Cisco ISE (Identity Services Engine) Valuable Features

BP
Lead Network Engineer at a educational organization with 1,001-5,000 employees

I really enjoy the live log section. Sometimes, you will have someone who is having issues connecting to the network, and then you have to ask them the dreaded question of, "Did you type a password wrong?" They will probably tell you, "No," but the live log can help sort that out. It gives us that extra ability to assist the end user and make sure that we are making them happy.

It has done a pretty good job of establishing trust for every access request, no matter where it comes from. The biggest issue that I probably have is just with the random amount of passerby or outside visitors coming in and trying to connect. Of course, they can't. ISE is very good at not only denying them, but also logging that endpoint. I would say it has done pretty good with that.

View full review »
Bill Masci - PeerSpot reviewer
Senior Network Admin at Iridium

The most valuable features for us are ensuring that we have the right people logging in to the network as well as protecting our device configuration. If somebody goes in to make a configuration adjustment, we need to make sure it's the right person, that they have the right access, and that we have validated that.

When we use ISE, one of the helpful things is that I can go through the dashboard and get every step along the way of how a device was authenticated. If it's failing, why did it fail? Why is it unauthorized? If there's an error, what is the error and how can I fix that error? If it's something that, if they should be passing, why are they failing?

For device administration, like logging in to a switch or a router, we can see all the commands that people have put in and who made changes. If we need to fix something—a bad command, or somebody put something in that pulls a device out of what we consider our compliance—we can fix that. 

From an administrator perspective we can look at "Why did you make this change?" and figure out how we don't break something in the future, if it was something that did cause an outage. 

And when it comes to things like wireless, we can see who is hitting the network, who is hitting a corporate SSID, or a guest SSID. Are they failing? What errors are you seeing along the way?

View full review »
Rohit-Joshi - PeerSpot reviewer
Head of IT Infrastructure at a tech vendor with 10,001+ employees

Posturing is the most valuable feature. There are other tools available that can do some of their other features, like network authentication. The posturing was something because of the nature of the industry that we are in. There are people who go outside for work. Their machines are at times not in the network, and not patched properly. We don't know when they're going to come back, whether it is in a good state, whether it has antivirus, whether it's installed on those machines. Posturing is something that we have made our baseline policy that whenever a machine comes back to our network, it should have a certain level of the operating system and a level of security and antivirus installed. 

We couldn't have done this posturing without Cisco ISE. This is its greatest feature.

It does help me to detect and remediate my network. It enables me to detect any external threat that comes to my network and remediate. If a machine comes into my network that does not qualify per my baseline policy, I have a policy that the machine gets redirected to where it can be patched and remediated. I can ensure that it is fully patched and secure. 

The entire idea of having ISE is to enhance cybersecurity resilience. The zero trust architecture was coined by the cybersecurity team itself. It was a task given to us in the infrastructure space to see how we can bring resilience into the cybersecurity network and ISE was the solution. 

View full review »
Buyer's Guide
Cisco ISE (Identity Services Engine)
March 2024
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Brad Lossing - PeerSpot reviewer
Manager Network Operations at RAND Corporation

Cisco ISE Identity Services Engine enables us to do everything from one interface. It makes it easy to work with top-down policies, to configure groups or the granularity we control in our dot1x environment and posturing. The product helps the granularity our InfoSec group wants to achieve within their posturing project.

View full review »
Vergin Mansour - PeerSpot reviewer
Network Engineer at a manufacturing company with 10,001+ employees

The features that we really appreciate are the monitoring features and also being able to administer the different devices that we have. We have a broad amount of devices with Cisco and we would need to be able to monitor them as well as be able to give specific access to each one of them. The fact that if something as simple as that if somebody gets locked out of their laptop, I can go to Cisco ISE and easily see exactly what happened, when it happened, and see if it was a bad or wrong password is really amazing.

View full review »
Solomon Okonta - PeerSpot reviewer
Network Architect at Great Canadian Gaming Corp

Being able to authenticate wired users through 802.1X is valuable as it enhances our security. If someone enters an unsecured room and connects to a wired connection, they will be authenticated to a guest network, completely segregated from our data networks.

View full review »
Wayne Cross - PeerSpot reviewer
Director of Cyber Security at Borden Ladner Gervais LLP

One of the things that we found most valuable over the years is the ability for it to provide information to the help desk that allows them to troubleshoot issues. We still use a lot of that today and we're going over to DNA soon. We're adopting some of the DNA technologies now, however, ISE has been the mainstay for us for quite a few years now.

The solution is great for establishing trust for every access request no matter where it comes from. That was one of the biggest use cases for us, as one of the problems that we had was to secure a specific VLAN. If a help desk person had a laptop, and they plugged it into a network cable port somewhere, it would automatically put them on a secure network. If a lawyer uses their laptop, it would put them on a separate network. If a phone is plugged in, it will know it's a phone and put it on a phone network. ISE is the only way we have been able to do that. We've streamlined a lot of our provisioning and de-provisioning processes through Cisco ISE.

It has certainly made it easier to secure our devices. For example, we have offices across the entire country. We are a large law firm and have huge offices in Toronto, Ottawa, Montreal, Calgary, and Vancouver. We also have ISO 27001 and 27017 certified as well and I run that program. One of the big things for us is when auditors come for a visit. All of our locations have a conference floor, a whole floor that's dedicated to conference rooms.

There are tons of large conference rooms. When we get audited, conference floors are usually floors that auditors are allowed to go to, as they're publicly accessible floors. We'll get asked, "How do you secure the port?" When we go into the conference room, they can see the network ports." They will ask, "Well, how do you secure these ports? What if somebody came and plugged their machine in?" We then say, "We use Cisco ISE. Cisco ISE identifies that it doesn't belong to our corporate network. It does a check and then puts them right onto the internet, so we don't need to worry about strangers on our closed network.”

View full review »
MI
Technical account manager at a tech services company with 201-500 employees

SGTs are valuable because they make it easy to enforce policies, instead of pushing them across all the other platforms.

View full review »
Aaron-Brown - PeerSpot reviewer
Network Engineer at Universal Health Services, Inc.

I love the policy sets, they are really nice and dynamic. 

This solution helps to support an organization across a distributed network. It's built for enterprises and large-scale deployment. It does what it's supposed to do.

View full review »
SL
Network Engineer at a financial services firm with 10,001+ employees

The solution enables us to authenticate with AD. That way users can log in with one username to the product and access the router and switches.

View full review »
SM
IT Security manager at a energy/utilities company with 201-500 employees

The ability to integrate our Cisco AnyConnect connections to the active directory has been great. Also, as a source of authentication during the process of logging into Cisco AnyConnect has been very useful for us. 

View full review »
Brad Davenport - PeerSpot reviewer
VP of Technical Architecture at Logicalis

For us and our clients, the most valuable features of Identity Services Engine are really around the rich contact sharing that ISE gives you. The ability to categorically list all the endpoints in the infrastructure, understand where they are, how they made it onto the wire, whether that was through wireless, through a wired engagement, And all of the self-service features that allow you to manage guest access to wired and wireless infrastructure are an incredible number of use cases that our clients are constantly deploying now.

View full review »
Darren Hill - PeerSpot reviewer
Technical Consultant at a computer software company with 1,001-5,000 employees

The most valuable feature is the visibility element, the ability for customers to be able to see what devices are actually on their network. Without a solution like ISE, they would have no idea what devices are connected to their network. It offers them the ability to authenticate devices via mobile.

View full review »
Adarge Ekholt - PeerSpot reviewer
Network Engineer at a university with 1,001-5,000 employees

The most important feature for us is visibility in terms of user connections. It's the ability to see what devices are online for a particular user that helps a lot with our troubleshooting. 

View full review »
Laurence Mcbride - PeerSpot reviewer
Senior Business Systems Analyst at a financial services firm with 201-500 employees

It does what it's supposed to. We use a certificate-based authentication method for corporate-managed devices. That means when a user walks in with their managed laptop and plugs it into the network, it chats with Cisco ISE in the background, allows it on the network, and away they go.

And when it comes to establishing trust for every access request, no matter where it comes from, it's effective. That's like a "pass/fail"  and it passes.

Our environment is a distributed network, across many locations. Cisco ISE runs in a pair of data centers for us: to each client, a primary and a secondary. The database keeps itself synchronized between the two data centers so if one data center is down, we can swing to the other for continuous service. It does its job.

View full review »
Elshaday Gelaye - PeerSpot reviewer
Lead Technical Architec at Commercial Bank of Ethiopia

It's easy to change and add policies.

View full review »
TA
Network Analyst at a healthcare company with 10,001+ employees

The authorization and accounts inside of ISE are very useful for us. In the sense that we can actually go back and track and look at all of the things that access controls or people have made changes in the past. And I think the biggest part of ISE for me is that authentication as well. The fact that we can connect it to Active Directory and use it to manage access control to all of our infrastructure devices.

View full review »
FA
Network Engineer at Lawrence Livermore National Laboratory

Having access and being able to add people or change authentication yourself is nice. In the past, we've used other group authentication services, and we always had to go to them and get permissions. Having that control is key. 

View full review »
Ashley Mead - PeerSpot reviewer
Sr Network Consultant at CAE Technology Services Limited

In terms of features, the best feedback I've received has to do with guest portals. The guest portals and sponsor portals are where a company can customize their appearance. As people join the guest network, they're presented with the branding of the company that they're in.

A lot of customers use a third party to manage their guest Wi-Fi. Cisco ISE presents the ability to bring that in-house so that customers can have full control over it, change the branding, and get extra telemetry from it and the user data. It works really well for our customers.

I first started working with ISE at version 1.2, which was quite a few years ago. Over the years, the user interface has become a lot easier. The way the different parts of ISE come together and the connections between the different sections are a lot easier to follow. The interface gives you a much clearer picture of how the different policies and standards that you are building are brought together.

View full review »
AB
Network Architect at a tech vendor with 10,001+ employees

The most valuable feature is AnyConnect Posture because it scans all the programs on the workstation and checks if the antivirus is up to date, as well as the cryptographic keys on our SSD. It also enforces data loss prevention on our workstation, which is usually the main vulnerability for network entry.

View full review »
Roy Pinheiro - PeerSpot reviewer
IT Manager at a financial services firm with 1,001-5,000 employees

The most valuable feature is the provisioning of the device so as to ensure that they are compliant with the security policy that we need to have.

View full review »
Jeffry Pereira - PeerSpot reviewer
Network Technical Lead at a energy/utilities company with 10,001+ employees

For me, the TACACS feature is the most valuable. I have also used Cisco ISE with LDAP, not with Active Directory. That works for me because I prefer LDAP versus Active Directory.

View full review »
CN
Network Operations Supervisor at McCoy's Building Supply

The most valuable feature for us with ISE is the network access control. It provides both security and visibility to what is on our network.

The control ISE gives us with those devices, whether they're company-owned or BYOD, anything on our network, we now have a little bit more visibility into and more control over how it performs and what access it has on our network.

View full review »
JN
Sr Wireless Network Engineer at a manufacturing company with 10,001+ employees

For my use cases, the in-depth troubleshooting into why a client can't connect or why they failed, is very valuable. I can go back to someone and say, "Hey, it's not my network. It's their certificates or user error," or something else. For my coworkers the VLAN segmentation means a client got in, it dropped them into this VLAN, and that's where they belong. They can't get out. It makes things more efficient.

Also, the fact that ISE considers all resources to be external is very important. We use ISE in our retail environments for our payment sleds. We want our payment system to be secure. Zero Trust is our whole thing. It's great that everything is external to ISE and then everything has to go through the system.

View full review »
Gustavo Pena - PeerSpot reviewer
Services Director at XByte SRL

They provide you multiple ways to achieve security, not only on-prem, but also when you have remote and guest workers. Especially post-pandemic, a lot of our customers have remote workers. So, it has been really helpful.

Its resilience gives you a better security posture. Cybersecurity resilience is very important. Security is one of the main things in my country enforced by law.

View full review »
EV
Senior Network Engineer at a tech consulting company with 11-50 employees

I found the CMDB Direct Connect in Cisco ISE 3.2 the most promising feature for my use case. We have a lot of wired map devices and having an externally approved source to validate if a machine is legitimate or approved to be on the network is extremely valuable for us. It helps make the whole process of authorizing endpoints quick.

View full review »
GV
Sr. Architect at a pharma/biotech company with 10,001+ employees

There is a new trend: a zero-trust kind of architecture. If a company really wants to improve their security, ISE can upscale the security in their network by creating an access policy. This ensures that if the device is not allowed to access something then ISE won't let that device access that resource. This is mostly for segmentation security.

View full review »
Adam Boldin - PeerSpot reviewer
Network Architect at Tarrant Regional Water District

The endpoint profiling feature is among the most valuable because it keeps me from having to manually maintain a MAC address bypass list to track endpoints. I can have ISE profile them for me and then put them in the right bucket.

In addition, ISE really adopts and is strong in the Zero Trust model where we consider everybody a foreign endpoint until they prove they belong on the network. ISE just seems to be built from the ground up to do that, whereas with other solutions, you have to "shoehorn" that in.

I also rate it pretty highly for securing access to our applications and network. If you have the good fortune of being a total Cisco shop, you can utilize SGTs, end to end, across the network. It can be a little tricky to get working, but once it does, it creates quite a consistent experience for any endpoint, even if it moves anywhere in the network.

View full review »
Romildo Junior - PeerSpot reviewer
IT Business Manager at Telefónica

It works. It is simple. It works very well. We have a good strategic setup. We are very happy with the solution and we have no problem using Cisco ISE solutions.

The solution is stable.

It's scalable. 

View full review »
CT
Network Engineer at a comms service provider with 10,001+ employees

At the moment, RADIUS is the most valuable feature for us. We haven't really opened it up yet, so RADIUS is the best feature because it supplies authentication to our entire campus.

Also, when it comes to securing access to applications and the network, that goes hand-in-hand with fully developing ISE, implementing .1X, tying in DNA Center, and enabling TrustSec to look at SGTs and figure out who's who and what is what.

View full review »
Batu Akalin - PeerSpot reviewer
Corporate Information Technology Security Manager at AG ANADOLU HOLDİNG A.S.

ISE integrates well with other Cisco products.

View full review »
WG
Senior Network Engineer at a financial services firm with 10,001+ employees

With TACACS, we use it for endpoints like computers, devices, and network access. As a device admin, we use it to cater to users who use routers and switches.

View full review »
Mehran Reza - PeerSpot reviewer
Engineering Lead at Canadian Broadcasting Corporation

Cisco ISE integrates with everything else. It forms our security and identity backbone, and all our authentication goes through Cisco ISE. That's why the solution is so important to us.

View full review »
Josh Calhoun - PeerSpot reviewer
IT Systems Engineer at Pierce County Information Technology

The live logs and live sessions for troubleshooting are the most valuable features because they provide a detailed report of any issues. I appreciate that they guide us through every step that a user or authenticator goes through.

View full review »
EM
Network Engineer at a hospitality company with 10,001+ employees

[One of the most valuable features] is just the ease of use. It's pretty simple to set up certs that we can add to our clients to make sure that they connect properly, [as is] whitelisting Mac addresses. 

It also integrates really well with some of our other services like ServiceNow. A ticket comes in and then, boom, it's automatically going to the ISE, and then ISE is allowing that client with that Mac address to get on the network easily.

[In addition, regarding establishing trust for every access request, no matter where it comes from] it does the job. It's a perfect solution in order to manage a large corporate network.

It allows that access control [for a distributed network]. That's super significant. It allows you to segment things and allows only certain devices to access the network.

View full review »
Andres Lopera - PeerSpot reviewer
Technical Leader at Línea Directa S.A.S / Aplicación e Ingreso

Authentication is the most valuable feature because it puts our company at another level of security. It establishes trust for every access because we use only corporate endpoints. If somebody has another device, they can't connect it to the enterprise network because we haven't implemented bring-your-own-device yet. We have five warehouse buildings and all our operations are around logistics and that means external people don't come to our buildings.

View full review »
Ahmed_Shalaby - PeerSpot reviewer
Senior Cyber Security Engineer at Beta Information Technology

TACACS is valuable. The product is useful for device administration.

View full review »
SM
Cyber systems Engineer at a manufacturing company with 10,001+ employees

We found all the features of the product to be valuable. We have no complaints about it. Posturing is valuable to my organization. Now, we're improving our whole environment to go into a Zero Trust policy, and Cisco Identity Services Engine plays a huge role in it. We're defense contractors, so we support DOD and have specific stakes and a baseline to go with. Our strict environment requires us to do certain things, and the solution plays a role in it.

View full review »
WK
Senior Systems Engineer at Austro Control

The most valuable feature is the flexibility of the policy sets.

View full review »
SS
Network Manager at a healthcare company with 10,001+ employees

Cisco ISE is a powerful solution. It gives us the ability to control who's accessing our network, and Cisco has made it very easy.

View full review »
AS
Data Engineer at a healthcare company with 5,001-10,000 employees

It works as a good RADIUS server. It has lots of features. It works with all the proprietary Cisco AB pairs and features.

View full review »
SamBrown - PeerSpot reviewer
Network Engineer at a energy/utilities company with 1,001-5,000 employees

With NAC, the profiling feature is valuable. We're able to see what we have out there in the network and dynamically assign policies to it. We can then use that to enforce TrustSec policy or anything else with NAC. 

View full review »
AA
Senior Network Architect at Commercial Metals Company

The most valuable feature is 801.1x and another very good feature is the TACACS.

In addition, it establishes trust for every access request. That's very valuable. We can't authorize users without it. The fact that it considers all resources to be external is very important. Without Cisco ISE, we couldn't authorize our users, contractors, and everyone else. It's our one source of truth for authentication and authorization.

It's also very good when it comes to supporting an organization across a distributed network. We like that. 

View full review »
WM
Network Engineer at a insurance company with 5,001-10,000 employees

I like the logging feature. I like that I can look at the logs for authentication issues.

View full review »
PB
Network Security Engineer at Vienna Insurance Group Kooperativa

The most valuable thing in ISE is the adoption of EAP deep that came in [version] 2.7, so we can do authentication based on user and machine certificates in one authentication.

[Regarding establishing trust for every access request] it's been pretty good so far. We've been authenticating all of our users, no matter where they're coming from. If it's from our VPNs, or if it's wireless access, we are all Cisco, so the integrations are pretty good. It's very important [that the solution considers all resources to be external]. Right now, with the challenges that the multi-cloud environment poses, you have to have a solution like this.

View full review »
BS
Senior Systems Administrator at a manufacturing company with 10,001+ employees

The Guest Portal is a big feature for us. 

View full review »
BN
Senior Software Engineer with 501-1,000 employees

My clients are always talking about the segregation capabilities. Segmentation refers to how you can actually segregate employee and non-employee client access. 

View full review »
JB
Network Services Engineer at a government with 51-200 employees

The feature that I found most valuable is profiling. We use that to profile certain types of devices, and then depending on the manufacturer, drop them into the appropriate VLAN without us having to go in and manually add the devices.

View full review »
DM
Network Manager at a government with 201-500 employees

The most valuable feature of Cisco ISE is its seamless integration with the switches and the entire suite, enabling wireless access and smooth client information retrieval.

View full review »
PG
Principal Consultant at a computer software company with 1,001-5,000 employees

Cisco ISE's profiling and posturing features ensure that all devices are compliant with regulatory authorities.

View full review »
MA
Senior Network Officer at a financial services firm with 1,001-5,000 employees

Cisco ISE is a good and easy-to-use solution. We had a smooth experience with it, and we didn't face any issues. We upgraded the solution two years ago, and that version also worked fine. 

Cisco ISE's integration with other external identity servers like Duende is very simple and easy.

View full review »
BB
ITS 1 at a government with 10,001+ employees

The guest wireless works pretty smoothly. The SGTs came in very handy when we had to segregate traffic away from our network, even though it is part of our network. 

The SGT function would probably be the most used. This is mainly because we have a lot of vendors on our campuses but we need to keep them from seeing the traffic and being able to touch other areas of our network. Being able to use SGTs kind of keeps them in their own little lane away from us.

When it is deployed correctly, it is very helpful. It runs smoothly. It is just integrable to what we do.

View full review »
SC
Infrastructure and Cybersecurity Manager at George Washington's Mount Vernon

The solution cuts down on the repercussions of getting malware or ransomware which happened to us four years ago. We regularly took very aggressive snapshots and we were able to recover in an hour and 20 minutes without any loss of data.

View full review »
Md Manirul Islam - PeerSpot reviewer
Assistant general manager at Beximcocomputers

The valuable feature of the solution lies in its integration capabilities with other applications. This facilitates seamless operations like Microsoft migration across networks and call center management. The ability to segregate multiple domain users in the Access Network ensures efficient, logical management.

View full review »
OB
IT Architect at a tech services company with 501-1,000 employees

For customers, it's great. It has a GUI, so the customers themselves can edit ACLs or even modify the policies. It's also an all-in-one solution with RADIUS and TACACS.

View full review »
HV
Network engineer at Bimbo Bakeries USA

I've found two features to be the most valuable. One would be AAA reporting for historical analysis, showing what's been done and by whom. The second is the log for failures on Active Directory logins.

If I were to assess Cisco ISE for establishing trust for every access request, I would give it an eight or nine on a scale from one to ten.

Cybersecurity resilience has been very important to our organization and has been a big factor. We've had issues in the past, but one of the things I like about ISE is its logging features. Security-wise or information-wise, it really has been a powerful tool.

My impression of Cisco ISE for helping to support an organization across a distributed network is that it's invaluable. It's a monster tool; we don't even touch on all the features that it offers, but the few that we do use are extremely strong and very user-friendly.

View full review »
HP
Client Manager at a tech vendor with 10,001+ employees

It is more about the features related to Apex. This is part of the solution where we can deep dive into each employees' usage according to our infrastructure needs.

There are a lot of integrations available with multiple vendors. This has made the solution easier to work with.

We use the management platform, which makes it easy for our IT to access and manage. 

View full review »
Sait Kilinc - PeerSpot reviewer
Manager of IT at a financial services firm with 10,001+ employees

The access policies, and all of the policies in Cisco ISE, are important to us.

View full review »
Jeff Burdette - PeerSpot reviewer
Cyber Security Administrator at a aerospace/defense firm with 11-50 employees

Profiling is one of the most valuable features. We have a lot of different devices between cameras, access points, and laptops that get plugged in.

Establishing trust for every access request, no matter where it comes from, is extremely important for us, especially because we are an airport entity. We do have port security implemented throughout our airport, but on the more sensitive side of things, it's a little bit more hardcore regarding what we need to allow, per security zone.

View full review »
JB
Network Engineer at a financial services firm with 201-500 employees

TACACS and .1X security are the most valuable features. TACACS acts for user control, so no one can authenticate to our network devices, and .1X is to validate that unauthorized devices are plugged into our network.

View full review »
CH
Principal consulting architect at a tech vendor with 10,001+ employees

The posture assessment is a valuable feature because of the ability to do assessments on the clients before they connect to the network.

The guests' BYOD portal and onboarding are feature-rich and fairly straightforward and easy to set up.

From a zero-trust standpoint, it is critical that Cisco ISE considers all resources to be external because, in essence, we don't want to allow anybody on the network that hasn't been verified. Even when they're on the network, we want to make sure that they have the least amount of privileges to do their job.

Cisco ISE hasn't eliminated trust, but it's definitely helped us to migrate more toward zero-trust network environments. It helped us to have a much better security posture overall to help eliminate threats and also give visibility into the response.

ISE is generally deployed as a distributed environment, and it makes it easier to have local resources across the distributed environment so that you're not dependent on always-on access to a data center. In case you lose your internet connection or lose an MPLS connection, you can still have a certain amount of security control at the distributed location.

As far as securing access to applications go, with the posture assessment you get a lot more visibility into the applications on the client when you deploy it and a lot more control over enforcing connectivity in the network, especially with secure group access.

View full review »
LP
Network engineer at a financial services firm with 1,001-5,000 employees

It integrates with the rest of our platform, like our firewall, and helps us a lot. It also does a good job establishing trust for every access request.

View full review »
DH
IT Manager at Shanta Mining

While the solution has a host of features, we only use the one involving access control. 

We are looking into further uses for it. My aim is to deploy it across all three of our sites and not just one. 

View full review »
CP
Associate Director of Network Tower at Happiest Minds Technologies

The most valuable features are the NAC and the bundles that are available with Cisco ISE, such as Cisco ACS being integrated.

View full review »
MA
Associate Consultant at a computer software company with 201-500 employees

In terms of features, I think they've done a lot of improvement on the graphical user interface — it looks really good right now. ISE is always very complicated to deploy because it's GUI-based. So they came up with this feature called work centers, that kind of streamlines that process. That's a good feature in the product right now.

View full review »
Vusa Ndlovu - PeerSpot reviewer
Security Solution Architect at Nexio South Africa

I like the automation of the collection of information.

View full review »
AV
Solution Architect Telecom at a manufacturing company with 10,001+ employees

The actual radius is the most valuable aspect of the solution. We need to have a centric solution either on MarTech X and for the wireless user authentication. We were mainly on Cisco and we continue to use them. However, this is the time period for a refresh as the five-year lifespan is completed. We may look for other options.

Technical support is okay.

View full review »
ChrisWanyoike - PeerSpot reviewer
Network Infrastructure Specialist at Central-Bank-Kenya

The posturing is the solution's most important aspect. When a user connects his or her machine to the network, the first is for ISE to check whether that machine is authorized, check that that machine is compliant with respect to antiviruses, whether it complies with respect to Windows updates, et cetera. If not, a feature is on auto-remediation, so that the proper antivirus and Windows updates can be pushed to the machine.

At the moment, ISE seems to integrate very well with a number of other technologies. It integrates well with Microsoft and integrates well with other wireless systems.

View full review »
LC
Network & Security Architect at Canac IT

The .1x authentication schema is the most valuable aspect of the solution. It makes it possible to have multiple policies and it can still adapt to us. We can authenticate and calculate our trajectory and so on. The policy is very easy to put in place. It's got to be easy due to the fact that we have more than 200,000 devices.

The implementation is very simple.

View full review »
RO
Manager of Systems Architecture at a computer software company with 51-200 employees

It's keeping our company safe from rogue devices connecting to our network. From a security standpoint, there's peace of mind knowing that every device that connects is a good one.

View full review »
MB
Accounting Executive at a tech services company with 11-50 employees

The way the ISE works is you can get into defining. Let's say, in my case, I've got a Windows laptop and I've got an Apple product and those have unique identifiers, unique back addresses. It would say that this in my profile so I could get to those apps with either device, 24/seven. That's how granular the ISE or these NAC Solutions can get. That you have to have that same device.

They can get into the antivirus. They will check the antivirus to see if it's the most current version and if it's not, if that's your policy, it will let you go through and access the app if the antivirus has been updated. But if the policy was that it has to be the most current version, then it can block you until you upgrade the antivirus.

View full review »
BN
Senior Software Engineer with 501-1,000 employees

It works very well with the network, router, and switches. It is able to enforce the policy and assigns the traffic a Security Group tag.

A Google user is able to enforce access throughout the router and switches ensuring the traffic going through has the same policy.

When you push out the policy, it is able to populate the entire network at one time.

It's quite good, the market is using this solution.

View full review »
SN
Sr Manager Infrastructure at a financial services firm with 5,001-10,000 employees

The most valuable feature is network access control for the users coming into the network, which allows us to know who is in the network at any given time.

View full review »
NH
IT Manager at cmc

The most valuable features are the ability to retrieve information about Active Directory user names, viewing the log files to see which MAC address tried to connect with the created SSIDs, portal designing for your company, hotspot tools, and creating network rules for WiFi access.

View full review »
MN
Network Architect at a tech vendor with 10,001+ employees

The ability to allow or deny hosts onto the network is valuable. It provides great security to the network environment.

View full review »
WH
Network Manager at a university with 501-1,000 employees

The TACACS and RADIUS have been the most valuable features so far.

View full review »
Chinthaka Kannangara - PeerSpot reviewer
Network System Engineer at VSIS

The best features are the scalability and the license structure. The license structure is like a tier. If a customer doesn't actually want the highest features, then they can just start with the basic license package and upgrade it if their network is growing. For the smaller customers, they can start with the smaller plans and so on. If you have a financial customer or banking customer, they can go for the full features, and if it's not that critical, the customer can get the basic license package and implement that.

View full review »
AW
Network Engineer at a manufacturing company with 201-500 employees

The policy sets give us more granular groups for end-user access.

View full review »
RM
Sr Consultant at a tech services company with 10,001+ employees

The core point is that Cisco ISE is the same globally compared to FortiAuthenticator. Whether I deploy in China, the US, South Africa, or wherever, I'm can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability. 

View full review »
FS
Deputy Head of IT at a legal firm with 501-1,000 employees

The way we can trust this solution is the most valuable. We have no issue with this product. It is a competitive product. You need to have a very good and deep knowledge of the product to take the full benefits of all the features, but it is a good product.

View full review »
TB
Senior Enterprise Network Administrator

It does a good job of establishing trust for each access request, no matter the source. It's also very effective at helping with the distributed network and at securing access.

View full review »
JM
Network Specialist

Among the most valuable features is TACACS. Also, the rules and logging, but TAC is just as easy. Cisco TAC is great.

View full review »
FC
Director of Engineering at a tech services company with 51-200 employees

Integration is a big factor. That has really been the driving force behind it.

View full review »
MN
Chief ICT Specialist at a government with 10,001+ employees

The integration with Active Directory is the most valuable feature for us.

View full review »
SI
Security Solutions Architect at GTS

Cisco offers automation, visibility, and control as well as third party integration capabilities.

View full review »
JC
Project Manager at Projectnet

One of the most important features is the authentication security for the individual connection to the network through their computer or laptop. The solution is very complete overall.

View full review »
TP
Technical Systems Analyst at NJC

The biggest value of ISE is that it can get so granular with gaming systems, versus IoT and BYOD.

View full review »
Gerald Jimenez - PeerSpot reviewer
IT Operations Supervisor at Aboitiz Equity Ventures, Inc.

ISE's most valuable feature is integration between IT and OTs.

View full review »
DR
Head Cyber Security at a retailer with 10,001+ employees

It's flexible and stable. It's been good as a standard environment to run.

View full review »
RF
Cyber Security at a manufacturing company with 10,001+ employees

To be clear, I'm not an expert in networking, so I'm pretty much like a user.

I really like the guest WiFi. Those kinds of features are pretty convenient. When I have a guest in the form of a third party, I can grant access to the guest for a certain period of time and have a dynamic password generated. It's great.

The user experience of the solution is great. It's a very transparent system.

View full review »
Joni Saputro - PeerSpot reviewer
System Engineer at Packet System Indonesia

Cisco ISE has a powerful posturing tool with security requirements. This data can be integrated with the device identity and threat intelligence surface, enabling you to create granular policies based on a device's identity. Just like we made policies based on Samsung or Lenovo, you can now do the same based on its compliance posture.

View full review »
ME
Smart Information and Communication Technology Engineering student at INPT

The product has many useful features. It enhances compliance and security posture. It provides client provisions and profiling as well as guest access, features not available in other solutions. The product can be customized. 

View full review »
LR
Director of Security and Computer Risks at Eclipse Telecomunicaciones S.A. de C.V.

Our clients like Cisco ISE because they already use various Cisco solutions. It's easy for them to use this solution because they have an engineer with Cisco certifications.

View full review »
FA
Networks Lead Engineer at a mining and metals company with 1,001-5,000 employees

I'm very satisfied with the product. It has been excellent so far. 

From the performance perspective, it is excellent. The outcome is as expected, giving control to the network. 

There is good integration with third-party systems like antivirus patch management, MDM.

View full review »
Brook Debebe Hailu - PeerSpot reviewer
Chief Technology Officer at Mehbub General Trading PLC

I have found that all of the features are valuable.

It is very easy to deploy because we are able to port users directly from Active Directory (AD) and LDAP.

View full review »
DG
Sr.Manager at a energy/utilities company with 10,001+ employees

The most valuable features are authentication, we have more granular control on the access policies for the administrators. The solution is easy to use, has a center point administration, and has a good GUI.

View full review »
SS
Deputy Manager at Convergent Wireless Communications

The most valuable features of this solution are guest authentication and stop authentication.

I felt that it was quite good and well suited for us.

Overall, the features and the product are quite good. 

It has all of the features available, in fact, more than what you need.

View full review »
MK
Co-Founder & Director at VSAM Technologies

The general usefulness of the product is not specific to a particular feature. This is a comprehensive solution covering access to network to create a zero trust environment. It covers Network Access Control, Network Segmentation & policy control

The solution integrates well with other Cisco solutions. It works both from a single-vendor perspective and in cases where the client might have a hybrid network and multiple security solutions.

The product offers very good functionality.

From a configuration point of view, it's simple. It's not very complex. I don't see any major challenges when using the product.

The solution is reliable.

The scalability is good.

We haven't had any issues with technical support. They have been helpful. 

View full review »
RF
Information Security System Specialist at everis New Company Erifson

The profiling option is the most valuable feature. 

View full review »
it_user302130 - PeerSpot reviewer
Security Senior Network Engineer with 1,001-5,000 employees
  • I'ts compatibility with 802.1X
  • Posture
  • Profiling
  • Guest Portal
View full review »
JF
Works
  • BYOD service
  • The guest and secure wireless access
  • Compliance and posture
  • Wireless administration
View full review »
RD
Senior Network Administrator at a media company with 1,001-5,000 employees

The WiFi portal in Cisco ISE is very useful for WiFi customers.

View full review »
OZ
Network & Security Engineer at a engineering company with 201-500 employees

The RADIUS Server holds the most value.

The TACACS feature in ISE is good.

We also use the Posture feature to control the environment.

The product features are quite good.

View full review »
HA
Technology Manager at Advanced Integrated Systems

I like the guest access feature, which has been important for us. The BYOD feature is also good. 

View full review »
HA
Technology Manager at Advanced Integrated Systems

Combines authentication,authorization,accounting(AAA),posture,and profilerinto one appliance

Provides for comprehensive guest access management for Cisco ISE administrators.

Enforces endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for all endpoints that access the network,including 802.1X Environments

EmploysadvancedenforcementcapabilitiesincludingTrustsecthroughthe use of SecurityGroup Tags(SGTs) and Security Group Access Control Lists (SGACLs)• Supports scalability to support a number of deployment scenarios from small office to large enterprise environments

View full review »
Ntwrkengine0887 - PeerSpot reviewer
Senior Network Engineer at a comms service provider with 1,001-5,000 employees

The best feature of the Cisco ISE platform is that it is compatible with Microsoft products. 

View full review »
it_user146331 - PeerSpot reviewer
Senior Network Operations Specialist at a government with 1,001-5,000 employees

Cisco Identity Services Engine (ISE) version 1.3 has improved it's GUI margin and much easier to navigate than the previous versions. 

This technology pride itself with Trust Sec and 802.1x  feature. Trust Sec can be an advantage when an environment is nothing but a Cisco workshop.

This technology is based upon utilizing other Cisco products such as IDS, IPS, ASA and Catalyst switches. It provides the RADIUS feature for Active Directory so that 802.1x (EAP over LAN) is properly utilized for User Authentication.  

It also does MAC Address Bypass (MAB) for MAC Address verification and authentication.  

Cisco will integrate the TACACS+ feature into ISE version 2.0 and enterprises no longer need Cisco ACS for this reason.  

View full review »
PP
Owner at a tech services company with 11-50 employees

I like that Cisco ISE is easy to use.

View full review »
EA
Principal ICT Assistant at a educational organization with 1,001-5,000 employees

The most valuable feature is the ASDM - the user interface makes it very easy to configure the firewall.

View full review »
SK
Security Engineer at a energy/utilities company with 201-500 employees

The identification with McAfee DHL is the most valuable feature. It gives us full visibility to see if there's any malware or malicious activity going on in the network and will then isolate the device.

View full review »
it_user216399 - PeerSpot reviewer
Senior Network Engineer with 1,001-5,000 employees

It can handle Radius and TACACS+.

View full review »
DG
Technical Solutions Architect at a wholesaler/distributor with 201-500 employees

The profiling model included is the most valuable feature.

View full review »
AH
Network Administrator at a government with 51-200 employees

It has many valuable features. 

View full review »
it_user375078 - PeerSpot reviewer
Senior Network Engineer/Mobility Specialist at CCSI - Contemporary Computer Services, Inc.

Cisco ISE now competes with any other product in the space because of its centralized and unified highly secure access control with ISE. ISE grew out of ACS and in the process has grown up.

View full review »
it_user375078 - PeerSpot reviewer
Senior Network Engineer/Mobility Specialist at CCSI - Contemporary Computer Services, Inc.

Profile Sets help organize how AAA is handled by grouping, like traffic into separate subroutines.

View full review »
MB
Senior Solutions Manager at a computer software company with 1,001-5,000 employees

The interconnection with the ecosystem and the ability to force rules all over the network are the most important features.

View full review »
JL
Unified Networks at a program development consultancy with 11-50 employees

The flexibility to grant anyone access to the network easily and in a secure way is its most valuable feature.

View full review »
EE
NOC Manager at a comms service provider with 51-200 employees

We were originally a Cisco shop and Cisco ISE integrated well with our other Cisco switches and networks.

View full review »
BE
Network Security Engineer at Data Consult

The most valuable feature would be the protection. 

View full review »
CR
Cyber Transport Specialist at a government with 10,001+ employees

The interface is pretty easy to use.

View full review »
SZ
Team Lead Network Infrastructure at a tech services company with 1-10 employees

The solution is stable.

We have found the product to be scalable.

The device administration is great. 

It offers very good integrations and can easily be integrated with mobile devices.

The product works well with StealthWatch.

It's quite an innovative product.

Typically, the installation is pretty simple.

View full review »
AA
Network Engineer at a financial services firm with 1,001-5,000 employees

The feature that I most like is that it can notify me whenever someone plugs in their device, which is not allowed. I get notifications for new laptop devices.

I think the user interface looks good compared to previous versions. 

View full review »
it_user683622 - PeerSpot reviewer
Presales Systems Engineer at a tech services company with 501-1,000 employees

We found that the most valuable features associated with this tool are posture assessment, policy management, VLAN assignments, guest assignment, and BYOD services. In addition to these services, the Cisco IOS software switch configuration feature is another very valuable aspect of the policy and compliance solution.

View full review »
it_user690516 - PeerSpot reviewer
Manager - IT Security & Process Compliance at a tech services company with 1,001-5,000 employees

The authorization feature is the most valuable feature. 

View full review »
it_user866460 - PeerSpot reviewer
Architect of Security and Networking solutions (Presales and after sales) at a comms service provider with 1,001-5,000 employees
  • MAC - Member Access Control
  • Integrating all Cisco wireless, networking, switches, routers, firewalls for our customers.
View full review »
AR
VP of IT at a tech services company with 51-200 employees

This product allows them to see the traffic that is going through the network.

It is stable and easy to use.

View full review »
it_user816279 - PeerSpot reviewer
Research Engineer with 1-10 employees
  • ISE Dynamic VLAN assignment
  • ISE Radius and Tacacs+
  • External identity sources LDAP, domain, or token.
View full review »
Buyer's Guide
Cisco ISE (Identity Services Engine)
March 2024
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.