Find out in this report how the two Cisco Security Portfolio solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Cisco ISE (Identity Services Engine) vs. Cisco Secure Endpoint Report (Updated: May 2024).

Buyer's Guide

Cisco ISE (Identity Services Engine) vs. Cisco Secure Endpoint

May 2024

Download the complete report

Helped 793,295 peers since 2012

Categories and Ranking

Cisco ISE (Identity Service...

Ranking in Cisco Security Portfolio

1st

Average Rating

8.2

Number of Reviews

139

Ranking in other categories

Network Access Control (NAC) (1st)

Cisco Secure Endpoint

Ranking in Cisco Security Portfolio

7th

Average Rating

8.6

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (11th), Endpoint Detection and Response (EDR) (9th)

Mindshare comparison

As of July 2024, in the Cisco Security Portfolio category, the mindshare of Cisco ISE (Identity Services Engine) is 22.4%, up from 16.3% compared to the previous year. The mindshare of Cisco Secure Endpoint is 7.1%, up from 5.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Cisco Security Portfolio

Unique Categories:

Network Access Control (NAC)

25.7%

Endpoint Protection Platform (EPP)

1.5%

Endpoint Detection and Response (EDR)

1.8%

Featured Reviews

Rohit-Joshi

Head of IT Infrastructure at LTI - Larsen & Toubro Infotech

Aug 3, 2023

Enables us to ensure that any machine that comes into the network is patched and secure

Posturing is the most valuable feature. There are other tools available that can do some of their other features, like network authentication. The posturing was something because of the nature of the industry that we are in. There are people who go outside for work. Their machines are at times not in the network, and not patched properly. We don't know when they're going to come back, whether it is in a good state, whether it has antivirus, whether it's installed on those machines. Posturing is something that we have made our baseline policy that whenever a machine comes back to our network, it should have a certain level of the operating system and a level of security and antivirus installed. We couldn't have done this posturing without Cisco ISE. This is its greatest feature. It does help me to detect and remediate my network. It enables me to detect any external threat that comes to my network and remediate. If a machine comes into my network that does not qualify per my baseline policy, I have a policy that the machine gets redirected to where it can be patched and remediated. I can ensure that it is fully patched and secure. The entire idea of having ISE is to enhance cybersecurity resilience. The zero trust architecture was coined by the cybersecurity team itself. It was a task given to us in the infrastructure space to see how we can bring resilience into the cybersecurity network and ISE was the solution.

Read full review

Emile Stam

Chief Commercial Officer at open line

Apr 9, 2023

Provides behavioral analytics and works on all types of devices and endpoints

Most of the customers don't even know that they are more secure. It's like they expect to be secure, but the moment we have a big threat from the outside, they will see and they will know that we are far faster and better able to protect them and react to threats from the outside. Cisco Secure has saved us time, especially the SecureX platform has helped us to automate certain processes and do analytics. That prevents us from taking each individual part of the logging. They have the intelligence in there to do the first check for us, and that saves a lot of time. There is a reduction in operating expenditures but not only from the Secure perspective. Our full stack is based on Cisco, so we leverage the full integration part of that. We have our compute, we have our networking, and we have our security, and that makes it easier because you have less interfaces with different products. From a technical perspective, I would rate it quite high for securing our infrastructure from end to end. From a behavioral perspective, in terms of the end customers leveraging it, there's still a little bit of work to do because we need to help the end customers to be more aware of what they're doing. On the endpoint for a user, they don't exactly see what is happening. From a visual perspective, you also want to have a feeling that you're safe or you get some tips or tricks to be safer, but for the most important part, which is the technical part, I would rate it very high. We really trust Cisco.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The interface is pretty easy to use."

"For device administration, all devices have multifactor authentication in collaboration with IT, so it secures access to all of our devices. For guest and wireless access, it's a matter of a lowly manager who we give access to the portal and he can assign access to the guests, so it's a very simple process now. It keeps the IT focusing on their work, and gives the business people the right access."

"Being able to authenticate wired users through 802.1X is valuable as it enhances our security."

"The authorization and accounts inside of ISE are very useful for us."

"Profiling is one of the most valuable features. We have a lot of different devices between cameras, access points, and laptops that get plugged in."

"The RADIUS Server holds the most value."

"It's scalable."

"Cisco ISE integrates with everything else."

More Cisco ISE (Identity Services Engine) pros

"The product's initial setup phase was very simple."

"The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected."

"The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."

"Its most valuable features are its scalability and advanced threat protection for customers."

"The most valuable feature of the solution is its technical support."

"The console feature gives a centralized management of what's going on, and if something happens, it gives you an alert. So, that's the most important feature for me."

"There are several valuable features including strong prevention and exceptional reporting capabilities."

"Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts."

More Cisco Secure Endpoint pros

Cons

"The upgrades could be better. Every time we try to do an upgrade, we have problems. It's a pain."

"Cisco ISE is very complex and not very easy to deploy."

"An issue with the product is it tends to have a lot of bugs whenever they release a new release."

"There can be a little bit more integration between the controller management and ISE. There are two dashboards, you have the controller dashboards, and you have the ISE dashboard it would is a way to maybe integrate that into one. That would be great. It's not that bad. It would be easier if it could be combined into one dashboard."

"The pricing and licensing structure are not ideal for customers."

"I think some areas where ISE could be better are perhaps in the number of integrations that they offer from a virtual standpoint, as well as having a better and more comprehensive pathway for the customer to go from a physical environment to a virtual one."

"The user interface can be improved."

"The admin interface is really slow. It's horrible."

More Cisco ISE (Identity Services Engine) cons

"The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product."

"Its price is okay for us, but it can always be better. There's always room for improvement when it comes to pricing."

"It's pretty good as it is, but its cost could be improved."

"Maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that."

"In the next version of this solution, I would like to see the addition of local authentication."

"It cannot currently block URLs over websites."

"One of the things that Cisco Secure Endpoint really needs is that it's not just Secure Endpoint, it's a point product, and I think we really need to move into solution-based selling, designing, and architecting. So that we're not worried about putting things on endpoints and selling 'x' amount of endpoints, but to provide a solution that covers all of the remote access and sell them as solutions that cover multiple things."

"It does not include encryption and decryption of local file shares."

More Cisco Secure Endpoint cons

Pricing and Cost Advice

"Cybersecurity resilience has been very important to our organization and has been a big factor. We've had issues in the past, but one of the things I like about ISE is its logging features. Security wise or information wise, it really has been a powerful tool."

"Licensing has got much simpler since Cisco moved to the DNA model because we just have the three tiers, but it could always stand to be improved upon."

"It is fair."

"I would rate the pricing an eight out of ten, one being cheap and ten being expensive."

"ISE has always been expensive compared to other products in terms of what it does on a user level."

"The solution’s pricing is okay."

"The SMARTnet technical support is available at an additional cost."

"Hardware appliances are expensive...Now moving to DNA-styled licensing, we have subscription-based licensing for everything. I hope it will continue to be fair, but we will have to wait and see."

More Cisco ISE (Identity Services Engine) pricing and cost advice

"The solution is highly affordable; I believe we pay $2 or $3 per endpoint. It's significantly cheaper than the competitors on the market."

"It can always be cheaper."

"Whenever you are doing the licensing process, I would highly advise to look at what other Cisco solutions you have in your organization, then evaluate if an Enterprise Agreement is the best way to go. In our case, it was the best way to go. Since we had so many other Cisco products, we were able to tie those in. We were actually able to get several Cisco security solutions for less than if we had bought three or four Cisco security solutions independently or ad hoc."

"The pricing and licensing are reasonable. The cost of AMP for Endpoints is inline with all the other software that has a monthly endpoint cost. It might be a little bit higher than other antivirus type products, but we're only talking about a dollar a month per user. I don't see that cost as being an issue if it's going to give us the confidence and security that we're looking for. We have had a lot of success and happiness with what we're using, so there's no point in changing."

"The price is very good."

"We had faced some license issues, but it has been improved. At the beginning of the implementation, we faced a lot of licensing issues, but now, we have EA licensing, which gives us an opportunity to grow."

"Cisco Secure Endpoint is not too expensive and it's not cheap. It's quite fair."

"The visibility that we have into the endpoint and the forensics that we're able to collect give us value for the price. This is not an overly expensive solution, considering all the things that are provided. You get great performance and value for the cost."

More Cisco Secure Endpoint pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Cisco Security Portfolio solutions are best for your needs.

See recommendations

793,295 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

24%

Computer Software Company

16%

Government

Financial Services Firm

Computer Software Company

17%

Government

Financial Services Firm

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?

Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...

See all answers

What are the main differences between Cisco ISE and Forescout Platform?

OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...

See all answers

How does Cisco ISE compare with Fortinet FortiNAC?

Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...

See all answers

What do you like most about Cisco Secure Endpoint?

The product's initial setup phase was very simple.

See all answers

What is your experience regarding pricing and costs for Cisco Secure Endpoint?

It is an expensive solution.

See all answers

What needs improvement with Cisco Secure Endpoint?

The solution can be cheaper.

See all answers

Comparisons

Aruba ClearPass vs Cisco ISE (Identity Services Engine)

Compared 27% of the time

Fortinet FortiNAC vs Cisco ISE (Identity Services Engine)

Compared 17% of the time

Forescout Platform vs Cisco ISE (Identity Services Engine)

Compared 14% of the time

CyberArk Privileged Access Manager vs Cisco ISE (Identity Services Engine)

Compared 11% of the time

Fortinet FortiAuthenticator vs Cisco ISE (Identity Services Engine)

Compared 4% of the time

More Cisco ISE (Identity Services Engine) Competitors

Microsoft Defender for Endpoint vs Cisco Secure Endpoint

Compared 16% of the time

CrowdStrike Falcon vs Cisco Secure Endpoint

Compared 11% of the time

Cortex XDR by Palo Alto Networks vs Cisco Secure Endpoint

Compared 9% of the time

Check Point Harmony Endpoint vs Cisco Secure Endpoint

Compared 5% of the time

More Cisco Secure Endpoint Competitors

Product Reports

Buyer's Guide

Cisco ISE (Identity Services Engine)

July 2024

Cisco ISE (Identity Services Engine) report

Download Cisco ISE (Identity Services Engine) product report

Buyer's Guide

Cisco Secure Endpoint

July 2024

Download Cisco Secure Endpoint product report

Also Known As

Cisco ISE

Cisco AMP for Endpoints

Learn More

Cisco

Video not available

Cisco

Overview

Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

Features of Cisco ISE

Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
Device profiling: ISE features predefined device templates for different types of endpoints.
Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

Benefits of Cisco ISE

Cisco’s holistic approach to network access security has several advantages:

Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

Support

You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

Licensing

Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

Reviews from Real Users

"The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

“Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."

Cisco Secure Endpoint is a comprehensive endpoint security solution that natively includes open and extensible extended detection and response (XDR) and advanced endpoint detection and response (EDR) capabilities. Secure Endpoint offers relentless breach protection that enables you to be confident, be bold, and be fearless with one of the industry’s most trusted endpoint security solutions. It protects your hybrid workforce, helps you stay resilient, and secures what’s next with simple, comprehensive endpoint security powered by unique insights from 300,000 security customers and deep visibility from the networking leader.

Cisco Secure Endpoint was formerly known as Cisco AMP for Endpoints.

Reviews from Real Users

Cisco Secure Endpoint stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to easily secure their endpoints with one single operation using its management console and its advanced alerting techniques.

Tim C., an IT manager at Van Der Meer Consulting, writes, "The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."

Wouter H., a technical team lead network & security at Missing Piece BV, notes, "Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University

Heritage Bank, Mobile County Schools, NHL University, Thunder Bay Regional, Yokogawa Electric, Sam Houston State University, First Financial Bank

Buyer's Guide

Cisco ISE (Identity Services Engine) vs. Cisco Secure Endpoint

May 2024

Free Report: Cisco ISE (Identity Services Engine) vs. Cisco Secure Endpoint

Find out what your peers are saying about Cisco ISE (Identity Services Engine) vs. Cisco Secure Endpoint and other solutions. Updated: May 2024.

DOWNLOAD NOW

793,295 professionals have used our research since 2012.

See our Cisco ISE (Identity Services Engine) vs. Cisco Secure Endpoint report.

See our list of best Cisco Security Portfolio vendors.

We monitor all Cisco Security Portfolio reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.