Cisco Identity Services Engine (ISE) Reviews

My clients are small to enterprise-size companies using this networking solution. One of my clients is a leading pharmaceutical manufacturing company, providing genetic medicine. The network they have has approximately 5,000 device inventory. Additionally, I have a couple of clients in the banking industry in the USA that has quite a large networking infrastructure using this solution.

The most valuable features are the NAC and the bundles that are available with Cisco ISE, such as Cisco ACS being integrated.

The solution infrastructure configuration is complicated to set up. They have improved over the years but there is still a lot of room to improve. When comparing the simplicity to other vendors, such as Fortinet and Aruba they are behind.

I have been using this solution for approximately three years.

The solution is stable.

Cisco's support system is very good and they are well known for it.

I am also using FortiNAC and it is similar to Cisco ISE. However, Cisco is spread across the globe with bigger clients, large enterprises. FortiNAC is not as mature, but they are still working their way up in the market

The price of the solution is price fair for the features you receive.

I have evaluated other solutions from Aruba and Fortinet.

I rate Cisco ISE (Identity Services Engine) a seven out of ten.

One of the use cases was the certificate-based authentication for the endpoints. All the laptops and mobiles are embedded with certificates and once they get authenticated, then only they would be able to connect to the LAN. 

The other use case was the NAC use case wherein the integrity of the laptops and mobile and such were checked before the scan. They fulfill the policy requirements and then they are able to connect to the network.

The third use case was the consolidated access control management for all the network devices and security devices. 

It's flexible and stable. It's been good as a standard environment to run.

It was implemented in my last organization and we used it for three years. We are evaluating and will be implementing it in a couple of months at my current organization. 

It is stable and scalable. We have 5,000 to 6,000 users. 

Technical support is good because the partner is quite competent so we have all the support that is required.

The initial setup was a little bit complex. It's not that simple because it requires a lot of prerequisites for the solution to get a hold on. So the prerequisites and then onboarding all this like the landscape of endpoints was quite tedious. That was no surprise, because this is something which would be with other products as well. It took a long time for the implementation, but it's been rock stable now.

The deployment took six to seven months. 

We had consultants and we had a partner for the deployment. The system integrator was involved with the roll out.

The management part is much smoother. It takes care of all the costs across branded devices as well, so that it is a single panel we can manage all the end-to-end entry devices as well. That's something would be really good for Cisco ISE product.

I would recommend Cisco ISE. I would rate it an eight out of ten. I would like it to be more stable. 

I am not certain if I am using the latest version. It is the one which is made for TV. 

We use the solution to access control. Prior to any device being authenticated on the network, a person must login to the solution's site for authentication purposes. 

While the solution has a host of features, we only use the one involving access control. 

We are looking into further uses for it. My aim is to deploy it across all three of our sites and not just one. 

There is much room for improvement, especially after having perused the documentation on the solution's website. 

The solution lacks properly knowledgeable support, especially internationally, and this is why I am exploring other applications. 

I would need time to expand my knowledge of the solution and consult with the Cisco engineers before I could point to other pain points. 

I have been using Cisco ISE (Identity Services Engine) since 2015. 

So far, we have had no issues with the stability. 

There should be more knowledgeable support, particularly in the international sphere. 

I have no doubt that we will get there. They contacted me yesterday, which makes it likely that by weeks-end we should be able to build a structure and do many things with the solution. This would allow me to know where I am standing, explore further and even examine the possibility of implementing some of Cisco's other features. 

We did not use other solutions prior to the current one and will likely not explore others in the future. The current one should be fine. 

The installation was straightforward, although it will likely involve a more complex implementation in the future.

As the previous installation was not complex, it did not take long. 

I believe I have paid around $1,000 in licensing fees. The license is annual. 

We did not really explore other options prior to using the solution. We considered Fortigate, but found it to not be very straightforward, which is why we decided to go with the current solution. 

While we have focused on the access control aspects of the solution, the documentation demonstrates that it has many more features, so I would like to explore it further. 

We are customers of Cisco. 

At the moment, we have around 250 users making use of the solution. 

I rate Cisco ISE (Identity Services Engine) as a five out of ten. This is because I wish to explore further any additional features that can add value to our organization, especially on the IT security side. 

The company implemented the solution to keep track of wired and wireless devices.

One of the most important features is the authentication security for the individual connection to the network through their computer or laptop. The solution is very complete overall.

There should be better documentation on the implementation of the solution. I learned how to implement it from watching videos. I felt the documentation was too complicated and I also learn better from watching videos.

In my experience, there needs to be better documentation for firewall integration as well, we had some trouble early on.

I have been using the solution over the last year.

A co-worker of mine had some issues with the solution crashing unexpectantly or some processes went down. 

We are using the solution with around 200 people and we had no problems with scalability. Most of our clients are small businesses.

The customer server was great but it would have been better for me if they had support in other languages such as Spanish. It was difficult for me to communicate in English.

The setup was easy for this solution.

We implemented the solution.

There are other cheaper options available.

We did evaluate Aruba ClearPass before the client picked Cisco ISE. I had suggested ClearPass because it was cheaper but the client decided to go with Cisco regardless.

Our clients and my company plan to continue the use of the solution in the future.

I rate Cisco ISE (Identity Services Engine) a ten out of ten.

We use it to ensure that any device that connects to our network or wireless environment is a company-owned asset and has all the security certificates. We aren't doing too much remediation. We just identify whether it's one of our assets and whether it's allowed.

In our company, we have a lot of remote workers. Knowing that even devices that are coming through a VPN comply with our policies, whether they're in the office or they're remote, face the same level of scrutiny is a benefit to our company.

We can set as in-depth alerts as we want to. We can set up an alert through email, text, etc.

It has helped to improve our cybersecurity resilience. It helps to ensure that all devices meet the patching and certificate requirements.

It's keeping our company safe from rogue devices connecting to our network. From a security standpoint, there's peace of mind knowing that every device that connects is a good one.

The upgrades could be better. Every time we try to do an upgrade, we have problems. It's a pain.

I've only been with the company for six months, but they adopted Cisco ISE about three to five years ago.

Support has always been good. Overall, I'd rate them an eight out of ten. Sometimes it feels that their first-level support hasn't been trained in-depth.

Positive

We have redundant solutions across all of our data centers, policy nodes, and authentication nodes. As far as I know, we started off in a small deployment with our wireless. We profiled our devices to ensure that they belonged to our companies before we let them access, and then from there, we expanded into profiling wired ports as well, so we started very small and then moved to a larger solution.

In terms of our plans to increase its usage, we may use Cisco ISE in different ways, but the number of nodes that we have will probably stay the same. With version 2, we're moving more of our deployment to the cloud, so we'll move from the on-premise solution to the cloud. We've already started the process. We have some nodes built in the cloud, and we just have to move the production and then remove our on-prem. We're using Oracle Cloud for our highest deployments. It will be fully cloud.

We've seen a return on investment from the security aspect.

I'd advise starting just the way we did. Start small because there are a lot of use cases of Cisco ISE. If you try to do it all at once, you might be disappointed, so start small and pick an area that you'd like to focus on, get that piece done, and then go from there. 

It hasn't really helped to free up our IT staff for other projects. It also hasn't helped us consolidate any tools. 

Overall, I'd rate Cisco ISE an eight out of ten.

We use it for the TACACS authentication, for administrator login to network devices, and the RADIUS service for VPN and wireless authentication.

Initially, we were looking for a single sign-on for administrators to log in to every network device, but we also wanted a good way to control remote user access for logging in. Later we started using it for VPN and wireless.

It gives us a better way to authenticate users. It helps us identify a user with their device to establish trust. When a remote user is trying to access network resources, we need to find out who they are and where they want to go and make an appropriate decision about where they can and cannot go.

Resilience in cyber security is very important. Without security, nothing else can happen.

The TACACS and RADIUS have been the most valuable features so far.

Cisco ISE has almost all the features we are looking for now, but sometimes the configuration, such as the conditions, is a little difficult to understand and not so easy to navigate.

I have been using Cisco ISE (Identity Services Engine) for a few years.

It is stable.

They have resolved my issues, but sometimes they have been slow.

Positive

We used to use Cisco ACS and that evolved to Cisco ISE.

The initial deployment was not a process that was easy to understand. But after I completed it, looking back, I see it was reasonable. It's just hard to understand upfront. There is a steep learning curve.

I did the migration too late, so I couldn't do a direct migration and that meant I had to kind of rebuild it.

Security is something we need, but I don't think that there is a return on investment. It causes more delays to the regular workflow.

The Essentials licensing is reasonable, but I would like the Premier version to be perpetual instead of a subscription.

An idea we are looking into is associating it with the MAC address table, so that approved devices can log in to the more restricted network.

My advice is to attend training before going for it. Otherwise, it will not be easy to understand. Each product, from ACS to ISE, does similar things, but they do them in different ways.

I rate Cisco ISE a nine out of 10. If it could become a little bit easier to understand that would help.

We are a partner with Cisco and am a part of an information security team that uses Cisco to provide security policy management via network, device and wireless access. 

Cisco offers automation, visibility, and control as well as third party integration capabilities.

I would like for the next release to be easier to implement and to limit its dependencies around ISE, Windows, the network as a whole, etc.

I have been using Cisco ISE for over six years.

This is a very stable solution with many integrations.

Cisco's scalability depends on the design - small deployments are not scalable.

Cisco support is good.

This solution is a bit more complex to set up than in comparison to other options - it can take anywhere from two to five months depending on the use case.

The price for Cisco ISE itself is very low, however, Cisco professional services are quite expensive. Subscription amount is dependent on number of users.

We looked at Forescout which is more user-friendly but they have a very vulnerable network.

This is a good solution for security teams. If you do not have a security team, I would not recommend this product. 

Overall, I would rate Cisco a seven out of ten.

Our use cases are based around dot1x. Basically wired and wireless authentication, authorization, and accounting. 

In terms of administration, only our networking team uses this solution. Probably five to ten administrators manage the whole product. Their role pretty much is to make sure that we configure the use cases that we use ISE for — pretty much for authenticating users to the wired and wireless networks. We might have certain other advanced use cases depending on certain other business requirements, but their job is pretty much to make sure all the use cases work. If there are issues, if users are complaining, they log into ISE to troubleshoot those issues and have a look at the logs. They basically expand ISE to the rest of the network. There is ongoing activity there as well. The usage is administrative in nature, making sure the configurations are okay, deploying new use cases, and troubleshooting issues.

This solution has definitely improved the way our organization functions.

In terms of features, I think they've done a lot of improvement on the graphical user interface — it looks really good right now. ISE is always very complicated to deploy because it's GUI-based. So they came up with this feature called work centers, that kind of streamlines that process. That's a good feature in the product right now.

An issue with the product is it tends to have a lot of bugs whenever they release a new release.

We've always found ourselves battling out one bug or another. I think, overall they need to form a quality assurance standpoint. ISE has always had this issue with bugs. Even if you go to a Cisco website and you type all the bug releases for ISE, you'll find a lot of bugs. Because the product is kind of intrusive, right? It's in the network. Whenever you have a bug, if something doesn't work, that always creates a lot of noise. I would say that the biggest issue we're having is with all the product bugs.

Also, the graphical user interface is very heavy. By heavy, I mean it's quite fancy. It's equipped with a lot of features and animations that sometimes slow down the user interface.

It's a technical product — I don't think a lot of engineers really need fancy GUIs. We pretty much look for functionality, but I think Cisco, for some reason, is putting an emphasis on its GUIs looking better. We always look for functionality over fancy features.

We've had issues with different browsers, and sometimes it's really slow. From a functionality standpoint, we would rather the GUI was light and faster to navigate.

ISE has a very good logging capability but because their GUI is so slow, we feel it's not as flexible or user-friendly as we would like it to be, especially when it comes to monitoring and logging. At the end of the day, we're implementing ISE for security. And that means visibility.

Of course, you can export the data into other products to get that visibility, but we would like to have a better type of monitoring, maybe better dashboards, and better analytics capabilities within the product.

Analytics is one thing that's really lacking. Even if you're to extract a report, it just takes a lot of time. So, again, that comes down to product design, but that's definitely an area for improvement. I think it does the job well, but they can definitely improve on the monitoring and analytics side.

I have been using this solution since they released the first version over ten years ago.

Scalability is pretty good, provided that you design it properly from the get-go. There are design limitations, depending on the platforms, especially the hardware platforms that you select. On the scalability front, it's not a product that can be virtualized very well — that's an issue. Because in the world of virtualization, customers are always looking for products that they can put in their virtual environments. But ISE is not a truly virtualized product, as in it doesn't do a lot of resource sharing.

As a result, it's not truly virtualized. Although they do have the VM offering, it's not virtualization in the proper sense of the word. That's one limitation of the product. It's very resource-intensive. As a result, you always end up purchasing additional hardware, actual ISE physical servers. Whereas, we would like to have it deployed in virtual machines if it was better designed. I think when it comes to resource utilization, it probably isn't optimized very well. Ideally, we would like to have a better-virtualized platform.

Tech support tends to be pretty good for ISE. We do use it extensively because of all of the bugs we encounter. 

Mostly it's at the beginning of setting the whole environment up. Typically, once it's set up properly, it tends to work. But it's just that the product itself integrates with a lot of other products in the network. It integrates with your switches, with your APs, etc. So, it's a part of an ecosystem. What happens is, if those products experience bugs, then it kind of affects the overall ISE solution as well — that is a bit of a dependency. The ISE use cases are dependent on your network access devices, but that's just the nature of it. The only issue with support is you might have to open a ticket with the ISE team, but if you're looking at issues in your wireless network or switches, you might have to open another ticket with their tech team for switches. 

For customers using Cisco, end-to-end, they should improve the integration and providing a seamless experience to the customer. But right now, they have to refer to other experts. They come in the call, but the whole process just takes some time.

That's an area that they can improve on. But typically, I would say that the support has been good. We've been able to resolve issues. They are responsive. They've been good.

Overall, I would give the support a rating of eight.

The setup is not straightforward. It's complex. You need to have a high level of expertise.

It's an expensive solution when compared to other vendors. It's definitely more expensive than ClearPass. It's expensive, but the issue, again, comes down to scalability. Because you can't virtualize the product, there's a lot of investment when it comes to your hardware resources. Your CapEx is one of the biggest issues here. That's something Cisco needs to improve because organizations are looking at reducing their hardware footprint. It's unfortunate that ISE is such a resource-intensive application to begin with. As it's not a properly virtualized application, you need to rely on physical hardware to get the best performance.

The CapEx cost is high. When it comes to operational expenditure, it all depends on the features you're using. They have their tiers, and it all depends on the features you're using. The basic tier, which is where most of the functionality is, is relatively quite cheap. But if you're using some advanced use cases, you need to go to their higher tiers. So, I'm not too worried about operations costs. You need to buy support for the hardware: you need space, power, and cooling for the hardware-side. All of that adds up. So, that all comes down to the product design and they need to make sure it's properly scalable and it's truly virtualized going forward.

We've evaluated other products, for example, Aruba ClearPass. There's another product, Forescout, but the use case is a bit different.

When it comes to dot1x authentication, I think it's ISE and Aruba ClearPass. Forescout also comes into the next space, but the use case is a bit different.

We prefer ISE because, I think if you're using Cisco devices, it really kind of integrates your ecosystem — that's why we prefer ISE. When it comes to NAC or dot1x products, from a feature standpoint, ISE has had that development now for 10 to 11 years. So, we've seen the product mature over time. And right now it's a pretty stable and functional product. It has a lot of features as well. So, I think the decision is mainly kind of driven by the fact that the rest of the ecosystem is Cisco as well. From a uniform figure standpoint, the other product is probably the industry leader at this point in time for network admission control.

The main advice would be in terms of upfront design — this is where a lot of people get it very wrong. Depending on the platforms you choose, there are restrictions and limitations on how many users. We've got various nodes, so how many nodes you can implement, etc. Also, latency considerations must be taken into account; especially if you're deploying it across geographically dispersed regions. The main advice would be to get the design right. Because given that directly interferes with the network, if you don't get your design right it could be disruptive to the network. Once you've got the proper design in place and that translates into a bit of material, the implementation, you can always figure it out. Getting it right, upfront, is the most important thing.

Overall, I would give ISE a rating of eight out of ten. I don't want to give it a 10 out of 10 because of all the design issues. There is definitely room for improvement, but overall out there in the market, I think it's one of the best products. It has a good ecosystem. It integrates well with Cisco devices, but it also integrates with third-party solutions if you have to do that. It's based on open standards, and we've seen the ecosystem grow over the years. So, they're doing a good job in terms of growing the ecosystem and making sure ISE can work with other products, but there's definitely room for improvement on the product design itself — on monitoring, on analytics.