The primary use cases include customer environments, BYOD, posture assessment, and dot1x for wireless and wired networks.
Principal consulting architect at a tech vendor with 10,001+ employees
Helps to have a much better security posture overall and provides visibility into response
Pros and Cons
- "The posture assessment is a valuable feature because of the ability to do assessments on the clients before they connect to the network."
- "Cisco ISE has enabled my customers to deploy secure wireless and secure wired networks and gave them a lot of flexibility to do security enforcement."
- "When I work with customers to do my knowledge transfer, they're really overwhelmed with the navigation of the product and the number of things you can do with it. From a user interface standpoint, Cisco could focus on making certain tasks a bit more guided and easier for customers to walk through. That is, a user-friendly interface and streamlined workflows would be great."
What is our primary use case?
How has it helped my organization?
I'm customer-focused, and for my customers, Cisco ISE has enabled them to deploy secure wireless and secure wired networks and gave them a lot of flexibility to do security enforcement.
What is most valuable?
The posture assessment is a valuable feature because of the ability to do assessments on the clients before they connect to the network.
The guests' BYOD portal and onboarding are feature-rich and fairly straightforward and easy to set up.
From a zero-trust standpoint, it is critical that Cisco ISE considers all resources to be external because, in essence, we don't want to allow anybody on the network that hasn't been verified. Even when they're on the network, we want to make sure that they have the least amount of privileges to do their job.
Cisco ISE hasn't eliminated trust, but it's definitely helped us to migrate more toward zero-trust network environments. It helped us to have a much better security posture overall to help eliminate threats and also give visibility into the response.
ISE is generally deployed as a distributed environment, and it makes it easier to have local resources across the distributed environment so that you're not dependent on always-on access to a data center. In case you lose your internet connection or lose an MPLS connection, you can still have a certain amount of security control at the distributed location.
As far as securing access to applications go, with the posture assessment you get a lot more visibility into the applications on the client when you deploy it and a lot more control over enforcing connectivity in the network, especially with secure group access.
What needs improvement?
When I work with customers to do my knowledge transfer, they're really overwhelmed with the navigation of the product and the number of things you can do with it. From a user interface standpoint, Cisco could focus on making certain tasks a bit more guided and easier for customers to walk through. That is, a user-friendly interface and streamlined workflows would be great.
Buyer's Guide
Cisco Identity Services Engine (ISE)
July 2026
Learn what your peers think about Cisco Identity Services Engine (ISE). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.
For how long have I used the solution?
I've been using Cisco ISE for about eight years.
What do I think about the stability of the solution?
I've had very few issues with stability and haven't run into any bugs.
What do I think about the scalability of the solution?
It scales quite well. Essentially, you can scale up to about 500,000 users, and most of my customers are south of that.
Which solution did I use previously and why did I switch?
I am familiar with ClearPass. I prefer ISE because most of the environments I'm dealing with are Cisco networks. Having the device administration based on TACACS+ is a plus, with it being a proprietary protocol. ISE definitely implements it better than other solutions. From a conceptual standpoint, ISE makes more sense.
ISE may be a bit difficult for my customers because they're not used to it, but the reality is that the workflows make a lot more sense to me than they did with other solutions like ClearPass.
How was the initial setup?
The first deployment I did was complex because I ran into the same thing my customers did. It's overwhelming at first to figure out because there are so many options and so many different use cases. It was tough to narrow it down to what was important and what could be added later.
However, after having done 30 or 40 deployments, it's now straightforward.
I've deployed the solution in a bunch of different environments. I have manufacturing customers with centralized management and monitoring, so the PAN and the MTS are in data centers that are separate but with PSMs deployed all across the network for the distributed model. There also are some, where everything's pretty much in a data center or is split across two data centers.
What's my experience with pricing, setup cost, and licensing?
Licensing has gotten much simpler since Cisco moved to the DNA model because we just have the three tiers, but it could always stand to be improved upon.
Which other solutions did I evaluate?
I evaluated ClearPass.
What other advice do I have?
To leaders who want to build more resilience within their organization, I would say that it's definitely worth moving toward a zero-trust environment. It's really a rebranding of an old concept of least privileged access, but the tools we have to implement it, such as Cisco ISE and firewalls, at the core and the ability to broker it out to the cloud as well, give us a lot more visibility and a lot more control over the traffic and our data, which is our biggest asset.
If you're evaluating the solution, pick two to three use cases, stick with those, and familiarize yourself with the solution. Try not to get overwhelmed with the interface, and don't try to see everything it can do and let it spin out of control; it's easy to do that. Just start with something you really need to implement and then worry about adding more features later on.
On a scale from one to ten, I would rate Cisco ISE at nine.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
ITS 1 at a government with 10,001+ employees
Keeps people who shouldn't be on our network off our network
Pros and Cons
- "We have seen ROI. It has done its job. It has protected us when we needed it to."
- "Cisco ISE works very well for establishing trust for every access request when it is deployed and running correctly."
- "I would definitely improve the deployment and maybe a little bit of the support. Our first exposure to ISE had a lot of issues."
What is our primary use case?
We use it as our complete NAC solution for both on the wire and wireless as well as guest wireless access and SGTs.
We have five hospitals. We have two service policy nodes at every hospital. We have a deployment at every hospital site.
How has it helped my organization?
We are a healthcare department. We deal with a lot of PHI so ISE is important. It is an integral part of keeping PHI safe.
The solution has helped with safety and keeping people who shouldn't be on our network off our network.
Cisco ISE works very well for establishing trust for every access request when it is deployed and running correctly. It is a great product. It does what it is supposed to do.
We know what is on our network because ISE is able to tell us.
What is most valuable?
The guest wireless works pretty smoothly. The SGTs came in very handy when we had to segregate traffic away from our network, even though it is part of our network.
The SGT function would probably be the most used. This is mainly because we have a lot of vendors on our campuses but we need to keep them from seeing the traffic and being able to touch other areas of our network. Being able to use SGTs kind of keeps them in their own little lane away from us.
When it is deployed correctly, it is very helpful. It runs smoothly. It is just integrable to what we do.
What needs improvement?
I would definitely improve the deployment and maybe a little bit of the support. Our first exposure to ISE had a lot of issues. However, I have noticed as we have been implementing patches and upgrades that it has gotten a lot better.
For how long have I used the solution?
I have been using it for about four years.
What do I think about the stability of the solution?
With patches and a little bit of babysitting, it is totally stable now.
What do I think about the scalability of the solution?
It is easily scalable.
How are customer service and support?
The technical support is phenomenal. I have called and opened up a ton of tech cases. Eventually, you get the right engineer who can solve all your problems. I would rate them as eight or nine out of 10. It has gotten a lot better. If someone asked me about support two or three years ago, I would have probably given them five out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We didn't use a solution before ISE.
What was our ROI?
We have seen ROI. It has done its job. It has protected us when we needed it to.
What other advice do I have?
Make sure you have everything ready, including all your information. Make sure you know what you will profile and what will come on your network.
Get hardware nodes versus the VMs.
You definitely want resilience. You want to keep everything protected, especially in the day and age that we live in now. Information is power. Keeping our customers' and patients' information safe is our number one priority.
I would rate it as nine out of 10 because it has gotten better. I have seen it at its worst. Now, it is running a lot better. So, I have a better opinion of it than I did.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Cisco Identity Services Engine (ISE)
July 2026
Learn what your peers think about Cisco Identity Services Engine (ISE). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.
Technical account manager at a computer software company with 51-200 employees
Eliminates trust from a network and we know exactly what to open and what to trust
Pros and Cons
- "SGTs are valuable because they make it easy to enforce policies, instead of pushing them across all the other platforms."
- "ISE has eliminated trust from our network architecture."
- "I would like to see them simplify the dashboard. It's very configurable, but, at the same time, it's not easy to maneuver through it. They should "Merakify" it."
- "It's damn expensive and the licensing is terrible."
What is our primary use case?
We were looking for secure network access.
How has it helped my organization?
It's important that the solution considers all resources to be external because we are introducing new endpoints to the environment every day. We want to make sure that endpoints are secured. In addition, we want to see what that endpoint is doing in our environments.
ISE has eliminated trust from our network architecture. It has changed the methodology of how we look at security. Instead of having everything open, now we know exactly what to open and what to trust.
What is most valuable?
SGTs are valuable because they make it easy to enforce policies, instead of pushing them across all the other platforms.
What needs improvement?
I would like to see them simplify the dashboard. It's very configurable, but, at the same time, it's not easy to maneuver through it. They should "Merakify" it.
The deployment is complex. I get that it's very configurable, but there is the challenge of how to get to certain things. You go to different places to get the same things done. There needs to be improvement to the GUI.
For how long have I used the solution?
I have been using Cisco ISE (Identity Services Engine) for seven years.
What do I think about the stability of the solution?
It's now way more stable than 2.0 was.
What do I think about the scalability of the solution?
It's scalable, but we get back to the point that you have to deploy multiple nodes across the environment to get the bandwidth for larger environments.
How are customer service and support?
TAC is pretty good. They're solid. The product has been out there for a little bit so that side of things is good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We had ClearPass.
How was the initial setup?
It's pretty good when it comes to supporting an organization across a distributed network but it's not easy to implement. It requires a lot of expertise. It requires a full understanding of your environment and the traffic flow.
Our clients have it in multiple locations. At the same time, there are multiple SSIDs on the wireless side and each SSID has a different function for a different group of users. It's not like there is just one set of policies. It has to be multiple policies and sometimes the policies cross each other when moving from one campus to another campus.
Deployment requires a minimum of two solid engineers. One can focus on the network side and the other one can focus on the ISE side.
The way you establish trust is that you first have to "untrust" everything and then you set your points and your profiles and, based on that, you build your policy.
What's my experience with pricing, setup cost, and licensing?
It's damn expensive and the licensing is terrible. There are three different types of licenses: Essential, Advantage, and Premier, and each one of them has certain features. I work with the SLED accounts and it's not easy for customers to find the money. I'm trying to sell their product but, at the same time, to utilize the product fully they have to pay millions of dollars on the licensing alone. And it's software. It's not like I'm selling them hardware with hardware value. It's just software. The prices need to be brought down.
The majority of our clients are still using 2.7, while some have moved to 3.0 or 3.1. That's another issue with the licenses. If you have perpetual licenses on 2.7 and you upgrade to 3, you are forced to go with Essentials. That is one of the issues that I'm seeing with my clients now.
What other advice do I have?
Go for it. It's a great solution. It's very configurable and you can tie your environment together from a wireless or from a wired side. I love the solution.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Senior Network Architect at Commercial Metals Company
Integration with Active Directory means we can find and authorize users based on their AD groups
Pros and Cons
- "The most valuable feature is 801.1x and another very good feature is the TACACS."
- "Without Cisco ISE, we couldn't authorize our users, contractors, and everyone else."
- "I would like to see integration with other vendors, and the RADIUS integration needs to be improved a little bit."
- "Technical support has been okay, but I wouldn't describe it as "very good." We have had some problems with technical support."
What is our primary use case?
We use it mostly for identity, authentication, and authorizations for wireless and wired. The challenges we were looking to address were mostly around the authorization and authentication of the users. We wanted to use the Identity Services Engine to make sure that the users accessing our network were authorized users, with the authentication happening before.
How has it helped my organization?
The integration with Active Directory, and finding and authorizing users based on their Active Directory groups, rather than just their identities, was a big change for us.
What is most valuable?
The most valuable feature is 801.1x and another very good feature is the TACACS.
In addition, it establishes trust for every access request. That's very valuable. We can't authorize users without it. The fact that it considers all resources to be external is very important. Without Cisco ISE, we couldn't authorize our users, contractors, and everyone else. It's our one source of truth for authentication and authorization.
It's also very good when it comes to supporting an organization across a distributed network. We like that.
What needs improvement?
I would like to see integration with other vendors, and the RADIUS integration needs to be improved a little bit.
Other than that, all the features that we're using look good.
For how long have I used the solution?
I have been using Cisco ISE (Identity Services Engine) for about six years.
What do I think about the stability of the solution?
It has been very stable. There's no problem with that, as we have redundancy in place.
What do I think about the scalability of the solution?
It can be scaled very quickly by adding more nodes to the solution. The scalability is very good.
We have it deployed in three data centers in Austin, Texas, Lewisville, Texas, and one in Poland. It's a distributed deployment and we have around 8,000 endpoints on it so far.
How are customer service and support?
Technical support has been okay, but I wouldn't describe it as "very good." We have had some problems with technical support. Sometimes it takes them too long to resolve a problem.
How would you rate customer service and support?
Neutral
What's my experience with pricing, setup cost, and licensing?
The pricing is good. The last time we purchased four new appliances the price was doable for any organization of our size.
Which other solutions did I evaluate?
In my previous job, I used Aruba ClearPass. It's similar to ISE. They're both good.
What other advice do I have?
Design it well in the first place. If you design it well, you can scale it. Always read, line-by-line, the Cisco guide because that's where you'll find all the information about the design and the scalability. If you design it correctly in the first place, you will have a smooth ride.
We want to use it in a hybrid cloud deployment, but we currently use it 100 percent on-premises. As we move more into the cloud, we're trying to integrate that with Cisco ISE to make it our authentication and authorization source. We're not really into the cloud yet. We're just doing some dev. We're building a whole cloud strategy.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Services Director at XByte SRL
Improves security posture and reduces security gaps
Pros and Cons
- "They provide you multiple ways to achieve security, not only on-prem, but also when you have remote and guest workers. Especially post-pandemic, a lot of our customers have remote workers. So, it has been really helpful."
- "Profiling is a really good feature. However, it sometimes is a challenge for customers when there are issues with the remediation part. I would add a built-in remediation solution. That would be a very nice feature."
What is our primary use case?
We are working with packets and A011X. In some cases, we also do profiling.
We are using this solution because we wanted to improve security and reduce security gaps. This is mainly for our customers.
How has it helped my organization?
This solution improves security. There is a new law in the Dominican Republic, where I am from. The central bank has ordered the banks to improve their security through a law. ISE is one of the start points for those organizations to start improving their security.
The solution gives us a way to provide a professional security solution to our customers.
What is most valuable?
They provide you multiple ways to achieve security, not only on-prem, but also when you have remote and guest workers. Especially post-pandemic, a lot of our customers have remote workers. So, it has been really helpful.
Its resilience gives you a better security posture. Cybersecurity resilience is very important. Security is one of the main things in my country enforced by law.
What needs improvement?
Profiling is a really good feature. However, it sometimes is a challenge for customers when there are issues with the remediation part. I would add a built-in remediation solution. That would be a very nice feature.
For how long have I used the solution?
I have been using the solution for six to seven years.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
It is very scalable. You can install several nodes in order to scale the solution.
How are customer service and support?
The technical support is really good. I would rate them as 10 out of 10. You need to know how to work with the tech support. If you don't know how to work with them, then it won't work.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have been working for 15 years with Cisco as a Cisco partner. We like the Cisco solutions.
How was the initial setup?
The deployment is complex. It takes four or five to deploy it.
What about the implementation team?
Deployment takes a skilled technician. The customer's help is always needed since we need to integrate Active Directory.
What was our ROI?
Our customers see ROI. They feel more confident about their operations. It gives them time to do other things in order to be more profitable.
What's my experience with pricing, setup cost, and licensing?
It has a fair price. It is better than it was before.
Which other solutions did I evaluate?
We have seen Aruba ClearPass, but it is not that common in the Dominican Republic.
What other advice do I have?
Organizational leaders should do constant analysis of their security posture, in order to be improving every day.
I would rate them as eight out of 10 because of the remediation feature.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller/Integrator
Director, Information Technology Solutions at a healthcare company with 5,001-10,000 employees
Comprehensive and allows you to control access to network resources granularly based on policies
Pros and Cons
- "Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies."
- "Cisco ISE is very complex and not very easy to deploy."
What is our primary use case?
We use the solution for network access control.
What is most valuable?
Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies.
What needs improvement?
Cisco ISE is very complex and not very easy to deploy. There are a lot of prerequisites for the tool.
For how long have I used the solution?
I have been using Cisco ISE (Identity Services Engine) for three years.
What do I think about the stability of the solution?
We did not face any issues with the solution’s stability.
What do I think about the scalability of the solution?
Cisco ISE is a very scalable solution.
How are customer service and support?
We are working with a partner for support and are very happy with them.
On a scale from one to ten, where one is bad and ten is good, I rate their support a seven or eight out of ten.
Which solution did I use previously and why did I switch?
Compared to Cisco ISE, Fortinet NAC is more consumer-friendly.
How was the initial setup?
On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a four out of ten.
What about the implementation team?
The project lasted a few months, but the planning took several months. Cisco ISE itself means nothing. It has to have the network set up to ensure the network penetration is in place, and we're still working on that.
What was our ROI?
Security is about risk control and exposure avoidance. You can only calculate its return on investment based on how you avoid penalty fees. Cisco ISE improves our security stats.
What's my experience with pricing, setup cost, and licensing?
If you consider money only, Cisco ISE is not a cheap solution. Functionality-wise, however, it offers a very good price for the value you receive.
What other advice do I have?
The solution's compliance and policy enforcement capability has benefited our organization by simplifying work.
The solution operates in the background, and users generally don't interact with it. Cisco ISE is the security framework layer between network resources and end users using them. Users do not go into Cisco ISE to do anything.
It's like Active Directory for Identity. If you're an end user, you don't work in Active Directory, but you authenticate Active Directory to use resources on the network. The same applies to Cisco ISE, and users don't interact with it directly. They are affected by it to the extent to which they are accessing network resources.
Cisco ISE has a very comprehensive integration suite and we did not face a lot of challenges in integrating this solution with other security tools. If they know how to use it, I would recommend the solution to other organizations with similar security needs.
Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Network Services Engineer at a government with 51-200 employees
Significantly improves our security and has been great for segmenting our traffic and getting the users into the right VLANs
Pros and Cons
- "The feature that I found most valuable is profiling. We use that to profile certain types of devices, and then depending on the manufacturer, drop them into the appropriate VLAN without us having to go in and manually add the devices."
- "We would definitely like to see a little bit of an improvement in the web GUI navigation. Some of the things are a little bit hidden in the drop-down menu. If we could get a way to get to those quicker, it'd be much more useful."
What is our primary use case?
We use Cisco ISE to authenticate users or devices onto the network and then drop them into the appropriate VLANs to isolate them and maintain network segmentation.
How has it helped my organization?
Cisco ISE has been a great tool to segment our traffic and get the users into the right VLANs. It definitely does free up a lot of time from manual configurations.
It has definitely improved our security a lot. We used to be a single flat network, and now, we are a segmented network where we have all our different traffic isolated so that in case we do get a breach, not all the customers are affected.
Cisco ISE has been great for securing our infrastructure from end to end so that we can detect and remediate threats. We've already seen it detect some devices that we didn't know about, and they quarantine those devices, allowing us to take the appropriate security actions against them.
Our IT staff has been freed up for other projects with Cisco ISE because we're able to do a little bit more automated configuration. We just throw out a single configuration to the ports, and then the users get dropped into whatever VLAN they need to be in without us having to go to each site and configure these things manually. On a usual workday, it has freed up at least a couple of engineers for two to three hours.
Our cybersecurity resilience has improved with Cisco. Users are now segmented. We have firewalls in between, so we can take a look at all the traffic. We have quarantine enabled in there so that if we get a device on our network that we don't recognize, we can lock it down.
What is most valuable?
The feature that I found most valuable is profiling. We use that to profile certain types of devices, and then depending on the manufacturer, drop them into the appropriate VLAN without us having to go in and manually add the devices.
What needs improvement?
We would definitely like to see a little bit of an improvement in the web GUI navigation. Some of the things are a little bit hidden in the drop-down menu. If we could get a way to get to those quicker, it'd be much more useful.
For how long have I used the solution?
We've been using Cisco ISE for about three years.
What do I think about the stability of the solution?
So far, from what we've been using, we haven't had any problems even with any of the additional patches that we've added. It has been great.
What do I think about the scalability of the solution?
Scalability-wise, it's great. We have plenty of space to add additional nodes. Right now, the ones we do have are not being utilized to a hundred percent, so if we ever do need to add additional, it seems pretty straightforward.
How are customer service and support?
Cisco support has been pretty good over the years, helping us get this stuff up and running. It has definitely taken us a while, and some of the cases have been pretty long, but Cisco support has been pretty good. I'd rate their support a nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We weren't using anything in place of Cisco ISE previously. We were pretty lacking in that department. When we got Cisco ISE, we improved our security significantly.
We went for Cisco ISE based on a suggestion from one of our vendor partners who helped us with our network refresh. They said that Cisco ISE was something that they had used previously in lots of larger deployments, and they had seen great success with it.
How was the initial setup?
I was involved in its deployment. It was pretty straightforward. A lot of the issues that we ran into were related to coordination with the users just because it was a change for them, but the actual deployment and everything else were pretty straightforward.
What about the implementation team?
We used MTT. They were great. They walked us through the whole process. They designed the network refresh for us as well as the Cisco ISE integration portion of it.
What was our ROI?
We've seen an ROI. We've freed up some hours, so those engineers who were previously doing more mundane tasks are now able to do something else.
What's my experience with pricing, setup cost, and licensing?
I don't know too much about the actual pricing on it. The licensing part is pretty straightforward. It's a lot more simple than some of the other Cisco licensing models. In that aspect, it's great.
What other advice do I have?
Overall, I'd rate Cisco ISE a nine out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Senior Network Engineer at a tech consulting company with 11-50 employees
Acts as a network access control solution and mitigates a lot of potential attack factors
Pros and Cons
- "I found the CMDB Direct Connect in Cisco ISE 3.2 the most promising feature for my use case."
- "Cisco ISE's real-time data analytics for database logging could be improved."
What is our primary use case?
We primarily use Cisco ISE as a network access control solution. We do a lot of quarantine actions from our CSOC. We use the AnyConnect VPN by setting multiple deployments for dedicated purposes, where we use it to provide wireless.
How has it helped my organization?
Cisco ISE has brought a level of visibility that my organization hadn't had beforehand. At the same time, it has mitigated a lot of potential attack factors and brought in a sense of control in the hardware during the onboarding process.
What is most valuable?
I found the CMDB Direct Connect in Cisco ISE 3.2 the most promising feature for my use case. We have a lot of wired map devices and having an externally approved source to validate if a machine is legitimate or approved to be on the network is extremely valuable for us. It helps make the whole process of authorizing endpoints quick.
What needs improvement?
Cisco ISE's real-time data analytics for database logging could be improved. Earlier, you didn't have direct read access to the database. You'd have to rely on logs through some other sources like Splunk and be able to put everything that you want together. Being able to review logs in real-time, customized to your filtering, adds a lot of context and visibility.
For how long have I used the solution?
I have been using Cisco Identity Services Engine for about four and a half years.
What do I think about the stability of the solution?
I do not like the stability of Cisco ISE in the virtual environment. That might have been more of an underlying host issue rather than an ISE issue. But we've moved to hardware right now, and I wouldn't have looked back. The next place we're looking to explore is potentially in the cloud, but that's still up in the air because our environment is not small. We're one of the larger 700,000-plus endpoints.
What do I think about the scalability of the solution?
Cisco ISE's scalability is nice. However, not many people can deploy Cisco ISE in a very large environment. In other words, there are no large environments that are hitting around 100,000 plus clients for active concurrent sessions. If you're trying to create multiple deployments to distribute the workload evenly, I don't like that there's no centralized management platform for Cisco ISE. You still have to go into each deployment and do your configuration.
How are customer service and support?
From my account team, I rate Cisco ISE's technical support ten out of ten. However, from a tech perspective, if I'm talking to tech level one, tech tier one, or tech tier two, I'd have to give it a six out of ten. Once you start getting into the more advanced tiers and even the business units, the support goes through the roof.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I've always worked with Cisco ISE. However, in my organization, there's another part of my infrastructure where they use Forescout. The way Forescout implements a NAC solution differs vastly from how Cisco ISE does it. The way Cisco ISE does it is more ingrained in the whole radius process and enhances the security features on a switch or wireless line controller.
Our organization chose to go with Cisco ISE instead of Forescout because, holistically, the solution checked all the boxes needed for a NAC solution.
How was the initial setup?
I was not involved in our organization's first iteration of Cisco ISE. We've since migrated and modernized our Cisco ISE deployment, and I've been heavily involved in that.
The ease of deployment depends on the environment you're deploying in, understanding what use cases you have out there, and understanding what kind of endpoints you're exposed to or exposing your network.
Overall, Cisco ISE's initial setup is not overly complicated right now. But since our organization is moving into a multi-vendor or managed services contract, we're bringing in many vendors like Meraki, Juniper Mist, Aruba, and Fortinet. That's when things get complicated because they don't all use the same type of authorization results.
What about the implementation team?
We implemented Cisco ISE in our organization directly through Cisco. My experience with Cisco has been phenomenal because they listen. We've run into many technical issues, but they've been at our beck and call and have been there to support us to a point where they've rushed certain fixes. We've had a couple of engineering specialits because of things we've encountered. They worked hard for us.
What was our ROI?
The product is positive regarding a return on investment, considering the cost we're bringing in for Cisco ISE's deployment versus the value we're adding to the environment.
What's my experience with pricing, setup cost, and licensing?
According to my sales and account team, the prices we're getting are pretty good. I wouldn't say they're the manufacturing or listed price by any means, but we do a lot of business with them. So the price points that they're coming in at are pretty manageable.
What other advice do I have?
When it comes to securing our infrastructure from end to end so that we can detect intermediate threats, a lot of it has to do with integrating Cisco ISE with other products. For example, Cisco ISE primarily deals with either the access layer or remote connections. However, when you start integrating it with other things like titration or secure network analytics, you can get a bigger grasp of the overall picture. When you bring other security teams into it, they can start creating their policies, alerts, etc. They can start automating some of the incident mitigations and stuff like that.
My use case is a little bit different in that there's no end to our work. There are a lot of other business groups within my organization that aren't complying with what the network security policy should be. So I have to reach out to them and get them to use a dot1x protocol or ensure that their stuff is in our CMDB database.
We're in a big migration and shift in our overall security policy. So there's a lot of moving aspects going on right now. However, as we start getting things moved into an MDM, as we start getting things moved into using a dot1x protocol, we can get an active identity of an endpoint.
Cisco helps reduce the amount of staff we have to chase down and figure out what kind of policies should be implemented. We can then incorporate our onboarding process into that, preventing unauthorized devices from connecting in or at least be reassured that if anything that we haven't had any chance to look at connects in, we can deny it with confidence. Down the road, it'll alleviate a lot of the time and planning we're doing right now.
My organization is a bit different. I've tried to get them onto the posture feature of Cisco ISE, but they're pursuing other vendors for that. We've decided to incorporate through a pxGrid integration with other applications such as Tanium, Forescout, or whatever application my security organization uses. They can pull contacts from the Cisco ISE endpoint and then be able to issue a quarantine action to Cisco ISE on that particular endpoint.
Overall, I rate Cisco ISE ten out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Network Manager at a government with 201-500 employees
Helps save us time and seamlessly integrates with our entire suite
Pros and Cons
- "The most valuable feature of Cisco ISE is its seamless integration with the switches and the entire suite, enabling wireless access and smooth client information retrieval."
- "If Cisco could grant more control, the features could be more focused on network and security administration, reducing the need for integration with other components."
What is our primary use case?
We use Cisco ISE for the authentication of wireless clients.
How has it helped my organization?
Cisco ISE has saved me a couple of hours per month in terms of not having to manually onboard clients. However, there are still some manual tasks that need to be uploaded to Cisco ISE.
What is most valuable?
The most valuable feature of Cisco ISE is its seamless integration with the switches and the entire suite, enabling wireless access and smooth client information retrieval.
What needs improvement?
One of the problems we have had is that there are many features on Cisco ISE that we are not utilizing. In the real world, it requires multiple parties to come together, just like the AD or OU. Therefore, it won't be solely the responsibility of the network or security personnel to ensure that the solution works as intended and utilizes all the features. It necessitates collaboration among various stakeholders. If Cisco could grant more control, the features could be more focused on network and security administration, reducing the need for integration with other components. This would be beneficial for my organization.
For how long have I used the solution?
I have been using Cisco ISE for one and a half years.
What do I think about the stability of the solution?
Cisco ISE is extremely stable.
What do I think about the scalability of the solution?
As long as we have the funds to purchase the license, Cisco ISE is highly scalable.
How are customer service and support?
We have a contact person in Singapore whom we can reach at any time for support.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was straightforward because we used an integrator.
What about the implementation team?
We used an integrator for the implementation.
What was our ROI?
The cost-benefit analysis primarily considers the time saved through manual labor.
What's my experience with pricing, setup cost, and licensing?
The recent changes in the licensing model have caused some issues with the team.
Which other solutions did I evaluate?
We have a rigorous procurement process and carefully evaluated other options before selecting Cisco ISE.
One of the other solutions we evaluated was the Aruba Wireless feed and its accompanying authentication, but we determined that Cisco ISE was superior and more beneficial.
What other advice do I have?
I would rate Cisco ISE with a nine out of ten based on its overall benefits. However, since I am unable to utilize all the features due to the need for coordination from numerous other teams, I would personally assign it a benefit score of only five out of ten.
We attempted role-based access with the Cisco ISE integration, but it didn't work out effectively because it is more of an upper-level issue regarding organization and role level. Multiple teams had to collaborate, and there was a need to configure the Active Directory and Organizational Unit groups. This also involved restructuring and similar tasks. As individuals moved between OU groups, someone had to consistently update the OU groups to ensure the success of the process.
We have made a significant investment in Cisco infrastructure; therefore, we have chosen Cisco ISE as a logical option for our authentication mechanism.
Cisco ISE has not directly assisted our organization in enhancing its cybersecurity resilience.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Senior Systems Engineer at Austro Control
Offers flexible policy sets, helps secure our infrastructure, and serves as a central hub for all types of network access
Pros and Cons
- "The most valuable feature is the flexibility of the policy sets."
- "Cisco ISE requires a lot of time-consuming administration."
What is our primary use case?
We utilize Cisco ISE for network access control and employ RADIUS access for managing user control in our virtual environment.
How has it helped my organization?
Cisco ISE enables us to implement network access control, ensuring that only approved devices can connect to our network. It serves as a central hub for all types of network access, including wired, wireless, and VPN connections improving our network security.
It does a good job of helping secure our infrastructure from end to end, even though there are many features that we are not utilizing.
Cisco ISE has helped us consolidate tools like Cisco Token that we no longer require. The ability to consolidate tools has provided us with a centralized point of access for our security infrastructure, generating abundant information regarding access.
It has helped our organization improve its cybersecurity resilience by enabling us to control the devices that access our network, unlike before when we had to physically access the port.
What is most valuable?
The most valuable feature is the flexibility of the policy sets.
What needs improvement?
Cisco ISE requires a lot of time-consuming administration.
For how long have I used the solution?
I have been using Cisco ISE for eight years.
How are customer service and support?
Cisco tech support, I'm sure, is very good. However, the amount of resources required to submit and process cases is quite significant. As a result, unless we encounter a major issue, we generally prefer to avoid Cisco TAC and instead seek out workarounds.
How was the initial setup?
The initial setup should be straightforward, but it is often quite complex. A greenfield deployment, where we start from scratch, is easy. The challenges typically arise when we attempt to upgrade an existing deployment.
What about the implementation team?
We utilized the services of Open Network for assistance with the implementation. Their services were excellent, and we would gladly engage their services again.
What other advice do I have?
I give Cisco ISE an eight out of ten.
Cisco ISE is equipped with numerous features. We are a small company and only utilize the ones we require. However, as our requirements change or grow, we may consider adopting more of the features that Cisco ISE offers.
The administration can be time-consuming due to all the updates and patches, but overall, I recommend Cisco ISE.
Our organization was familiar with Cisco, and we used wireless LAN products. That is why we chose Cisco ISE, as it integrates well with our infrastructure.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Download our free Cisco Identity Services Engine (ISE) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: July 2026
Popular Comparisons
Cisco Secure Firewall
Cisco Umbrella
Aruba ClearPass
Cisco Secure Email
Cisco Secure Network Analytics
Forescout Platform
Fortinet FortiNAC
Cisco Secure Endpoint
ThreatLocker Zero Trust Platform
Cisco Secure Client (including AnyConnect)
Cisco Secure Workload
F5 BIG-IP Access Policy Manager (APM)
ExtremeCloud IQ
Buyer's Guide
Download our free Cisco Identity Services Engine (ISE) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- ForeScout vs. Cisco ISE
- What are the main differences between Cisco ISE and Forescout Platform?
- Can Cisco ISE disallow authentication based on OS?
- Cisco ISE (Identity Services Engine) vs Fortinet FortiNAC: which solution is better and why?
- What are the requirements for integrating the Cisco Data Center and Cisco ISE?
- What is the biggest difference between Aruba ClearPass and Cisco ISE?
- Which is better - Aruba Clearpass or Cisco ISE?
- How would you compare Cisco ISE (Identity Services Engine) vs Forescout Platform?
- How does Cisco ISE compare with Fortinet FortiNAC?
- What is your experience with 802.1X when using EnGenius WAP/switch with Cisco ISE 2.1?











