Cisco ISE (Identity Services Engine) vs Forescout Platform comparison

Cisco ISE (Identity Service...
Read 139 Cisco ISE (Identity Services Engine) reviews
  • 22,571 Views
  • 14,906 Comparison Views
88% willing to recommend
Forescout Platform
Read 74 Forescout Platform reviews
  • 10,551 Views
  • 6,216 Comparison Views
88% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 15, 2022

We performed a comparison between Cisco ISE and Forescout Platform based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Cisco has a bit of a reputation for being complex across the board with all their offerings and Cisco ISE is no different. For those users that are heavily invested in the Cisco ecosystem, deployment is not a big challenge. For those that are novices or not so tech-savvy, the process can seem very complex. Additionally, if the environment is complex or there are multiple policies to deploy, the process could be more time-consuming.

    Forescout Platform users consistently felt the solution was very straightforward and easy to deploy. Deployment can be slowed down with Forescout Platform when there are numerous or complicated policies to add to the deployment process.
  • Features: The features users liked best about Cisco ISE are that the solution is very stable, flexible, and secure. Cisco ISE is a great global product and operates consistently and looks the same wherever it is deployed across the world. The GUI with Cisco ISE is top-notch and the security protocols they provide are excellent. Cisco ISE users would like to see better migration to the cloud and a hybrid option made available. Cisco ISE users would also welcome a solution that was more user-friendly and less complex.

    Forescout Platform users like that the solution is user-friendly and can handle large capacities. It is very easy to monitor which devices are on the system and where they are logging in from; the visibility is great. Forescout Platform users noted some anomalies with the licensing issues and between WiFi and the network, and that resulted in needing additional licenses for the same device. Forescout users would like to see the ability to add multiple policies at a time to improve process implementation and some enhancements to the reporting structure.
  • Pricing: Users of both solutions felt that the prices were on the high side.

  • Service and Support: Cisco ISE offers training and licensing courses. However, users felt that when support was needed, it was not up to their satisfaction. Forescout Platform users felt that even with a paid tier support structure, support could still be better.

Comparison Results: Cisco is a worldwide, well-known, trusted, and respected branded product, and despite its known complexities, Cisco ISE pushes just ahead of Forescout Platform. Forescout Platform has just a few buggy issues and is lacking in some reporting structure, which makes Cisco ISE an easier choice.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cisco ISE (Identity Services Engine) vs. Forescout Platform Report (Updated: July 2024).
Buyer's Guide
Cisco ISE (Identity Services Engine) vs. Forescout Platform
July 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

Cisco ISE (Identity Service...
Ranking in Network Access Control (NAC)
1st
Average Rating
8.2
Number of Reviews
139
Ranking in other categories
Cisco Security Portfolio (1st)
Forescout Platform
Ranking in Network Access Control (NAC)
3rd
Average Rating
8.4
Number of Reviews
74
Ranking in other categories
IoT Security (1st), Endpoint Compliance (4th), Extended Detection and Response (XDR) (14th)
 

Mindshare comparison

As of July 2024, in the Network Access Control (NAC) category, the mindshare of Cisco ISE (Identity Services Engine) is 25.7%, down from 32.7% compared to the previous year. The mindshare of Forescout Platform is 13.7%, up from 12.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Network Access Control (NAC)
Unique Categories:
Cisco Security Portfolio
22.4%
IoT Security
17.8%
Endpoint Compliance
1.6%
 

Featured Reviews

Brad Davenport - PeerSpot reviewer
Aug 3, 2023
Offers rich contact sharing, many self-service features, and the ability to categorically list all the endpoints in the infrastructure
I think in any technology infrastructure, you're going to have environments where improvements could occur. I think some areas where ISE could be better are perhaps in the number of integrations that they offer from a virtual standpoint, as well as having a better and more comprehensive pathway for the customer to go from a physical environment to a virtual one. Many of our clients today are hybrid. They have a physical footprint in a data center somewhere, as well as a public cloud instance for things. Today there really isn't an elegant pathway for a client that wants to go 100 percent cloud, and that's an improvement I think that could be along the way.
Read full review
KK
Sep 10, 2021
Implements well, and has and outstanding agentless visibility that is unmatched
As a user, if I am using a laptop that is Wi-Fi connected, Forescout identifies my port connectivity as one user license, and if I take that same laptop with the same username to a wired network, which is also the same network that is used for the Wi-Fi connection, Forescout detects it as a separate license. At times, I am working on wireless and sometimes I enter a zone where there is no wireless connection, which forces a land connection. This is an issue that needs to be resolved because it consumes another license for the same device and the same user. This issue has been escalated to Forscout directly. There was integration with Microsoft SCCM previously, and have suddenly stopped the open integration module for Microsoft. Customers are not aware of what is available to them in terms of the open integration module. Forescout Platform advised that there are many options available and many things they can do, but they don't tell customers exactly what they are. They need clear documentation and direction as to what the customer can expect from the open integration module. Customers need some clarity on what they can do and what is not possible to do. When it comes to a full open integration we need to rely on the professional services from Forescout directly, no one can implement it as there is a limited amount of knowledge available. They need to be more considerate, and there should be good documentation available to the customer. They need to improve their selling approach or the consultant approach. One of their use cases is an ITM use case, and ITSS asset management, but they don't really do ITSS management. They only detect the ITSS and all the parameters around that test, but they do not have any integration with any database system where they can store all these details and act like a typical ITSS management system. They should remove that use case in full. They should say that we complement your ITSS management by detecting the unknown assets in your network. This would be right.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Not having to trust devices and being able to set those levels of trust and more finely control our network is a benefit."
"The product is useful for device administration."
"It's keeping our company safe from rogue devices connecting to our network. From a security standpoint, there's peace of mind knowing that every device that connects is a good one."
"The most valuable feature is the flexibility of the policy sets."
"The solution enables us to authenticate with AD."
"Having access and being able to add people or change authentication yourself is nice. In the past, we've used other group authentication services, and we always had to go to them and get permissions. Having that control is key."
"With NAC, the profiling feature is valuable. We're able to see what we have out there in the network and dynamically assign policies to it. We can then use that to enforce TrustSec policy or anything else with NAC."
"The product is stable."
More Cisco ISE (Identity Services Engine) pros
"The most valuable features are remote access and administration scripts."
"The most valuable features of ForeScout is the fact that it can do network access control either with 802.1x or without 802.1x."
"Forescout Platform's best feature is plug-in integration."
"Within three or four days, we have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly."
"Forescout Platform provides multiple features. They have a very effective device fingerprinting in their cloud. You do not need to add any devices manually, such as in Mac devices. Other solutions you have to add IoT devices and OT devices manually. This is one of the major areas that Forescout Platform is excelling in."
"I can integrate Forescout with products from multiple vendors in my environment, and also, the integration is searchable. It can be used with 802.1X and non-802.1X to integrate with my existing network. I don't need to upgrade any existing networks in my system, and I don't need to replace existing devices to integrate with Forescout. I find value in not having to spend money upgrading existing devices and networks."
"The standout strength of this solution lies in its unique capability to effectively manage unmanaged switches."
"We use the Forescout Platform for device visibility and control in our network. It's very helpful for tracking malicious or unusual activity. We use it to track which ports are open, which machines are running specific services, and to identify vulnerabilities. For example, there was a vulnerability related to SMB, and we could use the product to determine which machines inside our organization were allowing SMB traffic."
More Forescout Platform pros
 

Cons

"In an upcoming release, it would be nice to have NAC already standard in the solution."
"It would be helpful for us to know what needs to be deployed, configured, and what changes we need to make to our devices when we don't receive the specific login which is an indication of a lack of connection or incorrect configuration."
"The templates could be better. When you have to do certs, especially with X.500 certs, it isn't very intuitive."
"On the network services devices, when you click on filter, the filter comes up. However, when I type in a search and I want to click on something it defaults back to the main page. I keep having an issue with that, and I'm not doing anything wrong."
"It does a good job of establishing trust for every access request. We have had a little bit of a challenge with profiling, but we are probably about 80% there."
"A main issue is that the upgrade process, over time, is extraordinarily fragile. Repeatedly, over the past several years, when we've tried to upgrade our Cisco ISE implementation, the upgrade has broken it. Ultimately, we have then had to rebuild it because we need it."
"The customer server was great but it would have been better for me if they had support in other languages such as Spanish."
"Compatibility and integration with other vendors is what needs to be improved in Cisco ISE (Identity Services Engine)."
More Cisco ISE (Identity Services Engine) cons
"Forescout needs to improve its cloud management and remote connectivity."
"The biggest disadvantage is the pricing."
"The reporting feature needs improvement."
"We experienced some detection issues when checking compliance for the Sophos agent."
"The cost is too high."
"It's scalable, but not without a big investment. It doesn't do so well at the branch. At the home office, it does okay and not so well at the branch."
"In the next release of the solution, it could benefit from being more flexible to allow for more freedom."
"Search - needs boolean functionality (or pseudo operand now working)."
More Forescout Platform cons
 

Pricing and Cost Advice

"It is difficult to measure security breaches, but since we have not been attacked so far, it has paid for itself over the years."
"According to my sales and account team, the prices we're getting are pretty good."
"Its price is probably good if you use all of its features and functionalities to protect your environment. If you use only a part of the functionality, its price is too high. It is just a question of value and the functionality you use."
"The price can be lower, especially for subscriptions. It should be a lot cheaper to have a wide range of customers. The price should be comparable to competitive products like Forescout or Fortinet FortiNAC. Forescout is cheaper for customers looking for a cloud solution."
"It's an expensive solution when compared to other vendors."
"Cisco is moving towards a subscription service, which would mean additional costs."
"I think licensing costs roughly $2,000 a year. ISE is more expensive than Network Access Control."
"The price of the solution is price fair for the features you receive."
More Cisco ISE (Identity Services Engine) pricing and cost advice
"The tool's pricing is expensive but reasonable."
"It's about $160,000, but I'm not sure how long that is for or what it includes. Because we were a test base, we were provided with servers, but now, Forescout wants us to buy servers because those servers are now end-of-life or end-of-service. For our lifecycle management program, in order to get a refresh on those servers, we would have to buy servers or use our own network resources to house Forescout. Forescout takes up about 13 or 14 virtual CPUs."
"They base the license on the number of devices, which is quite misleading."
"I would rate Forescout Platform's pricing as four out of five."
"The solution’s pricing is fine."
"Devices with multiple IP's count multiple times against your license count."
"Forescout's pricing is noted for its attractiveness, with potential discounts depending on partnership levels."
"We paid between $20,000 and $25,000 for a three-year license with maintenance."
More Forescout Platform pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
24%
Computer Software Company
16%
Government
8%
Financial Services Firm
7%
Educational Organization
30%
Computer Software Company
11%
Financial Services Firm
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?
Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...
See all answers
What are the main differences between Cisco ISE and Forescout Platform?
OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...
See all answers
How does Cisco ISE compare with Fortinet FortiNAC?
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...
See all answers
What advice do you have for others considering Forescout Platform?
Forescout is a very powerful NAC product that does not rely on port level configuration. It can detect and block unauthorized devices very quickly. But it has a lot of capabilities and really would...
See all answers
What advice do you have for others considering Forescout Platform?
I would rate the Forescout Device and Visibility Control Platform at a six out of ten.
See all answers
What advice do you have for others considering Forescout Platform?
I recommend doing a compression demo. If people use it, they will buy it. So they have to see the product in place. That's the main recommendation is to do a proof of concept. If they do, they will...
See all answers
 

Comparisons

Aruba ClearPass vs Cisco ISE (Identity Services Engine) Logo
Aruba ClearPass vs Cisco ISE (Identity Services Engine)
Compared 27% of the time
Fortinet FortiNAC vs Cisco ISE (Identity Services Engine) Logo
Fortinet FortiNAC vs Cisco ISE (Identity Services Engine)
Compared 17% of the time
CyberArk Privileged Access Manager vs Cisco ISE (Identity Services Engine) Logo
CyberArk Privileged Access Manager vs Cisco ISE (Identity Services Engine)
Compared 11% of the time
Fortinet FortiAuthenticator vs Cisco ISE (Identity Services Engine) Logo
Fortinet FortiAuthenticator vs Cisco ISE (Identity Services Engine)
Compared 4% of the time
Microsoft Enterprise Mobility + Security vs Cisco ISE (Identity Services Engine) Logo
Microsoft Enterprise Mobility + Security vs Cisco ISE (Identity Services Engine)
Compared 2% of the time
More Cisco ISE (Identity Services Engine) Competitors
Aruba ClearPass vs Forescout Platform Logo
Aruba ClearPass vs Forescout Platform
Compared 18% of the time
Fortinet FortiNAC vs Forescout Platform Logo
Fortinet FortiNAC vs Forescout Platform
Compared 13% of the time
Nozomi Networks vs Forescout Platform Logo
Nozomi Networks vs Forescout Platform
Compared 5% of the time
Armis vs Forescout Platform Logo
Armis vs Forescout Platform
Compared 3% of the time
Tenable Security Center vs Forescout Platform Logo
Tenable Security Center vs Forescout Platform
Compared 3% of the time
More Forescout Platform Competitors
 

Product Reports

Buyer's Guide
Cisco ISE (Identity Services Engine)
July 2024
Cisco ISE (Identity Services Engine) reportDownload Cisco ISE (Identity Services Engine) product report
Buyer's Guide
Forescout Platform
July 2024
Forescout Platform reportDownload Forescout Platform product report
 

Also Known As

Cisco ISE
Forescout Platform, CounterACT for Endpoint Compliance, ForeScout CounterACT
 

Learn More

Cisco
Forescout
 

Overview

Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

Features of Cisco ISE

  • Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
  • Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
  • Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
  • Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
  • Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
  • Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
  • Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
  • Device profiling: ISE features predefined device templates for different types of endpoints.
  • Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

Benefits of Cisco ISE

Cisco’s holistic approach to network access security has several advantages:

  • Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
  • Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
  • Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
  • Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
  • Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

Support

You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

Licensing

Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

Reviews from Real Users

"The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

“Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."




Forescout Platform provides today’s busy enterprise organizations with policy and protocol management, workflow coordination, streamlining, and complete device and infrastructure visibility to improve overall network security. The solution also provides concise real-time intelligence of all devices and users on the network. Policy and protocols are delineated using gathered intelligence to facilitate the appropriate levels of remediation, compliance, network access, and all service operations. Forescout Platform is very flexible, integrates well with most of today’s leading network security products, and is a very cost-effective solution.

Forescout Platform Features

  • Real-time complete visibility: With Forescout eyeSight, each and every device is classified when any attempt to access your network has been made. This includes - but is not limited to - desktops, laptops, android devices, virtual machines, switches, VoIP phones, USB memory sticks, webcams, IoT devices, and more.

  • Policy-based and manual controls: In today’s busy robust environment, networks are continually changing; there are different types and amounts of devices connected, various software applications, network compliance requirements, and the constant potential for risk make managing an IT network a very daunting challenge. The Forescout Console is used to simplify the administration and management of important alerts, remediation, and access controls to keep the network secure.

  • Intuitive real-time dashboards: Forescout Dashboards, a component of Forescout WebClient, is a comprehensive web-based intelligence center that gives full visibility and real-time insight of the complete network using both out-of-the-box and user-created widgets. The dashboards are very intuitive and deliver robust, easy-to-understand information about device visibility, compliance, health monitoring, and more.

  • Advanced reporting capabilities: The Forescout Reports Plugin will generate numerous valuable reports indicating real-time and overall status information about endpoint compliance, device details, networks guests, protocols, and more. The reports help to ensure IT administrators, executives, security teams, and other important shareholders stay well-informed about all network activity at all times.

  • Comprehensive third-party overview: Forescout eyeExtend facilitates seamless information sharing with third-party vendors, networks, and IT management solutions supporting improved automated workflows, productivity, cost-effectiveness, and overall security.

Real User Reviews

An important main feature of Forescout is the visibility the solution offers.

One reviewer who is a Consultant at a tech services company, says, "Within three or four days, you can have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly."

Users also appreciate that the user interface is clear and easy to understand.

An Instructor at a tech services company, shares, "The most valuable feature of the Forescout Platform is the large capacity it can handle. Additionally, the interface of the platform is good."

 

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
NHS Sussex, SAP, SEGA, Vistaprint, Miami Children's Hospital, Pioneer Investments, New York Law School, OmnicomGroup, Meritrust
Buyer's Guide
Cisco ISE (Identity Services Engine) vs. Forescout Platform
July 2024
Free Report: Cisco ISE (Identity Services Engine) vs. Forescout Platform
Find out what your peers are saying about Cisco ISE (Identity Services Engine) vs. Forescout Platform and other solutions. Updated: July 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our Cisco ISE (Identity Services Engine) vs. Forescout Platform report.
See our list of best Network Access Control (NAC) vendors.

We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.