Cisco Identity Services Engine (ISE) Reviews

We use it for access control in our organization for network control and the guest portal of the guest users who access the wireless network.

Cisco ISE has improved our security. It's very important to us since we are a banking entity. Security is one of the most important aspects of our architecture.

The most valuable feature is the provisioning of the device so as to ensure that they are compliant with the security policy that we need to have.

I believe that Cisco can improve the way its policies are built because they're a little complex. If the operation teams do not have not a very good understanding of the solutions, they can break something because it's not so easy to view their policies through their eyes.

I have been using Cisco Identity Services Engine for six years.

Cisco's support team does a good job. Sometimes they take a long time to solve a problem, so it's difficult for us. But in general, it's a good solution with good tech support. I rate the technical support an eight out of ten.

Positive

We are using Juniper. We are also using Cisco, which is the main vendor. Before, a solution for web portal access was deployed by our internal team, and we moved it back to Cisco. We chose Cisco because, as a NAC solution, it made sense to us since it keeps things together in the last single tool.

The product's implementation was done by my team, along with handling virtual operations too. The setup is simple to do. However, the policies of the solution are a bit complex.

Regarding how the solution helps me secure my infrastructure from end to end, I would say that it is a good solution for us. We are also using all the features Cisco ISE has.

I don't believe it does save my IT staff any time because we need to build the policies and follow the configuration, then follow the user access.

After getting rid of other products, my company was able to save some money.

Regarding the solution's ability to consolidate tools and add to my security infrastructure, I would say that because Cisco ISE (Identity Services Engine) was able to get rid of those other products, it did help secure my infrastructure.

It did improve my company's cybersecurity resilience because we have deployed the solution as a high-availability solution. So if we lose one of the boxes, the other one, we all remain to stay in the job.

I would absolutely recommend the solution since it helped us a lot to improve our security and put some tools together in a single pane of glass to support and troubleshoot it. So it's easier to do that.

Regarding if the solution was able to integrate well with other solutions, I do not think we have any integrations at this moment, but I know that Cisco ISE (Identity Services Engine) has a lot of integrations.

I rate the overall solution a nine out of ten.

The company's use case for Cisco ISE is switch access. I'm from the high-performance compute side. I'm not the back office IT. I'm what they call GSIT. Their use cases are different but very similar.

On our side, Cisco ISE has improved cybersecurity resilience. The company uses it for global WAN and other things. We haven't had any issues.

For me, the TACACS feature is the most valuable. I have also used Cisco ISE with LDAP, not with Active Directory. That works for me because I prefer LDAP versus Active Directory.

The templates could be better. When you have to do certs, especially with X.500 certs, it isn't very intuitive.

I've been using Cisco ISE since 2011.

After I set it and forget it, upgrading Cisco ISE is the only thing to do.

I've never had a problem with Cisco. Cisco has always scaled well, so it's pretty good.

Initially, it wasn't good, but once I found the right TAC person, it was fine. I had to probably get level three or above, and then I had to get a software developer because the certs didn't initially work properly to give you a special code. I'd rate their support a nine out of ten.

Positive

I used OpenRADIUS before. That was open source. I switched because I'm the support for everything. It was easy to support with Cisco ISE.

Role-based access is easy to do with Cisco ISE versus OpenRADIUS. That's because OpenRADIUS is something you have to manage yourself. You have to manage the certs and other things. You have to define the roles yourself for special read access and for certain groups and multi-groups.

The only thing I didn't like at the beginning was that Cisco ISE was limited to how many groups you could use. That problem has been fixed. I haven't run into that problem.

The initial setup was complex. The main part was the certs, especially the X.500 certs with LDAP. Azure Directory is a little bit smoother, but I prefer LDAP.

It's deployed for internal switch access. It's purely for switch access and role-based access.

I deployed it myself.

We've seen an ROI.

I get very good pricing from Cisco, so I don't have a problem with that. I also don't have a problem with licensing because we get enterprise or global licensing.

It hasn't helped to free up our IT staff. Our IT staff is already very limited anyway. We've always worked smart and don't work where we don't have to work. For example, in 2019, we were more than 60. There are 14 of us now, and we still do the same amount of work. Cisco ISE hasn't contributed to less workload. We do it with automation. We have a lot of Linux, so we do automation on all of our stuff. 

Overall, I'd rate Cisco ISE an eight out of ten.

When it comes to ISE, the main challenge that we were trying to address is with our retail environments. We don't have control over the physical access to all the ports and we didn't really have any network access control.

ISE has, and will continue to allow us to secure our edge environment at the retail stores. It's also going to provide more security as we are rolling out more wireless access.

We're expanding our footprint to just outside of the retail environment. For example, we're implementing wireless service in our lumber yards. As we progress, we really need to be focused on securing that, and ISE is going to allow us to do that.

The main way that ISE is improving our organization is by acting as an added layer of security. It's a physical layer at the actual network jacks in our retail environments.

This is also true for our corporate office in conference rooms. We've now got the ability to allow those ports to be hot for a vendor to come in and plug in, and we're not having to rush and go make it hot for them. At the same time, we can still control what access they have without having to be hands-on all of the time.

The other thing with vendors is that in our stores, a lot of times we have some older technology from vendors that is not wireless. Until now, we haven't been able to push those devices onto a guest network. But now with ISE, we are able to dynamically assign those types of devices to a wired guest network.

The fact that Cisco ISE establishes trust, regardless of where requests come from, has helped us come to realize what was on our network. We thought we knew what was on our network, and we thought we had control over devices, but there's a lot out there that can't keep track of, day to day. For example, if a different department adds a computer that handles paint and we didn't know about it, suddenly it's on our network.

Now that we've got ISE, I feel like it's a big step in the right direction in terms of increasing the trust in our network. Not having to trust devices and being able to set those levels of trust and more finely control our network is a benefit.

ISE has really helped us in supporting our distributed network because we are geographically diverse with remote sites in Texas and five surrounding states. This means that we can't always be out there, hands-on.

With retail environments, we can't rely on our employees in the stores to be technically minded all the time. As such, it really helps us not to have to worry about that. We don't have to try and train people that aren't meant to be doing that kind of work, because their job is selling lumber. It's not always being there on top of the security of the network.

The most valuable feature for us with ISE is the network access control. It provides both security and visibility to what is on our network.

The control ISE gives us with those devices, whether they're company-owned or BYOD, anything on our network, we now have a little bit more visibility into and more control over how it performs and what access it has on our network.

When it comes to improvements with ISE, even though we've been using it, there's still a lot to learn because it's such a robust product. I think that Cisco could do something to counteract the stigma that ISE is cumbersome and hard to use.

There was a big pushback against us implementing this product because as VPs and executives start to talk, they want to talk about everything they've heard, and they had it in their minds that things are the way they are. To proceed with implementing ISE, we had to push against that.

The UI is not as intuitive as some other products, even products inside of Cisco's wheelhouse. To an extent, some of it feels like it's legacy and could be improved upon.

One thing with Cisco is that we haven't ever had issues with stability, and ISE lines right up with that. We're using the virtual appliance and we're using VMs. We haven't had any issues there, as long as you know the caveats that go along with their setup.

There have been no issues as far as performance or uptime.

Scalability with ISE goes back to the setup, and that initial planning phase. You have to identify your networks and your devices and what you want to do.

Once you get it set up, then scalability is not an issue. Definitely, the more complex your network, the more time you're going to spend on the pre-setup stage.

I really like Cisco's products. Sometimes, however, I have trouble with the support because you're getting someone that doesn't know your environment. This is something that's just going to happen.

Another frustrating point is that you sometimes get a person that doesn't realize that you might know what you're doing. You've already turned it off and back on, but they've got to walk you through those steps no matter what you tell them.

You feel like it's a battle to get to the point where you actually start to work on the solution. It's not the same with everyone but when we do have to work with Cisco, it's usually a bigger problem that necessitates engaging TAC.

At that point, it's hit or miss. Sometimes they're great and just click and get the problem fixed, whereas other times it's an uphill battle back and forth where you can't get on the same page.

I would rate the technical support a six and a half out of ten.

However, our account team from Cisco, who are the systems engineers that support us, I would rate about a nine. They are always there and are great to work with. 

Neutral

This is our first solution for network access control and that level of visibility.

For visibility, we do have CrowdStrike. That gives us visibility into our network, but it only acts on the agent and it uses an ARP request to discover devices that it didn't already know about. You can't really trust that, because if someone gets on maliciously, they're going to know enough to not just be blatantly, obviously there. You want to have a little bit more security in place when they first connect.

The deployment of ISE is definitely more complex than other things, but it's inherent because there's a lot of prep and planning to set up how you're going to handle certain types of devices.

You start realizing that you hadn't even thought of some things and accounted for other things. Definitely, it's a big exercise in prep work. It involves filling out questionnaires and keeping spreadsheets on everything on your network. That said, it was eye-opening and a good experience, but there's definitely quite a bit of work to set up ISE.

We're juggling a lot of things at one time, so it took six months to deploy. A lot of that was not dedicated to ISE, and we were still doing the other parts of our job throughout the process.

We received help setting it up from our reseller, who was Accudata, but they were recently purchased by Converge Technology Solutions. We've got a great relationship with them; they've always got great resources and great account teams.

If I were to comment on the return of investment on ISE, I don't really know where to begin because it was something we never did before. It was somewhere where we were lacking. We just didn't have the time or the manpower to do what ISE will do for us.

I'm sure someone out there can crunch the numbers and quantify the ROI on stopping an attack or a breach, but I don't have those numbers and thankfully, we haven't had one yet.

For us, we didn't have the manpower to do it right. Implementing ISE has saved us the need to invest in that manpower.

When it comes to licensing, I'm hoping Cisco is improving that because that's always been a pain point. I usually rely on our account team, which thankfully we have one, to help with the licensing.

Over the years, licensing has been confusing and complicated because there are so many different licenses for each different product and each different iteration of the product.

In terms of advice for anybody who is looking into Cisco ISE, I wouldn't suggest just jumping in and buying ISE. I'm not trying to talk badly about anything, but I would say, do your due diligence and understand your network and what's going to work for you.

Definitely understand that you're getting into a lot with ISE. There's a lot of capability, but I don't feel like just one person working on a hundred networks should be taking that on and trying to manage it themselves.

Overall, this is a good product but there's definitely room for improvement. Also, we're not using everything we could within the product.

I would rate this solution a seven out of ten. 

We were looking for secure network access.

It's important that the solution considers all resources to be external because we are introducing new endpoints to the environment every day. We want to make sure that endpoints are secured. In addition, we want to see what that endpoint is doing in our environments.

ISE has eliminated trust from our network architecture. It has changed the methodology of how we look at security. Instead of having everything open, now we know exactly what to open and what to trust.

SGTs are valuable because they make it easy to enforce policies, instead of pushing them across all the other platforms.

I would like to see them simplify the dashboard. It's very configurable, but, at the same time, it's not easy to maneuver through it. They should "Merakify" it.

The deployment is complex. I get that it's very configurable, but there is the challenge of how to get to certain things. You go to different places to get the same things done. There needs to be improvement to the GUI.

I have been using Cisco ISE (Identity Services Engine) for seven years. 

It's now way more stable than 2.0 was.

It's scalable, but we get back to the point that you have to deploy multiple nodes across the environment to get the bandwidth for larger environments.

TAC is pretty good. They're solid. The product has been out there for a little bit so that side of things is good.

Positive

We had ClearPass.

It's pretty good when it comes to supporting an organization across a distributed network but it's not easy to implement. It requires a lot of expertise. It requires a full understanding of your environment and the traffic flow.

Our clients have it in multiple locations. At the same time, there are multiple SSIDs on the wireless side and each SSID has a different function for a different group of users. It's not like there is just one set of policies. It has to be multiple policies and sometimes the policies cross each other when moving from one campus to another campus.

Deployment requires a minimum of two solid engineers. One can focus on the network side and the other one can focus on the ISE side.

The way you establish trust is that you first have to "untrust" everything and then you set your points and your profiles and, based on that, you build your policy.

It's damn expensive and the licensing is terrible. There are three different types of licenses: Essential, Advantage, and Premier, and each one of them has certain features. I work with the SLED accounts and it's not easy for customers to find the money. I'm trying to sell their product but, at the same time, to utilize the product fully they have to pay millions of dollars on the licensing alone. And it's software. It's not like I'm selling them hardware with hardware value. It's just software. The prices need to be brought down.

The majority of our clients are still using 2.7, while some have moved to 3.0 or 3.1. That's another issue with the licenses. If you have perpetual licenses on 2.7 and you upgrade to 3, you are forced to go with Essentials. That is one of the issues that I'm seeing with my clients now.

Go for it. It's a great solution. It's very configurable and you can tie your environment together from a wireless or from a wired side. I love the solution.

We use ISE primarily for RADIUS authentications on our wireless networks and VLAN segmentation for those users.

ISE makes things easier because we all work on one system and we all have the same views, so one person is not looking at a different system. We can all look at the same system and say, "Okay, go to this link." Also, you can integrate it with DNAC (Cisco DNA Center), which is something I am very into. It helps us troubleshoot from the client all the way down to the packet. DNAC can tell us, within ISE, when they're integrated, "This is the issue they're having," and we can report back.

It's great across a distributed network for securing access to all our apps and the network. We don't have to worry about which system is going through which access layer or which security system. We can just put everything into ISE. We don't have to separate the switches from the routers to the wireless. It's all just "one-stop, go." It used to be that our switches were in a separate system for authentication routers and the wireless was all on EAP. It was confusing. ISE consolidated all that.

For my use cases, the in-depth troubleshooting into why a client can't connect or why they failed, is very valuable. I can go back to someone and say, "Hey, it's not my network. It's their certificates or user error," or something else. For my coworkers the VLAN segmentation means a client got in, it dropped them into this VLAN, and that's where they belong. They can't get out. It makes things more efficient.

Also, the fact that ISE considers all resources to be external is very important. We use ISE in our retail environments for our payment sleds. We want our payment system to be secure. Zero Trust is our whole thing. It's great that everything is external to ISE and then everything has to go through the system.

The opinion of my coworkers, and it's mine as well, is that the user interface could use some tender loving care. It seems counterintuitive sometimes. If you go to the logs, it's hard to figure out which one you need to look at. My ISE admin probably has different ideas, but for us, that's the main complaint.

I've been using Cisco ISE (Identity Services Engine) for about 15 years.

Uptime is great. I don't have a complaint with ISE with uptime. It's been a rockstar. As far as I'm aware, we have probably had 95 percent uptime, or even 99 percent. Nothing is 100 percent. When there's an issue, it's usually not ISE.

Scalability is our issue: keeping up with the number of licenses we need for customers and clients. That's our main concern right now. Part of that is on us and part of that is on ISE.

For us, ISE is global between retail stores, warehouses, and world headquarters. Our entire wireless network of over 30,000 devices uses it. In North America alone, we have 13,000 access points and usually around 60,000 clients.

We've had some issues with support. We usually just get our account manager involved and they get the BU online.

It depends on the role of the dice and your TAC engineer and how well they understand the issue. We've had numerous cases where we decided to say, "Okay, escalate."

Neutral

We had ClearPass but we found some difficulties with it and those were things that ISE was better at, such as EAP authentication. We had some issues with how ClearPass interacted with the Cisco wireless environment. The merging of the two technologies was hard.

We have jumped around. We were Juniper, Aruba, and then a Cisco corporate environment, and then a mixed environment. We finally consolidated those between retail, warehouses, and our world headquarters, into a unified Cisco environment with ISE as our RADIUS backbone. ISE gave us what we needed to unify all of them. We finally shut down our last ClearPass server a couple of years ago.

Being fully honest, the Cisco licensing model right now is really confusing. We don't know what licenses we have where. We have Smart licensing, but the different levels are way confusing.

There are different levels for different accesses. We have an enterprise license agreement with Cisco, but all the details of what we have with those licenses get confused in the massive amount of licenses we have, or in the different license levels we have for different geos, et cetera. The Smart license portal is there, but right now, we just don't have the time or manpower to put into that.

I give it an eight out of 10 mostly because when you get in to start configuring the details, it's hard to find some stuff. Otherwise, it's a great platform.

We are working with packets and A011X. In some cases, we also do profiling.

We are using this solution because we wanted to improve security and reduce security gaps. This is mainly for our customers.

This solution improves security. There is a new law in the Dominican Republic, where I am from. The central bank has ordered the banks to improve their security through a law. ISE is one of the start points for those organizations to start improving their security.

The solution gives us a way to provide a professional security solution to our customers.

They provide you multiple ways to achieve security, not only on-prem, but also when you have remote and guest workers. Especially post-pandemic, a lot of our customers have remote workers. So, it has been really helpful.

Its resilience gives you a better security posture. Cybersecurity resilience is very important. Security is one of the main things in my country enforced by law.

Profiling is a really good feature. However, it sometimes is a challenge for customers when there are issues with the remediation part. I would add a built-in remediation solution. That would be a very nice feature.

I have been using the solution for six to seven years.

It is very stable.

It is very scalable. You can install several nodes in order to scale the solution.

The technical support is really good. I would rate them as 10 out of 10. You need to know how to work with the tech support. If you don't know how to work with them, then it won't work.

Positive

We have been working for 15 years with Cisco as a Cisco partner. We like the Cisco solutions.

The deployment is complex. It takes four or five to deploy it.

Deployment takes a skilled technician. The customer's help is always needed since we need to integrate Active Directory. 

Our customers see ROI. They feel more confident about their operations. It gives them time to do other things in order to be more profitable.

It has a fair price. It is better than it was before.

We have seen Aruba ClearPass, but it is not that common in the Dominican Republic.

Organizational leaders should do constant analysis of their security posture, in order to be improving every day.

I would rate them as eight out of 10 because of the remediation feature.

We primarily use Cisco ISE as a network access control solution. We do a lot of quarantine actions from our CSOC. We use the AnyConnect VPN by setting multiple deployments for dedicated purposes, where we use it to provide wireless.

Cisco ISE has brought a level of visibility that my organization hadn't had beforehand. At the same time, it has mitigated a lot of potential attack factors and brought in a sense of control in the hardware during the onboarding process.

I found the CMDB Direct Connect in Cisco ISE 3.2 the most promising feature for my use case. We have a lot of wired map devices and having an externally approved source to validate if a machine is legitimate or approved to be on the network is extremely valuable for us. It helps make the whole process of authorizing endpoints quick.

Cisco ISE's real-time data analytics for database logging could be improved. Earlier, you didn't have direct read access to the database. You'd have to rely on logs through some other sources like Splunk and be able to put everything that you want together. Being able to review logs in real-time, customized to your filtering, adds a lot of context and visibility.

I have been using Cisco Identity Services Engine for about four and a half years.

I do not like the stability of Cisco ISE in the virtual environment. That might have been more of an underlying host issue rather than an ISE issue. But we've moved to hardware right now, and I wouldn't have looked back. The next place we're looking to explore is potentially in the cloud, but that's still up in the air because our environment is not small. We're one of the larger 700,000-plus endpoints.

Cisco ISE's scalability is nice. However, not many people can deploy Cisco ISE in a very large environment. In other words, there are no large environments that are hitting around 100,000 plus clients for active concurrent sessions. If you're trying to create multiple deployments to distribute the workload evenly, I don't like that there's no centralized management platform for Cisco ISE. You still have to go into each deployment and do your configuration.

From my account team, I rate Cisco ISE's technical support ten out of ten. However, from a tech perspective, if I'm talking to tech level one, tech tier one, or tech tier two, I'd have to give it a six out of ten. Once you start getting into the more advanced tiers and even the business units, the support goes through the roof.

Positive

I've always worked with Cisco ISE. However, in my organization, there's another part of my infrastructure where they use Forescout. The way Forescout implements a NAC solution differs vastly from how Cisco ISE does it. The way Cisco ISE does it is more ingrained in the whole radius process and enhances the security features on a switch or wireless line controller.

Our organization chose to go with Cisco ISE instead of Forescout because, holistically, the solution checked all the boxes needed for a NAC solution.

I was not involved in our organization's first iteration of Cisco ISE. We've since migrated and modernized our Cisco ISE deployment, and I've been heavily involved in that. 

The ease of deployment depends on the environment you're deploying in, understanding what use cases you have out there, and understanding what kind of endpoints you're exposed to or exposing your network.

Overall, Cisco ISE's initial setup is not overly complicated right now. But since our organization is moving into a multi-vendor or managed services contract, we're bringing in many vendors like Meraki, Juniper Mist, Aruba, and Fortinet. That's when things get complicated because they don't all use the same type of authorization results.

We implemented Cisco ISE in our organization directly through Cisco. My experience with Cisco has been phenomenal because they listen. We've run into many technical issues, but they've been at our beck and call and have been there to support us to a point where they've rushed certain fixes. We've had a couple of engineering specialits because of things we've encountered. They worked hard for us.

The product is positive regarding a return on investment, considering the cost we're bringing in for Cisco ISE's deployment versus the value we're adding to the environment.

According to my sales and account team, the prices we're getting are pretty good. I wouldn't say they're the manufacturing or listed price by any means, but we do a lot of business with them. So the price points that they're coming in at are pretty manageable.

When it comes to securing our infrastructure from end to end so that we can detect intermediate threats, a lot of it has to do with integrating Cisco ISE with other products. For example, Cisco ISE primarily deals with either the access layer or remote connections. However, when you start integrating it with other things like titration or secure network analytics, you can get a bigger grasp of the overall picture. When you bring other security teams into it, they can start creating their policies, alerts, etc. They can start automating some of the incident mitigations and stuff like that.

My use case is a little bit different in that there's no end to our work. There are a lot of other business groups within my organization that aren't complying with what the network security policy should be. So I have to reach out to them and get them to use a dot1x protocol or ensure that their stuff is in our CMDB database.

We're in a big migration and shift in our overall security policy. So there's a lot of moving aspects going on right now. However, as we start getting things moved into an MDM, as we start getting things moved into using a dot1x protocol, we can get an active identity of an endpoint.

Cisco helps reduce the amount of staff we have to chase down and figure out what kind of policies should be implemented. We can then incorporate our onboarding process into that, preventing unauthorized devices from connecting in or at least be reassured that if anything that we haven't had any chance to look at connects in, we can deny it with confidence. Down the road, it'll alleviate a lot of the time and planning we're doing right now.

My organization is a bit different. I've tried to get them onto the posture feature of Cisco ISE, but they're pursuing other vendors for that. We've decided to incorporate through a pxGrid integration with other applications such as Tanium, Forescout, or whatever application my security organization uses. They can pull contacts from the Cisco ISE endpoint and then be able to issue a quarantine action to Cisco ISE on that particular endpoint.

Overall, I rate Cisco ISE ten out of ten.

We are on-prem at twelve separate sites with one main node.

We utilize Cisco ISE for authenticating both our employees and residents at our senior care center. We authenticate them either against LDAP or our network.

Cisco ISE provides us with enhanced network access control, allowing us to manage the VLAN assignments for both our residents and employees. Additionally, Cisco ISE enables us to exercise control over the devices permitted to connect to our network.

I am not aware of the extent to which we leverage Cisco ISE to remediate threats, but it serves as our first line of defense for access. It has been extremely beneficial. Our clientele consists of senior residents, and having some level of control over the devices they connect to the network has had a significant impact. 

Cisco ISE has helped to free up the time of our IT team for other projects.

Sometimes, there are instances when Cisco ISE simply fails to function without any apparent reason, and regardless of the investigation we undertake, the logs indicate that everything is functioning properly, making it somewhat inexplicable. However, after a while, it spontaneously begins functioning again. Therefore, I believe it is not a widespread problem, but when it does occur, it can be quite frustrating.

The support specifically for Cisco ISE has room for improvement.

I have been using Cisco ISE for two years, and the company has been utilizing the solution for ten years.

For the most part, Cisco ISE is stable, good, and functional. However, when it fails, we are left clueless as to the reason behind it, and that's the frustrating aspect.

Cisco ISE scales exceptionally well. However, we have encountered issues while updating to the latest version. It is a significant endeavor due to the extensive scope of our deployment. Nevertheless, I believe this challenge is not unique to us; it appears to be primarily related to the scale of the deployment. Currently, we have nearly 15,000 devices.

The times I've had to contact technical support for Cisco ISE, the experience has been somewhat unsatisfactory. I get the feeling that, at least on the surface, they perform tasks that I can do myself, such as reviewing the logs and identifying the issues. Moreover, given the integration of Cisco ISE with various network components, it's difficult to confine troubleshooting solely to that aspect. Therefore, I desire improved support specifically for Cisco ISE. I would rate the support for Cisco ISE as a six out of ten, whereas for other products in their portfolio, it would receive a nine out of ten.

Neutral

I am not aware of the current price for Cisco ISE, but considering it is a Cisco product, it is likely to be quite high. However, I do not have control over the checkbook.

We evaluated Aruba ClearPass, which was something we considered. However, since we are committed to Cisco throughout our infrastructure, we didn't believe it was worthwhile to replace it with another solution without being certain that it would be better than Cisco ISE.

Aruba ClearPass had a slightly better reputation among the people we surveyed in our industry. We frequently compared it to how college campuses manage their systems because our use case is very similar. In terms of functionality, I believe it was mostly the same. The key difference seemed to be the level of stability.

I give Cisco ISE an eight out of ten. Without knowledge of how the other implementations or competing offerings function, I believe Cisco ISE performs admirably in its intended role. Moreover, I am aware that without it, we would encounter significantly greater challenges. Therefore, I consider it to be great.

Our organization utilizes Cisco products extensively, which, in my opinion, is the reason behind the organization's decision to choose Cisco ISE.

I believe we would have a much more open network if it weren't for Cisco ISE. We would be restricted to only using PSKs, and we wouldn't have a true understanding of what our residents are connecting to the network. I think that's likely the most significant aspect of the implementation.