Try our new research platform with insights from 80,000+ expert users

Cisco Identity Services Engine (ISE) vs Cisco Vulnerability Management (formerly Kenna.VM) comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Identity Services Eng...
Ranking in Cisco Security Portfolio
1st
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
143
Ranking in other categories
Network Access Control (NAC) (1st)
Cisco Vulnerability Managem...
Ranking in Cisco Security Portfolio
11th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
1
Ranking in other categories
Risk-Based Vulnerability Management (17th)
 

Mindshare comparison

As of July 2025, in the Cisco Security Portfolio category, the mindshare of Cisco Identity Services Engine (ISE) is 22.1%, up from 19.3% compared to the previous year. The mindshare of Cisco Vulnerability Management (formerly Kenna.VM) is 1.7%, up from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cisco Security Portfolio
 

Featured Reviews

SunilkumarNaganuri - PeerSpot reviewer
Enhanced device administration hindered by complex deployment and security limitations
Cisco Identity Services Engine (ISE) needs to improve the profiling preauthentication. They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases. This will give them a roadmap for software-defined access (SDA) use cases and network segmentation. Threat detection capabilities are very weak. Additionally, the product is vulnerable and has many bugs.
AshishPaliwal - PeerSpot reviewer
Offers contextual prioritization and risk-based remediation of vulnerability
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment? There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends. I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It provides client provisions and profiling as well as guest access."
"I found the CMDB Direct Connect in Cisco ISE 3.2 the most promising feature for my use case."
"The core point is that Cisco ISE is the same globally compared to FortiAuthenticator. Whether I deploy in China, the US, South Africa, or wherever, I'm can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability."
"I like the guest access feature, which has been important for us."
"Cisco ISE's profiling and posturing features ensure that all devices are compliant with regulatory authorities."
"For me, the TACACS feature is the most valuable. I have also used Cisco ISE with LDAP, not with Active Directory. That works for me because I prefer LDAP versus Active Directory."
"The RADIUS Server holds the most value."
"When we use ISE, one of the helpful things is that I can go through the dashboard and get every step along the way of how a device was authenticated. If it's failing, why did it fail? Why is it unauthorized? If there's an error, what is the error and how can I fix that error? If it's something that, if they should be passing, why are they failing?"
"The risk context of any vulnerability is a valuable feature."
 

Cons

"I would like to see them simplify the dashboard. It's very configurable, but, at the same time, it's not easy to maneuver through it. They should "Merakify" it."
"It is a good product, but in order to use all of the functions of the product, you must have a good understanding of the product. You must know how to use and manage it. It is a little bit complicated to configure and manage. It must be simplified to make it easy to manage for end users. In the initial stage, we found ISE complicated for end users. It was not easy to manage it or to write authentication and authorization protocol. They must improve its management and make it easy for end users. The monitoring and reporting capabilities can be improved because end users want to quickly see what is happening in their network. There were some restrictions in working with other vendors. It should also have a better and easy integration with other vendors."
"In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support."
"Segmentation can be improved."
"ISE is a little clunky. The front-end feels like it is from the 1980s."
"Some of ISE's features need to be more agile. For example, we couldn't integrate our data because Cisco needs your data to be in its own format."
"It would be helpful for us to know what needs to be deployed, configured, and what changes we need to make to our devices when we don't receive the specific login which is an indication of a lack of connection or incorrect configuration."
"Cisco ISE has almost all the features we are looking for now, but sometimes the configuration, such as the conditions, is a little difficult to understand and not so easy to navigate."
"An improvement would be some sort of an integration with any GRC suite."
 

Pricing and Cost Advice

"It's damn expensive and the licensing is terrible... If you have perpetual licenses on 2.7 and you upgrade to 3, you are forced to go with Essentials. That is one of the issues that I'm seeing with my clients now."
"Cisco has actually transitioned to a lot of subscription models, fees, and licenses."
"The Essentials licensing is reasonable, but I would like the Premier version to be perpetual instead of a subscription."
"Cisco is expensive, but it's the cost for all the functions and value it brings. Functions like internet solutions, integrations, security, and many more features are important, but it's expensive for some clients."
"Its licensing could be improved. It used to be perpetual, but now they are moving away from that."
"The price is okay."
"Licensing has got much simpler since Cisco moved to the DNA model because we just have the three tiers, but it could always stand to be improved upon."
"Pricing and licensing are not my expertise. As far as budgeting is concerned, we run an ELA with Cisco. It's a part of our ELA."
"I think the pricing is based on the number of endpoints, so it's more subscription-based."
report
Use our free recommendation engine to learn which Cisco Security Portfolio solutions are best for your needs.
860,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Educational Organization
15%
Financial Services Firm
9%
Government
8%
Computer Software Company
21%
Financial Services Firm
15%
Retailer
10%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?
Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...
What are the main differences between Cisco ISE and Forescout Platform?
OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...
How does Cisco ISE compare with Fortinet FortiNAC?
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...
Ask a question
Earn 20 points
 

Also Known As

Cisco ISE
Kenna.VM, Kenna Security, Kenna, Kenna Security Platform
 

Overview

 

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
TransUnion
Find out what your peers are saying about Cisco and others in Cisco Security Portfolio. Updated: June 2025.
860,168 professionals have used our research since 2012.