Cisco Identity Services Engine (ISE) Reviews

My primary use case of this solution is for access control for authentication and for the authorization of wireless users.

For device administration, all devices have multifactor authentication in collaboration with IT, so it secures access to all of our devices. For guest and wireless access, it's a matter of a lowly manager who we give access to the portal and he can assign access to the guests, so it's a very simple process now. It keeps IT focusing on their work, and gives the business people the right access. 

Also, with BYOD mobile users can work easier and in a more secure way. For the places in public access we're securing our network socket, so now not everybody can plug in and log into our network due to this feature. It's making it more secure for headquarters.

• BYOD service
• The guest and secure wireless access
• Compliance and posture
• Wireless administration

The compliance and posture don't always work. They should make it more stable. With each upgrade, we lose some functionality. We have to wait for another upgrade.

I would like to see them develop some type of device management, like an iPad feature, just to be able to give security access to certain devices for management. Mainly for the suppliers and the third parties.

Another feature I would like to see would be for them to create the ability to integrate with other products from the start. We always search for products that integrate with us and so it would ease the management and then everybody would be entered. 

It's 99% stable. 

It's scalable. We have more than 500 users. We are planning to use more features and to integrate it with other branches that we have. It's a way to have a global solution across all branches.

Technical support is okay. Sometimes it takes a long time for them to respond. We'll usually end up solving our own issues. The response time should be shorter. 

The initial setup was complex. It took time to have a stable environment but once it stabilized, it was great. Although, we had six to seven months of an unstable system. 

We deployed through a reseller, they were good. We require two staff members for maintenance.

Our ROI is good enough. It's simplifying things for IT and for the business, so it's good for both sides. It solves a lot of issues that without the product would be costly to our organization so we see ROI in that sense. 

Licensing is very complicated and it changes a lot. I know recently it changed since we acquired the solution. It had a different licensing scheme that has changed. 

The cost is high compared to other solutions. Even so, it is better than what's on the market. The licensing model is complicated and the cost is a little bit high.

It's a great product but you should be careful to plan before deploying. Do thorough planning as not to do the same error that we did. We didn't do enough planning before deploying so it took us a long time to have a thorough plan. 

I would rate this solution a nine out of ten. 

My primary use case of this solution is to protect the website from web attacks. 

I use the F5 device on the DMZ zone of the firewall. A record will come to the virtual server on the F5. Then the F5 will upload the encrypted message to the server and decrypt this message. The firewall can see the traffic as unencrypted and we can mitigate the enemy and any attack from F5 and from the firewall.

The most valuable feature would be the protection. 

I would like for them to improve the reporting. 

This solution is stable.

It is scalable. 

I would rate their technical support as an eight. They provide a quick solution and I trust working with them. 

The initial setup was straightforward. 

The price is not very expensive. 

This solution can be used to protect one's application. The server has many features to secure and diagnose.

We are an ISP and we are working on providing ISP solutions for companies. For that reason, we are trying to deploy ISE or other technologies.

The benefit comes from the fact that all of our clients have Cisco products and we are looking for a tool that can integrate all the devices for a secure facility, monitoring, etc.

• MAC - Member Access Control
• Integrating all Cisco wireless, networking, switches, routers, firewalls for our customers.

In a future release, I would like to see network access control. That is something that customers seem to be looking for.

• Wireless Control Solutions
• Physical Port Access Control
• Changing switch configuration records and account controls.

• Currently planning to establish a wireless network environment.
• Expected benefits. 
• Improves switch account management.
• Physical Port Access Control.

• ISE Dynamic VLAN assignment
• ISE Radius and Tacacs+
• External identity sources LDAP, domain, or token.

• The Cisco wireless controller needs to add more than one physical port.
• The Guest Network verification needs to add a QR code option.

Cisco ISE now competes with any other product in the space because of its centralized and unified highly secure access control with ISE. ISE grew out of ACS and in the process has grown up.

The learning curve is steep and the initial setup is complex.

We've had no issues with stability.

We've had no issues with scalability.

Customer Service:

Customer service is good.

Technical Support:

Technical support is very good.

Yes. I am a consultant, so I have used many competing products over the years.

The initial setup is complex, but not if you fully vet the solution and leverage the functionality.

I am the services firm that does this work and the SME for my organization.

It is hard to quantify ROI. It is more easily measured in increased mobility and security.

There are three levels of pricing: basic, plus, and apex. Basic satisfied our needs.

Yes, we used ClearPass.

Not all features are available with base license, plus license allows for profiling and provisioning

It can handle Radius and TACACS+.

Authorisation and Authentication Policy creation is easier. Access right limitation is pretty easy in ISE. Context exchange feature is present.

It is quite complex when it comes to troubleshooting.

2 years

Upgrade was quite a pain. It doesn't exactly go according to the document.

On TACACS side, we see some issues. The rest is all going well.

It's good.

Tech support is still lacking on TACACS troubleshooting on ISE.

We were using ACS and IAS servers for radius and TACACS. ISE is one stop shop for everything with more to offer.

Initially done with a Cisco consultant and started with Radius services. Expertise was excellent.

Smartnet is not so cheap depending on the deployment.

We have deployed this solution and we keep on exploring more and more. It can do wonders for authentication and limiting access with the network.

Profile Sets help organize how AAA is handled by grouping, like traffic into separate subroutines.

We implement this for customers is various verticals. Most of the time oit is in Education. It really helps secure, classify and manage users including guest and BYOD users.

The product has improved with its evolution. The initial setup, though, is extremely complex.

10 years. I have used this since it was Cisco ACS

As the product matures I encounter less and less problems.

The produt scales well.

Excellent. TACis quite knowledgable.

I have used Microsoft IAS/NPS, Funk, and Aruba ClearPass. ClearPass is the only product in the same league as Cisco ISE.

ISE is extremely complex. With the functionality and flexibility it offers that is to be expected.

I am the vendors's partner.

Licensing and pricing is a complicated calculation, so it is best to really understand your customers' needs. Also team up with the right resources at Cisco for help.

Cisco Identity Services Engine (ISE) version 1.3 has improved it's GUI margin and much easier to navigate than the previous versions. 

This technology pride itself with Trust Sec and 802.1x  feature. Trust Sec can be an advantage when an environment is nothing but a Cisco workshop.

This technology is based upon utilizing other Cisco products such as IDS, IPS, ASA and Catalyst switches. It provides the RADIUS feature for Active Directory so that 802.1x (EAP over LAN) is properly utilized for User Authentication.  

It also does MAC Address Bypass (MAB) for MAC Address verification and authentication.  

Cisco will integrate the TACACS+ feature into ISE version 2.0 and enterprises no longer need Cisco ACS for this reason.  

Many organizations and large enterprises are faced with the daunting task of keeping their security issues at bay. They also need to be in compliant with the Cyber Security's strict guidelines and orders.  

While there are many cyber attacks from the outside of the edge routers, cyber attacks can also be implemented within the organization whether it is either intentional or unintentional.  Cisco ISE can mitigate many attacks such as MAC spoofing, VLAN hopping, DHCP Starvation and ARP Snooping.

By implementing ISE, it can lighten the overhead of the Cisco Catalyst Switches by not implementing port security, Dynamic Arp Inspection, DHCP Snooping. This will also improve the switch's performance since the ISE server takes over the duty of posturing with its Policy Service Node persona.  

Cisco ISE has improved performances on Access Switches and closely monitored the daily suspicious or rogue activities within the organization.  

We've had no issues with deployment.

We've had no issues with stability.

We've been able to scale it for our needs.