Cisco Identity Services Engine (ISE) Reviews

We are a system integrator and Cisco ISE is one of the products that we sell and implement at our customers side. I have built ISE's POC and provided training to our customers.

I also used real rent lab which was including; Active Directory integration, network access and core switches, access points, wireless access controller, and end points. (some end points have cisco client - anyconnect, and have not), and Web Server for creating wireless authentication portal solution end to end

The AAA features were awesome and have important attributes, and also the security groups (SGTs) concept to enforce policies for each group of users, regardless they coming via wired or wireless network devices. also i see the guest authentication is very rich and easy tom implement 

Cisco ISE offer one central point to create different policies for different group of users and enforce policies to each entity regardless it connected to network through wired or wireless network devices. it provide in this way more mobility and wireless-wired converged network. Also it integrates very well with network devices to control ports configurations services authentication and authorization. ISE also integrate with DNA center and stealthwatch to enable customer have SDN (Software defined Network) Fabric. 

Combines authentication,authorization,accounting(AAA),posture,and profilerinto one appliance

Provides for comprehensive guest access management for Cisco ISE administrators.

Enforces endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for all endpoints that access the network,including 802.1X Environments

EmploysadvancedenforcementcapabilitiesincludingTrustsecthroughthe use of SecurityGroup Tags(SGTs) and Security Group Access Control Lists (SGACLs)• Supports scalability to support a number of deployment scenarios from small office to large enterprise environments

The ISE software needs to be improved  in role to be easier to administer. SOftware enhancement required to have easier way to find the featured required to implement and also need enhancement of features sorting. Completing processes can be complex when try to implement some solutions. also steps are complex and the troubleshooting as well. As an example, if you intend to make AAA policy and enforce it on a group of users, you will find the software very confusing................................

I have been using Cisco ISE for three months.

We did not use another similar solution prior to this one.

The initial setup was fine.

The price for Cisco ISE is high.

We did not evaluate other options before adopting this solution.

We use Cisco ISE for network management, user access for enterprise clients, and advanced firewall support. We use Cisco ISE on domains and clients jointly with other network software utilities.

We use Cisco ISE as our main controller for the management of clients that need to join our network.

The best feature of the Cisco ISE platform is that it is compatible with Microsoft products. 

Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better. 

It needs a better solution for reduced complexity.

I think to add more people to four-thousand users is going to be hard. Cisco needs to make it easier to add more people.

The Cisco ISE platform is stable.

On our network, we use Cisco ISE as a platform utility to support three thousand users.

The initial setup of the Cisco ISE platform was complex and the deployment was also difficult.

On a scale from one to ten, I would rate Cisco ISE an eight because the server is so complex. Cisco needs to re-program or re-issue it and release a new version with more adequate sizing for small businesses. 

Cisco Identity Services Engine (ISE) version 1.3 has improved it's GUI margin and much easier to navigate than the previous versions. 

This technology pride itself with Trust Sec and 802.1x  feature. Trust Sec can be an advantage when an environment is nothing but a Cisco workshop.

This technology is based upon utilizing other Cisco products such as IDS, IPS, ASA and Catalyst switches. It provides the RADIUS feature for Active Directory so that 802.1x (EAP over LAN) is properly utilized for User Authentication.  

It also does MAC Address Bypass (MAB) for MAC Address verification and authentication.  

Cisco will integrate the TACACS+ feature into ISE version 2.0 and enterprises no longer need Cisco ACS for this reason.  

Many organizations and large enterprises are faced with the daunting task of keeping their security issues at bay. They also need to be in compliant with the Cyber Security's strict guidelines and orders.  

While there are many cyber attacks from the outside of the edge routers, cyber attacks can also be implemented within the organization whether it is either intentional or unintentional.  Cisco ISE can mitigate many attacks such as MAC spoofing, VLAN hopping, DHCP Starvation and ARP Snooping.

By implementing ISE, it can lighten the overhead of the Cisco Catalyst Switches by not implementing port security, Dynamic Arp Inspection, DHCP Snooping. This will also improve the switch's performance since the ISE server takes over the duty of posturing with its Policy Service Node persona.  

Cisco ISE has improved performances on Access Switches and closely monitored the daily suspicious or rogue activities within the organization.  

We've had no issues with deployment.

We've had no issues with stability.

We've been able to scale it for our needs.

We use Cisco ISE to develop products for other people. We don't really use it in our system. We just buy it and implement it when our customers require ISE.

I like that Cisco ISE is easy to use.

Migration could be better. Right now, we back up with the new version, and it requires a lot of licensing and other things. Whenever we choose a product, it's very difficult because we have to meet the requirements of each feature. There is no standard feature, so the best system that we bought may not fit the solution. 

We have to look at every feature that the customer uses. If you compare it with other products like Aruba, it's not the same. With Cisco, I have to read all about the features on this version and the licensing required for the product. In Aruba, that thing is covered when you get one license because it covers almost everything. It could also be more scalable.

We have been using Cisco ISE for 20 to 30 years.

It could be more scalable. It's easy to scale initially, but it will become very difficult at a certain point. In the beginning, it's in the previous environment, and it's pretty easy. But after we integrate it, we need to do a couple more to scale the product, which is more difficult.

We have less than 300 people using it worldwide. We deal with an airline company, so people who come to use it aren't many, but it's available to everyone from everywhere around the world.

We deal with a local Cisco partner for technical support. I haven't dealt with Cisco directly in Bangkok. 

I think Cisco takes around six months to complete the migration from the old one to the new one. This is because we have compliance and a lot of other things here.

Our in-house team implements this solution. It takes about three people to maintain this solution.

It costs around 50,000 baht in the first year, but I'm unsure about the second year.

On a scale from one to ten, I would give Cisco ISE a seven.

My primary use case is network address translation and layer 4 filtering.

Without this product, we wouldn't be able to use our public ID the way we need to.

The most valuable feature is the ASDM - the user interface makes it very easy to configure the firewall.

I would like the product to include support for OSVS version three.

I've been using this solution for about five years.

This is a stable product.

The scalability is good - currently, we don't have an internet bandwidth greater than 10GB, so it's efficient for us.

The initial setup was straightforward, and deployment was done in one night.

I implemented using an in-house team.

This product has helped us protect our infrastructure.

I considered some open source solutions, but those are usually difficult to set up.

I would recommend this solution as it is very easy to set up and has a very easy user interface. I would rate this solution as eight out of ten.

We use this solution to authenticate the domain users and if someone is not the domain user to make them a guest.

Before, our port would be wide open, anyone could come to the network and put their laptop into the port or any device and they would be able to get the IP. Now, if someone tries to connect to our network through an IU port or internet, they will not be able to access it. Another way this solution has improved our organization is that when we integrate this with our OpenGate server we are able to identify and isolate the machine that is infected, or that is going to be infected.

Plus, we had control on which device we can block in real-time and white list, or according to the MAC address, we can send this device to get an assigned IP from a special VLAN.

The identification with McAfee DHL is the most valuable feature. It gives us full visibility to see if there's any malware or malicious activity going on in the network and will then isolate the device.

Since we have started, we struggled a lot to implement this solution into our network, and we opened a case a couple of times. Up until this point, nothing else needs to be improved with this product.

Stability is very good. We haven't faced any issues and there aren't any bugs. 

We currently have around 400 users and we only need two staff members for maintenance. It is being used extensively because all of the users are dependent on it. If the ISE is down no one will be able to authenticate.

Technical support is very good because, on the user phase, it shows who was on the call with us and who helped us. 

The initial setup was easy. It took around one month. We did the installation part within half an hour to two hours but we found a couple of issues so we raised a case and once everything was resolved it was a month in total. 

We used an integrator. We had a good experience with them because we have already worked with them in the past couple of years

We researched this solution and found that it fulfills all of our requirements so we didn't look into any other solutions.

I would rate this solution a nine out of ten. 

I would advise someone considering this solution not to enable it with MAC. They are going to be in a very bad state after enabling this with MAC because if you do it is going to isolate so many devices which do not comply with the policy.

It can handle Radius and TACACS+.

Authorisation and Authentication Policy creation is easier. Access right limitation is pretty easy in ISE. Context exchange feature is present.

It is quite complex when it comes to troubleshooting.

2 years

Upgrade was quite a pain. It doesn't exactly go according to the document.

On TACACS side, we see some issues. The rest is all going well.

It's good.

Tech support is still lacking on TACACS troubleshooting on ISE.

We were using ACS and IAS servers for radius and TACACS. ISE is one stop shop for everything with more to offer.

Initially done with a Cisco consultant and started with Radius services. Expertise was excellent.

Smartnet is not so cheap depending on the deployment.

We have deployed this solution and we keep on exploring more and more. It can do wonders for authentication and limiting access with the network.

We use Cisco ISE for device authentication, such as auto switches, and wireless authentication.

The most valuable features are authentication, we have more granular control on the access policies for the administrators. The solution is easy to use, has a center point administration, and has a good GUI.

The solution could be more secure.

I have been using Cisco ISE (Identity Services Engine) for approximately five years.

Cisco ISE is stable.

I have found Cisco ISE to be scalable.

We have approximately 500 people using this solution in my organization.

We were using Cisco ACS previously. I have found Cisco ISE to be a more advanced and easy-to-use solution than the Cisco ACS.

The installation is straightforward since we have worked on Cisco platforms previously.

We have approximately 100 people for the maintenance and support of this solution.

I rate Cisco ISE (Identity Services Engine) an eight out of ten.