We changed our name from IT Central Station: Here's why

Cisco ISE (Identity Services Engine) Room for Improvement

MA
Associate Consultant at a computer software company with 201-500 employees

An issue with the product is it tends to have a lot of bugs whenever they release a new release.

We've always found ourselves battling out one bug or another. I think, overall they need to form a quality assurance standpoint. ISE has always had this issue with bugs. Even if you go to a Cisco website and you type all the bug releases for ISE, you'll find a lot of bugs. Because the product is kind of intrusive, right? It's in the network. Whenever you have a bug, if something doesn't work, that always creates a lot of noise. I would say that the biggest issue we're having is with all the product bugs.

Also, the graphical user interface is very heavy. By heavy, I mean it's quite fancy. It's equipped with a lot of features and animations that sometimes slow down the user interface.

It's a technical product — I don't think a lot of engineers really need fancy GUIs. We pretty much look for functionality, but I think Cisco, for some reason, is putting an emphasis on its GUIs looking better. We always look for functionality over fancy features.

We've had issues with different browsers, and sometimes it's really slow. From a functionality standpoint, we would rather the GUI was light and faster to navigate.

ISE has a very good logging capability but because their GUI is so slow, we feel it's not as flexible or user-friendly as we would like it to be, especially when it comes to monitoring and logging. At the end of the day, we're implementing ISE for security. And that means visibility.

Of course, you can export the data into other products to get that visibility, but we would like to have a better type of monitoring, maybe better dashboards, and better analytics capabilities within the product.

Analytics is one thing that's really lacking. Even if you're to extract a report, it just takes a lot of time. So, again, that comes down to product design, but that's definitely an area for improvement. I think it does the job well, but they can definitely improve on the monitoring and analytics side.

View full review »
CW
Network Infrastructure Specialist at a tech services company with 51-200 employees

In terms of the improvements I need, they've already, according to my research, done those improvements with their new versions. The features have already improved on their newer version, and that's why we need to update to that new version.

What is required is that Cisco needs to be doing health checks and following up with the customer to ensure that their Cisco partners have done the deployment right. That's something that has really helped us.

Whenever a partner comes and does any deployment, we would, later on, engage Cisco for a health check, so that Cisco could assist with their products. They would check whether it has been deployed following the best practices - or they would just alert us on which features that we have paid for and we are not taking advantage of that. 

Cisco needs to continue with that health check. That engagement with their customers to reconfirm everything is like a quality assurance that the Cisco partners have given the right stuff to their customers.

This product doesn't work in isolation. For example, when we talk of posturing the Microsoft updates, the system that does automatic updates for Microsoft needs to work in an ideal fashion. The antivirus needs to work. OF course, the antivirus is not Cisco. Those products need to work as they should so that integration of the ISE product will work as well. When all factors are held constant, Cisco works well. 

View full review »
MB
Accounting Executive at a tech services company with 11-50 employees

As far as what could be improved, to continually be thinking about ransomware, cyber attacks, and all those kinds of things. They always have to be innovating. Always have to be improving. I can't give you anything specific because these cyber guys are always coming up with new ways to get in. You just really have to be aware of what's going on.

In the next release, I would want to see this kind of solution in the cloud as opposed to on prem because when enhancements are made to the software, if it's in the cloud, it's overnight. I mean you're not going to have to respin the servers that the license sits on, it's all microservices kinds of things in the cloud. That would be my recommendation. If I'm a customer, that's what I'm looking at - for cloud based software subscriptions.

View full review »
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
566,121 professionals have used our research since 2012.
Infrastructure and Cybersecurity Manager at George Washington's Mount Vernon

Because we have a large database and 4,000 network devices, the solution can lag a bit when you're running updates or different things because of the fact that it's so big and it is such a resource hog. But the biggest problem we've encountered is that it finds errors or people are rejected or not authenticated without a clear explanation as to why. A second issue is that we're currently on 2.4 and Cisco's gold standard now is 2.7. They are a little slow with that.

I'd really like the solution to dive down a little deeper when something's not profiling. As it stands now, you have to go through and search what hasn't profiled. Microsoft, for example, gives you a direction to look at and will even be specific sometimes and tell you there is a password error, or the password hasn't been updated, or it's not meeting the policy and that's why it won't let it through. Those are very helpful because you know exactly what's required to solve a problem. 

Cisco is getting better with it, but they fail in some areas because of a network connectivity issue, or it's not getting DCAP quick enough and it fails. Those things would be more helpful to understand when it's going through, so you are able to triage it a little better. I mean, it does point you in a direction, but sometimes you have to dig a lot deeper to find the right direction and figure out what kept it from profiling. One big issue we've discovered is that people are not rebooting their machines or powering them off at night. We're trying to ensure that is done by sticking messages on screens.

View full review »
IT Security manager at a energy/utilities company with 201-500 employees

It perfectly does everything we have been looking for it to do. I have not discovered any feature sets or items that are lacking. It's a much more functional product than the old Cisco ACS that it replaced. 

That being said, during deployment, they shipped us the Cisco ISE with the 3.1 operating system, which was incompatible with the license that we had purchased, which would only allow us to go up to version 2.9. Because of this, we actually had to do a factory reset and a reload to the operating system — to an older version of the operating system. This required a very extensive process. We had to take out the Cisco ISE and put it into a factory reset mode to get it to roll back to the old operating system. If we were doing an upgrade, this would have been very simple, but as we were doing a downgrade, it was extremely complex and very labor-intensive. I was crawling through the server room, through wires, to plug things in, to get it to connect in the way that it needed to be connected with an external device in order to actually get it to roll back.

I don't like that the licensing structure doesn't allow us to have the 3.1 operating system — it forces us to use version 2.9. If you don't want to pay a monthly or a yearly subscription fee, either that device should have come automatically with the 2.9 version operating system, or it should have been much easier to actually roll it back. Additionally, support should have realized that our license requires us to have the 2.9 operating system instead of the 3.1 operating system, which would have saved us a lot of time. 

It would be nice if it could be configured easily by default. If you're configuring a Cisco device, you pretty much need the support of a CCNA-level technician to be able to do it. It would be nice if there was a default or a more simple way to do it. It's not really a requirement to use the device because you can purchase the premium support or you could get a CCNA in-house to do it. Just having that ability to say, "Hey, we want to set this up" without too many complications or without having to bring in support would be nice. 

View full review »
AV
Solution Architect Telecom at a manufacturing company with 10,001+ employees

The solution is not so user-friendly. It's very difficult to navigate through different manuals. The documentation should be simplified so that it is easier to understand.

It would take time for a beginner to understand and familiarize themselves with the solution. There's a bit of a learning curve.

Cisco ISE is not very stable. They could work on that aspect. 

We'd like the pricing to be better.

The product is not easily scalable.

Currently, if you want to do something with authentication, you need to have an additional document agent, however, these are short on all Microsoft endpoints. We then need to come up with some alternate options so that I don't have to modify any native applications on it. By default, Windows should be able to support and onboard the devices. Right now I need to have a Cisco AnyConnect as an agent to be deployed for authentication.

View full review »
Co-Founder & Director at VSAM Technologies

I have not come across any missing features. 

It would be ideal if Cisco could provide some short training videos or documentation to customers to help them understand how to use the product. 

View full review »
RF
Cyber Security at a manufacturing company with 10,001+ employees

As I treat the system basically as a user would, and am not overly technical, I can't say what features, if any, the solution is missing.

I'm working from China currently and the only real issue is that, within the country, there's some concern around Cisco and its ability to offer the solution for the long term. As the United States has banned the Huawei version in their country, we feel there may be retaliation in ours and Cisco will get banned as a countermeasure from the government. The future of Cisco in China is in question. Our local partners are worried about the situation.

View full review »
BN
Senior Software Engineer with 501-1,000 employees

This solution has enhanced features that make it difficult to use. To make it easier, it should be made without PxGrid.

It should be able to work with third-party routers and switches. We want to work in an environment where there are multi-vendors that require PxGrid.

Their software-defined access is not easy to implement. You have to have a good understanding of how to implement it. It would be helpful if they could make it easier for the customer to adopt.

Third-party integration is important, as well as the continuous adaptation feature, which is the AIOps. It would be helpful to include the AIOps.

View full review »
DH
IT Manager at Shanta Mining

There is much room for improvement, especially after having perused the documentation on the solution's website. 

The solution lacks properly knowledgeable support, especially internationally, and this is why I am exploring other applications. 

I would need time to expand my knowledge of the solution and consult with the Cisco engineers before I could point to other pain points. 

View full review »
BA
Corporate Information Technology Security Manager at a financial services firm with 10,001+ employees

This solution does not provide us with enough visibility into our network. We would like to see additional information that it does not show. In general, the reporting is not very useful.

ISE needs to have better integration with third-party products.

A basic profiling engine would make a good addition because device profiling is very important.

This product requires the use of agents and ideally, I would like an agentless version. I think that they should get rid of them because they are hard to manage and deploy. Also, they are not useful.

The interface is not very user-friendly and it is not simple to use.

View full review »
OZ
Network & Security Engineer at a engineering company with 201-500 employees

One of the main issues in  Cisco ISE (Identity Services Engine) is that it lags excessively.

Sometimes Cisco ISE (Identity Services Engine) just doesn't work properly, due to misconfiguration.

I would like to see the product simplified more, especially with the configuration.

View full review »
BN
Senior Software Engineer with 501-1,000 employees

They have recently made a lot of improvements. My clients don't have much to complain about — it's a one-stop-shop.

It should be virtualized because many people have begun migrating to the cloud. They should offer a hybrid version. 

View full review »
Sr Consultant at a tech services company with 10,001+ employees

Cisco ISE could be simplified somewhat. I would also prefer certificate-based authentication over confirmation-based authentication for all the processes. It's possible for us to do a workaround, but the process needs to be simplified. 

View full review »
Technology Manager at Advanced Integrated Systems

The ISE software needs to be improved  in role to be easier to administer. SOftware enhancement required to have easier way to find the featured required to implement and also need enhancement of features sorting. Completing processes can be complex when try to implement some solutions. also steps are complex and the troubleshooting as well. As an example, if you intend to make AAA policy and enforce it on a group of users, you will find the software very confusing................................

View full review »
Network & Security Architect at Canac IT

The web interface needs improvement. The new web interface that they have is not as easy to manage and we find it to be very slow.

The solution might require two authentications. They should make a new authentication to authenticate both the device and the users. Right now, we are authenticating the PC, the workstation, but not as a user. A good addition would be to authenticate the user separately to get more information.

View full review »
PP
Owner at a tech services company with 11-50 employees

Migration could be better. Right now, we back up with the new version, and it requires a lot of licensing and other things. Whenever we choose a product, it's very difficult because we have to meet the requirements of each feature. There is no standard feature, so the best system that we bought may not fit the solution. 

We have to look at every feature that the customer uses. If you compare it with other products like Aruba, it's not the same. With Cisco, I have to read all about the features on this version and the licensing required for the product. In Aruba, that thing is covered when you get one license because it covers almost everything. It could also be more scalable.

View full review »
FA
Networks Lead Engineer at a mining and metals company with 1,001-5,000 employees

They need to simplify the processes and management more, as well as the platform. Their user experience is a bit complicated, and it's not easy to manage. They need to do something to enhance the management console and make it more simple and easier to use.

I need to see stronger integration with Cisco SDN. Instead of treating it as a separate appliance, it should be a built-in feature in the SDN solution. This is one of the things that will reduce the complexity of Cisco's architecture. Instead of having multiple appliances, and getting lost in-between, and not knowing where is the problem is, everything can just be in one place. It will be better to move this feature or this technology as a built-in technology in the SDN solutions, similar to DNA and ACI.

The pricing and licensing structure are not ideal for customers.

View full review »
Deputy Head of IT at a legal firm with 501-1,000 employees

It is too complex. It should be easy to use. We are not such a big team. We only have three engineers to work with this, and we don't use all of the functionality of the product. Its range of functionality is too wide for us, and this is the reason why we are thinking of switching to a more simple product. We have shortlisted a Microsoft solution. We have a big footprint for Microsoft products, especially in security. As a global strategy, we try to leverage to the maximum what is possible around Microsoft.

View full review »
BH
Chief Technology Officer at a tech services company with 11-50 employees

In an upcoming release, the solution needs to be more agentless and more independent. Additionally, there could be improved integration with other next-generation solutions, such as Palo Alto, Fortinet, or Check Point.

View full review »
IT Manager at CMC

The interface could be more user-friendly and the ability to apply rules to MAC addresses, for example, if I wanted to allow a certain MAC address access at a particular time I cannot make this adjustment.

In an upcoming release, they could improve by providing rule-based bandwidth consumption, bring your own device (BYOD) need to be more mature, and the reports could be more user-friendly.

View full review »
SN
Senior Manager at a financial services firm with 5,001-10,000 employees

The intuitiveness of the user interface could be improved. They could also make the deployment process more user-friendly.

View full review »
MB
Senior Solutions Manager at a computer software company with 1,001-5,000 employees

It is a good product, but in order to use all of the functions of the product, you must have a good understanding of the product. You must know how to use and manage it. It is a little bit complicated to configure and manage. It must be simplified to make it easy to manage for end users. In the initial stage, we found ISE complicated for end users. It was not easy to manage it or to write authentication and authorization protocol. They must improve its management and make it easy for end users. 

The monitoring and reporting capabilities can be improved because end users want to quickly see what is happening in their network. There were some restrictions in working with other vendors. It should also have a better and easy integration with other vendors. 

View full review »
SZ
Team Lead Network Infrastructure at a tech services company with 1-10 employees

The solution isn't as dynamic as it could be. There are some limitations, specifically around switches. 

Deploying to a machine, as opposed to a dedicated appliance, can be a bit difficult. 

The network solutions need to be improved by Cisco.

View full review »
Project Manager at Projectnet

There should be better documentation on the implementation of the solution. I learned how to implement it from watching videos. I felt the documentation was too complicated and I also learn better from watching videos.

In my experience, there needs to be better documentation for firewall integration as well, we had some trouble early on.

View full review »
Technology Manager at Advanced Integrated Systems

Segmentation can be improved. They can also improve security policies for each group of users, and automation can also be better. The software interface could be better. They should make it easier for users to find features.

View full review »
Senior Infrastructure Consultant at Happiest Minds Technologies

The solution infrastructure configuration is complicated to set up. They have improved over the years but there is still a lot of room to improve. When comparing the simplicity to other vendors, such as Fortinet and Aruba they are behind.

View full review »
SS
Deputy Manager at Convergent Wireless Communications

The initial setup could be simplified.

The support could be faster and the pricing could be reduced.

View full review »
AR
VP of IT at a tech services company with 51-200 employees

The user interface can be improved.

View full review »
Technical Solutions Architect at a wholesaler/distributor with 201-500 employees

The user interface could be improved to make it more user-friendly.

View full review »
Casual Senior ICT Assistant at a educational organization with 1,001-5,000 employees

I would like the product to include support for OSVS version three.

View full review »
RD
Senior Network Administrator at a media company with 1,001-5,000 employees

In an upcoming release, it would be nice to have NAC already standard in the solution.

View full review »
DG
Sr.Manager at a energy/utilities company with 10,001+ employees

The solution could be more secure.

View full review »
AA
Network Engineer at a financial services firm with 1,001-5,000 employees

The software is a little bit complicated to understand in the beginning, meaning the implementation. It needs proper documentation so that we can understand the options more easily.

View full review »
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
566,121 professionals have used our research since 2012.