CyberArk Privileged Access Manager and Cisco Identity Services Engine (ISE) compete in the domain of privileged access and network security. While CyberArk is known for its comprehensive, modular features and robust password management, Cisco ISE excels in network access control with strong policy enforcement capabilities. Based on the data, CyberArk has an edge due to its advanced feature set and centralized management.
Features: CyberArk Privileged Access Manager boasts the Enterprise Password Vault for secure storage, the Privileged Session Manager to monitor sessions in real-time, and the Application Identity Manager to handle application credentials securely. Cisco ISE is valued for features like Radius for flexible network access control, device profiling that adds another security layer, and its seamless integration within Cisco products.
Room for Improvement: CyberArk's user interface could use modernization, enhanced reporting and expanded cloud integration options. Its high pricing is often considered prohibitive for smaller enterprises. Cisco ISE users find complexity in its deployment and licensing changes challenging, noting room for improvement in performance and integrations beyond Cisco products.
Ease of Deployment and Customer Service: CyberArk provides solid on-premises and hybrid cloud deployment options, though setups are intricate and often need professional assistance. Their technical support is generally dependable but occasionally slow during critical issues. Cisco ISE offers flexible deployment but faces criticism over complex setups. It benefits from a strong customer service network, but its confusing licensing remains a hurdle.
Pricing and ROI: CyberArk is positioned at a premium due to its expansive feature set, offering security returns over time despite significant initial investments. Cisco ISE is also priced at the higher end but provides value through its integration and extensive features. Some customers struggle to justify its cost, pointing to licensing complexity as a factor. Both solutions require clearer pricing models to improve adoption rates.
Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.
The return on investment lies in improved security infrastructure, addressing over-privileged access, and reducing the risk of credential compromise, which is a major source of data breaches.
The end users have the authority to reconcile the password or verify it before using session isolation, which is one of the unique features that can be enabled through Privileged Session Manager, preventing any attacks from happening within the organization when connected with sessions through CyberArk Privileged Access Manager.
CyberArk Privileged Access Manager has helped customers save on costs primarily by reducing the number of engineering and information security personnel.
I rate the technical support as one out of ten.
Cisco support has pretty good teams for support and every time we had good answers and we could somehow solve the issues we had.
Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.
CyberArk has been exceptional in coming back to us with immediate responses.
It could be forever until you talk to someone who knows what they are doing.
Based on the issue resolution and support quality, I rate the support 10 out of 10.
Factors like architecture, business nature, and legal limitations such as GDPR affect it.
However, you can have some latency issues depending on where your devices are.
The CPM can reportedly handle up to 50,000 accounts independently without issue.
I would rate it a ten out of ten for scalability.
They had 40,000 passwords in this one safe, and it was saving the last ten iterations of each password object. That means they had 400,000 password objects in this safe. They exceeded the limit.
Cisco Identity Services Engine (ISE) is considered very reliable and stable.
The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication.
Sometimes when we have upgrades or failovers with Cisco Identity Services Engine (ISE), we had some minor issues.
Proper fine-tuning and expertise ensure the product performs well.
Overall, the stability of the solution is high.
It has a large customer base and positive feedback within my network.
The whole setup works well with Cisco access points and Cisco switches, but when you have multiple vendors in the environment, such as HP switches or access points like Aruba, you'll find they will not work well with Cisco Identity Services Engine (ISE).
Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features.
They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases.
They want everything to be on the cloud, but even in the SaaS version of CyberArk Privileged Access Manager, they need to deploy some servers on-premises.
We cannot generate a plug-in for web-based applications.
If they want clients to move to the cloud, they need to support them in real-time.
Compared to other solutions like HPE ClearPass, Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.
The license costs can range between $50,000 to $100,000 per year for enterprises.
Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective.
CyberArk is expensive compared to other products I know.
CyberArk is comparatively expensive compared to other PAM solutions, such as Delinea, especially during renewal.
CyberArk's SaaS solution is particularly expensive.
Cisco Identity Services Engine (ISE) offers authentication using RADIUS, enhancing network security by separating and segregating networks.
There is value because it helps us secure the network and prevents certain things from happening which could cause financial loss.
The adaptability of Cisco Identity Services Engine (ISE) policy enforcement can fit to the site we have depending on which kind of devices we have on site and then the needs for authentication, granting access and then assigning each device into its correct network for segmentation.
CyberArk Privileged Access Manager helps ensure data privacy because we now know who is using which credentials and at what time.
It keeps a record of activities, allowing me to easily fetch screen recordings to detect any misuse and see who did what and what happened.
It can integrate with Splunk, SNMP, and other solutions and technologies.
| Product | Market Share (%) |
|---|---|
| Cisco Identity Services Engine (ISE) | 23.8% |
| Aruba ClearPass | 22.7% |
| Fortinet FortiNAC | 17.3% |
| Other | 36.2% |
| Product | Market Share (%) |
|---|---|
| CyberArk Privileged Access Manager | 14.6% |
| Delinea Secret Server | 6.5% |
| WALLIX Bastion | 6.5% |
| Other | 72.4% |
| Company Size | Count |
|---|---|
| Small Business | 44 |
| Midsize Enterprise | 31 |
| Large Enterprise | 91 |
| Company Size | Count |
|---|---|
| Small Business | 59 |
| Midsize Enterprise | 41 |
| Large Enterprise | 171 |
Cisco Identity Services Engine (ISE) offers comprehensive network access control and visibility, supporting features like 802.1X authentication, profiling, and posturing. It integrates with Microsoft and other Cisco products, facilitating robust security policies across distributed networks.
Cisco Identity Services Engine is a key player in network access control, offering centralized management and a user-friendly interface. It supports zero trust principles and provides strong authentication for wired and wireless networks. ISE's capabilities include granular security policies, enhanced device posturing, and seamless integration, bolstering security infrastructure. Users benefit from its dual authentication through EAP, simplifying access management across networks.
What are the key features of Cisco ISE?In industries like finance, healthcare, and education, Cisco ISE is pivotal for securing wired and wireless networks, implementing BYOD policies, and managing user access. Organizations leverage ISE for effective authentication and authorization, while maintaining compliance with industry security standards.
CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.
CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.
Benefits of CyberArk Privileged Access Manager
Some of CyberArk Privileged Access Manager’s benefits include:
Reviews from Real Users
CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.
PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."
Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
