• Home
  • Cisco ISE (Identity Services Engine) vs. CyberArk Privileged Access Manager

Cisco ISE (Identity Services Engine) vs CyberArk Privileged Access Manager comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Network Access Control (NAC)
March 2024
Executive Summary
Updated on Sep 7, 2022

We performed a comparison between Cisco ISE (Identity Services Engine) and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Cisco ISE users have mixed reviews on the ease of deployment. Users of CyberArk Privileged Access Manager say the initial setup is complex and requires technical expertise.
  • Features: Users say both products have good stability and scalability.

    Cisco ISE users like that the solution is flexible, secure, and has a good GUI. Users would like to see better migration to the cloud and would like to see a hybrid option.

    CyberArk users like the solution’s performance, password protection, and monitoring tools. Reviewers mention that it lacks flexibility.
  • Pricing: Users of both solutions consider the pricing to be expensive.
  • Service and Support: Most users of both solutions are satisfied with the level of support they receive.
  • ROI: Users of both solutions report a positive ROI.

Comparison Results: The two solutions received similar ratings in all categories. However, users recognize Cisco as a worldwide, well-known, and trusted brand and they like its flexibility.

To learn more, read our detailed Network Access Control (NAC) Report (Updated: March 2024).
Download the complete report
768,246 professionals have used our research since 2012.
Featured Review
Song Loo
Enables us to authenticate with AD
Before, we used to use Cisco ACS. After ACS retired, we started using Cisco Identity Services Engine. Right now, we are integrating Cisco Identity... Read more →
Korneliusz Lis
Good password management with good integrations and security capabilities
CyberArk PAM ended a scenario where several dozens or even hundreds of privileged accounts had the same password or administrators had passwords... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The initial setup was easy. It took around one month. We did the installation part within half an hour to two hours but we found a couple of issues so we raised a case and once everything was resolved it was a month in total.""The most valuable feature of Cisco ISE is its seamless integration with the switches and the entire suite, enabling wireless access and smooth client information retrieval.""The most valuable feature is the ASDM - the user interface makes it very easy to configure the firewall.""It's scalable.""The solution cuts down on the repercussions of getting malware or ransomware.""The biggest value of ISE is that it can get so granular with gaming systems, versus IoT and BYOD.""Not having to trust devices and being able to set those levels of trust and more finely control our network is a benefit.""For guests we give them limited access to the internet when they come in so that access has been useful. Previously, we just used to give them the APN key which they would leave with. Now, we give them credentials to use that are for a limited period of time."

More Cisco ISE (Identity Services Engine) Pros →

"The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis.""The users have the ability to rotate passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically.""It is a scalable product.""Allows secure, logged access to highly sensitive servers and services.""Technical support is very helpful whenever we have any questions.""We have demoted a lot of domain admins and taken a lot of that away from people, giving it a shared account structure.""Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment.""The technical support is good."

More CyberArk Privileged Access Manager Pros →

Cons
"The policies could be adjusted to make them more easily implementable.""The pricing is fair.""It would be helpful for us to know what needs to be deployed, configured, and what changes we need to make to our devices when we don't receive the specific login which is an indication of a lack of connection or incorrect configuration.""Also, the menus could have been much simpler. There are many redundant things. That's a problem with all Cisco solutions. There are too many menus and redundant things on all of them.""The interface is a little bit complex.""Some of the reporting could be improved.""ISE is a little clunky. The front-end feels like it is from the 1980s.""I would like the product to include support for OSVS version three."

More Cisco ISE (Identity Services Engine) Cons →

"The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs.""We'd like to see the creation of some kind of memo field for each device account, which could be used, in our network at least, to leave a note about the device for either the security or network engineering team members.""When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time.""The tool’s pricing and scalability can be better.""Online help needs to be looked into with live agent support.""Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations.""There was a functionality of the solution that was missing. I had noticed it in Beyond Trust, but not in this solution. But, recently they have incorporated something similar.""The initial setup was a bit complex."

More CyberArk Privileged Access Manager Cons →

Pricing and Cost Advice
  • "There are three levels of pricing: basic, plus, and apex. Basic satisfied our needs."
  • "If you go directly with Cisco for the implementation it's very, very expensive."
  • "The SMARTnet technical support is available at an additional cost."
  • "For the Avast virus scan, we pay around USD $95 per machine for five years which includes all updates and technical support."
  • "The price for Cisco ISE is high."
  • "The price can be lower, especially for subscriptions. It should be a lot cheaper to have a wide range of customers. The price should be comparable to competitive products like Forescout or Fortinet FortiNAC. Forescout is cheaper for customers looking for a cloud solution."
  • "There are other cheaper options available."
  • "The price is okay."

    • More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →

  • "Pricing and licensing depend on the environment."
  • "It is not a cheap solution. It is expensive as compared with other solutions. However, it is one of the best solutions in their domain."
  • "It can be an expensive product."
  • "Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product."
  • "The cost is high compared to other products."
  • "CyberArk provides all the features bundled. This is compared to other vendors who provide them as a different license for each functionality."
  • "Our risk is definitely significantly lower. Also, our resources are low."
  • "If you are looking at implementing this solution, buy the training and go to it."

    • More CyberArk Privileged Access Manager Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
    See Recommendations
    768,246 professionals have used our research since 2012.
    Questions from the Community
    Which is better - Aruba Clearpass or Cisco ISE?
    Top Answer: Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely… more »
    What are the main differences between Cisco ISE and Forescout Platform?
    Top Answer:OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers… more »
    Read all 3 answers   →
    How does Cisco ISE compare with Fortinet FortiNAC?
    Top Answer:Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user… more »
    How does Sailpoint IdentityIQ compare with CyberArk PAM?
    Top Answer:We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the… more »
    Read all 2 answers   →
    What do you like most about CyberArk Privileged Access Manager?
    Top Answer:CyberArk PAM can be easily automated.
    Read all 45 answers   →
    What is your experience regarding pricing and costs for CyberArk Privileg...
    Top Answer:The product is expensive. I rate the product’s pricing a seven out of ten, where one is cheap and ten is expensive.
    Read all 31 answers   →
    Ranking
    1st
    out of 23 in Network Access Control (NAC)
    Views
    24,198
    Comparisons
    16,115
    Reviews
    73
    Average Words per Review
    759
    Rating
    8.5
    1st
    out of 48 in Privileged Access Management (PAM)
    Views
    11,160
    Comparisons
    6,378
    Reviews
    34
    Average Words per Review
    621
    Rating
    8.9
    Comparisons
    Also Known As
    Cisco ISE
    CyberArk Privileged Access Security
    Learn More
    Cisco
    CyberArk
    Overview

    Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

    Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

    Features of Cisco ISE

    • Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
    • Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
    • Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
    • Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
    • Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
    • Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
    • Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
    • Device profiling: ISE features predefined device templates for different types of endpoints.
    • Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

    Benefits of Cisco ISE

    Cisco’s holistic approach to network access security has several advantages:

    • Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
    • Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
    • Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
    • Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
    • Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

    Support

    You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

    Licensing

    Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

    Reviews from Real Users

    "The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

    Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

    “Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

    Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."




    CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

    CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

    Benefits of CyberArk Privileged Access Manager

    Some of CyberArk Privileged Access Manager’s benefits include:

    • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
    • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
    • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

    Reviews from Real Users

    CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

    PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

    Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

    Sample Customers
    Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
    Rockwell Automation
    Top Industries
    REVIEWERS
    Financial Services Firm13%
    Government11%
    Comms Service Provider11%
    Computer Software Company11%
    VISITORS READING REVIEWS
    Educational Organization23%
    Computer Software Company16%
    Government8%
    Financial Services Firm7%
    REVIEWERS
    Financial Services Firm24%
    Computer Software Company13%
    Insurance Company12%
    Healthcare Company9%
    VISITORS READING REVIEWS
    Educational Organization30%
    Computer Software Company12%
    Financial Services Firm10%
    Manufacturing Company5%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise21%
    Large Enterprise55%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise32%
    Large Enterprise52%
    REVIEWERS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise38%
    Large Enterprise48%
    Buyer's Guide
    Network Access Control (NAC)
    March 2024
    Download Free Report
    Find out what your peers are saying about Cisco, HPE Aruba Networking, Fortinet and others in Network Access Control (NAC). Updated: March 2024.
    DOWNLOAD NOW
    768,246 professionals have used our research since 2012.

    Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 135 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while CyberArk Privileged Access Manager is rated 8.8. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas CyberArk Privileged Access Manager is most compared with Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and Zscaler Internet Access.

    We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.