Try our new research platform with insights from 80,000+ expert users

Cisco Identity Services Engine (ISE) vs Symantec Identity Governance and Administration comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Cisco Identity Services Eng...
Average Rating
8.2
Number of Reviews
139
Ranking in other categories
Network Access Control (NAC) (1st), Cisco Security Portfolio (1st)
Symantec Identity Governanc...
Average Rating
7.6
Number of Reviews
66
Ranking in other categories
User Provisioning Software (12th), Identity Management (IM) (28th)
 

Mindshare comparison

Cisco Identity Services Engine (ISE) and Symantec Identity Governance and Administration aren’t in the same category and serve different purposes. Cisco Identity Services Engine (ISE) is designed for Network Access Control (NAC) and holds a mindshare of 29.2%, down 31.6% compared to last year.
Symantec Identity Governance and Administration, on the other hand, focuses on Identity Management (IM), holds 1.8% mindshare, up 1.3% since last year.
Network Access Control (NAC)
Identity Management (IM)
 

Featured Reviews

Rohit-Joshi - PeerSpot reviewer
Aug 3, 2023
Enables us to ensure that any machine that comes into the network is patched and secure
Posturing is the most valuable feature. There are other tools available that can do some of their other features, like network authentication. The posturing was something because of the nature of the industry that we are in. There are people who go outside for work. Their machines are at times not in the network, and not patched properly. We don't know when they're going to come back, whether it is in a good state, whether it has antivirus, whether it's installed on those machines. Posturing is something that we have made our baseline policy that whenever a machine comes back to our network, it should have a certain level of the operating system and a level of security and antivirus installed. We couldn't have done this posturing without Cisco ISE. This is its greatest feature. It does help me to detect and remediate my network. It enables me to detect any external threat that comes to my network and remediate. If a machine comes into my network that does not qualify per my baseline policy, I have a policy that the machine gets redirected to where it can be patched and remediated. I can ensure that it is fully patched and secure. The entire idea of having ISE is to enhance cybersecurity resilience. The zero trust architecture was coined by the cybersecurity team itself. It was a task given to us in the infrastructure space to see how we can bring resilience into the cybersecurity network and ISE was the solution.
Efrén Yanez - PeerSpot reviewer
Feb 9, 2017
It has increased our automation and maintenance of SLA security functions, although I would like to see the human resource onboarding/offboarding processes improved.
* The xPress technologies (connector xPress/Policy xPress/Config xPress) * Integration with API Management and other CA solutions * Facility to publish the web services of any task of Identity Manager * Ease of integration to leverage authentication processes managed by Identity Manager and called by external applications * You do not depend on the supplier to change screens and validate field, create notifications, etc. * True integration between CA Identity Manager and CA Identity Governance for better use of compliance approved roles, data exchange and improved customer experience * Availability to implement in the cloud * Take advantage of important features of Identity Manager and Identity Governance on the Portar offered by Identity Suite (best user experience) and less technicall knowlegde need What about Identity Governance and integration with Identity Manager? This solution makes a seamless integration, leveraging the power of Identity Manager connectors it import the data obtained to Identity Governance; in the opposite direction, the results campaigns from Governance have the ability to update in automatic way the information in Identity Manager, enabling materialization of privileges changes and fulfilling a RBAC model (It is the business strategy to the lowest level of privileges in applications) Through the implementation of "Identity Suite Virtual Appliance" have created a supremely quick and convenient way to install (Identity Manager / Governance / Portal) with even high availability. Multiple scenarios available on a single console.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It does a good job of establishing trust for each access request, no matter the source. It's also very effective at helping with the distributed network and at securing access."
"The feature that I found most valuable is profiling. We use that to profile certain types of devices, and then depending on the manufacturer, drop them into the appropriate VLAN without us having to go in and manually add the devices."
"The first benefit is that we can implement zero trust architecture because of Cisco ISE. I can assure my CISO in my company that my network is such that nobody can just bring in their laptop, desktop, or any sort of mobile device and can directly get connected to my network. That is a benefit that I can only allow people who I trust on the network."
"Since migrating towards doing wired ports over ISE with 802.1X and MAB authentication, our organization's security risk has been better. We have been able to establish better layouts, so devices can move and we don't have to worry about where they need to go."
"For me, the TACACS feature is the most valuable. I have also used Cisco ISE with LDAP, not with Active Directory. That works for me because I prefer LDAP versus Active Directory."
"The most valuable features are the NAC and the bundles that are available with Cisco ISE, such as Cisco ACS being integrated."
"The most valuable features are authentication, we have more granular control on the access policies for the administrators. The solution is easy to use, has a center point administration, and has a good GUI."
"One of the advantages is that you can easily find rogue endpoints. For example, if you don't want to allow any endpoints where you don't know the people plugging into what kind of devices, ISE can give you a big, clear picture, e.g., what kind of endpoints are getting connected to your network. That is one of the advantages."
"Out-of-the-box the product has a lot of opportunity for configuration and sophisticated identity management capability."
"I've used it to manage users, create and update, delete users, change passwords, and assign and change rules."
"​It has improved our user management. It is definitely streamlined​."
"Automated provisioning removes manual labor and manual provisioning."
"It offers a nice price. It's mid-range."
"Governance."
"What I found most valuable in Symantec Identity Governance and Administration is its simple GUI. It's also easy to deploy compared to other products. With other products, you have to install the Windows version inside the Windows machine on all units, but with Symantec Identity Governance and Administration, it can work offline, so the solution is a little bit easier than other systems."
"Using the implementation guide, I was able to implement the solution with ease."
 

Cons

"The solution lacks properly knowledgeable support, especially internationally, and this is why I am exploring other applications."
"Support and integration for the active devices needs to be worked on. Their features mainly work well with Mac devices. If we use an HP the Mac functionalities may no longer be able to deliver."
"When I work with customers to do my knowledge transfer, they're really overwhelmed with the navigation of the product and the number of things you can do with it. From a user interface standpoint, Cisco could focus on making certain tasks a bit more guided and easier for customers to walk through. That is, a user-friendly interface and streamlined workflows would be great."
"It would be nice if it could be configured easily by default."
"It is too complex. It should be easy to use. We are not such a big team. We only have three engineers to work with this, and we don't use all of the functionality of the product. Its range of functionality is too wide for us, and this is the reason why we are thinking of switching to a more simple product. We have shortlisted a Microsoft solution. We have a big footprint for Microsoft products, especially in security. As a global strategy, we try to leverage to the maximum what is possible around Microsoft."
"Compatibility and integration with other vendors is what needs to be improved in Cisco ISE (Identity Services Engine)."
"The templates could be better. When you have to do certs, especially with X.500 certs, it isn't very intuitive."
"Cisco ISE does not recognize devices and that is an issue we faced during its integration with our existing devices."
"They should easier and better integration with other software."
"In the next release, there should be provisioning of your certifications."
"They provide a framework to develop your own connectors. A connector is a piece of software that integrates with the solutions that are not a part of the support matrix. Currently, it is difficult to create these connectors in this solution. Other solutions, such as NetIQ Identity, provide a better way to create your own connector. Currently, there is no cloud version. It should have a cloud version."
"The solution is not the best or the fastest available."
"Integration capabilities with other solutions and formats, including JSON, could be improved."
"Although the capabilities are there, the user interface needs to be redesigned and the opportunities for integration should be improved."
"The product works slowly while accessing cloud-native solutions."
"I find the API boring. I also faced issues while integrating with CA SSO."
 

Pricing and Cost Advice

"For the Avast virus scan, we pay around USD $95 per machine for five years which includes all updates and technical support."
"Licensing is a disaster. It's a mess and I hope they fix it soon."
"Previously, Cisco ISE had a perpetual licensing model, but now they have shifted to a subscription-based licensing system."
"Our customers pay for the license of Cisco ISE (Identity Services Engine). They have an annual subscription, rather than a monthly subscription."
"Its price is probably good if you use all of its features and functionalities to protect your environment. If you use only a part of the functionality, its price is too high. It is just a question of value and the functionality you use."
"It's an expensive solution when compared to other vendors."
"The licensing can be confusing, but it is still pretty good."
"We are running Version 2.9 because Version 2.9 of the ISE has a persistent license — it's a one-time payment. The latest version (3.1) is only available if you do a yearly subscription."
"Compared to other options, CA products are not that expensive."
"The price is based on the number of users."
"The price is flexible for our existing customers."
"The product has a good price in competition with another product with the same solution."
"Pricing and licensing models are adequate and reasonable."
"I do not recall the approximate prices or licensing models, although I do so that it was priced per user number."
"The connector is free, and bundled with the product."
"Symantec keeps increasing the price. I rate its pricing a seven on a scale of ten."
report
Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
26%
Computer Software Company
16%
Financial Services Firm
7%
Government
7%
Computer Software Company
28%
Financial Services Firm
16%
Manufacturing Company
8%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?
Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...
What are the main differences between Cisco ISE and Forescout Platform?
OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...
How does Cisco ISE compare with Fortinet FortiNAC?
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...
What do you like most about Symantec Identity Governance and Administration?
The product’s most valuable feature is flexibility. It can be customized as per the customer’s requirements.
What needs improvement with Symantec Identity Governance and Administration?
The product works slowly while accessing cloud-native solutions. They should work on their ability to integrate with third-party vendors. Additionally, cloud networking features and Azure, AWS, and...
 

Also Known As

Cisco ISE
CA Identity Suite, Symantec IGA, Layer7 Identity Suite, CA Identity Manager (CA IDM), CA Identity Minder, CA IAM, CA Identity Manager (CA IDM), CA Identity Governance
 

Learn More

 

Overview

 

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
Acciona, Core Blox, DBS
Find out what your peers are saying about Cisco, HPE Aruba Networking, Fortinet and others in Network Access Control (NAC). Updated: October 2024.
814,649 professionals have used our research since 2012.