Cisco Identity Services Engine (ISE) Reviews

We use it for the TACACS authentication, for administrator login to network devices, and the RADIUS service for VPN and wireless authentication.

Initially, we were looking for a single sign-on for administrators to log in to every network device, but we also wanted a good way to control remote user access for logging in. Later we started using it for VPN and wireless.

It gives us a better way to authenticate users. It helps us identify a user with their device to establish trust. When a remote user is trying to access network resources, we need to find out who they are and where they want to go and make an appropriate decision about where they can and cannot go.

Resilience in cyber security is very important. Without security, nothing else can happen.

The TACACS and RADIUS have been the most valuable features so far.

Cisco ISE has almost all the features we are looking for now, but sometimes the configuration, such as the conditions, is a little difficult to understand and not so easy to navigate.

I have been using Cisco ISE (Identity Services Engine) for a few years.

It is stable.

They have resolved my issues, but sometimes they have been slow.

Positive

We used to use Cisco ACS and that evolved to Cisco ISE.

The initial deployment was not a process that was easy to understand. But after I completed it, looking back, I see it was reasonable. It's just hard to understand upfront. There is a steep learning curve.

I did the migration too late, so I couldn't do a direct migration and that meant I had to kind of rebuild it.

Security is something we need, but I don't think that there is a return on investment. It causes more delays to the regular workflow.

The Essentials licensing is reasonable, but I would like the Premier version to be perpetual instead of a subscription.

An idea we are looking into is associating it with the MAC address table, so that approved devices can log in to the more restricted network.

My advice is to attend training before going for it. Otherwise, it will not be easy to understand. Each product, from ACS to ISE, does similar things, but they do them in different ways.

I rate Cisco ISE a nine out of 10. If it could become a little bit easier to understand that would help.

We use it for network device administration and for user access.

It has really helped us when it comes to security. It has eliminated trust from our network architecture because, with the solution in place, you tell us who you are and, based on who you are, we give you access. The solution provides us with a platform to define our policies. Users get into our system based on those policies. That eliminates threats. If you are not who you say you are, it will block you completely from our network.

It integrates with the rest of our platform, like our firewall, and helps us a lot. It also does a good job establishing trust for every access request.

With the recent release of the solution, we had a bunch of bugs and we had to delay our deployment. Other than that, the solution is good.

I have been using Cisco ISE (Identity Services Engine) for 10 years.

Cisco ISE has come a long way when it comes to stability. It's getting better.

It's very scalable. We have it deployed in two data centers, and we're managing about 10,000 endpoints.

TAC is very responsive whenever we call them.

Positive

Currently we have two solutions that do the same kinds of things. For our wireless infrastructure, we use Aruba, but for our wired access, we use ISE.

The ROI we have seen is because Cisco gives us what they promised us. They deliver. Our requirements are being met and that results in getting value for what we pay.

Since we have a complete Cisco portfolio, including an Enterprise Agreement, it's not simple for me to compare what we're paying with the prices of other platforms.

We evaluated other companies and what they each do differently and looked at what was the better fit for our requirements.

Cisco TAC is really good. Whenever we have issues, we know they are there and that they will help us out with troubleshooting. The support of the other companies we looked at is not that great.

When I compare it with Aruba ClearPass and other solutions out there, I prefer Cisco. Cisco is number-one for user access, managing devices, and for network devices.

We don't leverage Cisco ISE for application access. We have another solution for that.

Get some hands-on familiarity with it first. Do a PoC and get people who really know the solution to help you out during phase one before you deploy it.

I use it for licensing and profiling. It's like a "traffic cop." It's an endpoint user migration tool. It's also a TACACS server. It depends on what I'm using it for at the moment.

For the applications it's authentication and then authorization into the network. It's the networks you're on and what AD gives you. Your profile is based in AD or an LDAP server. ISE talks to those two servers and says, "What groups do you belong to, and should you have access to those roles?" With ISE, if AD says you can have it, then go for it.

I use it in big campus environments, anywhere that needs authentication and authorization to work with AD. It's a great tool for that, if you want to profile your network and you want to secure your network inside. We're not talking about firewalls but about what the tool can do for you, what it's designed for.

It has improved internal security, in-to-out, out-to-in. Without ISE, you can't posture or profile your network. Authorizations, authentications. ISE is not the only product that can do it, but it's a great tool.

Among the most valuable features is TACACS. Also, the rules and logging, but TAC is just as easy. Cisco TAC is great.

The area where things could be improved is education. It's complicated to deploy initially because you have to know what you're getting into. That's true with any customer. I don't know them so I have to learn about them. I have to figure it out, but there are very limited windows to do that. If a customer's going to hire you, you are the professional. You should know this already. You should come in with a base knowledge of what you need to do and, after that, grow with the customer. More education is how it can be improved.

I have been using Cisco ISE (Identity Services Engine) since 2016. I usually come into an environment after everything is there already. Customers bring me in to fix things that are broken.

The stability of the solution depends on how you scale it. If you have set it up properly, it will be great. If you put all your eggs in one basket, in one part of the network, and that goes down, then you have lost everything.

It's scalable. It can grow with your network. You can create new nodes or move everything from local to the cloud. It's easy to spin up a VM, so you can put it on a VM real quick and be done within a couple of days. But you have to know what you're doing. You can't just do it with the assumption that you can copy and just redeploy it. ISE doesn't work like that. It has to be done properly.

Cisco's TAC is excellent. Cisco always has great support.

Positive

I previously used the older versions of the hardware that were the original predecessors to ISE.

The deployment model for ISE depends on the customer: where their data centers are, what they can afford, and what type of maintenance agreements they have with Cisco's support. Are they on a VM or a physical device? Deployment depends on what we are trying to do and the environment.

In terms of establishing trust for every access request, trust is only as good as the rules and definitions you build. Without that, you need not only to trust the device, you need the trust of the customer too. That's important.

Trust is only eliminated when a customer wants the rules loosened. When the customer says, "This is too difficult, you're making it too hard," that is when exposure happens, things start collapsing, and there are breaches. You can't give the customer everything they want, because they don't know the consequences. You have to educate them. They need to know that the inconvenience of hitting "enter" to log in, and having it take three seconds or five seconds is because you'd rather have the machine and the network think before they let you on the network. A lot of times a customer will say, "If I'm hitting enter and it's not bringing me to where I need to be, then this is not a good solution." You have to educate them.

The solution is like an iPad that someone set up for you. If they didn't do a good job setting it up, you're going to rate the tool as bad. A lot of times, I come in and it's already done and I have to fix the problems. There are times that I do create it from scratch and it works really well. 

We're using version 3.1, which is very stable. There have been a lot of improvements.

I like the automation of the collection of information.

We have only been deploying this version for three months. We haven’t had any issues, but we'll see how it goes. One of the issues that we used to have was with profiling because we're working with a service provider that uses a lot of bring your own devices. We haven't had any issues since we started using version 3.1.

I have been using this solution for over 12 years.

There are no stability issues with version 3.1.

It's stable. We deployed with a client in petroleum with about 200 users worldwide, and it was stable.

Setup wasn't easy, especially if you haven’t worked with it intensively. VM is a little bit easier. If you don't deploy ISE with correct policies, it will be difficult.

If you deploy it with the correct policies, it's a wonderful product. You don't need to attach anything like your firewalls or creating rules.

ISE has always been expensive compared to other products in terms of what it does on a user level. I haven't had a client who didn't say that ISE wasn't expensive. I’ve had an issue where I was just selling four boxes, and it was four million. It was a high-end box, and the client didn't take it. They end up going with VM.

I would rate this solution 9 out of 10.

It's one of the more difficult products to deploy.

You can learn a lot about ISE from their training videos. I would suggest watching the videos before deploying the solution. They have created good videos for ISE, from version 1.3.

Our customers use Cisco ISE (Identity Services Engine) as a network access control solution. Before they can get network access, you can do posture check, e.g. in the Windows version, or another version, then it is only after this posture check that the clients can enter the network.

Compatibility with other vendors is what needs to be improved in Cisco ISE (Identity Services Engine). We should be able to use it with other vendors, for all specifications. There should be integration with different vendors, e.g. Cisco ISE (Identity Services Engine) working with AccuPoint networks.

I've worked in my current company in product pre-sales for one year, and prior, I worked for a different partner company in Turkey, so my total usage of Cisco ISE (Identity Services Engine) spans eight years.

Cisco ISE (Identity Services Engine) is a stable solution. It has good performance.

If we need support from the vendor side, we can open a case, then the vendor replies to us as soon as possible. Support for Cisco ISE (Identity Services Engine) is fast.

The installation of Cisco ISE (Identity Services Engine) was easy.

Our customers pay for the license of Cisco ISE (Identity Services Engine). They have an annual subscription, rather than a monthly subscription.

I evaluated Fortinet.

I'm a technical person, and I've worked for a company that does system integrations, including network pre-sales. My company sells Cisco ISE (Identity Services Engine) and Fortinet products in Turkey. I can also sell these products. My company is a gold partner of Cisco.

I've sold the on-premises version of Cisco ISE (Identity Services Engine).

Cisco ISE (Identity Services Engine) is the best solution for Cisco network customers. It is the best solution for Cisco network devices. As for network products from other vendors, we can use, or we could offer other network access control (NAC) solutions, e.g. Fortinet NAC, or Aruba Secure NAC, etc.

I'm part of the pre-sales team at our company. There are other people who are responsible for installing Cisco ISE (Identity Services Engine) post-sales, e.g. they install the solution for the customers. For this reason, I am unable to give information on how long it takes to install the solution.

We currently have over 30 users of Cisco ISE (Identity Services Engine).

I can recommend Cisco ISE (Identity Services Engine) to other users.

My rating for Cisco ISE (Identity Services Engine) is eight out of ten.

We are a partner with Cisco and am a part of an information security team that uses Cisco to provide security policy management via network, device and wireless access. 

Cisco offers automation, visibility, and control as well as third party integration capabilities.

I would like for the next release to be easier to implement and to limit its dependencies around ISE, Windows, the network as a whole, etc.

I have been using Cisco ISE for over six years.

This is a very stable solution with many integrations.

Cisco's scalability depends on the design - small deployments are not scalable.

Cisco support is good.

This solution is a bit more complex to set up than in comparison to other options - it can take anywhere from two to five months depending on the use case.

The price for Cisco ISE itself is very low, however, Cisco professional services are quite expensive. Subscription amount is dependent on number of users.

We looked at Forescout which is more user-friendly but they have a very vulnerable network.

This is a good solution for security teams. If you do not have a security team, I would not recommend this product. 

Overall, I would rate Cisco a seven out of ten.

My main uses are device administration, wireless access authentication, and ethernet access.

The most valuable feature is network access control for the users coming into the network, which allows us to know who is in the network at any given time.

The intuitiveness of the user interface could be improved. They could also make the deployment process more user-friendly.

I have two years of experience with this solution.

ISE is very stable - since it was installed, I've had no issues with it.

I've had no issues with scalability. I started using it on two campuses, and now I'm using it across the country and scaling it across subsidiaries in other countries.

I've worked closely with Cisco for many years and have no complaints about their support. Sometimes it takes less than a couple of minutes to get through to their support team.

I previously used Portnox, but it only gave us network access control, so we switched to ISE, which has more features like device administration.

Deployment is usually tough the first time, though once you get it working, it works well.

We used in-house engineers and an integrator.

We have a three-year license. Standard licensing gives backup access and very few features, and then there's VM licensing - each VM we use needs to be licensed. VM licensing comes in different sizes: small, medium, and extra-large. There are also licenses for features, posturing licenses, and profiling licenses.

Before deploying, it's a good idea to read up on the product first and then get some training so that when deployed, someone in the organization understands the solution. I would rate this solution as nine out of ten.

The solution is primarily used for Network management and Network Access Controls.

The general usefulness of the product is not specific to a particular feature. This is a comprehensive solution covering access to network to create a zero trust environment. It covers Network Access Control, Network Segmentation & policy control

The solution integrates well with other Cisco solutions. It works both from a single-vendor perspective and in cases where the client might have a hybrid network and multiple security solutions.

The product offers very good functionality.

From a configuration point of view, it's simple. It's not very complex. I don't see any major challenges when using the product.

The solution is reliable.

The scalability is good.

We haven't had any issues with technical support. They have been helpful. 

I have not come across any missing features. 

It would be ideal if Cisco could provide some short training videos or documentation to customers to help them understand how to use the product. 

We have not used this solution for ourselves but implemented it for various organisation's.

The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. The performance is good. 

This solution can work well for large enterprises that have a larger environment, such as a distributed environment. Mostly, from my organization's perspective, we deal with SMEs.

The solution is quite scalable. 

I've been in touch with technical support in the past. They are quite good. I am satisfied with the level of support they provide. I don't have any complaints. 

Positive

The initial setup is not very complex. All similar solutions will have a similar type of configuration as well, so it's pretty simple to figure things out. 

In terms of how long a deployment takes, it primarily depends upon the environment the customer has. Customers might have a very basic environment wherein it might get done in a couple of hours or so. If it is a very complex environment and they have multiple policies to be deployed, then it could definitely take more time.

There aren't any challenges when it comes to maintenance. It's pretty simple. 

I don't handle the licensing aspect of the product. I can't speak to the exact costs involved. 

We have not faced any major challenges in terms of getting a good price point from our customer's perspective. That said, the pricing would depend upon the perceived value of the solution rather than the actual cost of the product. If the solution is able to help the customer in mitigating its challenges many customers don't see any point in discussing the price point if POC is successful

We are a system integrator.

The version of ISE we are using depends on the customer. 

We primarily have the solution set up on premise. 

In terms of advice, from a security standpoint, it is paramount for any organisation, to be secure, no matter its size (large or small). Having secure network access control will always make it safer & help organisation in attaining a zero trust environment 

I'd rate the solution at an eight out of ten.