Cisco Identity Services Engine (ISE) vs Symantec Privileged Access Manager comparison

The compared Cisco and Broadcom solutions aren't in the same category. Cisco is ranked #1 in NAC , with an average rating of 8.4, and holds a 29.9% mindshare in the category. Broadcom is ranked #22 in PAM , with an average rating of 7.5, and holds a 1.8% mindshare. Additionally, 88% of Cisco users are willing to recommend the solution, compared to 85% of Broadcom users who would recommend it.

Cisco Identity Services Eng...

Read 139 Cisco Identity Services Engine (ISE) reviews

20,905 Views
13,864 Comparison Views

88% willing to recommend

Symantec Privileged Access ...

Read 50 Symantec Privileged Access Manager reviews

787 Views
471 Comparison Views

85% willing to recommend

Cisco Identity Services Eng...

Symantec Privileged Access ...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Cisco Identity Services Engine (ISE) and Symantec Privileged Access Manager based on real PeerSpot user reviews.

Find out what your peers are saying about Cisco, HPE Aruba Networking, Fortinet and others in Network Access Control (NAC).

To learn more, read our detailed Network Access Control (NAC) Report (Updated: September 2024).

Buyer's Guide

Network Access Control (NAC)

September 2024

Download the complete report

Helped 801,634 peers since 2012

Categories and Ranking

Cisco Identity Services Eng...

Average Rating

8.2

Number of Reviews

139

Ranking in other categories

Network Access Control (NAC) (1st), Cisco Security Portfolio (1st)

Symantec Privileged Access ...

Average Rating

7.8

Number of Reviews

Ranking in other categories

Privileged Access Management (PAM) (22nd)

Mindshare comparison

Cisco Identity Services Engine (ISE) and Symantec Privileged Access Manager aren’t in the same category and serve different purposes. Cisco Identity Services Engine (ISE) is designed for Network Access Control (NAC) and holds a mindshare of 29.9%, down 31.4% compared to last year.
Symantec Privileged Access Manager, on the other hand, focuses on Privileged Access Management (PAM), holds 1.8% mindshare, down 1.8% since last year.

Network Access Control (NAC)

Privileged Access Management (PAM)

Featured Reviews

Adarge Ekholt

Network Engineer at a university with 1,001-5,000 employees

Aug 3, 2023

The ability to see what devices are online for a particular user helps a lot with our troubleshooting

Another big benefit for us is definitely security in terms of wireless user activity. We spent a lot of time looking at live logs and user logs to figure out where they've been in the network and in which buildings. We can get rogue granular with locations of where people are and where they're experiencing issues. We have definitely saved time since using ISE when it comes to building some of the policies around the types of users, like library users versus student union or even admin users. The policy building is complicated, but after a while, it's pretty straightforward in terms of repeatability of staff turnover, and things like that. It's not the learning curve that's hard for continuous maintenance.

Read full review

Muhammad Baber

System Administrator at Alghanim Industries

May 6, 2022

Allows IT and consultants to access the infrastructure environment but needs more security and better support

Initial setup was very straightforward. It's basically a hardware appliance. It's a software appliance, but it's a hard-coded appliance. It's just a black and white screen, and it has everything inside. BeyondTrust is a Windows-based server, and they usually harden the machine and have their own patches on it, even though it's a Windows machine, so we can easily log into it. With the current solution, it's very difficult to log in. It's just a black and white screen, and you need a support account to log in onto it. It feels more secure. It's a shell, and the database is embedded. But with BeyondTrust, it's SQL-based and Windows-based, so it's vulnerable. When we first set up the solution, it was only a few endpoints to give access to the vendors. Now, it's around 400-500 machines. It required a lot of maintenance. There were a lot of new patches and new versions of the appliance, and then the appliances would move out of support very quickly, which is another reason we are moving to BeyondTrust. At the moment, we are using the version which is very stable, but it is out of support within six to seven months. They keep asking you to upgrade to the new version, which is challenging. Once we upgraded, we had a lot of issues that support couldn't fix.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It's easy to change and add policies."

"For device administration, all devices have multifactor authentication in collaboration with IT, so it secures access to all of our devices. For guest and wireless access, it's a matter of a lowly manager who we give access to the portal and he can assign access to the guests, so it's a very simple process now. It keeps the IT focusing on their work, and gives the business people the right access."

"So far, we have had no issues with the stability."

"The access policies, and all of the policies in Cisco ISE, are important to us."

"It's scalable."

"Authentication is the most valuable feature because it puts our company at another level of security."

"The policy sets give us more granular groups for end-user access."

"In terms of scalability, you need to factor in your licenses. With a virtual platform, the scalability is more than sufficient. We have over one thousand users."

More Cisco Identity Services Engine (ISE) pros

"It's easy to use and easy to configure."

"One of the key things for us about the product is around its simplicity. Being able to put in the technology that allows the business to remove complexity and also allow the security improvements."

"The two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors. That was pretty huge for us."

"The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster."

"It will provide us with more security."

"Whoever built it from the ground up, they understand how an organization is laid out."

"You can do A2A integration. You can have your own script, which can then run outside of PA to retrieve the password and perform other tasks."

"It reduces the viral attacks on my website. It also allows certain users access to see what happens daily."

More Symantec Privileged Access Manager pros

Cons

"I'm frustrated by the resource consumption and how many resources it needs to run. It takes a lot of RAM. It takes a lot of space and a lot of IO power. It's frustrating to do upgrades because it takes a long time."

"The policies could be adjusted to make them more easily implementable."

"Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better."

"In an upcoming release, it would be nice to have NAC already standard in the solution."

"It would be ideal if Cisco could provide some short training videos or documentation to customers to help them understand how to use the product."

"In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support."

"I believe that Cisco can improve the way its policies are built because it's a little complex."

"Troubleshooting and multi-ISE can be challenging with the solution."

More Cisco Identity Services Engine (ISE) cons

"Instead of just giving passwords to the user based on job function, from auditing perspective, turn that cycle around. That would really help from an auditing standpoint."

"It's difficult to locate the reports, there are limits on what reports can be run from the GUI, and the report formats are lacking."

"They should include some assignments in the test environment to explore the product's features."

"The service account management functionality needs to be extended to application pools, SQL database, PowerShell scripts, service account discovery, etc."

"What I hope happens with the new product CA PAM is to keep all the useful features that exist in PA, but what I’ve noticed with many new products is the UI gets polished but systems lags stability and performance or it adds additional complexity instead of simplifying the user experience."

"They need to do a little bit more on the mainframe side."

"Bring more technology into the portfolio and being able to collapse those products into a much more integrated way."

"An improvement for this solution is that it should not be constantly based on user name and password. There should be a condition to edit and update your username."

More Symantec Privileged Access Manager cons

Pricing and Cost Advice

"The pricing is complicated."

"The SMARTnet technical support is available at an additional cost."

"Being fully honest, the Cisco licensing model right now is really confusing. We don't know what licenses we have where. We have Smart licensing, but the different levels are way confusing."

"Cisco ISE is not inexpensive, but the solution is well-built and worth the expense."

"It costs around 50,000 baht in the first year, but I'm unsure about the second year."

"It has a fair price. It is better than it was before."

"Cybersecurity resilience has been very important to our organization and has been a big factor. We've had issues in the past, but one of the things I like about ISE is its logging features. Security wise or information wise, it really has been a powerful tool."

"This solution requires an annual license and it is a bit expensive than competitors."

More Cisco Identity Services Engine (ISE) pricing and cost advice

"The licensing is simple and scalable."

"They offer per-device, per-user, or monthly and yearly licensing models."

"Don’t go with an agent model. Don’t go with a model that has you buying a thousand different parts. Go with PAM that gives you everything, or you’ll just be paying costs of implementing another tool that PAM would have just given you up front."

"Appliances are relatively cheap, don’t skimp. Make sure you have redundancy, high availability, and enough appliances to manage the concurrent workload."

"Pricing is fair compared to other top vendors."

"Cost-wise, CA was better compared to others in the market. "

"It is more expensive than other solutions on the market."

"The version we are using is affordable compared to BeyondTrust, which is maybe three to four times as expensive, but it depends on the features."

More Symantec Privileged Access Manager pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.

See recommendations

801,634 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

25%

Computer Software Company

16%

Government

Financial Services Firm

Computer Software Company

19%

Financial Services Firm

17%

Manufacturing Company

16%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?

Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...

See all answers

What are the main differences between Cisco ISE and Forescout Platform?

OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...

See all answers

How does Cisco ISE compare with Fortinet FortiNAC?

Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...

See all answers

What do you like most about Symantec Privileged Access Manager?

We can check the activities in the server for fragile files and documents in case of any issues.

See all answers

What is your experience regarding pricing and costs for Symantec Privileged Access Manager?

The product's pricing depends on the agreement. They offer per-device, per-user, or monthly and yearly licensing models.

See all answers

What needs improvement with Symantec Privileged Access Manager?

There should be some training platform similar to Microsoft and IBM. We can't find useful documentation or YouTube videos to learn about the process. They should include some assignments in the tes...

See all answers

Comparisons

Aruba ClearPass vs Cisco Identity Services Engine (ISE)

Compared 26% of the time

Fortinet FortiNAC vs Cisco Identity Services Engine (ISE)

Compared 18% of the time

Forescout Platform vs Cisco Identity Services Engine (ISE)

Compared 14% of the time

CyberArk Privileged Access Manager vs Cisco Identity Services Engine (ISE)

Compared 9% of the time

Fortinet FortiAuthenticator vs Cisco Identity Services Engine (ISE)

Compared 4% of the time

More Cisco Identity Services Engine (ISE) Competitors

CyberArk Privileged Access Manager vs Symantec Privileged Access Manager

Compared 46% of the time

BeyondTrust Endpoint Privilege Management vs Symantec Privileged Access Manager

Compared 15% of the time

Delinea Secret Server vs Symantec Privileged Access Manager

Compared 11% of the time

ARCON Privileged Access Management vs Symantec Privileged Access Manager

Compared 10% of the time

More Symantec Privileged Access Manager Competitors

Product Reports

Buyer's Guide

Cisco Identity Services Engine (ISE)

September 2024

Cisco Identity Services Engine (ISE) report

Download Cisco Identity Services Engine (ISE) product report

Buyer's Guide

Symantec Privileged Access Manager

August 2024

Symantec Privileged Access Manager report

Download Symantec Privileged Access Manager product report

Also Known As

Cisco ISE

CA PAM, Xceedium Xsuite, CA Privileged Access Manager

Learn More

Cisco

Broadcom

Overview

Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

Features of Cisco ISE

Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
Device profiling: ISE features predefined device templates for different types of endpoints.
Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

Benefits of Cisco ISE

Cisco’s holistic approach to network access security has several advantages:

Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

Support

You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

Licensing

Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

Reviews from Real Users

"The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

“Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."

CA Privileged Access Manager is a simple-to-deploy, automated, proven solution for privileged access management in physical, virtual and cloud environments. It enhances security by protecting sensitive administrative credentials such as root and administrator passwords, controlling privileged user access, proactively enforcing policies and monitoring and recording privileged user activity across all IT resources. It includes CA PAM Server Control (previously CA Privileged Identity Manager) for fine-grained protection of critical servers

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University

NEOVERA, Telesis, eSoft

Buyer's Guide

Network Access Control (NAC)

September 2024

Download Free Report

Find out what your peers are saying about Cisco, HPE Aruba Networking, Fortinet and others in Network Access Control (NAC). Updated: September 2024.

DOWNLOAD NOW

801,634 professionals have used our research since 2012.

We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.