Cisco Identity Services Engine (ISE) Reviews

We use it for Community WiFi and TACACS authentication. It is service provider authentication, both for the core infrastructure and Community WiFi.

We were looking to solve captive portal and centralized authentication with Cisco ISE.

It has allowed us to pull in multiple authentication databases, then centralize them into a captive portal system.

It is important for our organization that the solution considers all resources to be external. It treats them with minimum trust.

Integration is a big factor. That has really been the driving force behind it.

Documentation is probably the worst part of the software.

I have been using it for about five years.

It is very stable. I would rate the stability as 10 out of 10.

We don't use its scalability. I would rate it as five out of 10.

The technical support is good. I would rate them as six out of 10.

We previously used an open-source solution. We switched for vendor support and scalability.

We don't monetize this solution.

It is fair.

We did not evaluate other options.

It is worth checking out the integration that it provides. It is a strong platform.

Cybersecurity resilience has not been that important for our organization.

I would rate ISE as eight out of 10. It does exactly what it is supposed to do without much issue.

Our use case is managing access to network devices for IT as well as end-users. Making that seamless is the challenge we were looking to handle.

ISE made implementation and connecting things easy.

It does a good job of establishing trust for each access request, no matter the source. It's also very effective at helping with the distributed network and at securing access.

The UI and UX could be more seamless and easier to use.

I've been using Cisco ISE (Identity Services Engine) for six years.

The stability of the solution is pretty good. I've only had a couple of issues.

I've never tried to scale it up.

We have it deployed in multiple locations with users across the US and Canada.

I have never used the technical support.

It's done the job that we put it in place to do.

It's mostly for authentication to our network for our end-users.

It's allowed us to create groups for different vendors and for employees in various groups in our company, without giving everyone access.

It has also given us a lot of extra security as the backbone of authentication for our VPN and wireless network.

The policy sets give us more granular groups for end-user access.

I've been using Cisco ISE (Identity Services Engine) for five years.

The stability is really great. We haven't had any issues with it. We've had it for a long time. We ran an old version for three or four years without any issues.

From what I have read, the scalability seems good. We haven't had to deal much with that. We have two nodes and about 2,000 sessions going at once.

Technical support is very good. They've always been there to answer any questions, and if they don't know the answer they make sure to find someone who can give me the answer.

Positive

Cyber security resilience has been at the top of our list since 2020 because we had so many people working from home and that increased as time went on. That opened our eyes.

I was involved when we upgraded at the beginning of this year. It was pretty straightforward, although we reached out for outsourced help.

We used a CDW consultant.

For us, the return on investment is that it gives us easy ways to divide up our end-users for authentication, especially for our VPN.

The pricing seems fair. The licensing can be confusing, but it is still pretty good.

I was asked a couple of years ago, when we were having issues with ISE, if there were alternatives, and I said I didn't want to switch because we're so embedded in this solution already.

Talk to someone outside of Cisco too, if you're thinking about ISE. That way, you can get all the information.

We wanted to outsource some of our work because I only have two years of admin experience and another of our network engineers has about a year. This way, if the system goes down, we have a quick way to get it back up.

I would tell leaders who want to add cyber security resiliency to make sure they include team members who are involved and not just make decisions on their own.

We use it for MAC Authentication Bypass, 802.1X authentication, and certification and validation against Active Directory. Because MAC devices can't be enrolled in the domain, we were doing a manual installation of certificates.

We are a very secure enterprise now because only our corporate endpoints can be authenticated on our wireless. Before, any device could be connected to our production network. And the corporate endpoints have antivirus and anti-malware. Things are more and more secure.

Authentication is the most valuable feature because it puts our company at another level of security. It establishes trust for every access because we use only corporate endpoints. If somebody has another device, they can't connect it to the enterprise network because we haven't implemented bring-your-own-device yet. We have five warehouse buildings and all our operations are around logistics and that means external people don't come to our buildings.

I have been using Cisco ISE (Identity Services Engine) for three years.

It's very stable.

It's expensive to scale Cisco ISE, but our situation is stable so we don't need to scale it for now. In the future, we will need a more scalable solution.

It is used for all our departments, all end-users, all corporate endpoints. And when we use MAC Authentication Bypass, we include printers and VIP cell phones.

Tech support is very good.

Positive

We didn't have a previous solution.

The deployment was a little complex, but not because of the solution. It was more an issue for our people because it was a mindset change.

It took us about six months to deploy. Because we didn't have a previous solution, we just deployed it one department at a time across our four departments.

We used an integrator, ITS Infocom. Experience-wise, it was very good. On our side, we had three people involved. 

Since implementing Cisco ISE, we haven't had any attacks against our application.

Pricing is not a problem for Cisco because it has a lot of features and not much competition, although it's more expensive than other products. But if I do a cost-benefit analysis, Cisco provides high quality.

We looked at Aruba. Cisco ISE is much better.

Be patient with the implementation. It can be very difficult for the clients, the people using it, because it requires a change of mindset.

We use it for network device administration and for user access.

It has really helped us when it comes to security. It has eliminated trust from our network architecture because, with the solution in place, you tell us who you are and, based on who you are, we give you access. The solution provides us with a platform to define our policies. Users get into our system based on those policies. That eliminates threats. If you are not who you say you are, it will block you completely from our network.

It integrates with the rest of our platform, like our firewall, and helps us a lot. It also does a good job establishing trust for every access request.

With the recent release of the solution, we had a bunch of bugs and we had to delay our deployment. Other than that, the solution is good.

I have been using Cisco ISE (Identity Services Engine) for 10 years.

Cisco ISE has come a long way when it comes to stability. It's getting better.

It's very scalable. We have it deployed in two data centers, and we're managing about 10,000 endpoints.

TAC is very responsive whenever we call them.

Positive

Currently we have two solutions that do the same kinds of things. For our wireless infrastructure, we use Aruba, but for our wired access, we use ISE.

The ROI we have seen is because Cisco gives us what they promised us. They deliver. Our requirements are being met and that results in getting value for what we pay.

Since we have a complete Cisco portfolio, including an Enterprise Agreement, it's not simple for me to compare what we're paying with the prices of other platforms.

We evaluated other companies and what they each do differently and looked at what was the better fit for our requirements.

Cisco TAC is really good. Whenever we have issues, we know they are there and that they will help us out with troubleshooting. The support of the other companies we looked at is not that great.

When I compare it with Aruba ClearPass and other solutions out there, I prefer Cisco. Cisco is number-one for user access, managing devices, and for network devices.

We don't leverage Cisco ISE for application access. We have another solution for that.

Get some hands-on familiarity with it first. Do a PoC and get people who really know the solution to help you out during phase one before you deploy it.

We're using version 3.1, which is very stable. There have been a lot of improvements.

I like the automation of the collection of information.

We have only been deploying this version for three months. We haven’t had any issues, but we'll see how it goes. One of the issues that we used to have was with profiling because we're working with a service provider that uses a lot of bring your own devices. We haven't had any issues since we started using version 3.1.

I have been using this solution for over 12 years.

There are no stability issues with version 3.1.

It's stable. We deployed with a client in petroleum with about 200 users worldwide, and it was stable.

Setup wasn't easy, especially if you haven’t worked with it intensively. VM is a little bit easier. If you don't deploy ISE with correct policies, it will be difficult.

If you deploy it with the correct policies, it's a wonderful product. You don't need to attach anything like your firewalls or creating rules.

ISE has always been expensive compared to other products in terms of what it does on a user level. I haven't had a client who didn't say that ISE wasn't expensive. I’ve had an issue where I was just selling four boxes, and it was four million. It was a high-end box, and the client didn't take it. They end up going with VM.

I would rate this solution 9 out of 10.

It's one of the more difficult products to deploy.

You can learn a lot about ISE from their training videos. I would suggest watching the videos before deploying the solution. They have created good videos for ISE, from version 1.3.

Our customers use Cisco ISE (Identity Services Engine) as a network access control solution. Before they can get network access, you can do posture check, e.g. in the Windows version, or another version, then it is only after this posture check that the clients can enter the network.

Compatibility with other vendors is what needs to be improved in Cisco ISE (Identity Services Engine). We should be able to use it with other vendors, for all specifications. There should be integration with different vendors, e.g. Cisco ISE (Identity Services Engine) working with AccuPoint networks.

I've worked in my current company in product pre-sales for one year, and prior, I worked for a different partner company in Turkey, so my total usage of Cisco ISE (Identity Services Engine) spans eight years.

Cisco ISE (Identity Services Engine) is a stable solution. It has good performance.

If we need support from the vendor side, we can open a case, then the vendor replies to us as soon as possible. Support for Cisco ISE (Identity Services Engine) is fast.

The installation of Cisco ISE (Identity Services Engine) was easy.

Our customers pay for the license of Cisco ISE (Identity Services Engine). They have an annual subscription, rather than a monthly subscription.

I evaluated Fortinet.

I'm a technical person, and I've worked for a company that does system integrations, including network pre-sales. My company sells Cisco ISE (Identity Services Engine) and Fortinet products in Turkey. I can also sell these products. My company is a gold partner of Cisco.

I've sold the on-premises version of Cisco ISE (Identity Services Engine).

Cisco ISE (Identity Services Engine) is the best solution for Cisco network customers. It is the best solution for Cisco network devices. As for network products from other vendors, we can use, or we could offer other network access control (NAC) solutions, e.g. Fortinet NAC, or Aruba Secure NAC, etc.

I'm part of the pre-sales team at our company. There are other people who are responsible for installing Cisco ISE (Identity Services Engine) post-sales, e.g. they install the solution for the customers. For this reason, I am unable to give information on how long it takes to install the solution.

We currently have over 30 users of Cisco ISE (Identity Services Engine).

I can recommend Cisco ISE (Identity Services Engine) to other users.

My rating for Cisco ISE (Identity Services Engine) is eight out of ten.

We are a partner with Cisco and am a part of an information security team that uses Cisco to provide security policy management via network, device and wireless access. 

Cisco offers automation, visibility, and control as well as third party integration capabilities.

I would like for the next release to be easier to implement and to limit its dependencies around ISE, Windows, the network as a whole, etc.

I have been using Cisco ISE for over six years.

This is a very stable solution with many integrations.

Cisco's scalability depends on the design - small deployments are not scalable.

Cisco support is good.

This solution is a bit more complex to set up than in comparison to other options - it can take anywhere from two to five months depending on the use case.

The price for Cisco ISE itself is very low, however, Cisco professional services are quite expensive. Subscription amount is dependent on number of users.

We looked at Forescout which is more user-friendly but they have a very vulnerable network.

This is a good solution for security teams. If you do not have a security team, I would not recommend this product. 

Overall, I would rate Cisco a seven out of ten.

The solution is used for controlled access in the network, like if you want to restrict access.

The solution is deployed on-prem. I am an integrator of this solution.

The best features are the scalability and the license structure. The license structure is like a tier. If a customer doesn't actually want the highest features, then they can just start with the basic license package and upgrade it if their network is growing. For the smaller customers, they can start with the smaller plans and so on. If you have a financial customer or banking customer, they can go for the full features, and if it's not that critical, the customer can get the basic license package and implement that.

The licensing documentation needs to be better. We found some old documents describing the license names, like the Base license and Apex license. Cisco used both names. We have found that they changed the Advantage license and Premier License. If someone misunderstands that, they might end up with a hassle. I don't know if it's possible or not for Cisco to remove the older documents from the official website.

We have been working with this solution for more than two years.

We were using two solutions on Cisco's network, so we had a few ISE plans in that network.

The solution is stable. We have maybe 4,000 users for the Next solution.

We haven't used technical support very much, but in general, Cisco's support is always responsive.

Initial setup was straightforward from our point of view because we have engineers who did that, so of course it was not an issue with us.

The accesses took maybe three or four months to complete, but the Next part took about three weeks.

For deployment and maintenance, the team was average sized. You need to follow the correct documents for deployment. There can be misunderstandings if you use old documentation.

The licensing is subscription-based and based on the user account.

I would rate this solution 8 out of 10. 

I would recommend this solution.

If someone is looking for a concrete solution to control the access, then ISE is a better solution.

My main uses are device administration, wireless access authentication, and ethernet access.

The most valuable feature is network access control for the users coming into the network, which allows us to know who is in the network at any given time.

The intuitiveness of the user interface could be improved. They could also make the deployment process more user-friendly.

I have two years of experience with this solution.

ISE is very stable - since it was installed, I've had no issues with it.

I've had no issues with scalability. I started using it on two campuses, and now I'm using it across the country and scaling it across subsidiaries in other countries.

I've worked closely with Cisco for many years and have no complaints about their support. Sometimes it takes less than a couple of minutes to get through to their support team.

I previously used Portnox, but it only gave us network access control, so we switched to ISE, which has more features like device administration.

Deployment is usually tough the first time, though once you get it working, it works well.

We used in-house engineers and an integrator.

We have a three-year license. Standard licensing gives backup access and very few features, and then there's VM licensing - each VM we use needs to be licensed. VM licensing comes in different sizes: small, medium, and extra-large. There are also licenses for features, posturing licenses, and profiling licenses.

Before deploying, it's a good idea to read up on the product first and then get some training so that when deployed, someone in the organization understands the solution. I would rate this solution as nine out of ten.