Cisco Identity Services Engine (ISE) Reviews

To be clear, I'm not an expert in networking, so I'm pretty much like a user.

I really like the guest WiFi. Those kinds of features are pretty convenient. When I have a guest in the form of a third party, I can grant access to the guest for a certain period of time and have a dynamic password generated. It's great.

The user experience of the solution is great. It's a very transparent system.

As I treat the system basically as a user would, and am not overly technical, I can't say what features, if any, the solution is missing.

I'm working from China currently and the only real issue is that, within the country, there's some concern around Cisco and its ability to offer the solution for the long term. As the United States has banned the Huawei version in their country, we feel there may be retaliation in ours and Cisco will get banned as a countermeasure from the government. The future of Cisco in China is in question. Our local partners are worried about the situation.

To be perfectly frank, I'm unsure of the exact amount of time we've used the solution. It's been a number of years. I've basically lost count.

The stability, from a users' perspective, is very good. I haven't encountered any issues before, and we've used it for quite a long time. It doesn't freeze. It doesn't crash. There aren't bugs or glitches. It's pretty reliable overall.

I'm not sure how many users are on the solution ultimately. Our reach is pretty global. I'm not with the network team, so I can't speak to the ability for the solution to scale.

As I'm not a member of the network team, I've never had to reach out to technical support. I don't know if they do or how often or how Cisco's technical support ultimately is. I've never dealt with them directly. I can't speak to the quality of their service.

I'm not a member of the network team, so I didn't participate in the implementation process. I can't speak to how straightforward or complex it was.

We're just a customer. We're in the manufacturing industry, not IT. We don't have a business relationship with IBM.

We try to keep up with the latest upgrades, therefore, I believe we are using the latest version of the solution.

From a non-technical user-based standpoint, I'd rate the solution ten out of ten. 

I'd recommend it, however, there is this ongoing concern in China at this time that Cisco could get banned in the ongoing trade war with the United States. That should be a concern for companies here. That may not be so much of a concern abroad.

Cisco Identity Services Engine (ISE) version 1.3 has improved it's GUI margin and much easier to navigate than the previous versions. 

This technology pride itself with Trust Sec and 802.1x  feature. Trust Sec can be an advantage when an environment is nothing but a Cisco workshop.

This technology is based upon utilizing other Cisco products such as IDS, IPS, ASA and Catalyst switches. It provides the RADIUS feature for Active Directory so that 802.1x (EAP over LAN) is properly utilized for User Authentication.  

It also does MAC Address Bypass (MAB) for MAC Address verification and authentication.  

Cisco will integrate the TACACS+ feature into ISE version 2.0 and enterprises no longer need Cisco ACS for this reason.  

Many organizations and large enterprises are faced with the daunting task of keeping their security issues at bay. They also need to be in compliant with the Cyber Security's strict guidelines and orders.  

While there are many cyber attacks from the outside of the edge routers, cyber attacks can also be implemented within the organization whether it is either intentional or unintentional.  Cisco ISE can mitigate many attacks such as MAC spoofing, VLAN hopping, DHCP Starvation and ARP Snooping.

By implementing ISE, it can lighten the overhead of the Cisco Catalyst Switches by not implementing port security, Dynamic Arp Inspection, DHCP Snooping. This will also improve the switch's performance since the ISE server takes over the duty of posturing with its Policy Service Node persona.  

Cisco ISE has improved performances on Access Switches and closely monitored the daily suspicious or rogue activities within the organization.  

We've had no issues with deployment.

We've had no issues with stability.

We've been able to scale it for our needs.

The solution is being used for authentication purposes and for sharing assessments. 

Cisco ISE has helped improve our security. 

It helps ensure that you are working in accordance with the organizational policy before you join the network. Also, the solution is very reliable. 

I would like to see better management. Integration with other platforms can also be improved. 

Cisco ISE does not recognize devices and that is an issue we faced during its integration with our existing devices.

I have been working with Cisco ISE (Identity Services Engine) for ten years. 

The stability of the solution is average. I would rate the stability of the solution a seven out of ten. 

The solution's scalability is average. I would rate the scalability a seven out of ten. 

The initial setup of Cisco ISE is complex. For the deployment, the solution needs to be installed and then it needs to be integrated with the network and certificates to get to the endpoints. 

I would like to advice that Cisco ISE is a reliable and stable solution although it is not very easy to use. They should work on integrating the solution with other platforms.

Overall, I will rate the solution an eight out of ten. 

Our use case is managing access to network devices for IT as well as end-users. Making that seamless is the challenge we were looking to handle.

ISE made implementation and connecting things easy.

It does a good job of establishing trust for each access request, no matter the source. It's also very effective at helping with the distributed network and at securing access.

The UI and UX could be more seamless and easier to use.

I've been using Cisco ISE (Identity Services Engine) for six years.

The stability of the solution is pretty good. I've only had a couple of issues.

I've never tried to scale it up.

We have it deployed in multiple locations with users across the US and Canada.

I have never used the technical support.

It's done the job that we put it in place to do.

Our customers use Cisco ISE (Identity Services Engine) as a network access control solution. Before they can get network access, you can do posture check, e.g. in the Windows version, or another version, then it is only after this posture check that the clients can enter the network.

Compatibility with other vendors is what needs to be improved in Cisco ISE (Identity Services Engine). We should be able to use it with other vendors, for all specifications. There should be integration with different vendors, e.g. Cisco ISE (Identity Services Engine) working with AccuPoint networks.

I've worked in my current company in product pre-sales for one year, and prior, I worked for a different partner company in Turkey, so my total usage of Cisco ISE (Identity Services Engine) spans eight years.

Cisco ISE (Identity Services Engine) is a stable solution. It has good performance.

If we need support from the vendor side, we can open a case, then the vendor replies to us as soon as possible. Support for Cisco ISE (Identity Services Engine) is fast.

The installation of Cisco ISE (Identity Services Engine) was easy.

Our customers pay for the license of Cisco ISE (Identity Services Engine). They have an annual subscription, rather than a monthly subscription.

I evaluated Fortinet.

I'm a technical person, and I've worked for a company that does system integrations, including network pre-sales. My company sells Cisco ISE (Identity Services Engine) and Fortinet products in Turkey. I can also sell these products. My company is a gold partner of Cisco.

I've sold the on-premises version of Cisco ISE (Identity Services Engine).

Cisco ISE (Identity Services Engine) is the best solution for Cisco network customers. It is the best solution for Cisco network devices. As for network products from other vendors, we can use, or we could offer other network access control (NAC) solutions, e.g. Fortinet NAC, or Aruba Secure NAC, etc.

I'm part of the pre-sales team at our company. There are other people who are responsible for installing Cisco ISE (Identity Services Engine) post-sales, e.g. they install the solution for the customers. For this reason, I am unable to give information on how long it takes to install the solution.

We currently have over 30 users of Cisco ISE (Identity Services Engine).

I can recommend Cisco ISE (Identity Services Engine) to other users.

My rating for Cisco ISE (Identity Services Engine) is eight out of ten.

I use it for licensing and profiling. It's like a "traffic cop." It's an endpoint user migration tool. It's also a TACACS server. It depends on what I'm using it for at the moment.

For the applications it's authentication and then authorization into the network. It's the networks you're on and what AD gives you. Your profile is based in AD or an LDAP server. ISE talks to those two servers and says, "What groups do you belong to, and should you have access to those roles?" With ISE, if AD says you can have it, then go for it.

I use it in big campus environments, anywhere that needs authentication and authorization to work with AD. It's a great tool for that, if you want to profile your network and you want to secure your network inside. We're not talking about firewalls but about what the tool can do for you, what it's designed for.

It has improved internal security, in-to-out, out-to-in. Without ISE, you can't posture or profile your network. Authorizations, authentications. ISE is not the only product that can do it, but it's a great tool.

Among the most valuable features is TACACS. Also, the rules and logging, but TAC is just as easy. Cisco TAC is great.

The area where things could be improved is education. It's complicated to deploy initially because you have to know what you're getting into. That's true with any customer. I don't know them so I have to learn about them. I have to figure it out, but there are very limited windows to do that. If a customer's going to hire you, you are the professional. You should know this already. You should come in with a base knowledge of what you need to do and, after that, grow with the customer. More education is how it can be improved.

I have been using Cisco ISE (Identity Services Engine) since 2016. I usually come into an environment after everything is there already. Customers bring me in to fix things that are broken.

The stability of the solution depends on how you scale it. If you have set it up properly, it will be great. If you put all your eggs in one basket, in one part of the network, and that goes down, then you have lost everything.

It's scalable. It can grow with your network. You can create new nodes or move everything from local to the cloud. It's easy to spin up a VM, so you can put it on a VM real quick and be done within a couple of days. But you have to know what you're doing. You can't just do it with the assumption that you can copy and just redeploy it. ISE doesn't work like that. It has to be done properly.

Cisco's TAC is excellent. Cisco always has great support.

Positive

I previously used the older versions of the hardware that were the original predecessors to ISE.

The deployment model for ISE depends on the customer: where their data centers are, what they can afford, and what type of maintenance agreements they have with Cisco's support. Are they on a VM or a physical device? Deployment depends on what we are trying to do and the environment.

In terms of establishing trust for every access request, trust is only as good as the rules and definitions you build. Without that, you need not only to trust the device, you need the trust of the customer too. That's important.

Trust is only eliminated when a customer wants the rules loosened. When the customer says, "This is too difficult, you're making it too hard," that is when exposure happens, things start collapsing, and there are breaches. You can't give the customer everything they want, because they don't know the consequences. You have to educate them. They need to know that the inconvenience of hitting "enter" to log in, and having it take three seconds or five seconds is because you'd rather have the machine and the network think before they let you on the network. A lot of times a customer will say, "If I'm hitting enter and it's not bringing me to where I need to be, then this is not a good solution." You have to educate them.

The solution is like an iPad that someone set up for you. If they didn't do a good job setting it up, you're going to rate the tool as bad. A lot of times, I come in and it's already done and I have to fix the problems. There are times that I do create it from scratch and it works really well. 

We are a system integrator and Cisco ISE is one of the products that we sell and implement at our customers side. I have built ISE's POC and provided training to our customers.

I also used real rent lab which was including; Active Directory integration, network access and core switches, access points, wireless access controller, and end points. (some end points have cisco client - anyconnect, and have not), and Web Server for creating wireless authentication portal solution end to end

The AAA features were awesome and have important attributes, and also the security groups (SGTs) concept to enforce policies for each group of users, regardless they coming via wired or wireless network devices. also i see the guest authentication is very rich and easy tom implement 

Cisco ISE offer one central point to create different policies for different group of users and enforce policies to each entity regardless it connected to network through wired or wireless network devices. it provide in this way more mobility and wireless-wired converged network. Also it integrates very well with network devices to control ports configurations services authentication and authorization. ISE also integrate with DNA center and stealthwatch to enable customer have SDN (Software defined Network) Fabric. 

Combines authentication,authorization,accounting(AAA),posture,and profilerinto one appliance

Provides for comprehensive guest access management for Cisco ISE administrators.

Enforces endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for all endpoints that access the network,including 802.1X Environments

EmploysadvancedenforcementcapabilitiesincludingTrustsecthroughthe use of SecurityGroup Tags(SGTs) and Security Group Access Control Lists (SGACLs)• Supports scalability to support a number of deployment scenarios from small office to large enterprise environments

The ISE software needs to be improved  in role to be easier to administer. SOftware enhancement required to have easier way to find the featured required to implement and also need enhancement of features sorting. Completing processes can be complex when try to implement some solutions. also steps are complex and the troubleshooting as well. As an example, if you intend to make AAA policy and enforce it on a group of users, you will find the software very confusing................................

I have been using Cisco ISE for three months.

We did not use another similar solution prior to this one.

The initial setup was fine.

The price for Cisco ISE is high.

We did not evaluate other options before adopting this solution.

We are a reseller of Cisco ISE. 

So far we have had no complaints from customers. No major complaints in terms of ISE. They do complain obviously if the ISE service stops working. Normally that happens if there's a server flaw or some problem at the data center somewhere. 

There can more integration between the wireless controller management and ISE. Consolidation or integration of the controller and ISE dashboards would be great. It's not that bad but would make for simplified support if it could be combined into one dashboard.

It's very stable. We have it in on a big car rental company. We manage and we support the Cisco ISE platform for them. It's very stable and it adds a lot of value to the network.

In terms of scalability, you need to factor in your licenses. With a virtual platform, the scalability is more than sufficient. We have over one thousand users. 

We've got two engineers that look after the ISE environment.

We have emailed tech before and their support has been very good.

The initial setup was straightforward. The time it takes to implement depends from customer to customer. The most time-consuming aspect is sitting with the customer and planning out the policies and how they understand Cisco ISE. On average, with the planning sessions with the customer and the installation of ISE, it takes approximately five days.

The licensing is too expensive. There is more complexity on the wifi environment, especially with Cisco DNA versus Cisco ONE licensing. As far as the ISE licensing is concerned, it's pretty straightforward. We normally follow the ordering guide which is quite detailed, so there's no problem there.

The advice that I would give someone considering this solution is to understand the licensing. From a design perspective, we refer to the ordering guide quite frequently. The most important thing is to have a technical planning session with the customer. A lot of the time the customer doesn't really know what they want and if you don't have that upfront planning and discussion with the customer, the deployment can take much longer.

I would rate it a ten out of ten.