2021-08-06T07:01:00Z

What are the main differences between Cisco ISE and Forescout Platform?

Hi, I'm a Network Engineer at a Tech Services company (size: 500+). 

I would like to find out the main differences/comparison between Cisco ISE and Forescout Platform.

Can anyone assist?

SR
Network Engineer at a tech services company with 501-1,000 employees
  • 3
  • 891
3
PeerSpot user
3 Answers
AS
Senior Network Engineer at a government with 5,001-10,000 employees
Real User
Top 5Leaderboard
2021-08-10T13:38:46Z
Aug 10, 2021

OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, temp sensors, etc would fall into this category. Then you have to leave the port unsecured. Also, 802.1x requires you to drop config on every switchport, and have other infrastructure installed to support it. Also, Cisco ISE licensing is complicated and draconian. In some cases, the same endpoint might need to utilize 4 different licenses at the same time.


Forescout operates differently and does not rely on 802.1x. Forescout listens to a variety of sources. For one thing, Forescout can listen to the wire through SPAN. Forescout also uses SNMP to monitor and control switches, routers, and APs. So Forescout can hear when a connection is made to a switchport, discover the IP of the endpoint on that port, control the endpoint if possible through AD or an installed agent, place the switchport into a quarantine VLAN if needed, and if SPAN traffic is available, place a virtual firewall rule in front of the endpoint. It can query the endpoint for processes, apps, OS, AV, and many other things.

The main advantage of Forescout is it doesn't need 802.1x on every switchport to control access, which is quite burdensome to configure. It senses every device on the network instantly, can listen to the wire, has multiple ways of gathering data, and can control switches. Licensing is simple and is per IP address.


Cisco ISE may be required for certain Cisco technologies or environments - then you don't have a choice. ISE is expensive and has extensive licensing requirements. You will need to dedicate at least one person to become an ISE SME, and training will be mandatory. The main advantage of Cisco ISE over Forescout is it can be a TACACS server natively.

EB
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
Aug 10, 2021

@Avraham Sonenthal thanks a lot for such a detailed answer!

PeerSpot user
Product comparison that may be of interest to you
JD
Business Development Manager at Connection
User
2021-08-10T16:17:09Z
Aug 10, 2021

Both Cisco ISE and Forescout are highly regarded as both are at the very top of the Garner Magic Quadrant (if you follow Gartner). Looking at them both on their own the nod tends to go to Forescout as the Best of Breed. Best of Platform, however, the nod goes to Cisco ISE. 


So in simplest terms, Cisco ISE is a better solution when in a strong Cisco environment, and Forescout is the better solution if there are disparate security flows within your organization.  


Now I would also throw into the mix (not meant to overcomplicate your decision) HPE/Aruba Clearpath as well. In any case, they can all be a bear to implement so make sure you have a great organization to work with you on implementation that has a specialty with a particular vendor.

EB
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
2021-08-10T05:57:27Z
Aug 10, 2021

Hi @Sean Muller, @Nayef Hamzeh, @Chandra-Prakash, @Josept Conde, @Dilan Jayamantri, @Jonathan Soto, @Miguel Santiago ​and
@Avraham Sonenthal


It seems you should be able to share some professional advice in relation to this question.


Thanks in advance for helping other community members!

Find out what your peers are saying about Cisco ISE (Identity Services Engine) vs. Forescout Platform and other solutions. Updated: May 2023.
709,643 professionals have used our research since 2012.
Related Questions
MK
Sr. Network & Security Engineer at GBM
Jun 7, 2023
Hello peers,  I am a Senior Network & Security Engineer at a large computer software company. I am currently researching network access control solutions. What are the differences between Cisco ISE and Fortinet FortiNAC? Which solutions do you prefer and why? Thank you for your help.
Aymen FHOULA - PeerSpot reviewer
Senior Network Administrator at Banque de l'Habitat Tunisie
Mar 9, 2023
Hello community,  I am a Senior Network Administrator at a large financial services firm. What are the requirements for integrating the Cisco Data Center and Cisco ISE? Thank you for your help.
See 1 answer
MOHAMEDELSHERIF - PeerSpot reviewer
Senior Technical Consultant at International Turnkey Systems - ITS
Mar 9, 2023
Hi Anyman 1- first you need to enable pixgrid setting at CIsco ISE at Admin setting. 2- You Need to activate ISE as Radius in DNA Setting tab at the left corner (user name and password is any ISE administrator user ). 3- From Network Hierarchy Tab in DNA Cisco  choose ISE as your AAA server. 4- You need to create STG  group at policy tab to create the proper user grouping. 4-Then go to provision / fabric / switch interface then apply ISE as your authentication profile. Most Importantly you need to ensure that your fabric switch has DNA advantage license
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 10, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the top Top 5 Network Access Control (NAC) S...
See 2 comments
AS
Engineer at IPR
Apr 7, 2022
This is based on the user's feedback. A link for Gartner report should also be available.
UM
IT Infrastructure Manager at a healthcare company with 10,001+ employees
Apr 10, 2022
As a user of Cisco ISE, I am completely not trusting this review. Cisco ISE is a buggy immature solution.
Product Comparisons
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 10, 2022
Top 5 Network Access Control (NAC) Software Solutions
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our FREE report comparing Cisco ISE (Identity Services Engine) and Forescout Platform based on reviews, features, and more! Updated: May 2023.
DOWNLOAD NOW
709,643 professionals have used our research since 2012.