CyberArk Privileged Access Manager and Cisco Identity Services Engine (ISE) compete in the realm of cybersecurity solutions, focusing on access control and security management. Based on the comparison, CyberArk seems to have the upper hand in privileged access and session management, while Cisco ISE excels in comprehensive network access control and policy-based security management.
Features: CyberArk Privileged Access Manager offers extensive password management, session monitoring, and user customization capabilities due to its modular design. It provides the flexibility for tailored integration of various components and enhanced security features. Cisco Identity Services Engine offers a unified access control platform, dynamic VLAN assignments, and broad compatibility with devices and applications, emphasizing a policy-driven approach for network security and threat detection.
Room for Improvement: CyberArk faces challenges with plugin connector availability, user interface complexity, and integration issues, alongside a need for improved user-friendliness and reduced reliance on custom connectors. Cisco ISE is critiqued for its complex setup and challenging user interface, with a need for simpler deployment processes and improved third-party integration support.
Ease of Deployment and Customer Service: CyberArk offers on-premises, hybrid, and cloud solutions, although the on-premises setup can be complex, requiring expertise. Its support is professional but sometimes slow in responsiveness. Cisco ISE primarily supports on-premises deployments with growing cloud adoption; its extensive features make deployment challenging, although its support is generally responsive with room for improved escalation processes and customer education.
Pricing and ROI: CyberArk, considered a premium product, is priced higher yet justified by its rich feature set and security benefits. It poses a cost barrier for smaller businesses, though its security improvements often justify the investment. Cisco ISE also faces pricing concerns with complex licensing and high costs, potentially deterring buyers. Both solutions are noted for delivering strong ROI through increased security and efficiency but face obstacles due to high initial costs and licensing complexities.
Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.
The return on investment lies in improved security infrastructure, addressing over-privileged access, and reducing the risk of credential compromise, which is a major source of data breaches.
During our quantitative analysis, we estimated potential savings of one to ten million dollars a year by using a PAM solution.
With other tools such as Okta where you have self-service for resetting your own passwords and things like that, the average savings is 12 minutes, which is six dollars for a password reset, and you can extrapolate that over your organization.
I rate the technical support as one out of ten.
Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.
CyberArk has been exceptional in coming back to us with immediate responses.
It could be forever until you talk to someone who knows what they are doing.
They are helpful, but complex issues can take a long time to resolve, which can delay solutions for urgent customer issues.
Factors like architecture, business nature, and legal limitations such as GDPR affect it.
The CPM can reportedly handle up to 50,000 accounts independently without issue.
I would rate it a ten out of ten for scalability.
They had 40,000 passwords in this one safe, and it was saving the last ten iterations of each password object. That means they had 400,000 password objects in this safe. They exceeded the limit.
Cisco Identity Services Engine (ISE) is considered very reliable and stable.
The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication.
Proper fine-tuning and expertise ensure the product performs well.
Overall, the stability of the solution is high.
It has a large customer base and positive feedback within my network.
The whole setup works well with Cisco access points and Cisco switches, but when you have multiple vendors in the environment, such as HP switches or access points like Aruba, you'll find they will not work well with Cisco Identity Services Engine (ISE).
Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features.
They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases.
They want everything to be on the cloud, but even in the SaaS version of CyberArk Privileged Access Manager, they need to deploy some servers on-premises.
We cannot generate a plug-in for web-based applications.
If they want clients to move to the cloud, they need to support them in real-time.
Compared to other solutions like HPE ClearPass, Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.
The license costs can range between $50,000 to $100,000 per year for enterprises.
Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective.
CyberArk is expensive compared to other products I know.
CyberArk is comparatively expensive compared to other PAM solutions, such as Delinea, especially during renewal.
CyberArk's SaaS solution is particularly expensive.
Cisco Identity Services Engine (ISE) offers authentication using RADIUS, enhancing network security by separating and segregating networks.
The solution is integrated with other Cisco devices and can offer automation for an organization, making deployments more dynamic and providing real-time visibility.
Cisco Identity Services Engine (ISE) is very good at device administration.
CyberArk Privileged Access Manager helps ensure data privacy because we now know who is using which credentials and at what time.
It keeps a record of activities, allowing me to easily fetch screen recordings to detect any misuse and see who did what and what happened.
It can integrate with Splunk, SNMP, and other solutions and technologies.
Cisco Identity Services Engine (ISE) offers comprehensive network access control and visibility, supporting features like 802.1X authentication, profiling, and posturing. It integrates with Microsoft and other Cisco products, facilitating robust security policies across distributed networks.
Cisco Identity Services Engine is a key player in network access control, offering centralized management and a user-friendly interface. It supports zero trust principles and provides strong authentication for wired and wireless networks. ISE's capabilities include granular security policies, enhanced device posturing, and seamless integration, bolstering security infrastructure. Users benefit from its dual authentication through EAP, simplifying access management across networks.
What are the key features of Cisco ISE?In industries like finance, healthcare, and education, Cisco ISE is pivotal for securing wired and wireless networks, implementing BYOD policies, and managing user access. Organizations leverage ISE for effective authentication and authorization, while maintaining compliance with industry security standards.
CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.
CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.
Benefits of CyberArk Privileged Access Manager
Some of CyberArk Privileged Access Manager’s benefits include:
Reviews from Real Users
CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.
PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."
Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
