Most Helpful Review
Good stability and enables us to identify and isolate a machine that is infected or that is going to be infected
It prevents scanning, malware spread, corporate asset misuse, and reconnaissance on our network by third-party devices.
Find out what your peers are saying about Cisco ISE (Identity Services Engine) vs. ForeScout CounterACT and other solutions. Updated: January 2020.
398,259 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Using this solution gives us the ability to allow proper access to the network.
The biggest value of ISE is that it can get so granular with gaming systems, versus IoT and BYOD.
Easy to use and provides good support
The best feature of the Cisco ISE platform is that it is compatible with Microsoft products.
We found that the most valuable features associated with this tool are posture assessment, policy management, VLAN assignments, guest assignment, and BYOD services. In addition to these services, the Cisco IOS software switch configuration feature is another very valuable aspect of the policy and compliance solution.
In terms of scalability, you need to factor in your licenses. With a virtual platform, the scalability is more than sufficient. We have over one thousand users.
Visitors can be granted access to the wifi network using their cellphones, notebooks or tablets in a very easy way. The ease of accessibility that anyone can have to the network is very quick and is a big improvement in our network.
For guests we give them limited access to the internet when they come in so that access has been useful. Previously, we just used to give them the APN key which they would leave with. Now, we give them credentials to use that are for a limited period of time.
The user interface is quite simple.
The most valuable feature is the blocking of USB devices.
I have noticed that in the last year the license model has changed from licensing the whole appliance to licensing the number of devices. It's more simple for a large installation, or a user to have CounterACT as their peripheral site in the company. It's a good choice to have changed the license policy.
The most valuable features are remote access and administration scripts.
Emergency response, risk assessment information to get a view of the of the vulnerability.
The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment.
Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available.
There should be a single button that can be pressed to dismiss all of the alarms at once.
I'd like to see an easier way to upgrade to larger versions, as well as more best practices that are easier to locate on their support page.
An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment.
Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better.
There are issues with respect to the posture assessment function. It's been observed that customers are not receiving total access to the network because the assessment agent is glitchy and malfunctions from time-to-time. I would like to see refining of the compliance assessment and adding more detailed compliance of endpoints on the user end.
There can be a little bit more integration between the controller management and ISE. There are two dashboards, you have the controller dashboards, and you have the ISE dashboard it would is a way to maybe integrate that into one. That would be great. It's not that bad. It would be easier if it could be combined into one dashboard.
There should be an easier way to do the upgrades. There are a lot of steps to get to the next version from the previous version which ends up being a bit of the headache with the upgrade.
In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support.
The solution does have a bit of complexity, and there's some complexity in the deployment. Users need to be trained before undertaking an initial setup.
The ability to block external devices in Mac is lacking and needs to be added.
For the user, the policy that they have implemented sometimes needs adjustments. Sometimes the features that the customer asks for aren't involved in the main installation, and I need to bolt an add-on in. However, I never know if this policy is the right one when I do this.
We experienced some detection issues when checking compliance for the Sophos agent.
Search - needs boolean functionality (or pseudo operand now working).
They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment.
Multitenancy should be included in the next version so it could be used as a managed service provider.
Pricing and Cost Advice
If you go directly with Cisco for the implementation it's very, very expensive.
Devices with multiple IP's count multiple times against your license count.
out of 22 in Network Access Control
Average Words per Review
out of 22 in Network Access Control
Average Words per Review
Compared 38% of the time.
Compared 19% of the time.
Compared 7% of the time.
Compared 35% of the time.
Compared 25% of the time.
Compared 10% of the time.
Also Known As
|Cisco ISE||CounterACT for Endpoint Compliance|
|Identity Services Engine is a security policy management platform that automates and enforces context-aware security access to network resources. It delivers superior user and device visibility to support enterprise mobility experiences and to control access. It shares data with integrated partner solutions to accelerate their capabilities to identify, mitigate, and remediate threats.|
ForeScout offers Global 2000 enterprises and government organizations the unique ability to see devices, including non-traditional devices, the instant they connect to the network. Equally important, ForeScout lets you control these devices and orchestrate information sharing and operation among disparate security tools to accelerate incident response. Unlike traditional security alternatives, ForeScout achieves this without requiring software agents or previous device knowledge. The company’s solutions integrate with leading network, security, mobility and IT management products to overcome security silos, automate workflows and enable significant cost savings.
Learn more about Cisco ISE (Identity Services Engine)
Learn more about ForeScout CounterACT
|Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University||NHS Sussex, SAP, SEGA, Vistaprint, Miami Children's Hospital, Pioneer Investments, New York Law School, OmnicomGroup, Meritrust|
Comms Service Provider31%
Financial Services Firm6%
Health, Wellness And Fitness Company6%
Software R&D Company25%
Comms Service Provider20%
Financial Services Firm21%
Software R&D Company21%
Financial Services Firm12%
Comms Service Provider10%