Cisco Identity Services Engine (ISE) Reviews

The primary use cases include customer environments, BYOD, posture assessment, and dot1x for wireless and wired networks.

I'm customer-focused, and for my customers, Cisco ISE has enabled them to deploy secure wireless and secure wired networks and gave them a lot of flexibility to do security enforcement.

The posture assessment is a valuable feature because of the ability to do assessments on the clients before they connect to the network.

The guests' BYOD portal and onboarding are feature-rich and fairly straightforward and easy to set up.

From a zero-trust standpoint, it is critical that Cisco ISE considers all resources to be external because, in essence, we don't want to allow anybody on the network that hasn't been verified. Even when they're on the network, we want to make sure that they have the least amount of privileges to do their job.

Cisco ISE hasn't eliminated trust, but it's definitely helped us to migrate more toward zero-trust network environments. It helped us to have a much better security posture overall to help eliminate threats and also give visibility into the response.

ISE is generally deployed as a distributed environment, and it makes it easier to have local resources across the distributed environment so that you're not dependent on always-on access to a data center. In case you lose your internet connection or lose an MPLS connection, you can still have a certain amount of security control at the distributed location.

As far as securing access to applications go, with the posture assessment you get a lot more visibility into the applications on the client when you deploy it and a lot more control over enforcing connectivity in the network, especially with secure group access.

When I work with customers to do my knowledge transfer, they're really overwhelmed with the navigation of the product and the number of things you can do with it. From a user interface standpoint, Cisco could focus on making certain tasks a bit more guided and easier for customers to walk through. That is, a user-friendly interface and streamlined workflows would be great.

I've been using Cisco ISE for about eight years.

I've had very few issues with stability and haven't run into any bugs.

It scales quite well. Essentially, you can scale up to about 500,000 users, and most of my customers are south of that.

I am familiar with ClearPass. I prefer ISE because most of the environments I'm dealing with are Cisco networks. Having the device administration based on TACACS+ is a plus, with it being a proprietary protocol. ISE definitely implements it better than other solutions. From a conceptual standpoint, ISE makes more sense.

ISE may be a bit difficult for my customers because they're not used to it, but the reality is that the workflows make a lot more sense to me than they did with other solutions like ClearPass.

The first deployment I did was complex because I ran into the same thing my customers did. It's overwhelming at first to figure out because there are so many options and so many different use cases. It was tough to narrow it down to what was important and what could be added later.

However, after having done 30 or 40 deployments, it's now straightforward.

I've deployed the solution in a bunch of different environments. I have manufacturing customers with centralized management and monitoring, so the PAN and the MTS are in data centers that are separate but with PSMs deployed all across the network for the distributed model. There also are some, where everything's pretty much in a data center or is split across two data centers.

Licensing has gotten much simpler since Cisco moved to the DNA model because we just have the three tiers, but it could always stand to be improved upon.

I evaluated ClearPass.

To leaders who want to build more resilience within their organization, I would say that it's definitely worth moving toward a zero-trust environment. It's really a rebranding of an old concept of least privileged access, but the tools we have to implement it, such as Cisco ISE and firewalls, at the core and the ability to broker it out to the cloud as well, give us a lot more visibility and a lot more control over the traffic and our data, which is our biggest asset.

If you're evaluating the solution, pick two to three use cases, stick with those, and familiarize yourself with the solution. Try not to get overwhelmed with the interface, and don't try to see everything it can do and let it spin out of control; it's easy to do that. Just start with something you really need to implement and then worry about adding more features later on.

On a scale from one to ten, I would rate Cisco ISE at nine.

We use it as our complete NAC solution for both on the wire and wireless as well as guest wireless access and SGTs.

We have five hospitals. We have two service policy nodes at every hospital. We have a deployment at every hospital site.

We are a healthcare department. We deal with a lot of PHI so ISE is important. It is an integral part of keeping PHI safe.

The solution has helped with safety and keeping people who shouldn't be on our network off our network.

Cisco ISE works very well for establishing trust for every access request when it is deployed and running correctly. It is a great product. It does what it is supposed to do.

We know what is on our network because ISE is able to tell us.

The guest wireless works pretty smoothly. The SGTs came in very handy when we had to segregate traffic away from our network, even though it is part of our network. 

The SGT function would probably be the most used. This is mainly because we have a lot of vendors on our campuses but we need to keep them from seeing the traffic and being able to touch other areas of our network. Being able to use SGTs kind of keeps them in their own little lane away from us.

When it is deployed correctly, it is very helpful. It runs smoothly. It is just integrable to what we do.

I would definitely improve the deployment and maybe a little bit of the support. Our first exposure to ISE had a lot of issues. However, I have noticed as we have been implementing patches and upgrades that it has gotten a lot better.

I have been using it for about four years.

With patches and a little bit of babysitting, it is totally stable now.

It is easily scalable.

The technical support is phenomenal. I have called and opened up a ton of tech cases. Eventually, you get the right engineer who can solve all your problems. I would rate them as eight or nine out of 10. It has gotten a lot better. If someone asked me about support two or three years ago, I would have probably given them five out of 10.

Positive

We didn't use a solution before ISE.

We have seen ROI. It has done its job. It has protected us when we needed it to.

Make sure you have everything ready, including all your information. Make sure you know what you will profile and what will come on your network.

Get hardware nodes versus the VMs.

You definitely want resilience. You want to keep everything protected, especially in the day and age that we live in now. Information is power. Keeping our customers' and patients' information safe is our number one priority.

I would rate it as nine out of 10 because it has gotten better. I have seen it at its worst. Now, it is running a lot better. So, I have a better opinion of it than I did.

This solution provides access to the employees of the company.

It works. It is simple. It works very well. We have a good strategic setup. We are very happy with the solution and we have no problem using Cisco ISE solutions.

The solution is stable.

It's scalable. 

I'm not working in the IT team. I'm working the sales team. While there are a lot of features that we could improve in our organization, I can't speak to the exact changes that should be made.

We'd like to be able to integrate the product with our solutions. Sometimes we face some infrastructure where there are multiple vendors and sometimes the ISE is not the best tool to manage multiple vendor infrastructure. 

The price here in Brazil is very expensive. 

Configurations can be a bit complicated. 

Sometimes we have problems integrating logs into SIEM solutions. We have to deliver some logs to a SIEM secret platform, and sometimes it does not work well. It would be better if we had better integration or a better way to deliver the logging SIEM platforms.

I've been using the solution for five to six years. 

The stability is good. There are no bugs or glitches. It doesn't crash or freeze.

We have no problem with the management of our infrastructure when we need more accountability from the platform. Scalability was fine. There is no problem.

We have 6,000 people in Brazil using the solution. 

I consider technical support to be perfect. Anytime that I have problems with shifting solutions, they work well with me and I have no problems with working with them.

I'm a reseller from Fortinet and Cisco solutions. I also have experience with Check Point. 

I can't speak to how the setup goes. I'm not working directly in deployment. What I've heard from my customers, for example, is that it is not difficult to set up, however, it may be to run all the features.

What I've heard is the first setup is very, very easy and to do some adjustments is very easy, however, when you want to go further in the configuration, that could be a bit easier.

I can't speak to the exact pricing of the product.

I work with various versions of the solution. 

We're resellers.

Others should know it's a very good solution, very stable. There are a lot of features, and it is a secure solution. It's the first solution that we indicate to our customers and most of the time, the decision of the customer is to deploy a Cisco product. 

I'd rate the solution nine out of ten.

We use the solution for network access control.

Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies.

Cisco ISE is very complex and not very easy to deploy. There are a lot of prerequisites for the tool.

I have been using Cisco ISE (Identity Services Engine) for three years.

We did not face any issues with the solution’s stability.

Cisco ISE is a very scalable solution.

We are working with a partner for support and are very happy with them.

On a scale from one to ten, where one is bad and ten is good, I rate their support a seven or eight out of ten.

Compared to Cisco ISE, Fortinet NAC is more consumer-friendly.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a four out of ten.

The project lasted a few months, but the planning took several months. Cisco ISE itself means nothing. It has to have the network set up to ensure the network penetration is in place, and we're still working on that.

Security is about risk control and exposure avoidance. You can only calculate its return on investment based on how you avoid penalty fees. Cisco ISE improves our security stats.

If you consider money only, Cisco ISE is not a cheap solution. Functionality-wise, however, it offers a very good price for the value you receive.

The solution's compliance and policy enforcement capability has benefited our organization by simplifying work.

The solution operates in the background, and users generally don't interact with it. Cisco ISE is the security framework layer between network resources and end users using them. Users do not go into Cisco ISE to do anything.

It's like Active Directory for Identity. If you're an end user, you don't work in Active Directory, but you authenticate Active Directory to use resources on the network. The same applies to Cisco ISE, and users don't interact with it directly. They are affected by it to the extent to which they are accessing network resources.

Cisco ISE has a very comprehensive integration suite and we did not face a lot of challenges in integrating this solution with other security tools. If they know how to use it, I would recommend the solution to other organizations with similar security needs.

Overall, I rate the solution an eight out of ten.

We use Cisco ISE Identity Services Engine currently for TACACS and posturing.

The product elevated my organization’s security level, helped us meet some guidelines, and made our life easy.

We found all the features of the product to be valuable. We have no complaints about it. Posturing is valuable to my organization. Now, we're improving our whole environment to go into a Zero Trust policy, and Cisco Identity Services Engine plays a huge role in it. We're defense contractors, so we support DOD and have specific stakes and a baseline to go with. Our strict environment requires us to do certain things, and the solution plays a role in it.

They should improve their licensing. Licensing is always trouble with Cisco, and Cisco Identity Services Engine is no different. The way the product is licensed could be improved.

I have been using the solution for almost three years.

The solution’s stability is good to go so far. Some vulnerabilities had popped up like any other solution, but Cisco remediated them. There was no problem.

We haven’t even scraped to the surface of what the tool could do. It's very scalable, and we will try to use it as much as we can in the future.

We have had no issues with the product’s customer support so far. We had a neutral experience with support.

Positive

We have seen a return on investment in terms of not pursuing any other solutions. We didn't need to look further. The product did what it does for us now. We are very content with it. We don't have to invest further into something else.

The solution’s pricing is okay.

The tool secures our infrastructure to a certain point. However, we're not using it in terms of detection. My team is only four people, and we take all the tasks together.

The solution did not help us consolidate tools. However, it does help us with TACACS. TACACS was a big thing that we needed. We are trying to get rid of NPS and RADIUS, and we will probably use the product in the future for Certificate Authority. It could probably consolidate tools, but it's not doing it now. However, it will in the future.

The product has absolutely improved our cybersecurity resilience. With all the posturing we're doing and the Zero Trust policy we are bringing, it prevents other users from insider threats. It helps big time with insider threats. It's a big thing for us in our specific programs.

Give it a shot because we did give it a shot. People at first said it was very pricey, but it wasn't really as pricey as people say it is. It's worth trying it. Zero Trust will be mandated later, especially if you're in the government. The product will play a big role in it.

One of our team members was pursuing a certification in CCMP security. He was specifically on the Cisco Identity Services Engine track. We got that for him to demo and test it out. Eventually, it became part of our product. TACACS, Posturing, and Certificate Authority could be the reason why we chose the solution. We are using it now for 802.1X. All port security is not a thing anymore for us.

Overall, I rate the product a nine out of ten.

We utilize Cisco ISE for network access control and employ RADIUS access for managing user control in our virtual environment.

Cisco ISE enables us to implement network access control, ensuring that only approved devices can connect to our network. It serves as a central hub for all types of network access, including wired, wireless, and VPN connections improving our network security.

It does a good job of helping secure our infrastructure from end to end, even though there are many features that we are not utilizing.

Cisco ISE has helped us consolidate tools like Cisco Token that we no longer require. The ability to consolidate tools has provided us with a centralized point of access for our security infrastructure, generating abundant information regarding access.

It has helped our organization improve its cybersecurity resilience by enabling us to control the devices that access our network, unlike before when we had to physically access the port.

The most valuable feature is the flexibility of the policy sets.

Cisco ISE requires a lot of time-consuming administration.

I have been using Cisco ISE for eight years.

Cisco tech support, I'm sure, is very good. However, the amount of resources required to submit and process cases is quite significant. As a result, unless we encounter a major issue, we generally prefer to avoid Cisco TAC and instead seek out workarounds.

The initial setup should be straightforward, but it is often quite complex. A greenfield deployment, where we start from scratch, is easy. The challenges typically arise when we attempt to upgrade an existing deployment.

We utilized the services of Open Network for assistance with the implementation. Their services were excellent, and we would gladly engage their services again.

I give Cisco ISE an eight out of ten.

Cisco ISE is equipped with numerous features. We are a small company and only utilize the ones we require. However, as our requirements change or grow, we may consider adopting more of the features that Cisco ISE offers.

The administration can be time-consuming due to all the updates and patches, but overall, I recommend Cisco ISE.

Our organization was familiar with Cisco, and we used wireless LAN products. That is why we chose Cisco ISE, as it integrates well with our infrastructure.

There's a variety of customer uses for Cisco ISE, which includes securing the edge of the network.

Cisco ISE allows our customers to concentrate on other aspects of the business, knowing that much of their security is now in place.

Cisco ISE's profiling and posturing features ensure that all devices are compliant with regulatory authorities.

Sometimes some of Cisco ISE's graphical interfaces could be a little bit smoother. However, with the different versions, the product is getting better and better.

We've been using Cisco ISE for approximately seven years.

Like most products, as Cisco ISE evolves with different software versions over time, it becomes more stable and feature-rich. Initially, when it first came out, it was playing catch up with other vendors and solutions. However, now Cisco ISE is probably at the forefront of Open NAC solutions.

You can build a distributed model or architecture, and you can scale out with a number of PSN nodes. So Cisco ISE can grow as you grow.

Cisco ISE's technical support is generally very good. They have different levels of tech engineers, but their tech support is very good.

Positive

Some of our customers have considered using Juniper NAC, ClearPass, etc. They switched to Cisco ISE because they had a lot of network infrastructure in place and wanted a single vendor they could use end to end. Everybody has a good relationship with Cisco because they know that if there is a problem, their technical support team will resolve things in a quick and timely manner.

Cisco ISE is very scalable. We can do a small proof of concept and very quickly demonstrate that to customers.

Our customers have seen a return on investment with Cisco ISE. The solution has helped our customers consolidate several products into one and free up their IT staff. Also, the reporting from Cisco ISE enables them to show senior management their network's health.

The licensing could be better across all of the Cisco products. Cisco's licensing models seem to keep changing with different software versions. Cisco is moving towards a subscription service, which would mean additional costs.

Our customers are using Cisco ISE, but we're helping to integrate it into their solutions.

The end-to-end infrastructure security from Cisco AnyConnect host points is very good.

Cisco ISE has helped free up our customer's IT staff to concentrate on other projects. In the UK, where I predominantly work, a lot of the NHS staff have a lot of access switches located throughout multiple buildings. Cisco ISE probably frees up at least twenty percent of their time.

Our customers can use Cisco ISE for device administration for TACACS, RADIUS devices, and individual host appliances.

The migration from ACS to Cisco ISE has helped. Some of our customers were looking at various MAP implementations using different vendors, but we've now got I 2.1 X and MAM all built-in together.

Cisco ISE's ability to consolidate tools or applications has centralized everything and made things a lot easier and smoother for our customers to carry out their day-to-day tasks.

Cisco ISE has helped improve the cybersecurity resilience of our customers' organizations. We've always been able to integrate Cisco ISE into other products. So they're getting more security alerts, making them a lot more secure and happy with their environment.

Overall, I rate Cisco ISE an eight out of ten.

We utilize Cisco ISE for wireless user authentication, as well as authentication, authorization, and accounting for our network devices.

Cisco ISE has made us much more secure. It has streamlined the process of adding new devices to our wireless network, specifically wireless-only devices. Moreover, thanks to scripting capabilities and flexibility on the Cisco ISE side, it has significantly reduced the amount of manual effort required by everyone involved.

Cisco ISE effectively secures our infrastructure from end to end, enabling us to detect and remediate threats. It does a commendable job of securing both end users and their devices, including guest-wired devices for anonymous access. Its ability to compartmentalize everything makes it incredibly convenient, and the comprehensive tracking features are particularly valuable.

Cisco ISE has helped to free up our IT staff's time by saving approximately 40 hours per month, as we are constantly uploading new devices. 

Cisco ISE has helped our organization improve its cybersecurity resilience by authenticating users. It ensures that only certain MAC addresses can be on our network, particularly on our production wireless network. Additionally, it keeps track of authentication frequency and alerts us if clients authenticate too often, allowing us to optimize CPU cycles.

The live logs and live sessions for troubleshooting are the most valuable features because they provide a detailed report of any issues. I appreciate that they guide us through every step that a user or authenticator goes through.

Cisco ISE can become quite complex, especially with policy sets, the entire authentication process, and everything involved. I would appreciate a more comprehensive visual depiction of the steps from the beginning to the end.

I have been using Cisco ISE for five years.

We have never experienced any stability issues with Cisco ISE.

We can scale Cisco ISE by adding additional licenses or servers.

Cisco technical support is excellent. They respond promptly, and their thoroughness is remarkable. For instance, we can send them numerous logs, and they will analyze them in detail for us.

Positive

We have seen a return on investment around the soft cost, with how streamlined everything is, how we don't have to really worry about wrong devices getting on our production Wi-Fi.

I give Cisco ISE a ten out of ten.

Cisco ISE is a great tool. It integrates well with Active Directory and numerous other components. The solution has become a fundamental part of our network and I recommend Cisco ISE to others who are looking to improve their cybersecurity.