CyberArk Privileged Access Manager and Cisco Identity Services Engine (ISE) compete in the field of security management and access control solutions. Based on feature offerings and security effectiveness, CyberArk appears to have the upper hand due to its comprehensive security features and modular design.
Features: CyberArk Privileged Access Manager offers robust features such as account management, session monitoring, and security integration capabilities, supported by a modular design that allows customization and expansion. Cisco Identity Services Engine (ISE) focuses on secure access control, integration with Cisco ecosystems, and advanced profiling capabilities, ensuring strong network visibility and segmentation.
Room for Improvement: CyberArk Privileged Access Manager could improve its user interface, integration capabilities, and documentation to enhance user experience and ease of implementation. Cisco Identity Services Engine (ISE) stands to gain by simplifying its interface, improving integration with third-party solutions, and revising its licensing model to be more user-friendly.
Ease of Deployment and Customer Service: CyberArk Privileged Access Manager supports versatile deployment options across on-premises, hybrid, and public cloud environments, although some users point out response times in customer service as a concern. Cisco Identity Services Engine (ISE) is primarily focused on on-premises deployment but has recently begun supporting hybrid models, with generally responsive customer service that can be complicated by licensing issues.
Pricing and ROI: CyberArk Privileged Access Manager is perceived as expensive, yet it provides significant ROI through security features and compliance enhancements. Cisco Identity Services Engine (ISE) also faces pricing concerns, particularly with its shift to subscription-based pricing, which can deter potential users due to its complex licensing model, despite offering value through its integration capabilities within Cisco environments.
Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.
The return on investment lies in improved security infrastructure, addressing over-privileged access, and reducing the risk of credential compromise, which is a major source of data breaches.
During our quantitative analysis, we estimated potential savings of one to ten million dollars a year by using a PAM solution.
With other tools such as Okta where you have self-service for resetting your own passwords and things like that, the average savings is 12 minutes, which is six dollars for a password reset, and you can extrapolate that over your organization.
I rate the technical support as one out of ten.
Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.
CyberArk has been exceptional in coming back to us with immediate responses.
It could be forever until you talk to someone who knows what they are doing.
They are helpful, but complex issues can take a long time to resolve, which can delay solutions for urgent customer issues.
Factors like architecture, business nature, and legal limitations such as GDPR affect it.
The CPM can reportedly handle up to 50,000 accounts independently without issue.
I would rate it a ten out of ten for scalability.
They had 40,000 passwords in this one safe, and it was saving the last ten iterations of each password object. That means they had 400,000 password objects in this safe. They exceeded the limit.
Cisco Identity Services Engine (ISE) is considered very reliable and stable.
The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication.
Proper fine-tuning and expertise ensure the product performs well.
Overall, the stability of the solution is high.
It has a large customer base and positive feedback within my network.
The whole setup works well with Cisco access points and Cisco switches, but when you have multiple vendors in the environment, such as HP switches or access points like Aruba, you'll find they will not work well with Cisco Identity Services Engine (ISE).
Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features.
They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases.
They want everything to be on the cloud, but even in the SaaS version of CyberArk Privileged Access Manager, they need to deploy some servers on-premises.
We cannot generate a plug-in for web-based applications.
If they want clients to move to the cloud, they need to support them in real-time.
Compared to other solutions like HPE ClearPass, Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.
The license costs can range between $50,000 to $100,000 per year for enterprises.
Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective.
CyberArk is expensive compared to other products I know.
CyberArk is comparatively expensive compared to other PAM solutions, such as Delinea, especially during renewal.
CyberArk's SaaS solution is particularly expensive.
Cisco Identity Services Engine (ISE) offers authentication using RADIUS, enhancing network security by separating and segregating networks.
The solution is integrated with other Cisco devices and can offer automation for an organization, making deployments more dynamic and providing real-time visibility.
Cisco Identity Services Engine (ISE) is very good at device administration.
CyberArk Privileged Access Manager helps ensure data privacy because we now know who is using which credentials and at what time.
It keeps a record of activities, allowing me to easily fetch screen recordings to detect any misuse and see who did what and what happened.
It can integrate with Splunk, SNMP, and other solutions and technologies.
Cisco Identity Services Engine (ISE) offers comprehensive network access control and visibility, supporting features like 802.1X authentication, profiling, and posturing. It integrates with Microsoft and other Cisco products, facilitating robust security policies across distributed networks.
Cisco Identity Services Engine is a key player in network access control, offering centralized management and a user-friendly interface. It supports zero trust principles and provides strong authentication for wired and wireless networks. ISE's capabilities include granular security policies, enhanced device posturing, and seamless integration, bolstering security infrastructure. Users benefit from its dual authentication through EAP, simplifying access management across networks.
What are the key features of Cisco ISE?In industries like finance, healthcare, and education, Cisco ISE is pivotal for securing wired and wireless networks, implementing BYOD policies, and managing user access. Organizations leverage ISE for effective authentication and authorization, while maintaining compliance with industry security standards.
CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.
CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.
Benefits of CyberArk Privileged Access Manager
Some of CyberArk Privileged Access Manager’s benefits include:
Reviews from Real Users
CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.
PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."
Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
