We performed a comparison between Cisco ISE (Identity Services Engine) and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions received similar ratings in all categories. However, users recognize Cisco as a worldwide, well-known, and trusted brand and they like its flexibility.
"When you push out the policy, it is able to populate the entire network at one time."
"Visitors can be granted access to the wifi network using their cellphones, notebooks or tablets in a very easy way. The ease of accessibility that anyone can have to the network is very quick and is a big improvement in our network."
"Having access and being able to add people or change authentication yourself is nice. In the past, we've used other group authentication services, and we always had to go to them and get permissions. Having that control is key."
"For guests we give them limited access to the internet when they come in so that access has been useful. Previously, we just used to give them the APN key which they would leave with. Now, we give them credentials to use that are for a limited period of time."
"Since migrating towards doing wired ports over ISE with 802.1X and MAB authentication, our organization's security risk has been better. We have been able to establish better layouts, so devices can move and we don't have to worry about where they need to go."
"The most valuable thing in ISE is the adoption of EAP deep that came in [version] 2.7, so we can do authentication based on user and machine certificates in one authentication."
"ISE's most valuable feature is integration between IT and OTs."
"It is scalable because we use a network load balancer at the front of the PSN. It can be extended as we want to multiply. It's scalable to our environment. We have around 8,000 users and we are planning to expand it."
"CyberArk has been easy for us to implement and the adoption has been good. We've been able to standardize a bunch of things. We've been able to standardize relatively easily with the use of the platforms and managing the policies."
"You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily."
"CyberArk Privileged Access Manager is stable."
"The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used)."
"Within the solution, I love the fact that everything is recorded. The configuration capabilities are great, too."
"I found it valuable that CyberArk Privileged Access Manager can be integrated with PTA (privileged threat analytics), and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature. Another good feature is the CPM (central password manager) because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain."
"We found the initial setup to be easy."
"It is one of the best solutions in the market. Ever since I started using this solution, there has not been any compromise when it comes to our lab."
"Cisco ISE's performance could be better, faster, and more robust."
"I would like to see them simplify the dashboard. It's very configurable, but, at the same time, it's not easy to maneuver through it. They should "Merakify" it."
"Whenever we see the authentication logs, we can't see what device we're logging into... We can see who logged in, but we can't see the IP address of the device... I'm sure that's available. We just haven't figured out how to properly deploy it."
"The intuitiveness of the user interface could be improved."
"I'm frustrated by the resource consumption and how many resources it needs to run. It takes a lot of RAM. It takes a lot of space and a lot of IO power. It's frustrating to do upgrades because it takes a long time."
"If you have someone taking care of it, it can be quite easy to manage the solution. Otherwise, if you don't look after it and take care of it day-to-day, then it will become more complex to run."
"Cisco ISE has almost all the features we are looking for now, but sometimes the configuration, such as the conditions, is a little difficult to understand and not so easy to navigate."
"Cisco ISE is very complex and not very easy to deploy."
"What could be improved in CyberArk Privileged Access Manager is the licensing model. It should be more flexible in terms of the users. Currently, it's based on the number of users, but many users only log in once in four months or once in five months. It would be great if the licensing model could be modified based on user needs. We even have users who have not logged in even once."
"Some aspects of the administration need improvement, though they have recently made improvements to the API. However, the management with the interface and configuration are not so user-friendly. It has not changed much during all the years that CyberArk has been on the market. The management part, like platform management as well as PSM connectors definition and management, could be improved, even if it has already been done with the API."
"I think having a distributed architecture would certainly help this solution."
"Their post-sale support area requires a big improvement. Customers cannot automate tickets directly with CyberArk. They have to come through the distributor or bring in partners who have access to the support portal. Basically, the support for post-sales implementation is there, but the role of CyberArk is very minimal. Customers have to rely on partners, which sometimes creates issues. Some of the vendors help you during the implementation process, but the CyberArk support team does not do that. They have 24/7 support for our region, but they help only if there is an emergency or there is a problem with their system. If the password vault is down or the system is down, they provide immediate attention. For almost everything else, they take more time to respond. They give low priority to service-related or migration-related questions."
"Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together."
"There should be more models and licensing plans for this software."
"It should be easy to use for non-technical people. Its interface can be a bit difficult. Some parts of its interface are not very intuitive. Some of the controls are hidden, and instead of having a screen with all the controls for that account on it, you have to use menus and other similar things."
"The scalability, sometimes, is lacking. It works really well for more static environments... But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
More CyberArk Privileged Access Manager Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 136 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 144 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while CyberArk Privileged Access Manager is rated 8.8. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas CyberArk Privileged Access Manager is most compared with Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and ManageEngine PAM360.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.