We just raised a $30M Series A: Read our story

How would you compare Cisco ISE (Identity Services Engine) vs Forescout Platform?



I have been  researching these two products: Cisco ISE (Identity Services Engine) vs Forescout Platform, Please advise which one would you choose and why?


ITCS user
12 Answers

author avatar
Real User

Although both are NAC solutions, Cisco ISE and Forescout are totally different products.

Cisco ISE is part of the pre-admission NAC systems family (like Aruba Clearpass) based on 802.1X.

Forescout, instead, is part of the post-admission family (like FortiNAC or the brand-oriented Extreme network NAC solution). 

In other words, Forescout (and all the post-admission NACs) does not use primary. 

802.1x but a mix of tricks and various methods ( ssh SNMP API  and traffic mirror DHCP DNS traffic, and yes also 802.1x, if needed) to admit or reject the access of an identity AFTER it has accessed the network. 

If an identity changed somehow its behavior AFTER it has been admitted, a post-admission NAC system may react by changing its state, for instance changing its VLAN or disconnecting it.

So the answer to your question  is :
you must choose the NAC solution according to your needs, your network and your budget too (Forescout is 40-50% more expensive than Cisco ISE).

Almost all NAC solution licensing is based on concurrent users. So, you must compare all NAC  solutions per user/ price/year.

author avatarAvraham Sonenthal
Top 5LeaderboardReal User

@reviewer1660839 Last I looked at ISE, and it has been awhile, ISE uses lots of different licenses, and one user might consume several of them depending on what he is doing. Each license last for 1-3 years and costs money. Did Cisco ISE change that and now only has one license per endpoint no matter what they are doing?

Find out what your peers are saying about Cisco ISE (Identity Services Engine) vs. Forescout Platform and other solutions. Updated: November 2021.
552,136 professionals have used our research since 2012.