We performed a comparison between Cisco ISE (Identity Services Engine) and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions received similar ratings in all categories. However, users recognize Cisco as a worldwide, well-known, and trusted brand and they like its flexibility.
"We have seen ROI. It has done its job. It has protected us when we needed it to."
"Our clients like Cisco ISE because they already use various Cisco solutions. It's easy for them to use this solution because they have an engineer with Cisco certifications."
"Profiling is one of the most valuable features. We have a lot of different devices between cameras, access points, and laptops that get plugged in."
"When we use ISE, one of the helpful things is that I can go through the dashboard and get every step along the way of how a device was authenticated. If it's failing, why did it fail? Why is it unauthorized? If there's an error, what is the error and how can I fix that error? If it's something that, if they should be passing, why are they failing?"
"Among the most valuable features is TACACS."
"It integrates with the rest of our platform, like our firewall, and helps us a lot. It also does a good job establishing trust for every access request."
"It has all of the features available, in fact, more than what you need."
"The most valuable feature is the ASDM - the user interface makes it very easy to configure the firewall."
"The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so."
"It is a robust product."
"I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault."
"All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information."
"It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization."
"The automatic rotation of credentials is probably the most useful feature."
"With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent"
"What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users."
"The knocks I have against the product are the number of bugs that we encounter, constantly, and the amount of upgrading that we have to do."
"A main issue is that the upgrade process, over time, is extraordinarily fragile. Repeatedly, over the past several years, when we've tried to upgrade our Cisco ISE implementation, the upgrade has broken it. Ultimately, we have then had to rebuild it because we need it."
"There are always some things that I would request."
"There is room for improvement in its ability to allow end users to self-enroll their devices. Instead, you should be able to assign that permission by AD group, which is currently not available."
"If you have someone taking care of it, it can be quite easy to manage the solution. Otherwise, if you don't look after it and take care of it day-to-day, then it will become more complex to run."
"The solution lacks properly knowledgeable support, especially internationally, and this is why I am exploring other applications."
"The interface could be more user-friendly and the ability to apply rules to MAC addresses, for example, if I wanted to allow a certain MAC address access at a particular time I cannot make this adjustment."
"It would be ideal if Cisco could provide some short training videos or documentation to customers to help them understand how to use the product."
"The continuous scanning of the assets is limited to Windows and Unix. We like to have the solution scan any databases, network devices, and security devices for privileged accounts. That would be very helpful."
"The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments."
"If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone."
"Sometimes the infrastructure team is hesitant to provide more resources."
"We would, of course, always prefer it if the pricing was cheaper."
"It can be made user-friendly, in the sense of the console is pretty outdated."
"It should be easier to install. It is a comprehensive product, which makes it difficult to install. You need to have their consulting services in order to get it all installed and set up correctly because there is so much going on. It would be nice if there were an easier way to do the installation without professional services. I suspect they get a fair amount of their money from professional services. So, there is not a huge incentive."
"They are sometimes not flexible with things. For instance, from one day to another, there might be something that had been done years ago by CyberArk, then they say, "We do not support that." You then have to initiate a complaint and start working with them. Things might become complicated and months pass while you are working with them. Usually, they are good and fast, but sometimes they seem to be blocked with problems, e.g., you will suddenly be working with another team instead of the team that you were working with the day before."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
More CyberArk Privileged Access Manager Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 59 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 37 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while CyberArk Privileged Access Manager is rated 8.4. The top reviewer of Cisco ISE (Identity Services Engine) writes "Secures devices and has good support, but needs a better interface". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas CyberArk Privileged Access Manager is most compared with Azure Active Directory (Azure AD), Delinea Secret Server, WALLIX Bastion, SailPoint IdentityIQ and One Identity Safeguard.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.