Cisco ISE (Identity Services Engine) Reviews

We primarily use the solution for network admission control.

Previously, what used to happen is that we use to have anyone - any user, a staff member or a non-staff member, consultant contractors, etc. able to connect to our line without authentication, which I think posed a security risk. We felt that whoever connected to our network should be authenticated. We should know the person. We should have visibility to see who was connecting to our network so that we can detect anomalies. Now, we have different profiles, of different users and staff and for contractors or others. So, depending on the profile, there's control on the access that you can get.

An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment. Also, I've not explored MDM but if it should be integrated. 

In terms of scalability, I think it's scalable. Quite scalable and very intricate. Easy to use and provides good support. 

We've had many issues with technical support but from the local vendor, we do get a lot of support which is good. The fact that we also did some training helped. We normally don't have so much trouble when we rescale. We see that we can fix it and then if there are issues, with the vendors and their help, we can rescale it.

Initially, the setup is a bit complex but that depends on the vendor. Maybe because of the complexities around it. Sometimes I think it's about how the best project team really does it.

The person who was put in place to implement it couldn't. So we got another vendor who was good and was a lot more experienced. It's a very new feature so we're hopeful here in Uganda. My country only has about maybe 2 or 3 clients. Those are the ones I know about, our team being one of them.

The deployment strategy was faster than the pilot. We had to see how it works and then we had to, in a transparent manner, see how it works. Deployment took about six months. But the rollout is on-going because we keep opening branches all the time, so we just keep adding them into the solution. For deployment, we used the front liner support but for documentation, we had professional staff. For deployment and maintenance, we have a small team of maybe about five to ten. 

I would give the solution 5.5 out of 10.

We use it to aid the tools that we make and to sponsor and get flow.

We distribute internet access to guests. It's the product to our environment.

The profiling option is the most valuable feature. 

They should improve the upgrades. It's not easy to upgrade the solution. 

It's stable. 

It is scalable because we use a network load balancer at the front of the PSN. It can be extended as we want to multiply. It's scalable to our environment. We have around 8,000 users and we are planning to expand it. 

I opened some tickets with them and I had no problems. They are engineers from India and the U.S and they perform well.

The initial setup was complex. The deployment took around one year. 

We used an integrator for the deployment. They didn't know a lot about the solution so we had to learn about it ourselves and helped them.

We have seen ROI from this solution. 

We use a virtual machine so in terms of pricing, we can extend it as much as we need. The licensing; we had to renew twice and in my opinion, it's good.

We also looked at ForeScout but we preferred Cisco ISE. 

I would rate this solution a ten out of ten. 

• I'ts compatibility with 802.1X
• Posture
• Profiling
• Guest Portal

As an integrator, I can tell that this product is mostly used for implementing wireless 802.1X with Active Directory and guest portals. It can be integrated with Active Directory and an external SMS gateway, can be used to track user authentications with Cisco WLC, can be therefore used to completely implement BYOD (considering the tight integration with leading MDM vendors). The product can be bought as a physical appliance as well a virtual appliance.

We are waiting for TACACS integration to completely replace the Cisco ACS line of products.

I've used it for about four years.

Being a product relatively young the product seems incredibly stable and not prone to system outages.

Having a Cisco consolidated experience with this type of products, the product encounters very little of no scalability problem.

Cisco has implemented a special ATC partner program to help partners and customers to have a smooth deployment. As far as I know there is also a dedicated TAC area for this product, Cisco commitment on the ISE line of product is really at a top level. I can say this with an high degree of certainty being a Cisco Gold Partner.

We use this product because we mainly sell this as a premier class NAC solution, compared to other similar products.

The initial setup is very straightforwardly done by following the product’s document guides.

I work for a vendor/system integrator.

The main advice is to seek for an accredited ATC system integrator with a large ISE portfolio.

My primary use case of this solution is for access control for authentication and for the authorization of wireless users.

For device administration, all devices have multifactor authentication in collaboration with IT, so it secures access to all of our devices. For guest and wireless access, it's a matter of a lowly manager who we give access to the portal and he can assign access to the guests, so it's a very simple process now. It keeps IT focusing on their work, and gives the business people the right access. 

Also, with BYOD mobile users can work easier and in a more secure way. For the places in public access we're securing our network socket, so now not everybody can plug in and log into our network due to this feature. It's making it more secure for headquarters.

• BYOD service
• The guest and secure wireless access
• Compliance and posture
• Wireless administration

The compliance and posture don't always work. They should make it more stable. With each upgrade, we lose some functionality. We have to wait for another upgrade.

I would like to see them develop some type of device management, like an iPad feature, just to be able to give security access to certain devices for management. Mainly for the suppliers and the third parties.

Another feature I would like to see would be for them to create the ability to integrate with other products from the start. We always search for products that integrate with us and so it would ease the management and then everybody would be entered. 

It's 99% stable. 

It's scalable. We have more than 500 users. We are planning to use more features and to integrate it with other branches that we have. It's a way to have a global solution across all branches.

Technical support is okay. Sometimes it takes a long time for them to respond. We'll usually end up solving our own issues. The response time should be shorter. 

The initial setup was complex. It took time to have a stable environment but once it stabilized, it was great. Although, we had six to seven months of an unstable system. 

We deployed through a reseller, they were good. We require two staff members for maintenance.

Our ROI is good enough. It's simplifying things for IT and for the business, so it's good for both sides. It solves a lot of issues that without the product would be costly to our organization so we see ROI in that sense. 

Licensing is very complicated and it changes a lot. I know recently it changed since we acquired the solution. It had a different licensing scheme that has changed. 

The cost is high compared to other solutions. Even so, it is better than what's on the market. The licensing model is complicated and the cost is a little bit high.

It's a great product but you should be careful to plan before deploying. Do thorough planning as not to do the same error that we did. We didn't do enough planning before deploying so it took us a long time to have a thorough plan. 

I would rate this solution a nine out of ten. 

We use Cisco ISE for authentication for VPN and network management.

The WiFi portal in Cisco ISE is very useful for WiFi customers.

In an upcoming release, it would be nice to have NAC already standard in the solution.

I have used Cisco ISE within the past 12 months.

Cisco ISE has been stable.

I have found Cisco ISE to be scalable.

We have two of the Cisco ISE devices installed.

The technical support has been good.

The solution does not require a maintenance or support team.

There is a license to use this solution and the price is reasonable.

When someone is implementing this solution the difficulty depends on where they started. We started with zero and there was a very large learning curve. However, once they understand how it works, it's straightforward. There is a sharp learning curve to start working with it.

I rate Cisco ISE an eight out of ten.

The RADIUS Server holds the most value.

The TACACS feature in ISE is good.

We also use the Posture feature to control the environment.

The product features are quite good.

One of the main issues in  Cisco ISE (Identity Services Engine) is that it lags excessively.

Sometimes Cisco ISE (Identity Services Engine) just doesn't work properly, due to misconfiguration.

I would like to see the product simplified more, especially with the configuration.

I have been working with Cisco ISE (Identity Services Engine) for approximately two years.

We are using version 2.7 Patch 2.

Cisco ISE (Identity Services Engine) is easy to scale.

I have approximately 450 Apex end-based licenses.

Currently, we don't have plans to expand.

Technical support as always is one of the best.

The initial setup was a bit complex. It took us three to four weeks to complete the setup and get it up and running. We had help from the reseller.

It was deployed by a vendor.

It was installed by a vendor.

It's a bit expensive, especially the licensed product.

The hardware is purchased one time. 

The support license is reasonable, but when compared to other products, such as ClearPass or Fortinet, the base license for users is much lower in other products. In general, Cisco is more expensive.

I would like to see one license based on one user. We do not need to use multiple licenses in order to have multiple features in the product.

One of the issues in ISE is that if you need more features you have to have multiple licenses per user. One user can have three or four licenses. 

It would be beneficial to have a single license that included all of the features.

We are currently trying to deploy Fortinet network access control. The support from Fortinet is disappointing.

We are in the testing phases, but there is a good possibility that we will go with Fortinet.

We have not used it yet. We will try the POCs this week coming.

I would suggest having an experienced engineer implement the product. If there is an error when implementing, you will experience many issues, especially lagging.

If it was well implemented I would rate it a nine out of ten, because it's good.

Cisco ISE (Identity Services Engine) is used in large enterprise companies. In our company and with our implementation, I would rate  Cisco ISE (Identity Services Engine) a four out of ten.

The primary use case is to have network access control and automation to integrate with the enterprise network. It also helps provide a method to make segmentations between users and enable access control.

Cisco ISE has provided more mobility for the organization while controlling access no matter how the users connect to the network.

I like the guest access feature, which has been important for us. The BYOD feature is also good. 

Segmentation can be improved. They can also improve security policies for each group of users, and automation can also be better. The software interface could be better. They should make it easier for users to find features.

I have been working with Cisco ISE for more than three years, but in general, I have more than 20 years of experience working with Cisco.

Cisco ISE is a stable solution.

Cisco ISE is very scalable.

Cisco technical support is very good.

The initial setup is complex, and you can't easily find the features you want.

If we're talking about a medium enterprise and there is a greenfield, it can take between one or two weeks.

I think the price is okay.

I advise new users to go through the admin guides for implementation and follow the script very carefully.

On a scale from one to ten, I would give Cisco ISE an eight.

We are a system integrator and Cisco ISE is one of the products that we sell and implement at our customers side. I have built ISE's POC and provided training to our customers.

I also used real rent lab which was including; Active Directory integration, network access and core switches, access points, wireless access controller, and end points. (some end points have cisco client - anyconnect, and have not), and Web Server for creating wireless authentication portal solution end to end

The AAA features were awesome and have important attributes, and also the security groups (SGTs) concept to enforce policies for each group of users, regardless they coming via wired or wireless network devices. also i see the guest authentication is very rich and easy tom implement 

Cisco ISE offer one central point to create different policies for different group of users and enforce policies to each entity regardless it connected to network through wired or wireless network devices. it provide in this way more mobility and wireless-wired converged network. Also it integrates very well with network devices to control ports configurations services authentication and authorization. ISE also integrate with DNA center and stealthwatch to enable customer have SDN (Software defined Network) Fabric. 

Combines authentication,authorization,accounting(AAA),posture,and profilerinto one appliance

Provides for comprehensive guest access management for Cisco ISE administrators.

Enforces endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for all endpoints that access the network,including 802.1X Environments

EmploysadvancedenforcementcapabilitiesincludingTrustsecthroughthe use of SecurityGroup Tags(SGTs) and Security Group Access Control Lists (SGACLs)• Supports scalability to support a number of deployment scenarios from small office to large enterprise environments

The ISE software needs to be improved  in role to be easier to administer. SOftware enhancement required to have easier way to find the featured required to implement and also need enhancement of features sorting. Completing processes can be complex when try to implement some solutions. also steps are complex and the troubleshooting as well. As an example, if you intend to make AAA policy and enforce it on a group of users, you will find the software very confusing................................

I have been using Cisco ISE for three months.

We did not use another similar solution prior to this one.

The initial setup was fine.

The price for Cisco ISE is high.

We did not evaluate other options before adopting this solution.