Cisco Identity Services Engine (ISE) Reviews

I'm an engineering student, studying smart information and communication technology.

The product has many useful features. It enhances compliance and security posture. It provides client provisions and profiling as well as guest access, features not available in other solutions. The product can be customized. 

Although the solution is easy to implement it's not so easy to understand. You need to be able to figure out the protocols, the nodes, and the personals of the nodes in order to implement correctly and make good use of it. Because it's a Cisco product, if you're not in a Cisco environment, it's difficult to integrate with anything else, so the big concern is its interoperability with other technologies and other vendors. 

I've been using this solution for two months. 

The solution is stable. 

ISE is extensible. It can be deployed for small and large organizations, and can even be distributed and centralized. 

We haven't used the customer support but if I do need some assistance my supervisor and the manager I'm working with can help. 

I've looked at other network access control solutions and ISE is among the leading technologies. I recommend it but suggest taking a close look at the technology before implementing it. Try to really understand it, because if you miss anything and don't configure correctly, it's going to be awful and you'll lose the benefits that the solution provides. Even if you only need one or two of the features that the solution provides, I would recommend using it. 

I rate this solution nine out of 10. 

We use it for Community WiFi and TACACS authentication. It is service provider authentication, both for the core infrastructure and Community WiFi.

We were looking to solve captive portal and centralized authentication with Cisco ISE.

It has allowed us to pull in multiple authentication databases, then centralize them into a captive portal system.

It is important for our organization that the solution considers all resources to be external. It treats them with minimum trust.

Integration is a big factor. That has really been the driving force behind it.

Documentation is probably the worst part of the software.

I have been using it for about five years.

It is very stable. I would rate the stability as 10 out of 10.

We don't use its scalability. I would rate it as five out of 10.

The technical support is good. I would rate them as six out of 10.

Neutral

We previously used an open-source solution. We switched for vendor support and scalability.

We don't monetize this solution.

It is fair.

We did not evaluate other options.

It is worth checking out the integration that it provides. It is a strong platform.

Cybersecurity resilience has not been that important for our organization.

I would rate ISE as eight out of 10. It does exactly what it is supposed to do without much issue.

We use it for SDA infrastructure. We have a challenge in recognizing different kinds of devices and that's what we are using ISE for in the SDA fabric.

We can better recognize our endpoints and we know whether they are allowed to access our network. That's really important for us.

It has also eliminated some rogue devices from accessing our network.

The integration with Active Directory is the most valuable feature for us.

The admin interface is really slow. It's horrible.

I have been using Cisco ISE (Identity Services Engine) for five years.

It's really stable.

It's scalable, but we need to upgrade some of our hardware to support more users.

Our SDA fabric has about 1,500 users that we are authenticating. We have plans to use it throughout the City of Helsinki, which has about 38,000 personnel whom we will need to authenticate in the future.

I haven't used the tech support.

We also currently have Microsoft RADIUS, but we are planning to move away from it and use ISE as our only authentication solution.

Other than the slow admin interface, it's an excellent product.

I use it for licensing and profiling. It's like a "traffic cop." It's an endpoint user migration tool. It's also a TACACS server. It depends on what I'm using it for at the moment.

For the applications it's authentication and then authorization into the network. It's the networks you're on and what AD gives you. Your profile is based in AD or an LDAP server. ISE talks to those two servers and says, "What groups do you belong to, and should you have access to those roles?" With ISE, if AD says you can have it, then go for it.

I use it in big campus environments, anywhere that needs authentication and authorization to work with AD. It's a great tool for that, if you want to profile your network and you want to secure your network inside. We're not talking about firewalls but about what the tool can do for you, what it's designed for.

It has improved internal security, in-to-out, out-to-in. Without ISE, you can't posture or profile your network. Authorizations, authentications. ISE is not the only product that can do it, but it's a great tool.

Among the most valuable features is TACACS. Also, the rules and logging, but TAC is just as easy. Cisco TAC is great.

The area where things could be improved is education. It's complicated to deploy initially because you have to know what you're getting into. That's true with any customer. I don't know them so I have to learn about them. I have to figure it out, but there are very limited windows to do that. If a customer's going to hire you, you are the professional. You should know this already. You should come in with a base knowledge of what you need to do and, after that, grow with the customer. More education is how it can be improved.

I have been using Cisco ISE (Identity Services Engine) since 2016. I usually come into an environment after everything is there already. Customers bring me in to fix things that are broken.

The stability of the solution depends on how you scale it. If you have set it up properly, it will be great. If you put all your eggs in one basket, in one part of the network, and that goes down, then you have lost everything.

It's scalable. It can grow with your network. You can create new nodes or move everything from local to the cloud. It's easy to spin up a VM, so you can put it on a VM real quick and be done within a couple of days. But you have to know what you're doing. You can't just do it with the assumption that you can copy and just redeploy it. ISE doesn't work like that. It has to be done properly.

Cisco's TAC is excellent. Cisco always has great support.

Positive

I previously used the older versions of the hardware that were the original predecessors to ISE.

The deployment model for ISE depends on the customer: where their data centers are, what they can afford, and what type of maintenance agreements they have with Cisco's support. Are they on a VM or a physical device? Deployment depends on what we are trying to do and the environment.

In terms of establishing trust for every access request, trust is only as good as the rules and definitions you build. Without that, you need not only to trust the device, you need the trust of the customer too. That's important.

Trust is only eliminated when a customer wants the rules loosened. When the customer says, "This is too difficult, you're making it too hard," that is when exposure happens, things start collapsing, and there are breaches. You can't give the customer everything they want, because they don't know the consequences. You have to educate them. They need to know that the inconvenience of hitting "enter" to log in, and having it take three seconds or five seconds is because you'd rather have the machine and the network think before they let you on the network. A lot of times a customer will say, "If I'm hitting enter and it's not bringing me to where I need to be, then this is not a good solution." You have to educate them.

The solution is like an iPad that someone set up for you. If they didn't do a good job setting it up, you're going to rate the tool as bad. A lot of times, I come in and it's already done and I have to fix the problems. There are times that I do create it from scratch and it works really well. 

I primarily use ISE for segregating identities, IP addresses, and ports.

ISE's most valuable feature is integration between IT and OTs.

There are still some bugs in ISE that need to be worked out.

I've been working with Cisco ISE for three years.

ISE is stable.

ISE is scalable.

Cisco's tech support could be improved.

The initial setup was straightforward.

Regardless of your industry, I would recommend Cisco ISE if you want good identity management. I would rate this solution seven out of ten.

We use Cisco ISE to develop products for other people. We don't really use it in our system. We just buy it and implement it when our customers require ISE.

I like that Cisco ISE is easy to use.

Migration could be better. Right now, we back up with the new version, and it requires a lot of licensing and other things. Whenever we choose a product, it's very difficult because we have to meet the requirements of each feature. There is no standard feature, so the best system that we bought may not fit the solution. 

We have to look at every feature that the customer uses. If you compare it with other products like Aruba, it's not the same. With Cisco, I have to read all about the features on this version and the licensing required for the product. In Aruba, that thing is covered when you get one license because it covers almost everything. It could also be more scalable.

We have been using Cisco ISE for 20 to 30 years.

It could be more scalable. It's easy to scale initially, but it will become very difficult at a certain point. In the beginning, it's in the previous environment, and it's pretty easy. But after we integrate it, we need to do a couple more to scale the product, which is more difficult.

We have less than 300 people using it worldwide. We deal with an airline company, so people who come to use it aren't many, but it's available to everyone from everywhere around the world.

We deal with a local Cisco partner for technical support. I haven't dealt with Cisco directly in Bangkok. 

I think Cisco takes around six months to complete the migration from the old one to the new one. This is because we have compliance and a lot of other things here.

Our in-house team implements this solution. It takes about three people to maintain this solution.

It costs around 50,000 baht in the first year, but I'm unsure about the second year.

On a scale from one to ten, I would give Cisco ISE a seven.

We use Cisco ISE for authentication for VPN and network management.

The WiFi portal in Cisco ISE is very useful for WiFi customers.

In an upcoming release, it would be nice to have NAC already standard in the solution.

I have used Cisco ISE within the past 12 months.

Cisco ISE has been stable.

I have found Cisco ISE to be scalable.

We have two of the Cisco ISE devices installed.

The technical support has been good.

The solution does not require a maintenance or support team.

There is a license to use this solution and the price is reasonable.

When someone is implementing this solution the difficulty depends on where they started. We started with zero and there was a very large learning curve. However, once they understand how it works, it's straightforward. There is a sharp learning curve to start working with it.

I rate Cisco ISE an eight out of ten.

My primary use case is network address translation and layer 4 filtering.

Without this product, we wouldn't be able to use our public ID the way we need to.

The most valuable feature is the ASDM - the user interface makes it very easy to configure the firewall.

I would like the product to include support for OSVS version three.

I've been using this solution for about five years.

This is a stable product.

The scalability is good - currently, we don't have an internet bandwidth greater than 10GB, so it's efficient for us.

The initial setup was straightforward, and deployment was done in one night.

I implemented using an in-house team.

This product has helped us protect our infrastructure.

I considered some open source solutions, but those are usually difficult to set up.

I would recommend this solution as it is very easy to set up and has a very easy user interface. I would rate this solution as eight out of ten.