We performed a comparison between Cisco ISE (Identity Services Engine) and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions received similar ratings in all categories. However, users recognize Cisco as a worldwide, well-known, and trusted brand and they like its flexibility.
"The user experience of the solution is great. It's a very transparent system."
"I love the policy sets, they are really nice and dynamic."
"The most valuable features are the ability to retrieve information about Active Directory user names, viewing the log files to see which MAC address tried to connect with the created SSIDs, portal designing for your company, hotspot tools, and creating network rules for WiFi access."
"It does what it's supposed to. We use a certificate-based authentication method for corporate-managed devices. That means when a user walks in with their managed laptop and plugs it into the network, it chats with Cisco ISE in the background, allows it on the network, and away they go."
"The most valuable feature is the integration with StealthWatch and DNA as one fabric."
"The most valuable feature is the provisioning of the device so as to ensure that they are compliant with the security policy that we need to have."
"It's flexible and stable. It's been good as a standard environment to run."
"Cisco ISE now competes with any other product in the space because of its centralized and unified highly secure access control with ISE."
"Automatic password management, which will automatically change passwords based on compliance requirements."
"It supports lots of requirements in the privileged access management area."
"Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control."
"You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily."
"Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices."
"The combination of CPM and PSM resolves a lot of use cases."
"Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment."
"Password rotation, session recording & isolation and on-demand privileges."
"They should improve the documentation. There tends to be a lot of old text, or the new things aren't always up to what's been released on the code, and sometimes the documentation is inconsistent."
"Segmentation can be improved."
"The web interface needs improvement. The new web interface that they have is not as easy to manage and we find it to be very slow."
"In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support."
"It could be less monolithic. It's one huge application, and it does everything under the sun, so it's hard to deal with and upgrade and manage."
"Difficult to figure out the protocols and nodes in order to implement correctly."
"Sometimes, there are instances when Cisco ISE simply fails to function without any apparent reason, and regardless of the investigation we undertake, the logs indicate that everything is functioning properly, making it somewhat inexplicable."
"Documentation is probably the worst part of the software."
"There were a lot of manual steps in the initial setup which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5."
"The usual workload is sometimes delayed by the solution."
"Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use."
"We don't often contact technical support, but when we do it, the response could be faster and better."
"There is a bit of a learning curve, but it's a pretty complex solution."
"The current interface is not very intuitive."
"In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution. Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations. In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows."
"One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
More CyberArk Privileged Access Manager Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 135 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while CyberArk Privileged Access Manager is rated 8.8. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas CyberArk Privileged Access Manager is most compared with Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and ManageEngine PAM360.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.