Cisco Identity Services Engine (ISE) Reviews

We use it for MAC Authentication Bypass, 802.1X authentication, and certification and validation against Active Directory. Because MAC devices can't be enrolled in the domain, we were doing a manual installation of certificates.

We are a very secure enterprise now because only our corporate endpoints can be authenticated on our wireless. Before, any device could be connected to our production network. And the corporate endpoints have antivirus and anti-malware. Things are more and more secure.

Authentication is the most valuable feature because it puts our company at another level of security. It establishes trust for every access because we use only corporate endpoints. If somebody has another device, they can't connect it to the enterprise network because we haven't implemented bring-your-own-device yet. We have five warehouse buildings and all our operations are around logistics and that means external people don't come to our buildings.

I have been using Cisco ISE (Identity Services Engine) for three years.

It's very stable.

It's expensive to scale Cisco ISE, but our situation is stable so we don't need to scale it for now. In the future, we will need a more scalable solution.

It is used for all our departments, all end-users, all corporate endpoints. And when we use MAC Authentication Bypass, we include printers and VIP cell phones.

Tech support is very good.

Positive

We didn't have a previous solution.

The deployment was a little complex, but not because of the solution. It was more an issue for our people because it was a mindset change.

It took us about six months to deploy. Because we didn't have a previous solution, we just deployed it one department at a time across our four departments.

We used an integrator, ITS Infocom. Experience-wise, it was very good. On our side, we had three people involved. 

Since implementing Cisco ISE, we haven't had any attacks against our application.

Pricing is not a problem for Cisco because it has a lot of features and not much competition, although it's more expensive than other products. But if I do a cost-benefit analysis, Cisco provides high quality.

We looked at Aruba. Cisco ISE is much better.

Be patient with the implementation. It can be very difficult for the clients, the people using it, because it requires a change of mindset.

We use it to secure our networks. We can secure our switches and wireless networks, basically everything.

We use it primarily for wireless security, but it can be used for many other things as well, like LAN and WAN security.

There is room for improvement in CLI. Most things are done through the GUI, and there aren't many commands or troubleshooting options available compared to other Cisco products like switches and routers. We have more visibility on the CLI for those devices, but the GUI seems limited. Moreover, sometimes, GUI seems very pathetic. 

I have experience working with this solution. I have been using it for four to five years. We still use the old version, but we plan to migrate to the new version soon because they recently changed their licensing model.

The product is stable. We don't face many challenges. It's stable, so  I would rate it around a nine out of ten.

The product is scalable. I would rate the scalability a ten out of ten. We have medium-sized businesses as our clients. 

There was some delay.

Positive

Setup wasn't difficult because we already had a solution in place. It was very easy to install.

The deployment definitely took weeks.

I would rate the pricing an eight out of ten, one being cheap and ten being expensive.

Overall, I would rate the solution a nine out of ten. 

We use Cisco ISE for the authentication of wireless clients.

Cisco ISE has saved me a couple of hours per month in terms of not having to manually onboard clients. However, there are still some manual tasks that need to be uploaded to Cisco ISE.

The most valuable feature of Cisco ISE is its seamless integration with the switches and the entire suite, enabling wireless access and smooth client information retrieval.

One of the problems we have had is that there are many features on Cisco ISE that we are not utilizing. In the real world, it requires multiple parties to come together, just like the AD or OU. Therefore, it won't be solely the responsibility of the network or security personnel to ensure that the solution works as intended and utilizes all the features. It necessitates collaboration among various stakeholders. If Cisco could grant more control, the features could be more focused on network and security administration, reducing the need for integration with other components. This would be beneficial for my organization.

I have been using Cisco ISE for one and a half years.

Cisco ISE is extremely stable.

As long as we have the funds to purchase the license, Cisco ISE is highly scalable.

We have a contact person in Singapore whom we can reach at any time for support.

Positive

The initial setup was straightforward because we used an integrator.

We used an integrator for the implementation.

The cost-benefit analysis primarily considers the time saved through manual labor.

The recent changes in the licensing model have caused some issues with the team. 

We have a rigorous procurement process and carefully evaluated other options before selecting Cisco ISE.

One of the other solutions we evaluated was the Aruba Wireless feed and its accompanying authentication, but we determined that Cisco ISE was superior and more beneficial.

I would rate Cisco ISE with a nine out of ten based on its overall benefits. However, since I am unable to utilize all the features due to the need for coordination from numerous other teams, I would personally assign it a benefit score of only five out of ten.

We attempted role-based access with the Cisco ISE integration, but it didn't work out effectively because it is more of an upper-level issue regarding organization and role level. Multiple teams had to collaborate, and there was a need to configure the Active Directory and Organizational Unit groups. This also involved restructuring and similar tasks. As individuals moved between OU groups, someone had to consistently update the OU groups to ensure the success of the process.

We have made a significant investment in Cisco infrastructure; therefore, we have chosen Cisco ISE as a logical option for our authentication mechanism.

Cisco ISE has not directly assisted our organization in enhancing its cybersecurity resilience.

We use ISE for security group tagging in terms of guests and visitors who access the network to make sure that they actually go through this to control their privilege access to ensure they don't actually access the internal network, etc. 

Our clients use ISE as a form of security policy management so that users and devices between the wired, wireless, and VPN connections to the corporate network, can be managed accordingly.

Take a house for example. Sometimes you need to access a room via a certain keyhole, so you use a key that is unique to that door. With ISE, you can segment this process in terms of policy management based on the security tag. You actually grant the user access based on the tagging.

That's the IT trend — saving a lot on operating costs to manage the different users and access methods.

Within our company, we have roughly 200 employees using this solution.

My clients are always talking about the segregation capabilities. Segmentation refers to how you can actually segregate employee and non-employee client access. 

They have recently made a lot of improvements. My clients don't have much to complain about — it's a one-stop-shop.

It should be virtualized because many people have begun migrating to the cloud. They should offer a hybrid version. 

It's stable but there's a limitation of up to 200,000 users. If you have a big number of users, then you have to customize the installation process. 

It's only scalable up to 20,000 users. 

I would say Cisco's support has been getting worse. I think they outsource a lot of skillsets.

The initial setup is pretty straightforward. They actually provide a lot of help to IT administrators which makes setting it up rather easy.

The whole setup takes about three days because you need to basically configure the network, test the configuration, and then you need to cut over to production. 

Our customers definitely see a return on their investment with this solution.

I think licensing costs roughly $2,000 a year. ISE is more expensive than Network Access Control.

If you wish to use ISE, you must have a deep understanding of IT. If you don't, setting it up properly will be very complex.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

We use this solution to protect the network especially when someone brings their own device and to lock out access to anybody connecting to the network. Also to make sure that the people connect to the correct VLAN. So, mainly for security wifi access so that when people want to connect to our wifi they have to log in using their credentials.

We give guests limited access to the internet when they come in so that access has been useful. Previously, we just used to give them the APN key which they would leave with. Now, we give them credentials to use that are for a limited period of time.

It is stable. Any time we found an issue we would get in touch with the reseller to help fix it. Then they tell us where the problem is and we'll know where to look. 

It is scalable. We have around 350 users. We required two staff members for maintenance but they don't have enough knowledge so we have to reach out externally for more help. 

Their technical support has been good. They have been responsive every time we have an issue. They get logs, check and then give us feedback of which corrections to do.

The initial setup was complex. We had to engage an expert. When we rolled it out we would find challenges and then we would have to find a way of fixing those challenges. Out of  nowhere, it would lock out all users. Then we discovered that no, the password had expired for the service account. We needed to make it none expiry.

Deployment took about a month. We had to do project planning, discuss the plan with the team, and by the end, it was a month.

We used a reseller for the implementation and we had a good experience with them. 

If you go directly with Cisco for the implementation it's very, very expensive.

We also looked at Aruba.

It's a good product but it requires technical support and knowledge otherwise it will be difficult to manage and run it. It requires somebody to be configuring issues. You need protection as you advance in the usage but it's a good product. 

I would rate this solution an eight out of ten. In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support.

We use the solution for network access control.

Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies.

Cisco ISE is very complex and not very easy to deploy. There are a lot of prerequisites for the tool.

I have been using Cisco ISE (Identity Services Engine) for three years.

We did not face any issues with the solution’s stability.

Cisco ISE is a very scalable solution.

We are working with a partner for support and are very happy with them.

On a scale from one to ten, where one is bad and ten is good, I rate their support a seven or eight out of ten.

Compared to Cisco ISE, Fortinet NAC is more consumer-friendly.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a four out of ten.

The project lasted a few months, but the planning took several months. Cisco ISE itself means nothing. It has to have the network set up to ensure the network penetration is in place, and we're still working on that.

Security is about risk control and exposure avoidance. You can only calculate its return on investment based on how you avoid penalty fees. Cisco ISE improves our security stats.

If you consider money only, Cisco ISE is not a cheap solution. Functionality-wise, however, it offers a very good price for the value you receive.

The solution's compliance and policy enforcement capability has benefited our organization by simplifying work.

The solution operates in the background, and users generally don't interact with it. Cisco ISE is the security framework layer between network resources and end users using them. Users do not go into Cisco ISE to do anything.

It's like Active Directory for Identity. If you're an end user, you don't work in Active Directory, but you authenticate Active Directory to use resources on the network. The same applies to Cisco ISE, and users don't interact with it directly. They are affected by it to the extent to which they are accessing network resources.

Cisco ISE has a very comprehensive integration suite and we did not face a lot of challenges in integrating this solution with other security tools. If they know how to use it, I would recommend the solution to other organizations with similar security needs.

Overall, I rate the solution an eight out of ten.

We are resellers. We provide and deploy solutions for our customers.

Cisco ISE (Identity Services Engine) helps the operation to automate.

It works very well with the network, router, and switches. It is able to enforce the policy and assigns the traffic a Security Group tag.

A Google user is able to enforce access throughout the router and switches ensuring the traffic going through has the same policy.

When you push out the policy, it is able to populate the entire network at one time.

It's quite good, the market is using this solution.

This solution has enhanced features that make it difficult to use. To make it easier, it should be made without PxGrid.

It should be able to work with third-party routers and switches. We want to work in an environment where there are multi-vendors that require PxGrid.

Their software-defined access is not easy to implement. You have to have a good understanding of how to implement it. It would be helpful if they could make it easier for the customer to adopt.

Third-party integration is important, as well as the continuous adaptation feature, which is the AIOps. It would be helpful to include the AIOps.

They are currently on version 3.1.

If the customer has more than 200,000 users, the performance becomes a bit laggy.

In terms of scalability, it's available on the cloud, but I have not yet tested the features on the cloud.

It is used mainly by our customers, who use it for their entire infrastructure. They have anywhere from 50,000 to 100,000 users.

Technical support could be better. They outsource the support.

We are brought all around the world, it is similar to following the sun.

Currently, I am using SD-WAN (Software-Defined WAN) from Silver Peak.

To complete the installation, you need to be technically knowledgeable. The setup could be easier.

For the content, and the technologies it is made to be a bit more complex. 

The technology is good, but to use some of the other features, and capabilities, they request that we purchase the Cisco DNA Center. As a result, the bundled price is a little high.

Once you purchase the DNA, you will need the SNA then the license, overall it's very expensive.

If, however, you implement Cisco ISE without the DNA and the SDA, the price is reasonable.

To avoid running into any complications when getting this solution up and running, you should get technically trained and comfortable with it before applying it.

I would rate Cisco ISE (Identity Services Engine) a seven out of ten.

We use it for the identification of our devices, users, and wireless users.

Unauthenticated devices are not allowed on our network and that has been an improvement for our company. With Cisco ISE, we control the certificates of each device so that devices have internet access. The solution has eliminated trust from our network architecture.

The access policies, and all of the policies in Cisco ISE, are important to us.

The user interface could be more user-friendly.

I have been using Cisco ISE (Identity Services Engine) for about six years.

The stability has been perfect. Our company has been using it for more than 10 years and it's stable. It's really good.

The scalability is also good.

The customer service has been perfect.

Positive

We did not have a previous solution.

The pricing is fair. We have a base license and an OpEx license.

We looked at other solutions, but that was a long time ago.

I would recommend ISE to colleagues. We are happy with it and we want to use it in the cloud, next. Our on-prem devices go end-of-support in 2023 and we will try to use it on the cloud.