Cisco Identity Services Engine (ISE) Reviews

We use it for MAC Authentication Bypass, 802.1X authentication, and certification and validation against Active Directory. Because MAC devices can't be enrolled in the domain, we were doing a manual installation of certificates.

We are a very secure enterprise now because only our corporate endpoints can be authenticated on our wireless. Before, any device could be connected to our production network. And the corporate endpoints have antivirus and anti-malware. Things are more and more secure.

Authentication is the most valuable feature because it puts our company at another level of security. It establishes trust for every access because we use only corporate endpoints. If somebody has another device, they can't connect it to the enterprise network because we haven't implemented bring-your-own-device yet. We have five warehouse buildings and all our operations are around logistics and that means external people don't come to our buildings.

I have been using Cisco ISE (Identity Services Engine) for three years.

It's very stable.

It's expensive to scale Cisco ISE, but our situation is stable so we don't need to scale it for now. In the future, we will need a more scalable solution.

It is used for all our departments, all end-users, all corporate endpoints. And when we use MAC Authentication Bypass, we include printers and VIP cell phones.

Tech support is very good.

Positive

We didn't have a previous solution.

The deployment was a little complex, but not because of the solution. It was more an issue for our people because it was a mindset change.

It took us about six months to deploy. Because we didn't have a previous solution, we just deployed it one department at a time across our four departments.

We used an integrator, ITS Infocom. Experience-wise, it was very good. On our side, we had three people involved. 

Since implementing Cisco ISE, we haven't had any attacks against our application.

Pricing is not a problem for Cisco because it has a lot of features and not much competition, although it's more expensive than other products. But if I do a cost-benefit analysis, Cisco provides high quality.

We looked at Aruba. Cisco ISE is much better.

Be patient with the implementation. It can be very difficult for the clients, the people using it, because it requires a change of mindset.

We use Cisco ISE to set different policies for various profiles. For example, someone on their own device has a different set of policies and postures than a person on a company machine. 

Currently, we are using Cisco's dictionary for both device and user authentication. When I say "device authentication," I mean we authenticate users who access network devices. 

We consider the running policy when users want to access a data center server. The user is forwarded to the ISE servers to be authenticated, and they're given a password defined on the ISE for them according to the policy.

We have two virtual servers with different rules. For example, one is used to authenticate and audit, and the other to authorize and authenticate. And since most of our centers don't support full ISE integration, we use only some features. That means not all our users are not authenticated via the ISE.

It's easy to change and add policies.

Some of ISE's features need to be more agile. For example, we couldn't integrate our data because Cisco needs your data to be in its own format.

We implemented Cisco ISE about a year ago.

We have capacity limitations with retail, and we aren't integrating ISE for all the users. We have about 2,000 end-users that need to be integrated, and we added the entire thing to about 1,000 devices.

I rate Cisco support eight out of 10. We initially had difficulty integrating ISE with another solution we use from Huawei. We deleted the existing profiles defined on ISE and lost our definitions and profile features that were there before. We ordered the platform through these resellers, but they haven't been helpful, so we get more support from Cisco. They are very good.

Positive

Setting up this solution wasn't that difficult for me because I was involved with all of these projects. We implemented everything last year and deployed a portion of the modules integrated into our environment. It wasn't that difficult to install and apply to get these permissions.

A contractor came to help us deploy everything as part of the bank's data center solution. Since then, I have installed one of the components that we deployed at the time. It was a local tech company that got the platform given to them. That's how they got everything implemented with it together.

The return on investment depends on how you utilize the solution. We haven't utilized it well thus far, so I would rate it four or six out of 10.

There is a limit on the number of nodules supported. The number of users per license is limited to around 2,000, so the license price should be adjusted to take these limitations into account or we should be allowed to add more users to the same devices.

We use ISE because most of our networking devices are from Cisco, including the VIRL lab. I have to compare other vendors, but I don't think the cost difference is so much that I would switch solutions. 

I rate Cisco ISE eight out of 10. It works fine in our experience. 

I do the designing and implementation and hand it over to the customer. Sometimes, I provide support to the customer. The solution is used for network access control. I have implemented almost all the features of the product.

TACACS is valuable. The product is useful for device administration.

We face many bugs. The vendor is trying to improve it by releasing new patches and hotfixes.

I have been using the solution for almost five years.

I rate the tool’s stability a six out of ten. It breaks down a lot.

I rate the tool’s scalability a seven out of ten. To scale the solution, we must decide which persona should be added. There are different personas for management, monitoring, and policy enforcement. It needs some calculations. I have a lot of clients. One of my clients has 20,000 to 50,000 users.

The initial setup is not easy. It should be designed properly. The solution has almost two or three personas. The design must be reviewed correctly. The implementation is not easy. It is a little bit complex compared to other NAC solutions. The time taken for deployment depends on the size of the implementation. It can take from one week to one year.

The solution is not that cheap.

We are partners. A lot of customers are using Cisco’s infrastructure. The product can be integrated easily. We have faced a lot of issues while integrating other tools. Overall, I rate the solution an eight out of ten.

We use Cisco ISE Identity Services Engine currently for TACACS and posturing.

The product elevated my organization’s security level, helped us meet some guidelines, and made our life easy.

We found all the features of the product to be valuable. We have no complaints about it. Posturing is valuable to my organization. Now, we're improving our whole environment to go into a Zero Trust policy, and Cisco Identity Services Engine plays a huge role in it. We're defense contractors, so we support DOD and have specific stakes and a baseline to go with. Our strict environment requires us to do certain things, and the solution plays a role in it.

They should improve their licensing. Licensing is always trouble with Cisco, and Cisco Identity Services Engine is no different. The way the product is licensed could be improved.

I have been using the solution for almost three years.

The solution’s stability is good to go so far. Some vulnerabilities had popped up like any other solution, but Cisco remediated them. There was no problem.

We haven’t even scraped to the surface of what the tool could do. It's very scalable, and we will try to use it as much as we can in the future.

We have had no issues with the product’s customer support so far. We had a neutral experience with support.

Positive

We have seen a return on investment in terms of not pursuing any other solutions. We didn't need to look further. The product did what it does for us now. We are very content with it. We don't have to invest further into something else.

The solution’s pricing is okay.

The tool secures our infrastructure to a certain point. However, we're not using it in terms of detection. My team is only four people, and we take all the tasks together.

The solution did not help us consolidate tools. However, it does help us with TACACS. TACACS was a big thing that we needed. We are trying to get rid of NPS and RADIUS, and we will probably use the product in the future for Certificate Authority. It could probably consolidate tools, but it's not doing it now. However, it will in the future.

The product has absolutely improved our cybersecurity resilience. With all the posturing we're doing and the Zero Trust policy we are bringing, it prevents other users from insider threats. It helps big time with insider threats. It's a big thing for us in our specific programs.

Give it a shot because we did give it a shot. People at first said it was very pricey, but it wasn't really as pricey as people say it is. It's worth trying it. Zero Trust will be mandated later, especially if you're in the government. The product will play a big role in it.

One of our team members was pursuing a certification in CCMP security. He was specifically on the Cisco Identity Services Engine track. We got that for him to demo and test it out. Eventually, it became part of our product. TACACS, Posturing, and Certificate Authority could be the reason why we chose the solution. We are using it now for 802.1X. All port security is not a thing anymore for us.

Overall, I rate the product a nine out of ten.

We utilize Cisco ISE for network access control and employ RADIUS access for managing user control in our virtual environment.

Cisco ISE enables us to implement network access control, ensuring that only approved devices can connect to our network. It serves as a central hub for all types of network access, including wired, wireless, and VPN connections improving our network security.

It does a good job of helping secure our infrastructure from end to end, even though there are many features that we are not utilizing.

Cisco ISE has helped us consolidate tools like Cisco Token that we no longer require. The ability to consolidate tools has provided us with a centralized point of access for our security infrastructure, generating abundant information regarding access.

It has helped our organization improve its cybersecurity resilience by enabling us to control the devices that access our network, unlike before when we had to physically access the port.

The most valuable feature is the flexibility of the policy sets.

Cisco ISE requires a lot of time-consuming administration.

I have been using Cisco ISE for eight years.

Cisco tech support, I'm sure, is very good. However, the amount of resources required to submit and process cases is quite significant. As a result, unless we encounter a major issue, we generally prefer to avoid Cisco TAC and instead seek out workarounds.

The initial setup should be straightforward, but it is often quite complex. A greenfield deployment, where we start from scratch, is easy. The challenges typically arise when we attempt to upgrade an existing deployment.

We utilized the services of Open Network for assistance with the implementation. Their services were excellent, and we would gladly engage their services again.

I give Cisco ISE an eight out of ten.

Cisco ISE is equipped with numerous features. We are a small company and only utilize the ones we require. However, as our requirements change or grow, we may consider adopting more of the features that Cisco ISE offers.

The administration can be time-consuming due to all the updates and patches, but overall, I recommend Cisco ISE.

Our organization was familiar with Cisco, and we used wireless LAN products. That is why we chose Cisco ISE, as it integrates well with our infrastructure.

I often use Cisco ISE for guest portals to onboard devices. For example, if a company wants to allow their employees to bring their own devices, there's a large security risk. Cisco ISE can help with onboarding those devices and check whether they're up-to-date with security patches and whether they fit the criteria to join the network.

There's so much stress involved with the pressures of trying to make it easy for customers to use the product without constantly having to jump over security hurdles. On the other hand, there is the constant threat of cyber attacks. Balancing the two can be quite stressful for developers, engineers, and consultants.

Our main goal, as an intermediary between Cisco and our clients, is to help IT managers, IT engineers, and administrators have better days. There is a lot of pressure on IT staff, and by giving them the right tools and solutions, we can help them feel more empowered to do their job much more effectively and, therefore, feel proud of their work.

In terms of features, the best feedback I've received has to do with guest portals. The guest portals and sponsor portals are where a company can customize their appearance. As people join the guest network, they're presented with the branding of the company that they're in.

A lot of customers use a third party to manage their guest Wi-Fi. Cisco ISE presents the ability to bring that in-house so that customers can have full control over it, change the branding, and get extra telemetry from it and the user data. It works really well for our customers.

I first started working with ISE at version 1.2, which was quite a few years ago. Over the years, the user interface has become a lot easier. The way the different parts of ISE come together and the connections between the different sections are a lot easier to follow. The interface gives you a much clearer picture of how the different policies and standards that you are building are brought together.

I don't see as many customers as I should adopting the onboarding feature. I think Cisco should make that process a lot easier and less intrusive on the end users' devices.

I've worked with Cisco solutions since 2007.

We offer the entire suite, with SecureX, Umbrella, and Cisco ISE being the main headlines. We work a lot in developing the orchestration and automation of new security systems in line with Cisco.

When it's time to generate a TAC case, it means that things have gone very wrong and that my colleagues and I have run out of ideas and are desperate. Cisco's technical support staff are very much aware of that and know that by the time an issue comes to them that all the obvious roots of troubleshooting have already been explored. It's great that they comprehend this and that they understand the urgency as well. 

I'm always thankful for their help and would rate technical support at ten out of ten.

Positive

A benefit to using Cisco ISE as far as deployments are concerned is the fact that because it's software-based, everything can be tested before deployment. You can then be confident that everything is going to work when it's deployed in the real world.

Our ROI is that once clients have a Cisco system installed, they tend to stick with Cisco. They'll upgrade to the latest Cisco product rather than looking at any other vendors.

In general, licensing can be quite complex with Cisco products. It would be nice if it was a bit more intuitive and had fewer "gotchas" in there.

I've worked with customers who have used Purple Portal, for example, for their guest wireless access. In comparison to using Cisco ISE, Purple Portal adds an extra layer of complexity on all their guest networks running through a third party. This means that the customer will not have as much visibility into their guest users or control over what their guests see when they join the Wi-Fi network.

With Cisco ISE and the way the policies are built, it gives you a lot of freedom. It covers a wide range of potential solutions. Because each bit can be built together modularly, you can build anything with it. Therefore, Cisco ISE applies to so many different applications.

On a scale from one to ten, I would rate Cisco ISE at eight because it is a complex product and requires more technical ability to deploy it, though it fits many more solution requirements.

Cisco is the main player in networking and security. Having that backing behind our company gives us credence. We're proud to sell the products and to recommend them. Cisco's portfolio is what I would sell by choice. It just makes my job a lot easier.

We use it to secure our networks. We can secure our switches and wireless networks, basically everything.

We use it primarily for wireless security, but it can be used for many other things as well, like LAN and WAN security.

There is room for improvement in CLI. Most things are done through the GUI, and there aren't many commands or troubleshooting options available compared to other Cisco products like switches and routers. We have more visibility on the CLI for those devices, but the GUI seems limited. Moreover, sometimes, GUI seems very pathetic. 

I have experience working with this solution. I have been using it for four to five years. We still use the old version, but we plan to migrate to the new version soon because they recently changed their licensing model.

The product is stable. We don't face many challenges. It's stable, so  I would rate it around a nine out of ten.

The product is scalable. I would rate the scalability a ten out of ten. We have medium-sized businesses as our clients. 

There was some delay.

Positive

Setup wasn't difficult because we already had a solution in place. It was very easy to install.

The deployment definitely took weeks.

I would rate the pricing an eight out of ten, one being cheap and ten being expensive.

Overall, I would rate the solution a nine out of ten. 

We use it for network access control. For security reasons, if a vendor plugs into our network, the port is automatically shut down because it's not authenticated to our network.

Cisco ISE is a great solution. It helped us determine real users on our network. It's very useful.

From a security standpoint, Cisco ISE has improved our organization 100%. We're not guessing who is plugging into our network. It 100% protects our environment and infrastructure from end to end.

Cisco ISE has saved the time of our IT staff time to help work on other projects, but I don't have the metrics.

Cisco ISE has absolutely improved our cybersecurity resilience. Specifically, the 802.11 authentication for wireless has been huge.

Cisco ISE hasn't helped to consolidate any tools or applications.

Cisco ISE is a powerful solution. It gives us the ability to control who's accessing our network, and Cisco has made it very easy.

Some of the reporting could be improved.

We've been using it for about ten years.

It's stable. We never had any issues.

I love it. They know their stuff. Almost in one call, you get the right person. They're very good. I'd rate them a nine out of ten.

Positive

We didn't use any other solution previously.

You have to have a plan. You have to be prepared to roll it out. You need to think through what you want to configure.

It took us about three and a half months to get every angle we were after, and after that, it was a very slow rollout. We rolled it out in about eight months. It was easy.

We did it all in-house, but we did have consultants from Cisco come in and help us tweak it.

Pricing and licensing are not my expertise. As far as budgeting is concerned, we run an ELA with Cisco. It's a part of our ELA.

We didn't evaluate other products. We went straight to Cisco because you can't go wrong with their technology. They're a leader in this space, and they've got a good, robust solution, so we rolled it out.

It integrates seamlessly with other Cisco products that we have. I use Cisco Meraki for all my edge cases. We never considered switching to another vendor. 

It's a great product. I'd rate Cisco ISE a nine out of ten.