Cisco Identity Services Engine (ISE) Reviews

The solution is used for controlled access in the network, like if you want to restrict access.

The solution is deployed on-prem. I am an integrator of this solution.

The best features are the scalability and the license structure. The license structure is like a tier. If a customer doesn't actually want the highest features, then they can just start with the basic license package and upgrade it if their network is growing. For the smaller customers, they can start with the smaller plans and so on. If you have a financial customer or banking customer, they can go for the full features, and if it's not that critical, the customer can get the basic license package and implement that.

The licensing documentation needs to be better. We found some old documents describing the license names, like the Base license and Apex license. Cisco used both names. We have found that they changed the Advantage license and Premier License. If someone misunderstands that, they might end up with a hassle. I don't know if it's possible or not for Cisco to remove the older documents from the official website.

We have been working with this solution for more than two years.

We were using two solutions on Cisco's network, so we had a few ISE plans in that network.

The solution is stable. We have maybe 4,000 users for the Next solution.

We haven't used technical support very much, but in general, Cisco's support is always responsive.

Initial setup was straightforward from our point of view because we have engineers who did that, so of course it was not an issue with us.

The accesses took maybe three or four months to complete, but the Next part took about three weeks.

For deployment and maintenance, the team was average sized. You need to follow the correct documents for deployment. There can be misunderstandings if you use old documentation.

The licensing is subscription-based and based on the user account.

I would rate this solution 8 out of 10. 

I would recommend this solution.

If someone is looking for a concrete solution to control the access, then ISE is a better solution.

The ISE product is used to make sure that folks can get access to the application servers that they need to get access to, let's say for accounting and another group like sales and marketing, they would have no business accessing each other's servers, those apps. So you would set up a policy that allows accounting to do what they have to do whether they're remote or on campus and then the sales and marketing folks could never access that. They are totally blocked. It's a virtual firewall, basically.

The way the ISE works is you can get into defining. Let's say, in my case, I've got a Windows laptop and I've got an Apple product and those have unique identifiers, unique back addresses. It would say that this in my profile so I could get to those apps with either device, 24/seven. That's how granular the ISE or these NAC Solutions can get. That you have to have that same device.

They can get into the antivirus. They will check the antivirus to see if it's the most current version and if it's not, if that's your policy, it will let you go through and access the app if the antivirus has been updated. But if the policy was that it has to be the most current version, then it can block you until you upgrade the antivirus.

As far as what could be improved, to continually be thinking about ransomware, cyber attacks, and all those kinds of things. They always have to be innovating. Always have to be improving. I can't give you anything specific because these cyber guys are always coming up with new ways to get in. You just really have to be aware of what's going on.

In the next release, I would want to see this kind of solution in the cloud as opposed to on prem because when enhancements are made to the software, if it's in the cloud, it's overnight. I mean you're not going to have to respin the servers that the license sits on, it's all microservices kinds of things in the cloud. That would be my recommendation. If I'm a customer, that's what I'm looking at - for cloud based software subscriptions.

In terms of stability, they are rock solid. If you set the policy and you implement it, it's not going to break.

They scale. You just have to buy licenses. Whether you're talking about 5,000 users or more, it's just a licensing model.

What I saw most customers trying to do was to outsource it to the partner. A value added reseller would have to do that. They typically haven't been trained. They have to go to school, get certifications and that kind of stuff. That's always a requirement, but most people weren't going to tackle that themselves. They're going to farm it out to somebody who has done it before, who has the expertise to do it.

I do anticipate increased usage. Pick a vendor, like Cisco and Aruba, because for all the threats that are out there, they are always going to have some kind of a NAC strategy. You have to. You really have to. The days of the firewall or perimeter security are over. There are just too many possible ways people can come into your network - disgruntled employees, someone that got paid off, you never know. This is always going to be here.

They're very good. All of them are very good.

It has been pretty much Cisco from the beginning. With another VAR recently, we were pitching the Aruba ClearPass. And actually the ClearPass will run on top of a Cisco infrastructure, which is kind of cool. That's unique, but the ISE doesn't go that way. You won't run ISE on top of an Aruba infrastructure, but Aruba built that solution from day one to be compatible with Cisco switches and routers and wireless stuff. I thought that was pretty compelling.

Cisco has their ISE, their Identity Services Engine. The other one that I would tell a customer to look at would be the Aruba ClearPass. I don't know enough about the Juniper Solution to make any comment about that. But those are the two that I think about the most for identity solutions.

The first part is to figure out what you want, what the customer wants to protect, who needs to be protected, and to gather all the data you can on users, contact information, the devices they use, the Mac addresses of the devices, what time of day, what apps... I mean you really have to dig into all that. It's not easy. It's hard. The bigger the customer, the more complex it is going to be. But if you don't do that, the deployment is not going to go well. Really consulting on the front end has to occur.

On the consulting part, it depends on how big the customer is, how many you're talking about - 5,000 users or 50 users. That drives the answer. I would say if you don't take 30 days to scope it correctly and document, if you do something less than that, the execution deployment is going to go sideways and that can be months. Those things are months. Those could be six months or so. You've got to pick a pilot case. You build a template, you do a small group, and then you see how the reactions are, see if the users accept that policy, make sure it's right. I would do it group by group. Accounting first, or IT first. And then you do the sales and marketing and HR and all those kinds of things.

In terms of ROI, the only thing that comes to mind is if you look at whatever the current market data says for a breach cost if you have ransomware attack or something, if you choose to rebuild your network, as opposed to paying the ransom, what does that cost? Is that $100,000 a day? Is that a million dollars a day? So whatever that cost is, go look at the cost of the NAC licensing, ISE or ClearPass. And that answers the question for you. If you can block the threats on the front end, you can avoid the whole ransomware conversation.

I have not looked at the pricing in a while. I don't really know. These companies are putting together enterprise license agreements, like a site license, and they'll do multiyear and they'll make them pretty aggressive. If you are buying three security packages from them, for example, they'll give you a significant discount. If you're at two, when you look at the cost to go to a third one, they'll just do it because it discounts the whole package altogether.

As for extra fees and costs, it is just a subscription model, pretty predictable.

I can tell you, even as a Cisco person, ISE was considered very complex and difficult to deploy. That was coming from both the customers and the partners that had to deploy it. It can be very complex and you really have to know what you're doing. The thing that we always stress with customers is to go through and build a policy first. Decide what you want to block, and who is going to have access to what, and do some due diligence on the front end because once the policy is created, then you can deploy what we have all agreed to. As opposed to just trying to wing it and figure as you go - that is not a good play. That was always the comment from the Cisco customers.

My advice to prospective users it to find a consultant or a VAR that has done it before. I think that is key. And then talk to a customer that they did it for.

On a scale of one to ten, I would rate Cisco ISE a seven. That is because it is so complex. I mean, it's not a trivial task.

My main uses are device administration, wireless access authentication, and ethernet access.

The most valuable feature is network access control for the users coming into the network, which allows us to know who is in the network at any given time.

The intuitiveness of the user interface could be improved. They could also make the deployment process more user-friendly.

I have two years of experience with this solution.

ISE is very stable - since it was installed, I've had no issues with it.

I've had no issues with scalability. I started using it on two campuses, and now I'm using it across the country and scaling it across subsidiaries in other countries.

I've worked closely with Cisco for many years and have no complaints about their support. Sometimes it takes less than a couple of minutes to get through to their support team.

I previously used Portnox, but it only gave us network access control, so we switched to ISE, which has more features like device administration.

Deployment is usually tough the first time, though once you get it working, it works well.

We used in-house engineers and an integrator.

We have a three-year license. Standard licensing gives backup access and very few features, and then there's VM licensing - each VM we use needs to be licensed. VM licensing comes in different sizes: small, medium, and extra-large. There are also licenses for features, posturing licenses, and profiling licenses.

Before deploying, it's a good idea to read up on the product first and then get some training so that when deployed, someone in the organization understands the solution. I would rate this solution as nine out of ten.

I'm using Cisco ISE for integration. We are currently using it for 82.X, but we are planning on using it for a different use case in the next couple of quarters.

The core point is that Cisco ISE is the same globally compared to FortiAuthenticator. Whether I deploy in China, the US, South Africa, or wherever, I'm can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability. 

Cisco ISE could be simplified somewhat. I would also prefer certificate-based authentication over confirmation-based authentication for all the processes. It's possible for us to do a workaround, but the process needs to be simplified. 

I've been using Cisco ISE for more than a year.

Cisco ISE is stable.

I haven't really tried to scale ISE, but I don't think we'd face any challenges with hard gentle scaling.

We have a good relationship with Cisco support. However, when they do a new release, they take their time. I don't have much of an issue with Cisco support itself, but working with their customer success team and those types of things can be a challenge. It's not just the response time. It's the total resolution time. They'll respond quickly, but when they get the particular fix, it's a challenge. 

In the previous versions, the setup was okay. But as they add more capabilities, it gets more complicated to deploy and maintain the solution. We expect these complexities as part of the roadmap and evolution. We have to set the policy definitions manually because there is no discovery process to define what needs to be authenticated. When a new device is added, we might have to configure something so that it's integrated or set up some data flows of the service we need to do it. These are some of the maintenance activities that we must do to keep it live. We have a good IT team that numbers around 25 people and serves a decent number of customers.

Customers respond to a low price. From the point of view of integration, Cisco ISE hikes up the cost of security, but otherwise, I think it should be okay.

I rate Cisco ISE nine out of 10.

We are resellers. We provide and deploy solutions for our customers.

Cisco ISE (Identity Services Engine) helps the operation to automate.

It works very well with the network, router, and switches. It is able to enforce the policy and assigns the traffic a Security Group tag.

A Google user is able to enforce access throughout the router and switches ensuring the traffic going through has the same policy.

When you push out the policy, it is able to populate the entire network at one time.

It's quite good, the market is using this solution.

This solution has enhanced features that make it difficult to use. To make it easier, it should be made without PxGrid.

It should be able to work with third-party routers and switches. We want to work in an environment where there are multi-vendors that require PxGrid.

Their software-defined access is not easy to implement. You have to have a good understanding of how to implement it. It would be helpful if they could make it easier for the customer to adopt.

Third-party integration is important, as well as the continuous adaptation feature, which is the AIOps. It would be helpful to include the AIOps.

They are currently on version 3.1.

If the customer has more than 200,000 users, the performance becomes a bit laggy.

In terms of scalability, it's available on the cloud, but I have not yet tested the features on the cloud.

It is used mainly by our customers, who use it for their entire infrastructure. They have anywhere from 50,000 to 100,000 users.

Technical support could be better. They outsource the support.

We are brought all around the world, it is similar to following the sun.

Currently, I am using SD-WAN (Software-Defined WAN) from Silver Peak.

To complete the installation, you need to be technically knowledgeable. The setup could be easier.

For the content, and the technologies it is made to be a bit more complex. 

The technology is good, but to use some of the other features, and capabilities, they request that we purchase the Cisco DNA Center. As a result, the bundled price is a little high.

Once you purchase the DNA, you will need the SNA then the license, overall it's very expensive.

If, however, you implement Cisco ISE without the DNA and the SDA, the price is reasonable.

To avoid running into any complications when getting this solution up and running, you should get technically trained and comfortable with it before applying it.

I would rate Cisco ISE (Identity Services Engine) a seven out of ten.

I am not certain if I am using the latest version. It is the one which is made for TV. 

We use the solution to access control. Prior to any device being authenticated on the network, a person must login to the solution's site for authentication purposes. 

While the solution has a host of features, we only use the one involving access control. 

We are looking into further uses for it. My aim is to deploy it across all three of our sites and not just one. 

There is much room for improvement, especially after having perused the documentation on the solution's website. 

The solution lacks properly knowledgeable support, especially internationally, and this is why I am exploring other applications. 

I would need time to expand my knowledge of the solution and consult with the Cisco engineers before I could point to other pain points. 

I have been using Cisco ISE (Identity Services Engine) since 2015. 

So far, we have had no issues with the stability. 

There should be more knowledgeable support, particularly in the international sphere. 

I have no doubt that we will get there. They contacted me yesterday, which makes it likely that by weeks-end we should be able to build a structure and do many things with the solution. This would allow me to know where I am standing, explore further and even examine the possibility of implementing some of Cisco's other features. 

We did not use other solutions prior to the current one and will likely not explore others in the future. The current one should be fine. 

The installation was straightforward, although it will likely involve a more complex implementation in the future.

As the previous installation was not complex, it did not take long. 

I believe I have paid around $1,000 in licensing fees. The license is annual. 

We did not really explore other options prior to using the solution. We considered Fortigate, but found it to not be very straightforward, which is why we decided to go with the current solution. 

While we have focused on the access control aspects of the solution, the documentation demonstrates that it has many more features, so I would like to explore it further. 

We are customers of Cisco. 

At the moment, we have around 250 users making use of the solution. 

I rate Cisco ISE (Identity Services Engine) as a five out of ten. This is because I wish to explore further any additional features that can add value to our organization, especially on the IT security side. 

We use this solution for network security.

The most valuable features are the ability to retrieve information about Active Directory user names, viewing the log files to see which MAC address tried to connect with the created SSIDs, portal designing for your company, hotspot tools, and creating network rules for WiFi access.

The interface could be more user-friendly and the ability to apply rules to MAC addresses, for example, if I wanted to allow a certain MAC address access at a particular time I cannot make this adjustment.

In an upcoming release, they could improve by providing rule-based bandwidth consumption, bring your own device (BYOD) need to be more mature, and the reports could be more user-friendly.

I have been using this solution for approximately four years.

The solution is stable.

The controller has to manage a certain number of access points and we did not see any problems with the scalability. It is able to handle more access points than we need it for.

We do not have experience with The technical support from Cisco directly because the technical support we receive is from our partners which they have been excellent.

We have used 3Com wireless controllers previously.

We used Cisco partners to do the implementation of the solution.

Recently, I have evaluated Aruba solutions and I found them to be better than Cisco. There is room for improvement, Cisco can do better.

When deciding to implement this solution it is a good idea to assess and define the requirements to determine whether there is a need for this solution. It is important to know what you can use from it. You can have a WiFi environment without the need for a Cisco ISE. This solution has advanced security that might not be needed for your use case. Be sure about your needs.

I rate Cisco ISE (Identity Services Engine) a seven out of ten.

My clients are small to enterprise-size companies using this networking solution. One of my clients is a leading pharmaceutical manufacturing company, providing genetic medicine. The network they have has approximately 5,000 device inventory. Additionally, I have a couple of clients in the banking industry in the USA that has quite a large networking infrastructure using this solution.

The most valuable features are the NAC and the bundles that are available with Cisco ISE, such as Cisco ACS being integrated.

The solution infrastructure configuration is complicated to set up. They have improved over the years but there is still a lot of room to improve. When comparing the simplicity to other vendors, such as Fortinet and Aruba they are behind.

I have been using this solution for approximately three years.

The solution is stable.

Cisco's support system is very good and they are well known for it.

I am also using FortiNAC and it is similar to Cisco ISE. However, Cisco is spread across the globe with bigger clients, large enterprises. FortiNAC is not as mature, but they are still working their way up in the market

The price of the solution is price fair for the features you receive.

I have evaluated other solutions from Aruba and Fortinet.

I rate Cisco ISE (Identity Services Engine) a seven out of ten.