We performed a comparison between Cisco ISE and Forescout Platform based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco is a worldwide, well-known, trusted, and respected branded product, and despite its known complexities, Cisco ISE pushes just ahead of Forescout Platform. Forescout Platform has just a few buggy issues and is lacking in some reporting structure, which makes Cisco ISE an easier choice.
"I found the CMDB Direct Connect in Cisco ISE 3.2 the most promising feature for my use case."
"TACACS and .1X security are the most valuable features. TACACS acts for user control, so no one can authenticate to our network devices, and .1X is to validate that unauthorized devices are plugged into our network."
"At the moment, ISE seems to integrate very well with a number of other technologies."
"Profiling is one of the most valuable features. We have a lot of different devices between cameras, access points, and laptops that get plugged in."
"The most valuable features are authentication, we have more granular control on the access policies for the administrators. The solution is easy to use, has a center point administration, and has a good GUI."
"Cisco ISE's profiling and posturing features ensure that all devices are compliant with regulatory authorities."
"The RADIUS Server holds the most value."
"We were originally a Cisco shop and Cisco ISE integrated well with our other Cisco switches and networks."
"The most valuable features of the Forescout Platform are NAC for sharing, Network Access Control, and port sharing of the devices."
"The user management has been very easy for the most part."
"Ease of deployment There's a great support team that becomes actively engaged whenever we encounter issues. Their technical support is amazing. Good documentation is available. The product is stable. The solution is highly scalable. I recommend using the solution because it gives verified control over the environment. It has a great visibility feature."
"The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment."
"The most valuable feature of the Forescout Platform is the large capacity it can handle. Additionally, the interface of the platform is good."
"Forescout Platform's best feature is plug-in integration."
"The scalability is good."
"The threat prevention feature provides complete visibility."
"The Guest Network verification needs to add a QR code option."
"Difficult to figure out the protocols and nodes in order to implement correctly."
"If Cisco could grant more control, the features could be more focused on network and security administration, reducing the need for integration with other components."
"The user interface can be improved."
"In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support."
"Cisco ISE integration with Cisco ACI is something that can be done in a less complex way. And the simplification in that area may help us do better."
"I don't like the fact that we can see the logs only for 24 hours. Maybe that happens because of the way we set it up."
"A lot of people tell you the hardware requirements for ISE are pretty substantial. If you're running a virtual environment, you're going to be dedicating quite a bit of resources to an ISE VM. That is something that could be worked on."
"If older network devices are used there can be some compatibility issues while using the Forescout Platform. Additionally, if the switches that are deployed in your infrastructure are not captured properly to the endpoints there might be some difficulties with Forescout Platform trying to monitor the network traffic. Traffic management is an area the vendor should work on."
"When we automate an email to send to a user, sometimes it gets blocked, but that has nothing to do with Forescout. It depends on the mail gateway that we use or integrate with."
"When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies."
"The initial setup is a bit complex."
"They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment."
"Forescout Platform sometimes returns false positives, so there's some fine-tuning to be done there."
"More detailed analysis during the authentication process, especially for troubleshooting access issues. We have found that troubleshooting RADIUS controls is quite arduous, as it is today. A trace function could easily resolve this by providing a means by which access issues from a certificate to passwords or accounts could easily be identified and remediated."
"In the next release of the solution, it could benefit from being more flexible to allow for more freedom."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 135 reviews while Forescout Platform is ranked 4th in Network Access Control (NAC) with 69 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while Forescout Platform is rated 8.4. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, CyberArk Privileged Access Manager, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas Forescout Platform is most compared with Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks, Armis and Tenable Security Center. See our Cisco ISE (Identity Services Engine) vs. Forescout Platform report.
See our list of best Network Access Control (NAC) vendors.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.