No more typing reviews! Try our Samantha, our new voice AI agent.
Solomon Okonta - PeerSpot reviewer
Network Architect at Great Canadian Gaming Corp
Real User
Jun 18, 2023
Helps authenticate wired users, can secure wired connections, and saves us time
Pros and Cons
  • "Being able to authenticate wired users through 802.1X is valuable as it enhances our security."
  • "The policies could be adjusted to make them more easily implementable."

What is our primary use case?

We mainly use Cisco ISE for device authentication. We are now rolling out 802.1X.

How has it helped my organization?

Cisco ISE has provided us with a security posture that we desire, particularly for wired connections, enabling the identification of domain users and non-domain users.

I would rate Cisco ISE an eight out of ten for its capability to secure our infrastructure from end to end, enabling us to detect and address threats. This high rating is due to its ability to establish policies and dynamically configure switch components for users.

Cisco ISE has helped our IT staff save approximately 15 hours per week, as they no longer need to manually configure the switch components.

Cisco ISE has helped improve our cybersecurity resilience, particularly through the use of 802.1X. This aspect is something we are leveraging to a great extent.

What is most valuable?

Being able to authenticate wired users through 802.1X is valuable as it enhances our security. If someone enters an unsecured room and connects to a wired connection, they will be authenticated to a guest network, completely segregated from our data networks.

What needs improvement?

The policies could be adjusted to make them more easily implementable.

Buyer's Guide
Cisco Identity Services Engine (ISE)
July 2026
Learn what your peers think about Cisco Identity Services Engine (ISE). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,016 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Cisco ISE for four years.

What do I think about the stability of the solution?

Cisco ISE is extremely stable.

What do I think about the scalability of the solution?

Cisco ISE is highly scalable, particularly for device authentication, as we have 3,000 switches in our environment.

How are customer service and support?

Cisco technical support was knowledgeable about Cisco ISE deployments.

How was the initial setup?

The initial setup was straightforward because we were familiar with what we wanted. When we encountered an issue with the policies, we opened a task case, and it was resolved quickly.

What about the implementation team?

We utilized an internal consultant for the implementation who possessed extensive experience in Cisco technology. Our overall experience was positive.

What was our ROI?

We have witnessed a return on investment with Cisco ISE due to the protection it offers to our environment and the capability of 802.1X to assist in managing security risks.

What other advice do I have?

I give Cisco ISE a nine out of ten.

Cisco is continuously improving its products. There are so many features that we're not even using in Cisco ISE. So we use what is relevant for our own use case.

I recommend that individuals conducting research on the solution take a thorough look at 802.1X and gain a comprehensive understanding of how it can offer the desired level of security.

We utilize Cisco throughout our environment and chose ISE due to our familiarity with all of Cisco's products.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Lead Network Engineer at a educational organization with 1,001-5,000 employees
Video Review
Real User
Aug 8, 2022
Gives us that extra ability to assist the end user and make sure that we are making them happy
Pros and Cons
  • "I really enjoy the live log section. Sometimes, you will have someone who is having issues connecting to the network, and then you have to ask them the dreaded question of, "Did you type a password wrong?" They will probably tell you, "No," but the live log can help sort that out. It gives us that extra ability to assist the end user and make sure that we are making them happy."
  • "It has tremendously improved our organization through BYOD and guest wireless access."
  • "There is room for improvement in its ability to allow end users to self-enroll their devices. Instead, you should be able to assign that permission by AD group, which is currently not available."
  • "I have complaints. I don't enjoy the licensing model."

What is our primary use case?

Today, we are performing wireless client authentication and using it as a captive portal for our guest wireless network. Eventually, I am hoping to roll into 802.1X for the wire.

In our organization, we have about 2,000 employees and 12,000 other end users whom we service.

How has it helped my organization?

It has tremendously improved our organization through BYOD and guest wireless access. The sponsor portal is very easy to use for our help desk team as well as just adding an endpoint for BYOD. We have given our help desk team the ability to perform those functions so they don't have to escalate tickets, and what that does is cut back on ticket time. They can quickly assist our end users and make them happy.

We haven't had an opportunity to really do much with zero trust in ISE. However, in regards to integrating it with our DNA Center appliance, we are looking to experiment more with the zero trust option, establishing policies and pushing them that way. That will really help out with 802.1X on a wire as well, preventing outside organizations from coming in, just randomly plugging in, and then being on our network.

ISE has had a good impact on our organization’s security risk. This is mainly because we see rejected clients, people just attempting to authenticate, or people attempting to sign in who don't have permission and we know they don't have permission. The visibility is very nice.

Resilience, in regards to cybersecurity, is incredibly important. We run everything in twos, including our ISE deployment. So, if we have a data center go down for whatever reason, whether it be a cyber attack or just a random power outage, then we know that we still have an ISE node up on the other side which can perform security functions for our AAA authentication.

As far as resiliency, it is very effective when it comes to upgrades or patch management. As far as cybersecurity, it provides visibility with the logs that we get, rejecting clients as needed, or even telling us a reason why an authentication request failed.

What is most valuable?

I really enjoy the live log section. Sometimes, you will have someone who is having issues connecting to the network, and then you have to ask them the dreaded question of, "Did you type a password wrong?" They will probably tell you, "No," but the live log can help sort that out. It gives us that extra ability to assist the end user and make sure that we are making them happy.

It has done a pretty good job of establishing trust for every access request, no matter where it comes from. The biggest issue that I probably have is just with the random amount of passerby or outside visitors coming in and trying to connect. Of course, they can't. ISE is very good at not only denying them, but also logging that endpoint. I would say it has done pretty good with that.

What needs improvement?

There is room for improvement in its ability to allow end users to self-enroll their devices. Instead, you should be able to assign that permission by AD group, which is currently not available.

For how long have I used the solution?

We have been using ISE since 2018.

What do I think about the stability of the solution?

I have never had any stability issues with it. It has been available 100% of the time that we have needed it.

What do I think about the scalability of the solution?

I think scalability is there. We run a two-node cluster. We haven't had a need to add any more, but I know we could add policy nodes pretty simply if needed.

How are customer service and support?

They are very good and intelligent. I would rate them as eight out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Prior to this solution, we were using Microsoft NPS. We switched from the Microsoft solution because we were looking for a more current way for our BYOD devices. 

Prior to ISE, we were using Cisco ACS, which is very old, and ISE was the next logical step. Along with that, we rolled our SSID BYOD over to ISE. That was our initial deployment. 

About a year later, we moved our production SSID over to it as well. So, we have just kind of come more into using it. It has a lot to offer.

How was the initial setup?

It was pretty straightforward. It was not complicated at all.

We deployed it in a week and rolled out BYOD. We moved that over from ACS to Cisco ISE within that week, so it was pretty simple.

Today, we just have it integrated with ISE, but it sits in our data center with our core networking. We consider it essential. If it is not available, then productivity suffers.

What was our ROI?

I think we have seen ROI in regards to integrating with an external MDM to enforce greater security requirements for business managed devices that aren't Active Directory joined.

What's my experience with pricing, setup cost, and licensing?

I have complaints. I don't enjoy the licensing model. Once we moved from 2.7 to 3.1, switching from Base, Plus, and Apex to Essential and Advantage in Premier, we went from a perpetual, with our base licenses, to now a subscription-base. So, we will have to renew those licenses every year, and I'm not a fan of that for our base licenses. Apex/Premier, we already expected, which is fine, but for basic connectivity, I am not a fan of that.

Which other solutions did I evaluate?

We went straight with Cisco. We are a very heavy Cisco shop, so it just kind of seemed logical.

We have had experience with Microsoft NPS.

What other advice do I have?

I would rate it as nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Cisco Identity Services Engine (ISE)
July 2026
Learn what your peers think about Cisco Identity Services Engine (ISE). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,016 professionals have used our research since 2012.
Bill Masci - PeerSpot reviewer
Senior Network Admin at iridium
Video Review
Real User
Aug 7, 2022
Helps across a distributed network, giving you a central way of authenticating everybody
Pros and Cons
  • "When we use ISE, one of the helpful things is that I can go through the dashboard and get every step along the way of how a device was authenticated. If it's failing, why did it fail? Why is it unauthorized? If there's an error, what is the error and how can I fix that error? If it's something that, if they should be passing, why are they failing?"
  • "There's no way for us to run a secure, reliable, user access or device administration access without something like ISE."
  • "A lot of people tell you the hardware requirements for ISE are pretty substantial. If you're running a virtual environment, you're going to be dedicating quite a bit of resources to an ISE VM. That is something that could be worked on."
  • "A lot of people tell you the hardware requirements for ISE are pretty substantial."

What is our primary use case?

Our main use case right now is TACACS for device administration and authentication, as well as for user authentication on the network: wireless authentication, 802.1X, and wired authentication too, for RADIUS.

How has it helped my organization?

The way Cisco ISE has improved our organization is [by] making sure that we have secured our network. It's making sure that if somebody comes into the office who [possibly] shouldn't be there, and they plug a computer in or try to hit our WiFi, that we know, based on the criteria we've set up, that this person should have access. They've passed all the tests we've set up to make sure that they're not a bad actor or somebody who shouldn't be on the network.

ISE can, a lot of times, be the first stop for us to troubleshoot user errors or user issues. If you start your security posture by assuming there's no trust for a device, you're going to make sure that ISE is validating the device from the ground up. It's not just assuming that something has access, it's making sure it goes through the full process to gain access to your network.

ISE has definitely helped us across a distributed network, because you have a central way of authenticating everybody. It could be switches across different vendors, it could be different switch models—whether a Cisco Catalyst 9000 or a 2960—you can make sure, although these might be different devices, that the authentication process is going to be the same for the users. You have that peace of mind that no matter where somebody's plugging in, or what AP they're authenticating to, it's going to follow the same security guidelines, the same authentication process, to be granted network access.

What is most valuable?

The most valuable features for us are ensuring that we have the right people logging in to the network as well as protecting our device configuration. If somebody goes in to make a configuration adjustment, we need to make sure it's the right person, that they have the right access, and that we have validated that.

When we use ISE, one of the helpful things is that I can go through the dashboard and get every step along the way of how a device was authenticated. If it's failing, why did it fail? Why is it unauthorized? If there's an error, what is the error and how can I fix that error? If it's something that, if they should be passing, why are they failing?

For device administration, like logging in to a switch or a router, we can see all the commands that people have put in and who made changes. If we need to fix something—a bad command, or somebody put something in that pulls a device out of what we consider our compliance—we can fix that. 

From an administrator perspective we can look at "Why did you make this change?" and figure out how we don't break something in the future, if it was something that did cause an outage. 

And when it comes to things like wireless, we can see who is hitting the network, who is hitting a corporate SSID, or a guest SSID. Are they failing? What errors are you seeing along the way?

What needs improvement?

A lot of people tell you the hardware requirements for ISE are pretty substantial. If you're running a virtual environment, you're going to be dedicating quite a bit of resources to an ISE VM. That is something that could be worked on.

The upgrade process is not very simple. It's pretty time-consuming. If you follow it step by step you're probably going to have a good time, but there are still a lot of things that could be a lot more user-friendly from an administrator's perspective. [They could be] easing a lot of the issues that people have. Instead of just saying the best practice is to migrate to new nodes [what would be helpful] would be to make that upgrade process easier.

The UI is a lot nicer in 3.0. It's pretty slow, but for the most part, it's easy to find what you're looking for, especially things like RADIUS live logs, TACACS live logs. From a troubleshooting perspective, it's really nice finding stuff. For setting up policies, from that perspective, it could be a little bit better looking.

For how long have I used the solution?

I've been using Cisco ISE (Identity Services Engine) for about five years, myself. My company has been using it for longer than that.

What do I think about the stability of the solution?

The stability for our virtual machines is good if you follow the best practice and give it the reservations the virtual machines need, and you're making sure that you're following how many recommended devices are going to be authenticating to it. We don't have stability issues with ISE.

What do I think about the scalability of the solution?

The scalability has been fine for us. We're actually in the process of possibly deploying more PSN (Policy Service) Nodes, so we'll see if that helps. But scalability hasn't been an issue. I don't think we're running into device count limitations or VM performance [issues].

We're around the 600-700 mark in terms of the number of devices in our company.

How are customer service and support?

Support has been pretty helpful when we've needed it. We haven't had too many issues where I was asking for an escalation immediately or sweating profusely because it's not working. I can't say anything bad about support, but I don't have enough experience to give a really substantial answer.

How would you rate customer service and support?

Positive

What about the implementation team?

I did not deploy ISE. We had a partner who helped us deploy it.

What was our ROI?

I don't know what the investment was, because I'm not involved in the pricing aspect of it. But there's no way for us to run a secure, reliable, user access or device administration access without something like ISE. The return on the investment, I think, is great. It's integral to our network so I don't know what we would do without ISE.

What's my experience with pricing, setup cost, and licensing?

The licensing model is pretty straightforward. There are some changes from [version] 2.x going up to 3.0 and switching to the Smart Licensing. But if you have somebody who can explain it to you, so that you know that when you're upgrading you're not losing functionality, or you're not putting yourself in a position where the license count you're used to having can go away; as long as that's set up, it's fine.

Which other solutions did I evaluate?

I have used Aruba ClearPass in the past. They're pretty comparable. If I'm going to be honest, I think ClearPass has a better user interface and some of the things are laid out a little bit better. But when ISE is up and running, it's more reliable, it's more stable. You just have to get it to that point and then it's a really nice product that I like using.

What other advice do I have?

In terms of eliminating trust from network architecture, ISE can do so when it's implemented correctly. There are still certain functions of ISE where you have to be diligent in making sure that if a user is plugging into a network port, that that port is set up to use ISE for authentication. It's kind of a two-way street. It's a great tool, but you have to set it up correctly. You have to make sure that it's doing what you've intended it to do. When you do that, it's great for that. We don't have any issues with that and it's definitely an integral part of our network.

The advice I would give people is to decide what you are looking for in terms of your AAA. Are you looking for a secure way to authenticate VPN users, users logging in for WiFi, for wired access? Something I don't use at my organization is the Guest Portal, but I know ISE has a pretty considerable catalog for deploying guest portals, for device onboarding, and posture assessment. If those are all the things you're looking for, the features, I would definitely recommend ISE.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Abdul-Mumin-Iddrisu - PeerSpot reviewer
Chief Technology Officer at Oduma Solutions Ltd
Reseller
Jul 8, 2024
Integrates with other applications to manage access
Pros and Cons
  • "Cisco ISE provides authentication for various applications. It can integrate with other applications to manage access, including Privileged Access Management for those applications. For a comprehensive environment, Cisco ISE should be able to integrate and provide asset management for an IT organization or any organization."
  • "The product is expensive. It would also be a good add-on to have some machine learning."

What is our primary use case?

We used it mainly for network access control and full stream for devices.

What needs improvement?

The product is expensive. It would also be a good add-on to have some machine learning.

For how long have I used the solution?

I have been using Cisco Secure Firewall for one year.

What do I think about the stability of the solution?

The product is stable.

What do I think about the scalability of the solution?

The solution is scalable.

How was the initial setup?

The initial setup is straightforward.

It's also recommended for clients during deployment. You're making everything very efficiently managed within the policies. The deployment is also very smooth, allowing you to configure your rooms easily. Once the initial setup is done, it becomes straightforward to understand, especially regarding Windows maintenance.

It was deployed to protect the network from unauthorized users but does not contribute directly to operational efficiency.

What's my experience with pricing, setup cost, and licensing?

Cisco ISE doesn't come cheap but it's still valid working.

What other advice do I have?

We recommend it to our customers.

Cisco ISE provides authentication for various applications. It can integrate with other applications to manage access, including Privileged Access Management for those applications. For a comprehensive environment, Cisco ISE should be able to integrate and provide asset management for an IT organization or any organization.

Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
Ahmed_Shalaby - PeerSpot reviewer
Senior Cyber Security Engineer at Beta Information Technology
Real User
Top 5
Jan 25, 2024
The product is useful for device administration and can be integrated easily
Pros and Cons
  • "The product is useful for device administration."
  • "We face many bugs."

What is our primary use case?

I do the designing and implementation and hand it over to the customer. Sometimes, I provide support to the customer. The solution is used for network access control. I have implemented almost all the features of the product.

What is most valuable?

TACACS is valuable. The product is useful for device administration.

What needs improvement?

We face many bugs. The vendor is trying to improve it by releasing new patches and hotfixes.

For how long have I used the solution?

I have been using the solution for almost five years.

What do I think about the stability of the solution?

I rate the tool’s stability a six out of ten. It breaks down a lot.

What do I think about the scalability of the solution?

I rate the tool’s scalability a seven out of ten. To scale the solution, we must decide which persona should be added. There are different personas for management, monitoring, and policy enforcement. It needs some calculations. I have a lot of clients. One of my clients has 20,000 to 50,000 users.

How was the initial setup?

The initial setup is not easy. It should be designed properly. The solution has almost two or three personas. The design must be reviewed correctly. The implementation is not easy. It is a little bit complex compared to other NAC solutions. The time taken for deployment depends on the size of the implementation. It can take from one week to one year.

What's my experience with pricing, setup cost, and licensing?

The solution is not that cheap.

What other advice do I have?

We are partners. A lot of customers are using Cisco’s infrastructure. The product can be integrated easily. We have faced a lot of issues while integrating other tools. Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
reviewer2212497 - PeerSpot reviewer
Cyber systems Engineer at a manufacturing company with 10,001+ employees
Real User
Jun 29, 2023
Has good posturing and prevents other users from insider threats
Pros and Cons
  • "We found all the features of the product to be valuable."
  • "They should improve their licensing. Licensing is always trouble with Cisco, and Cisco Identity Services Engine is no different. The way the product is licensed could be improved."

What is our primary use case?

We use Cisco ISE Identity Services Engine currently for TACACS and posturing.

How has it helped my organization?

The product elevated my organization’s security level, helped us meet some guidelines, and made our life easy.

What is most valuable?

We found all the features of the product to be valuable. We have no complaints about it. Posturing is valuable to my organization. Now, we're improving our whole environment to go into a Zero Trust policy, and Cisco Identity Services Engine plays a huge role in it. We're defense contractors, so we support DOD and have specific stakes and a baseline to go with. Our strict environment requires us to do certain things, and the solution plays a role in it.

What needs improvement?

They should improve their licensing. Licensing is always trouble with Cisco, and Cisco Identity Services Engine is no different. The way the product is licensed could be improved.

For how long have I used the solution?

I have been using the solution for almost three years.

What do I think about the stability of the solution?

The solution’s stability is good to go so far. Some vulnerabilities had popped up like any other solution, but Cisco remediated them. There was no problem.

What do I think about the scalability of the solution?

We haven’t even scraped to the surface of what the tool could do. It's very scalable, and we will try to use it as much as we can in the future.

How are customer service and support?

We have had no issues with the product’s customer support so far. We had a neutral experience with support.

How would you rate customer service and support?

Positive

What was our ROI?

We have seen a return on investment in terms of not pursuing any other solutions. We didn't need to look further. The product did what it does for us now. We are very content with it. We don't have to invest further into something else.

What's my experience with pricing, setup cost, and licensing?

The solution’s pricing is okay.

What other advice do I have?

The tool secures our infrastructure to a certain point. However, we're not using it in terms of detection. My team is only four people, and we take all the tasks together.

The solution did not help us consolidate tools. However, it does help us with TACACS. TACACS was a big thing that we needed. We are trying to get rid of NPS and RADIUS, and we will probably use the product in the future for Certificate Authority. It could probably consolidate tools, but it's not doing it now. However, it will in the future.

The product has absolutely improved our cybersecurity resilience. With all the posturing we're doing and the Zero Trust policy we are bringing, it prevents other users from insider threats. It helps big time with insider threats. It's a big thing for us in our specific programs.

Give it a shot because we did give it a shot. People at first said it was very pricey, but it wasn't really as pricey as people say it is. It's worth trying it. Zero Trust will be mandated later, especially if you're in the government. The product will play a big role in it.

One of our team members was pursuing a certification in CCMP security. He was specifically on the Cisco Identity Services Engine track. We got that for him to demo and test it out. Eventually, it became part of our product. TACACS, Posturing, and Certificate Authority could be the reason why we chose the solution. We are using it now for 802.1X. All port security is not a thing anymore for us.

Overall, I rate the product a nine out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Senior Systems Engineer at Austro Control
Real User
Jun 21, 2023
Offers flexible policy sets, helps secure our infrastructure, and serves as a central hub for all types of network access
Pros and Cons
  • "The most valuable feature is the flexibility of the policy sets."
  • "Cisco ISE requires a lot of time-consuming administration."

What is our primary use case?

We utilize Cisco ISE for network access control and employ RADIUS access for managing user control in our virtual environment.

How has it helped my organization?

Cisco ISE enables us to implement network access control, ensuring that only approved devices can connect to our network. It serves as a central hub for all types of network access, including wired, wireless, and VPN connections improving our network security.

It does a good job of helping secure our infrastructure from end to end, even though there are many features that we are not utilizing.

Cisco ISE has helped us consolidate tools like Cisco Token that we no longer require. The ability to consolidate tools has provided us with a centralized point of access for our security infrastructure, generating abundant information regarding access.

It has helped our organization improve its cybersecurity resilience by enabling us to control the devices that access our network, unlike before when we had to physically access the port.

What is most valuable?

The most valuable feature is the flexibility of the policy sets.

What needs improvement?

Cisco ISE requires a lot of time-consuming administration.

For how long have I used the solution?

I have been using Cisco ISE for eight years.

How are customer service and support?

Cisco tech support, I'm sure, is very good. However, the amount of resources required to submit and process cases is quite significant. As a result, unless we encounter a major issue, we generally prefer to avoid Cisco TAC and instead seek out workarounds.

How was the initial setup?

The initial setup should be straightforward, but it is often quite complex. A greenfield deployment, where we start from scratch, is easy. The challenges typically arise when we attempt to upgrade an existing deployment.

What about the implementation team?

We utilized the services of Open Network for assistance with the implementation. Their services were excellent, and we would gladly engage their services again.

What other advice do I have?

I give Cisco ISE an eight out of ten.

Cisco ISE is equipped with numerous features. We are a small company and only utilize the ones we require. However, as our requirements change or grow, we may consider adopting more of the features that Cisco ISE offers.

The administration can be time-consuming due to all the updates and patches, but overall, I recommend Cisco ISE.

Our organization was familiar with Cisco, and we used wireless LAN products. That is why we chose Cisco ISE, as it integrates well with our infrastructure.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2214696 - PeerSpot reviewer
Network Manager at a healthcare company with 10,001+ employees
Real User
Jun 21, 2023
Helps us determine real users on our network, protects our environment 100%, and has excellent support
Pros and Cons
  • "Cisco ISE is a powerful solution. It gives us the ability to control who's accessing our network, and Cisco has made it very easy."
  • "Some of the reporting could be improved."

What is our primary use case?

We use it for network access control. For security reasons, if a vendor plugs into our network, the port is automatically shut down because it's not authenticated to our network.

How has it helped my organization?

Cisco ISE is a great solution. It helped us determine real users on our network. It's very useful.

From a security standpoint, Cisco ISE has improved our organization 100%. We're not guessing who is plugging into our network. It 100% protects our environment and infrastructure from end to end.

Cisco ISE has saved the time of our IT staff time to help work on other projects, but I don't have the metrics.

Cisco ISE has absolutely improved our cybersecurity resilience. Specifically, the 802.11 authentication for wireless has been huge.

Cisco ISE hasn't helped to consolidate any tools or applications.

What is most valuable?

Cisco ISE is a powerful solution. It gives us the ability to control who's accessing our network, and Cisco has made it very easy.

What needs improvement?

Some of the reporting could be improved.

For how long have I used the solution?

We've been using it for about ten years.

What do I think about the stability of the solution?

It's stable. We never had any issues.

How are customer service and support?

I love it. They know their stuff. Almost in one call, you get the right person. They're very good. I'd rate them a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We didn't use any other solution previously.

How was the initial setup?

You have to have a plan. You have to be prepared to roll it out. You need to think through what you want to configure.

It took us about three and a half months to get every angle we were after, and after that, it was a very slow rollout. We rolled it out in about eight months. It was easy.

What about the implementation team?

We did it all in-house, but we did have consultants from Cisco come in and help us tweak it.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing are not my expertise. As far as budgeting is concerned, we run an ELA with Cisco. It's a part of our ELA.

Which other solutions did I evaluate?

We didn't evaluate other products. We went straight to Cisco because you can't go wrong with their technology. They're a leader in this space, and they've got a good, robust solution, so we rolled it out.

It integrates seamlessly with other Cisco products that we have. I use Cisco Meraki for all my edge cases. We never considered switching to another vendor. 

What other advice do I have?

It's a great product. I'd rate Cisco ISE a nine out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Network Architect at a tech vendor with 10,001+ employees
Real User
Jun 19, 2023
Scans all the programs on the workstations, enforces data loss prevention and security
Pros and Cons
  • "The most valuable feature is AnyConnect Posture because it scans all the programs on the workstation and checks if the antivirus is up to date, as well as the cryptographic keys on our SSD."
  • "Cisco ISE has numerous features that are impractical, and I won't utilize them since they require payment."

What is our primary use case?

We utilize Cisco ISE for authentication by employing the AnyConnect Posture model to address vulnerabilities on the workstations. Additionally, we make use of TACACS.

How has it helped my organization?

It is a mature solution and it grows with our needs.

Cisco ISE has helped consolidate DNA Center.

Cisco ISE helps our cybersecurity resilience by enforcing security over the workstations.

What is most valuable?

The most valuable feature is AnyConnect Posture because it scans all the programs on the workstation and checks if the antivirus is up to date, as well as the cryptographic keys on our SSD. It also enforces data loss prevention on our workstation, which is usually the main vulnerability for network entry.

What needs improvement?

Cisco ISE has numerous features that are impractical, and I won't utilize them since they require payment.

For how long have I used the solution?

I have been using Cisco ISE for around four years.

What do I think about the stability of the solution?

We encountered a few bugs that were resolved using the SMUs. However, when the solution is built properly, there are no performance issues.

What do I think about the scalability of the solution?

We can scale Cisco ISE up using VMs.

How are customer service and support?

The technical support is excellent, and we rely on their services frequently.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Cisco ACS but transitioned to Cisco ISE because it reached its end-of-life status, and we needed to progress.

What was our ROI?

We have observed a return on investment from the tasks performed by Cisco ISE for our organization.

What's my experience with pricing, setup cost, and licensing?

Cisco ISE is not inexpensive, but the solution is well-built and worth the expense.

Which other solutions did I evaluate?

We evaluated Aruba ClearPass but ultimately chose Cisco ISE due to budgetary constraints. We were able to secure a favorable discount with Cisco.

What other advice do I have?

I would rate Cisco ISE a nine out of ten. Despite the fact that the solution offers numerous features, it is challenging to use.

We do not rely solely on Cisco ISE to secure our infrastructure from end to end. Instead, we utilize various tools such as McAfee, DLP, and Endpoint Security. Additionally, we have the Domain client to check for any breaches. On our Internet edges, we perform SSL offload to enhance the performance of security projects like WAF and IPS, as well as conduct full packet scans. Furthermore, we have NGFW and NG Networks in place.

Cisco ISE is an important component in protecting our environment because it enforces security against the main point of vulnerability, which is accessing workstations. Ransomware infiltrates a network through workstations. The policies implemented are based on the posture model, ensuring that we use the necessary products on our network to mitigate such risks.

I was not involved in the initial setup, but testing the implementation of a new feature is always challenging. We need to allocate time to test it with the security team and the network team. Additionally, we need to create a separate environment to gain a better understanding of how we can improve the performance of the solution within our network. 

For organizations that do not have the funds to purchase Cisco ISE, there are good open-source solutions available. These include TACACS servers, OpenLDAP, and FreeRADIUS. However, Cisco ISE is an excellent tool for enhancing all the existing tools within an organization.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Josh Calhoun - PeerSpot reviewer
IT Systems Engineer at Pierce County Information Technology
Real User
Jun 18, 2023
Helps secure our infrastructure, provides detailed reports, and streamlines the way we add new devices to our wireless network
Pros and Cons
  • "The live logs and live sessions for troubleshooting are the most valuable features because they provide a detailed report of any issues."
  • "Cisco ISE can become quite complex, especially with policy sets, the entire authentication process, and everything involved."

What is our primary use case?

We utilize Cisco ISE for wireless user authentication, as well as authentication, authorization, and accounting for our network devices.

How has it helped my organization?

Cisco ISE has made us much more secure. It has streamlined the process of adding new devices to our wireless network, specifically wireless-only devices. Moreover, thanks to scripting capabilities and flexibility on the Cisco ISE side, it has significantly reduced the amount of manual effort required by everyone involved.

Cisco ISE effectively secures our infrastructure from end to end, enabling us to detect and remediate threats. It does a commendable job of securing both end users and their devices, including guest-wired devices for anonymous access. Its ability to compartmentalize everything makes it incredibly convenient, and the comprehensive tracking features are particularly valuable.

Cisco ISE has helped to free up our IT staff's time by saving approximately 40 hours per month, as we are constantly uploading new devices. 

Cisco ISE has helped our organization improve its cybersecurity resilience by authenticating users. It ensures that only certain MAC addresses can be on our network, particularly on our production wireless network. Additionally, it keeps track of authentication frequency and alerts us if clients authenticate too often, allowing us to optimize CPU cycles.

What is most valuable?

The live logs and live sessions for troubleshooting are the most valuable features because they provide a detailed report of any issues. I appreciate that they guide us through every step that a user or authenticator goes through.

What needs improvement?

Cisco ISE can become quite complex, especially with policy sets, the entire authentication process, and everything involved. I would appreciate a more comprehensive visual depiction of the steps from the beginning to the end.

For how long have I used the solution?

I have been using Cisco ISE for five years.

What do I think about the stability of the solution?

We have never experienced any stability issues with Cisco ISE.

What do I think about the scalability of the solution?

We can scale Cisco ISE by adding additional licenses or servers.

How are customer service and support?

Cisco technical support is excellent. They respond promptly, and their thoroughness is remarkable. For instance, we can send them numerous logs, and they will analyze them in detail for us.

How would you rate customer service and support?

Positive

What was our ROI?

We have seen a return on investment around the soft cost, with how streamlined everything is, how we don't have to really worry about wrong devices getting on our production Wi-Fi.

What other advice do I have?

I give Cisco ISE a ten out of ten.

Cisco ISE is a great tool. It integrates well with Active Directory and numerous other components. The solution has become a fundamental part of our network and I recommend Cisco ISE to others who are looking to improve their cybersecurity.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Cisco Identity Services Engine (ISE) Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Cisco Identity Services Engine (ISE) Report and get advice and tips from experienced pros sharing their opinions.