We just raised a $30M Series A: Read our story

Cisco ISE (Identity Services Engine) OverviewUNIXBusinessApplication

Cisco ISE (Identity Services Engine) is the #1 ranked solution in our list of top Network Access Control (NAC) tools. It is most often compared to Aruba ClearPass: Cisco ISE (Identity Services Engine) vs Aruba ClearPass

What is Cisco ISE (Identity Services Engine)?
Identity Services Engine is a security policy management platform that automates and enforces context-aware security access to network resources. It delivers superior user and device visibility to support enterprise mobility experiences and to control access. It shares data with integrated partner solutions to accelerate their capabilities to identify, mitigate, and remediate threats.

Cisco ISE (Identity Services Engine) is also known as Cisco ISE.

Cisco ISE (Identity Services Engine) Buyer's Guide

Download the Cisco ISE (Identity Services Engine) Buyer's Guide including reviews and more. Updated: October 2021

Cisco ISE (Identity Services Engine) Customers
Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
Cisco ISE (Identity Services Engine) Video

Archived Cisco ISE (Identity Services Engine) Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
PA
IT Specialist at Armstrong flooring, inc.
Real User
Monitors and secures devices on our network, signalling with alarms to indicate problems

What is our primary use case?

We use this solution to monitor and secure devices on our network.

How has it helped my organization?

Using this solution gives us the ability to allow proper access to the network.

What needs improvement?

The stability of this solution needs to be improved. It should not be necessary to go to each individual set of alarms and acknowledge them in order for them to go away. There should be a single button that can be pressed to dismiss all of the alarms at once.

What do I think about the stability of the solution?

This solution has problems in terms of stability. I have had certain things that do not work, and I have called technical support for help. They have sent me a patch, and then it still doesn't work, so we end up living with the problem.…

What is our primary use case?

We use this solution to monitor and secure devices on our network.

How has it helped my organization?

Using this solution gives us the ability to allow proper access to the network.

What needs improvement?

The stability of this solution needs to be improved.

It should not be necessary to go to each individual set of alarms and acknowledge them in order for them to go away. There should be a single button that can be pressed to dismiss all of the alarms at once.

What do I think about the stability of the solution?

This solution has problems in terms of stability. I have had certain things that do not work, and I have called technical support for help. They have sent me a patch, and then it still doesn't work, so we end up living with the problem.

What other advice do I have?

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
TP
Technical Systems Analyst at NJC
Reseller
Enables us to authorize students to use our wireless network

Pros and Cons

  • "The biggest value of ISE is that it can get so granular with gaming systems, versus IoT and BYOD."
  • "I'd like to see an easier way to upgrade to larger versions, as well as more best practices that are easier to locate on their support page."

What is our primary use case?

We use this solution to provide wireless for our residence halls and guest networks. We're also a college that works primarily off of iPads, so we have to be able to keep resident hall activity off of the network so that students can do their homework and class activities. We use the Services Engine to authorize all of them.

What is most valuable?

The biggest value of ISE is that it can get so granular with gaming systems, versus IoT and BYOD.

What needs improvement?

I'd like to see an easier way to upgrade to larger versions, as well as more best practices that are easier to locate on their support page.

What do I think about the stability of the solution?

I have had a very good impression of its stability.

What do I think about the scalability of the solution?

We're actually upgrading right now from a small version to a medium-sized one. It's not as simple as I'd like it to be for scalability, but it's still working well.

Which solution did I use previously and why did I switch?

We were very late adopters in the education arena of wireless. We didn't adopt until about five years ago. We had a great relationship with our partner and got to see this demo several times. It was really good.

How was the initial setup?

The initial setup was complex.

What about the implementation team?

The name of the company at the time was MSN but they've been recently purchased. The engineers did a really good job. I would have liked a greater share of knowledge at the time, but they did a great job in implementing a complex situation.

Which other solutions did I evaluate?

Cisco was the only one that we evaluated. There was also Aruba, but Cisco was really the top choice.

What other advice do I have?

My advice to someone considering this solution would be to seek the most comprehensive solution for residence halls.

I would rate this solution as eight out of ten. I would like the flow of authentication and authorization metrics to be easier to see.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,108 professionals have used our research since 2012.
Max Ayoti
Supervisor IT Security at a government with 1,001-5,000 employees
Real User
Easy to use and has good support but is complex to set up

Pros and Cons

  • "Easy to use and provides good support"
  • "An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment."

What is our primary use case?

We primarily use the solution for network admission control.

How has it helped my organization?

Previously, what used to happen is that we use to have anyone - any user, a staff member or a non-staff member, consultant contractors, etc. able to connect to our line without authentication, which I think posed a security risk. We felt that whoever connected to our network should be authenticated. We should know the person. We should have visibility to see who was connecting to our network so that we can detect anomalies. Now, we have different profiles, of different users and staff and for contractors or others. So, depending on the profile, there's control on the access that you can get.

What needs improvement?

An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment. Also, I've not explored MDM but if it should be integrated. 

For how long have I used the solution?

I have been using the solution for 5 years.

What do I think about the scalability of the solution?

In terms of scalability, I think it's scalable. Quite scalable and very intricate. Easy to use and provides good support. 

How are customer service and technical support?

We've had many issues with technical support but from the local vendor, we do get a lot of support which is good. The fact that we also did some training helped. We normally don't have so much trouble when we rescale. We see that we can fix it and then if there are issues, with the vendors and their help, we can rescale it.

How was the initial setup?

Initially, the setup is a bit complex but that depends on the vendor. Maybe because of the complexities around it. Sometimes I think it's about how the best project team really does it.

What about the implementation team?

The person who was put in place to implement it couldn't. So we got another vendor who was good and was a lot more experienced. It's a very new feature so we're hopeful here in Uganda. My country only has about maybe 2 or 3 clients. Those are the ones I know about, our team being one of them.

What other advice do I have?

The deployment strategy was faster than the pilot. We had to see how it works and then we had to, in a transparent manner, see how it works. Deployment took about six months. But the rollout is on-going because we keep opening branches all the time, so we just keep adding them into the solution. For deployment, we used the front liner support but for documentation, we had professional staff. For deployment and maintenance, we have a small team of maybe about five to ten. 

I would give the solution 5.5 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AT
Network Engineer at a comms service provider with 1,001-5,000 employees
Real User
Compatible with Microsoft products and offers advanced firewall support

Pros and Cons

  • "The best feature of the Cisco ISE platform is that it is compatible with Microsoft products."
  • "Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better."

What is our primary use case?

We use Cisco ISE for network management, user access for enterprise clients, and advanced firewall support. We use Cisco ISE on domains and clients jointly with other network software utilities.

How has it helped my organization?

We use Cisco ISE as our main controller for the management of clients that need to join our network.

What is most valuable?

The best feature of the Cisco ISE platform is that it is compatible with Microsoft products. 

What needs improvement?

Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better. 

It needs a better solution for reduced complexity.

I think to add more people to four-thousand users is going to be hard. Cisco needs to make it easier to add more people.

For how long have I used the solution?

We have been using the solution for three years.

What do I think about the stability of the solution?

The Cisco ISE platform is stable.

What do I think about the scalability of the solution?

On our network, we use Cisco ISE as a platform utility to support three thousand users.

How was the initial setup?

The initial setup of the Cisco ISE platform was complex and the deployment was also difficult.

What other advice do I have?

On a scale from one to ten, I would rate Cisco ISE an eight because the server is so complex. Cisco needs to re-program or re-issue it and release a new version with more adequate sizing for small businesses. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
KD
Presales Systems Engineer at a tech services company with 501-1,000 employees
Reseller
Delivers great Posture Assessment Policy Management and VLAN Assignment

Pros and Cons

  • "We found that the most valuable features associated with this tool are posture assessment, policy management, VLAN assignments, guest assignment, and BYOD services. In addition to these services, the Cisco IOS software switch configuration feature is another very valuable aspect of the policy and compliance solution."
  • "There are issues with respect to the posture assessment function. It's been observed that customers are not receiving total access to the network because the assessment agent is glitchy and malfunctions from time-to-time. I would like to see refining of the compliance assessment and adding more detailed compliance of endpoints on the user end."

What is our primary use case?

Our company doesn't use Cisco ISE internally. We act as the solution reseller. Our business model is set up to provide a network-based approach for adaptable, trusted access to our clients. We provide our clients with intelligent, integrated protection through intent-based policy and compliance solutions.

What is most valuable?

We found that the most valuable features associated with this tool are posture assessment, policy management, VLAN assignments, guest assignment, and BYOD services. In addition to these services, the Cisco IOS software switch configuration feature is another very valuable aspect of the policy and compliance solution.

What needs improvement?

There are issues with respect to the posture assessment function. It's been observed that customers are not receiving total access to the network because the assessment agent is glitchy and malfunctions from time-to-time. I would like to see refining of the compliance assessment and adding more detailed compliance of endpoints on the user end.

We have also had to deal with some cache update issues in conjunction with Cisco's tech support team. Unfortunately, they had trouble providing suitable solutions within specific and desirable time frames.

The next release should offer more inter-operability, increased cross-integration functionality. 

What do I think about the stability of the solution?

We are currently experiencing stability issues with this solution.

How are customer service and technical support?

Technical support needs improvement. There were times when my engineers had to talk to a number of different Cisco tech engineers explaining things over and over again. If their tech support has to escalate an issue our support staff is required to mediate which of course disturbs workflows.

How was the initial setup?

The setup requires proper planning. We approach every customer interaction strategically taking into account the complete project scope. It's our job to understand the customer's expectations and requirements for deployment.

Initially, the setup is a bit tough with respect to the graphic user interface (GUI) tool. Cisco ISE has proven to be a bit complex as well.

What other advice do I have?

The solution is sufficient and seems to require little to no maintenance from the client side. Maintenance is always in proportion to the client's needs and product deployment. For instance when we are managing two Cisco ISE boxes with two onsite engineers. As capacity grows obviously we need more engineers; it's not a 1-to-1 relationship but we always take a minimum of two certified engineers qualified to manage Cisco ISE.

I would give this solution a rating of 7 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Francois Van Vuuren
Solutions Manager at EOH
Reseller
Very stable and adds a lot of value to our customer's network

Pros and Cons

  • "In terms of scalability, you need to factor in your licenses. With a virtual platform, the scalability is more than sufficient. We have over one thousand users."
  • "There can be a little bit more integration between the controller management and ISE. There are two dashboards, you have the controller dashboards, and you have the ISE dashboard it would is a way to maybe integrate that into one. That would be great. It's not that bad. It would be easier if it could be combined into one dashboard."

What is our primary use case?

We are a reseller of Cisco ISE. 

What needs improvement?

So far we have had no complaints from customers. No major complaints in terms of ISE. They do complain obviously if the ISE service stops working. Normally that happens if there's a server flaw or some problem at the data center somewhere. 

There can more integration between the wireless controller management and ISE. Consolidation or integration of the controller and ISE dashboards would be great. It's not that bad but would make for simplified support if it could be combined into one dashboard.

What do I think about the stability of the solution?

It's very stable. We have it in on a big car rental company. We manage and we support the Cisco ISE platform for them. It's very stable and it adds a lot of value to the network.

What do I think about the scalability of the solution?

In terms of scalability, you need to factor in your licenses. With a virtual platform, the scalability is more than sufficient. We have over one thousand users. 

We've got two engineers that look after the ISE environment.

How are customer service and technical support?

We have emailed tech before and their support has been very good.

How was the initial setup?

The initial setup was straightforward. The time it takes to implement depends from customer to customer. The most time-consuming aspect is sitting with the customer and planning out the policies and how they understand Cisco ISE. On average, with the planning sessions with the customer and the installation of ISE, it takes approximately five days.

What's my experience with pricing, setup cost, and licensing?

The licensing is too expensive. There is more complexity on the wifi environment, especially with Cisco DNA versus Cisco ONE licensing. As far as the ISE licensing is concerned, it's pretty straightforward. We normally follow the ordering guide which is quite detailed, so there's no problem there.

What other advice do I have?

The advice that I would give someone considering this solution is to understand the licensing. From a design perspective, we refer to the ordering guide quite frequently. The most important thing is to have a technical planning session with the customer. A lot of the time the customer doesn't really know what they want and if you don't have that upfront planning and discussion with the customer, the deployment can take much longer.

I would rate it a ten out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
JL
Unified Networks at a program development consultancy with 11-50 employees
Reseller
Enables us to grant access to users in a secure and easy way

Pros and Cons

  • "Visitors can be granted access to the wifi network using their cellphones, notebooks or tablets in a very easy way. The ease of accessibility that anyone can have to the network is very quick and is a big improvement in our network."
  • "There should be an easier way to do the upgrades. There are a lot of steps to get to the next version from the previous version which ends up being a bit of the headache with the upgrade."

What is our primary use case?

Our primary use case is to grant access to users, we deploy the bring your own device policy.

How has it helped my organization?

Visitors can be granted access to the wifi network using their cellphones, notebooks or tablets in a very easy way. The ease of accessibility that anyone can have to the network is very quick and is a big improvement for our network.

What is most valuable?

The flexibility to grant anyone access to the network easily and in a secure way is its most valuable feature.

What needs improvement?

There should be an easier way to do the upgrades. Customers were having issues going from one version to the next. There are a lot of steps to get to the next version from the previous version which ends up being a bit of the headache with the upgrade. 

What do I think about the stability of the solution?

It's very stable. We have around 200 users and only four people are required for maintenance. 

How are customer service and technical support?

As Cisco partners, the point is that we provide our own support. We prefer our own engineers to be ready to support the solution to provide the service to our customers.

What was our ROI?

We have seen ROI from using this solution. 

What other advice do I have?

We plan to increase usage by around 20 to 30%.

It gives people the peace of mind that they have the possibility to grant access to the people that visit their premises and ensures that they are working in a safe environment that is pure and clear when they use the posture services of the solution.

I would rate it a nine out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
AP
OPCO IT Manager at MTN
Real User
Enables us to protect our network but it should be more user-friendly

Pros and Cons

  • "For guests we give them limited access to the internet when they come in so that access has been useful. Previously, we just used to give them the APN key which they would leave with. Now, we give them credentials to use that are for a limited period of time."
  • "In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support."

What is our primary use case?

We use this solution to protect the network especially when someone brings their own device and to lock out access to anybody connecting to the network. Also to make sure that the people connect to the correct VLAN. So, mainly for security wifi access so that when people want to connect to our wifi they have to log in using their credentials.

How has it helped my organization?

We give guests limited access to the internet when they come in so that access has been useful. Previously, we just used to give them the APN key which they would leave with. Now, we give them credentials to use that are for a limited period of time.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is stable. Any time we found an issue we would get in touch with the reseller to help fix it. Then they tell us where the problem is and we'll know where to look. 

What do I think about the scalability of the solution?

It is scalable. We have around 350 users. We required two staff members for maintenance but they don't have enough knowledge so we have to reach out externally for more help. 

How are customer service and technical support?

Their technical support has been good. They have been responsive every time we have an issue. They get logs, check and then give us feedback of which corrections to do.

How was the initial setup?

The initial setup was complex. We had to engage an expert. When we rolled it out we would find challenges and then we would have to find a way of fixing those challenges. Out of  nowhere, it would lock out all users. Then we discovered that no, the password had expired for the service account. We needed to make it none expiry.

Deployment took about a month. We had to do project planning, discuss the plan with the team, and by the end, it was a month.

What about the implementation team?

We used a reseller for the implementation and we had a good experience with them. 

What's my experience with pricing, setup cost, and licensing?

If you go directly with Cisco for the implementation it's very, very expensive.

Which other solutions did I evaluate?

We also looked at Aruba.

What other advice do I have?

It's a good product but it requires technical support and knowledge otherwise it will be difficult to manage and run it. It requires somebody to be configuring issues. You need protection as you advance in the usage but it's a good product. 

I would rate this solution an eight out of ten. In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AH
Network Administrator at a government with 51-200 employees
Real User
Has many valuable features but it needs more support for the customer

Pros and Cons

  • "After the product was installed, no one could access the secure connection network. In order for any laptop or any endpoint device to attach to my network, it needs to be authorized or be certified to be connected."
  • "I would rate this solution a 7.5 out of ten. To make it a ten they should have more people on tech support. They need to invest more in the product. It's a good product. They should just work on tech support. More support for the customer. It's not that easy to get somebody to understand this product. I have had some issues with tech before for the solution. One of them brought the solution down due to some of his activity. They need to hugely invest in their tech support."

What is our primary use case?

It's a network access manager.

How has it helped my organization?

After the product was installed, no one could access the secure connection network. In order for any laptop or any endpoint device to attach to my network, it needs to be authorized or be certified to be connected.

What is most valuable?

It has many valuable features. 

What needs improvement?

It has many complications from the administration perspective, it's not easy to learn. Not like other solutions that are very friendly and easy to go through. It needs to be more user-friendly. We'll see the same name on more than one tab so we need to realize why that name is there or why only the main tab is not like the other. I cannot believe that Cisco is the best case of security integration however it is easier to implement.

They are good at integration, I do not expect more from them in that regard. They could think about developing VXLAN. They have LDN switches, we need to get into contextual switches, not catalyst switches. Normal switches. I wish they could explore developing more VXLAN options.

What do I think about the stability of the solution?

Stability is not something absolute. 

What do I think about the scalability of the solution?

Scalability is good. We have 60,000 users. 

How are customer service and technical support?

Their technical support isn't good. 

How was the initial setup?

The initial setup took four to six hours to do. The image between six, seven GB, is a huge image, huge process, and it takes too much time. If somebody has a solution of five, four pieces you need to re-image one or you need to incorporate the solution. It will take days to upgrade the solution. It's very complicated. The deployment will take an entire day. And if you have a complication it can take two days because of the complexity. 

What's my experience with pricing, setup cost, and licensing?

We are a big organization and we can arrange for licenses because we are a big customer. We have an agreement for the security license. Licenses aren't an issue for us. We pay for licenses every five years or six years.

What other advice do I have?

I would rate this solution a 7.5 out of ten. To make it a ten they should have more people on tech support. They need to invest more in the product. It's a good product. They should just work on tech support. More support for the customer. It's not that easy to get somebody to understand this product. I have had some issues with tech before for the solution. One of them brought the solution down due to some of his activity. They need to hugely invest in their tech support. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RF
Information Security System Specialist at everis New Company Erifson
Real User
Enables us to distribute internet access to guests and has a good profiling feature

What is our primary use case?

We use it to aid the tools that we make and to sponsor and get flow.

How has it helped my organization?

We distribute internet access to guests. It's the product to our environment.

What is most valuable?

The profiling option is the most valuable feature. 

What needs improvement?

They should improve the upgrades. It's not easy to upgrade the solution. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It's stable. 

What do I think about the scalability of the solution?

It is scalable because we use a network load balancer at the front of the PSN. It can be extended as we want to multiply. It's scalable to our environment. We have around 8,000 users and we are planning to…

What is our primary use case?

We use it to aid the tools that we make and to sponsor and get flow.

How has it helped my organization?

We distribute internet access to guests. It's the product to our environment.

What is most valuable?

The profiling option is the most valuable feature. 

What needs improvement?

They should improve the upgrades. It's not easy to upgrade the solution. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It's stable. 

What do I think about the scalability of the solution?

It is scalable because we use a network load balancer at the front of the PSN. It can be extended as we want to multiply. It's scalable to our environment. We have around 8,000 users and we are planning to expand it. 

How are customer service and technical support?

I opened some tickets with them and I had no problems. They are engineers from India and the U.S and they perform well.

How was the initial setup?

The initial setup was complex. The deployment took around one year. 

What about the implementation team?

We used an integrator for the deployment. They didn't know a lot about the solution so we had to learn about it ourselves and helped them.

What was our ROI?

We have seen ROI from this solution. 

What's my experience with pricing, setup cost, and licensing?

We use a virtual machine so in terms of pricing, we can extend it as much as we need. The licensing; we had to renew twice and in my opinion, it's good.

Which other solutions did I evaluate?

We also looked at ForeScout but we preferred Cisco ISE. 

What other advice do I have?

I would rate this solution a ten out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SaifKhan
Security Engineer at a energy/utilities company with 201-500 employees
Real User
Good stability and enables us to identify and isolate a machine that is infected or that is going to be infected

Pros and Cons

  • "The initial setup was easy. It took around one month. We did the installation part within half an hour to two hours but we found a couple of issues so we raised a case and once everything was resolved it was a month in total."
  • "Since we have started, we struggled a lot to implement this solution into our network, and we opened a case a couple of times. Up until this point, nothing else needs to be improved with this product."

What is our primary use case?

We use this solution to authenticate the domain users and if someone is not the domain user to make them a guest.

How has it helped my organization?

Before, our port would be wide open, anyone could come to the network and put their laptop into the port or any device and they would be able to get the IP. Now, if someone tries to connect to our network through an IU port or internet, they will not be able to access it. Another way this solution has improved our organization is that when we integrate this with our OpenGate server we are able to identify and isolate the machine that is infected, or that is going to be infected.

Plus, we had control on which device we can block in real-time and white list, or according to the MAC address, we can send this device to get an assigned IP from a special VLAN.

What is most valuable?

The identification with McAfee DHL is the most valuable feature. It gives us full visibility to see if there's any malware or malicious activity going on in the network and will then isolate the device.

What needs improvement?

Since we have started, we struggled a lot to implement this solution into our network, and we opened a case a couple of times. Up until this point, nothing else needs to be improved with this product.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Stability is very good. We haven't faced any issues and there aren't any bugs. 

What do I think about the scalability of the solution?

We currently have around 400 users and we only need two staff members for maintenance. It is being used extensively because all of the users are dependent on it. If the ISE is down no one will be able to authenticate.

How is customer service and technical support?

Technical support is very good because, on the user phase, it shows who was on the call with us and who helped us. 

How was the initial setup?

The initial setup was easy. It took around one month. We did the installation part within half an hour to two hours but we found a couple of issues so we raised a case and once everything was resolved it was a month in total. 

What about the implementation team?

We used an integrator. We had a good experience with them because we have already worked with them in the past couple of years

Which other solutions did I evaluate?

We researched this solution and found that it fulfills all of our requirements so we didn't look into any other solutions.

What other advice do I have?

I would rate this solution a nine out of ten. 

I would advise someone considering this solution not to enable it with MAC. They are going to be in a very bad state after enabling this with MAC because if you do it is going to isolate so many devices which do not comply with the policy.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user690516
Manager - IT Security & Process Compliance at a tech services company with 1,001-5,000 employees
Real User
Highly scalable and enables us to have visibility of all the changes happening on certain devices

Pros and Cons

  • "We have multiple metal devices from different places that use management, so we need to know who would be accessing all those devices and what changes are being done to those metal devices. With Cisco ISE we have visibility of all the changes happening on those devices."
  • "Support and integration for the active devices needs to be worked on. Their features mainly work well with Mac devices. If we use an HP the Mac functionalities may no longer be able to deliver."

What is our primary use case?

My primary use case for this solution is as a server for my networking devices.

How has it helped my organization?

We have multiple metal devices from different places that use management, so we need to know who would be accessing all those devices and what changes are being done to those metal devices. With Cisco ISE we have visibility of all the changes happening on those devices.

What is most valuable?

The authorization feature is the most valuable feature. 

What needs improvement?

Support and integration for the active devices needs to be worked on. Their features mainly work well with Mac devices. If we use an HP the Mac functionalities may no longer be able to deliver.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It's not very stable. Product-wise, in terms of performance and in terms of stability, I don't experience any challenges.

What do I think about the scalability of the solution?

It's highly scalable but it's challenging to scale-up non-Cisco products. We currently have around 50 users and 11 employees monitoring the device. We don't have any plans to increase usage. 

How are customer service and technical support?

Their technical support is pretty good. They have a good database and knowledge space regarding this solution. You'll get the support that you need. 

Which solution did I use previously and why did I switch?

We are also currently using ForeScout for another feature but we are facing multiple challenges with ForeScout implementation.

How was the initial setup?

The initial setup was straightforward. The deployment and negotiating time depends on your network infrastructure and what kind of environment you have.

What other advice do I have?

You should have a fair understanding of the kubernetes that have been used in their infrastructure.

I would rate this solution an eight out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JF
User
Real User
All devices have multifactor authentication in collaboration with IT which secures access to all our devices

Pros and Cons

  • "For device administration, all devices have multifactor authentication in collaboration with IT, so it secures access to all of our devices. For guest and wireless access, it's a matter of a lowly manager who we give access to the portal and he can assign access to the guests, so it's a very simple process now. It keeps the IT focusing on their work, and gives the business people the right access."
  • "The compliance and posture don't always work. They should make it more stable. With each upgrade, we lose some functionality. We have to wait for another upgrade."

What is our primary use case?

My primary use case of this solution is for access control for authentication and for the authorization of wireless users.

How has it helped my organization?

For device administration, all devices have multifactor authentication in collaboration with IT, so it secures access to all of our devices. For guest and wireless access, it's a matter of a lowly manager who we give access to the portal and he can assign access to the guests, so it's a very simple process now. It keeps IT focusing on their work, and gives the business people the right access. 

Also, with BYOD mobile users can work easier and in a more secure way. For the places in public access we're securing our network socket, so now not everybody can plug in and log into our network due to this feature. It's making it more secure for headquarters.

What is most valuable?

  • BYOD service
  • The guest and secure wireless access
  • Compliance and posture
  • Wireless administration

What needs improvement?

The compliance and posture don't always work. They should make it more stable. With each upgrade, we lose some functionality. We have to wait for another upgrade.

I would like to see them develop some type of device management, like an iPad feature, just to be able to give security access to certain devices for management. Mainly for the suppliers and the third parties.

Another feature I would like to see would be for them to create the ability to integrate with other products from the start. We always search for products that integrate with us and so it would ease the management and then everybody would be entered. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It's 99% stable. 

What do I think about the scalability of the solution?

It's scalable. We have more than 500 users. We are planning to use more features and to integrate it with other branches that we have. It's a way to have a global solution across all branches.

How is customer service and technical support?

Technical support is okay. Sometimes it takes a long time for them to respond. We'll usually end up solving our own issues. The response time should be shorter. 

How was the initial setup?

The initial setup was complex. It took time to have a stable environment but once it stabilized, it was great. Although, we had six to seven months of an unstable system. 

What about the implementation team?

We deployed through a reseller, they were good. We require two staff members for maintenance.

What was our ROI?

Our ROI is good enough. It's simplifying things for IT and for the business, so it's good for both sides. It solves a lot of issues that without the product would be costly to our organization so we see ROI in that sense. 

What's my experience with pricing, setup cost, and licensing?

Licensing is very complicated and it changes a lot. I know recently it changed since we acquired the solution. It had a different licensing scheme that has changed. 

The cost is high compared to other solutions. Even so, it is better than what's on the market. The licensing model is complicated and the cost is a little bit high.

What other advice do I have?

It's a great product but you should be careful to plan before deploying. Do thorough planning as not to do the same error that we did. We didn't do enough planning before deploying so it took us a long time to have a thorough plan. 

I would rate this solution a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Bachir Elsitt
Network Security Engineer at Data Consult
Real User
The firewall can see traffic as unencrypted and we can then mitigate the enemy and any attack

What is our primary use case?

My primary use case of this solution is to protect the website from web attacks. 

How has it helped my organization?

I use the F5 device on the DMZ zone of the firewall. A record will come to the virtual server on the F5. Then the F5 will upload the encrypted message to the server and decrypt this message. The firewall can see the traffic as unencrypted and we can mitigate the enemy and any attack from F5 and from the firewall.

What is most valuable?

The most valuable feature would be the protection. 

What needs improvement?

I would like for them to improve the reporting. 

What do I think about the stability of the solution?

This solution is stable.

What do I think about the scalability of the solution?

It is scalable. 

How is customer service and technical support?

I would rate their technical support as an eight. They provide a quick solution and I trust working with them. 

How was the initial setup?

The initial setup was straightforward. 

What's my experience with pricing, setup cost, and licensing?

The price is not very expensive. 

What other advice do I have?

This solution can be used to protect one's application. The server has many features to secure and diagnose.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user866460
Architect of Security and Networking solutions (Presales and after sales) at a comms service provider with 1,001-5,000 employees
Real User
Provides Member Access Control and enables integration of Cisco hardware

What is our primary use case?

We are an ISP and we are working on providing ISP solutions for companies. For that reason, we are trying to deploy ISE or other technologies.

How has it helped my organization?

The benefit comes from the fact that all of our clients have Cisco products and we are looking for a tool that can integrate all the devices for a secure facility, monitoring, etc.

What is most valuable?

MAC - Member Access Control Integrating all Cisco wireless, networking, switches, routers, firewalls for our customers.

What needs improvement?

In a future release, I would like to see network access control. That is something that customers seem to be looking for.

What is our primary use case?

We are an ISP and we are working on providing ISP solutions for companies. For that reason, we are trying to deploy ISE or other technologies.

How has it helped my organization?

The benefit comes from the fact that all of our clients have Cisco products and we are looking for a tool that can integrate all the devices for a secure facility, monitoring, etc.

What is most valuable?

  • MAC - Member Access Control
  • Integrating all Cisco wireless, networking, switches, routers, firewalls for our customers.

What needs improvement?

In a future release, I would like to see network access control. That is something that customers seem to be looking for.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user816279
Research Engineer with 1-10 employees
User
Its wireless​ controller needs to add more than one physical port. However, it improves switch account management.

What is our primary use case?

Wireless Control Solutions Physical Port Access Control Changing switch configuration records and account controls.

How has it helped my organization?

Currently planning to establish a wireless network environment. Expected benefits.  Improves switch account management. Physical Port Access Control.

What is most valuable?

ISE Dynamic VLAN assignment ISE Radius and Tacacs+ External identity sources LDAP, domain, or token.

What needs improvement?

The Cisco wireless controller needs to add more than one physical port. The Guest Network verification needs to add a QR code option.

For how long have I used the solution?

One to three years.

What is our primary use case?

  • Wireless Control Solutions
  • Physical Port Access Control
  • Changing switch configuration records and account controls.

How has it helped my organization?

  • Currently planning to establish a wireless network environment.
  • Expected benefits. 
  • Improves switch account management.
  • Physical Port Access Control.

What is most valuable?

  • ISE Dynamic VLAN assignment
  • ISE Radius and Tacacs+
  • External identity sources LDAP, domain, or token.

What needs improvement?

  • The Cisco wireless controller needs to add more than one physical port.
  • The Guest Network verification needs to add a QR code option.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Senior Network Engineer/Mobility Specialist at CCSI - Contemporary Computer Services, Inc.
Real User
It has a centralized and unified highly secure access control with ISE, which grew out of ACS.

Pros and Cons

  • "Cisco ISE now competes with any other product in the space because of its centralized and unified highly secure access control with ISE."
  • "The learning curve is steep and the initial setup is complex."

What is most valuable?

Cisco ISE now competes with any other product in the space because of its centralized and unified highly secure access control with ISE. ISE grew out of ACS and in the process has grown up.

What needs improvement?

The learning curve is steep and the initial setup is complex.

What do I think about the stability of the solution?

We've had no issues with stability.

What do I think about the scalability of the solution?

We've had no issues with scalability.

How are customer service and technical support?

Customer Service:

Customer service is good.

Technical Support:

Technical support is very good.

Which solution did I use previously and why did I switch?

Yes. I am a consultant, so I have used many competing products over the years.

How was the initial setup?

The initial setup is complex, but not if you fully vet the solution and leverage the functionality.

What about the implementation team?

I am the services firm that does this work and the SME for my organization.

What was our ROI?

It is hard to quantify ROI. It is more easily measured in increased mobility and security.

What's my experience with pricing, setup cost, and licensing?

There are three levels of pricing: basic, plus, and apex. Basic satisfied our needs.

Which other solutions did I evaluate?

Yes, we used ClearPass.

What other advice do I have?

Not all features are available with base license, plus license allows for profiling and provisioning

Disclosure: My company has a business relationship with this vendor other than being a customer: We resell Cisco.
ITCS user
Senior Network Engineer with 1,001-5,000 employees
Vendor
It can handle Radius and TACACS+. It is quite complex when it comes to troubleshooting.

What is most valuable?

It can handle Radius and TACACS+.

How has it helped my organization?

Authorisation and Authentication Policy creation is easier. Access right limitation is pretty easy in ISE. Context exchange feature is present.

What needs improvement?

It is quite complex when it comes to troubleshooting.

For how long have I used the solution?

2 years

What was my experience with deployment of the solution?

Upgrade was quite a pain. It doesn't exactly go according to the document.

What do I think about the stability of the solution?

On TACACS side, we see some issues. The rest is all going well.

How are customer service and technical support?

Customer Service:

It's good.

Technical Support:

Tech support is still lacking on TACACS troubleshooting on ISE.

Which solution did I use previously and why did I switch?

We were using ACS and IAS servers for radius and TACACS. ISE is one stop shop for everything with more to offer.

What about the implementation team?

Initially done with a Cisco consultant and started with Radius services. Expertise was excellent.

What's my experience with pricing, setup cost, and licensing?

Smartnet is not so cheap depending on the deployment.

What other advice do I have?

We have deployed this solution and we keep on exploring more and more. It can do wonders for authentication and limiting access with the network.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Senior Network Engineer/Mobility Specialist at CCSI - Contemporary Computer Services, Inc.
Real User
Profile Sets help organize how AAA is handled by grouping, like traffic into separate subroutines.

What is most valuable?

Profile Sets help organize how AAA is handled by grouping, like traffic into separate subroutines.

How has it helped my organization?

We implement this for customers is various verticals. Most of the time oit is in Education. It really helps secure, classify and manage users including guest and BYOD users.

What needs improvement?

The product has improved with its evolution. The initial setup, though, is extremely complex.

For how long have I used the solution?

10 years. I have used this since it was Cisco ACS

What was my experience with deployment of the solution?

As the product matures I encounter less and less problems.

What do I think about the scalability of the solution?

The produt scales well.

How are customer service and technical support?

Excellent. TACis quite knowledgable.

Which solution did I use previously and why did I switch?

I have used Microsoft IAS/NPS, Funk, and Aruba ClearPass. ClearPass is the only product in the same league as Cisco ISE.

How was the initial setup?

ISE is extremely complex. With the functionality and flexibility it offers that is to be expected.

What about the implementation team?

I am the vendors's partner.

What's my experience with pricing, setup cost, and licensing?

Licensing and pricing is a complicated calculation, so it is best to really understand your customers' needs. Also team up with the right resources at Cisco for help.

Disclosure: My company has a business relationship with this vendor other than being a customer: We resell this product and the services associated with it. I have used several other RADIUS/security products from various vendors.
ITCS user
Senior Network Operations Specialist at a government with 1,001-5,000 employees
Vendor
This technology is based upon utilizing other Cisco products such as IDS, IPS, ASA and Catalyst switches.

Valuable Features:

Cisco Identity Services Engine (ISE) version 1.3 has improved it's GUI margin and much easier to navigate than the previous versions. 

This technology pride itself with Trust Sec and 802.1x  feature. Trust Sec can be an advantage when an environment is nothing but a Cisco workshop.

This technology is based upon utilizing other Cisco products such as IDS, IPS, ASA and Catalyst switches. It provides the RADIUS feature for Active Directory so that 802.1x (EAP over LAN) is properly utilized for User Authentication.  

It also does MAC Address Bypass (MAB) for MAC Address verification and authentication.  

Cisco will integrate the TACACS+ feature into ISE version 2.0 and enterprises no longer need Cisco ACS for this reason.  

Improvements to My Organization:

Many organizations and large enterprises are faced with the daunting task of keeping their security issues at bay. They also need to be in compliant with the Cyber Security's strict guidelines and orders.  

While there are many cyber attacks from the outside of the edge routers, cyber attacks can also be implemented within the organization whether it is either intentional or unintentional.  Cisco ISE can mitigate many attacks such as MAC spoofing, VLAN hopping, DHCP Starvation and ARP Snooping.

By implementing ISE, it can lighten the overhead of the Cisco Catalyst Switches by not implementing port security, Dynamic Arp Inspection, DHCP Snooping. This will also improve the switch's performance since the ISE server takes over the duty of posturing with its Policy Service Node persona.  

Room for Improvement:

Cisco ISE has improved performances on Access Switches and closely monitored the daily suspicious or rogue activities within the organization.  

Deployment Issues:

We've had no issues with deployment.

Stability Issues:

We've had no issues with stability.

Scalability Issues:

We've been able to scale it for our needs.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Security Senior Network Engineer with 1,001-5,000 employees
Vendor
We use it for implementing wireless 802.1X with Active Directory and guest portal, but we're waiting for TACACS integration to completely replace the Cisco ACS line of products.

What is most valuable?

  • I'ts compatibility with 802.1X
  • Posture
  • Profiling
  • Guest Portal

How has it helped my organization?

As an integrator, I can tell that this product is mostly used for implementing wireless 802.1X with Active Directory and guest portals. It can be integrated with Active Directory and an external SMS gateway, can be used to track user authentications with Cisco WLC, can be therefore used to completely implement BYOD (considering the tight integration with leading MDM vendors). The product can be bought as a physical appliance as well a virtual appliance.

What needs improvement?

We are waiting for TACACS integration to completely replace the Cisco ACS line of products.

For how long have I used the solution?

I've used it for about four years.

What do I think about the stability of the solution?

Being a product relatively young the product seems incredibly stable and not prone to system outages.

What do I think about the scalability of the solution?

Having a Cisco consolidated experience with this type of products, the product encounters very little of no scalability problem.

How are customer service and technical support?

Cisco has implemented a special ATC partner program to help partners and customers to have a smooth deployment. As far as I know there is also a dedicated TAC area for this product, Cisco commitment on the ISE line of product is really at a top level. I can say this with an high degree of certainty being a Cisco Gold Partner.

Which solution did I use previously and why did I switch?

We use this product because we mainly sell this as a premier class NAC solution, compared to other similar products.

How was the initial setup?

The initial setup is very straightforwardly done by following the product’s document guides.

What about the implementation team?

I work for a vendor/system integrator.

What other advice do I have?

The main advice is to seek for an accredited ATC system integrator with a large ISE portfolio.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Gold Partner and an authorized ISE system integrator.
Buyer's Guide
Download our free Cisco ISE (Identity Services Engine) Report and get advice and tips from experienced pros sharing their opinions.