How would you compare Cisco ISE (Identity Services Engine) vs Forescout Platform?
Hi,
I have been researching these two products: Cisco ISE (Identity Services Engine) vs Forescout Platform, Please advise which one would you choose and why?
Security Solution Engineer at a computer software company with 501-1,000 employees
Real User
2021-09-10T07:54:05Z
Sep 10, 2021
Although both are NAC solutions, Cisco ISE and Forescout are totally different products.
Cisco ISE is part of the pre-admission NAC systems family (like Aruba Clearpass) based on 802.1X.
Forescout, instead, is part of the post-admission family (like FortiNAC or the brand-oriented Extreme network NAC solution).
In other words, Forescout (and all the post-admission NACs) does not use primary.
802.1x but a mix of tricks and various methods ( ssh SNMP API and traffic mirror DHCP DNS traffic, and yes also 802.1x, if needed) to admit or reject the access of an identity AFTER it has accessed the network.
If an identity changed somehow its behavior AFTER it has been admitted, a post-admission NAC system may react by changing its state, for instance changing its VLAN or disconnecting it.
So the answer to your question is : you must choose the NAC solution according to your needs, your network and your budget too (Forescout is 40-50% more expensive than Cisco ISE).
Almost all NAC solution licensing is based on concurrent users. So, you must compare all NAC solutions per user/ price/year.
Senior Network Engineer at a government with 5,001-10,000 employees
Real User
Sep 13, 2021
@reviewer1660839 Last I looked at ISE, and it has been awhile, ISE uses lots of different licenses, and one user might consume several of them depending on what he is doing. Each license last for 1-3 years and costs money. Did Cisco ISE change that and now only has one license per endpoint no matter what they are doing?
We performed a comparison between Cisco ISE and Forescout Platform based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Ease of Deployment: Cisco has a bit of a reputation for being complex across the board with all their offerings and Cisco ISE is no different. For those users that are heavily invested in the Cisco ecosystem, deployment is not a big challenge. For those that are novices or not so tech-savvy, the process...
Although both are NAC solutions, Cisco ISE and Forescout are totally different products.
Cisco ISE is part of the pre-admission NAC systems family (like Aruba Clearpass) based on 802.1X.
Forescout, instead, is part of the post-admission family (like FortiNAC or the brand-oriented Extreme network NAC solution).
In other words, Forescout (and all the post-admission NACs) does not use primary.
802.1x but a mix of tricks and various methods ( ssh SNMP API and traffic mirror DHCP DNS traffic, and yes also 802.1x, if needed) to admit or reject the access of an identity AFTER it has accessed the network.
If an identity changed somehow its behavior AFTER it has been admitted, a post-admission NAC system may react by changing its state, for instance changing its VLAN or disconnecting it.
So the answer to your question is :
you must choose the NAC solution according to your needs, your network and your budget too (Forescout is 40-50% more expensive than Cisco ISE).
Almost all NAC solution licensing is based on concurrent users. So, you must compare all NAC solutions per user/ price/year.
@reviewer1660839 Last I looked at ISE, and it has been awhile, ISE uses lots of different licenses, and one user might consume several of them depending on what he is doing. Each license last for 1-3 years and costs money. Did Cisco ISE change that and now only has one license per endpoint no matter what they are doing?