Cisco Identity Services Engine (ISE) Reviews

I am a Cyber System Engineer, specifically working on the network team.

We use Cisco ISE mainly for authentication, accounting, authorization, and monitoring different devices that we have on many different sites within our company. 

The improvements that impacted our organization, specifically, my team who is in charge of the network of our program, are the different amounts of access and the different amount of features that it provides. Authorization, authentication, and accounting are the main three simple basics of cybersecurity. The ability to give access to specific users and what each one can do while being able to monitor them very well and even apply more secure protocols through them using TACACS is beneficial.

My team has gained a lot from Cisco ISE as it does also provide automation, which is a big asset in the eighth hour. After setting it up, it took a lot of the weight off in many ways. We have a co-worker, who we call the ISE Master because he's in charge of the ISE configurations. He's able to save a lot of time by being able to monitor everything from there. So it did take off a lot of time that we would waste by going individually to that different device and trying to figure out what was wrong. 

It definitely improved the security resilience in our company as it did provide more secure options for us you know, securing accounts, securing devices, allowing specific actions for the specific user, you know. Everything was in one place, which is an amazing thing.

This client has helped a lot with replacing different applications that we would use. We do use it hand in hand with other applications like SolarWinds and it did replace the main power itself. We get help desk tickets and try to figure out the problem with specific devices. So it did replace all of that and we can just control it from one place. It's a one-stop-shop kind of thing. 

The features that we really appreciate are the monitoring features and also being able to administer the different devices that we have. We have a broad amount of devices with Cisco and we would need to be able to monitor them as well as be able to give specific access to each one of them. The fact that if something as simple as that if somebody gets locked out of their laptop, I can go to Cisco ISE and easily see exactly what happened, when it happened, and see if it was a bad or wrong password is really amazing.

The one main thing that it can improve on is the GUI. As the newest addition to the team, I struggle a little bit to get around it just because it has so many features. This is an amazing thing but the downside of it is that it's not as friendly to figure out which feature does what and how to get to it. 

You have to go through a lot of menus to figure out what you need. Although it's fantastic, it's full of different options that are endless, it does get a bit hectic for new users to get comfortable with it. It's taking me a while to figure out all the features and options.

I have personally been using it for about a year. However, my team has been using it for over five years now.

My impression of the stability of Cisco ISE is that we don't have an issue with it, it's pretty stable. Even when things went down system-wise, Cisco was able to help us figure out what was wrong. So from my experience, which is limited because I only have one year of experience with ISE, is that it's been pretty stable.

Scalability is amazing. We have about 1,000 nodes and we're growing every site, so it is an ongoing project. Our project keeps expanding and it doesn't end at a specific point. It covers everything that we are working with, all the devices because we have computers, switches, routers, and so on and so forth and everything is fantastic.

We all love the fact that there are a lot of forums so if you don't want to talk to somebody about it every time there is a problem, just pull the model. With Cisco, you pull the model, put your question in, and there's a huge community that you can see, there are also the hassles that they had to go through and benefit from their answers. It's fantastic because you can go with the support or you can go through the forums. It's fantastic, to be honest.

I would definitely rate them an eight out of ten. I think they are fantastic. We wouldn't be using them that much, especially in a defense company if we didn't think it was up to par security-wise. They're fantastic feature-wise. However, there is always room for improvement hardware-wise, device-wise, or software-wise. 

We chose it because we have a lot of Cisco products in our company. Ninety percent of our base uses Cisco. Cisco ISE was one of the options that we had. After studying it with some managers and some other teams, it did provide a lot of options that the others didn't. 

I personally didn't evaluate other products but I dabbled through other software, other interfaces, and GUIs of other products. Cisco does provide a lot more options. You can admin the administration part of Cisco ISE, there are endless options of how you can customize it to your own needs. A lot of the other competitors tend to lose it in the fact that the interface is a lot more complicated or it doesn't provide as many features.

In our field, we need the most secure option. That's something that would work with TACACS, which is something that we all use now. That was one of the main factors. 

In terms of the difficulty level of implementation, it was great. At the same time, it was a little bit time-consuming because you need to switch from whatever model that you had with all of your nodes, which in our case was a lot. We utilize at least 1,000 nodes. 

It's very easy for you once you know how to create a new node on ISE. It's very easy to understand how to do it and click on that process but when you're moving a whole entire system into that, it tends to be a little bit hectic. 

We deployed it ourselves with my team. However, we did consult a reseller a couple of times as well as customer support any time we ran into issues. 

The company does see a return on investment. We definitely use it a lot more than we thought it would be used. I can be used for something as simple as a wrong password,  which is something that everyone does in the office, especially right after updating it all the way to something as complicated as if a site has a specific switch or router that depends on it, and it's down, and there's some sort of phishy activity happening. So it is definitely an investment that we all like and appreciate. We do feel that we're getting back what we paid for. 

I would definitely rate it as a nine out of ten. The only major problem for me is the GUI  but I can't really complain that much because it does have all the functions that we need and even more. 

It would be fantastic if it was more user-friendly and there was more explanation.

Identity Services Engine for us has an incredible number of use cases, predominantly around identity and contact sharing within the enterprise or Endpoint onboarding for, authentication and authorization. Most recently, in the last few years, we've actually finally added device authentication and device management into that with the TACACS implementation. And now we have a comprehensive set of features to perform enterprise NAC, pure RADIUS authentication, and user authorization.

Cisco Identity Services Engine has provided two incredibly beneficial outcomes for our clients. First and foremost, they've been able to limit and minimize the number of different discrete platforms they need to use to deliver things such as network admission control, device authorization, and posturing, as well as do device and policy enforcement at the endpoint level. The second one that really is under sung is the ability to comprehensively manage guests in BYOD wireless access. The ability for the enterprise pretty much out of the box to deploy an end-to-end solution to manage guest onboarding, user self-service, as well as bring your own device has been a real boom to network access.

Using ISE to detect and remediate threats is really the hinge pin for pretty much everything in the Cisco security infrastructure. Without identity and without context, you really can't do any enforcement. It's fine to be able to detect a threat with an IPS, with a threat appliance, with anomaly detection, but being able to use things like RADIUS chains of authorization to then blacklist a host or remove a host from a production relay is an incredibly important outcome, not the least of which because that's all automated in ISE. And that's an incredible benefit to IT teams who perhaps don't have a NOC, don't have a SOC that can run out, and respond to a threat immediately. Having those SOAR automation capabilities inherent to the system is a really powerful feature set.

I think it's inevitable when a customer is deploying or using ISE that they're gonna find additional cycles that they can spend their time on. The rich automation and the quick startup out of the box, for instance, ISA has a really rich onboarding wizard. Pretty much out of the box, you can go through a series of steps, input your IP address, your domain names, etcetera. You don't have to do a lot of the upfront planning and design work that was required of previous systems that did network admission control, certainly more so than the old NAC. And so I believe that many customers will find they have extra cycles to go and use that IT talent to do more impactful projects than spending months and months and months deploying admission control.

Identity Services Engine has done a great advantage to our clients in the fact that Cisco has begun to move more capabilities into the platform over time. As they started out with the basic AAA capability, authentication, authorization, and accounting that was present in ACS and the older service architecture, they've now begun to move in, device administration in the form of the TACACS server and other capabilities within ISE. When they previously introduced the pxGrid capability, you now have the ability to bring other enterprise platforms such as your IPS, your threat systems, and your DNS security platforms directly into ISE for performing all those automation. And so it absolutely has consolidated the number of platforms that you need to deploy to achieve that secure outcome.

The effect of the consolidation of all of these functionalities within Identity Services Engine has had on IT is that now you have a single platform with which to maintain. I think sometimes we overlook the fact that security platforms themselves have a lifecycle associated with them. We have to patch these systems. We have to maintain currency on the devices. And over time, those devices like anything else become a little long in the tooth and require refreshing. The flexibility to deploy Identity Services Engine in multiple persona types on hardware or in a virtual machine is a huge advantage to customers who want to consolidate the number of vendors and hardware platforms that they have to support and manage.

Identity Services Engine has helped a lot of our clients as well as Logicalis simplify the way that we approach compliance governance and risk consulting within our own enterprise, being able to have a single source context for when devices were on the network when they were last authenticated, and, of course, that rich user context that we get. We can now share contextual information from Identity Services Engine within an Azure environment, within an AWS environment with our own active directory, and that's an enormous advantage when you're not only threat hunting, but when you're trying to pass those checks and balances that are required for cybersecurity insurance or your own internal compliance auditing.

For us and our clients, the most valuable features of Identity Services Engine are really around the rich contact sharing that ISE gives you. The ability to categorically list all the endpoints in the infrastructure, understand where they are, how they made it onto the wire, whether that was through wireless, through a wired engagement, And all of the self-service features that allow you to manage guest access to wired and wireless infrastructure are an incredible number of use cases that our clients are constantly deploying now.

I think in any technology infrastructure, you're going to have environments where improvements could occur. I think some areas where ISE could be better are perhaps in the number of integrations that they offer from a virtual standpoint, as well as having a better and more comprehensive pathway for the customer to go from a physical environment to a virtual one. Many of our clients today are hybrid. They have a physical footprint in a data center somewhere, as well as a public cloud instance for things. Today there really isn't an elegant pathway for a client that wants to go 100 percent cloud, and that's an improvement I think that could be along the way.

I have been using Cisco ISE for close to ten years.

The stability of the Cisco Identity Services Engine has continued to improve over time as the product has matured. Anytime you're dealing with something like a database product that has millions or hundreds of thousands of endpoints and entries in it, inevitably you're going to have performance creep over time. Because of the scale of the Cisco purpose-built UCS appliances, the SNS appliances that predominantly run identity services engine, we've seen an enormous advantage by staying up to date on the most current Cisco SNS appliances. We've also seen an enormous advantage by leveraging ISE in a hybrid capacity. So the ability to deploy PSMs on a hybrid cloud environment, on a public cloud environment, as either additional capacity or as a failover point for that on-premise install base is a really nice advantage to have.

The beauty of Identity Service Engine is the fact that there's really no environment too small. If you have 500 to 1000, maybe up to 2000 endpoints, We're talking laptops, mobile devices, access point switches, etcetera. You're really not too small to deploy Identity Service Engine. The beauty of the multi-persona design of the Identity Service Engine is that you can leverage that capability to split off those PSN personas which is actually the persona within the Identity Service Engine that processes all of that high rate of radius authorization and authentication traffic. So the scalability of ISE is really well thought out. It was really well thought out from the get-go. You can also split off the admin personas and the monitoring and logging personas as well to give you that horizontal scale. I'm not sure today what the exact endpoint count that ISE scales to is, but it is certainly into the hundreds of thousands of endpoints.

Cisco support for Identity Services Engine has been world-class. The guts of ISE are still a RADIUS server. They're still AAA-based functionality. So many folks that have been deploying and supporting the Cisco Secure ACS Server as well as the TACACS server and all of the things that have come along with that, continue to use the same skill set to support and deploy ISE. Really, the differences nowadays in terms of support are bringing about more comprehensive offerings to support the systems that surround ISE. Many things plug into ISE and provide much richer context, and really that's where the complexity tends to creep in. Our support from Cisco both as an end user and a partner has been beyond reproach, and we really appreciate Cisco's continued investment in the TAC, and in all the areas they bring to bear to help you receive that business outcome you're after.

Cisco support is always going to be ranked a strong nine with me, mainly because we know there's always room to improve things. We don't want to give a full passing score, but without a doubt, I don't know how anyone could consume and deploy business outcomes with Cisco technologies without leveraging support. And so Cisco leads the way and continues to invest in that area.

Positive

The deployment experience with ISE in the early stages was without a doubt, very daunting. There is a huge number of things that you need to understand about the existing infrastructure, about the existing customer environment to properly deploy that solution. As time has gone on, however, the designers and the developers of that software have begun to create wizard, have begun to create additional upfront deployment tactics within the tool itself so that essentially a journeyman network engineer or security architect can deploy the minimum level of functionality right out of the box.

It's difficult to say whether the clients have seen an immediate ROI with the deployment of the Identity Services Engine. Oftentimes, you have to take on additional technologies in the ISE product family in order to receive that comprehensive benefit. So I think only time will tell what the true ROI is. I can tell you that the value exchange that occurs between a partner and a client when we're talking about everything within the Cisco security portfolio being fully integrated together and working comprehensively has been an enormous advantage to customers who today have a complex act of multi-vendor products. Being able to consolidate on a platform-based solution is an incredibly powerful story to tell, and it's also incredibly powerful from a cost-benefit standpoint as well.

In terms of the licensing and the pricing structure of the Cisco Identity Services Engine, there's been a huge advantage to our clients recently with the advent of the enterprise agreement. You now have an enterprise agreement choice, which now allows you to buy as few as two security products to unlock additional discounting and additional life cycle advantages when you consume that solution for security business outcomes. At Logicalis, we deliver a full life cycle approach to Identity Services Engine when embedded into a Cisco security enterprise agreement. We're able to deliver not only the onboarding and the design guidance that the customer needs to deliver that secure business outcome, but also provide the ancillary services to support all of the other infrastructure that often comes along with deploying a solution like ice.

Identity Services Engine compares favorably with many of the other competitor's products that are in that space. I won't mention them now, but I think we know that all of the same industry competitors have been delivering identity solutions and NAC solutions over the last decade or so. Cisco continues to rank in the upper and farther to the right in Gartner Magic Quadrant for those identity solutions, and I think they'll continue on that trajectory. Cisco has long been the number one network vendor in the world, and I think you'll continue to see that growth as the network continues to be important to business.

I rate Cisco Identity Services Engine a ten, on a scale of one to ten. It's a necessary solution to deploy in order to achieve many of the business outcomes such as some of the smart business architectures, certainly anything within the automated campus designs that are out there with DNA Center. It's just an incredibly powerful tool to manage both identity and endpoints within the infrastructure, and it really does become the hub of a hub and spoke comprehensive security architecture.

When Identity Services Engine became the de facto migration path from ACS Access Control Server, we were very early adopting and getting that product into our labs and in the hands of our customers for proofs of concept, proofs of value, and enterprise pilots.

We use ISE for authentication, authorization, and access control. We use it to integrate and manage a lot of the access controls between our switches, routers, and pretty much all of our network infrastructure. We use ISE on-prem instead to manage all of our infrastructure.

One of the benefits of ISE for us in our organization is the fact that, because we're a very large entity with employees of over 10,000 people, we have over 2,000 pieces of equipment. So, rather than individual programming or managing everyone's credentials on each piece of equipment, using ISE to manage all of that and giving everybody just one Active Directory login simplifies that process for us.

ISE as a platform has been able to free up time, even for me personally, in terms of having to constantly remember credentials, passwords, and all these password complexities. Using ISE to integrate into all of our core infrastructure, frees up so much time for me to do other things. Even down to the configuration, when we are building config for the scripts as well as for our switches and routers, being able to eliminate a lot of those redundant credentials within the configuration itself is a massive time saver for us. In terms of time savings with using ISE itself, we see the savings every day because we have to constantly interact or interface with tons of network equipment. So every single time I have to log into a switch, I am literally realizing I'm saving time in that moment. It's always a constant; I'll say at least three to five minutes for every login.

ISE, we use it strictly for authentication and authorization. For consolidation, not so much, because it just serves one dedicated purpose, which is basically that access control.

In terms of cybersecurity, I would say ISE helps in a way, but we do have other platforms and tools that are specifically designed for that purpose because we try to choose tools that are very specific in their functions.

For us, because we are mostly a Cisco shop, all of our equipment is Cisco. So integrating Cisco ISE into our environment wasn't too complicated, because a lot of our equipment, again, are Cisco-related products. Thus, they were all able to integrate nicely within that ecosystem.

The authorization and accounts inside of ISE are very useful for us. In the sense that we can actually go back and track and look at all of the things that access controls or people have made changes in the past. And I think the biggest part of ISE for me is that authentication as well. The fact that we can connect it to Active Directory and use it to manage access control to all of our infrastructure devices.

As software, in general, ISE is actually a fantastic product. I just think that, overall, it's just the software control, the bugs, and the fixes. We do tend to run into a lot of issues with ISE when it comes to bugs. I would like to see a lot more testing prior to the rollout of some of these software updates.

I have been using Cisco ISE for over eight years.

When it comes to the stability of the product, for the most part, it is stable. But when it breaks, it breaks on a grand scale as well. And that's why, for us, most of the time, we don't always jump to the latest and the greatest when it comes to software updates because we wanna make sure that the software goes through our internal change control and make sure that a lot of bugs have been ironed out and straightened out before we update. But even then, we are still running into unforeseen bugs and unexpected situations. But I'd say, overall, it's relatively stable.

So when it comes to the scalability of ISE, we are a massive organization with offices ranging from two people to hospitals with over 10,000 people. We are able to rapidly deploy products. Sometimes, we have mobile sites that we just spin up—especially during COVID. For example, we had to deploy a lot of COVID assessment centers. We were also able to rapidly deploy a lot of these instances. Even when we had to integrate Meraki products for some of our smaller sites, scalability-wise, it's really flexible and very scalable. If an organization of our size can easily use it to adapt, I don't see any reason why it would be an issue for anybody to scale this product.

Cisco support is actually fantastic, especially in being able to use the tech support. At least, I personally use it all the time. Being able to actually just pick up the phone and quickly get in touch with a Cisco rep, because we definitely always run into some of those issues where it's unforeseen and we're not really sure what's going on. So, it's nice to be able to have that support on standby; it comes in handy a lot of the time and it actually saves us a lot as well in terms of time, money, and headaches when it comes to managing the network. Because we all know when the network goes down, everybody starts to look for you. Being able to have that rep to assist you right away and kinda solve that problem is something that everyone should have - that tech support.

When it comes to rating tech support, nothing is perfect. So, I'll say seven. But overall, that's because of the speed, the urgency, and now the ticket seriousness. So there's always room for improvement, but I think overall, I'll say we're getting a good bang for our buck.

Neutral

We have actually always been a Cisco shop right from the start, and ISE has always been our AAA authentication tool right from the start. As far as the evaluation and selection process goes, because we're a Cisco shop, it kinda just made sense to choose a product or a tool that neatly integrates with the rest of our products. We use a lot of Cisco products in terms of our wireless control, network management, and legal firewall. So, it was just a natural fit to choose Cisco ISE and use it as part of that existing ecosystem.

When it comes to deployment of the Cisco ISE, we actually did it in-house. However, we also have a Cisco rep that we work with directly within Cisco's organization, who actually works directly with our company. As a result, the Cisco rep and the on-premises internal IT team were able to deploy it.

In terms of return on investment, I would like to think that we've seen a significant return on investment with Cisco ISE. Just looking at it purely from my perspective, in terms of time-saving, if we consider this impact on a single person and then scale it over two to three thousand employees when you multiply that data on a day-to-day basis, the time-saving is tremendous. Moreover, in terms of solutions, having the ability to keep things integrated and manage them through a single pane of view adds to the benefits. I believe the return on investment goes beyond just the financial aspect. It extends to mental well-being, reduction in stress, and as employees. It's really great.

When it comes to licensing costs and Cisco's more than one pricing, I think that's one of the areas where I actually have one of the biggest problems. I just think that Cisco is trying to move towards squeezing more money out of us as customers. They're constantly trying to change many features that used to be part of the original bundle. Now, Cisco has actually transitioned to a lot of subscription models, fees, and licenses. As a result, the cost has gone up, and I foresee it continuing to rise, which is why I have a problem with it now.

Cisco ISE, on a scale of one to ten, I'll say it's about a six. I'm giving it that score because, first of all, the ease of deployment is one of the biggest things for us. Also, the ease of use. The reason why I'm not really giving it a ten is when it comes to the licensing model and all the subscription fees – that's the big issue for me with Cisco licenses. Additionally, when it breaks, it could potentially break big as well.

I'm a network analyst for one of the largest healthcare entities in Canada, and we have over twenty thousand employees.

I am head of the IT infrastructure for a company. My company is a manufacturing company, based out of India. My company has between 3,000 to 5,000 users. 

Our solution is completely on-prem.

The domain under which my company works puts a lot of importance on cybersecurity. Our management gave us clear instructions that there should be an environment where there are zero trust policies applied.

We explored various solutions that could bring in zero trust. The first level of zero trust that we wanted to bring in is a zero trust network.

We reached out to Cisco at that time, and they told us about the things that can be done around the software-defined access and the integration of Cisco ISE. And that was the time when we started doing a lot of POCs to see which use cases we could use for it. That was when we got in touch with Cisco and they told us that this would offer us network-level zero trust. 

When I say zero trust architecture, the first thing is that we wanted to have a network authentication done on a certificate basis. That was the first use case, where the only versions in the network that have a domain-based certificate could be allowed to join my network. My enterprise network should not allow anybody from outside. That was the first use case. 

The second use case was that we had to do the posturing of my endpoints. I wanted to ensure that those which are connected to my network have proper antivirus and software installed, and the operating system is permissible. That is where we started to do the posturing part of it. 

The third use case is around the access part of it. We have multiple departments in our company, and we wanted to restrict the access of particular user groups to particular IT applications. 

The first benefit is that we can implement zero trust architecture because of Cisco ISE. I can assure my CISO in my company that my network is such that nobody can just bring in their laptop, desktop, or any sort of mobile device and can directly get connected to my network. That is a benefit that I can only allow people who I trust on the network. 

I can only allow the people who I trust on the network. When an infected machine comes into the network, there is a very high chance that infection will travel laterally. Since I do the posturing part of it, I know that I'm not allowing anything in that is not safe.

It certainly has helped enhance my company's resilience.

Posturing is the most valuable feature. There are other tools available that can do some of their other features, like network authentication. The posturing was something because of the nature of the industry that we are in. There are people who go outside for work. Their machines are at times not in the network, and not patched properly. We don't know when they're going to come back, whether it is in a good state, whether it has antivirus, whether it's installed on those machines. Posturing is something that we have made our baseline policy that whenever a machine comes back to our network, it should have a certain level of the operating system and a level of security and antivirus installed. 

We couldn't have done this posturing without Cisco ISE. This is its greatest feature.

It does help me to detect and remediate my network. It enables me to detect any external threat that comes to my network and remediate. If a machine comes into my network that does not qualify per my baseline policy, I have a policy that the machine gets redirected to where it can be patched and remediated. I can ensure that it is fully patched and secure. 

The entire idea of having ISE is to enhance cybersecurity resilience. The zero trust architecture was coined by the cybersecurity team itself. It was a task given to us in the infrastructure space to see how we can bring resilience into the cybersecurity network and ISE was the solution. 

Cisco ISE integration with Cisco ACI is something that can be done in a less complex way. And the simplification in that area may help us do better. 

We started adopting Cisco a couple of years back. 

The stability is good. It is a cybersecurity product. It needs a lot of fine-tuning but that is part and parcel of the requirement. New things are coming, new technologies are coming, new softwares are coming but it is more or less stable.

It is a very scalable product. The deployment of Cisco is completely contingent on the number of endpoints that we have. It's just a matter of buying a license and uploading it. So scalability is not a problem at all. 

Cisco has very good partner support, and they're in their own support. I noticed that the first level of defense always comes from the partner ecosystem that Cisco has built. There are many partners we work with along with Cisco. Any time we are stuck, these partners are available for the first level of support.  

Any time we are stuck with anything, these partners are there as the first level of support. We get L1 level of support. When we feel that there is an issue that needs to be escalated to L3, Cisco TAC is always available. We have very good engagement with Cisco enterprise teams and the account directors. We do have dedicated people who work with us on the Cisco team. We always have their support any time something needs to get escalated. 

I would rate Cisco support an eight or nine out of ten. We have seen a lot of cases in the last ten years where any time we needed to get their support we could get it. We also have a customer support team who works with the backend tech team to ensure that we get whatever help we need on time.

Positive

We have been a Cisco shop for more than twenty years now. Cisco is a company that we can trust in every aspect of the work that we do together. Cisco is our partner for everything we do on the network.

We are very observant of the kind of solutions Cisco provides us. It is feature-rich. It is very easy to implement. There is longevity there. Our first choice is to go directly to Cisco.

In the cybersecurity space, return on investment is something that is very difficult to justify. ISE is something that is a pure network cybersecurity resiliency solution. 

I can definitely assure my management that by implementing this, we are good in the overall cybersecurity posture. 

Cisco is not cheap. Cisco is something that comes at a cost. There are various products in the market that compete with Cisco and are 30-40% cheaper and they offer 60-70% of the features that Cisco offers. 

The differentiator is the kind of engagement that Cisco offers the customer. They will prove the value, what we call the PoV. The PoV value is very good. 

Pricing-wise, they are premium. Licensing is something that is conducive. I feel that the licensing that Cisco offers is flexible.

We have an enterprise agreement as far as the licensing is concerned. There are various benefits where I can use any Cisco solution.

There are various dimensions to cybersecurity. The first thing is how you enter a network and what you do with particular use cases. My recommendation would be to focus on north-south traffic. That is what is coming from outside to inside through a normal network plane. You should also be vigilant about what your internal users bring in from the outside. My advice would be that you have to be vigilant not only from the outside traffic, but you have to be wary about the traffic that internal users bring in. 

When it comes to zero trust architecture, specifically for network authentication, this is one of the tools to go for. I would rate Cisco ISE an eight out of ten because of the ease of deployment and the support. 

I utilize Cisco ISE to access the switches on our network for monitoring configurations.

Using Cisco ISE, we are able to control access to our networks, ensuring that only authorized individuals have access to appropriate devices. Additionally, we can restrict access to devices that should be off-limits to them.

Cisco ISE helps free up 50 percent of our IT staff's time, allowing them to work on other projects. It provides quick access when available, but delays occur when we have to wait for access to be granted.

Cisco ISE helps consolidate our tools, eliminating the need to worry about multiple passwords for the various devices in our environments by using a single password key.

The consolidation of tools makes it easy for me to access and complete my work. It also facilitates finding a solution for any problem I may encounter with the switch.

Cisco ISE has enhanced our organization's cybersecurity resilience by providing us with control over device access.

It would be helpful for us to know what needs to be deployed, configured, and what changes we need to make to our devices when we don't receive the specific login which is an indication of a lack of connection or incorrect configuration.

I have been using Cisco ISE for one and a half years.

Cisco ISE has consistently performed as expected, and we have not experienced any stability issues.

Assisting a larger number of users in gaining access and guiding them through the process of getting on Cisco ISE has been seamless.

Cisco support is helpful, and they have always been responsive whenever we needed assistance.

Positive

I rate Cisco ISE a nine out of ten.

From a user's perspective, Cisco ISE is seamless. It is extremely helpful as it reduces the amount of work required to access and control device permissions.

Our organization is a major Cisco partner, and it is logical for us to increasingly integrate Cisco products into our environment.

We are using it in-house for phone profiling and for users' computer authentication needs.

The policy and segmentation that we use are currently based on the users and their domains. Let's say different domains, such as HR or finance and procurement. We have policies where users are assigned VLANs or specific requirements and are directed to corresponding policies where services are activated. They have access to specific services based on their domain or vertical.

Many Cisco ISE features are good. It offers automatic profiling of phones and computers, enabling administrators to identify and categorize devices seamlessly. Additionally, Cisco ISE can block anonymous devices attempting to connect to the network. This includes unauthorized attempts from non-domain computers or users trying to obscure their identity to gain network access. Cisco ISE ensures such attempts are thwarted by enforcing full identification authentication.

I struggled with spoofing, specifically the max spoofing feature, which I believe has started working after version 3. Before that, it was not that effective. They could incorporate some AI features.

I have been using Cisco ISE for over three years.

The product is stable.

I rate the solution’s stability a out of ten.

Scalability is also good. I haven't seen any problem because I currently have a new deployment for the ISE and other branches. Getting an integrated access setup is easy, and scalability is also fine. Initially, the scale upon the licensing part and that sizing is low. ISE's existing policies pretty much work very well. There are no significant changes you have to make.

We have more than a thousand users using this solution.

ISE support is good.

The initial setup is straightforward. They are very easy to manage and not complicated at all.

We have received all our files from the client and deployed them. Currently, we are using single active nodes. We have one Primary Admin Node, which is active, and one Policy Service Node. We don't have a secondary admin node for administrative purposes. We have an active operational node. The deployment is pretty simple. You download the file from Cisco, import it into your Cisco ISE, and follow the prompts to set it up based on your requirements, including IPs, basic security needs, DNS servers, etc. Once the initial setup is complete, you can begin creating policies.

Cisco ISE protects your environment from potential physical attacks. This ensures that your environment and users are fully safe, thus enhancing your overall security posture as a first line of defense.

We don't have the full license. An enterprise license includes Apex and device management. We secured it for one of our new branches where the deployment will start. We have a full enterprise license, including Apex and device management, to cut costs.

The problem is we have a team of five. I look into the security and infrastructure part.

Integrating Cisco ISE depends on the specific products you're working with. Each integration may present unique challenges that require individualized solutions. There isn't a one-size-fits-all checklist for potential issues.

They were looking to protect their assets, such as devices, from somebody. If they have an environment exposed to users who frequently come to their office, and it's not a very closed environment, then Cisco ISE is very much required. It's the first place where the attack starts. From a risk and compliance perspective, ISE is essential.

Overall, I rate the solution an eight out of ten.

I am a Senior Technical Consultant. I have worked in professional services as a Cisco Gold partner for the last ten years. 

I have been offering Cisco ISE for the last three to four years. We do small deployments, upgrades, and those types of things.

We see a lot of customers wanting to use Cisco ISE primarily for 802.1X wired and wireless and also for posture device administration, and guest access.

A lot of our customers who come to us do not have any sort of NAC solution in place at all. They don't have a RADIUS, they might have a Soft MPS or something along those lines, but Cisco ISE is far superior. It gives them far more visibility and the policies are more configurable. The ability to do dynamic access lists, dynamic VLAN environments, and that type of thing, and it just gives them a different level of security altogether.

It's been just great at securing our infrastructure from end to end. With the operational launch and live logs, as soon as you spot anything, you can just do one click and you can stop that device from getting access to the network. So it's very responsive and quick in that sense.

Maybe some customers with ACS and MPS can consolidate the device admin into one platform.

The most valuable feature is the visibility element, the ability for customers to be able to see what devices are actually on their network. Without a solution like ISE, they would have no idea what devices are connected to their network. It offers them the ability to authenticate devices via mobile.

I don't really know how to improve it, I think it's a great product. If I compare Cisco with something like ClearPass, for example, ISE is a lot more intuitive in terms of all the workflows and the work centers. They give you all the building blocks you need to be able to configure it. It's quite useful and quite easy to manage. 

If I was going to improve anything, it would be the ease of migration. It's really difficult at the moment if you're looking to upgrade ISE 2.1 and you want to go to ISE 3.1 or 3.2, that whole upgrade path and, particularly, the licensing is quite a minefield to sort out. If I wanted anything to be easier, it would be this.

It's been around for many years now. Since version three, stability-wise, it's been pretty reliable. We know the versions to avoid. We know the stable versions.  Besides some upgrades and that type of thing, it's generally pretty solid.

A lot of customers that I see are small deployments, maybe a single node or a two-node cluster, but we know that the product does scale. We do have customers that scale beyond just the two nodes. It's proven to be a scalable product.

We see a lot of customers getting frustrated with Cisco TAC because they don't get the responsiveness that they believe they should be getting. But as a gold partner, we are able to leverage our influence, so when our customers come to us, we can escalate a lot of stuff for them. We use our influence. We're able to get stuff remediated fairly quickly. We find that they respond to us better than maybe to our customers.

I think Cisco is fairly straightforward in terms of device admin. 802.1X  is quite easy to deploy. As you then start to look at guest access, profiling, posture, and that type of thing, it does ramp up a little bit and we get a little bit more involved. Some stuff is straightforward and other is not as much. 

Generally, over the last few years, it's been mainly deployed on-prem, but we're now starting to see a shift. Users are really willing to move to cloud with Azure-type deployments. I'm doing some labs this week because we're seeing so many requests for cloud.

If I take the two that I really compared, it would be LogSoft MPS. Cisco ISE has a lot more features, you can do a lot more regarding the policies than you can currently with MPS.

I also have limited experience with ClearPass. ClearPass is a lot more difficult to configure and manage and is less intuitive. The visibility side of ISE is far superior as well. 

I'd give it a nine out of ten. There are some hurdles with upgrading and licensing in particular, which is why I wouldn't give it a ten.

We use it for access control in our organization for network control and the guest portal of the guest users who access the wireless network.

Cisco ISE has improved our security. It's very important to us since we are a banking entity. Security is one of the most important aspects of our architecture.

The most valuable feature is the provisioning of the device so as to ensure that they are compliant with the security policy that we need to have.

I believe that Cisco can improve the way its policies are built because they're a little complex. If the operation teams do not have not a very good understanding of the solutions, they can break something because it's not so easy to view their policies through their eyes.

I have been using Cisco Identity Services Engine for six years.

Cisco's support team does a good job. Sometimes they take a long time to solve a problem, so it's difficult for us. But in general, it's a good solution with good tech support. I rate the technical support an eight out of ten.

Positive

We are using Juniper. We are also using Cisco, which is the main vendor. Before, a solution for web portal access was deployed by our internal team, and we moved it back to Cisco. We chose Cisco because, as a NAC solution, it made sense to us since it keeps things together in the last single tool.

The product's implementation was done by my team, along with handling virtual operations too. The setup is simple to do. However, the policies of the solution are a bit complex.

Regarding how the solution helps me secure my infrastructure from end to end, I would say that it is a good solution for us. We are also using all the features Cisco ISE has.

I don't believe it does save my IT staff any time because we need to build the policies and follow the configuration, then follow the user access.

After getting rid of other products, my company was able to save some money.

Regarding the solution's ability to consolidate tools and add to my security infrastructure, I would say that because Cisco ISE (Identity Services Engine) was able to get rid of those other products, it did help secure my infrastructure.

It did improve my company's cybersecurity resilience because we have deployed the solution as a high-availability solution. So if we lose one of the boxes, the other one, we all remain to stay in the job.

I would absolutely recommend the solution since it helped us a lot to improve our security and put some tools together in a single pane of glass to support and troubleshoot it. So it's easier to do that.

Regarding if the solution was able to integrate well with other solutions, I do not think we have any integrations at this moment, but I know that Cisco ISE (Identity Services Engine) has a lot of integrations.

I rate the overall solution a nine out of ten.