• Home
  • Cisco ISE (Identity Services Engine) vs. CyberArk Privileged Access Manager

Cisco ISE (Identity Services Engine) vs CyberArk Privileged Access Manager comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Network Access Control (NAC)
May 2023
Executive Summary
Updated on Sep 7, 2022

We performed a comparison between Cisco ISE (Identity Services Engine) and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Cisco ISE users have mixed reviews on the ease of deployment. Users of CyberArk Privileged Access Manager say the initial setup is complex and requires technical expertise.
  • Features: Users say both products have good stability and scalability.

    Cisco ISE users like that the solution is flexible, secure, and has a good GUI. Users would like to see better migration to the cloud and would like to see a hybrid option.

    CyberArk users like the solution’s performance, password protection, and monitoring tools. Reviewers mention that it lacks flexibility.
  • Pricing: Users of both solutions consider the pricing to be expensive.
  • Service and Support: Most users of both solutions are satisfied with the level of support they receive.
  • ROI: Users of both solutions report a positive ROI.

Comparison Results: The two solutions received similar ratings in all categories. However, users recognize Cisco as a worldwide, well-known, and trusted brand and they like its flexibility.

To learn more, read our detailed Network Access Control (NAC) Report (Updated: May 2023).
Download the complete report
709,643 professionals have used our research since 2012.
Featured Review
Paul Bezouska
SGTs enable us to leverage security based on those tags and integrate with other SG firewalls
It has improved our organization very much because we're now adopting the SGTs, Security Group Tags, and we're leveraging security based on those... Read more →
Muamer Riza Gani
Plenty of features, scalable, and responsive support
One of the benefits of using CyberArk Privileged Access Manager is we have an audit trail that fits the requirements of our organization and we are... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We have seen ROI. It has done its job. It has protected us when we needed it to.""Our clients like Cisco ISE because they already use various Cisco solutions. It's easy for them to use this solution because they have an engineer with Cisco certifications.""Profiling is one of the most valuable features. We have a lot of different devices between cameras, access points, and laptops that get plugged in.""When we use ISE, one of the helpful things is that I can go through the dashboard and get every step along the way of how a device was authenticated. If it's failing, why did it fail? Why is it unauthorized? If there's an error, what is the error and how can I fix that error? If it's something that, if they should be passing, why are they failing?""Among the most valuable features is TACACS.""It integrates with the rest of our platform, like our firewall, and helps us a lot. It also does a good job establishing trust for every access request.""It has all of the features available, in fact, more than what you need.""The most valuable feature is the ASDM - the user interface makes it very easy to configure the firewall."

More Cisco ISE (Identity Services Engine) Pros →

"The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so.""It is a robust product.""I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault.""All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information.""It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization.""The automatic rotation of credentials is probably the most useful feature.""With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent""What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users."

More CyberArk Privileged Access Manager Pros →

Cons
"The knocks I have against the product are the number of bugs that we encounter, constantly, and the amount of upgrading that we have to do.""A main issue is that the upgrade process, over time, is extraordinarily fragile. Repeatedly, over the past several years, when we've tried to upgrade our Cisco ISE implementation, the upgrade has broken it. Ultimately, we have then had to rebuild it because we need it.""There are always some things that I would request.""There is room for improvement in its ability to allow end users to self-enroll their devices. Instead, you should be able to assign that permission by AD group, which is currently not available.""If you have someone taking care of it, it can be quite easy to manage the solution. Otherwise, if you don't look after it and take care of it day-to-day, then it will become more complex to run.""The solution lacks properly knowledgeable support, especially internationally, and this is why I am exploring other applications.""The interface could be more user-friendly and the ability to apply rules to MAC addresses, for example, if I wanted to allow a certain MAC address access at a particular time I cannot make this adjustment.""It would be ideal if Cisco could provide some short training videos or documentation to customers to help them understand how to use the product."

More Cisco ISE (Identity Services Engine) Cons →

"The continuous scanning of the assets is limited to Windows and Unix. We like to have the solution scan any databases, network devices, and security devices for privileged accounts. That would be very helpful.""The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments.""If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone.""Sometimes the infrastructure team is hesitant to provide more resources.""We would, of course, always prefer it if the pricing was cheaper.""It can be made user-friendly, in the sense of the console is pretty outdated.""It should be easier to install. It is a comprehensive product, which makes it difficult to install. You need to have their consulting services in order to get it all installed and set up correctly because there is so much going on. It would be nice if there were an easier way to do the installation without professional services. I suspect they get a fair amount of their money from professional services. So, there is not a huge incentive.""They are sometimes not flexible with things. For instance, from one day to another, there might be something that had been done years ago by CyberArk, then they say, "We do not support that." You then have to initiate a complaint and start working with them. Things might become complicated and months pass while you are working with them. Usually, they are good and fast, but sometimes they seem to be blocked with problems, e.g., you will suddenly be working with another team instead of the team that you were working with the day before."

More CyberArk Privileged Access Manager Cons →

Pricing and Cost Advice
  • "The price of the solution is price fair for the features you receive."
  • "The price is a bit on the high side."
  • "I believe I have paid around $1,000 in licensing fees. The license is annual."
  • "The technology is good, but to use some of the other features, and capabilities, they request that we purchase the Cisco DNA Center. As a result, the bundled price is a little high."
  • "It would be beneficial to have a single license that included all of the features."
  • "The price of Cisco ISE (Identity Services Engine) is expensive and we are thinking about changing to FortiGate."
  • "There is a license to use this solution and the price is reasonable."
  • "It costs around 50,000 baht in the first year, but I'm unsure about the second year."

    • More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →

  • "The price of CyberArk support could be a little bit less. Otherwise, pricing is fine."
  • "Before we bought it, they were licensing each function individually, which got complicated and very expensive. When we decided to buy it, it was much more straightforward and still quite expensive, but it brings a lot of value and risk reduction to the organization."
  • "It is in line with its competitors, but all such solutions cost too much money."
  • "CyberArk DNA is free if you purchase the CyberArk solution. There is no additional charge for CyberArk DNA, which is great."
  • "The main problem for the tool is its licensing. I work for a really big company. When you try to develop this as a service, usually you work with leverage teams who are formed with dozens of members. You might dedicate one FTE, or less, for something, e.g., an antivirus administrator. You might have half an FTE's effort dedicated to administering the antivirus, but then you have a team of about 30 users who might access that ticket. The problem is that CyberArk eliminated the possibility of concurrent users years ago. This is a big problem for companies who work with leverage teams. You need to pay for everyone. 40 licenses are used by 20 or 30 people. This is a big problem because licenses are not precisely cheap."
  • "It's expensive, certainly. But CyberArk is the leader in the market with regards to privileged access management. You pay a lot, but you are paying for the value that is being delivered."
  • "Previously, the pricing was very meager. They started publicizing and advertising the solution, growing CyberArk, as an organization. They also changed their pricing with that growth, e.g., the pricier the product, the more people who will purchase it."
  • "Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive."

    • More CyberArk Privileged Access Manager Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
    See Recommendations
    709,643 professionals have used our research since 2012.
    Questions from the Community
    Which is better - Aruba Clearpass or Cisco ISE?
    Top Answer: Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can… more »
    What are the main differences between Cisco ISE and Forescout Platform?
    Top Answer:OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers… more »
    Read all 3 answers   →
    How does Cisco ISE compare with Fortinet FortiNAC?
    Top Answer:Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user… more »
    How does Sailpoint IdentityIQ compare with CyberArk PAM?
    Top Answer:We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the… more »
    Read all 2 answers   →
    What do you like most about CyberArk Privileged Access Manager?
    Top Answer:The most valuable feature of CyberArk Privileged Access Manager is privileged threat analytics.
    Read all 35 answers   →
    What is your experience regarding pricing and costs for CyberArk Privileg...
    Top Answer:The price of the solution is reasonable. I rate the price CyberArk Privileged Access Manager a seven out of ten.
    Read all 24 answers   →
    Ranking
    1st
    out of 21 in Network Access Control (NAC)
    Views
    36,619
    Comparisons
    25,360
    Reviews
    53
    Average Words per Review
    656
    Rating
    8.1
    1st
    out of 42 in Privileged Access Management (PAM)
    Views
    32,107
    Comparisons
    19,292
    Reviews
    30
    Average Words per Review
    938
    Rating
    8.5
    Comparisons
    Also Known As
    Cisco ISE
    CyberArk Privileged Access Security
    Learn More
    Cisco
    CyberArk
    Video Not Available
    Overview

    Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

    Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

    Features of Cisco ISE

    • Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
    • Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
    • Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
    • Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
    • Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
    • Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
    • Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
    • Device profiling: ISE features predefined device templates for different types of endpoints.
    • Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

    Benefits of Cisco ISE

    Cisco’s holistic approach to network access security has several advantages:

    • Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
    • Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
    • Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
    • Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
    • Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

    Support

    You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

    Licensing

    Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

    Reviews from Real Users

    "The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

    Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

    “Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

    Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."




    CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

    CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

    Benefits of CyberArk Privileged Access Manager

    Some of CyberArk Privileged Access Manager’s benefits include:

    • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
    • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
    • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

    Reviews from Real Users

    CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

    PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

    Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

    Offer
    Learn more about Cisco ISE (Identity Services Engine)
    Learn More
    Learn more about CyberArk Privileged Access Manager
    Learn More
    Sample Customers
    Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
    Rockwell Automation
    Top Industries
    REVIEWERS
    Comms Service Provider15%
    Financial Services Firm11%
    Government10%
    Computer Software Company10%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Educational Organization15%
    Government10%
    Comms Service Provider7%
    REVIEWERS
    Financial Services Firm23%
    Computer Software Company15%
    Insurance Company12%
    Healthcare Company9%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Educational Organization13%
    Financial Services Firm13%
    Government6%
    Company Size
    REVIEWERS
    Small Business27%
    Midsize Enterprise23%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise25%
    Large Enterprise58%
    REVIEWERS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise23%
    Large Enterprise60%
    Buyer's Guide
    Network Access Control (NAC)
    May 2023
    Download Free Report
    Find out what your peers are saying about Cisco, Aruba Networks, Forescout and others in Network Access Control (NAC). Updated: May 2023.
    DOWNLOAD NOW
    709,643 professionals have used our research since 2012.

    Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 59 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 37 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while CyberArk Privileged Access Manager is rated 8.4. The top reviewer of Cisco ISE (Identity Services Engine) writes "Secures devices and has good support, but needs a better interface". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas CyberArk Privileged Access Manager is most compared with Azure Active Directory (Azure AD), Delinea Secret Server, WALLIX Bastion, SailPoint IdentityIQ and One Identity Safeguard.

    We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.