We performed a comparison between Cisco ISE (Identity Services Engine) and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions received similar ratings in all categories. However, users recognize Cisco as a worldwide, well-known, and trusted brand and they like its flexibility.
"Easy to use and provides good support"
"It integrates with the rest of our platform, like our firewall, and helps us a lot. It also does a good job establishing trust for every access request."
"The product is stable."
"The most valuable feature of Cisco ISE is its seamless integration with the switches and the entire suite, enabling wireless access and smooth client information retrieval."
"Using this solution gives us the ability to allow proper access to the network."
"They have recently made a lot of improvements. My clients don't have much to complain about."
"I really enjoy the live log section. Sometimes, you will have someone who is having issues connecting to the network, and then you have to ask them the dreaded question of, "Did you type a password wrong?" They will probably tell you, "No," but the live log can help sort that out. It gives us that extra ability to assist the end user and make sure that we are making them happy."
"When you push out the policy, it is able to populate the entire network at one time."
"Automates password management to remove the human chain weakness."
"The password vault and session monitoring are useful."
"Its' quite stable."
"For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks."
"The product is for hardening access and making the organization more secure, therefore reducing chances of a breach."
"Technical support is very helpful whenever we have any questions."
"We've written over a hundred custom connectors ourselves that allow us to do all types of privileged session management for various applications. On top of that, the rest of the API-based central credential providers allow us to get away from credentials that may be hard-coded in the script or some application."
"If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network."
"The Guest Network verification needs to add a QR code option."
"The interface could be more user-friendly and the ability to apply rules to MAC addresses, for example, if I wanted to allow a certain MAC address access at a particular time I cannot make this adjustment."
"An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment."
"We do tend to run into a lot of issues with ISE when it comes to bugs."
"Adding new devices was a little cumbersome. I haven't done it that many times, but I remember that adding new devices to the authentication piece of it was a little cumbersome. The way I was shown to do it, I thought it was odd because we had to go into the active device, copy the file down, export it, make some changes to it, and then reimport it as opposed to being able to click it and having a template to fill out."
"There should be an easier way to do the upgrades. There are a lot of steps to get to the next version from the previous version which ends up being a bit of the headache with the upgrade."
"There should be more visibility into TrustSec policy actions. When TrustSec blocks something or makes any kind of changes to the network, we don't always see that. We have to log into the switch itself, or we have to get some type of Syslog parsing to do that."
"The interface is a little bit complex."
"The issue of technical support is crucial, as there are not many specialized partners available in Brazil to provide this service. While English language support is of good quality, there is a significant shortage of partners capable of meeting the demand locally."
"The solution could improve by adding more connectors."
"I don't know if "failed authentication" is a glitch or if that was an update... However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up. So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended." It doesn't say that anymore."
"The scalability, sometimes, is lacking. It works really well for more static environments... But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up."
"There was a functionality of the solution that was missing. I had noticed it in Beyond Trust, but not in this solution. But, recently they have incorporated something similar."
"I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool."
"There should be more models and licensing plans for this software."
"The Vault's disaster recovery features need improvement."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
More CyberArk Privileged Access Manager Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 135 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while CyberArk Privileged Access Manager is rated 8.8. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas CyberArk Privileged Access Manager is most compared with Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and Zscaler Internet Access.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.