We performed a comparison between Cisco ISE (Identity Services Engine) and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions received similar ratings in all categories. However, users recognize Cisco as a worldwide, well-known, and trusted brand and they like its flexibility.
"The first benefit is that we can implement zero trust architecture because of Cisco ISE. I can assure my CISO in my company that my network is such that nobody can just bring in their laptop, desktop, or any sort of mobile device and can directly get connected to my network. That is a benefit that I can only allow people who I trust on the network."
"One of the most important features is the authentication security for the individual connection to the network through their computer or laptop."
"For customers, it's great. It has a GUI, so the customers themselves can edit ACLs or even modify the policies. It's also an all-in-one solution with RADIUS and TACACS."
"The ability to integrate our Cisco AnyConnect connections to the active directory has been great."
"The profiling model included is the most valuable feature."
"The return on investment we have seen is related to time in terms of troubleshooting. The logs, such as the security logs, inform us of the issues that people have had. ISE has been very instrumental in helping isolate those issues. We've seen a lot of cost savings because we don't have to pay an IT person to waste time doing something that should be instantaneous."
"It integrates with the rest of our platform, like our firewall, and helps us a lot. It also does a good job establishing trust for every access request."
"One of the advantages is that you can easily find rogue endpoints. For example, if you don't want to allow any endpoints where you don't know the people plugging into what kind of devices, ISE can give you a big, clear picture, e.g., what kind of endpoints are getting connected to your network. That is one of the advantages."
"I really like the PTA (Privileged Threat Analytics). I find this the best feature."
"The central password manager is the most valuable feature because the password is constantly changing. If an outsider threat came in and gained access to one of those passwords, they would not have access for long."
"The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."
"It is very simple to use."
"Technical support is very helpful whenever we have any questions."
"We can make a policy that affects everybody instantly."
"CyberArk Privileged Access Manager's main benefit is it provides secure access to our servers. There are features to capture the user activity, it provides video recording processing. If the users are logged in to the server, we can see what activities they are performing. It's a very nice tool for Privileged Access Management. They have plenty of useful services and the solution has fulfilled our needs."
"The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization."
"There are always some things that I would request."
"It could be less monolithic. It's one huge application, and it does everything under the sun, so it's hard to deal with and upgrade and manage."
"Segmentation can be improved."
"I think some areas where ISE could be better are perhaps in the number of integrations that they offer from a virtual standpoint, as well as having a better and more comprehensive pathway for the customer to go from a physical environment to a virtual one."
"Its user interface could be better. It's not bad. They've just redesigned the whole user interface. It's not terribly difficult. The drop-down menus are easy to use. However, when you're looking for some things in the user interface, it takes a minute to find where you were prior."
"Cisco ISE integration with Cisco ACI is something that can be done in a less complex way. And the simplification in that area may help us do better."
"Cisco ISE could be simplified somewhat. I would also prefer certificate-based authentication over confirmation-based authentication for all the processes. It's possible for us to do a workaround, but the process needs to be simplified."
"Cisco ISE's real-time data analytics for database logging could be improved."
"I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs.""
"The usual workload is sometimes delayed by the solution."
"CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift."
"As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel."
"Their post-sale support area requires a big improvement. Customers cannot automate tickets directly with CyberArk. They have to come through the distributor or bring in partners who have access to the support portal. Basically, the support for post-sales implementation is there, but the role of CyberArk is very minimal. Customers have to rely on partners, which sometimes creates issues. Some of the vendors help you during the implementation process, but the CyberArk support team does not do that. They have 24/7 support for our region, but they help only if there is an emergency or there is a problem with their system. If the password vault is down or the system is down, they provide immediate attention. For almost everything else, they take more time to respond. They give low priority to service-related or migration-related questions."
"We don't often contact technical support, but when we do it, the response could be faster and better."
"The interface on version 9 looks old."
"The current interface doesn't scale that well, and has some screens still in the old layout."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
More CyberArk Privileged Access Manager Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 135 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while CyberArk Privileged Access Manager is rated 8.8. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas CyberArk Privileged Access Manager is most compared with Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and Zscaler Internet Access.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
