Cisco ISE (Identity Services Engine) Reviews

We utilize Cisco ISE for network access control and employ RADIUS access for managing user control in our virtual environment.

Cisco ISE enables us to implement network access control, ensuring that only approved devices can connect to our network. It serves as a central hub for all types of network access, including wired, wireless, and VPN connections improving our network security.

It does a good job of helping secure our infrastructure from end to end, even though there are many features that we are not utilizing.

Cisco ISE has helped us consolidate tools like Cisco Token that we no longer require. The ability to consolidate tools has provided us with a centralized point of access for our security infrastructure, generating abundant information regarding access.

It has helped our organization improve its cybersecurity resilience by enabling us to control the devices that access our network, unlike before when we had to physically access the port.

The most valuable feature is the flexibility of the policy sets.

Cisco ISE requires a lot of time-consuming administration.

I have been using Cisco ISE for eight years.

Cisco tech support, I'm sure, is very good. However, the amount of resources required to submit and process cases is quite significant. As a result, unless we encounter a major issue, we generally prefer to avoid Cisco TAC and instead seek out workarounds.

The initial setup should be straightforward, but it is often quite complex. A greenfield deployment, where we start from scratch, is easy. The challenges typically arise when we attempt to upgrade an existing deployment.

We utilized the services of Open Network for assistance with the implementation. Their services were excellent, and we would gladly engage their services again.

I give Cisco ISE an eight out of ten.

Cisco ISE is equipped with numerous features. We are a small company and only utilize the ones we require. However, as our requirements change or grow, we may consider adopting more of the features that Cisco ISE offers.

The administration can be time-consuming due to all the updates and patches, but overall, I recommend Cisco ISE.

Our organization was familiar with Cisco, and we used wireless LAN products. That is why we chose Cisco ISE, as it integrates well with our infrastructure.

We use it to secure our networks. We can secure our switches and wireless networks, basically everything.

We use it primarily for wireless security, but it can be used for many other things as well, like LAN and WAN security.

There is room for improvement in CLI. Most things are done through the GUI, and there aren't many commands or troubleshooting options available compared to other Cisco products like switches and routers. We have more visibility on the CLI for those devices, but the GUI seems limited. Moreover, sometimes, GUI seems very pathetic. 

I have experience working with this solution. I have been using it for four to five years. We still use the old version, but we plan to migrate to the new version soon because they recently changed their licensing model.

The product is stable. We don't face many challenges. It's stable, so  I would rate it around a nine out of ten.

The product is scalable. I would rate the scalability a ten out of ten. We have medium-sized businesses as our clients. 

There was some delay.

Positive

Setup wasn't difficult because we already had a solution in place. It was very easy to install.

The deployment definitely took weeks.

I would rate the pricing an eight out of ten, one being cheap and ten being expensive.

Overall, I would rate the solution a nine out of ten. 

We use it for network access control. For security reasons, if a vendor plugs into our network, the port is automatically shut down because it's not authenticated to our network.

Cisco ISE is a great solution. It helped us determine real users on our network. It's very useful.

From a security standpoint, Cisco ISE has improved our organization 100%. We're not guessing who is plugging into our network. It 100% protects our environment and infrastructure from end to end.

Cisco ISE has saved the time of our IT staff time to help work on other projects, but I don't have the metrics.

Cisco ISE has absolutely improved our cybersecurity resilience. Specifically, the 802.11 authentication for wireless has been huge.

Cisco ISE hasn't helped to consolidate any tools or applications.

Cisco ISE is a powerful solution. It gives us the ability to control who's accessing our network, and Cisco has made it very easy.

Some of the reporting could be improved.

We've been using it for about ten years.

It's stable. We never had any issues.

I love it. They know their stuff. Almost in one call, you get the right person. They're very good. I'd rate them a nine out of ten.

Positive

We didn't use any other solution previously.

You have to have a plan. You have to be prepared to roll it out. You need to think through what you want to configure.

It took us about three and a half months to get every angle we were after, and after that, it was a very slow rollout. We rolled it out in about eight months. It was easy.

We did it all in-house, but we did have consultants from Cisco come in and help us tweak it.

Pricing and licensing are not my expertise. As far as budgeting is concerned, we run an ELA with Cisco. It's a part of our ELA.

We didn't evaluate other products. We went straight to Cisco because you can't go wrong with their technology. They're a leader in this space, and they've got a good, robust solution, so we rolled it out.

It integrates seamlessly with other Cisco products that we have. I use Cisco Meraki for all my edge cases. We never considered switching to another vendor. 

It's a great product. I'd rate Cisco ISE a nine out of ten.

Right now we use Wireless.1X and TACACS for device management. It's in our wired network too, but only use it for MAC address bypass.

It has helped to consolidate tools and applications. Previously, we had Windows NPS in some places and then Cisco ACS in other places. Now, Cisco ISE is all I use. This consolidation hasn't had a whole lot of impact on our organization. It wasn't that big of a deal to begin with.

It works as a good RADIUS server. It has lots of features. It works with all the proprietary Cisco AB pairs and features.

It could be less monolithic. It's one huge application, and it does everything under the sun, so it's hard to deal with and upgrade and manage.

I've been using Cisco ISE for three or four years.

Overall, it's pretty stable.

It seems to be pretty good for what we're doing with it.

Cisco TAC support is hit or miss. It depends on who you got. I'd rate them a six out of ten.

Neutral

We didn't have any network access control. For the wireless, we had ACS, and some places used NPS from Windows.

We chose Cisco ISE because we have a Cisco network. It seemed like the obvious choice.

The initial setup was pretty easy, but trying to get all the switches to talk to ISE was pretty complex. It required a lot of configuration and learning, and we found a lot of bugs and issues along the way.

Initially, we took the help of Presidio. They were good. They knew a lot about it and helped us a lot. 

In terms of detection and remediation of threats, it wouldn't detect anything. If we integrated it with other products, it could cut certain clients off from the network, but we haven't gotten that far yet.

It hasn't helped to free up our IT staff. It has probably consumed more time.

I don't have a lot of familiarity with other products, so I'd rate it a six out of ten.

We use it for NAC and wireless, and for our TrustSec policy. These are the three primary use cases we have so far.

It's a network access control solution for us. Previous to Cisco ISE, we didn't have one, so, from a security standpoint, it increased our security visibly.

It has enhanced our security. We have a solution now that can protect us at the access layer, which we didn't have before.

It has helped to consolidate any tools or applications. We only have to use one product for RADIUS, TACACS, and authentication servers. NAC and other things are consolidated into one system, which is nice.

It has helped our organization improve its cybersecurity resilience. The security at the access layer through NAC has been nice, and then the ability to enforce policies dynamically using profiling and NAC and TrustSec is good.

With NAC, the profiling feature is valuable. We're able to see what we have out there in the network and dynamically assign policies to it. We can then use that to enforce TrustSec policy or anything else with NAC. 

There should be more visibility into TrustSec policy actions. When TrustSec blocks something or makes any kind of changes to the network, we don't always see that. We have to log into the switch itself, or we have to get some type of Syslog parsing to do that. Cisco DNA Center may do it, but it would be better if that was integrated into Cisco ISE.

In terms of securing our infrastructure from end to end so we can detect and remediate threats, it's a little bit difficult in terms of visibility, but, generally, we would just go through the logs and see if there's a problem or not.

I've been working in this organization for three to four years, and they have been using it prior to my joining. 

It's very stable for us.

It isn't something we have had to deal with.

They're pretty good. Compared to others, Cisco is probably above average. With Cisco TAC, usually, if the first level doesn't resolve it, you can get up to a higher level within a day or two, which is better than a lot of other vendors we've been working with lately, such as Palo Alto. Cisco tech support is doing pretty well. I'd rate them a seven out of ten. Being able to access higher-level engineers and escalate things more quickly is always going to improve any case.

Neutral

Before Cisco ISE, we didn't have a similar solution.

It was implemented before I joined, but it was probably phased. It was first for wireless and then became more of a NAC thing. It was a long process. It was somewhat difficult just because of how much was required of it. I don't think it was particularly painful.

We get a return on investment from it. It's a solution that's often required for IT insurance, etc. It's definitely needed but do we need to have one from Cisco? I don't know, but there's definitely an ROI there.

To someone researching this solution who wants to improve cybersecurity in their organization, I'd say that make sure you know what you're getting into. Understand and have a good plan going into it and have operational support for not just networking, but also help desk and other IT teams before deploying this solution.

I don't know if Cisco ISE has saved us any time because it's an enhancement to our security that we didn't have before. It probably takes a little more time than not having it. Having no security is super easy because you don't have to worry about anything, but if you have any security product, you have to do work to support that.

Overall, I'd rate Cisco ISE an eight out of ten.

We use it mostly for identity, authentication, and authorizations for wireless and wired. The challenges we were looking to address were mostly around the authorization and authentication of the users. We wanted to use the Identity Services Engine to make sure that the users accessing our network were authorized users, with the authentication happening before.

The integration with Active Directory, and finding and authorizing users based on their Active Directory groups, rather than just their identities, was a big change for us.

The most valuable feature is 801.1x and another very good feature is the TACACS.

In addition, it establishes trust for every access request. That's very valuable. We can't authorize users without it. The fact that it considers all resources to be external is very important. Without Cisco ISE, we couldn't authorize our users, contractors, and everyone else. It's our one source of truth for authentication and authorization.

It's also very good when it comes to supporting an organization across a distributed network. We like that. 

I would like to see integration with other vendors, and the RADIUS integration needs to be improved a little bit.

Other than that, all the features that we're using look good.

I have been using Cisco ISE (Identity Services Engine) for about six years.

It has been very stable. There's no problem with that, as we have redundancy in place.

It can be scaled very quickly by adding more nodes to the solution. The scalability is very good.

We have it deployed in three data centers in Austin, Texas, Lewisville, Texas, and one in Poland. It's a distributed deployment and we have around 8,000 endpoints on it so far.

Technical support has been okay, but I wouldn't describe it as "very good." We have had some problems with technical support. Sometimes it takes them too long to resolve a problem. 

Neutral

The pricing is good. The last time we purchased four new appliances the price was doable for any organization of our size.

In my previous job, I used Aruba ClearPass. It's similar to ISE. They're both good.

Design it well in the first place. If you design it well, you can scale it. Always read, line-by-line, the Cisco guide because that's where you'll find all the information about the design and the scalability. If you design it correctly in the first place, you will have a smooth ride.

We want to use it in a hybrid cloud deployment, but we currently use it 100 percent on-premises. As we move more into the cloud, we're trying to integrate that with Cisco ISE to make it our authentication and authorization source. We're not really into the cloud yet. We're just doing some dev. We're building a whole cloud strategy.

We use the solution for RADIUS authentication, device authentication, and TACACS. We also use it for Wi-Fi and guest portals.

I like the logging feature. I like that I can look at the logs for authentication issues.

I don't like the fact that we can see the logs only for 24 hours. Maybe that happens because of the way we set it up.

I have been using the solution for six years.

The stability solution is really good. Once we get it up and running, it's great. We have to do a major upgrade, and I'm not as thrilled with the upgrades as I am with just a day-to-day job integration. Upgrades aren't my favorite thing.

The product’s scalability is great. We do not have any issues. We could scale it up without any problems.

Sometimes support is better than others. It depends on who you get. Some guys are really sharp, and for some guys, it takes a little bit longer to get the thing escalated.

Neutral

We used Secure ACS, which was a Cisco tool. Cisco discontinued support for it, so we switched to Cisco Identity Services Engine.

The product runs. It does what it needs to do, and we don't have to touch it most of the time. From that standpoint, we have an ROI.

The product didn't really have a whole lot of competitors at the time. Aruba ClearPass was probably the only other competitor. We were getting rid of Aruba from our wireless. Identity Services Engine was just farther ahead than ClearPass at that time.

We have a lot of things we use for detecting threats. We use the product more for authentication issues and stuff like that. We don't use it to identify threats per se. We have other tools.

The solution helps free up our IT staff. There are only a couple of us who are Cisco Identity Services Engine administrators. In that way, other people can do other things. Once we set up the solution, there's really not a whole lot of maintenance to it. I don't know how many hours it saves. It just works, and we don't have to touch it most of the time. It does its job.

We were using Cisco ACS before using the product. We changed tools and upgraded. The tool helps us improve cybersecurity resilience. We use it for RADIUS and to validate users. There are a lot of tools that we use. Cisco Identity Services Engine is a good tool. It does 802.1X and RADIUS very well. Cisco shop is the way to go.

Overall, I rate the solution a nine out of ten.

We are using it mainly for .1X authentication, and we also authenticate our VPN users, and we are doing some light profiling and posture.

We're trying to solve the problem where different users have different privileges in the network. And also we're trying to block some access from our least privileged users. Those are the main use cases for us.

We have on-prem virtual appliances and a distributed model.

It has improved our organization very much because we're now adopting the SGTs, Security Group Tags, and we're leveraging security based on those tags on our core systems and integrating with other SG firewalls.

We have a pretty distributed network and we have only one ISE deployment and it's been really good so far for managing all of those sites.

The most valuable thing in ISE is the adoption of EAP deep that came in [version] 2.7, so we can do authentication based on user and machine certificates in one authentication.

[Regarding establishing trust for every access request] it's been pretty good so far. We've been authenticating all of our users, no matter where they're coming from. If it's from our VPNs, or if it's wireless access, we are all Cisco, so the integrations are pretty good. It's very important [that the solution considers all resources to be external]. Right now, with the challenges that the multi-cloud environment poses, you have to have a solution like this.

[When it comes to securing access to your applications we are] not [using it] so much. I'll have another session with a TAC engineer on Friday, and I will have to discuss some basic concepts of securing the application with ISE. I find it very challenging to do some micro segmentation with it. I'm staying on top of it and doing it macro, but I want to go micro, and it's something I need to discuss more with an engineer.

Also, the menus could have been much simpler. There are many redundant things. That's a problem with all Cisco solutions. There are too many menus and redundant things on all of them. This is a problem in ISE. This could be much simpler.

I wasn't involved in the process of choosing this particular technology. The colleagues that made the decision made it seven or eight years ago. They were using ISE for a long time. I've been in the company for four years now so I came into an already deployed solution. But it wasn't so good, so we had to migrate from physical appliances to virtual ones because they were end-of-life and end-of-support.

Sometimes, they push an update that breaks the whole deployment. It happened to me with update two. It was my fault. I updated right after it came out, and I won't ever do that again. I will wait at least a month or two or three, because the update was taken down a week later.

I was lucky enough because I had updated from update one to update two. So it didn't really break the whole deployment, just parts of it. But they fixed it in a week with update three, so I was able to put it back together. Roll back is also always an option.

Scalability is really good. The number of possible nodes in deployment is high. I don't know the exact number, but it's really high. Scalability is not a problem.

I have had some problems lately with the TAC engineers being unable to investigate the logs that I gave [them]. They always ask for more, but there is not much you can do on ISE. When you give out all the debugs from the nodes, then there is nothing else to do.

It's been a bit of a ping pong with the TAC engineers. Sometimes I have four to five TAC cases open, specifically on ISE. Most of the problems I have are with the integrations of other companies' firewalls. 

This year I would give them a six [out of 10]. Before, I would say eight.

Neutral

I have had to find my own way to do the new deployment. It wasn't that there was some documentation about how to migrate. There is none of this stuff on Cisco's site. You have to search Reddit and multiple forums to assess what you can do with the deployment. I basically built it from scratch.

We are more secure thanks to ISE. That's always a return on investment.

[When it comes to eliminating trust from our organization's network architecture] I'd say, no, ISE hasn't done that. It's been a challenge to implement this. We're trying to bridge the gap between the security guys and network guys. They're not the same teams. Sometimes the security guys also do networking, but it can be hard to cooperate on projects like this. This is a big project. ISE is a pretty big solution and security guys are sometimes lost in what's going on in the network, like equipment where you have to configure things.

It's pretty much the most resilient solution as of now.

I like this solution a lot. I would say it's a nine out of 10.