Cisco Identity Services Engine (ISE) Reviews

This solution provides access to the employees of the company.

It works. It is simple. It works very well. We have a good strategic setup. We are very happy with the solution and we have no problem using Cisco ISE solutions.

The solution is stable.

It's scalable. 

I'm not working in the IT team. I'm working the sales team. While there are a lot of features that we could improve in our organization, I can't speak to the exact changes that should be made.

We'd like to be able to integrate the product with our solutions. Sometimes we face some infrastructure where there are multiple vendors and sometimes the ISE is not the best tool to manage multiple vendor infrastructure. 

The price here in Brazil is very expensive. 

Configurations can be a bit complicated. 

Sometimes we have problems integrating logs into SIEM solutions. We have to deliver some logs to a SIEM secret platform, and sometimes it does not work well. It would be better if we had better integration or a better way to deliver the logging SIEM platforms.

I've been using the solution for five to six years. 

The stability is good. There are no bugs or glitches. It doesn't crash or freeze.

We have no problem with the management of our infrastructure when we need more accountability from the platform. Scalability was fine. There is no problem.

We have 6,000 people in Brazil using the solution. 

I consider technical support to be perfect. Anytime that I have problems with shifting solutions, they work well with me and I have no problems with working with them.

I'm a reseller from Fortinet and Cisco solutions. I also have experience with Check Point. 

I can't speak to how the setup goes. I'm not working directly in deployment. What I've heard from my customers, for example, is that it is not difficult to set up, however, it may be to run all the features.

What I've heard is the first setup is very, very easy and to do some adjustments is very easy, however, when you want to go further in the configuration, that could be a bit easier.

I can't speak to the exact pricing of the product.

I work with various versions of the solution. 

We're resellers.

Others should know it's a very good solution, very stable. There are a lot of features, and it is a secure solution. It's the first solution that we indicate to our customers and most of the time, the decision of the customer is to deploy a Cisco product. 

I'd rate the solution nine out of ten.

We were looking for secure network access.

It's important that the solution considers all resources to be external because we are introducing new endpoints to the environment every day. We want to make sure that endpoints are secured. In addition, we want to see what that endpoint is doing in our environments.

ISE has eliminated trust from our network architecture. It has changed the methodology of how we look at security. Instead of having everything open, now we know exactly what to open and what to trust.

SGTs are valuable because they make it easy to enforce policies, instead of pushing them across all the other platforms.

I would like to see them simplify the dashboard. It's very configurable, but, at the same time, it's not easy to maneuver through it. They should "Merakify" it.

The deployment is complex. I get that it's very configurable, but there is the challenge of how to get to certain things. You go to different places to get the same things done. There needs to be improvement to the GUI.

I have been using Cisco ISE (Identity Services Engine) for seven years. 

It's now way more stable than 2.0 was.

It's scalable, but we get back to the point that you have to deploy multiple nodes across the environment to get the bandwidth for larger environments.

TAC is pretty good. They're solid. The product has been out there for a little bit so that side of things is good.

Positive

We had ClearPass.

It's pretty good when it comes to supporting an organization across a distributed network but it's not easy to implement. It requires a lot of expertise. It requires a full understanding of your environment and the traffic flow.

Our clients have it in multiple locations. At the same time, there are multiple SSIDs on the wireless side and each SSID has a different function for a different group of users. It's not like there is just one set of policies. It has to be multiple policies and sometimes the policies cross each other when moving from one campus to another campus.

Deployment requires a minimum of two solid engineers. One can focus on the network side and the other one can focus on the ISE side.

The way you establish trust is that you first have to "untrust" everything and then you set your points and your profiles and, based on that, you build your policy.

It's damn expensive and the licensing is terrible. There are three different types of licenses: Essential, Advantage, and Premier, and each one of them has certain features. I work with the SLED accounts and it's not easy for customers to find the money. I'm trying to sell their product but, at the same time, to utilize the product fully they have to pay millions of dollars on the licensing alone. And it's software. It's not like I'm selling them hardware with hardware value. It's just software. The prices need to be brought down.

The majority of our clients are still using 2.7, while some have moved to 3.0 or 3.1. That's another issue with the licenses. If you have perpetual licenses on 2.7 and you upgrade to 3, you are forced to go with Essentials. That is one of the issues that I'm seeing with my clients now.

Go for it. It's a great solution. It's very configurable and you can tie your environment together from a wireless or from a wired side. I love the solution.

Right now, we are doing all wireless through ISE. We have also started migrating to wired.

We have about 20 sites. By having enough node regionalization, we have been able to have all our sites utilizing it.

It is deployed to multiple locations. We have one in Mexico, one in Kelso, two in Asia, and then two in the US.

It improved our standardization with all its policy sets being the same. 

Since migrating towards doing wired ports over ISE with 802.1X and MAB authentication, our organization's security risk has been better. We have been able to establish better layouts, so devices can move and we don't have to worry about where they need to go.

The Guest Portal is a big feature for us. 

It does a good job of establishing trust for every access request. We have had a little bit of a challenge with profiling, but we are probably about 80% there.

I have been using it for five years.

The stability is fairly good. Since we went to the 2.6 version, it has been a lot better.

Scalability is good as far as adding another node. However, if you ever wanted to increase the node that you have, then you need to buy a bigger license. You also have to build a new VM for it because you can't just scale it.

I had one problem with the portal. I got support from TAC and it worked out really well. It was really good. I would rate the support as 10 out of 10.

Positive

We did not previously use another solution.

We were looking to solve the challenge where people were moving devices that they were not supposed to.

The initial deployment was straightforward and took a couple of months. It was actually a project for a customer, then the customer backed out. So, we spent a good year without using it for anything.

The initial deployment was for a customer in Asia, so we had to deploy it in our Asia data center. We then deployed it in our US data center to kind of match that configuration.

We did use a consultant from Presidio for our first deployment project. Since then, we have been doing deployments ourselves.

Two people were needed for the deployment: the consultant and myself.

There is probably a return on investment as far as increased time for people not having to worry about devices moving around nor having to be contacted about moving them to the appropriate spot.

Its licensing could be improved. It used to be perpetual, but now they are moving away from that.

Make sure you understand where you want to deploy nodes and how far away they are from other locations since there is some latency involved.

We don't do any sort of application-based stuff right now. It is just purely assigning devices to what VLAN they are supposed to go to.

We are looking to upgrade to a newer version. Hopefully, by seeing some of the stuff at Cisco's event, I can find some more features that we could use.

I would rate the solution as eight out of 10.

We use it mostly for identity, authentication, and authorizations for wireless and wired. The challenges we were looking to address were mostly around the authorization and authentication of the users. We wanted to use the Identity Services Engine to make sure that the users accessing our network were authorized users, with the authentication happening before.

The integration with Active Directory, and finding and authorizing users based on their Active Directory groups, rather than just their identities, was a big change for us.

The most valuable feature is 801.1x and another very good feature is the TACACS.

In addition, it establishes trust for every access request. That's very valuable. We can't authorize users without it. The fact that it considers all resources to be external is very important. Without Cisco ISE, we couldn't authorize our users, contractors, and everyone else. It's our one source of truth for authentication and authorization.

It's also very good when it comes to supporting an organization across a distributed network. We like that. 

I would like to see integration with other vendors, and the RADIUS integration needs to be improved a little bit.

Other than that, all the features that we're using look good.

I have been using Cisco ISE (Identity Services Engine) for about six years.

It has been very stable. There's no problem with that, as we have redundancy in place.

It can be scaled very quickly by adding more nodes to the solution. The scalability is very good.

We have it deployed in three data centers in Austin, Texas, Lewisville, Texas, and one in Poland. It's a distributed deployment and we have around 8,000 endpoints on it so far.

Technical support has been okay, but I wouldn't describe it as "very good." We have had some problems with technical support. Sometimes it takes them too long to resolve a problem. 

Neutral

The pricing is good. The last time we purchased four new appliances the price was doable for any organization of our size.

In my previous job, I used Aruba ClearPass. It's similar to ISE. They're both good.

Design it well in the first place. If you design it well, you can scale it. Always read, line-by-line, the Cisco guide because that's where you'll find all the information about the design and the scalability. If you design it correctly in the first place, you will have a smooth ride.

We want to use it in a hybrid cloud deployment, but we currently use it 100 percent on-premises. As we move more into the cloud, we're trying to integrate that with Cisco ISE to make it our authentication and authorization source. We're not really into the cloud yet. We're just doing some dev. We're building a whole cloud strategy.

We use it for identity services, profiling, and locking down devices.

We're an airport, so when anybody plugs in a device, it's obviously a really big security point for us.

We have a lot of different devices that get plugged in and we really don't have the manpower to address each one individually, as far as our network goes. Cisco ISE has really cut down a lot on the size of our ticket queues and the manpower. My boss is extremely happy about that.

The solution has also eliminated trust from our organization's network architecture and that has actually been positive because we have to meet PCI compliance. It is very important for us to be able to take cards. It has also helped to improve our pen-testing scores at the end of the year.

Resilience, in cyber security, is at the top of the list. It's one of the most valuable aspects and has been extremely important for us. Before, we had mid-range scores, but over the last couple of years, between implementing ISE and a few other technologies and SIEMs, we've gotten into the 90th percentile with our pen-testing scores. We were sitting at about 75 to 80, so this is a pretty huge jump for us.

Profiling is one of the most valuable features. We have a lot of different devices between cameras, access points, and laptops that get plugged in.

Establishing trust for every access request, no matter where it comes from, is extremely important for us, especially because we are an airport entity. We do have port security implemented throughout our airport, but on the more sensitive side of things, it's a little bit more hardcore regarding what we need to allow, per security zone.

There are always some things that I would request.

I first started using Cisco ISE (Identity Services Engine) in about 2015, but we recently just spun it up here at my current job.

The stability of the solution is a 10 out of 10.

The scalability is also a 10 out of 10.

For this particular solution, the technical support has been pretty good.

Positive

I've worked with ISE before, and it was actually my suggestion that we buy the license for it.

The initial deployment was pretty straightforward only because I had done it before. I worked on it with a colleague and taught him everything about it, just in case I was incapacitated.

From the start, including getting to an agreement, budgeting, and scheduling, the deployment took about three months.

In terms of an implementation strategy, once we got the licensing, we just stood the nodes up. Then we did the features one-by-one, with proper RFCs done, just to see, in a break-fix manner, if each thing we implemented would break something.

We used a consultant. The deployment required two people on our side. I was in charge of the initial rollout and implementation, and I'm in charge of managing it. However, if I'm not there, we have another network guy who does the day-to-day tasks and checks the logs to see if he needs to approve anything.

We have definitely seen return on investment. We have so many different security solutions in place, and ISE just works really seamlessly with them. I get to keep my job, so that's a pretty ROI from my point of view.

The pricing is fair for what it does. The only time I've really not been too crazy about the price is for Cisco Prime, which is a management solution for Cisco products.

We implemented a request for purchase and talked to a few different companies. One of the companies was Presidio. There was another company close by called Net Solutions. Three out of the five companies that we talked to were outsourcing the work to pretty much just bring in an ISE solution, so we just decided to do it in-house.

If you are on the fence about it, and you don't have someone on your team who has worked with the product before, definitely reach out to a company or a certified Cisco entity to help with the rollout. It's pretty painful if you don't know what you're doing.

Resilience is never a bad idea and it's never too late to start working towards it or to begin the journey to Zero Trust. It's very important in this day and age. 

I'm the only cyber security administrator that we have currently, so if we hadn't gotten this solution in place, I highly doubt that I would have been able to make it here to Cisco Live 2021, so it's excellent.

From 2015, when I first started using it, until now, there's not really a lot that I would ask be changed. They've been hard at it ever since I first started using it.

It's been incredible ever since we got it in place.

We are working with packets and A011X. In some cases, we also do profiling.

We are using this solution because we wanted to improve security and reduce security gaps. This is mainly for our customers.

This solution improves security. There is a new law in the Dominican Republic, where I am from. The central bank has ordered the banks to improve their security through a law. ISE is one of the start points for those organizations to start improving their security.

The solution gives us a way to provide a professional security solution to our customers.

They provide you multiple ways to achieve security, not only on-prem, but also when you have remote and guest workers. Especially post-pandemic, a lot of our customers have remote workers. So, it has been really helpful.

Its resilience gives you a better security posture. Cybersecurity resilience is very important. Security is one of the main things in my country enforced by law.

Profiling is a really good feature. However, it sometimes is a challenge for customers when there are issues with the remediation part. I would add a built-in remediation solution. That would be a very nice feature.

I have been using the solution for six to seven years.

It is very stable.

It is very scalable. You can install several nodes in order to scale the solution.

The technical support is really good. I would rate them as 10 out of 10. You need to know how to work with the tech support. If you don't know how to work with them, then it won't work.

Positive

We have been working for 15 years with Cisco as a Cisco partner. We like the Cisco solutions.

The deployment is complex. It takes four or five to deploy it.

Deployment takes a skilled technician. The customer's help is always needed since we need to integrate Active Directory. 

Our customers see ROI. They feel more confident about their operations. It gives them time to do other things in order to be more profitable.

It has a fair price. It is better than it was before.

We have seen Aruba ClearPass, but it is not that common in the Dominican Republic.

Organizational leaders should do constant analysis of their security posture, in order to be improving every day.

I would rate them as eight out of 10 because of the remediation feature.

We use the solution for network access control.

Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies.

Cisco ISE is very complex and not very easy to deploy. There are a lot of prerequisites for the tool.

I have been using Cisco ISE (Identity Services Engine) for three years.

We did not face any issues with the solution’s stability.

Cisco ISE is a very scalable solution.

We are working with a partner for support and are very happy with them.

On a scale from one to ten, where one is bad and ten is good, I rate their support a seven or eight out of ten.

Compared to Cisco ISE, Fortinet NAC is more consumer-friendly.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a four out of ten.

The project lasted a few months, but the planning took several months. Cisco ISE itself means nothing. It has to have the network set up to ensure the network penetration is in place, and we're still working on that.

Security is about risk control and exposure avoidance. You can only calculate its return on investment based on how you avoid penalty fees. Cisco ISE improves our security stats.

If you consider money only, Cisco ISE is not a cheap solution. Functionality-wise, however, it offers a very good price for the value you receive.

The solution's compliance and policy enforcement capability has benefited our organization by simplifying work.

The solution operates in the background, and users generally don't interact with it. Cisco ISE is the security framework layer between network resources and end users using them. Users do not go into Cisco ISE to do anything.

It's like Active Directory for Identity. If you're an end user, you don't work in Active Directory, but you authenticate Active Directory to use resources on the network. The same applies to Cisco ISE, and users don't interact with it directly. They are affected by it to the extent to which they are accessing network resources.

Cisco ISE has a very comprehensive integration suite and we did not face a lot of challenges in integrating this solution with other security tools. If they know how to use it, I would recommend the solution to other organizations with similar security needs.

Overall, I rate the solution an eight out of ten.

We use Cisco ISE for the authentication of wireless clients.

Cisco ISE has saved me a couple of hours per month in terms of not having to manually onboard clients. However, there are still some manual tasks that need to be uploaded to Cisco ISE.

The most valuable feature of Cisco ISE is its seamless integration with the switches and the entire suite, enabling wireless access and smooth client information retrieval.

One of the problems we have had is that there are many features on Cisco ISE that we are not utilizing. In the real world, it requires multiple parties to come together, just like the AD or OU. Therefore, it won't be solely the responsibility of the network or security personnel to ensure that the solution works as intended and utilizes all the features. It necessitates collaboration among various stakeholders. If Cisco could grant more control, the features could be more focused on network and security administration, reducing the need for integration with other components. This would be beneficial for my organization.

I have been using Cisco ISE for one and a half years.

Cisco ISE is extremely stable.

As long as we have the funds to purchase the license, Cisco ISE is highly scalable.

We have a contact person in Singapore whom we can reach at any time for support.

Positive

The initial setup was straightforward because we used an integrator.

We used an integrator for the implementation.

The cost-benefit analysis primarily considers the time saved through manual labor.

The recent changes in the licensing model have caused some issues with the team. 

We have a rigorous procurement process and carefully evaluated other options before selecting Cisco ISE.

One of the other solutions we evaluated was the Aruba Wireless feed and its accompanying authentication, but we determined that Cisco ISE was superior and more beneficial.

I would rate Cisco ISE with a nine out of ten based on its overall benefits. However, since I am unable to utilize all the features due to the need for coordination from numerous other teams, I would personally assign it a benefit score of only five out of ten.

We attempted role-based access with the Cisco ISE integration, but it didn't work out effectively because it is more of an upper-level issue regarding organization and role level. Multiple teams had to collaborate, and there was a need to configure the Active Directory and Organizational Unit groups. This also involved restructuring and similar tasks. As individuals moved between OU groups, someone had to consistently update the OU groups to ensure the success of the process.

We have made a significant investment in Cisco infrastructure; therefore, we have chosen Cisco ISE as a logical option for our authentication mechanism.

Cisco ISE has not directly assisted our organization in enhancing its cybersecurity resilience.

I use Cisco ISE for VPN and authentication.

Cisco ISE is a good and easy-to-use solution. We had a smooth experience with it, and we didn't face any issues. We upgraded the solution two years ago, and that version also worked fine. 

Cisco ISE's integration with other external identity servers like Duende is very simple and easy.

Cisco ISE's performance could be better, faster, and more robust. Sometimes it takes some time to move through the tabs and configure something.

I have been using Cisco ISE for three and a half years.

Cisco ISE is a stable solution. We haven't faced any major issues with the product.

Cisco ISE is a scalable solution. Our environment has a cluster distributed across three countries and seven nodes. It would be very easy to add another node or remote site.

In some areas, Cisco ISE's technical support is good. However, we had an issue with integrating Cisco ISE with DNS. So we opened a case, which escalated, and we had it for almost two years. Cisco escalated our case after hearing about our integration problem, and the issue was solved eventually.

In normal support cases, like if you are facing a bug, you will have very quick input from Cisco ISE's technical support. It is easy to find the issues in some areas, but in some cases, you might have to go along a troubleshooting path to find the issue. I used to work for Cisco tech wireless team. In some deployments, you have a complicated environment and must understand and solve the issue. Sometimes, it might take a long time to solve or find an issue, while it would be easy in other cases. It depends on the complexity of the environment.

Positive

Cisco ISE was already deployed when I joined my company, but I was present when it was upgraded. The upgrading process wasn't very easy, but we didn't face many issues. When we upgraded our Cisco ISE, it was running on the 2.3 version. We upgraded it to 2.7, and we had some issues at that time. We upgraded directly to 2.7 patch 2, and most problems were solved.

My main focus is on the .1X access. We have another security team whose focus is on VPN access. I use Cisco ISE for TechX authentication and .1X authentication.

Cisco ISE saves us time. If you deploy any security features using Cisco ISE, you don't have other options not to automate it. Part of our Cisco ISE is integrated with the Cisco DNS center. The Cisco DNS center saves time in terms of configuration, integration, upgrading, and adding other switches to the fabric. You can deploy the features in Cisco ISE using manual techniques.

Cisco ISE was already deployed in my organization when I joined. However, I know that Cisco ISE replaced ACS.

I work in the banking industry. Our main concern is securing our network from either remote or on-site access. When you get physical access to the site and connect your device, you might risk the security of the network on purpose or unknowingly. Deploying Cisco ISE has helped improve the security of our organization.

Overall, I rate Cisco ISE a nine out of ten because I have a very good experience with the solution and hear the same from other vendors.

Right now we use Wireless.1X and TACACS for device management. It's in our wired network too, but only use it for MAC address bypass.

It has helped to consolidate tools and applications. Previously, we had Windows NPS in some places and then Cisco ACS in other places. Now, Cisco ISE is all I use. This consolidation hasn't had a whole lot of impact on our organization. It wasn't that big of a deal to begin with.

It works as a good RADIUS server. It has lots of features. It works with all the proprietary Cisco AB pairs and features.

It could be less monolithic. It's one huge application, and it does everything under the sun, so it's hard to deal with and upgrade and manage.

I've been using Cisco ISE for three or four years.

Overall, it's pretty stable.

It seems to be pretty good for what we're doing with it.

Cisco TAC support is hit or miss. It depends on who you got. I'd rate them a six out of ten.

Neutral

We didn't have any network access control. For the wireless, we had ACS, and some places used NPS from Windows.

We chose Cisco ISE because we have a Cisco network. It seemed like the obvious choice.

The initial setup was pretty easy, but trying to get all the switches to talk to ISE was pretty complex. It required a lot of configuration and learning, and we found a lot of bugs and issues along the way.

Initially, we took the help of Presidio. They were good. They knew a lot about it and helped us a lot. 

In terms of detection and remediation of threats, it wouldn't detect anything. If we integrated it with other products, it could cut certain clients off from the network, but we haven't gotten that far yet.

It hasn't helped to free up our IT staff. It has probably consumed more time.

I don't have a lot of familiarity with other products, so I'd rate it a six out of ten.