Cisco Identity Services Engine (ISE) Reviews

The way we can trust this solution is the most valuable. We have no issue with this product. It is a competitive product. You need to have a very good and deep knowledge of the product to take the full benefits of all the features, but it is a good product.

It is too complex. It should be easy to use. We are not such a big team. We only have three engineers to work with this, and we don't use all of the functionality of the product. Its range of functionality is too wide for us, and this is the reason why we are thinking of switching to a more simple product. We have shortlisted a Microsoft solution. We have a big footprint for Microsoft products, especially in security. As a global strategy, we try to leverage to the maximum what is possible around Microsoft.

This product was installed before I joined this company. It would be six years or something like that. We are probably two versions behind the latest one.

It is stable.

Their technical support is good. Cisco support is good.

I was not there, but I think the company had a services company that helped them in implementing it. It was easy because we only had to give them the requirements and their engineers did it for us. After they finished their mission, we started to deal with this solution, but it is too complex for a company of our size.

Its price is probably good if you use all of its features and functionalities to protect your environment. If you use only a part of the functionality, its price is too high. It is just a question of value and the functionality you use.

I would advise others to make sure that you have the knowledge of this solution to get the full benefits of all the features, and you are able to use it on a daily basis.

I would rate Cisco ISE a six out of ten. Its functionality is too wide for our company. 

We use ISE for security group tagging in terms of guests and visitors who access the network to make sure that they actually go through this to control their privilege access to ensure they don't actually access the internal network, etc. 

Our clients use ISE as a form of security policy management so that users and devices between the wired, wireless, and VPN connections to the corporate network, can be managed accordingly.

Take a house for example. Sometimes you need to access a room via a certain keyhole, so you use a key that is unique to that door. With ISE, you can segment this process in terms of policy management based on the security tag. You actually grant the user access based on the tagging.

That's the IT trend — saving a lot on operating costs to manage the different users and access methods.

Within our company, we have roughly 200 employees using this solution.

My clients are always talking about the segregation capabilities. Segmentation refers to how you can actually segregate employee and non-employee client access. 

They have recently made a lot of improvements. My clients don't have much to complain about — it's a one-stop-shop.

It should be virtualized because many people have begun migrating to the cloud. They should offer a hybrid version. 

It's stable but there's a limitation of up to 200,000 users. If you have a big number of users, then you have to customize the installation process. 

It's only scalable up to 20,000 users. 

I would say Cisco's support has been getting worse. I think they outsource a lot of skillsets.

The initial setup is pretty straightforward. They actually provide a lot of help to IT administrators which makes setting it up rather easy.

The whole setup takes about three days because you need to basically configure the network, test the configuration, and then you need to cut over to production. 

Our customers definitely see a return on their investment with this solution.

I think licensing costs roughly $2,000 a year. ISE is more expensive than Network Access Control.

If you wish to use ISE, you must have a deep understanding of IT. If you don't, setting it up properly will be very complex.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

The .1x authentication schema is the most valuable aspect of the solution. It makes it possible to have multiple policies and it can still adapt to us. We can authenticate and calculate our trajectory and so on. The policy is very easy to put in place. It's got to be easy due to the fact that we have more than 200,000 devices.

The implementation is very simple.

The web interface needs improvement. The new web interface that they have is not as easy to manage and we find it to be very slow.

The solution might require two authentications. They should make a new authentication to authenticate both the device and the users. Right now, we are authenticating the PC, the workstation, but not as a user. A good addition would be to authenticate the user separately to get more information.

I've been using the solution for five years.

The solution is stable. I haven't witnessed bugs or glitches. It doesn't freeze or crash. It's reliable.

The solution is quite scalable.

We started with two clients and we've since scaled up to 20 clients.

Cisco ISE was the first full solution we've used.

The initial setup wasn't complex for us. We found the process of implementing the solution very straightforward.

For our organization, in terms of deployment, the first implementation took one month, and for the global implementation took six months.

For maintenance, a company needs one or two people to handle it, one of which should be full-time.

The pricing is okay. It's reasonable for functionality, however, if you're going to implement it as a full-stack with Cisco Connect, and a work station, and so on, it's very high.

I'd advise other companies to really take care in regards to the network devices that they want to authenticate. 

For most of the cases, the biggest rooms are the easiest to manage, however, the smallest ones require specific implementation in all devices. It is very tricky due to the fact that you are obliged to put in place the rules that are not so secure and that's why it's very important to know what devices are connected on the network.

I'd rate the solution eight out of ten.

We have two servers and they're both VMs. Every network system is issued a certificate and each device coming onto the network has to be on the domain with an active AD user logging into it. It needs an up-to-date AMP, which is our Cisco malware and virus scan product and it also needs to have the most current Microsoft security updates and the three layers that we're using: The core VPN, the Network Access Manager and the ISE profiler. When it goes through all those different things on every port on the switch, there are commands for it to be able to go through an ACL so it knows what users are there, what server, and what devices have been put onto the domain. It can verify all that.

The user can then proceed on to the network. We've set it so that regular users are VLAN'd off and can only see the data network through ISE and are blocked from seeing the rest of the network. Depending on the department needs or other factors, we have cameras for security which are on a different VLAN, and they can see those. We also have something for O&M where the AC guy can see the AC equipment, and we can prevent all the VLAN's from being viewed by everybody.

We are customers of Cisco and I'm the infrastructure and Cyber security manager.

The solution cuts down on the repercussions of getting malware or ransomware which happened to us four years ago. We regularly took very aggressive snapshots and we were able to recover in an hour and 20 minutes without any loss of data.

Because we have a large database and 4,000 network devices, the solution can lag a bit when you're running updates or different things because of the fact that it's so big and it is such a resource hog. But the biggest problem we've encountered is that it finds errors or people are rejected or not authenticated without a clear explanation as to why. A second issue is that we're currently on 2.4 and Cisco's gold standard now is 2.7. They are a little slow with that.

I'd really like the solution to dive down a little deeper when something's not profiling. As it stands now, you have to go through and search what hasn't profiled. Microsoft, for example, gives you a direction to look at and will even be specific sometimes and tell you there is a password error, or the password hasn't been updated, or it's not meeting the policy and that's why it won't let it through. Those are very helpful because you know exactly what's required to solve a problem. 

Cisco is getting better with it, but they fail in some areas because of a network connectivity issue, or it's not getting DCAP quick enough and it fails. Those things would be more helpful to understand when it's going through, so you are able to triage it a little better. I mean, it does point you in a direction, but sometimes you have to dig a lot deeper to find the right direction and figure out what kept it from profiling. One big issue we've discovered is that people are not rebooting their machines or powering them off at night. We're trying to ensure that is done by sticking messages on screens.

I've been using this solution for the past two years. 

ISE is pretty stable. If it does have an issue then you need to call TAC and work through the bug in it. They are very responsive and very quick to help us eliminate the issue and also come up with a plan, such as how to move forward with additional issues or different things that are coming down the pipe with Cisco ISE. When you're talking to them, you feel like they are a partner and not just a disconnected entity.

The technical support is excellent, I would rate them very highly.

The initial setup is very complex. You have to go in and manually add in all the network devices, as far as all the switches, access points are concerned. You have to go port by port and add in codes and conditions and you have to go switch by switch and add in codes and conditions. You start out with a monitor mode and then go to an impact mode and then you go towards total lockdown. Implementation took us about 18 months. We rolled it out in short bursts because we have a very small IT team and we had a consultant company come in and work with us on installing it. A lot of it was knowledge transfer from them to us.

Our consultant was Cycorp, their main focus is network security. They are a sister Cisco partner, and we had one of their CCIE's come out and help implement everything. The gentleman at the top of the CCIE, was a former Cisco employee and a beta tester for ISE. Now that we have it in, I feel it's pretty much a game changer on locking down our network so that we're not penetrated from inside or outside because everything going through the VPN has to meet a certain standard.

We did a five year deal and it was very reasonable. I think for the Avast virus scan, I think we were paying $95 a machine for five years, which nobody else could touch. And that includes all updates, technical support, etc. From the ISE side, I'm not really sure what it costs because it was all encompassed in equipment we were buying and the ISE and the AMP and the open DNS. I know that it was not more expensive than any of the things we had looked at with HP or BMC or other places. It was much more cost effective.

We have looked at other products but we are a Cisco shop so having a Cisco product rides very easy on all our switches, our access points, and our Cisco servers. I believe it's the same for other companies such as HP. It's also a priority for them that the solution works better with HP switches. Given that we weren't going to change our switches, we really needed to focus on something that was going to work well with our environment.

The important thing is to have a good game plan going into it. Prep is key for everything going on with ISE. The more stuff you have prepped and the more understanding that you have upfront of how it goes through and how it behaves, the better off you are.

I would rate this solution a nine out of 10. 

We use Cisco ISE for 802.1 network authentication.

ISE integrates well with other Cisco products.

This solution does not provide us with enough visibility into our network. We would like to see additional information that it does not show. In general, the reporting is not very useful.

ISE needs to have better integration with third-party products.

A basic profiling engine would make a good addition because device profiling is very important.

This product requires the use of agents and ideally, I would like an agentless version. I think that they should get rid of them because they are hard to manage and deploy. Also, they are not useful.

The interface is not very user-friendly and it is not simple to use.

I have been using the Cisco Identity Services Engine for six years.

This is a stable product. The features that do work, work well, and we use it on a daily basis.

I would say that this product is scalable because we are using it in our central headquarters, in addition to several branch offices.

We do not pay for Cisco SMARTnet, so we did not contact technical support.

Prior to using ISE, we were using a solution by Trustwave. It is a different product because it uses Name Poisoning methods. It was an interesting solution but we changed because the price of support is too high. We opted to instead purchase a new product.

The initial setup is not simple. I don't consider our deployment to be complete because we were unsuccessful at trying to use the majority of the features. The fact that we can't solve these problems is why we are searching for another solution.

We had assistance from a consultant for the deployment.

Internally, we have a team of five administrators who manage this product.

The SMARTnet technical support is available at an additional cost.

I am currently doing research on Fortinet FortiNAC because I find that Cisco ISE is not a very powerful tool.

My advice for anybody who is considering Cisco ISE is to first run a proof of concept to see that all of the features work well. In my opinion, you have to see all of the features.

I would rate this solution a seven out of ten.

I'm an engineering student, studying smart information and communication technology.

The product has many useful features. It enhances compliance and security posture. It provides client provisions and profiling as well as guest access, features not available in other solutions. The product can be customized. 

Although the solution is easy to implement it's not so easy to understand. You need to be able to figure out the protocols, the nodes, and the personals of the nodes in order to implement correctly and make good use of it. Because it's a Cisco product, if you're not in a Cisco environment, it's difficult to integrate with anything else, so the big concern is its interoperability with other technologies and other vendors. 

I've been using this solution for two months. 

The solution is stable. 

ISE is extensible. It can be deployed for small and large organizations, and can even be distributed and centralized. 

We haven't used the customer support but if I do need some assistance my supervisor and the manager I'm working with can help. 

I've looked at other network access control solutions and ISE is among the leading technologies. I recommend it but suggest taking a close look at the technology before implementing it. Try to really understand it, because if you miss anything and don't configure correctly, it's going to be awful and you'll lose the benefits that the solution provides. Even if you only need one or two of the features that the solution provides, I would recommend using it. 

I rate this solution nine out of 10. 

We use it for Community WiFi and TACACS authentication. It is service provider authentication, both for the core infrastructure and Community WiFi.

We were looking to solve captive portal and centralized authentication with Cisco ISE.

It has allowed us to pull in multiple authentication databases, then centralize them into a captive portal system.

It is important for our organization that the solution considers all resources to be external. It treats them with minimum trust.

Integration is a big factor. That has really been the driving force behind it.

Documentation is probably the worst part of the software.

I have been using it for about five years.

It is very stable. I would rate the stability as 10 out of 10.

We don't use its scalability. I would rate it as five out of 10.

The technical support is good. I would rate them as six out of 10.

Neutral

We previously used an open-source solution. We switched for vendor support and scalability.

We don't monetize this solution.

It is fair.

We did not evaluate other options.

It is worth checking out the integration that it provides. It is a strong platform.

Cybersecurity resilience has not been that important for our organization.

I would rate ISE as eight out of 10. It does exactly what it is supposed to do without much issue.

We use it for SDA infrastructure. We have a challenge in recognizing different kinds of devices and that's what we are using ISE for in the SDA fabric.

We can better recognize our endpoints and we know whether they are allowed to access our network. That's really important for us.

It has also eliminated some rogue devices from accessing our network.

The integration with Active Directory is the most valuable feature for us.

The admin interface is really slow. It's horrible.

I have been using Cisco ISE (Identity Services Engine) for five years.

It's really stable.

It's scalable, but we need to upgrade some of our hardware to support more users.

Our SDA fabric has about 1,500 users that we are authenticating. We have plans to use it throughout the City of Helsinki, which has about 38,000 personnel whom we will need to authenticate in the future.

I haven't used the tech support.

We also currently have Microsoft RADIUS, but we are planning to move away from it and use ISE as our only authentication solution.

Other than the slow admin interface, it's an excellent product.