Cisco Identity Services Engine (ISE) Reviews

We utilize Cisco ISE for network access control and employ RADIUS access for managing user control in our virtual environment.

Cisco ISE enables us to implement network access control, ensuring that only approved devices can connect to our network. It serves as a central hub for all types of network access, including wired, wireless, and VPN connections improving our network security.

It does a good job of helping secure our infrastructure from end to end, even though there are many features that we are not utilizing.

Cisco ISE has helped us consolidate tools like Cisco Token that we no longer require. The ability to consolidate tools has provided us with a centralized point of access for our security infrastructure, generating abundant information regarding access.

It has helped our organization improve its cybersecurity resilience by enabling us to control the devices that access our network, unlike before when we had to physically access the port.

The most valuable feature is the flexibility of the policy sets.

Cisco ISE requires a lot of time-consuming administration.

I have been using Cisco ISE for eight years.

Cisco tech support, I'm sure, is very good. However, the amount of resources required to submit and process cases is quite significant. As a result, unless we encounter a major issue, we generally prefer to avoid Cisco TAC and instead seek out workarounds.

The initial setup should be straightforward, but it is often quite complex. A greenfield deployment, where we start from scratch, is easy. The challenges typically arise when we attempt to upgrade an existing deployment.

We utilized the services of Open Network for assistance with the implementation. Their services were excellent, and we would gladly engage their services again.

I give Cisco ISE an eight out of ten.

Cisco ISE is equipped with numerous features. We are a small company and only utilize the ones we require. However, as our requirements change or grow, we may consider adopting more of the features that Cisco ISE offers.

The administration can be time-consuming due to all the updates and patches, but overall, I recommend Cisco ISE.

Our organization was familiar with Cisco, and we used wireless LAN products. That is why we chose Cisco ISE, as it integrates well with our infrastructure.

There's a variety of customer uses for Cisco ISE, which includes securing the edge of the network.

Cisco ISE allows our customers to concentrate on other aspects of the business, knowing that much of their security is now in place.

Cisco ISE's profiling and posturing features ensure that all devices are compliant with regulatory authorities.

Sometimes some of Cisco ISE's graphical interfaces could be a little bit smoother. However, with the different versions, the product is getting better and better.

We've been using Cisco ISE for approximately seven years.

Like most products, as Cisco ISE evolves with different software versions over time, it becomes more stable and feature-rich. Initially, when it first came out, it was playing catch up with other vendors and solutions. However, now Cisco ISE is probably at the forefront of Open NAC solutions.

You can build a distributed model or architecture, and you can scale out with a number of PSN nodes. So Cisco ISE can grow as you grow.

Cisco ISE's technical support is generally very good. They have different levels of tech engineers, but their tech support is very good.

Positive

Some of our customers have considered using Juniper NAC, ClearPass, etc. They switched to Cisco ISE because they had a lot of network infrastructure in place and wanted a single vendor they could use end to end. Everybody has a good relationship with Cisco because they know that if there is a problem, their technical support team will resolve things in a quick and timely manner.

Cisco ISE is very scalable. We can do a small proof of concept and very quickly demonstrate that to customers.

Our customers have seen a return on investment with Cisco ISE. The solution has helped our customers consolidate several products into one and free up their IT staff. Also, the reporting from Cisco ISE enables them to show senior management their network's health.

The licensing could be better across all of the Cisco products. Cisco's licensing models seem to keep changing with different software versions. Cisco is moving towards a subscription service, which would mean additional costs.

Our customers are using Cisco ISE, but we're helping to integrate it into their solutions.

The end-to-end infrastructure security from Cisco AnyConnect host points is very good.

Cisco ISE has helped free up our customer's IT staff to concentrate on other projects. In the UK, where I predominantly work, a lot of the NHS staff have a lot of access switches located throughout multiple buildings. Cisco ISE probably frees up at least twenty percent of their time.

Our customers can use Cisco ISE for device administration for TACACS, RADIUS devices, and individual host appliances.

The migration from ACS to Cisco ISE has helped. Some of our customers were looking at various MAP implementations using different vendors, but we've now got I 2.1 X and MAM all built-in together.

Cisco ISE's ability to consolidate tools or applications has centralized everything and made things a lot easier and smoother for our customers to carry out their day-to-day tasks.

Cisco ISE has helped improve the cybersecurity resilience of our customers' organizations. We've always been able to integrate Cisco ISE into other products. So they're getting more security alerts, making them a lot more secure and happy with their environment.

Overall, I rate Cisco ISE an eight out of ten.

We are using it mainly for .1X authentication, and we also authenticate our VPN users, and we are doing some light profiling and posture.

We're trying to solve the problem where different users have different privileges in the network. And also we're trying to block some access from our least privileged users. Those are the main use cases for us.

We have on-prem virtual appliances and a distributed model.

It has improved our organization very much because we're now adopting the SGTs, Security Group Tags, and we're leveraging security based on those tags on our core systems and integrating with other SG firewalls.

We have a pretty distributed network and we have only one ISE deployment and it's been really good so far for managing all of those sites.

The most valuable thing in ISE is the adoption of EAP deep that came in [version] 2.7, so we can do authentication based on user and machine certificates in one authentication.

[Regarding establishing trust for every access request] it's been pretty good so far. We've been authenticating all of our users, no matter where they're coming from. If it's from our VPNs, or if it's wireless access, we are all Cisco, so the integrations are pretty good. It's very important [that the solution considers all resources to be external]. Right now, with the challenges that the multi-cloud environment poses, you have to have a solution like this.

[When it comes to securing access to your applications we are] not [using it] so much. I'll have another session with a TAC engineer on Friday, and I will have to discuss some basic concepts of securing the application with ISE. I find it very challenging to do some micro segmentation with it. I'm staying on top of it and doing it macro, but I want to go micro, and it's something I need to discuss more with an engineer.

Also, the menus could have been much simpler. There are many redundant things. That's a problem with all Cisco solutions. There are too many menus and redundant things on all of them. This is a problem in ISE. This could be much simpler.

I wasn't involved in the process of choosing this particular technology. The colleagues that made the decision made it seven or eight years ago. They were using ISE for a long time. I've been in the company for four years now so I came into an already deployed solution. But it wasn't so good, so we had to migrate from physical appliances to virtual ones because they were end-of-life and end-of-support.

Sometimes, they push an update that breaks the whole deployment. It happened to me with update two. It was my fault. I updated right after it came out, and I won't ever do that again. I will wait at least a month or two or three, because the update was taken down a week later.

I was lucky enough because I had updated from update one to update two. So it didn't really break the whole deployment, just parts of it. But they fixed it in a week with update three, so I was able to put it back together. Roll back is also always an option.

Scalability is really good. The number of possible nodes in deployment is high. I don't know the exact number, but it's really high. Scalability is not a problem.

I have had some problems lately with the TAC engineers being unable to investigate the logs that I gave [them]. They always ask for more, but there is not much you can do on ISE. When you give out all the debugs from the nodes, then there is nothing else to do.

It's been a bit of a ping pong with the TAC engineers. Sometimes I have four to five TAC cases open, specifically on ISE. Most of the problems I have are with the integrations of other companies' firewalls. 

This year I would give them a six [out of 10]. Before, I would say eight.

Neutral

I have had to find my own way to do the new deployment. It wasn't that there was some documentation about how to migrate. There is none of this stuff on Cisco's site. You have to search Reddit and multiple forums to assess what you can do with the deployment. I basically built it from scratch.

We are more secure thanks to ISE. That's always a return on investment.

[When it comes to eliminating trust from our organization's network architecture] I'd say, no, ISE hasn't done that. It's been a challenge to implement this. We're trying to bridge the gap between the security guys and network guys. They're not the same teams. Sometimes the security guys also do networking, but it can be hard to cooperate on projects like this. This is a big project. ISE is a pretty big solution and security guys are sometimes lost in what's going on in the network, like equipment where you have to configure things.

It's pretty much the most resilient solution as of now.

I like this solution a lot. I would say it's a nine out of 10.

This solution provides access to the employees of the company.

It works. It is simple. It works very well. We have a good strategic setup. We are very happy with the solution and we have no problem using Cisco ISE solutions.

The solution is stable.

It's scalable. 

I'm not working in the IT team. I'm working the sales team. While there are a lot of features that we could improve in our organization, I can't speak to the exact changes that should be made.

We'd like to be able to integrate the product with our solutions. Sometimes we face some infrastructure where there are multiple vendors and sometimes the ISE is not the best tool to manage multiple vendor infrastructure. 

The price here in Brazil is very expensive. 

Configurations can be a bit complicated. 

Sometimes we have problems integrating logs into SIEM solutions. We have to deliver some logs to a SIEM secret platform, and sometimes it does not work well. It would be better if we had better integration or a better way to deliver the logging SIEM platforms.

I've been using the solution for five to six years. 

The stability is good. There are no bugs or glitches. It doesn't crash or freeze.

We have no problem with the management of our infrastructure when we need more accountability from the platform. Scalability was fine. There is no problem.

We have 6,000 people in Brazil using the solution. 

I consider technical support to be perfect. Anytime that I have problems with shifting solutions, they work well with me and I have no problems with working with them.

I'm a reseller from Fortinet and Cisco solutions. I also have experience with Check Point. 

I can't speak to how the setup goes. I'm not working directly in deployment. What I've heard from my customers, for example, is that it is not difficult to set up, however, it may be to run all the features.

What I've heard is the first setup is very, very easy and to do some adjustments is very easy, however, when you want to go further in the configuration, that could be a bit easier.

I can't speak to the exact pricing of the product.

I work with various versions of the solution. 

We're resellers.

Others should know it's a very good solution, very stable. There are a lot of features, and it is a secure solution. It's the first solution that we indicate to our customers and most of the time, the decision of the customer is to deploy a Cisco product. 

I'd rate the solution nine out of ten.

Cisco ISE is on the back end, and all our policies and security are on it. DNS centers and all our network backbone is integrated into Cisco ISE. So, the solution is pretty critical for us.

Cisco ISE has helped improve our organization security-wise.

Cisco ISE integrates with everything else. It forms our security and identity backbone, and all our authentication goes through Cisco ISE. That's why the solution is so important to us.

Troubleshooting and multi-ISE can be challenging with the solution.

My organization has been using Cisco ISE since 2018.

Once configured properly, Cisco ISE shows good stability.

Cisco's TAC is good. Cisco support, in general, is too layered these days. Often we have to repeat the same thing over and over to the TAC guys, which is a bit frustrating. Cisco's TAC needs to be a bit better.

Neutral

Cisco ISE's deployment can take weeks, months, or years depending on how rigidly you adhere to the guidelines and how good your existing infrastructure is.

We have seen a return on investment with Cisco ISE from a security point of view.

Cisco ISE's licensing can get pricey.

Sometimes, the Cisco guys disagree about it, but other than that, the Cisco guidelines are clear and concise enough.

Cisco ISE helps to secure our infrastructure from end to end so we can detect and remediate threats. The solution does what it's supposed to do.

Cisco ISE has saved a little time for our organization.

Since Cisco ISE is a more robust solution, it has helped our organization improve its cybersecurity resilience.

Before implementing Cisco ISE, you should look into it in-depth on how it can be used, how it can be integrated with existing tools, and how your staff can be trained to troubleshoot it. The solution has its pitfalls, and when it breaks, it can break heavily. So be aware before you deploy it.

Overall, I rate Cisco ISE a seven out of ten.

We use it as our complete NAC solution for both on the wire and wireless as well as guest wireless access and SGTs.

We have five hospitals. We have two service policy nodes at every hospital. We have a deployment at every hospital site.

We are a healthcare department. We deal with a lot of PHI so ISE is important. It is an integral part of keeping PHI safe.

The solution has helped with safety and keeping people who shouldn't be on our network off our network.

Cisco ISE works very well for establishing trust for every access request when it is deployed and running correctly. It is a great product. It does what it is supposed to do.

We know what is on our network because ISE is able to tell us.

The guest wireless works pretty smoothly. The SGTs came in very handy when we had to segregate traffic away from our network, even though it is part of our network. 

The SGT function would probably be the most used. This is mainly because we have a lot of vendors on our campuses but we need to keep them from seeing the traffic and being able to touch other areas of our network. Being able to use SGTs kind of keeps them in their own little lane away from us.

When it is deployed correctly, it is very helpful. It runs smoothly. It is just integrable to what we do.

I would definitely improve the deployment and maybe a little bit of the support. Our first exposure to ISE had a lot of issues. However, I have noticed as we have been implementing patches and upgrades that it has gotten a lot better.

I have been using it for about four years.

With patches and a little bit of babysitting, it is totally stable now.

It is easily scalable.

The technical support is phenomenal. I have called and opened up a ton of tech cases. Eventually, you get the right engineer who can solve all your problems. I would rate them as eight or nine out of 10. It has gotten a lot better. If someone asked me about support two or three years ago, I would have probably given them five out of 10.

Positive

We didn't use a solution before ISE.

We have seen ROI. It has done its job. It has protected us when we needed it to.

Make sure you have everything ready, including all your information. Make sure you know what you will profile and what will come on your network.

Get hardware nodes versus the VMs.

You definitely want resilience. You want to keep everything protected, especially in the day and age that we live in now. Information is power. Keeping our customers' and patients' information safe is our number one priority.

I would rate it as nine out of 10 because it has gotten better. I have seen it at its worst. Now, it is running a lot better. So, I have a better opinion of it than I did.

I'm using Cisco ISE for integration. We are currently using it for 82.X, but we are planning on using it for a different use case in the next couple of quarters.

The core point is that Cisco ISE is the same globally compared to FortiAuthenticator. Whether I deploy in China, the US, South Africa, or wherever, I'm can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability. 

Cisco ISE could be simplified somewhat. I would also prefer certificate-based authentication over confirmation-based authentication for all the processes. It's possible for us to do a workaround, but the process needs to be simplified. 

I've been using Cisco ISE for more than a year.

Cisco ISE is stable.

I haven't really tried to scale ISE, but I don't think we'd face any challenges with hard gentle scaling.

We have a good relationship with Cisco support. However, when they do a new release, they take their time. I don't have much of an issue with Cisco support itself, but working with their customer success team and those types of things can be a challenge. It's not just the response time. It's the total resolution time. They'll respond quickly, but when they get the particular fix, it's a challenge. 

In the previous versions, the setup was okay. But as they add more capabilities, it gets more complicated to deploy and maintain the solution. We expect these complexities as part of the roadmap and evolution. We have to set the policy definitions manually because there is no discovery process to define what needs to be authenticated. When a new device is added, we might have to configure something so that it's integrated or set up some data flows of the service we need to do it. These are some of the maintenance activities that we must do to keep it live. We have a good IT team that numbers around 25 people and serves a decent number of customers.

Customers respond to a low price. From the point of view of integration, Cisco ISE hikes up the cost of security, but otherwise, I think it should be okay.

I rate Cisco ISE nine out of 10.

We were looking for secure network access.

It's important that the solution considers all resources to be external because we are introducing new endpoints to the environment every day. We want to make sure that endpoints are secured. In addition, we want to see what that endpoint is doing in our environments.

ISE has eliminated trust from our network architecture. It has changed the methodology of how we look at security. Instead of having everything open, now we know exactly what to open and what to trust.

SGTs are valuable because they make it easy to enforce policies, instead of pushing them across all the other platforms.

I would like to see them simplify the dashboard. It's very configurable, but, at the same time, it's not easy to maneuver through it. They should "Merakify" it.

The deployment is complex. I get that it's very configurable, but there is the challenge of how to get to certain things. You go to different places to get the same things done. There needs to be improvement to the GUI.

I have been using Cisco ISE (Identity Services Engine) for seven years. 

It's now way more stable than 2.0 was.

It's scalable, but we get back to the point that you have to deploy multiple nodes across the environment to get the bandwidth for larger environments.

TAC is pretty good. They're solid. The product has been out there for a little bit so that side of things is good.

Positive

We had ClearPass.

It's pretty good when it comes to supporting an organization across a distributed network but it's not easy to implement. It requires a lot of expertise. It requires a full understanding of your environment and the traffic flow.

Our clients have it in multiple locations. At the same time, there are multiple SSIDs on the wireless side and each SSID has a different function for a different group of users. It's not like there is just one set of policies. It has to be multiple policies and sometimes the policies cross each other when moving from one campus to another campus.

Deployment requires a minimum of two solid engineers. One can focus on the network side and the other one can focus on the ISE side.

The way you establish trust is that you first have to "untrust" everything and then you set your points and your profiles and, based on that, you build your policy.

It's damn expensive and the licensing is terrible. There are three different types of licenses: Essential, Advantage, and Premier, and each one of them has certain features. I work with the SLED accounts and it's not easy for customers to find the money. I'm trying to sell their product but, at the same time, to utilize the product fully they have to pay millions of dollars on the licensing alone. And it's software. It's not like I'm selling them hardware with hardware value. It's just software. The prices need to be brought down.

The majority of our clients are still using 2.7, while some have moved to 3.0 or 3.1. That's another issue with the licenses. If you have perpetual licenses on 2.7 and you upgrade to 3, you are forced to go with Essentials. That is one of the issues that I'm seeing with my clients now.

Go for it. It's a great solution. It's very configurable and you can tie your environment together from a wireless or from a wired side. I love the solution.