We performed a comparison between Cisco ISE (Identity Services Engine) and CyberArk Privileged Access Manager based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions received similar ratings in all categories. However, users recognize Cisco as a worldwide, well-known, and trusted brand and they like its flexibility.
"ISE's most valuable feature is integration between IT and OTs."
"It has allowed us to pull in multiple authentication databases, then centralize them into a captive portal system."
"The TACACS and RADIUS have been the most valuable features so far."
"[One of the most valuable features] is just the ease of use. It's pretty simple to set up certs that we can add to our clients to make sure that they connect properly, [as is] whitelisting Mac addresses."
"For me, the TACACS feature is the most valuable. I have also used Cisco ISE with LDAP, not with Active Directory. That works for me because I prefer LDAP versus Active Directory."
"The WiFi portal in Cisco ISE is very useful for WiFi customers."
"When you push out the policy, it is able to populate the entire network at one time."
"The most valuable feature is the visibility element, the ability for customers to be able to see what devices are actually on their network. Without a solution like ISE, they would have no idea what devices are connected to their network. It offers them the ability to authenticate devices via mobile."
"CyberArk has resulted in a massive increase in our security footprint."
"With PAM in place, we've experienced a significant reduction in potential security breaches."
"PSM (Privilege Session Manager."
"The password management feature is valuable."
"The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."
"It has helped from an auditing perspective identify who has access to privileged accounts."
"The password vault and session monitoring are useful."
"It allows users to self-provision access to the accounts that they need."
"The primary issue is the slowness of the application and the web interface. We have multiple admin nodes and app nodes. So when I need to get some information about a particular user, the GUI would take ten to fifteen seconds in loading when we need to know right away."
"I would like to see the product simplified more, especially with the configuration."
"The price could be better. I would like to see more integration with third-party solutions in the next release. This is because many of my clients don't have Cisco."
"The Cisco wireless controller needs to add more than one physical port."
"The installation is not straightforward, it took us approximately one month."
"They should improve their licensing. Licensing is always trouble with Cisco, and Cisco Identity Services Engine is no different. The way the product is licensed could be improved."
"The area where things could be improved is education. It's complicated to deploy initially because you have to know what you're getting into."
"Sometimes some of Cisco ISE's graphical interfaces could be a little bit smoother. However, with the different versions, the product is getting better and better."
"They can do a better job in the PSM space."
"CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift."
"CyberArk Privileged Access Manager could improve the integration with other solutions and ease of use. Additionally, there should be a feature to have remote connections without a VPN."
"The initial setup has room for improvement to be more straightforward."
"The product could be easier to use. More work needs to be done on this aspect; it is not good enough yet. It also takes up a lot of server space. Sometimes we need to use up to seven servers."
"Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up."
"The tool’s pricing and scalability can be better."
"I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
More CyberArk Privileged Access Manager Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 135 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while CyberArk Privileged Access Manager is rated 8.8. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas CyberArk Privileged Access Manager is most compared with Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion, One Identity Safeguard and Zscaler Internet Access.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.