Cisco Identity Services Engine (ISE) Reviews

We use it for Cisco device TACACS authentication and .1X security. 

We have a better state of mind that we're secure, and we don't have unauthorized devices accessing the network. In a financial institution, we want to keep everything as secure as possible. We don't want anything plugged in.

It has helped to consolidate tools. We had arpwatch monitoring, which we no longer have to use, and then TACACS is securing the network. We didn't have a tool before, so that added a layer of security for us.

It has improved our cybersecurity resilience. We have authentication logging for everything that's authenticated or denied. We use a Splunk forwarder. We get notifications if something is denied for authentication. 

TACACS and .1X security are the most valuable features. TACACS acts for user control, so no one can authenticate to our network devices, and .1X is to validate that unauthorized devices are plugged into our network.

Its user interface could be better. It's not bad. They've just redesigned the whole user interface. It's not terribly difficult. The drop-down menus are easy to use. However, when you're looking for some things in the user interface, it takes a minute to find where you were prior.

I've been using Cisco ISE for a year.

Its stability is great.

Its scalability is also great. We have 350 users. 

Their support is excellent. I've opened two support tickets so far, and they were able to remediate the issue within a few hours.

It's fairly difficult. We have third-party support to assist with the setup.

Our setup is on-prem and virtual in Azure. 

It was a third-party support, not a reseller.

It's a very good tool for security. It's a lot of work to initially set up, but once it's set up, it's pretty easy to use.

It hasn't yet saved the time of our IT staff. It's still fairly new, so we haven't had much time to use the product fully. It has only been a year since we started using it, so it's still pretty new.

Overall, I'd rate Cisco ISE a nine out of ten.

We have been authenticating our company's employees and certifying that they are in compliance. We have to certify our employees in regards to compliance, having all the necessary protections in our infrastructure for their endpoints, notebooks, laptops, and mobile phones.

We have implemented it across the entire company in every area and department at every single level of our organization.

So far, it has been on-premises. We are still working to expand it to integrate with multiple cloud providers, like AWS.

We have become more reliable because we do not have any vulnerabilities coming into our network, which is important since a lot of employees are using their own endpoints to connect to our infrastructure.

Every other time that we have a new employee, we need to make sure they have been using the latest version of the solution in order to connect to our infrastructure.

We have made our company more secure. As an IT guy, I have gained more importance to my company.

It is more about the features related to Apex. This is part of the solution where we can deep dive into each employees' usage according to our infrastructure needs.

There are a lot of integrations available with multiple vendors. This has made the solution easier to work with.

We use the management platform, which makes it easy for our IT to access and manage. 

We have been working with it for about 10 years.

If you have someone taking care of it, it can be quite easy to manage the solution. Otherwise, if you don't look after it and take care of it day-to-day, then it will become more complex to run. However, if you have someone taking care of it, maintenance is not that difficult.

The scalability is good and quite easy to do. If you have the licenses, then anything is possible.

We worked with customers. The last one that we worked with had 10,000 licenses, i.e., 10,000 endpoints. We started working with the corporate office, then we replicate to the distribution centers.

As an IT integrator, it is quite easy to work with their technical support. We have the correct people to deploy it as well as receive good support from the Cisco Technical Assistance Center. I would rate the support as 10 out of 10.

Positive

We have been using ISE for a while. We didn't have another solution beforehand.

We had to do some labs beforehand, in order not to breach the environment. The deployment was not too complex.

When we work with customers, it takes four or five hours. We start with a specific environment, then we replicate to other areas.

We are a reseller. My professional services implemented it, which includes a tech lead, engineer, senior engineer, and project manager to work with the solution.

It is an easy solution to implement with the correct partner.

It is difficult to measure security breaches, but since we have not been attacked so far, it has paid for itself over the years.

We worked with Fortinet to look at their solution, but ISE was more reliable and had more integration with our product vendors. Also, it had a more affordable cost.

When compared with other vendors, like Forescout, for what we need, ISE has been more usable and accessible.

Learn about the solution, then evaluate what devices it would be implemented with. I would amalgamate the devices and their versions with a systems integrator or partner who already has experience and will try only to replicate it, not to reinvent the wheel.

Part of our journey is getting everybody connected to the infrastructure and trying to avoid any breaches. We don't want to be vulnerable.

I would rate the solution as 10 out of 10.

We use it as our complete NAC solution for both on the wire and wireless as well as guest wireless access and SGTs.

We have five hospitals. We have two service policy nodes at every hospital. We have a deployment at every hospital site.

We are a healthcare department. We deal with a lot of PHI so ISE is important. It is an integral part of keeping PHI safe.

The solution has helped with safety and keeping people who shouldn't be on our network off our network.

Cisco ISE works very well for establishing trust for every access request when it is deployed and running correctly. It is a great product. It does what it is supposed to do.

We know what is on our network because ISE is able to tell us.

The guest wireless works pretty smoothly. The SGTs came in very handy when we had to segregate traffic away from our network, even though it is part of our network. 

The SGT function would probably be the most used. This is mainly because we have a lot of vendors on our campuses but we need to keep them from seeing the traffic and being able to touch other areas of our network. Being able to use SGTs kind of keeps them in their own little lane away from us.

When it is deployed correctly, it is very helpful. It runs smoothly. It is just integrable to what we do.

I would definitely improve the deployment and maybe a little bit of the support. Our first exposure to ISE had a lot of issues. However, I have noticed as we have been implementing patches and upgrades that it has gotten a lot better.

I have been using it for about four years.

With patches and a little bit of babysitting, it is totally stable now.

It is easily scalable.

The technical support is phenomenal. I have called and opened up a ton of tech cases. Eventually, you get the right engineer who can solve all your problems. I would rate them as eight or nine out of 10. It has gotten a lot better. If someone asked me about support two or three years ago, I would have probably given them five out of 10.

Positive

We didn't use a solution before ISE.

We have seen ROI. It has done its job. It has protected us when we needed it to.

Make sure you have everything ready, including all your information. Make sure you know what you will profile and what will come on your network.

Get hardware nodes versus the VMs.

You definitely want resilience. You want to keep everything protected, especially in the day and age that we live in now. Information is power. Keeping our customers' and patients' information safe is our number one priority.

I would rate it as nine out of 10 because it has gotten better. I have seen it at its worst. Now, it is running a lot better. So, I have a better opinion of it than I did.

We use it for the identification of our devices, users, and wireless users.

Unauthenticated devices are not allowed on our network and that has been an improvement for our company. With Cisco ISE, we control the certificates of each device so that devices have internet access. The solution has eliminated trust from our network architecture.

The access policies, and all of the policies in Cisco ISE, are important to us.

The user interface could be more user-friendly.

I have been using Cisco ISE (Identity Services Engine) for about six years.

The stability has been perfect. Our company has been using it for more than 10 years and it's stable. It's really good.

The scalability is also good.

The customer service has been perfect.

Positive

We did not have a previous solution.

The pricing is fair. We have a base license and an OpEx license.

We looked at other solutions, but that was a long time ago.

I would recommend ISE to colleagues. We are happy with it and we want to use it in the cloud, next. Our on-prem devices go end-of-support in 2023 and we will try to use it on the cloud.

We use it for MAC Authentication Bypass, 802.1X authentication, and certification and validation against Active Directory. Because MAC devices can't be enrolled in the domain, we were doing a manual installation of certificates.

We are a very secure enterprise now because only our corporate endpoints can be authenticated on our wireless. Before, any device could be connected to our production network. And the corporate endpoints have antivirus and anti-malware. Things are more and more secure.

Authentication is the most valuable feature because it puts our company at another level of security. It establishes trust for every access because we use only corporate endpoints. If somebody has another device, they can't connect it to the enterprise network because we haven't implemented bring-your-own-device yet. We have five warehouse buildings and all our operations are around logistics and that means external people don't come to our buildings.

I have been using Cisco ISE (Identity Services Engine) for three years.

It's very stable.

It's expensive to scale Cisco ISE, but our situation is stable so we don't need to scale it for now. In the future, we will need a more scalable solution.

It is used for all our departments, all end-users, all corporate endpoints. And when we use MAC Authentication Bypass, we include printers and VIP cell phones.

Tech support is very good.

Positive

We didn't have a previous solution.

The deployment was a little complex, but not because of the solution. It was more an issue for our people because it was a mindset change.

It took us about six months to deploy. Because we didn't have a previous solution, we just deployed it one department at a time across our four departments.

We used an integrator, ITS Infocom. Experience-wise, it was very good. On our side, we had three people involved. 

Since implementing Cisco ISE, we haven't had any attacks against our application.

Pricing is not a problem for Cisco because it has a lot of features and not much competition, although it's more expensive than other products. But if I do a cost-benefit analysis, Cisco provides high quality.

We looked at Aruba. Cisco ISE is much better.

Be patient with the implementation. It can be very difficult for the clients, the people using it, because it requires a change of mindset.

The solution is used for controlled access in the network, like if you want to restrict access.

The solution is deployed on-prem. I am an integrator of this solution.

The best features are the scalability and the license structure. The license structure is like a tier. If a customer doesn't actually want the highest features, then they can just start with the basic license package and upgrade it if their network is growing. For the smaller customers, they can start with the smaller plans and so on. If you have a financial customer or banking customer, they can go for the full features, and if it's not that critical, the customer can get the basic license package and implement that.

The licensing documentation needs to be better. We found some old documents describing the license names, like the Base license and Apex license. Cisco used both names. We have found that they changed the Advantage license and Premier License. If someone misunderstands that, they might end up with a hassle. I don't know if it's possible or not for Cisco to remove the older documents from the official website.

We have been working with this solution for more than two years.

We were using two solutions on Cisco's network, so we had a few ISE plans in that network.

The solution is stable. We have maybe 4,000 users for the Next solution.

We haven't used technical support very much, but in general, Cisco's support is always responsive.

Initial setup was straightforward from our point of view because we have engineers who did that, so of course it was not an issue with us.

The accesses took maybe three or four months to complete, but the Next part took about three weeks.

For deployment and maintenance, the team was average sized. You need to follow the correct documents for deployment. There can be misunderstandings if you use old documentation.

The licensing is subscription-based and based on the user account.

I would rate this solution 8 out of 10. 

I would recommend this solution.

If someone is looking for a concrete solution to control the access, then ISE is a better solution.

We are resellers. We provide and deploy solutions for our customers.

Cisco ISE (Identity Services Engine) helps the operation to automate.

It works very well with the network, router, and switches. It is able to enforce the policy and assigns the traffic a Security Group tag.

A Google user is able to enforce access throughout the router and switches ensuring the traffic going through has the same policy.

When you push out the policy, it is able to populate the entire network at one time.

It's quite good, the market is using this solution.

This solution has enhanced features that make it difficult to use. To make it easier, it should be made without PxGrid.

It should be able to work with third-party routers and switches. We want to work in an environment where there are multi-vendors that require PxGrid.

Their software-defined access is not easy to implement. You have to have a good understanding of how to implement it. It would be helpful if they could make it easier for the customer to adopt.

Third-party integration is important, as well as the continuous adaptation feature, which is the AIOps. It would be helpful to include the AIOps.

They are currently on version 3.1.

If the customer has more than 200,000 users, the performance becomes a bit laggy.

In terms of scalability, it's available on the cloud, but I have not yet tested the features on the cloud.

It is used mainly by our customers, who use it for their entire infrastructure. They have anywhere from 50,000 to 100,000 users.

Technical support could be better. They outsource the support.

We are brought all around the world, it is similar to following the sun.

Currently, I am using SD-WAN (Software-Defined WAN) from Silver Peak.

To complete the installation, you need to be technically knowledgeable. The setup could be easier.

For the content, and the technologies it is made to be a bit more complex. 

The technology is good, but to use some of the other features, and capabilities, they request that we purchase the Cisco DNA Center. As a result, the bundled price is a little high.

Once you purchase the DNA, you will need the SNA then the license, overall it's very expensive.

If, however, you implement Cisco ISE without the DNA and the SDA, the price is reasonable.

To avoid running into any complications when getting this solution up and running, you should get technically trained and comfortable with it before applying it.

I would rate Cisco ISE (Identity Services Engine) a seven out of ten.

I am not certain if I am using the latest version. It is the one which is made for TV. 

We use the solution to access control. Prior to any device being authenticated on the network, a person must login to the solution's site for authentication purposes. 

While the solution has a host of features, we only use the one involving access control. 

We are looking into further uses for it. My aim is to deploy it across all three of our sites and not just one. 

There is much room for improvement, especially after having perused the documentation on the solution's website. 

The solution lacks properly knowledgeable support, especially internationally, and this is why I am exploring other applications. 

I would need time to expand my knowledge of the solution and consult with the Cisco engineers before I could point to other pain points. 

I have been using Cisco ISE (Identity Services Engine) since 2015. 

So far, we have had no issues with the stability. 

There should be more knowledgeable support, particularly in the international sphere. 

I have no doubt that we will get there. They contacted me yesterday, which makes it likely that by weeks-end we should be able to build a structure and do many things with the solution. This would allow me to know where I am standing, explore further and even examine the possibility of implementing some of Cisco's other features. 

We did not use other solutions prior to the current one and will likely not explore others in the future. The current one should be fine. 

The installation was straightforward, although it will likely involve a more complex implementation in the future.

As the previous installation was not complex, it did not take long. 

I believe I have paid around $1,000 in licensing fees. The license is annual. 

We did not really explore other options prior to using the solution. We considered Fortigate, but found it to not be very straightforward, which is why we decided to go with the current solution. 

While we have focused on the access control aspects of the solution, the documentation demonstrates that it has many more features, so I would like to explore it further. 

We are customers of Cisco. 

At the moment, we have around 250 users making use of the solution. 

I rate Cisco ISE (Identity Services Engine) as a five out of ten. This is because I wish to explore further any additional features that can add value to our organization, especially on the IT security side.