No more typing reviews! Try our Samantha, our new voice AI agent.
Senior Network Architect at Commercial Metals Company
Real User
Jun 23, 2022
Integration with Active Directory means we can find and authorize users based on their AD groups
Pros and Cons
  • "The most valuable feature is 801.1x and another very good feature is the TACACS."
  • "Without Cisco ISE, we couldn't authorize our users, contractors, and everyone else."
  • "I would like to see integration with other vendors, and the RADIUS integration needs to be improved a little bit."
  • "Technical support has been okay, but I wouldn't describe it as "very good." We have had some problems with technical support."

What is our primary use case?

We use it mostly for identity, authentication, and authorizations for wireless and wired. The challenges we were looking to address were mostly around the authorization and authentication of the users. We wanted to use the Identity Services Engine to make sure that the users accessing our network were authorized users, with the authentication happening before.

How has it helped my organization?

The integration with Active Directory, and finding and authorizing users based on their Active Directory groups, rather than just their identities, was a big change for us.

What is most valuable?

The most valuable feature is 801.1x and another very good feature is the TACACS.

In addition, it establishes trust for every access request. That's very valuable. We can't authorize users without it. The fact that it considers all resources to be external is very important. Without Cisco ISE, we couldn't authorize our users, contractors, and everyone else. It's our one source of truth for authentication and authorization.

It's also very good when it comes to supporting an organization across a distributed network. We like that. 

What needs improvement?

I would like to see integration with other vendors, and the RADIUS integration needs to be improved a little bit.

Other than that, all the features that we're using look good.

Buyer's Guide
Cisco Identity Services Engine (ISE)
July 2026
Learn what your peers think about Cisco Identity Services Engine (ISE). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,928 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Cisco ISE (Identity Services Engine) for about six years.

What do I think about the stability of the solution?

It has been very stable. There's no problem with that, as we have redundancy in place.

What do I think about the scalability of the solution?

It can be scaled very quickly by adding more nodes to the solution. The scalability is very good.

We have it deployed in three data centers in Austin, Texas, Lewisville, Texas, and one in Poland. It's a distributed deployment and we have around 8,000 endpoints on it so far.

How are customer service and support?

Technical support has been okay, but I wouldn't describe it as "very good." We have had some problems with technical support. Sometimes it takes them too long to resolve a problem. 

What's my experience with pricing, setup cost, and licensing?

The pricing is good. The last time we purchased four new appliances the price was doable for any organization of our size.

Which other solutions did I evaluate?

In my previous job, I used Aruba ClearPass. It's similar to ISE. They're both good.

What other advice do I have?

Design it well in the first place. If you design it well, you can scale it. Always read, line-by-line, the Cisco guide because that's where you'll find all the information about the design and the scalability. If you design it correctly in the first place, you will have a smooth ride.

We want to use it in a hybrid cloud deployment, but we currently use it 100 percent on-premises. As we move more into the cloud, we're trying to integrate that with Cisco ISE to make it our authentication and authorization source. We're not really into the cloud yet. We're just doing some dev. We're building a whole cloud strategy.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Gustavo Pena - PeerSpot reviewer
Services Director at XByte SRL
Reseller
Jun 22, 2022
Improves security posture and reduces security gaps
Pros and Cons
  • "They provide you multiple ways to achieve security, not only on-prem, but also when you have remote and guest workers. Especially post-pandemic, a lot of our customers have remote workers. So, it has been really helpful."
  • "Profiling is a really good feature. However, it sometimes is a challenge for customers when there are issues with the remediation part. I would add a built-in remediation solution. That would be a very nice feature."

What is our primary use case?

We are working with packets and A011X. In some cases, we also do profiling.

We are using this solution because we wanted to improve security and reduce security gaps. This is mainly for our customers.

How has it helped my organization?

This solution improves security. There is a new law in the Dominican Republic, where I am from. The central bank has ordered the banks to improve their security through a law. ISE is one of the start points for those organizations to start improving their security.

The solution gives us a way to provide a professional security solution to our customers.

What is most valuable?

They provide you multiple ways to achieve security, not only on-prem, but also when you have remote and guest workers. Especially post-pandemic, a lot of our customers have remote workers. So, it has been really helpful.

Its resilience gives you a better security posture. Cybersecurity resilience is very important. Security is one of the main things in my country enforced by law.

What needs improvement?

Profiling is a really good feature. However, it sometimes is a challenge for customers when there are issues with the remediation part. I would add a built-in remediation solution. That would be a very nice feature.

For how long have I used the solution?

I have been using the solution for six to seven years.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It is very scalable. You can install several nodes in order to scale the solution.

How are customer service and support?

The technical support is really good. I would rate them as 10 out of 10. You need to know how to work with the tech support. If you don't know how to work with them, then it won't work.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have been working for 15 years with Cisco as a Cisco partner. We like the Cisco solutions.

How was the initial setup?

The deployment is complex. It takes four or five to deploy it.

What about the implementation team?

Deployment takes a skilled technician. The customer's help is always needed since we need to integrate Active Directory. 

What was our ROI?

Our customers see ROI. They feel more confident about their operations. It gives them time to do other things in order to be more profitable.

What's my experience with pricing, setup cost, and licensing?

It has a fair price. It is better than it was before.

Which other solutions did I evaluate?

We have seen Aruba ClearPass, but it is not that common in the Dominican Republic.

What other advice do I have?

Organizational leaders should do constant analysis of their security posture, in order to be improving every day.

I would rate them as eight out of 10 because of the remediation feature.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller/Integrator
PeerSpot user
Buyer's Guide
Cisco Identity Services Engine (ISE)
July 2026
Learn what your peers think about Cisco Identity Services Engine (ISE). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,928 professionals have used our research since 2012.
Wayne Cross - PeerSpot reviewer
Director of cyber security at Borden Ladner Gervais LLP
Real User
Jun 16, 2022
Secures devices and has good support, but needs a better interface
Pros and Cons
  • "The solution is great for establishing trust for every access request no matter where it comes from."
  • "The interface is a little bit complex."
  • "The interface is very complex, and there are tons and tons and tons of options."

What is our primary use case?

For Cisco ISE specifically, I manage the cybersecurity as well as the networking team. The networking team uses it to track statistics of users coming in and out of the network platform. We use it to track equipment, collect information on identity, and have the help desk leverage the telemetry to troubleshoot. It is part of our day-to-day operations.

This provided security for our sizeable law firm, which has offices across the entire country. Our lawyers like to be mobile. Around six or seven months ago, we started to roll out iPads and really adopted a mobile culture. One of the things that we wanted to do was to provide flexibility for lawyers to walk with a corporate laptop, or walk with their own personal laptop and still have the capabilities to log on and do what they want to do.

We also used it for the many meeting rooms we have. A lot of law firms have tons of meeting rooms, and we needed to secure some of those meeting rooms as well. The technology allowed us to roll 802.1X. We were able to secure ports in the meeting rooms and have a little bit more flexibility as to where users log in.

For example, a couple of years back, we wanted to secure all of the endpoints for the help desk and networking team and all of the backend team and ensure that, irrespective of where one goes with that laptop, when they log in, it'll automatically move them to a secure VLAN. With ISE, we were able to do that and monitor it.

What is most valuable?

One of the things that we found most valuable over the years is the ability for it to provide information to the help desk that allows them to troubleshoot issues. We still use a lot of that today and we're going over to DNA soon. We're adopting some of the DNA technologies now, however, ISE has been the mainstay for us for quite a few years now.

The solution is great for establishing trust for every access request no matter where it comes from. That was one of the biggest use cases for us, as one of the problems that we had was to secure a specific VLAN. If a help desk person had a laptop, and they plugged it into a network cable port somewhere, it would automatically put them on a secure network. If a lawyer uses their laptop, it would put them on a separate network. If a phone is plugged in, it will know it's a phone and put it on a phone network. ISE is the only way we have been able to do that. We've streamlined a lot of our provisioning and de-provisioning processes through Cisco ISE.

It has certainly made it easier to secure our devices. For example, we have offices across the entire country. We are a large law firm and have huge offices in Toronto, Ottawa, Montreal, Calgary, and Vancouver. We also have ISO 27001 and 27017 certified as well and I run that program. One of the big things for us is when auditors come for a visit. All of our locations have a conference floor, a whole floor that's dedicated to conference rooms.

There are tons of large conference rooms. When we get audited, conference floors are usually floors that auditors are allowed to go to, as they're publicly accessible floors. We'll get asked, "How do you secure the port?" When we go into the conference room, they can see the network ports." They will ask, "Well, how do you secure these ports? What if somebody came and plugged their machine in?" We then say, "We use Cisco ISE. Cisco ISE identifies that it doesn't belong to our corporate network. It does a check and then puts them right onto the internet, so we don't need to worry about strangers on our closed network.”

What needs improvement?

The interface is a little bit complex. It doesn't really have an executive dashboard. I'm the director of cybersecurity infrastructure operations for the entire firm, and I'm a very technical person, so I go in, and I can move around and try to figure everything out.

However, the interface is very complex, and there are tons and tons and tons of options. It's quite complex to get into and take a look at. As a result, most of the time, just my networking team would be in there. It's so complex that sometimes I will find something one week, and by next week I can't find it again.

It's too deeply layered. They have to redo the whole interface and have something that's executive based, and another one that's technically based. Even the help desk team and my security team use some of its components, however, they don't go anywhere often, as there are so many options in there. They have to make the interface a little bit more use user-friendly.

For how long have I used the solution?

I've worked with Cisco for about ten years.

What do I think about the stability of the solution?

The stability is ten out of ten. We have not really had issues with it. We've had one or two small things, however, in the 12 years that I've been there, I've had very few issues with their platform.

What do I think about the scalability of the solution?

It scales well. We have no concerns at all. When we decided to roll out 802.1X, we only had it on our endpoint, just laptops. Then we said, "Well, let's scale it out to the wireless access point." We went from 2,000 endpoints to 10,000, since people have mobiles. When we rolled it out to do posture checks on everything wireless, we had no issues.

How are customer service and support?

Technical support is good. I have no issues. Cisco supports its products very well, so we've never really had concerns with that aspect. Also, I have a very, very technical team. My guys are CCIE certified, and they are geniuses in their own rights. They've been in Cisco for 20 years.

They know the product very well and they also work very closely with the Cisco support team. The Cisco support team has very good people. They train their people well, and we've never really had issues that the Cisco team can't resolve if my team can't resolve them. We're taking it for granted that we're getting good support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not use a different solution. We're a Cisco shop, so we've always used Cisco. 

How was the initial setup?

I was involved in the initial setup. I manage the networking team. While I don't necessarily push the commands in, I go through architecture sessions with my team, sign off on it and make sure that what it's doing is worth it, it's my budget. I have to get involved.

What was our ROI?

We've seen an ROI. They last a very long time. For example, we have Cisco Campus, which is the next 7000s that we put in 2012, and ten years later, they're still there. We just changed the supervisor modules. However, the chassis is still sitting there and is still working quite fine.

If I'm not mistaken, it's at end of sales already, however, its end of support is in 2024. That's what I like about their products. They support their product for a very, very long time.  They easily last for ten years. Even our access switches, which are 4900s, are just being switched out now. Those have been in since probably 2010.

We spend $1.5 million as we have two switches on every single floor. Those are the ones that we're changing out now, and they still work quite fine. Cisco just decided to change them. Their products are very solid and they don't break. We keep them for a very long time. Therefore, the return on investment is not bad. I know when I put it in that I don't need to look at it again for ten more years. I know it's going to be supported for that long. 

What's my experience with pricing, setup cost, and licensing?

Cisco is expensive, however, we have a good partnership with our Cisco partner, and we get really good discounts on it. We have a very, very tight relationship with our Cisco representative. We're the largest law firm in Canada and therefore we get special treatment from the Cisco reps in Toronto.

We've had really good relationships with the team at Cisco Canada, and they all know my team, the architects, the solutions engineers, the salespeople, et cetera. They all know us very well. They come to our offices and we go to their offices. We have a very tight relationship.

When it comes to cost, we'll talk to them. They'll tell us when is the best time to buy, and we'll get good discounts. I've never really had to forgo a technology that was critical to the firm due to cost. I can always work with Cisco to find some way to reduce the cost.

Which other solutions did I evaluate?

We always focus on Cisco products. 

What other advice do I have?

I'd rate the solution seven out of ten. 

It has a lot of rich data in it, however, it's hard to get stuff out of it. You really have to know the product very well and live there to know where to go and find what you are looking for. There's a lot of telemetry in there, however, it's very difficult to actually see how to leverage it.

I've even been telling my security team, "Guys, there's a component in Cisco ISE that you need to work on, and you need to log in more often." Then two years later, they'll ask, "Why don't you guys use it?" The security networking team will say, "Well, we gave them access." My security team will say, "It's too complex. We have no time to go in there. We don't know where to find anything." That's the only problem that they need to fix. They need to make it easier to navigate, it's too deep.

Cisco ISE is a good product. It tightly integrates with all of the networking components, but you can leverage it and get a lot of return and investment out of it. However, you need to make sure that when you're rolling it out and when you're initially putting the platform in, you will need to get your help desk team and security team involved.

Of course, the networking team is the one that's probably going to own it, however, there are so many components in there that can help. The help desk can troubleshoot issues and can provide visibility from the security standpoint, and the networking team owns it anyway. If you get them more involved, they'll be more in tune with using it more often.

There are a lot of help desk and security capabilities in there. Still, just the networking team rolled it out, nobody wants to look at it, as it's a networking piece of the platform, yet really it's not. You can get a lot from this platform. That's probably what I would tell people, just get everyone involved from the get-go, so that they can get more value from it in the long run. 

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Abdul-Mumin-Iddrisu - PeerSpot reviewer
Chief Technology Officer at Oduma Solutions Ltd
Reseller
Jul 8, 2024
Integrates with other applications to manage access
Pros and Cons
  • "Cisco ISE provides authentication for various applications. It can integrate with other applications to manage access, including Privileged Access Management for those applications. For a comprehensive environment, Cisco ISE should be able to integrate and provide asset management for an IT organization or any organization."
  • "The product is expensive. It would also be a good add-on to have some machine learning."

What is our primary use case?

We used it mainly for network access control and full stream for devices.

What needs improvement?

The product is expensive. It would also be a good add-on to have some machine learning.

For how long have I used the solution?

I have been using Cisco Secure Firewall for one year.

What do I think about the stability of the solution?

The product is stable.

What do I think about the scalability of the solution?

The solution is scalable.

How was the initial setup?

The initial setup is straightforward.

It's also recommended for clients during deployment. You're making everything very efficiently managed within the policies. The deployment is also very smooth, allowing you to configure your rooms easily. Once the initial setup is done, it becomes straightforward to understand, especially regarding Windows maintenance.

It was deployed to protect the network from unauthorized users but does not contribute directly to operational efficiency.

What's my experience with pricing, setup cost, and licensing?

Cisco ISE doesn't come cheap but it's still valid working.

What other advice do I have?

We recommend it to our customers.

Cisco ISE provides authentication for various applications. It can integrate with other applications to manage access, including Privileged Access Management for those applications. For a comprehensive environment, Cisco ISE should be able to integrate and provide asset management for an IT organization or any organization.

Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
reviewer2390460 - PeerSpot reviewer
Director, Information Technology Solutions at a healthcare company with 5,001-10,000 employees
Real User
May 11, 2024
Comprehensive and allows you to control access to network resources granularly based on policies
Pros and Cons
  • "Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies."
  • "Cisco ISE is very complex and not very easy to deploy."

What is our primary use case?

We use the solution for network access control.

What is most valuable?

Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies.

What needs improvement?

Cisco ISE is very complex and not very easy to deploy. There are a lot of prerequisites for the tool.

For how long have I used the solution?

I have been using Cisco ISE (Identity Services Engine) for three years.

What do I think about the stability of the solution?

We did not face any issues with the solution’s stability.

What do I think about the scalability of the solution?

Cisco ISE is a very scalable solution.

How are customer service and support?

We are working with a partner for support and are very happy with them.

On a scale from one to ten, where one is bad and ten is good, I rate their support a seven or eight out of ten.

Which solution did I use previously and why did I switch?

Compared to Cisco ISE, Fortinet NAC is more consumer-friendly.

How was the initial setup?

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a four out of ten.

What about the implementation team?

The project lasted a few months, but the planning took several months. Cisco ISE itself means nothing. It has to have the network set up to ensure the network penetration is in place, and we're still working on that.

What was our ROI?

Security is about risk control and exposure avoidance. You can only calculate its return on investment based on how you avoid penalty fees. Cisco ISE improves our security stats.

What's my experience with pricing, setup cost, and licensing?

If you consider money only, Cisco ISE is not a cheap solution. Functionality-wise, however, it offers a very good price for the value you receive.

What other advice do I have?

The solution's compliance and policy enforcement capability has benefited our organization by simplifying work.

The solution operates in the background, and users generally don't interact with it. Cisco ISE is the security framework layer between network resources and end users using them. Users do not go into Cisco ISE to do anything.

It's like Active Directory for Identity. If you're an end user, you don't work in Active Directory, but you authenticate Active Directory to use resources on the network. The same applies to Cisco ISE, and users don't interact with it directly. They are affected by it to the extent to which they are accessing network resources.

Cisco ISE has a very comprehensive integration suite and we did not face a lot of challenges in integrating this solution with other security tools. If they know how to use it, I would recommend the solution to other organizations with similar security needs.

Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2212608 - PeerSpot reviewer
Network Services Engineer at a government with 51-200 employees
Real User
Jun 25, 2023
Significantly improves our security and has been great for segmenting our traffic and getting the users into the right VLANs
Pros and Cons
  • "The feature that I found most valuable is profiling. We use that to profile certain types of devices, and then depending on the manufacturer, drop them into the appropriate VLAN without us having to go in and manually add the devices."
  • "We would definitely like to see a little bit of an improvement in the web GUI navigation. Some of the things are a little bit hidden in the drop-down menu. If we could get a way to get to those quicker, it'd be much more useful."

What is our primary use case?

We use Cisco ISE to authenticate users or devices onto the network and then drop them into the appropriate VLANs to isolate them and maintain network segmentation.

How has it helped my organization?

Cisco ISE has been a great tool to segment our traffic and get the users into the right VLANs. It definitely does free up a lot of time from manual configurations.

It has definitely improved our security a lot. We used to be a single flat network, and now, we are a segmented network where we have all our different traffic isolated so that in case we do get a breach, not all the customers are affected.

Cisco ISE has been great for securing our infrastructure from end to end so that we can detect and remediate threats. We've already seen it detect some devices that we didn't know about, and they quarantine those devices, allowing us to take the appropriate security actions against them.

Our IT staff has been freed up for other projects with Cisco ISE because we're able to do a little bit more automated configuration. We just throw out a single configuration to the ports, and then the users get dropped into whatever VLAN they need to be in without us having to go to each site and configure these things manually. On a usual workday, it has freed up at least a couple of engineers for two to three hours.

Our cybersecurity resilience has improved with Cisco. Users are now segmented. We have firewalls in between, so we can take a look at all the traffic. We have quarantine enabled in there so that if we get a device on our network that we don't recognize, we can lock it down.

What is most valuable?

The feature that I found most valuable is profiling. We use that to profile certain types of devices, and then depending on the manufacturer, drop them into the appropriate VLAN without us having to go in and manually add the devices.

What needs improvement?

We would definitely like to see a little bit of an improvement in the web GUI navigation. Some of the things are a little bit hidden in the drop-down menu. If we could get a way to get to those quicker, it'd be much more useful.

For how long have I used the solution?

We've been using Cisco ISE for about three years.

What do I think about the stability of the solution?

So far, from what we've been using, we haven't had any problems even with any of the additional patches that we've added. It has been great.

What do I think about the scalability of the solution?

Scalability-wise, it's great. We have plenty of space to add additional nodes. Right now, the ones we do have are not being utilized to a hundred percent, so if we ever do need to add additional, it seems pretty straightforward.

How are customer service and support?

Cisco support has been pretty good over the years, helping us get this stuff up and running. It has definitely taken us a while, and some of the cases have been pretty long, but Cisco support has been pretty good. I'd rate their support a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We weren't using anything in place of Cisco ISE previously. We were pretty lacking in that department. When we got Cisco ISE, we improved our security significantly.

We went for Cisco ISE based on a suggestion from one of our vendor partners who helped us with our network refresh. They said that Cisco ISE was something that they had used previously in lots of larger deployments, and they had seen great success with it.

How was the initial setup?

I was involved in its deployment. It was pretty straightforward. A lot of the issues that we ran into were related to coordination with the users just because it was a change for them, but the actual deployment and everything else were pretty straightforward.

What about the implementation team?

We used MTT. They were great. They walked us through the whole process. They designed the network refresh for us as well as the Cisco ISE integration portion of it.

What was our ROI?

We've seen an ROI. We've freed up some hours, so those engineers who were previously doing more mundane tasks are now able to do something else.

What's my experience with pricing, setup cost, and licensing?

I don't know too much about the actual pricing on it. The licensing part is pretty straightforward. It's a lot more simple than some of the other Cisco licensing models. In that aspect, it's great.

What other advice do I have?

Overall, I'd rate Cisco ISE a nine out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2212545 - PeerSpot reviewer
Senior Network Engineer at a tech consulting company with 11-50 employees
Real User
Jun 25, 2023
Acts as a network access control solution and mitigates a lot of potential attack factors
Pros and Cons
  • "I found the CMDB Direct Connect in Cisco ISE 3.2 the most promising feature for my use case."
  • "Cisco ISE's real-time data analytics for database logging could be improved."

What is our primary use case?

We primarily use Cisco ISE as a network access control solution. We do a lot of quarantine actions from our CSOC. We use the AnyConnect VPN by setting multiple deployments for dedicated purposes, where we use it to provide wireless.

How has it helped my organization?

Cisco ISE has brought a level of visibility that my organization hadn't had beforehand. At the same time, it has mitigated a lot of potential attack factors and brought in a sense of control in the hardware during the onboarding process.

What is most valuable?

I found the CMDB Direct Connect in Cisco ISE 3.2 the most promising feature for my use case. We have a lot of wired map devices and having an externally approved source to validate if a machine is legitimate or approved to be on the network is extremely valuable for us. It helps make the whole process of authorizing endpoints quick.

What needs improvement?

Cisco ISE's real-time data analytics for database logging could be improved. Earlier, you didn't have direct read access to the database. You'd have to rely on logs through some other sources like Splunk and be able to put everything that you want together. Being able to review logs in real-time, customized to your filtering, adds a lot of context and visibility.

For how long have I used the solution?

I have been using Cisco Identity Services Engine for about four and a half years.

What do I think about the stability of the solution?

I do not like the stability of Cisco ISE in the virtual environment. That might have been more of an underlying host issue rather than an ISE issue. But we've moved to hardware right now, and I wouldn't have looked back. The next place we're looking to explore is potentially in the cloud, but that's still up in the air because our environment is not small. We're one of the larger 700,000-plus endpoints.

What do I think about the scalability of the solution?

Cisco ISE's scalability is nice. However, not many people can deploy Cisco ISE in a very large environment. In other words, there are no large environments that are hitting around 100,000 plus clients for active concurrent sessions. If you're trying to create multiple deployments to distribute the workload evenly, I don't like that there's no centralized management platform for Cisco ISE. You still have to go into each deployment and do your configuration.

How are customer service and support?

From my account team, I rate Cisco ISE's technical support ten out of ten. However, from a tech perspective, if I'm talking to tech level one, tech tier one, or tech tier two, I'd have to give it a six out of ten. Once you start getting into the more advanced tiers and even the business units, the support goes through the roof.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've always worked with Cisco ISE. However, in my organization, there's another part of my infrastructure where they use Forescout. The way Forescout implements a NAC solution differs vastly from how Cisco ISE does it. The way Cisco ISE does it is more ingrained in the whole radius process and enhances the security features on a switch or wireless line controller.

Our organization chose to go with Cisco ISE instead of Forescout because, holistically, the solution checked all the boxes needed for a NAC solution.

How was the initial setup?

I was not involved in our organization's first iteration of Cisco ISE. We've since migrated and modernized our Cisco ISE deployment, and I've been heavily involved in that. 

The ease of deployment depends on the environment you're deploying in, understanding what use cases you have out there, and understanding what kind of endpoints you're exposed to or exposing your network.

Overall, Cisco ISE's initial setup is not overly complicated right now. But since our organization is moving into a multi-vendor or managed services contract, we're bringing in many vendors like Meraki, Juniper Mist, Aruba, and Fortinet. That's when things get complicated because they don't all use the same type of authorization results.

What about the implementation team?

We implemented Cisco ISE in our organization directly through Cisco. My experience with Cisco has been phenomenal because they listen. We've run into many technical issues, but they've been at our beck and call and have been there to support us to a point where they've rushed certain fixes. We've had a couple of engineering specialits because of things we've encountered. They worked hard for us.

What was our ROI?

The product is positive regarding a return on investment, considering the cost we're bringing in for Cisco ISE's deployment versus the value we're adding to the environment.

What's my experience with pricing, setup cost, and licensing?

According to my sales and account team, the prices we're getting are pretty good. I wouldn't say they're the manufacturing or listed price by any means, but we do a lot of business with them. So the price points that they're coming in at are pretty manageable.

What other advice do I have?

When it comes to securing our infrastructure from end to end so that we can detect intermediate threats, a lot of it has to do with integrating Cisco ISE with other products. For example, Cisco ISE primarily deals with either the access layer or remote connections. However, when you start integrating it with other things like titration or secure network analytics, you can get a bigger grasp of the overall picture. When you bring other security teams into it, they can start creating their policies, alerts, etc. They can start automating some of the incident mitigations and stuff like that.

My use case is a little bit different in that there's no end to our work. There are a lot of other business groups within my organization that aren't complying with what the network security policy should be. So I have to reach out to them and get them to use a dot1x protocol or ensure that their stuff is in our CMDB database.

We're in a big migration and shift in our overall security policy. So there's a lot of moving aspects going on right now. However, as we start getting things moved into an MDM, as we start getting things moved into using a dot1x protocol, we can get an active identity of an endpoint.

Cisco helps reduce the amount of staff we have to chase down and figure out what kind of policies should be implemented. We can then incorporate our onboarding process into that, preventing unauthorized devices from connecting in or at least be reassured that if anything that we haven't had any chance to look at connects in, we can deny it with confidence. Down the road, it'll alleviate a lot of the time and planning we're doing right now.

My organization is a bit different. I've tried to get them onto the posture feature of Cisco ISE, but they're pursuing other vendors for that. We've decided to incorporate through a pxGrid integration with other applications such as Tanium, Forescout, or whatever application my security organization uses. They can pull contacts from the Cisco ISE endpoint and then be able to issue a quarantine action to Cisco ISE on that particular endpoint.

Overall, I rate Cisco ISE ten out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
reviewer2212449 - PeerSpot reviewer
Network Manager at a government with 201-500 employees
Real User
Jun 21, 2023
Helps save us time and seamlessly integrates with our entire suite
Pros and Cons
  • "The most valuable feature of Cisco ISE is its seamless integration with the switches and the entire suite, enabling wireless access and smooth client information retrieval."
  • "If Cisco could grant more control, the features could be more focused on network and security administration, reducing the need for integration with other components."

What is our primary use case?

We use Cisco ISE for the authentication of wireless clients.

How has it helped my organization?

Cisco ISE has saved me a couple of hours per month in terms of not having to manually onboard clients. However, there are still some manual tasks that need to be uploaded to Cisco ISE.

What is most valuable?

The most valuable feature of Cisco ISE is its seamless integration with the switches and the entire suite, enabling wireless access and smooth client information retrieval.

What needs improvement?

One of the problems we have had is that there are many features on Cisco ISE that we are not utilizing. In the real world, it requires multiple parties to come together, just like the AD or OU. Therefore, it won't be solely the responsibility of the network or security personnel to ensure that the solution works as intended and utilizes all the features. It necessitates collaboration among various stakeholders. If Cisco could grant more control, the features could be more focused on network and security administration, reducing the need for integration with other components. This would be beneficial for my organization.

For how long have I used the solution?

I have been using Cisco ISE for one and a half years.

What do I think about the stability of the solution?

Cisco ISE is extremely stable.

What do I think about the scalability of the solution?

As long as we have the funds to purchase the license, Cisco ISE is highly scalable.

How are customer service and support?

We have a contact person in Singapore whom we can reach at any time for support.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was straightforward because we used an integrator.

What about the implementation team?

We used an integrator for the implementation.

What was our ROI?

The cost-benefit analysis primarily considers the time saved through manual labor.

What's my experience with pricing, setup cost, and licensing?

The recent changes in the licensing model have caused some issues with the team. 

Which other solutions did I evaluate?

We have a rigorous procurement process and carefully evaluated other options before selecting Cisco ISE.

One of the other solutions we evaluated was the Aruba Wireless feed and its accompanying authentication, but we determined that Cisco ISE was superior and more beneficial.

What other advice do I have?

I would rate Cisco ISE with a nine out of ten based on its overall benefits. However, since I am unable to utilize all the features due to the need for coordination from numerous other teams, I would personally assign it a benefit score of only five out of ten.

We attempted role-based access with the Cisco ISE integration, but it didn't work out effectively because it is more of an upper-level issue regarding organization and role level. Multiple teams had to collaborate, and there was a need to configure the Active Directory and Organizational Unit groups. This also involved restructuring and similar tasks. As individuals moved between OU groups, someone had to consistently update the OU groups to ensure the success of the process.

We have made a significant investment in Cisco infrastructure; therefore, we have chosen Cisco ISE as a logical option for our authentication mechanism.

Cisco ISE has not directly assisted our organization in enhancing its cybersecurity resilience.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Senior Systems Engineer at Austro Control
Real User
Jun 21, 2023
Offers flexible policy sets, helps secure our infrastructure, and serves as a central hub for all types of network access
Pros and Cons
  • "The most valuable feature is the flexibility of the policy sets."
  • "Cisco ISE requires a lot of time-consuming administration."

What is our primary use case?

We utilize Cisco ISE for network access control and employ RADIUS access for managing user control in our virtual environment.

How has it helped my organization?

Cisco ISE enables us to implement network access control, ensuring that only approved devices can connect to our network. It serves as a central hub for all types of network access, including wired, wireless, and VPN connections improving our network security.

It does a good job of helping secure our infrastructure from end to end, even though there are many features that we are not utilizing.

Cisco ISE has helped us consolidate tools like Cisco Token that we no longer require. The ability to consolidate tools has provided us with a centralized point of access for our security infrastructure, generating abundant information regarding access.

It has helped our organization improve its cybersecurity resilience by enabling us to control the devices that access our network, unlike before when we had to physically access the port.

What is most valuable?

The most valuable feature is the flexibility of the policy sets.

What needs improvement?

Cisco ISE requires a lot of time-consuming administration.

For how long have I used the solution?

I have been using Cisco ISE for eight years.

How are customer service and support?

Cisco tech support, I'm sure, is very good. However, the amount of resources required to submit and process cases is quite significant. As a result, unless we encounter a major issue, we generally prefer to avoid Cisco TAC and instead seek out workarounds.

How was the initial setup?

The initial setup should be straightforward, but it is often quite complex. A greenfield deployment, where we start from scratch, is easy. The challenges typically arise when we attempt to upgrade an existing deployment.

What about the implementation team?

We utilized the services of Open Network for assistance with the implementation. Their services were excellent, and we would gladly engage their services again.

What other advice do I have?

I give Cisco ISE an eight out of ten.

Cisco ISE is equipped with numerous features. We are a small company and only utilize the ones we require. However, as our requirements change or grow, we may consider adopting more of the features that Cisco ISE offers.

The administration can be time-consuming due to all the updates and patches, but overall, I recommend Cisco ISE.

Our organization was familiar with Cisco, and we used wireless LAN products. That is why we chose Cisco ISE, as it integrates well with our infrastructure.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Principal Consultant at a computer software company with 1,001-5,000 employees
Real User
Jun 19, 2023
Profiling and posturing features ensure that all devices are compliant with regulatory authorities
Pros and Cons
  • "Cisco ISE's profiling and posturing features ensure that all devices are compliant with regulatory authorities."
  • "Sometimes some of Cisco ISE's graphical interfaces could be a little bit smoother. However, with the different versions, the product is getting better and better."

What is our primary use case?

There's a variety of customer uses for Cisco ISE, which includes securing the edge of the network.

How has it helped my organization?

Cisco ISE allows our customers to concentrate on other aspects of the business, knowing that much of their security is now in place.

What is most valuable?

Cisco ISE's profiling and posturing features ensure that all devices are compliant with regulatory authorities.

What needs improvement?

Sometimes some of Cisco ISE's graphical interfaces could be a little bit smoother. However, with the different versions, the product is getting better and better.

For how long have I used the solution?

We've been using Cisco ISE for approximately seven years.

What do I think about the stability of the solution?

Like most products, as Cisco ISE evolves with different software versions over time, it becomes more stable and feature-rich. Initially, when it first came out, it was playing catch up with other vendors and solutions. However, now Cisco ISE is probably at the forefront of Open NAC solutions.

What do I think about the scalability of the solution?

You can build a distributed model or architecture, and you can scale out with a number of PSN nodes. So Cisco ISE can grow as you grow.

How are customer service and support?

Cisco ISE's technical support is generally very good. They have different levels of tech engineers, but their tech support is very good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Some of our customers have considered using Juniper NAC, ClearPass, etc. They switched to Cisco ISE because they had a lot of network infrastructure in place and wanted a single vendor they could use end to end. Everybody has a good relationship with Cisco because they know that if there is a problem, their technical support team will resolve things in a quick and timely manner.

How was the initial setup?

Cisco ISE is very scalable. We can do a small proof of concept and very quickly demonstrate that to customers.

What was our ROI?

Our customers have seen a return on investment with Cisco ISE. The solution has helped our customers consolidate several products into one and free up their IT staff. Also, the reporting from Cisco ISE enables them to show senior management their network's health.

What's my experience with pricing, setup cost, and licensing?

The licensing could be better across all of the Cisco products. Cisco's licensing models seem to keep changing with different software versions. Cisco is moving towards a subscription service, which would mean additional costs.

What other advice do I have?

Our customers are using Cisco ISE, but we're helping to integrate it into their solutions.

The end-to-end infrastructure security from Cisco AnyConnect host points is very good.

Cisco ISE has helped free up our customer's IT staff to concentrate on other projects. In the UK, where I predominantly work, a lot of the NHS staff have a lot of access switches located throughout multiple buildings. Cisco ISE probably frees up at least twenty percent of their time.

Our customers can use Cisco ISE for device administration for TACACS, RADIUS devices, and individual host appliances.

The migration from ACS to Cisco ISE has helped. Some of our customers were looking at various MAP implementations using different vendors, but we've now got I 2.1 X and MAM all built-in together.

Cisco ISE's ability to consolidate tools or applications has centralized everything and made things a lot easier and smoother for our customers to carry out their day-to-day tasks.

Cisco ISE has helped improve the cybersecurity resilience of our customers' organizations. We've always been able to integrate Cisco ISE into other products. So they're getting more security alerts, making them a lot more secure and happy with their environment.

Overall, I rate Cisco ISE an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
Buyer's Guide
Download our free Cisco Identity Services Engine (ISE) Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Cisco Identity Services Engine (ISE) Report and get advice and tips from experienced pros sharing their opinions.