Try our new research platform with insights from 80,000+ expert users
reviewer1895469 - PeerSpot reviewer
Senior Systems Administrator at a manufacturing company with 10,001+ employees
Real User
Establishes better layouts. Devices can move and we don't have to worry about where they need to go.
Pros and Cons
  • "Since migrating towards doing wired ports over ISE with 802.1X and MAB authentication, our organization's security risk has been better. We have been able to establish better layouts, so devices can move and we don't have to worry about where they need to go."
  • "It does a good job of establishing trust for every access request. We have had a little bit of a challenge with profiling, but we are probably about 80% there."

What is our primary use case?

Right now, we are doing all wireless through ISE. We have also started migrating to wired.

We have about 20 sites. By having enough node regionalization, we have been able to have all our sites utilizing it.

It is deployed to multiple locations. We have one in Mexico, one in Kelso, two in Asia, and then two in the US.

How has it helped my organization?

It improved our standardization with all its policy sets being the same. 

Since migrating towards doing wired ports over ISE with 802.1X and MAB authentication, our organization's security risk has been better. We have been able to establish better layouts, so devices can move and we don't have to worry about where they need to go.

What is most valuable?

The Guest Portal is a big feature for us. 

What needs improvement?

It does a good job of establishing trust for every access request. We have had a little bit of a challenge with profiling, but we are probably about 80% there.

Buyer's Guide
Cisco Identity Services Engine (ISE)
December 2024
Learn what your peers think about Cisco Identity Services Engine (ISE). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

For how long have I used the solution?

I have been using it for five years.

What do I think about the stability of the solution?

The stability is fairly good. Since we went to the 2.6 version, it has been a lot better.

What do I think about the scalability of the solution?

Scalability is good as far as adding another node. However, if you ever wanted to increase the node that you have, then you need to buy a bigger license. You also have to build a new VM for it because you can't just scale it.

How are customer service and support?

I had one problem with the portal. I got support from TAC and it worked out really well. It was really good. I would rate the support as 10 out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not previously use another solution.

We were looking to solve the challenge where people were moving devices that they were not supposed to.

How was the initial setup?

The initial deployment was straightforward and took a couple of months. It was actually a project for a customer, then the customer backed out. So, we spent a good year without using it for anything.

The initial deployment was for a customer in Asia, so we had to deploy it in our Asia data center. We then deployed it in our US data center to kind of match that configuration.

What about the implementation team?

We did use a consultant from Presidio for our first deployment project. Since then, we have been doing deployments ourselves.

Two people were needed for the deployment: the consultant and myself.

What was our ROI?

There is probably a return on investment as far as increased time for people not having to worry about devices moving around nor having to be contacted about moving them to the appropriate spot.

What's my experience with pricing, setup cost, and licensing?

Its licensing could be improved. It used to be perpetual, but now they are moving away from that.

What other advice do I have?

Make sure you understand where you want to deploy nodes and how far away they are from other locations since there is some latency involved.

We don't do any sort of application-based stuff right now. It is just purely assigning devices to what VLAN they are supposed to go to.

We are looking to upgrade to a newer version. Hopefully, by seeing some of the stuff at Cisco's event, I can find some more features that we could use.

I would rate the solution as eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Mehran Reza - PeerSpot reviewer
Engineering Lead at Canadian Broadcasting Corporation
Real User
Top 10
Integrates well with other tools, but troubleshooting can be a challenge
Pros and Cons
  • "Cisco ISE integrates with everything else."
  • "Troubleshooting and multi-ISE can be challenging with the solution."

What is our primary use case?

Cisco ISE is on the back end, and all our policies and security are on it. DNS centers and all our network backbone is integrated into Cisco ISE. So, the solution is pretty critical for us.

How has it helped my organization?

Cisco ISE has helped improve our organization security-wise.

What is most valuable?

Cisco ISE integrates with everything else. It forms our security and identity backbone, and all our authentication goes through Cisco ISE. That's why the solution is so important to us.

What needs improvement?

Troubleshooting and multi-ISE can be challenging with the solution.

For how long have I used the solution?

My organization has been using Cisco ISE since 2018.

What do I think about the stability of the solution?

Once configured properly, Cisco ISE shows good stability.

How are customer service and support?

Cisco's TAC is good. Cisco support, in general, is too layered these days. Often we have to repeat the same thing over and over to the TAC guys, which is a bit frustrating. Cisco's TAC needs to be a bit better.

How would you rate customer service and support?

Neutral

What about the implementation team?

Cisco ISE's deployment can take weeks, months, or years depending on how rigidly you adhere to the guidelines and how good your existing infrastructure is.

What was our ROI?

We have seen a return on investment with Cisco ISE from a security point of view.

What's my experience with pricing, setup cost, and licensing?

Cisco ISE's licensing can get pricey.

What other advice do I have?

Sometimes, the Cisco guys disagree about it, but other than that, the Cisco guidelines are clear and concise enough.

Cisco ISE helps to secure our infrastructure from end to end so we can detect and remediate threats. The solution does what it's supposed to do.

Cisco ISE has saved a little time for our organization.

Since Cisco ISE is a more robust solution, it has helped our organization improve its cybersecurity resilience.

Before implementing Cisco ISE, you should look into it in-depth on how it can be used, how it can be integrated with existing tools, and how your staff can be trained to troubleshoot it. The solution has its pitfalls, and when it breaks, it can break heavily. So be aware before you deploy it.

Overall, I rate Cisco ISE a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Identity Services Engine (ISE)
December 2024
Learn what your peers think about Cisco Identity Services Engine (ISE). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Josh Calhoun - PeerSpot reviewer
IT Systems Engineer at Pierce County Information Technology
Real User
Top 10
Helps secure our infrastructure, provides detailed reports, and streamlines the way we add new devices to our wireless network
Pros and Cons
  • "The live logs and live sessions for troubleshooting are the most valuable features because they provide a detailed report of any issues."
  • "Cisco ISE can become quite complex, especially with policy sets, the entire authentication process, and everything involved."

What is our primary use case?

We utilize Cisco ISE for wireless user authentication, as well as authentication, authorization, and accounting for our network devices.

How has it helped my organization?

Cisco ISE has made us much more secure. It has streamlined the process of adding new devices to our wireless network, specifically wireless-only devices. Moreover, thanks to scripting capabilities and flexibility on the Cisco ISE side, it has significantly reduced the amount of manual effort required by everyone involved.

Cisco ISE effectively secures our infrastructure from end to end, enabling us to detect and remediate threats. It does a commendable job of securing both end users and their devices, including guest-wired devices for anonymous access. Its ability to compartmentalize everything makes it incredibly convenient, and the comprehensive tracking features are particularly valuable.

Cisco ISE has helped to free up our IT staff's time by saving approximately 40 hours per month, as we are constantly uploading new devices. 

Cisco ISE has helped our organization improve its cybersecurity resilience by authenticating users. It ensures that only certain MAC addresses can be on our network, particularly on our production wireless network. Additionally, it keeps track of authentication frequency and alerts us if clients authenticate too often, allowing us to optimize CPU cycles.

What is most valuable?

The live logs and live sessions for troubleshooting are the most valuable features because they provide a detailed report of any issues. I appreciate that they guide us through every step that a user or authenticator goes through.

What needs improvement?

Cisco ISE can become quite complex, especially with policy sets, the entire authentication process, and everything involved. I would appreciate a more comprehensive visual depiction of the steps from the beginning to the end.

For how long have I used the solution?

I have been using Cisco ISE for five years.

What do I think about the stability of the solution?

We have never experienced any stability issues with Cisco ISE.

What do I think about the scalability of the solution?

We can scale Cisco ISE by adding additional licenses or servers.

How are customer service and support?

Cisco technical support is excellent. They respond promptly, and their thoroughness is remarkable. For instance, we can send them numerous logs, and they will analyze them in detail for us.

How would you rate customer service and support?

Positive

What was our ROI?

We have seen a return on investment around the soft cost, with how streamlined everything is, how we don't have to really worry about wrong devices getting on our production Wi-Fi.

What other advice do I have?

I give Cisco ISE a ten out of ten.

Cisco ISE is a great tool. It integrates well with Active Directory and numerous other components. The solution has become a fundamental part of our network and I recommend Cisco ISE to others who are looking to improve their cybersecurity.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Engineer at a hospitality company with 10,001+ employees
Video Review
Real User
Helped us get away from pre-shared keys, and allows us to see what's connected to the network
Pros and Cons
  • "[One of the most valuable features] is just the ease of use. It's pretty simple to set up certs that we can add to our clients to make sure that they connect properly, [as is] whitelisting Mac addresses."
  • "Automation [is an area for improvement]. It seems like everywhere I look, automation is super important. Automation and integrations. That's the area it could be improved..."

What is our primary use case?

One of our use cases is using it for authentication for the wireless. Our internal corporate network is using the Cisco ISE server to authenticate clients and make sure that we have the right clients on the wireless side, as well as on the wired side. We just introduced that about a year ago to make sure all our wired clients are our clients and not some "rando" plugging into the network.

How has it helped my organization?

Definitely, getting away from pre-shared keys has been the biggest key. It is allowing users to connect to the internal network, the employee's network, from anywhere, across the entire US. It is allowing that ease of use. 

It's also allowing us to see what's connected to the network. We can see that there are only really clients. We can see what's connected on the wired side and what's getting blocked, and understand [things] from our users. "Okay, that's getting plugged in. What do you guys use this for?" It's adding a layer of defense that's super important to our organization.

I don't think we've gotten away from trust completely, but it has helped a lot. It's allowed, on the server side and on the infrastructure side, to allow certain clients. We don't have to trust the client necessarily. We know that that's a corporate client and we don't have to play any guessing games. The corporate client that we want on that specific network is going to have the right cert and the right thing. It allows access control without a lot of human involvement.

It's helped significantly. We have fewer IoT devices on internal networks and that's the key. Your clients have the right firewall protections and the right anti-virus. Those are on the internal network so you're not putting stuff [on it] that you don't know whether it has a security vulnerability or if it's easily hacked. You're allowing those to be in separated networks that silo them off with a PSK. And you're keeping the internal network to clients that you know are protected.

What is most valuable?

[One of the most valuable features] is just the ease of use. It's pretty simple to set up certs that we can add to our clients to make sure that they connect properly, [as is] whitelisting Mac addresses. 

It also integrates really well with some of our other services like ServiceNow. A ticket comes in and then, boom, it's automatically going to the ISE, and then ISE is allowing that client with that Mac address to get on the network easily.

[In addition, regarding establishing trust for every access request, no matter where it comes from] it does the job. It's a perfect solution in order to manage a large corporate network.

It allows that access control [for a distributed network]. That's super significant. It allows you to segment things and allows only certain devices to access the network.

What needs improvement?

Automation [is an area for improvement]. It seems like everywhere I look, automation is super important. Automation and integrations. That's the area it could be improved, as we get more and more away from a lot of human involvement and [into] machine learning and just trusting that these systems could automatically help us.

For how long have I used the solution?

My name is Edward Martinez. Network engineer. Our company has about 5,000 employees, and we're in the beverage industry.

[I've been using Cisco ISE (Identity Services Engine)] ever since I started. That was one of the main services that I had to understand and get involved with as soon as I started at our company.

What do I think about the stability of the solution?

I haven't had many issues in terms of its stability. It doesn't really ever go down. Anytime we ever have any issues with it, it's usually human error.

How are customer service and support?

In the past, I've always had pretty good support from Cisco. Their TAC is really good. They're pretty straightforward. I haven't had many experiences with ISE, honestly. It works so well we haven't had to reach out too much.

I would rate their support about a nine out of 10. It works most of the time. It depends on the engineer you run into. It depends on the people you deal with.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

[The main challenge] was authentication and not using PSK, traditional pre-shared keys. They wanted to get away from pre-shared keys; people share them. They wanted something that would allow clients to just connect automatically, not have a pre-shared key, and be secure. That's the most important part, making sure that the right clients are getting on our internal corporate network.

[Our company] was just using PSK and that solution was really built around access control of our corporate networks. They were using PSKs at every site and rotating those PSKs, or had site-specific PSKs. Now, when somebody comes into the office, they can just connect to the employees' network automatically, and it's the same across the board at every site. 

It was this idea that we needed to simplify things. We needed to make it easier on our users to go into an office and connect to the internet and not have to ask an IT guy there or make a ticket. That was the important part.

How was the initial setup?

I've just been involved with the secondary deployment, using the ISE on our wired ports.

It was pretty straightforward. It was funny. We did it during COVID so it was really easy when nobody was in the office to implement the solution. It kind of worked out that way, when there was nobody in the office.

But otherwise, people have started to come back and we haven't had really many issues in terms of authentication. It's really easy. People have wired in and if their client has the right cert, it's been a breeze. They've been authenticated and it takes a minimal amount of time.

What about the implementation team?

We have an operations partner that we deal with pretty often. It's an Austrian company, NTS. They work with Cisco a lot on our solutions and, obviously, we're evaluating it with them and then making choices based off of that. I'm the onsite hands. I do a lot of the configuration on the switches, but they're doing a lot of the advising.

What was our ROI?

You're seeing less tickets and you have fewer security issues. I think the return on investment is there. It has really improved our situation in our corporate offices.

What other advice do I have?

Resilience is super important. The solution needs to be able to hold up and promise what it [intends] to deliver. In cyber security, that's super important because if you have any slight exploit, you're going to have malware attacks, ransomware attacks. That's [a] big [issue] in our company as, more and more, you hear about legacy systems being affected. These legacy systems sometimes don't go away. Sometimes you need them. You have to do your best to either patch them up or protect them either through a firewall or an access control system. 

[It's about] protecting the network infrastructure from exploits and really allowing us to segment IoT devices and the corporate network. And because [on] the corporate network, once you get into it, there really isn't anything protecting against accessing critical storage systems, accessing mission-critical servers, [or] our sales numbers, it's super important that we have the ISE so that we're only allowing the things that we want into the network that we trust.

[What I would tell leaders who want to build more resilience within their organization would be] evaluate solutions, prioritize it, get manpower behind it. Also, too often they put cyber security on the back burner. They're trying to maintain operations and sometimes cyber security can get in the way of operations. But trust that system, once you build it up, will protect you and that it's worth the investment in terms of money, labor, and time.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Rammohan Manike - PeerSpot reviewer
Sr Consultant at Tata Consultancy
Real User
It works the same globally no matter where you deploy it
Pros and Cons
  • "The core point is that Cisco ISE is the same globally compared to FortiAuthenticator. Whether I deploy in China, the US, South Africa, or wherever, I'm can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability."
  • "Cisco ISE could be simplified somewhat. I would also prefer certificate-based authentication over confirmation-based authentication for all the processes. It's possible for us to do a workaround, but the process needs to be simplified."

What is our primary use case?

I'm using Cisco ISE for integration. We are currently using it for 82.X, but we are planning on using it for a different use case in the next couple of quarters.

What is most valuable?

The core point is that Cisco ISE is the same globally compared to FortiAuthenticator. Whether I deploy in China, the US, South Africa, or wherever, I'm can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability. 

What needs improvement?

Cisco ISE could be simplified somewhat. I would also prefer certificate-based authentication over confirmation-based authentication for all the processes. It's possible for us to do a workaround, but the process needs to be simplified. 

For how long have I used the solution?

I've been using Cisco ISE for more than a year.

What do I think about the stability of the solution?

Cisco ISE is stable.

What do I think about the scalability of the solution?

I haven't really tried to scale ISE, but I don't think we'd face any challenges with hard gentle scaling.

How are customer service and support?

We have a good relationship with Cisco support. However, when they do a new release, they take their time. I don't have much of an issue with Cisco support itself, but working with their customer success team and those types of things can be a challenge. It's not just the response time. It's the total resolution time. They'll respond quickly, but when they get the particular fix, it's a challenge. 

How was the initial setup?

In the previous versions, the setup was okay. But as they add more capabilities, it gets more complicated to deploy and maintain the solution. We expect these complexities as part of the roadmap and evolution. We have to set the policy definitions manually because there is no discovery process to define what needs to be authenticated. When a new device is added, we might have to configure something so that it's integrated or set up some data flows of the service we need to do it. These are some of the maintenance activities that we must do to keep it live. We have a good IT team that numbers around 25 people and serves a decent number of customers.

What's my experience with pricing, setup cost, and licensing?

Customers respond to a low price. From the point of view of integration, Cisco ISE hikes up the cost of security, but otherwise, I think it should be okay.

What other advice do I have?

I rate Cisco ISE nine out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Infrastructure and Cybersecurity Manager at George Washington's Mount Vernon
Real User
We've experienced first-hand the reliable protection provided against malware and ransomware
Pros and Cons
  • "The solution cuts down on the repercussions of getting malware or ransomware."
  • "The solution can lag somewhat as we have a large database."

What is our primary use case?

We have two servers and they're both VMs. Every network system is issued a certificate and each device coming onto the network has to be on the domain with an active AD user logging into it. It needs an up-to-date AMP, which is our Cisco malware and virus scan product and it also needs to have the most current Microsoft security updates and the three layers that we're using: The core VPN, the Network Access Manager and the ISE profiler. When it goes through all those different things on every port on the switch, there are commands for it to be able to go through an ACL so it knows what users are there, what server, and what devices have been put onto the domain. It can verify all that.

The user can then proceed on to the network. We've set it so that regular users are VLAN'd off and can only see the data network through ISE and are blocked from seeing the rest of the network. Depending on the department needs or other factors, we have cameras for security which are on a different VLAN, and they can see those. We also have something for O&M where the AC guy can see the AC equipment, and we can prevent all the VLAN's from being viewed by everybody.

We are customers of Cisco and I'm the infrastructure and Cyber security manager.

What is most valuable?

The solution cuts down on the repercussions of getting malware or ransomware which happened to us four years ago. We regularly took very aggressive snapshots and we were able to recover in an hour and 20 minutes without any loss of data.

What needs improvement?

Because we have a large database and 4,000 network devices, the solution can lag a bit when you're running updates or different things because of the fact that it's so big and it is such a resource hog. But the biggest problem we've encountered is that it finds errors or people are rejected or not authenticated without a clear explanation as to why. A second issue is that we're currently on 2.4 and Cisco's gold standard now is 2.7. They are a little slow with that.

I'd really like the solution to dive down a little deeper when something's not profiling. As it stands now, you have to go through and search what hasn't profiled. Microsoft, for example, gives you a direction to look at and will even be specific sometimes and tell you there is a password error, or the password hasn't been updated, or it's not meeting the policy and that's why it won't let it through. Those are very helpful because you know exactly what's required to solve a problem. 

Cisco is getting better with it, but they fail in some areas because of a network connectivity issue, or it's not getting DCAP quick enough and it fails. Those things would be more helpful to understand when it's going through, so you are able to triage it a little better. I mean, it does point you in a direction, but sometimes you have to dig a lot deeper to find the right direction and figure out what kept it from profiling. One big issue we've discovered is that people are not rebooting their machines or powering them off at night. We're trying to ensure that is done by sticking messages on screens.

For how long have I used the solution?

I've been using this solution for the past two years. 

What do I think about the stability of the solution?

ISE is pretty stable. If it does have an issue then you need to call TAC and work through the bug in it. They are very responsive and very quick to help us eliminate the issue and also come up with a plan, such as how to move forward with additional issues or different things that are coming down the pipe with Cisco ISE. When you're talking to them, you feel like they are a partner and not just a disconnected entity.

How are customer service and technical support?

The technical support is excellent, I would rate them very highly.

How was the initial setup?

The initial setup is very complex. You have to go in and manually add in all the network devices, as far as all the switches, access points are concerned. You have to go port by port and add in codes and conditions and you have to go switch by switch and add in codes and conditions. You start out with a monitor mode and then go to an impact mode and then you go towards total lockdown. Implementation took us about 18 months. We rolled it out in short bursts because we have a very small IT team and we had a consultant company come in and work with us on installing it. A lot of it was knowledge transfer from them to us.

Our consultant was Cycorp, their main focus is network security. They are a sister Cisco partner, and we had one of their CCIE's come out and help implement everything. The gentleman at the top of the CCIE, was a former Cisco employee and a beta tester for ISE. Now that we have it in, I feel it's pretty much a game changer on locking down our network so that we're not penetrated from inside or outside because everything going through the VPN has to meet a certain standard.

What's my experience with pricing, setup cost, and licensing?

We did a five year deal and it was very reasonable. I think for the Avast virus scan, I think we were paying $95 a machine for five years, which nobody else could touch. And that includes all updates, technical support, etc. From the ISE side, I'm not really sure what it costs because it was all encompassed in equipment we were buying and the ISE and the AMP and the open DNS. I know that it was not more expensive than any of the things we had looked at with HP or BMC or other places. It was much more cost effective.

Which other solutions did I evaluate?

We have looked at other products but we are a Cisco shop so having a Cisco product rides very easy on all our switches, our access points, and our Cisco servers. I believe it's the same for other companies such as HP. It's also a priority for them that the solution works better with HP switches. Given that we weren't going to change our switches, we really needed to focus on something that was going to work well with our environment.

What other advice do I have?

The important thing is to have a good game plan going into it. Prep is key for everything going on with ISE. The more stuff you have prepped and the more understanding that you have upfront of how it goes through and how it behaves, the better off you are.

I would rate this solution a nine out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Abdul-Mumin-Iddrisu - PeerSpot reviewer
Chief Technology Officer at Oduma Solutions Ltd
Reseller
Top 10
Integrates with other applications to manage access
Pros and Cons
  • "Cisco ISE provides authentication for various applications. It can integrate with other applications to manage access, including Privileged Access Management for those applications. For a comprehensive environment, Cisco ISE should be able to integrate and provide asset management for an IT organization or any organization."
  • "The product is expensive. It would also be a good add-on to have some machine learning."

What is our primary use case?

We used it mainly for network access control and full stream for devices.

What needs improvement?

The product is expensive. It would also be a good add-on to have some machine learning.

For how long have I used the solution?

I have been using Cisco Secure Firewall for one year.

What do I think about the stability of the solution?

The product is stable.

What do I think about the scalability of the solution?

The solution is scalable.

How was the initial setup?

The initial setup is straightforward.

It's also recommended for clients during deployment. You're making everything very efficiently managed within the policies. The deployment is also very smooth, allowing you to configure your rooms easily. Once the initial setup is done, it becomes straightforward to understand, especially regarding Windows maintenance.

It was deployed to protect the network from unauthorized users but does not contribute directly to operational efficiency.

What's my experience with pricing, setup cost, and licensing?

Cisco ISE doesn't come cheap but it's still valid working.

What other advice do I have?

We recommend it to our customers.

Cisco ISE provides authentication for various applications. It can integrate with other applications to manage access, including Privileged Access Management for those applications. For a comprehensive environment, Cisco ISE should be able to integrate and provide asset management for an IT organization or any organization.

Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
reviewer2390460 - PeerSpot reviewer
Director, Information Technology Solutions at a healthcare company with 5,001-10,000 employees
Real User
Top 20
Comprehensive and allows you to control access to network resources granularly based on policies
Pros and Cons
  • "Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies."
  • "Cisco ISE is very complex and not very easy to deploy."

What is our primary use case?

We use the solution for network access control.

What is most valuable?

Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies.

What needs improvement?

Cisco ISE is very complex and not very easy to deploy. There are a lot of prerequisites for the tool.

For how long have I used the solution?

I have been using Cisco ISE (Identity Services Engine) for three years.

What do I think about the stability of the solution?

We did not face any issues with the solution’s stability.

What do I think about the scalability of the solution?

Cisco ISE is a very scalable solution.

How are customer service and support?

We are working with a partner for support and are very happy with them.

On a scale from one to ten, where one is bad and ten is good, I rate their support a seven or eight out of ten.

Which solution did I use previously and why did I switch?

Compared to Cisco ISE, Fortinet NAC is more consumer-friendly.

How was the initial setup?

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a four out of ten.

What about the implementation team?

The project lasted a few months, but the planning took several months. Cisco ISE itself means nothing. It has to have the network set up to ensure the network penetration is in place, and we're still working on that.

What was our ROI?

Security is about risk control and exposure avoidance. You can only calculate its return on investment based on how you avoid penalty fees. Cisco ISE improves our security stats.

What's my experience with pricing, setup cost, and licensing?

If you consider money only, Cisco ISE is not a cheap solution. Functionality-wise, however, it offers a very good price for the value you receive.

What other advice do I have?

The solution's compliance and policy enforcement capability has benefited our organization by simplifying work.

The solution operates in the background, and users generally don't interact with it. Cisco ISE is the security framework layer between network resources and end users using them. Users do not go into Cisco ISE to do anything.

It's like Active Directory for Identity. If you're an end user, you don't work in Active Directory, but you authenticate Active Directory to use resources on the network. The same applies to Cisco ISE, and users don't interact with it directly. They are affected by it to the extent to which they are accessing network resources.

Cisco ISE has a very comprehensive integration suite and we did not face a lot of challenges in integrating this solution with other security tools. If they know how to use it, I would recommend the solution to other organizations with similar security needs.

Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Cisco Identity Services Engine (ISE) Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Cisco Identity Services Engine (ISE) Report and get advice and tips from experienced pros sharing their opinions.