsor portal is very easy to use for our help desk team as well as just adding an endpoint for BYOD. We have given our help desk team the ability to perform those functions so they don't have to escalate tickets, and what that does is cut back on ticket time. They can quickly assist our end users and make them happy.

We haven't had an opportunity to really do much with zero trust in ISE. However, in regards to integrating it with our DNA Center appliance, we are looking to experiment more with the zero trust option, establishing policies and pushing them that way. That will really help out with 802.1X on a wire as well, preventing outside organizations from coming in, just randomly plugging in, and then being on our network.

ISE has had a good impact on our organization’s security risk. This is mainly because we see rejected clients, people just attempting to authenticate, or people attempting to sign in who don't have permission and we know they don't have permission. The visibility is very nice.

Resilience, in regards to cybersecurity, is incredibly important. We run everything in twos, including our ISE deployment. So, if we have a data center go down for whatever reason, whether it be a cyber attack or just a random power outage, then we know that we still have an ISE node up on the other side which can perform security functions for our AAA authentication.

As far as resiliency, it is very effective when it comes to upgrades or patch management. As far as cybersecurity, it provides visibility with the logs that we get, rejecting clients as needed, or even telling us a reason why an authentication request failed.

I really enjoy the live log section. Sometimes, you will have someone who is having issues connecting to the network, and then you have to ask them the dreaded question of, "Did you type a password wrong?" They will probably tell you, "No," but the live log can help sort that out. It gives us that extra ability to assist the end user and make sure that we are making them happy.

It has done a pretty good job of establishing trust for every access request, no matter where it comes from. The biggest issue that I probably have is just with the random amount of passerby or outside visitors coming in and trying to connect. Of course, they can't. ISE is very good at not only denying them, but also logging that endpoint. I would say it has done pretty good with that.

There is room for improvement in its ability to allow end users to self-enroll their devices. Instead, you should be able to assign that permission by AD group, which is currently not available.

We have been using ISE since 2018.

I have never had any stability issues with it. It has been available 100% of the time that we have needed it.

I think scalability is there. We run a two-node cluster. We haven't had a need to add any more, but I know we could add policy nodes pretty simply if needed.

They are very good and intelligent. I would rate them as eight out of 10.

Positive

Prior to this solution, we were using Microsoft NPS. We switched from the Microsoft solution because we were looking for a more current way for our BYOD devices. 

Prior to ISE, we were using Cisco ACS, which is very old, and ISE was the next logical step. Along with that, we rolled our SSID BYOD over to ISE. That was our initial deployment. 

About a year later, we moved our production SSID over to it as well. So, we have just kind of come more into using it. It has a lot to offer.

It was pretty straightforward. It was not complicated at all.

We deployed it in a week and rolled out BYOD. We moved that over from ACS to Cisco ISE within that week, so it was pretty simple.

Today, we just have it integrated with ISE, but it sits in our data center with our core networking. We consider it essential. If it is not available, then productivity suffers.

I think we have seen ROI in regards to integrating with an external MDM to enforce greater security requirements for business managed devices that aren't Active Directory joined.

I have complaints. I don't enjoy the licensing model. Once we moved from 2.7 to 3.1, switching from Base, Plus, and Apex to Essential and Advantage in Premier, we went from a perpetual, with our base licenses, to now a subscription-base. So, we will have to renew those licenses every year, and I'm not a fan of that for our base licenses. Apex/Premier, we already expected, which is fine, but for basic connectivity, I am not a fan of that.

We went straight with Cisco. We are a very heavy Cisco shop, so it just kind of seemed logical.

We have had experience with Microsoft NPS.

I would rate it as nine out of 10.

I am a Cyber System Engineer, specifically working on the network team.

We use Cisco ISE mainly for authentication, accounting, authorization, and monitoring different devices that we have on many different sites within our company. 

The improvements that impacted our organization, specifically, my team who is in charge of the network of our program, are the different amounts of access and the different amount of features that it provides. Authorization, authentication, and accounting are the main three simple basics of cybersecurity. The ability to give access to specific users and what each one can do while being able to monitor them very well and even apply more secure protocols through them using TACACS is beneficial.

My team has gained a lot from Cisco ISE as it does also provide automation, which is a big asset in the eighth hour. After setting it up, it took a lot of the weight off in many ways. We have a co-worker, who we call the ISE Master because he's in charge of the ISE configurations. He's able to save a lot of time by being able to monitor everything from there. So it did take off a lot of time that we would waste by going individually to that different device and trying to figure out what was wrong. 

It definitely improved the security resilience in our company as it did provide more secure options for us you know, securing accounts, securing devices, allowing specific actions for the specific user, you know. Everything was in one place, which is an amazing thing.

This client has helped a lot with replacing different applications that we would use. We do use it hand in hand with other applications like SolarWinds and it did replace the main power itself. We get help desk tickets and try to figure out the problem with specific devices. So it did replace all of that and we can just control it from one place. It's a one-stop-shop kind of thing. 

The features that we really appreciate are the monitoring features and also being able to administer the different devices that we have. We have a broad amount of devices with Cisco and we would need to be able to monitor them as well as be able to give specific access to each one of them. The fact that if something as simple as that if somebody gets locked out of their laptop, I can go to Cisco ISE and easily see exactly what happened, when it happened, and see if it was a bad or wrong password is really amazing.

The one main thing that it can improve on is the GUI. As the newest addition to the team, I struggle a little bit to get around it just because it has so many features. This is an amazing thing but the downside of it is that it's not as friendly to figure out which feature does what and how to get to it. 

You have to go through a lot of menus to figure out what you need. Although it's fantastic, it's full of different options that are endless, it does get a bit hectic for new users to get comfortable with it. It's taking me a while to figure out all the features and options.

I have personally been using it for about a year. However, my team has been using it for over five years now.

My impression of the stability of Cisco ISE is that we don't have an issue with it, it's pretty stable. Even when things went down system-wise, Cisco was able to help us figure out what was wrong. So from my experience, which is limited because I only have one year of experience with ISE, is that it's been pretty stable.

Scalability is amazing. We have about 1,000 nodes and we're growing every site, so it is an ongoing project. Our project keeps expanding and it doesn't end at a specific point. It covers everything that we are working with, all the devices because we have computers, switches, routers, and so on and so forth and everything is fantastic.

We all love the fact that there are a lot of forums so if you don't want to talk to somebody about it every time there is a problem, just pull the model. With Cisco, you pull the model, put your question in, and there's a huge community that you can see, there are also the hassles that they had to go through and benefit from their answers. It's fantastic because you can go with the support or you can go through the forums. It's fantastic, to be honest.

I would definitely rate them an eight out of ten. I think they are fantastic. We wouldn't be using them that much, especially in a defense company if we didn't think it was up to par security-wise. They're fantastic feature-wise. However, there is always room for improvement hardware-wise, device-wise, or software-wise. 

Positive

We chose it because we have a lot of Cisco products in our company. Ninety percent of our base uses Cisco. Cisco ISE was one of the options that we had. After studying it with some managers and some other teams, it did provide a lot of options that the others didn't. 

I personally didn't evaluate other products but I dabbled through other software, other interfaces, and GUIs of other products. Cisco does provide a lot more options. You can admin the administration part of Cisco ISE, there are endless options of how you can customize it to your own needs. A lot of the other competitors tend to lose it in the fact that the interface is a lot more complicated or it doesn't provide as many features.

In our field, we need the most secure option. That's something that would work with TACACS, which is something that we all use now. That was one of the main factors. 

In terms of the difficulty level of implementation, it was great. At the same time, it was a little bit time-consuming because you need to switch from whatever model that you had with all of your nodes, which in our case was a lot. We utilize at least 1,000 nodes. 

It's very easy for you once you know how to create a new node on ISE. It's very easy to understand how to do it and click on that process but when you're moving a whole entire system into that, it tends to be a little bit hectic. 

We deployed it ourselves with my team. However, we did consult a reseller a couple of times as well as customer support any time we ran into issues. 

The company does see a return on investment. We definitely use it a lot more than we thought it would be used. I can be used for something as simple as a wrong password,  which is something that everyone does in the office, especially right after updating it all the way to something as complicated as if a site has a specific switch or router that depends on it, and it's down, and there's some sort of phishy activity happening. So it is definitely an investment that we all like and appreciate. We do feel that we're getting back what we paid for. 

I would definitely rate it as a nine out of ten. The only major problem for me is the GUI  but I can't really complain that much because it does have all the functions that we need and even more. 

It would be fantastic if it was more user-friendly and there was more explanation.

Identity Services Engine for us has an incredible number of use cases, predominantly around identity and contact sharing within the enterprise or Endpoint onboarding for, authentication and authorization. Most recently, in the last few years, we've actually finally added device authentication and device management into that with the TACACS implementation. And now we have a comprehensive set of features to perform enterprise NAC, pure RADIUS authentication, and user authorization.

Cisco Identity Services Engine has provided two incredibly beneficial outcomes for our clients. First and foremost, they've been able to limit and minimize the number of different discrete platforms they need to use to deliver things such as network admission control, device authorization, and posturing, as well as do device and policy enforcement at the endpoint level. The second one that really is under sung is the ability to comprehensively manage guests in BYOD wireless access. The ability for the enterprise pretty much out of the box to deploy an end-to-end solution to manage guest onboarding, user self-service, as well as bring your own device has been a real boom to network access.

Using ISE to detect and remediate threats is really the hinge pin for pretty much everything in the Cisco security infrastructure. Without identity and without context, you really can't do any enforcement. It's fine to be able to detect a threat with an IPS, with a threat appliance, with anomaly detection, but being able to use things like RADIUS chains of authorization to then blacklist a host or remove a host from a production relay is an incredibly important outcome, not the least of which because that's all automated in ISE. And that's an incredible benefit to IT teams who perhaps don't have a NOC, don't have a SOC that can run out, and respond to a threat immediately. Having those SOAR automation capabilities inherent to the system is a really powerful feature set.

I think it's inevitable when a customer is deploying or using ISE that they're gonna find additional cycles that they can spend their time on. The rich automation and the quick startup out of the box, for instance, ISA has a really rich onboarding wizard. Pretty much out of the box, you can go through a series of steps, input your IP address, your domain names, etcetera. You don't have to do a lot of the upfront planning and design work that was required of previous systems that did network admission control, certainly more so than the old NAC. And so I believe that many customers will find they have extra cycles to go and use that IT talent to do more impactful projects than spending months and months and months deploying admission control.

Identity Services Engine has done a great advantage to our clients in the fact that Cisco has begun to move more capabilities into the platform over time. As they started out with the basic AAA capability, authentication, authorization, and accounting that was present in ACS and the older service architecture, they've now begun to move in, device administration in the form of the TACACS server and other capabilities within ISE. When they previously introduced the pxGrid capability, you now have the ability to bring other enterprise platforms such as your IPS, your threat systems, and your DNS security platforms directly into ISE for performing all those automation. And so it absolutely has consolidated the number of platforms that you need to deploy to achieve that secure outcome.

The effect of the consolidation of all of these functionalities within Identity Services Engine has had on IT is that now you have a single platform with which to maintain. I think sometimes we overlook the fact that security platforms themselves have a lifecycle associated with them. We have to patch these systems. We have to maintain currency on the devices. And over time, those devices like anything else become a little long in the tooth and require refreshing. The flexibility to deploy Identity Services Engine in multiple persona types on hardware or in a virtual machine is a huge advantage to customers who want to consolidate the number of vendors and hardware platforms that they have to support and manage.

Identity Services Engine has helped a lot of our clients as well as Logicalis simplify the way that we approach compliance governance and risk consulting within our own enterprise, being able to have a single source context for when devices were on the network when they were last authenticated, and, of course, that rich user context that we get. We can now share contextual information from Identity Services Engine within an Azure environment, within an AWS environment with our own active directory, and that's an enormous advantage when you're not only threat hunting, but when you're trying to pass those checks and balances that are required for cybersecurity insurance or your own internal compliance auditing.

For us and our clients, the most valuable features of Identity Services Engine are really around the rich contact sharing that ISE gives you. The ability to categorically list all the endpoints in the infrastructure, understand where they are, how they made it onto the wire, whether that was through wireless, through a wired engagement, And all of the self-service features that allow you to manage guest access to wired and wireless infrastructure are an incredible number of use cases that our clients are constantly deploying now.

I think in any technology infrastructure, you're going to have environments where improvements could occur. I think some areas where ISE could be better are perhaps in the number of integrations that they offer from a virtual standpoint, as well as having a better and more comprehensive pathway for the customer to go from a physical environment to a virtual one. Many of our clients today are hybrid. They have a physical footprint in a data center somewhere, as well as a public cloud instance for things. Today there really isn't an elegant pathway for a client that wants to go 100 percent cloud, and that's an improvement I think that could be along the way.

I have been using Cisco ISE for close to ten years.

The stability of the Cisco Identity Services Engine has continued to improve over time as the product has matured. Anytime you're dealing with something like a database product that has millions or hundreds of thousands of endpoints and entries in it, inevitably you're going to have performance creep over time. Because of the scale of the Cisco purpose-built UCS appliances, the SNS appliances that predominantly run identity services engine, we've seen an enormous advantage by staying up to date on the most current Cisco SNS appliances. We've also seen an enormous advantage by leveraging ISE in a hybrid capacity. So the ability to deploy PSMs on a hybrid cloud environment, on a public cloud environment, as either additional capacity or as a failover point for that on-premise install base is a really nice advantage to have.

The beauty of Identity Service Engine is the fact that there's really no environment too small. If you have 500 to 1000, maybe up to 2000 endpoints, We're talking laptops, mobile devices, access point switches, etcetera. You're really not too small to deploy Identity Service Engine. The beauty of the multi-persona design of the Identity Service Engine is that you can leverage that capability to split off those PSN personas which is actually the persona within the Identity Service Engine that processes all of that high rate of radius authorization and authentication traffic. So the scalability of ISE is really well thought out. It was really well thought out from the get-go. You can also split off the admin personas and the monitoring and logging personas as well to give you that horizontal scale. I'm not sure today what the exact endpoint count that ISE scales to is, but it is certainly into the hundreds of thousands of endpoints.

Cisco support for Identity Services Engine has been world-class. The guts of ISE are still a RADIUS server. They're still AAA-based functionality. So many folks that have been deploying and supporting the Cisco Secure ACS Server as well as the TACACS server and all of the things that have come along with that, continue to use the same skill set to support and deploy ISE. Really, the differences nowadays in terms of support are bringing about more comprehensive offerings to support the systems that surround ISE. Many things plug into ISE and provide much richer context, and really that's where the complexity tends to creep in. Our support from Cisco both as an end user and a partner has been beyond reproach, and we really appreciate Cisco's continued investment in the TAC, and in all the areas they bring to bear to help you receive that business outcome you're after.

Cisco support is always going to be ranked a strong nine with me, mainly because we know there's always room to improve things. We don't want to give a full passing score, but without a doubt, I don't know how anyone could consume and deploy business outcomes with Cisco technologies without leveraging support. And so Cisco leads the way and continues to invest in that area.

Positive

The deployment experience with ISE in the early stages was without a doubt, very daunting. There is a huge number of things that you need to understand about the existing infrastructure, about the existing customer environment to properly deploy that solution. As time has gone on, however, the designers and the developers of that software have begun to create wizard, have begun to create additional upfront deployment tactics within the tool itself so that essentially a journeyman network engineer or security architect can deploy the minimum level of functionality right out of the box.

It's difficult to say whether the clients have seen an immediate ROI with the deployment of the Identity Services Engine. Oftentimes, you have to take on additional technologies in the ISE product family in order to receive that comprehensive benefit. So I think only time will tell what the true ROI is. I can tell you that the value exchange that occurs between a partner and a client when we're talking about everything within the Cisco security portfolio being fully integrated together and working comprehensively has been an enormous advantage to customers who today have a complex act of multi-vendor products. Being able to consolidate on a platform-based solution is an incredibly powerful story to tell, and it's also incredibly powerful from a cost-benefit standpoint as well.

In terms of the licensing and the pricing structure of the Cisco Identity Services Engine, there's been a huge advantage to our clients recently with the advent of the enterprise agreement. You now have an enterprise agreement choice, which now allows you to buy as few as two security products to unlock additional discounting and additional life cycle advantages when you consume that solution for security business outcomes. At Logicalis, we deliver a full life cycle approach to Identity Services Engine when embedded into a Cisco security enterprise agreement. We're able to deliver not only the onboarding and the design guidance that the customer needs to deliver that secure business outcome, but also provide the ancillary services to support all of the other infrastructure that often comes along with deploying a solution like ice.

Identity Services Engine compares favorably with many of the other competitor's products that are in that space. I won't mention them now, but I think we know that all of the same industry competitors have been delivering identity solutions and NAC solutions over the last decade or so. Cisco continues to rank in the upper and farther to the right in Gartner Magic Quadrant for those identity solutions, and I think they'll continue on that trajectory. Cisco has long been the number one network vendor in the world, and I think you'll continue to see that growth as the network continues to be important to business.

I rate Cisco Identity Services Engine a ten, on a scale of one to ten. It's a necessary solution to deploy in order to achieve many of the business outcomes such as some of the smart business architectures, certainly anything within the automated campus designs that are out there with DNA Center. It's just an incredibly powerful tool to manage both identity and endpoints within the infrastructure, and it really does become the hub of a hub and spoke comprehensive security architecture.

When Identity Services Engine became the de facto migration path from ACS Access Control Server, we were very early adopting and getting that product into our labs and in the hands of our customers for proofs of concept, proofs of value, and enterprise pilots.

We use ISE for authentication, authorization, and access control. We use it to integrate and manage a lot of the access controls between our switches, routers, and pretty much all of our network infrastructure. We use ISE on-prem instead to manage all of our infrastructure.

One of the benefits of ISE for us in our organization is the fact that, because we're a very large entity with employees of over 10,000 people, we have over 2,000 pieces of equipment. So, rather than individual programming or managing everyone's credentials on each piece of equipment, using ISE to manage all of that and giving everybody just one Active Directory login simplifies that process for us.

ISE as a platform has been able to free up time, even for me personally, in terms of having to constantly remember credentials, passwords, and all these password complexities. Using ISE to integrate into all of our core infrastructure, frees up so much time for me to do other things. Even down to the configuration, when we are building config for the scripts as well as for our switches and routers, being able to eliminate a lot of those redundant credentials within the configuration itself is a massive time saver for us. In terms of time savings with using ISE itself, we see the savings every day because we have to constantly interact or interface with tons of network equipment. So every single time I have to log into a switch, I am literally realizing I'm saving time in that moment. It's always a constant; I'll say at least three to five minutes for every login.

ISE, we use it strictly for authentication and authorization. For consolidation, not so much, because it just serves one dedicated purpose, which is basically that access control.

In terms of cybersecurity, I would say ISE helps in a way, but we do have other platforms and tools that are specifically designed for that purpose because we try to choose tools that are very specific in their functions.

For us, because we are mostly a Cisco shop, all of our equipment is Cisco. So integrating Cisco ISE into our environment wasn't too complicated, because a lot of our equipment, again, are Cisco-related products. Thus, they were all able to integrate nicely within that ecosystem.

The authorization and accounts inside of ISE are very useful for us. In the sense that we can actually go back and track and look at all of the things that access controls or people have made changes in the past. And I think the biggest part of ISE for me is that authentication as well. The fact that we can connect it to Active Directory and use it to manage access control to all of our infrastructure devices.

As software, in general, ISE is actually a fantastic product. I just think that, overall, it's just the software control, the bugs, and the fixes. We do tend to run into a lot of issues with ISE when it comes to bugs. I would like to see a lot more testing prior to the rollout of some of these software updates.

I have been using Cisco ISE for over eight years.

When it comes to the stability of the product, for the most part, it is stable. But when it breaks, it breaks on a grand scale as well. And that's why, for us, most of the time, we don't always jump to the latest and the greatest when it comes to software updates because we wanna make sure that the software goes through our internal change control and make sure that a lot of bugs have been ironed out and straightened out before we update. But even then, we are still running into unforeseen bugs and unexpected situations. But I'd say, overall, it's relatively stable.

So when it comes to the scalability of ISE, we are a massive organization with offices ranging from two people to hospitals with over 10,000 people. We are able to rapidly deploy products. Sometimes, we have mobile sites that we just spin up—especially during COVID. For example, we had to deploy a lot of COVID assessment centers. We were also able to rapidly deploy a lot of these instances. Even when we had to integrate Meraki products for some of our smaller sites, scalability-wise, it's really flexible and very scalable. If an organization of our size can easily use it to adapt, I don't see any reason why it would be an issue for anybody to scale this product.

Cisco support is actually fantastic, especially in being able to use the tech support. At least, I personally use it all the time. Being able to actually just pick up the phone and quickly get in touch with a Cisco rep, because we definitely always run into some of those issues where it's unforeseen and we're not really sure what's going on. So, it's nice to be able to have that support on standby; it comes in handy a lot of the time and it actually saves us a lot as well in terms of time, money, and headaches when it comes to managing the network. Because we all know when the network goes down, everybody starts to look for you. Being able to have that rep to assist you right away and kinda solve that problem is something that everyone should have - that tech support.

When it comes to rating tech support, nothing is perfect. So, I'll say seven. But overall, that's because of the speed, the urgency, and now the ticket seriousness. So there's always room for improvement, but I think overall, I'll say we're getting a good bang for our buck.

Neutral

We have actually always been a Cisco shop right from the start, and ISE has always been our AAA authentication tool right from the start. As far as the evaluation and selection process goes, because we're a Cisco shop, it kinda just made sense to choose a product or a tool that neatly integrates with the rest of our products. We use a lot of Cisco products in terms of our wireless control, network management, and legal firewall. So, it was just a natural fit to choose Cisco ISE and use it as part of that existing ecosystem.

When it comes to deployment of the Cisco ISE, we actually did it in-house. However, we also have a Cisco rep that we work with directly within Cisco's organization, who actually works directly with our company. As a result, the Cisco rep and the on-premises internal IT team were able to deploy it.

In terms of return on investment, I would like to think that we've seen a significant return on investment with Cisco ISE. Just looking at it purely from my perspective, in terms of time-saving, if we consider this impact on a single person and then scale it over two to three thousand employees when you multiply that data on a day-to-day basis, the time-saving is tremendous. Moreover, in terms of solutions, having the ability to keep things integrated and manage them through a single pane of view adds to the benefits. I believe the return on investment goes beyond just the financial aspect. It extends to mental well-being, reduction in stress, and as employees. It's really great.

When it comes to licensing costs and Cisco's more than one pricing, I think that's one of the areas where I actually have one of the biggest problems. I just think that Cisco is trying to move towards squeezing more money out of us as customers. They're constantly trying to change many features that used to be part of the original bundle. Now, Cisco has actually transitioned to a lot of subscription models, fees, and licenses. As a result, the cost has gone up, and I foresee it continuing to rise, which is why I have a problem with it now.

Cisco ISE, on a scale of one to ten, I'll say it's about a six. I'm giving it that score because, first of all, the ease of deployment is one of the biggest things for us. Also, the ease of use. The reason why I'm not really giving it a ten is when it comes to the licensing model and all the subscription fees – that's the big issue for me with Cisco licenses. Additionally, when it breaks, it could potentially break big as well.

I'm a network analyst for one of the largest healthcare entities in Canada, and we have over twenty thousand employees.

I am head of the IT infrastructure for a company. My company is a manufacturing company, based out of India. My company has between 3,000 to 5,000 users. 

Our solution is completely on-prem.

The domain under which my company works puts a lot of importance on cybersecurity. Our management gave us clear instructions that there should be an environment where there are zero trust policies applied.

We explored various solutions that could bring in zero trust. The first level of zero trust that we wanted to bring in is a zero trust network.

We reached out to Cisco at that time, and they told us about the things that can be done around the software-defined access and the integration of Cisco ISE. And that was the time when we started doing a lot of POCs to see which use cases we could use for it. That was when we got in touch with Cisco and they told us that this would offer us network-level zero trust. 

When I say zero trust architecture, the first thing is that we wanted to have a network authentication done on a certificate basis. That was the first use case, where the only versions in the network that have a domain-based certificate could be allowed to join my network. My enterprise network should not allow anybody from outside. That was the first use case. 

The second use case was that we had to do the posturing of my endpoints. I wanted to ensure that those which are connected to my network have proper antivirus and software installed, and the operating system is permissible. That is where we started to do the posturing part of it. 

The third use case is around the access part of it. We have multiple departments in our company, and we wanted to restrict the access of particular user groups to particular IT applications. 

The first benefit is that we can implement zero trust architecture because of Cisco ISE. I can assure my CISO in my company that my network is such that nobody can just bring in their laptop, desktop, or any sort of mobile device and can directly get connected to my network. That is a benefit that I can only allow people who I trust on the network. 

I can only allow the people who I trust on the network. When an infected machine comes into the network, there is a very high chance that infection will travel laterally. Since I do the posturing part of it, I know that I'm not allowing anything in that is not safe.

It certainly has helped enhance my company's resilience.

Posturing is the most valuable feature. There are other tools available that can do some of their other features, like network authentication. The posturing was something because of the nature of the industry that we are in. There are people who go outside for work. Their machines are at times not in the network, and not patched properly. We don't know when they're going to come back, whether it is in a good state, whether it has antivirus, whether it's installed on those machines. Posturing is something that we have made our baseline policy that whenever a machine comes back to our network, it should have a certain level of the operating system and a level of security and antivirus installed. 

We couldn't have done this posturing without Cisco ISE. This is its greatest feature.

It does help me to detect and remediate my network. It enables me to detect any external threat that comes to my network and remediate. If a machine comes into my network that does not qualify per my baseline policy, I have a policy that the machine gets redirected to where it can be patched and remediated. I can ensure that it is fully patched and secure. 

The entire idea of having ISE is to enhance cybersecurity resilience. The zero trust architecture was coined by the cybersecurity team itself. It was a task given to us in the infrastructure space to see how we can bring resilience into the cybersecurity network and ISE was the solution. 

Cisco ISE integration with Cisco ACI is something that can be done in a less complex way. And the simplification in that area may help us do better. 

We started adopting Cisco a couple of years back. 

The stability is good. It is a cybersecurity product. It needs a lot of fine-tuning but that is part and parcel of the requirement. New things are coming, new technologies are coming, new softwares are coming but it is more or less stable.

It is a very scalable product. The deployment of Cisco is completely contingent on the number of endpoints that we have. It's just a matter of buying a license and uploading it. So scalability is not a problem at all. 

Cisco has very good partner support, and they're in their own support. I noticed that the first level of defense always comes from the partner ecosystem that Cisco has built. There are many partners we work with along with Cisco. Any time we are stuck, these partners are available for the first level of support.  

Any time we are stuck with anything, these partners are there as the first level of support. We get L1 level of support. When we feel that there is an issue that needs to be escalated to L3, Cisco TAC is always available. We have very good engagement with Cisco enterprise teams and the account directors. We do have dedicated people who work with us on the Cisco team. We always have their support any time something needs to get escalated. 

I would rate Cisco support an eight or nine out of ten. We have seen a lot of cases in the last ten years where any time we needed to get their support we could get it. We also have a customer support team who works with the backend tech team to ensure that we get whatever help we need on time.

Positive

We have been a Cisco shop for more than twenty years now. Cisco is a company that we can trust in every aspect of the work that we do together. Cisco is our partner for everything we do on the network.

We are very observant of the kind of solutions Cisco provides us. It is feature-rich. It is very easy to implement. There is longevity there. Our first choice is to go directly to Cisco.

In the cybersecurity space, return on investment is something that is very difficult to justify. ISE is something that is a pure network cybersecurity resiliency solution. 

I can definitely assure my management that by implementing this, we are good in the overall cybersecurity posture. 

Cisco is not cheap. Cisco is something that comes at a cost. There are various products in the market that compete with Cisco and are 30-40% cheaper and they offer 60-70% of the features that Cisco offers. 

The differentiator is the kind of engagement that Cisco offers the customer. They will prove the value, what we call the PoV. The PoV value is very good. 

Pricing-wise, they are premium. Licensing is something that is conducive. I feel that the licensing that Cisco offers is flexible.

We have an enterprise agreement as far as the licensing is concerned. There are various benefits where I can use any Cisco solution.

There are various dimensions to cybersecurity. The first thing is how you enter a network and what you do with particular use cases. My recommendation would be to focus on north-south traffic. That is what is coming from outside to inside through a normal network plane. You should also be vigilant about what your internal users bring in from the outside. My advice would be that you have to be vigilant not only from the outside traffic, but you have to be wary about the traffic that internal users bring in. 

When it comes to zero trust architecture, specifically for network authentication, this is one of the tools to go for. I would rate Cisco ISE an eight out of ten because of the ease of deployment and the support. 

I utilize Cisco ISE to access the switches on our network for monitoring configurations.

Using Cisco ISE, we are able to control access to our networks, ensuring that only authorized individuals have access to appropriate devices. Additionally, we can restrict access to devices that should be off-limits to them.

Cisco ISE helps free up 50 percent of our IT staff's time, allowing them to work on other projects. It provides quick access when available, but delays occur when we have to wait for access to be granted.

Cisco ISE helps consolidate our tools, eliminating the need to worry about multiple passwords for the various devices in our environments by using a single password key.

The consolidation of tools makes it easy for me to access and complete my work. It also facilitates finding a solution for any problem I may encounter with the switch.

Cisco ISE has enhanced our organization's cybersecurity resilience by providing us with control over device access.

It would be helpful for us to know what needs to be deployed, configured, and what changes we need to make to our devices when we don't receive the specific login which is an indication of a lack of connection or incorrect configuration.

I have been using Cisco ISE for one and a half years.

Cisco ISE has consistently performed as expected, and we have not experienced any stability issues.

Assisting a larger number of users in gaining access and guiding them through the process of getting on Cisco ISE has been seamless.

Cisco support is helpful, and they have always been responsive whenever we needed assistance.

Positive

I rate Cisco ISE a nine out of ten.

From a user's perspective, Cisco ISE is seamless. It is extremely helpful as it reduces the amount of work required to access and control device permissions.

Our organization is a major Cisco partner, and it is logical for us to increasingly integrate Cisco products into our environment.

We are on-prem at twelve separate sites with one main node.

We utilize Cisco ISE for authenticating both our employees and residents at our senior care center. We authenticate them either against LDAP or our network.

Cisco ISE provides us with enhanced network access control, allowing us to manage the VLAN assignments for both our residents and employees. Additionally, Cisco ISE enables us to exercise control over the devices permitted to connect to our network.

I am not aware of the extent to which we leverage Cisco ISE to remediate threats, but it serves as our first line of defense for access. It has been extremely beneficial. Our clientele consists of senior residents, and having some level of control over the devices they connect to the network has had a significant impact. 

Cisco ISE has helped to free up the time of our IT team for other projects.

Sometimes, there are instances when Cisco ISE simply fails to function without any apparent reason, and regardless of the investigation we undertake, the logs indicate that everything is functioning properly, making it somewhat inexplicable. However, after a while, it spontaneously begins functioning again. Therefore, I believe it is not a widespread problem, but when it does occur, it can be quite frustrating.

The support specifically for Cisco ISE has room for improvement.

I have been using Cisco ISE for two years, and the company has been utilizing the solution for ten years.

For the most part, Cisco ISE is stable, good, and functional. However, when it fails, we are left clueless as to the reason behind it, and that's the frustrating aspect.

Cisco ISE scales exceptionally well. However, we have encountered issues while updating to the latest version. It is a significant endeavor due to the extensive scope of our deployment. Nevertheless, I believe this challenge is not unique to us; it appears to be primarily related to the scale of the deployment. Currently, we have nearly 15,000 devices.

The times I've had to contact technical support for Cisco ISE, the experience has been somewhat unsatisfactory. I get the feeling that, at least on the surface, they perform tasks that I can do myself, such as reviewing the logs and identifying the issues. Moreover, given the integration of Cisco ISE with various network components, it's difficult to confine troubleshooting solely to that aspect. Therefore, I desire improved support specifically for Cisco ISE. I would rate the support for Cisco ISE as a six out of ten, whereas for other products in their portfolio, it would receive a nine out of ten.

Neutral

I am not aware of the current price for Cisco ISE, but considering it is a Cisco product, it is likely to be quite high. However, I do not have control over the checkbook.

We evaluated Aruba ClearPass, which was something we considered. However, since we are committed to Cisco throughout our infrastructure, we didn't believe it was worthwhile to replace it with another solution without being certain that it would be better than Cisco ISE.

Aruba ClearPass had a slightly better reputation among the people we surveyed in our industry. We frequently compared it to how college campuses manage their systems because our use case is very similar. In terms of functionality, I believe it was mostly the same. The key difference seemed to be the level of stability.

I give Cisco ISE an eight out of ten. Without knowledge of how the other implementations or competing offerings function, I believe Cisco ISE performs admirably in its intended role. Moreover, I am aware that without it, we would encounter significantly greater challenges. Therefore, I consider it to be great.

Our organization utilizes Cisco products extensively, which, in my opinion, is the reason behind the organization's decision to choose Cisco ISE.

I believe we would have a much more open network if it weren't for Cisco ISE. We would be restricted to only using PSKs, and we wouldn't have a true understanding of what our residents are connecting to the network. I think that's likely the most significant aspect of the implementation.