Cisco Identity Services Engine (ISE) Reviews

We use it for network access control. For security reasons, if a vendor plugs into our network, the port is automatically shut down because it's not authenticated to our network.

Cisco ISE is a great solution. It helped us determine real users on our network. It's very useful.

From a security standpoint, Cisco ISE has improved our organization 100%. We're not guessing who is plugging into our network. It 100% protects our environment and infrastructure from end to end.

Cisco ISE has saved the time of our IT staff time to help work on other projects, but I don't have the metrics.

Cisco ISE has absolutely improved our cybersecurity resilience. Specifically, the 802.11 authentication for wireless has been huge.

Cisco ISE hasn't helped to consolidate any tools or applications.

Cisco ISE is a powerful solution. It gives us the ability to control who's accessing our network, and Cisco has made it very easy.

Some of the reporting could be improved.

We've been using it for about ten years.

It's stable. We never had any issues.

I love it. They know their stuff. Almost in one call, you get the right person. They're very good. I'd rate them a nine out of ten.

We didn't use any other solution previously.

You have to have a plan. You have to be prepared to roll it out. You need to think through what you want to configure.

It took us about three and a half months to get every angle we were after, and after that, it was a very slow rollout. We rolled it out in about eight months. It was easy.

We did it all in-house, but we did have consultants from Cisco come in and help us tweak it.

Pricing and licensing are not my expertise. As far as budgeting is concerned, we run an ELA with Cisco. It's a part of our ELA.

We didn't evaluate other products. We went straight to Cisco because you can't go wrong with their technology. They're a leader in this space, and they've got a good, robust solution, so we rolled it out.

It integrates seamlessly with other Cisco products that we have. I use Cisco Meraki for all my edge cases. We never considered switching to another vendor. 

It's a great product. I'd rate Cisco ISE a nine out of ten.

We utilize Cisco ISE for authentication by employing the AnyConnect Posture model to address vulnerabilities on the workstations. Additionally, we make use of TACACS.

It is a mature solution and it grows with our needs.

Cisco ISE has helped consolidate DNA Center.

Cisco ISE helps our cybersecurity resilience by enforcing security over the workstations.

The most valuable feature is AnyConnect Posture because it scans all the programs on the workstation and checks if the antivirus is up to date, as well as the cryptographic keys on our SSD. It also enforces data loss prevention on our workstation, which is usually the main vulnerability for network entry.

Cisco ISE has numerous features that are impractical, and I won't utilize them since they require payment.

I have been using Cisco ISE for around four years.

We encountered a few bugs that were resolved using the SMUs. However, when the solution is built properly, there are no performance issues.

We can scale Cisco ISE up using VMs.

The technical support is excellent, and we rely on their services frequently.

Positive

We previously used Cisco ACS but transitioned to Cisco ISE because it reached its end-of-life status, and we needed to progress.

We have observed a return on investment from the tasks performed by Cisco ISE for our organization.

Cisco ISE is not inexpensive, but the solution is well-built and worth the expense.

We evaluated Aruba ClearPass but ultimately chose Cisco ISE due to budgetary constraints. We were able to secure a favorable discount with Cisco.

I would rate Cisco ISE a nine out of ten. Despite the fact that the solution offers numerous features, it is challenging to use.

We do not rely solely on Cisco ISE to secure our infrastructure from end to end. Instead, we utilize various tools such as McAfee, DLP, and Endpoint Security. Additionally, we have the Domain client to check for any breaches. On our Internet edges, we perform SSL offload to enhance the performance of security projects like WAF and IPS, as well as conduct full packet scans. Furthermore, we have NGFW and NG Networks in place.

Cisco ISE is an important component in protecting our environment because it enforces security against the main point of vulnerability, which is accessing workstations. Ransomware infiltrates a network through workstations. The policies implemented are based on the posture model, ensuring that we use the necessary products on our network to mitigate such risks.

I was not involved in the initial setup, but testing the implementation of a new feature is always challenging. We need to allocate time to test it with the security team and the network team. Additionally, we need to create a separate environment to gain a better understanding of how we can improve the performance of the solution within our network. 

For organizations that do not have the funds to purchase Cisco ISE, there are good open-source solutions available. These include TACACS servers, OpenLDAP, and FreeRADIUS. However, Cisco ISE is an excellent tool for enhancing all the existing tools within an organization.

There's a variety of customer uses for Cisco ISE, which includes securing the edge of the network.

Cisco ISE allows our customers to concentrate on other aspects of the business, knowing that much of their security is now in place.

Cisco ISE's profiling and posturing features ensure that all devices are compliant with regulatory authorities.

Sometimes some of Cisco ISE's graphical interfaces could be a little bit smoother. However, with the different versions, the product is getting better and better.

We've been using Cisco ISE for approximately seven years.

Like most products, as Cisco ISE evolves with different software versions over time, it becomes more stable and feature-rich. Initially, when it first came out, it was playing catch up with other vendors and solutions. However, now Cisco ISE is probably at the forefront of Open NAC solutions.

You can build a distributed model or architecture, and you can scale out with a number of PSN nodes. So Cisco ISE can grow as you grow.

Cisco ISE's technical support is generally very good. They have different levels of tech engineers, but their tech support is very good.

Positive

Some of our customers have considered using Juniper NAC, ClearPass, etc. They switched to Cisco ISE because they had a lot of network infrastructure in place and wanted a single vendor they could use end to end. Everybody has a good relationship with Cisco because they know that if there is a problem, their technical support team will resolve things in a quick and timely manner.

Cisco ISE is very scalable. We can do a small proof of concept and very quickly demonstrate that to customers.

Our customers have seen a return on investment with Cisco ISE. The solution has helped our customers consolidate several products into one and free up their IT staff. Also, the reporting from Cisco ISE enables them to show senior management their network's health.

The licensing could be better across all of the Cisco products. Cisco's licensing models seem to keep changing with different software versions. Cisco is moving towards a subscription service, which would mean additional costs.

Our customers are using Cisco ISE, but we're helping to integrate it into their solutions.

The end-to-end infrastructure security from Cisco AnyConnect host points is very good.

Cisco ISE has helped free up our customer's IT staff to concentrate on other projects. In the UK, where I predominantly work, a lot of the NHS staff have a lot of access switches located throughout multiple buildings. Cisco ISE probably frees up at least twenty percent of their time.

Our customers can use Cisco ISE for device administration for TACACS, RADIUS devices, and individual host appliances.

The migration from ACS to Cisco ISE has helped. Some of our customers were looking at various MAP implementations using different vendors, but we've now got I 2.1 X and MAM all built-in together.

Cisco ISE's ability to consolidate tools or applications has centralized everything and made things a lot easier and smoother for our customers to carry out their day-to-day tasks.

Cisco ISE has helped improve the cybersecurity resilience of our customers' organizations. We've always been able to integrate Cisco ISE into other products. So they're getting more security alerts, making them a lot more secure and happy with their environment.

Overall, I rate Cisco ISE an eight out of ten.

We utilize Cisco ISE for wireless user authentication, as well as authentication, authorization, and accounting for our network devices.

Cisco ISE has made us much more secure. It has streamlined the process of adding new devices to our wireless network, specifically wireless-only devices. Moreover, thanks to scripting capabilities and flexibility on the Cisco ISE side, it has significantly reduced the amount of manual effort required by everyone involved.

Cisco ISE effectively secures our infrastructure from end to end, enabling us to detect and remediate threats. It does a commendable job of securing both end users and their devices, including guest-wired devices for anonymous access. Its ability to compartmentalize everything makes it incredibly convenient, and the comprehensive tracking features are particularly valuable.

Cisco ISE has helped to free up our IT staff's time by saving approximately 40 hours per month, as we are constantly uploading new devices. 

Cisco ISE has helped our organization improve its cybersecurity resilience by authenticating users. It ensures that only certain MAC addresses can be on our network, particularly on our production wireless network. Additionally, it keeps track of authentication frequency and alerts us if clients authenticate too often, allowing us to optimize CPU cycles.

The live logs and live sessions for troubleshooting are the most valuable features because they provide a detailed report of any issues. I appreciate that they guide us through every step that a user or authenticator goes through.

Cisco ISE can become quite complex, especially with policy sets, the entire authentication process, and everything involved. I would appreciate a more comprehensive visual depiction of the steps from the beginning to the end.

I have been using Cisco ISE for five years.

We have never experienced any stability issues with Cisco ISE.

We can scale Cisco ISE by adding additional licenses or servers.

Cisco technical support is excellent. They respond promptly, and their thoroughness is remarkable. For instance, we can send them numerous logs, and they will analyze them in detail for us.

Positive

We have seen a return on investment around the soft cost, with how streamlined everything is, how we don't have to really worry about wrong devices getting on our production Wi-Fi.

I give Cisco ISE a ten out of ten.

Cisco ISE is a great tool. It integrates well with Active Directory and numerous other components. The solution has become a fundamental part of our network and I recommend Cisco ISE to others who are looking to improve their cybersecurity.

Cisco Identity Service Engine (ISE) is used mostly for endpoints. If you want to know the profiling and what endpoints are connecting to your company, then ISE is a good solution because it has built-in signatures. Therefore, it knows what kinds of devices are getting added into the network.

You can install it with any cloud provider, e.g., AWS or Azure.

You can install ISE locally. If your site is critical, like in manufacturing, you need to make sure that ISE is a part of the local site. Usually, people install data centers, but you can also install at critical sites.

One of the advantages is that you can easily find rogue endpoints. For example, if you don't want to allow any endpoints where you don't know the people plugging into what kind of devices, ISE can give you a big, clear picture, e.g., what kind of endpoints are getting connected to your network. That is one of the advantages.

From our company perspective, or any company perspective, you need to be PCI compliant and follow HIPAA laws. Therefore, ISE is really instrumental from a cybersecurity perspective. You need to comply if you are PCI compliant and utilizing credit card transactions. ISE can help you become compliant from that perspective.

There is a new trend: a zero-trust kind of architecture. If a company really wants to improve their security, ISE can upscale the security in their network by creating an access policy. This ensures that if the device is not allowed to access something then ISE won't let that device access that resource. This is mostly for segmentation security.

Cisco could improve the GUIs on their hardware.

I have been using Cisco ISE for about seven or eight years.

The stability is good.

You can scale your ISE. You can use ISE for a company of any size: for a small company, a mid-size company, or a large company. ISE can be installed in a cluster-distributed environment. Thus, there is a lot of scalability and resiliency when using ISE.

I would rate the scalability as eight or nine out of 10.

Cisco support is awesome. I would rate them as eight or nine out of 10.

Positive

We did not previously use another solution.

Initially, it is always challenging. Once you get the gist of the deployment, it becomes normal and straightforward afterwards.

Definitely make sure you install ISE in a distributed fashion. Make sure there is a lot of high availability. Otherwise, if your ISE goes down, then you won't be able to authenticate your endpoint. It is better to install ISE in a high availability solution.

We have definitely seen ROI as we are getting compliant. When you are compliant, you get fewer fines from PCI and those types of organizations. 

It is not that pricey.

We have Zscaler, but it is not operating in the same zone as ISE.

Use ISE if you want to build more resilience within your organization.

I would rate the solution as eight or nine out of 10.

We use it for wired .1x, wireless authentication, VPN, and multi-factor authentication. We wanted to have a consistent experience for authentication and authorization of endpoints across the network, as well as security.

As a water utility organization, we're considered critical infrastructure by the feds. Everyone needs water. So it's important for us to protect our industrial control systems, our SCADA systems. ISE helps us do that by segmenting them off from the rest of the network.

And by eliminating trust, it helps us with audits, including CJIS because we have a law enforcement division, and trying to conform to the NIST standards. A lot of government agencies are becoming more familiar with the Zero Trust model and ISE makes our audits go a lot faster and a lot smoother than they used to.

The endpoint profiling feature is among the most valuable because it keeps me from having to manually maintain a MAC address bypass list to track endpoints. I can have ISE profile them for me and then put them in the right bucket.

In addition, ISE really adopts and is strong in the Zero Trust model where we consider everybody a foreign endpoint until they prove they belong on the network. ISE just seems to be built from the ground up to do that, whereas with other solutions, you have to "shoehorn" that in.

I also rate it pretty highly for securing access to our applications and network. If you have the good fortune of being a total Cisco shop, you can utilize SGTs, end to end, across the network. It can be a little tricky to get working, but once it does, it creates quite a consistent experience for any endpoint, even if it moves anywhere in the network.

I'd like to see the logging be a bit more robust in terms of what it has baked in. If I want to do any in-depth searching, I have to export all the logs to an external platform like Elastic or LogRhythm and then parse through them myself. It would be nice if I could find what I want, when I want it, on the platform itself.

I've been using Cisco ISE (Identity Services Engine) for 10 years.

Now, the stability is pretty good. I've been working on it since the product launched and it was a bit sketchy. Its current state is really good right now.

The only thing we have run into was a bug when we ran virtual appliances, but that turned out to be an issue with our storage networking QoS policies. That wasn't really an ISE problem, it was more of a storage problem.

In terms of supporting a distributed network, it's pretty powerful. You can stand it up and cluster it and it scales out pretty well. You can put nodes wherever you want to service authentication requests. We're able to scale up or out and we can choose how and when we do that with either virtual or physical machines, meaning it's very flexible. 

It scales quite well. One of the things that Cisco is good at is keeping things pretty simple when you want to scale it. If you want to scale up, you get stronger admin and monitoring nodes. If you want to scale out, you get more policy service nodes. It's quite easy to stand them up, really anywhere, if you use virtuals.

We use it around our Fort Worth campus, which has about half a dozen buildings. By the end of the summer, we'll have it deployed to all of the rest of our five campuses. We have about 30 remote locations across 12 counties in North Texas and they're all using ISE. It works out pretty well.

We have it on-prem right now, but we are moving to a hybrid cloud platform on Azure for a lot of our applications, so we're starting to do proofs of concept with ISE in Azure.

TAC is pretty good. I would definitely suggest getting their solution support, which provides higher maintenance. That way, when you do get someone, you get someone who knows what they're doing. If you get the higher level of support, you get some really smart people who can fix things pretty quickly.

Positive

We used to use Aruba ClearPass. It was somewhat clunky to use and it didn't integrate well with third-party platforms. If you used Aruba, it worked great. If you didn't use Aruba, and were pointing things at ClearPass, it had some issues. We found that ISE typically handled things a little bit better. We could point anything at ISE and take care of it.

The initial deployment was pretty straightforward. It's very simple to just turn the box on and plug into it. You go through a couple of settings and then you can log in to the GUI and pull in all the other nodes that you want.

After the gear came in, it took us about a day to deploy it. I started by implementing it at the local campus. That way, if I broke anything, I could just walk down the hall and not have to drive anywhere.

I stood up the first cluster, and then it was another engineer and me who worked on deploying it out to all the buildings. We started out in monitor mode, to see what it would do if we had turned it on. Once we had remediated anything that looked like it was authenticating incorrectly on the wired network, we went to closed mode and that's where we are now.

Return on investment falls in line with the business vision of securing our resources and protecting them against cyber attacks and nation-state attacks. It's hard to put a monetary value on clean water.

Licensing is a disaster. It's a mess and I hope they fix it soon.

In addition to ClearPass, we looked at Forescout. At the time we looked at Forescout, it was more of an inline product and we weren't looking to add more infrastructure between parts of the network to try to do inline authentications. It seemed easier to do it on the switch ports and have them talk to ISE.

It's a very strong platform, especially now that we're on version 3.1. It's definitely my go-to. I would recommend it over any other NAC platform.

It requires a lot of technical knowledge to actually get it off the ground and running. It's not quite as intuitive as it could be, but it's still a solid platform.

We use ISE primarily for RADIUS authentications on our wireless networks and VLAN segmentation for those users.

ISE makes things easier because we all work on one system and we all have the same views, so one person is not looking at a different system. We can all look at the same system and say, "Okay, go to this link." Also, you can integrate it with DNAC (Cisco DNA Center), which is something I am very into. It helps us troubleshoot from the client all the way down to the packet. DNAC can tell us, within ISE, when they're integrated, "This is the issue they're having," and we can report back.

It's great across a distributed network for securing access to all our apps and the network. We don't have to worry about which system is going through which access layer or which security system. We can just put everything into ISE. We don't have to separate the switches from the routers to the wireless. It's all just "one-stop, go." It used to be that our switches were in a separate system for authentication routers and the wireless was all on EAP. It was confusing. ISE consolidated all that.

For my use cases, the in-depth troubleshooting into why a client can't connect or why they failed, is very valuable. I can go back to someone and say, "Hey, it's not my network. It's their certificates or user error," or something else. For my coworkers the VLAN segmentation means a client got in, it dropped them into this VLAN, and that's where they belong. They can't get out. It makes things more efficient.

Also, the fact that ISE considers all resources to be external is very important. We use ISE in our retail environments for our payment sleds. We want our payment system to be secure. Zero Trust is our whole thing. It's great that everything is external to ISE and then everything has to go through the system.

The opinion of my coworkers, and it's mine as well, is that the user interface could use some tender loving care. It seems counterintuitive sometimes. If you go to the logs, it's hard to figure out which one you need to look at. My ISE admin probably has different ideas, but for us, that's the main complaint.

I've been using Cisco ISE (Identity Services Engine) for about 15 years.

Uptime is great. I don't have a complaint with ISE with uptime. It's been a rockstar. As far as I'm aware, we have probably had 95 percent uptime, or even 99 percent. Nothing is 100 percent. When there's an issue, it's usually not ISE.

Scalability is our issue: keeping up with the number of licenses we need for customers and clients. That's our main concern right now. Part of that is on us and part of that is on ISE.

For us, ISE is global between retail stores, warehouses, and world headquarters. Our entire wireless network of over 30,000 devices uses it. In North America alone, we have 13,000 access points and usually around 60,000 clients.

We've had some issues with support. We usually just get our account manager involved and they get the BU online.

It depends on the role of the dice and your TAC engineer and how well they understand the issue. We've had numerous cases where we decided to say, "Okay, escalate."

Neutral

We had ClearPass but we found some difficulties with it and those were things that ISE was better at, such as EAP authentication. We had some issues with how ClearPass interacted with the Cisco wireless environment. The merging of the two technologies was hard.

We have jumped around. We were Juniper, Aruba, and then a Cisco corporate environment, and then a mixed environment. We finally consolidated those between retail, warehouses, and our world headquarters, into a unified Cisco environment with ISE as our RADIUS backbone. ISE gave us what we needed to unify all of them. We finally shut down our last ClearPass server a couple of years ago.

Being fully honest, the Cisco licensing model right now is really confusing. We don't know what licenses we have where. We have Smart licensing, but the different levels are way confusing.

There are different levels for different accesses. We have an enterprise license agreement with Cisco, but all the details of what we have with those licenses get confused in the massive amount of licenses we have, or in the different license levels we have for different geos, et cetera. The Smart license portal is there, but right now, we just don't have the time or manpower to put into that.

I give it an eight out of 10 mostly because when you get in to start configuring the details, it's hard to find some stuff. Otherwise, it's a great platform.

We use ISE for TACACS and 802.1X authentication, wired and wireless. We also use ISE for our VPN authentication, as well as for different policies. We were trying to solve some security holes with Mac solutions, and ISE was a good fit.

It helped our security, which is nice.

I love the policy sets, they are really nice and dynamic. 

This solution helps to support an organization across a distributed network. It's built for enterprises and large-scale deployment. It does what it's supposed to do.

ISE is a little clunky. The front-end feels like it is from the 1980s.

The usability, as far as programmability goes, needs to be improved.

I've been using Cisco ISE for about three years.

The solution is pretty stable. I haven't had any problems.

Cisco ISE is very scalable.

Technical support is horrible. If we call and ask them for help, their first response is always that we should upgrade. That is a horrible response. We pay another company to support us because the technical support can't, even though we pay them to do so. I would give them a two out of ten.

Negative

We have a distributed deployment model. They're all virtual appliances, distributed geographically.

We've got six ISE nodes. Everything is redundant and distributed across multiple data centers. We then used them again for 802.1X, TACACS, and other authentications and policies.

It's hard to dig into at first, so seek help and education.

I'd give Cisco ISE (Identity Services Engine) an eight on a scale from one to ten because it's Cisco, it's reliable. It has a lot of development and other vendors around it because it is Cisco. It works and is pretty stable.