Cisco ISE (Identity Services Engine) vs Forescout Platform comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Mar 15, 2022

We performed a comparison between Cisco ISE and Forescout Platform based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Cisco has a bit of a reputation for being complex across the board with all their offerings and Cisco ISE is no different. For those users that are heavily invested in the Cisco ecosystem, deployment is not a big challenge. For those that are novices or not so tech-savvy, the process can seem very complex. Additionally, if the environment is complex or there are multiple policies to deploy, the process could be more time-consuming.

    Forescout Platform users consistently felt the solution was very straightforward and easy to deploy. Deployment can be slowed down with Forescout Platform when there are numerous or complicated policies to add to the deployment process.
  • Features: The features users liked best about Cisco ISE are that the solution is very stable, flexible, and secure. Cisco ISE is a great global product and operates consistently and looks the same wherever it is deployed across the world. The GUI with Cisco ISE is top-notch and the security protocols they provide are excellent. Cisco ISE users would like to see better migration to the cloud and a hybrid option made available. Cisco ISE users would also welcome a solution that was more user-friendly and less complex.

    Forescout Platform users like that the solution is user-friendly and can handle large capacities. It is very easy to monitor which devices are on the system and where they are logging in from; the visibility is great. Forescout Platform users noted some anomalies with the licensing issues and between WiFi and the network, and that resulted in needing additional licenses for the same device. Forescout users would like to see the ability to add multiple policies at a time to improve process implementation and some enhancements to the reporting structure.
  • Pricing: Users of both solutions felt that the prices were on the high side.

  • Service and Support: Cisco ISE offers training and licensing courses. However, users felt that when support was needed, it was not up to their satisfaction. Forescout Platform users felt that even with a paid tier support structure, support could still be better.

Comparison Results: Cisco is a worldwide, well-known, trusted, and respected branded product, and despite its known complexities, Cisco ISE pushes just ahead of Forescout Platform. Forescout Platform has just a few buggy issues and is lacking in some reporting structure, which makes Cisco ISE an easier choice.

To learn more, read our detailed Cisco ISE (Identity Services Engine) vs. Forescout Platform Report (Updated: March 2023).
688,083 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"We have seen ROI. It has done its job. It has protected us when we needed it to.""It does what it's supposed to. We use a certificate-based authentication method for corporate-managed devices. That means when a user walks in with their managed laptop and plugs it into the network, it chats with Cisco ISE in the background, allows it on the network, and away they go.""It does a good job of establishing trust for each access request, no matter the source. It's also very effective at helping with the distributed network and at securing access.""I love the policy sets, they are really nice and dynamic.""The core point is that Cisco ISE is the same globally compared to FortiAuthenticator. Whether I deploy in China, the US, South Africa, or wherever, I'm can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability.""I have found that all of the features are valuable. It is very easy to deploy because we are able to port users directly from Active Directory (AD) and LDAP.""Stable network administration solution that can be installed easily, and comes with fast technical support.""The most valuable features are authentication, we have more granular control on the access policies for the administrators. The solution is easy to use, has a center point administration, and has a good GUI."

More Cisco ISE (Identity Services Engine) Pros →

"Provides a good overview of all devices on a network.""The most valuable feature of Forescout Platform is that it has everything that Aruba has at significantly less cost.""The 802.1X compliance authentication feature of this solution is very good.""This solution can be used to organize guest portals, integrate switches, and create policies. Some of its standard use cases also include completing key process upgrades and anti-virus of Windows OS.""Forescout is easy to integrate with a lot of end systems.""The most valuable features of the Forescout Platform are NAC for sharing, Network Access Control, and port sharing of the devices.""Forescout Platform is stable, it is great.""The stability is amazing for the Forescout Platform. We have been using Forescout for four years, and no one complained about the stability."

More Forescout Platform Pros →

"The area where things could be improved is education. It's complicated to deploy initially because you have to know what you're getting into.""The admin interface is really slow. It's horrible.""Whenever we see the authentication logs, we can't see what device we're logging into... We can see who logged in, but we can't see the IP address of the device... I'm sure that's available. We just haven't figured out how to properly deploy it.""The interface could be more user-friendly and the ability to apply rules to MAC addresses, for example, if I wanted to allow a certain MAC address access at a particular time I cannot make this adjustment.""A main issue is that the upgrade process, over time, is extraordinarily fragile. Repeatedly, over the past several years, when we've tried to upgrade our Cisco ISE implementation, the upgrade has broken it. Ultimately, we have then had to rebuild it because we need it.""Also, the menus could have been much simpler. There are many redundant things. That's a problem with all Cisco solutions. There are too many menus and redundant things on all of them.""Third-party integration is important, as well as the continuous adaptation feature which is the AIOps. It would be helpful to include the AIOps.""The solution lacks properly knowledgeable support, especially internationally, and this is why I am exploring other applications."

More Cisco ISE (Identity Services Engine) Cons →

"Can be expensive if it's only being used for one feature.""In the next release of the solution, it could benefit from being more flexible to allow for more freedom.""Two things can be improved in the Forescout Platform. First of all, the support for some certain proprietary protocols from other vendors, but they are very widely used. If the TechEx from Cisco, was added to Forescout, then it will be a full solution for me.""When we automate an email to send to a user, sometimes it gets blocked, but that has nothing to do with Forescout. It depends on the mail gateway that we use or integrate with.""Forescout needs to upgrade its development in the future.""I believe that the overall user experience has not always been preferable.""Forescout Platform isn't flexible with connections to devices like printers and forces you to re-enter details like the MAC address after any breakdowns.""The installation is not secure because it takes high admin privileges."

More Forescout Platform Cons →

Pricing and Cost Advice
  • "We are running Version 2.9 because Version 2.9 of the ISE has a persistent license — it's a one-time payment. The latest version (3.1) is only available if you do a yearly subscription."
  • "This solution requires an annual license and it is a bit expensive than competitors."
  • "The price of the solution is price fair for the features you receive."
  • "The price is a bit on the high side."
  • "I believe I have paid around $1,000 in licensing fees. The license is annual."
  • "The technology is good, but to use some of the other features, and capabilities, they request that we purchase the Cisco DNA Center. As a result, the bundled price is a little high."
  • "It would be beneficial to have a single license that included all of the features."
  • "The price of Cisco ISE (Identity Services Engine) is expensive and we are thinking about changing to FortiGate."
  • More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →

  • "They base the license on the number of devices, which is quite misleading."
  • "The cost of the solution depends on the customer's requirement because the customer is asking for different integration with a different product. Forescout Platform's price would start to get a bit higher. However, overall the price is a little expensive. It's can fit within the customer budget."
  • "The price of the solution is reasonable. We have paid for the license for five years. We have integration with Symantec AV for orchestration, and we have an additional license."
  • "Forescout is more expensive than Cisco because Cisco gives high discounts."
  • "We have a very clear licensing model for business. I don't have to have a Ph.D. to be able to understand the licensing model as you might need for other solutions. If I know exactly what we want, it can tell you which license you need. The solution is easy for purchasing, ordering, and ease of deployment as well."
  • "There are no additional costs that I am aware of."
  • "I would rate Forescout Platform's pricing as four out of five."
  • "We need to pay for integration for each integration that we want to do and there is an additional license fee. This adds more costs. It is not something that anyone can afford. If you want to integrate this with a lot of other tools, it can be costly."
  • More Forescout Platform Pricing and Cost Advice →

    Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
    688,083 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can… more »
    Top Answer:OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers… more »
    Top Answer:Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user… more »
    Top Answer:Forescout is a very powerful NAC product that does not rely on port level configuration. It can detect and block unauthorized devices very quickly. But it has a lot of capabilities and really would… more »
    Top Answer:I would rate the Forescout Device and Visibility Control Platform at a six out of ten.
    Top Answer:I recommend doing a compression demo. If people use it, they will buy it. So they have to see the product in place. That's the main recommendation is to do a proof of concept. If they do, they will… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    Cisco ISE
    Forescout Platform, CounterACT for Endpoint Compliance, ForeScout CounterACT
    Learn More

    Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

    Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

    Features of Cisco ISE

    • Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
    • Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
    • Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
    • Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
    • Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
    • Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
    • Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
    • Device profiling: ISE features predefined device templates for different types of endpoints.
    • Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

    Benefits of Cisco ISE

    Cisco’s holistic approach to network access security has several advantages:

    • Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
    • Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
    • Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
    • Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
    • Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.


    You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.


    Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

    Reviews from Real Users

    "The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

    Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

    “Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

    Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."

    Forescout Platform provides today’s busy enterprise organizations with policy and protocol management, workflow coordination, streamlining, and complete device and infrastructure visibility to improve overall network security. The solution also provides concise real-time intelligence of all devices and users on the network. Policy and protocols are delineated using gathered intelligence to facilitate the appropriate levels of remediation, compliance, network access, and all service operations. Forescout Platform is very flexible, integrates well with most of today’s leading network security products, and is a very cost-effective solution.

    Forescout Platform Features

    • Real-time complete visibility: With Forescout eyeSight, each and every device is classified when any attempt to access your network has been made. This includes - but is not limited to - desktops, laptops, android devices, virtual machines, switches, VoIP phones, USB memory sticks, webcams, IoT devices, and more.

    • Policy-based and manual controls: In today’s busy robust environment, networks are continually changing; there are different types and amounts of devices connected, various software applications, network compliance requirements, and the constant potential for risk make managing an IT network a very daunting challenge. The Forescout Console is used to simplify the administration and management of important alerts, remediation, and access controls to keep the network secure.

    • Intuitive real-time dashboards: Forescout Dashboards, a component of Forescout WebClient, is a comprehensive web-based intelligence center that gives full visibility and real-time insight of the complete network using both out-of-the-box and user-created widgets. The dashboards are very intuitive and deliver robust, easy-to-understand information about device visibility, compliance, health monitoring, and more.

    • Advanced reporting capabilities: The Forescout Reports Plugin will generate numerous valuable reports indicating real-time and overall status information about endpoint compliance, device details, networks guests, protocols, and more. The reports help to ensure IT administrators, executives, security teams, and other important shareholders stay well-informed about all network activity at all times.

    • Comprehensive third-party overview: Forescout eyeExtend facilitates seamless information sharing with third-party vendors, networks, and IT management solutions supporting improved automated workflows, productivity, cost-effectiveness, and overall security.

    Real User Reviews

    An important main feature of Forescout is the visibility the solution offers.

    One reviewer who is a Consultant at a tech services company, says, "Within three or four days, you can have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly."

    Users also appreciate that the user interface is clear and easy to understand.

    An Instructor at a tech services company, shares, "The most valuable feature of the Forescout Platform is the large capacity it can handle. Additionally, the interface of the platform is good."

    Learn more about Cisco ISE (Identity Services Engine)
    Learn more about Forescout Platform
    Sample Customers
    Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
    NHS Sussex, SAP, SEGA, Vistaprint, Miami Children's Hospital, Pioneer Investments, New York Law School, OmnicomGroup, Meritrust
    Top Industries
    Comms Service Provider16%
    Financial Services Firm12%
    Manufacturing Company9%
    Computer Software Company17%
    Comms Service Provider11%
    Educational Organization8%
    Financial Services Firm19%
    Manufacturing Company11%
    Pharma/Biotech Company8%
    Computer Software Company15%
    Comms Service Provider9%
    Educational Organization8%
    Company Size
    Small Business28%
    Midsize Enterprise23%
    Large Enterprise49%
    Small Business19%
    Midsize Enterprise19%
    Large Enterprise62%
    Small Business33%
    Midsize Enterprise13%
    Large Enterprise54%
    Small Business19%
    Midsize Enterprise17%
    Large Enterprise64%
    Buyer's Guide
    Cisco ISE (Identity Services Engine) vs. Forescout Platform
    March 2023
    Find out what your peers are saying about Cisco ISE (Identity Services Engine) vs. Forescout Platform and other solutions. Updated: March 2023.
    688,083 professionals have used our research since 2012.

    Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 60 reviews while Forescout Platform is ranked 3rd in Network Access Control (NAC) with 27 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while Forescout Platform is rated 8.2. The top reviewer of Cisco ISE (Identity Services Engine) writes "Secures devices and has good support, but needs a better interface". On the other hand, the top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, CyberArk Privileged Access Manager, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas Forescout Platform is most compared with Aruba ClearPass, Fortinet FortiNAC, Armis, and Microsoft Intune. See our Cisco ISE (Identity Services Engine) vs. Forescout Platform report.

    See our list of best Network Access Control (NAC) vendors.

    We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.