Cisco Identity Services Engine (ISE) Reviews

We use this solution to protect the network especially when someone brings their own device and to lock out access to anybody connecting to the network. Also to make sure that the people connect to the correct VLAN. So, mainly for security wifi access so that when people want to connect to our wifi they have to log in using their credentials.

We give guests limited access to the internet when they come in so that access has been useful. Previously, we just used to give them the APN key which they would leave with. Now, we give them credentials to use that are for a limited period of time.

It is stable. Any time we found an issue we would get in touch with the reseller to help fix it. Then they tell us where the problem is and we'll know where to look. 

It is scalable. We have around 350 users. We required two staff members for maintenance but they don't have enough knowledge so we have to reach out externally for more help. 

Their technical support has been good. They have been responsive every time we have an issue. They get logs, check and then give us feedback of which corrections to do.

The initial setup was complex. We had to engage an expert. When we rolled it out we would find challenges and then we would have to find a way of fixing those challenges. Out of  nowhere, it would lock out all users. Then we discovered that no, the password had expired for the service account. We needed to make it none expiry.

Deployment took about a month. We had to do project planning, discuss the plan with the team, and by the end, it was a month.

We used a reseller for the implementation and we had a good experience with them. 

If you go directly with Cisco for the implementation it's very, very expensive.

We also looked at Aruba.

It's a good product but it requires technical support and knowledge otherwise it will be difficult to manage and run it. It requires somebody to be configuring issues. You need protection as you advance in the usage but it's a good product. 

I would rate this solution an eight out of ten. In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support.

We primarily use the solution for network access control solution and network device access management. The solution comes with features like posturing.

The valuable feature of the solution lies in its integration capabilities with other applications. This facilitates seamless operations like Microsoft migration across networks and call center management. The ability to segregate multiple domain users in the Access Network ensures efficient, logical management.

The tracking mechanism in Cisco ISE is relatively costly, especially its vendor-specific protocol. It would be beneficial if it could support open source or other devices with a similar checking mechanism, but unfortunately, it remains proprietary.

I have been working with the solution for the past five years.

The solution is highly-stable. I rate it a perfect ten.

The solution is scalable. We have three users for the Cisco ISE.

Their customer service and support is excellent.

Positive

The setup is straightforward. Effective planning is crucial for the setup of Cisco ISE. Placement of the virtual solution requires careful consideration of network accessibility from all branches. Different components may need placement in various areas in a large network. So, thoughtful planning for the architecture is important. It takes around two days for the deployment.

Previously, Cisco ISE had a perpetual licensing model, but now they have shifted to a subscription-based licensing system. We now have to pay recurring costs. This change in the pricing model has presented challenges for many customers accustomed to the simplicity of the previous licensing model.

I recommend this solution to all. Overall, I rate it a perfect 10.

We use it for Cisco device TACACS authentication and .1X security. 

We have a better state of mind that we're secure, and we don't have unauthorized devices accessing the network. In a financial institution, we want to keep everything as secure as possible. We don't want anything plugged in.

It has helped to consolidate tools. We had arpwatch monitoring, which we no longer have to use, and then TACACS is securing the network. We didn't have a tool before, so that added a layer of security for us.

It has improved our cybersecurity resilience. We have authentication logging for everything that's authenticated or denied. We use a Splunk forwarder. We get notifications if something is denied for authentication. 

TACACS and .1X security are the most valuable features. TACACS acts for user control, so no one can authenticate to our network devices, and .1X is to validate that unauthorized devices are plugged into our network.

Its user interface could be better. It's not bad. They've just redesigned the whole user interface. It's not terribly difficult. The drop-down menus are easy to use. However, when you're looking for some things in the user interface, it takes a minute to find where you were prior.

I've been using Cisco ISE for a year.

Its stability is great.

Its scalability is also great. We have 350 users. 

Their support is excellent. I've opened two support tickets so far, and they were able to remediate the issue within a few hours.

It's fairly difficult. We have third-party support to assist with the setup.

Our setup is on-prem and virtual in Azure. 

It was a third-party support, not a reseller.

It's a very good tool for security. It's a lot of work to initially set up, but once it's set up, it's pretty easy to use.

It hasn't yet saved the time of our IT staff. It's still fairly new, so we haven't had much time to use the product fully. It has only been a year since we started using it, so it's still pretty new.

Overall, I'd rate Cisco ISE a nine out of ten.

We use it for our AAA authentication through Active Directory. We also use it a lot to verify command line history.

We have ISE in the data center environment with redundancy, and we use it for authentication for all our devices. We have access to our third-party vendors, and for the new projects, we all use ISE. It's an awesome enterprise product for on-premises or for cloud-based deployments.

The integration of ISE with Active Directory has really been a big plus for us.

I've found two features to be the most valuable. One would be AAA reporting for historical analysis, showing what's been done and by whom. The second is the log for failures on Active Directory logins.

If I were to assess Cisco ISE for establishing trust for every access request, I would give it an eight or nine on a scale from one to ten.

Cybersecurity resilience has been very important to our organization and has been a big factor. We've had issues in the past, but one of the things I like about ISE is its logging features. Security-wise or information-wise, it really has been a powerful tool.

My impression of Cisco ISE for helping to support an organization across a distributed network is that it's invaluable. It's a monster tool; we don't even touch on all the features that it offers, but the few that we do use are extremely strong and very user-friendly.

On the network services devices, when you click on filter, the filter comes up. However, when I search and want to click on something it defaults back to the main page. I keep having an issue with that, and I'm not doing anything wrong.

I've been using Cisco ISE (Identity Services Engine) for about six to seven years.

I've had no issues with stability.

We've actually scaled before and have never had an issue.

I've used technical support only once and would give them an eight out of ten.

Positive

We previously used ACS.

The return on investment we have seen is related to time in terms of troubleshooting. The logs, such as the security logs, inform us of the issues that people have had. ISE has been very instrumental in helping isolate those issues. We've seen a lot of cost savings because we don't have to pay an IT person to waste time doing something that should be instantaneous.

If you are a leader who wants to build more resilience within your organization, I would advise you to follow what they're doing at ISE.

If you're evaluating Cisco ISE, do an apples-to-apples comparison. There are a lot of features, and ISE is a monster. If you use it the right way, I think that no other product will compare to it.

We use it for network device administration and for user access.

It has really helped us when it comes to security. It has eliminated trust from our network architecture because, with the solution in place, you tell us who you are and, based on who you are, we give you access. The solution provides us with a platform to define our policies. Users get into our system based on those policies. That eliminates threats. If you are not who you say you are, it will block you completely from our network.

It integrates with the rest of our platform, like our firewall, and helps us a lot. It also does a good job establishing trust for every access request.

With the recent release of the solution, we had a bunch of bugs and we had to delay our deployment. Other than that, the solution is good.

I have been using Cisco ISE (Identity Services Engine) for 10 years.

Cisco ISE has come a long way when it comes to stability. It's getting better.

It's very scalable. We have it deployed in two data centers, and we're managing about 10,000 endpoints.

TAC is very responsive whenever we call them.

Positive

Currently we have two solutions that do the same kinds of things. For our wireless infrastructure, we use Aruba, but for our wired access, we use ISE.

The ROI we have seen is because Cisco gives us what they promised us. They deliver. Our requirements are being met and that results in getting value for what we pay.

Since we have a complete Cisco portfolio, including an Enterprise Agreement, it's not simple for me to compare what we're paying with the prices of other platforms.

We evaluated other companies and what they each do differently and looked at what was the better fit for our requirements.

Cisco TAC is really good. Whenever we have issues, we know they are there and that they will help us out with troubleshooting. The support of the other companies we looked at is not that great.

When I compare it with Aruba ClearPass and other solutions out there, I prefer Cisco. Cisco is number-one for user access, managing devices, and for network devices.

We don't leverage Cisco ISE for application access. We have another solution for that.

Get some hands-on familiarity with it first. Do a PoC and get people who really know the solution to help you out during phase one before you deploy it.

We're using version 3.1, which is very stable. There have been a lot of improvements.

I like the automation of the collection of information.

We have only been deploying this version for three months. We haven’t had any issues, but we'll see how it goes. One of the issues that we used to have was with profiling because we're working with a service provider that uses a lot of bring your own devices. We haven't had any issues since we started using version 3.1.

I have been using this solution for over 12 years.

There are no stability issues with version 3.1.

It's stable. We deployed with a client in petroleum with about 200 users worldwide, and it was stable.

Setup wasn't easy, especially if you haven’t worked with it intensively. VM is a little bit easier. If you don't deploy ISE with correct policies, it will be difficult.

If you deploy it with the correct policies, it's a wonderful product. You don't need to attach anything like your firewalls or creating rules.

ISE has always been expensive compared to other products in terms of what it does on a user level. I haven't had a client who didn't say that ISE wasn't expensive. I’ve had an issue where I was just selling four boxes, and it was four million. It was a high-end box, and the client didn't take it. They end up going with VM.

I would rate this solution 9 out of 10.

It's one of the more difficult products to deploy.

You can learn a lot about ISE from their training videos. I would suggest watching the videos before deploying the solution. They have created good videos for ISE, from version 1.3.

We primarily use the solution for user authentication and wireless segmentation of users for actual radius purposes.

The actual radius is the most valuable aspect of the solution. We need to have a centric solution either on MarTech X and for the wireless user authentication. We were mainly on Cisco and we continue to use them. However, this is the time period for a refresh as the five-year lifespan is completed. We may look for other options.

Technical support is okay.

The solution is not so user-friendly. It's very difficult to navigate through different manuals. The documentation should be simplified so that it is easier to understand.

It would take time for a beginner to understand and familiarize themselves with the solution. There's a bit of a learning curve.

Cisco ISE is not very stable. They could work on that aspect. 

We'd like the pricing to be better.

The product is not easily scalable.

Currently, if you want to do something with authentication, you need to have an additional document agent, however, these are short on all Microsoft endpoints. We then need to come up with some alternate options so that I don't have to modify any native applications on it. By default, Windows should be able to support and onboard the devices. Right now I need to have a Cisco AnyConnect as an agent to be deployed for authentication.

I've been using the solution for over five years at this point. It's been a while.

The stability of the solution needs to be improved. It's not ideal. It's lacking overall. If we have five or six items activated, the box shakes and we're scared to touch anything. When we do have to reconfigure things, it's a nightmare as it can go down and it can take us a day or two to sort things out.

In terms of scalability, it needs to be reactivated, which means that I need to add more nodes. It's got its own design limitations. We had only a two-node deployment in it. We need to add more hardware and we need to reduce so many things. It's not an easy option to scale this hardware. Scaling, in general, is very difficult.

We have roughly 9,000 users on this product currently.

Technical support is fine. However, we may need to depend on support to resolve some of our many issues. We need to spend an enormous amount of time with them and to explain so much stuff. It would be easier if we could troubleshoot the issue ourselves or if the solution was more reliable.

I don't know about other alternative products. I don't have any experience with other alternative products. I've only ever used Cisco ISE.

The solution's initial setup can be a bit complex as there are so many features that are available. It all depends, however, upon which one you want to activate. In our case, we have five or six activated and the box always shakes. It's not stable. So my colleagues are always afraid to touch the box. If it is working well and good, you don't touch it, and we don't reconfigure it. In cases where we encounter any issues, it's a nightmare and we need to spend a minimum of twenty-four to forty-eight hours to recover everything.

We pay a fee based on a subscription model.

The pricing could always be better.

I've been looking at evaluating Aruba's Clearpass as a potential replacement option for this solution. I haven't gotten too far into my research, however. I'm looking for a solution that's scalable and easy to use.

My advice to Cisco would be to simplify as much as possible so that a normal IT guy can understand the CCD and set it up. If they can simplify the manuals, navigation, and documentation, it would be nice. It will always be difficult for a beginner, however, to, rearrange or design the network.

I would rate the solution five out of ten.

We use it for Community WiFi and TACACS authentication. It is service provider authentication, both for the core infrastructure and Community WiFi.

We were looking to solve captive portal and centralized authentication with Cisco ISE.

It has allowed us to pull in multiple authentication databases, then centralize them into a captive portal system.

It is important for our organization that the solution considers all resources to be external. It treats them with minimum trust.

Integration is a big factor. That has really been the driving force behind it.

Documentation is probably the worst part of the software.

I have been using it for about five years.

It is very stable. I would rate the stability as 10 out of 10.

We don't use its scalability. I would rate it as five out of 10.

The technical support is good. I would rate them as six out of 10.

Neutral

We previously used an open-source solution. We switched for vendor support and scalability.

We don't monetize this solution.

It is fair.

We did not evaluate other options.

It is worth checking out the integration that it provides. It is a strong platform.

Cybersecurity resilience has not been that important for our organization.

I would rate ISE as eight out of 10. It does exactly what it is supposed to do without much issue.