No more typing reviews! Try our Samantha, our new voice AI agent.

BeyondTrust Endpoint Privilege Management vs Cisco Identity Services Engine (ISE) vs Symantec Privileged Access Manager comparison

The compared BeyondTrust and Cisco solutions aren't in the same category. BeyondTrust is ranked #8 in PAM , with an average rating of 8.0, and holds a 2.9% mindshare in the category. Cisco is ranked #2 in NAC , with an average rating of 7.6, and holds a 21.7% mindshare. Additionally, 92% of BeyondTrust users are willing to recommend the solution, compared to 87% of Cisco users who would recommend it.
BeyondTrust Endpoint Privil...
Read 32 BeyondTrust Endpoint Privilege Management reviews
  • 3,771 Views
  • 1,697 Comparison Views
92% willing to recommend
Cisco Identity Services Eng...
Read 144 Cisco Identity Services Engine (ISE) reviews
  • 15,070 Views
  • 9,796 Comparison Views
87% willing to recommend
Symantec Privileged Access ...
Read 53 Symantec Privileged Access Manager reviews
  • 1,773 Views
  • 1,383 Comparison Views
85% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between BeyondTrust Endpoint Privilege Management, Cisco Identity Services Engine (ISE), and Symantec Privileged Access Manager based on real PeerSpot user reviews.

Find out what your peers are saying about CyberArk, One Identity, Okta and others in Privileged Access Management (PAM).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Privileged Access Management (PAM) Report (Updated: March 2026).
Buyer's Guide
Privileged Access Management (PAM)
March 2026
Download the complete report
Helped 885,728 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

Privileged Access Management (PAM) Mindshare Distribution
ProductMindshare (%)
BeyondTrust Endpoint Privilege Management2.9%
CyberArk Privileged Access Manager11.4%
Delinea Secret Server4.9%
Other80.8%
Privileged Access Management (PAM)
Network Access Control (NAC) Mindshare Distribution
ProductMindshare (%)
Cisco Identity Services Engine (ISE)21.7%
Aruba ClearPass20.8%
Fortinet FortiNAC15.0%
Other42.5%
Network Access Control (NAC)
Privileged Access Management (PAM) Mindshare Distribution
ProductMindshare (%)
Symantec Privileged Access Manager1.6%
CyberArk Privileged Access Manager11.4%
Delinea Secret Server4.9%
Other82.1%
Privileged Access Management (PAM)
 

Featured Reviews

Md Abdul Hakim - PeerSpot reviewer
Md Abdul Hakim
System Engineer at Corporate Projukti Limited
Offers solid performance and user adaptability but needs better pricing options and local support
BeyondTrust is a strong, compliance-driven solution with excellent market recognition (Gartner, Peers, etc.), making it appealing for Bangladeshi enterprises. However, some key improvements could accelerate adoption: Areas for Improvement: Pricing & Local Affordability While the product’s capabilities justify its value, cost remains a barrier for many Bangladeshi organizations. Competitive pricing or regional discounts would make it more accessible. Local Support & Partnerships Currently, lack of local partners or trainers creates delays in support, implementation, and pricing negotiations. Establishing a Bangladesh-based support team or authorized resellers would improve responsiveness and trust. Enhanced Onboarding & Training Offering localized training programs (in Bengali/English) and documentation would help IT teams deploy and manage the solution more efficiently. Recommendations for Next Release: Introduce tiered pricing for emerging markets like Bangladesh. Develop a partner network in Bangladesh for faster service and sales. Add simplified dashboards for easier monitoring by non-technical staff. Final Note: BeyondTrust is already a top-tier PAM solution, but addressing these gaps would solidify its leadership in Bangladesh’s growing cybersecurity market.
Read full review
NF
NicolasFigaro
Network and Technology Information Manager at Akkodis
Has improved authentication management and simplified visitor network access
The log capacity in Cisco Identity Services Engine (ISE) could be enhanced because today natively on the ISE can only have a look at the logs from the day before. You cannot search into the oldest logs; you have to use another tool for that. This can be blocking if you don't have any log consolidation solution. To do a search for an issue or something that happened two days ago, you cannot search directly in there. The capacity of Cisco Identity Services Engine (ISE) could be enhanced. Something between one week and one month for the log capacity would be nice.
Read full review
Muzi Lubisi - PeerSpot reviewer
Muzi Lubisi
Senior technical Consultant at CA Africa
Secure management of sensitive servers and seamless applications with direct linking
The credential injection feature is highly valued, particularly for RDP sessions. A majority of customers use it for RDP, and a couple for Linux servers. The broader capabilities, including access to multiple systems, web-based applications, and clustering, have never posed an issue. The threat analytics aspect is also a robust feature that analyzes all pertinent information.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Technical support is good."
"The asset discovery feature is the solution's most valuable aspect. It's very easy to pull assets into the database of the solution manager."
"It's relatively straightforward to set up, especially if you are deploying to the cloud."
"When it comes to the PAM, I don't think that any application can compete with BeyondTrust, except for the financial issue that has been recently affected by the change in the licensing model."
"I'm a BeyondTrust partner and I have multiple deployments, four or five banks right now. The features that give us quite an edge compared to what our competitors are offering - like IBM or Thycotic - are the Session Management, that is quite a big one; also the recording of keystrokes. In addition, there is the password vaulting and state-of-the-art Password Management, which I haven't seen in other products."
"The product is secure."
"The features related to application elevate is amazing, and it helped the company to remove almost all admin local users."
"The features related to application elevate is amazing. It helped the company to remove almost all admin local users."
More BeyondTrust Endpoint Privilege Management pros
"The TACACS and RADIUS have been the most valuable features so far."
"After the product was installed, no one could access the secure connection network. In order for any laptop or any endpoint device to attach to my network, it needs to be authorized or be certified to be connected."
"The solution is stable and has good performance."
"The authorization and accounts inside of ISE are very useful for us."
"The valuable feature of the solution lies in its integration capabilities with other applications."
"It is scalable because we use a network load balancer at the front of the PSN. It can be extended as we want to multiply. It's scalable to our environment. We have around 8,000 users and we are planning to expand it."
"It really helps secure, classify and manage users including guest and BYOD users."
"Implementing ISE has saved us the need to invest in that manpower."
More Cisco Identity Services Engine (ISE) pros
"It gives you list of servers, so you can see which users have access to which servers. This is really useful, so we can make sure nobody is getting extra access than what is needed."
"The password vault and access to the systems are the most valuable features."
"We have received good support from the tech support team."
"We can enforce complicated password policies and very important frequent password changes."
"If I remember correctly, it was the two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors."
"I like the fact that passwords are checked-in automatically."
"The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster."
"So all the different roles (such as database admin, Unix admin, network administrator), are now centralized into one system."
More Symantec Privileged Access Manager pros
 

Cons

"There is room for improvement in having the solution align more with standards. We're always shoehorning the product into the standards."
"What's bothering me, which is true of all of them, is that sometimes, the error codes that come up don't necessarily get reflected in the searches within their support sites or they're out of date."
"They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment."
"Reports to the end user."
"There are three types of endpoints. If we need to use them in the solution, then we need to purchase the licenses separately. The tool needs to improve its licensing."
"There is a need for better MQ integration with DevOps and improvements in architecture."
"We have installed BeyondTrust, however, it's not working as-is."
"The BeyondInsight appliance environment is not as flexible as it should be in some designs."
More BeyondTrust Endpoint Privilege Management cons
"An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment."
"The integrations with the switches and the wireless controllers are not really straightforward. There is what they call the best practice for them, but it may not be what we have on-premise."
"The solution configuration is complicated for setting the infrastructure. They have improved over the years but there is still a lot of room to improve. When comparing the simplicity to other vendors, such as Fortinet and Aruba they are behind."
"An issue with the product is it tends to have a lot of bugs whenever they release a new release."
"Technical support has been okay, but I wouldn't describe it as "very good." We have had some problems with technical support."
"The opinion of my coworkers, and it's mine as well, is that the user interface could use some tender loving care. It seems counterintuitive sometimes. If you go to the logs, it's hard to figure out which one you need to look at."
"The policies could be adjusted to make them more easily implementable."
"The initial setup is not simple. I don't consider our deployment to be complete because we were unsuccessful at trying to use the majority of the features."
More Cisco Identity Services Engine (ISE) cons
"I’m no fan of Java as an application front-end, as it tends to have issues depending on what browser one’s using."
"The first setup was complex. The implementation, to me, was very bad."
"They need to do a little bit more on the mainframe side."
"It'd be great if you just stuck in your PIV card and Windows popped up, asked you for your password. You typed it in, then it remembered your credentials."
"They need to have zero tier and active-active setup with zero minimum downtime, which they are working on it."
"The setup was complex."
"Recent releases need improvement in webpage management. For instance, navigating through a webpage that acts like a wizard, where I proceed to the next page and enter more information, is not handled well by the system."
"The demonstration and consideration portion does not work the best. It's not that intuitive."
More Symantec Privileged Access Manager cons
 

Pricing and Cost Advice

"The product’s licensing is different for Windows, Linux, and Mac. The tool’s licensing is yearly."
"This solution is expensive compared to its competitors."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten."
"Its pricing and licensing are okay. We were in the perpetual model when it was on-prem, and now, with the SaaS service, we have a subscription model. As a customer, I would always like to see a lower price, but it seems to be priced at the right model currently, and we are trying to get the maximum benefits out of it."
"What BeyondTrust was providing was user-based licensing which was a great benefit from the client point of view. Recently, I don't know why, the licensing model has been changed, and that is the reason that they have lost a bit of their edge when it comes to the PAM, against our competition. The asset-based licensing, from the user's point of view, is not beneficial. The licensing should be based on the users. The greater the number of users, the greater will be the load and the greater the scalability problems. I presume that is why the licensing model has changed."
"It is relatively more cost-effective compared to the competing product."
"It was very expensive."
"PowerBroker for a Mac client is three times the price of the Windows version."
More BeyondTrust Endpoint Privilege Management pricing and cost advice
"The solution’s pricing is reasonable."
"Standard licensing gives backup access and very few features, and then there's VM licensing - each VM we use needs to be licensed."
"In terms of the licensing and the pricing structure of the Cisco Identity Services Engine, there's been a huge advantage to our clients recently with the advent of the enterprise agreement."
"If you consider money only, Cisco ISE is not a cheap solution."
"I have complaints. I don't enjoy the licensing model. Once we moved from 2.7 to 3.1, switching from Base, Plus, and Apex to Essential and Advantage in Premier, we went from a perpetual, with our base licenses, to now a subscription-base. So, we will have to renew those licenses every year, and I'm not a fan of that for our base licenses. Apex/Premier, we already expected, which is fine, but for basic connectivity, I am not a fan of that."
"Cybersecurity resilience has been very important to our organization and has been a big factor. We've had issues in the past, but one of the things I like about ISE is its logging features. Security wise or information wise, it really has been a powerful tool."
"We are running Version 2.9 because Version 2.9 of the ISE has a persistent license — it's a one-time payment. The latest version (3.1) is only available if you do a yearly subscription."
"Cisco ISE's licensing can get pricey."
More Cisco Identity Services Engine (ISE) pricing and cost advice
"It is reasonably priced."
"Don’t go with an agent model. Don’t go with a model that has you buying a thousand different parts. Go with PAM that gives you everything, or you’ll just be paying costs of implementing another tool that PAM would have just given you up front."
"It is more expensive than other solutions on the market."
"Pricing is fair compared to other top vendors."
"The version we are using is affordable compared to BeyondTrust, which is maybe three to four times as expensive, but it depends on the features."
"Appliances are relatively cheap, don’t skimp. Make sure you have redundancy, high availability, and enough appliances to manage the concurrent workload."
"The prices are not low, but one can ask for a discount. It’s not the cheapest PAM solution."
"I would prefer better licensing options for the 20-100 users we have at a given time."
More Symantec Privileged Access Manager pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Privileged Access Management (PAM) solutions are best for your needs.
See recommendations
885,728 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Manufacturing Company
9%
Government
8%
Comms Service Provider
7%
Manufacturing Company
11%
Computer Software Company
8%
Financial Services Firm
8%
Government
8%
Comms Service Provider
10%
Marketing Services Firm
9%
Construction Company
9%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business15
Midsize Enterprise3
Large Enterprise15
By reviewers
Company SizeCount
Small Business45
Midsize Enterprise32
Large Enterprise91
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise6
Large Enterprise30
 

Questions from the Community

Looking for recommendations and a pros/cons template for software to detect insider threats
This is an inside-out --- outside-in --- inside-in question, as an insider can be an outsider as well. There is no sh...
See all answers
What is your experience regarding pricing and costs for BeyondTrust Endpoint Privilege Management?
BeyondTrust's pricing is premium but negotiable for Bangladesh. Expect 20-30% extra costs from currency/import factor...
See all answers
What needs improvement with BeyondTrust Endpoint Privilege Management?
In future updates of BeyondTrust Endpoint Privilege Management, I would prefer to see features for Password Safe and ...
See all answers
Which is better - Aruba Clearpass or Cisco ISE?
Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can...
See all answers
What are the main differences between Cisco ISE and Forescout Platform?
OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cann...
See all answers
How does Cisco ISE compare with Fortinet FortiNAC?
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if some...
See all answers
What is your experience regarding pricing and costs for Symantec Privileged Access Manager?
Due to the nature of the solution, it is hard to gauge, but compared to competitors, the pricing is very good. I woul...
See all answers
What needs improvement with Symantec Privileged Access Manager?
Recent releases need improvement in webpage management. For instance, navigating through a webpage that acts like a w...
See all answers
What is your primary use case for Symantec Privileged Access Manager?
With the customers that I have so far, I help them broker RDP sessions to sensitive servers, particularly those that ...
See all answers
 

Comparisons

CyberArk Privileged Access Manager vs BeyondTrust Endpoint Privilege Management Logo
CyberArk Privileged Access Manager vs BeyondTrust Endpoint Privilege Management
Compared 10% of the time
Symantec Identity Governance and Administration vs BeyondTrust Endpoint Privilege Management Logo
Symantec Identity Governance and Administration vs BeyondTrust Endpoint Privilege Management
Compared 8% of the time
CyberArk Endpoint Privilege Manager vs BeyondTrust Endpoint Privilege Management Logo
CyberArk Endpoint Privilege Manager vs BeyondTrust Endpoint Privilege Management
Compared 7% of the time
One Identity Safeguard vs BeyondTrust Endpoint Privilege Management Logo
One Identity Safeguard vs BeyondTrust Endpoint Privilege Management
Compared 4% of the time
Microsoft Defender for Endpoint vs BeyondTrust Endpoint Privilege Management Logo
Microsoft Defender for Endpoint vs BeyondTrust Endpoint Privilege Management
Compared 4% of the time
More BeyondTrust Endpoint Privilege Management Competitors
Aruba ClearPass vs Cisco Identity Services Engine (ISE) Logo
Aruba ClearPass vs Cisco Identity Services Engine (ISE)
Compared 25% of the time
Fortinet FortiNAC vs Cisco Identity Services Engine (ISE) Logo
Fortinet FortiNAC vs Cisco Identity Services Engine (ISE)
Compared 16% of the time
Forescout Platform vs Cisco Identity Services Engine (ISE) Logo
Forescout Platform vs Cisco Identity Services Engine (ISE)
Compared 7% of the time
Portnox vs Cisco Identity Services Engine (ISE) Logo
Portnox vs Cisco Identity Services Engine (ISE)
Compared 3% of the time
CyberArk Privileged Access Manager vs Cisco Identity Services Engine (ISE) Logo
CyberArk Privileged Access Manager vs Cisco Identity Services Engine (ISE)
Compared 3% of the time
More Cisco Identity Services Engine (ISE) Competitors
CyberArk Privileged Access Manager vs Symantec Privileged Access Manager Logo
CyberArk Privileged Access Manager vs Symantec Privileged Access Manager
Compared 25% of the time
ARCON Privileged Access Management vs Symantec Privileged Access Manager Logo
ARCON Privileged Access Management vs Symantec Privileged Access Manager
Compared 17% of the time
One Identity Safeguard vs Symantec Privileged Access Manager Logo
One Identity Safeguard vs Symantec Privileged Access Manager
Compared 10% of the time
Delinea Secret Server vs Symantec Privileged Access Manager Logo
Delinea Secret Server vs Symantec Privileged Access Manager
Compared 9% of the time
MasterSAM PMS vs Symantec Privileged Access Manager Logo
MasterSAM PMS vs Symantec Privileged Access Manager
Compared 7% of the time
More Symantec Privileged Access Manager Competitors
 

Product Reports

Buyer's Guide
BeyondTrust Endpoint Privilege Management
March 2026
BeyondTrust Endpoint Privilege Management reportDownload BeyondTrust Endpoint Privilege Management product report
Buyer's Guide
Cisco Identity Services Engine (ISE)
March 2026
Cisco Identity Services Engine (ISE) reportDownload Cisco Identity Services Engine (ISE) product report
Buyer's Guide
Symantec Privileged Access Manager
March 2026
Symantec Privileged Access Manager reportDownload Symantec Privileged Access Manager product report
 

Also Known As

BeyondTrust PowerBroker, BeyondTrust Endpoint Privilege Management for Windows, BeyondTrust Endpoint Privilege Management for Mac, BeyondTrust Endpoint Privilege Management for Linux, BeyondTrust Endpoint Privilege Management for Unix, Avecto Defendpoint
Cisco ISE
CA PAM, Xceedium Xsuite, CA Privileged Access Manager
 

Overview

BeyondTrust Endpoint Privilege Management enables organizations to mitigate attacks by removing excess privileges on Windows, Mac, Unix/Linux and networked devices. Remove excessive end user privileges and control applications on Windows, Mac, Unix, Linux, and networked devices without hindering end-user productivity.

Key Solutions Include:

-ENTERPRISE PASSWORD SECURITY

Discover, manage and monitor all privileged accounts and SSH keys, secure privileged assets, and report on all privileged account activity in a single solution.

-ENDPOINT LEAST PRIVILEGE

Enforce least privilege across all Windows and Mac endpoints, gain visibility into target system vulnerabilities, and control access to privileged applications without disrupting user productivity or compromising security.

-SERVER PRIVILEGE MANAGEMENT

Gain control and visibility over Unix, Linux and Windows server user activity without sharing the root or administrator account.

-A SINGLE PLATFORM FOR MANAGEMENT, POLICY, REPORTING AND THREAT ANALYTICS

Utilize a single solution to manage PAM policies and deployment, understand vulnerability and threat analytics, and provide reporting to multiple stakeholders and complementary security systems.

Learn more at https://www.beyondtrust.com/privilege-management

BeyondTrust

Cisco Identity Services Engine offers robust authentication, posture profiling, guest and secure access, and dynamic policy management. Known for its seamless integration with Cisco tools and network access control features, it ensures secure device and user authentication across networks.

Cisco Identity Services Engine is renowned for its capabilities in managing authentication, guest access, and policy management through segmentation. Its TrustSec functionality, alongside RADIUS and TACACS+ support, provides enhanced security, further augmented by its ability to operate in diverse environments. Its scalability and integration with Cisco solutions aid in maintaining network visibility and access control. Challenges include the complexity of initial deployments, somewhat cumbersome documentation, and limited integration in multi-vendor environments. While encountering issues in stability and updates, the demand for better analytics and straightforward troubleshooting alongside cost-effective licensing is notable.

What are the key features of Cisco Identity Services Engine?
  • Authentication: Secures user and device access to networks using robust authentication protocols.
  • Posture Profiling: Provides in-depth analysis of device compliance with security policies.
  • Guest Access Management: Allows controlled network access for guest users through streamlined processes.
  • Dynamic Policy Management: Enables automatic adjustment of security policies based on real-time data.
  • Segmentation via TrustSec: Enhances security levels by segmenting network traffic based on identity.
What benefits or ROI should users expect from Cisco Identity Services Engine?
  • Comprehensive Security: Ensures enforceable security policies across network access points.
  • Enhanced Integration: Facilitates seamless collaboration with existing Cisco infrastructures.
  • Improved Compliance: Helps meet industry security standards for network access and user rights.
  • Increased Visibility: Provides detailed insights into network traffic and user activities.
  • Device Management Efficiency: Streamlines the process of managing diverse devices within a single framework.

Industries implement Cisco Identity Services Engine primarily for network access control, ensuring secure authentication and segmentation in both wired and wireless environments. Supporting policies like bring-your-own-device and compliance standards, ISE manages identity-based access control, especially beneficial for entities that require detailed user rights management and integration within enterprise networks.

Cisco

CA Privileged Access Manager is a simple-to-deploy, automated, proven solution for privileged access management in physical, virtual and cloud environments. It enhances security by protecting sensitive administrative credentials such as root and administrator passwords, controlling privileged user access, proactively enforcing policies and monitoring and recording privileged user activity across all IT resources.  It includes CA PAM Server Control (previously CA Privileged Identity Manager) for fine-grained protection of critical servers

Broadcom
 

Sample Customers

Aera Energy LLC, Care New England, James Madison University
Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
NEOVERA, Telesis, eSoft
Buyer's Guide
Privileged Access Management (PAM)
March 2026
Download Free Report
Find out what your peers are saying about CyberArk, One Identity, Okta and others in Privileged Access Management (PAM). Updated: March 2026.
DOWNLOAD NOW
885,728 professionals have used our research since 2012.