Cisco ISE (Identity Services Engine) Room for Improvement

Shawn Connors
Infrastructure and Cybersecurity Manager at George Washington's Mount Vernon
Because we have a large database and 4,000 network devices, the solution can lag a bit when you're running updates or different things because of the fact that it's so big and it is such a resource hog. But the biggest problem we've encountered is that it finds errors or people are rejected or not authenticated without a clear explanation as to why. A second issue is that we're currently on 2.4 and Cisco's gold standard now is 2.7. They are a little slow with that. I'd really like the solution to dive down a little deeper when something's not profiling. As it stands now, you have to go through and search what hasn't profiled. Microsoft, for example, gives you a direction to look at and will even be specific sometimes and tell you there is a password error, or the password hasn't been updated, or it's not meeting the policy and that's why it won't let it through. Those are very helpful because you know exactly what's required to solve a problem. Cisco is getting better with it, but they fail in some areas because of a network connectivity issue, or it's not getting DCAP quick enough and it fails. Those things would be more helpful to understand when it's going through, so you are able to triage it a little better. I mean, it does point you in a direction, but sometimes you have to dig a lot deeper to find the right direction and figure out what kept it from profiling. One big issue we've discovered is that people are not rebooting their machines or powering them off at night. We're trying to ensure that is done by sticking messages on screens. View full review »
Joe Feghaly
User
The compliance and posture don't always work. They should make it more stable. With each upgrade, we lose some functionality. We have to wait for another upgrade. I would like to see them develop some type of device management, like an iPad feature, just to be able to give security access to certain devices for management. Mainly for the suppliers and the third parties. Another feature I would like to see would be for them to create the ability to integrate with other products from the start. We always search for products that integrate with us and so it would ease the management and then everybody would be entered. View full review »
reviewer1394754
Cyber Security at a manufacturing company with 10,001+ employees
As I treat the system basically as a user would, and am not overly technical, I can't say what features, if any, the solution is missing. I'm working from China currently and the only real issue is that, within the country, there's some concern around Cisco and its ability to offer the solution for the long term. As the United States has banned the Huawei version in their country, we feel there may be retaliation in ours and Cisco will get banned as a countermeasure from the government. The future of Cisco in China is in question. Our local partners are worried about the situation. View full review »
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,536 professionals have used our research since 2012.
SaifKhan
Security Engineer at a energy/utilities company with 201-500 employees
Since we have started, we struggled a lot to implement this solution into our network, and we opened a case a couple of times. Up until this point, nothing else needs to be improved with this product. View full review »
Max Ayoti
Supervisor IT Security at a government with 1,001-5,000 employees
An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment. Also, I've not explored MDM but if it should be integrated. View full review »
reviewer1186656
Corporate Information Technology Security Manager at a financial services firm with 10,001+ employees
This solution does not provide us with enough visibility into our network. We would like to see additional information that it does not show. In general, the reporting is not very useful. ISE needs to have better integration with third-party products. A basic profiling engine would make a good addition because device profiling is very important. This product requires the use of agents and ideally, I would like an agentless version. I think that they should get rid of them because they are hard to manage and deploy. Also, they are not useful. The interface is not very user-friendly and it is not simple to use. View full review »
Netw0997
Network Administrator at a government with 51-200 employees
It has many complications from the administration perspective, it's not easy to learn. Not like other solutions that are very friendly and easy to go through. It needs to be more user-friendly. We'll see the same name on more than one tab so we need to realize why that name is there or why only the main tab is not like the other. I cannot believe that Cisco is the best case of security integration however it is easier to implement. They are good at integration, I do not expect more from them in that regard. They could think about developing VXLAN. They have LDN switches, we need to get into contextual switches, not catalyst switches. Normal switches. I wish they could explore developing more VXLAN options. View full review »
Hassan Ayoub
Technology Manager at Advanced Integrated Systems
The ISE software needs to be improved in role to be easier to administer. SOftware enhancement required to have easier way to find the featured required to implement and also need enhancement of features sorting. Completing processes can be complex when try to implement some solutions. also steps are complex and the troubleshooting as well. As an example, if you intend to make AAA policy and enforce it on a group of users, you will find the software very confusing................................ View full review »
Laurent Canac
Network & Security Architect at Canac IT
The web interface needs improvement. The new web interface that they have is not as easy to manage and we find it to be very slow. The solution might require two authentications. They should make a new authentication to authenticate both the device and the users. Right now, we are authenticating the PC, the workstation, but not as a user. A good addition would be to authenticate the user separately to get more information. View full review »
Presal0875
Presales Systems Engineer at a tech services company with 501-1,000 employees
There are issues with respect to the posture assessment function. It's been observed that customers are not receiving total access to the network because the assessment agent is glitchy and malfunctions from time-to-time. I would like to see refining of the compliance assessment and adding more detailed compliance of endpoints on the user end. We have also had to deal with some cache update issues in conjunction with Cisco's tech support team. Unfortunately, they had trouble providing suitable solutions within specific and desirable time frames. The next release should offer more inter-operability, increased cross-integration functionality. View full review »
Francois Van Vuuren
Solutions Manager at EOH
So far we have had no complaints from customers. No major complaints in terms of ISE. They do complain obviously if the ISE service stops working. Normally that happens if there's a server flaw or some problem at the data center somewhere. There can more integration between the wireless controller management and ISE. Consolidation or integration of the controller and ISE dashboards would be great. It's not that bad but would make for simplified support if it could be combined into one dashboard. View full review »
Technica4c57
Technical Systems Analyst at NJC
I'd like to see an easier way to upgrade to larger versions, as well as more best practices that are easier to locate on their support page. View full review »
reviewer1345848
Senior Solutions Manager at a computer software company with 1,001-5,000 employees
It is a good product, but in order to use all of the functions of the product, you must have a good understanding of the product. You must know how to use and manage it. It is a little bit complicated to configure and manage. It must be simplified to make it easy to manage for end users. In the initial stage, we found ISE complicated for end users. It was not easy to manage it or to write authentication and authorization protocol. They must improve its management and make it easy for end users. The monitoring and reporting capabilities can be improved because end users want to quickly see what is happening in their network. There were some restrictions in working with other vendors. It should also have a better and easy integration with other vendors. View full review »
Josept Conde
Project Manager at Projectnet
There should be better documentation on the implementation of the solution. I learned how to implement it from watching videos. I felt the documentation was too complicated and I also learn better from watching videos. In my experience, there needs to be better documentation for firewall integration as well, we had some trouble early on. View full review »
Jose Tom
Manager - IT Security & Process Compliance at a tech services company with 1,001-5,000 employees
Support and integration for the active devices needs to be worked on. Their features mainly work well with Mac devices. If we use an HP the Mac functionalities may no longer be able to deliver. View full review »
Rogerio Farias Dos Santos
Information Security System Specialist at everis New Company Erifson
They should improve the upgrades. It's not easy to upgrade the solution. View full review »
Grpec745
Group Electrical Engineer Consultants at a comms service provider with 51-200 employees
There should be an easier way to do the upgrades. Customers were having issues going from one version to the next. There are a lot of steps to get to the next version from the previous version which ends up being a bit of the headache with the upgrade. View full review »
Ntwrkengine0887
Network Engineer at a comms service provider with 1,001-5,000 employees
Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better. It needs a better solution for reduced complexity. I think to add more people to four-thousand users is going to be hard. Cisco needs to make it easier to add more people. View full review »
Bachir Elsitt
Network Security Engineer at Data Consult
I would like for them to improve the reporting. View full review »
reviewer1382571
Network Engineer at a financial services firm with 1,001-5,000 employees
The software is a little bit complicated to understand in the beginning, meaning the implementation. It needs proper documentation so that we can understand the options more easily. View full review »
ITSpeciaeb27
IT Specialist at Armstrong flooring, inc.
The stability of this solution needs to be improved. It should not be necessary to go to each individual set of alarms and acknowledge them in order for them to go away. There should be a single button that can be pressed to dismiss all of the alarms at once. View full review »
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,536 professionals have used our research since 2012.