We just raised a $30M Series A: Read our story
BA
Corporate Information Technology Security Manager at a financial services firm with 10,001+ employees
Real User
Top 20
Integrates well with other Cisco products, but they need to provide better network visibility and also release an agentless version

Pros and Cons

  • "The features that do work, work well, and we use it on a daily basis."
  • "The interface is not very user-friendly and it is not simple to use."

What is our primary use case?

We use Cisco ISE for 802.1 network authentication.

What is most valuable?

ISE integrates well with other Cisco products.

What needs improvement?

This solution does not provide us with enough visibility into our network. We would like to see additional information that it does not show. In general, the reporting is not very useful.

ISE needs to have better integration with third-party products.

A basic profiling engine would make a good addition because device profiling is very important.

This product requires the use of agents and ideally, I would like an agentless version. I think that they should get rid of them because they are hard to manage and deploy. Also, they are not useful.

The interface is not very user-friendly and it is not simple to use.

For how long have I used the solution?

I have been using the Cisco Identity Services Engine for six years.

What do I think about the stability of the solution?

This is a stable product. The features that do work, work well, and we use it on a daily basis.

What do I think about the scalability of the solution?

I would say that this product is scalable because we are using it in our central headquarters, in addition to several branch offices.

How are customer service and technical support?

We do not pay for Cisco SMARTnet, so we did not contact technical support.

Which solution did I use previously and why did I switch?

Prior to using ISE, we were using a solution by Trustwave. It is a different product because it uses Name Poisoning methods. It was an interesting solution but we changed because the price of support is too high. We opted to instead purchase a new product.

How was the initial setup?

The initial setup is not simple. I don't consider our deployment to be complete because we were unsuccessful at trying to use the majority of the features. The fact that we can't solve these problems is why we are searching for another solution.

What about the implementation team?

We had assistance from a consultant for the deployment.

Internally, we have a team of five administrators who manage this product.

What's my experience with pricing, setup cost, and licensing?

The SMARTnet technical support is available at an additional cost.

Which other solutions did I evaluate?

I am currently doing research on Fortinet FortiNAC because I find that Cisco ISE is not a very powerful tool.

What other advice do I have?

My advice for anybody who is considering Cisco ISE is to first run a proof of concept to see that all of the features work well. In my opinion, you have to see all of the features.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
OZ
Network & Security Engineer at a engineering company with 201-500 employees
Real User
Excessive lagging, expensive, complicated installation, but has good features and support

Pros and Cons

  • "The RADIUS Server holds the most value."
  • "I would like to see the product simplified more, especially with the configuration."

What is most valuable?

The RADIUS Server holds the most value.

The TACACS feature in ISE is good.

We also use the Posture feature to control the environment.

The product features are quite good.

What needs improvement?

One of the main issues in  Cisco ISE (Identity Services Engine) is that it lags excessively.

Sometimes Cisco ISE (Identity Services Engine) just doesn't work properly, due to misconfiguration.

I would like to see the product simplified more, especially with the configuration.

For how long have I used the solution?

I have been working with Cisco ISE (Identity Services Engine) for approximately two years.

We are using version 2.7 Patch 2.

What do I think about the scalability of the solution?

Cisco ISE (Identity Services Engine) is easy to scale.

I have approximately 450 Apex end-based licenses.

Currently, we don't have plans to expand.

How are customer service and support?

Technical support as always is one of the best.

How was the initial setup?

The initial setup was a bit complex. It took us three to four weeks to complete the setup and get it up and running. We had help from the reseller.

It was deployed by a vendor.

What about the implementation team?

It was installed by a vendor.

What's my experience with pricing, setup cost, and licensing?

It's a bit expensive, especially the licensed product.

The hardware is purchased one time. 

The support license is reasonable, but when compared to other products, such as ClearPass or Fortinet, the base license for users is much lower in other products. In general, Cisco is more expensive.

I would like to see one license based on one user. We do not need to use multiple licenses in order to have multiple features in the product.

One of the issues in ISE is that if you need more features you have to have multiple licenses per user. One user can have three or four licenses. 

It would be beneficial to have a single license that included all of the features.

Which other solutions did I evaluate?

We are currently trying to deploy Fortinet network access control. The support from Fortinet is disappointing.

We are in the testing phases, but there is a good possibility that we will go with Fortinet.

We have not used it yet. We will try the POCs this week coming.

What other advice do I have?

I would suggest having an experienced engineer implement the product. If there is an error when implementing, you will experience many issues, especially lagging.

If it was well implemented I would rate it a nine out of ten, because it's good.

Cisco ISE (Identity Services Engine) is used in large enterprise companies. In our company and with our implementation, I would rate  Cisco ISE (Identity Services Engine) a four out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,136 professionals have used our research since 2012.
BN
Senior Software Engineer with 501-1,000 employees
Reseller
Top 5Leaderboard
A one-stop solution to streamline security policy management

Pros and Cons

  • "They have recently made a lot of improvements. My clients don't have much to complain about."
  • "It should be virtualized because many people have begun migrating to the cloud. They should offer a hybrid version."

What is our primary use case?

We use ISE for security group tagging in terms of guests and visitors who access the network to make sure that they actually go through this to control their privilege access to ensure they don't actually access the internal network, etc. 

Our clients use ISE as a form of security policy management so that users and devices between the wired, wireless, and VPN connections to the corporate network, can be managed accordingly.

Take a house for example. Sometimes you need to access a room via a certain keyhole, so you use a key that is unique to that door. With ISE, you can segment this process in terms of policy management based on the security tag. You actually grant the user access based on the tagging.

That's the IT trend — saving a lot on operating costs to manage the different users and access methods.

Within our company, we have roughly 200 employees using this solution.

What is most valuable?

My clients are always talking about the segregation capabilities. Segmentation refers to how you can actually segregate employee and non-employee client access. 

What needs improvement?

They have recently made a lot of improvements. My clients don't have much to complain about — it's a one-stop-shop.

It should be virtualized because many people have begun migrating to the cloud. They should offer a hybrid version. 

What do I think about the stability of the solution?

It's stable but there's a limitation of up to 200,000 users. If you have a big number of users, then you have to customize the installation process. 

What do I think about the scalability of the solution?

It's only scalable up to 20,000 users. 

How are customer service and technical support?

I would say Cisco's support has been getting worse. I think they outsource a lot of skillsets.

How was the initial setup?

The initial setup is pretty straightforward. They actually provide a lot of help to IT administrators which makes setting it up rather easy.

The whole setup takes about three days because you need to basically configure the network, test the configuration, and then you need to cut over to production. 

What was our ROI?

Our customers definitely see a return on their investment with this solution.

What's my experience with pricing, setup cost, and licensing?

I think licensing costs roughly $2,000 a year. ISE is more expensive than Network Access Control.

What other advice do I have?

If you wish to use ISE, you must have a deep understanding of IT. If you don't, setting it up properly will be very complex.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Hassan Ayoub
Technology Manager at Advanced Integrated Systems
Reseller
Top 20
Good integration, visibility, and automation

Pros and Cons

  • "The most valuable feature is the integration with StealthWatch and DNA as one fabric."
  • "The ISE software needs to be improved so that it is easier to administer."

What is our primary use case?

We are a system integrator and Cisco ISE is one of the products that we sell and implement at our customers side. I have built ISE's POC and provided training to our customers.

I also used real rent lab which was including; Active Directory integration, network access and core switches, access points, wireless access controller, and end points. (some end points have cisco client - anyconnect, and have not), and Web Server for creating wireless authentication portal solution end to end

The AAA features were awesome and have important attributes, and also the security groups (SGTs) concept to enforce policies for each group of users, regardless they coming via wired or wireless network devices. also i see the guest authentication is very rich and easy tom implement 

How has it helped my organization?

Cisco ISE offer one central point to create different policies for different group of users and enforce policies to each entity regardless it connected to network through wired or wireless network devices. it provide in this way more mobility and wireless-wired converged network. Also it integrates very well with network devices to control ports configurations services authentication and authorization. ISE also integrate with DNA center and stealthwatch to enable customer have SDN (Software defined Network) Fabric. 

What is most valuable?

Combines authentication,authorization,accounting(AAA),posture,and profilerinto one appliance

Provides for comprehensive guest access management for Cisco ISE administrators.

Enforces endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for all endpoints that access the network,including 802.1X Environments

EmploysadvancedenforcementcapabilitiesincludingTrustsecthroughthe use of SecurityGroup Tags(SGTs) and Security Group Access Control Lists (SGACLs)• Supports scalability to support a number of deployment scenarios from small office to large enterprise environments

What needs improvement?

The ISE software needs to be improved  in role to be easier to administer. SOftware enhancement required to have easier way to find the featured required to implement and also need enhancement of features sorting. Completing processes can be complex when try to implement some solutions. also steps are complex and the troubleshooting as well. As an example, if you intend to make AAA policy and enforce it on a group of users, you will find the software very confusing................................

For how long have I used the solution?

I have been using Cisco ISE for three months.

Which solution did I use previously and why did I switch?

We did not use another similar solution prior to this one.

How was the initial setup?

The initial setup was fine.

What's my experience with pricing, setup cost, and licensing?

The price for Cisco ISE is high.

Which other solutions did I evaluate?

We did not evaluate other options before adopting this solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: My Company is Cisco Reseller
Laurent Canac
Network & Security Architect at Canac IT
Real User
Top 20
Easy implementation, simple to add policies, and very stable

Pros and Cons

  • "The implementation is very simple."
  • "The web interface needs improvement. The new web interface that they have is not as easy to manage and we find it to be very slow."

What is most valuable?

The .1x authentication schema is the most valuable aspect of the solution. It makes it possible to have multiple policies and it can still adapt to us. We can authenticate and calculate our trajectory and so on. The policy is very easy to put in place. It's got to be easy due to the fact that we have more than 200,000 devices.

The implementation is very simple.

What needs improvement?

The web interface needs improvement. The new web interface that they have is not as easy to manage and we find it to be very slow.

The solution might require two authentications. They should make a new authentication to authenticate both the device and the users. Right now, we are authenticating the PC, the workstation, but not as a user. A good addition would be to authenticate the user separately to get more information.

For how long have I used the solution?

I've been using the solution for five years.

What do I think about the stability of the solution?

The solution is stable. I haven't witnessed bugs or glitches. It doesn't freeze or crash. It's reliable.

What do I think about the scalability of the solution?

The solution is quite scalable.

We started with two clients and we've since scaled up to 20 clients.

Which solution did I use previously and why did I switch?

Cisco ISE was the first full solution we've used.

How was the initial setup?

The initial setup wasn't complex for us. We found the process of implementing the solution very straightforward.

For our organization, in terms of deployment, the first implementation took one month, and for the global implementation took six months.

For maintenance, a company needs one or two people to handle it, one of which should be full-time.

What's my experience with pricing, setup cost, and licensing?

The pricing is okay. It's reasonable for functionality, however, if you're going to implement it as a full-stack with Cisco Connect, and a work station, and so on, it's very high.

What other advice do I have?

I'd advise other companies to really take care in regards to the network devices that they want to authenticate. 

For most of the cases, the biggest rooms are the easiest to manage, however, the smallest ones require specific implementation in all devices. It is very tricky due to the fact that you are obliged to put in place the rules that are not so secure and that's why it's very important to know what devices are connected on the network.

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
FA
Networks Lead Engineer at a mining and metals company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Reliable performance with good network control and great integration capabilities

Pros and Cons

  • "There is good integration with third-party systems like antivirus patch management, MDM."
  • "The pricing and licensing structure are not ideal for customers."

What is our primary use case?

We primarily use the solution in our infrastructure.

What is most valuable?

I'm very satisfied with the product. It has been excellent so far. 

From the performance perspective, it is excellent. The outcome is as expected, giving control to the network. 

There is good integration with third-party systems like antivirus patch management, MDM.

What needs improvement?

They need to simplify the processes and management more, as well as the platform. Their user experience is a bit complicated, and it's not easy to manage. They need to do something to enhance the management console and make it more simple and easier to use.

I need to see stronger integration with Cisco SDN. Instead of treating it as a separate appliance, it should be a built-in feature in the SDN solution. This is one of the things that will reduce the complexity of Cisco's architecture. Instead of having multiple appliances, and getting lost in-between, and not knowing where is the problem is, everything can just be in one place. It will be better to move this feature or this technology as a built-in technology in the SDN solutions, similar to DNA and ACI.

The pricing and licensing structure are not ideal for customers.

For how long have I used the solution?

I've used this solution for about five years, both in my previous company and my current company as well.

What do I think about the stability of the solution?

The solution provides excellent stability and reliability. There are no bugs or glitches. It doesn't crash or freeze. 

What's my experience with pricing, setup cost, and licensing?

We are a customer and an end-user.

Cisco, on the price, is not good now. This might entice customers or end-users to go for another cheaper solution where they can still find most of the features Cisco offers. 

They are now offering subscription licenses, and you have to pay thousands of dollars every year for maintenance and renewing support. Most users will not accept this new strategy of Cisco. It's not like HP or Dell, where, when you purchase the hardware and it's a lifetime license. It's a lifetime subscription. You don't need to renew the license every two years. Therefore, from a price perspective, no, Cisco's not good. Their strategy now seems to be pushing customers to go for other solutions.

What other advice do I have?

The product is excellent and I would rate it at a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Frederic Soulier
Deputy Head of IT at a legal firm with 501-1,000 employees
Real User
Top 5
A stable and reliable solution with a wide range of features and functionalities, but it is too complex for our use

Pros and Cons

  • "The way we can trust this solution is the most valuable. We have no issue with this product. It is a competitive product. You need to have a very good and deep knowledge of the product to take the full benefits of all the features, but it is a good product."
  • "It is too complex. It should be easy to use. We are not such a big team. We only have three engineers to work with this, and we don't use all of the functionality of the product. Its range of functionality is too wide for us, and this is the reason why we are thinking of switching to a more simple product. We have shortlisted a Microsoft solution. We have a big footprint for Microsoft products, especially in security. As a global strategy, we try to leverage to the maximum what is possible around Microsoft."

What is most valuable?

The way we can trust this solution is the most valuable. We have no issue with this product. It is a competitive product. You need to have a very good and deep knowledge of the product to take the full benefits of all the features, but it is a good product.

What needs improvement?

It is too complex. It should be easy to use. We are not such a big team. We only have three engineers to work with this, and we don't use all of the functionality of the product. Its range of functionality is too wide for us, and this is the reason why we are thinking of switching to a more simple product. We have shortlisted a Microsoft solution. We have a big footprint for Microsoft products, especially in security. As a global strategy, we try to leverage to the maximum what is possible around Microsoft.

For how long have I used the solution?

This product was installed before I joined this company. It would be six years or something like that. We are probably two versions behind the latest one.

What do I think about the stability of the solution?

It is stable.

How are customer service and technical support?

Their technical support is good. Cisco support is good.

How was the initial setup?

I was not there, but I think the company had a services company that helped them in implementing it. It was easy because we only had to give them the requirements and their engineers did it for us. After they finished their mission, we started to deal with this solution, but it is too complex for a company of our size.

What's my experience with pricing, setup cost, and licensing?

Its price is probably good if you use all of its features and functionalities to protect your environment. If you use only a part of the functionality, its price is too high. It is just a question of value and the functionality you use.

What other advice do I have?

I would advise others to make sure that you have the knowledge of this solution to get the full benefits of all the features, and you are able to use it on a daily basis.

I would rate Cisco ISE a six out of ten. Its functionality is too wide for our company. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
BH
Chief Technology Officer at a tech services company with 11-50 employees
Reseller
Overall useful features, good community support, and scalable

Pros and Cons

  • "I have found that all of the features are valuable. It is very easy to deploy because we are able to port users directly from Active Directory (AD) and LDAP."
  • "In an upcoming release, the solution needs to be more agentless and more independent. Additionally, there could be improved integration with other next-generation solutions, such as Palo Alto, Fortinet, or Check Point."

What is our primary use case?

We use this solution for both wired and wireless network access control. We have deployed it in a bank, government offices, and some universities.

What is most valuable?

I have found that all of the features are valuable.

It is very easy to deploy because we are able to port users directly from Active Directory (AD) and LDAP.

What needs improvement?

In an upcoming release, the solution needs to be more agentless and more independent. Additionally, there could be improved integration with other next-generation solutions, such as Palo Alto, Fortinet, or Check Point.

For how long have I used the solution?

I have been using this solution for approximately nine years.

What do I think about the stability of the solution?

The solution takes a while to get up and running before it becomes stable. There is a lot of fine-tuning that needs to be done to make sure that users are authenticated properly and not denied access. I have had the experience of redeploying the ISE several times because of false denial of services or access to services but once it is configured correctly the stability is fine.

What do I think about the scalability of the solution?

I have found this solution is scalable, especially the latest versions. The older versions, have to have some additions in order to make them scalable. However, I think they have resolved this issue.

We have had customers of all business sizes using this solution, from small to enterprise companies.

How are customer service and technical support?

The community support is satisfactory, it is very easy to get support. You can find any documentation and support within the community. 

How was the initial setup?

The deployment takes a long time. Additionally, if you want to integrate the solution with AD and LDAP you will need someone that is very experienced. It is a good feature to have but it is complex to integrate.

What about the implementation team?

We have had experience deploying this solution to small, medium, and enterprise size companies.

What's my experience with pricing, setup cost, and licensing?

This solution requires an annual license and it is a bit expensive than competitors.

What other advice do I have?

I rate Cisco ISE (Identity Services Engine) an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller, integrator
Flag as inappropriate
Buyer's Guide
Download our free Cisco ISE (Identity Services Engine) Report and get advice and tips from experienced pros sharing their opinions.