Try our new research platform with insights from 80,000+ expert users

Cisco Identity Services Engine (ISE) vs Symantec Privileged Access Manager comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Identity Services Eng...
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
142
Ranking in other categories
Network Access Control (NAC) (1st), Cisco Security Portfolio (1st)
Symantec Privileged Access ...
Average Rating
7.8
Reviews Sentiment
7.0
Number of Reviews
53
Ranking in other categories
Privileged Access Management (PAM) (21st)
 

Mindshare comparison

Cisco Identity Services Engine (ISE) and Symantec Privileged Access Manager aren’t in the same category and serve different purposes. Cisco Identity Services Engine (ISE) is designed for Network Access Control (NAC) and holds a mindshare of 26.3%, down 31.4% compared to last year.
Symantec Privileged Access Manager, on the other hand, focuses on Privileged Access Management (PAM), holds 1.5% mindshare, down 1.5% since last year.
Network Access Control (NAC)
Privileged Access Management (PAM)
 

Featured Reviews

SunilkumarNaganuri - PeerSpot reviewer
Enhanced device administration hindered by complex deployment and security limitations
Cisco Identity Services Engine (ISE) needs to improve the profiling preauthentication. They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases. This will give them a roadmap for software-defined access (SDA) use cases and network segmentation. Threat detection capabilities are very weak. Additionally, the product is vulnerable and has many bugs.
Krishnan Srinivasan - PeerSpot reviewer
Enhances credential management and relatively inexpensive but needs feature improvements
I work for a service provider company, and we implement Symantec Privileged Access Manager solutions for our clients, which include various banking and mining clients We have implemented both the remote access and credential management features. The agent-based credential management solution…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"My team has gained a lot from Cisco ISE as it does also provide automation, which is a big asset in the eighth hour. After setting it up, it took a lot of the weight off in many ways. We have a co-worker, who we call the ISE Master because he's in charge of the ISE configurations. He's able to save a lot of time by being able to monitor everything from there. So it did take off a lot of time that we would waste by going individually to that different device and trying to figure out what was wrong."
"The solution is great for establishing trust for every access request no matter where it comes from."
"We were originally a Cisco shop and Cisco ISE integrated well with our other Cisco switches and networks."
"It is a good product for what it does...So, it is one of the most critical systems that we have."
"The most valuable thing in ISE is the adoption of EAP deep that came in [version] 2.7, so we can do authentication based on user and machine certificates in one authentication."
"I have found that all of the features are valuable. It is very easy to deploy because we are able to port users directly from Active Directory (AD) and LDAP."
"The initial setup was easy. It took around one month. We did the installation part within half an hour to two hours but we found a couple of issues so we raised a case and once everything was resolved it was a month in total."
"After the product was installed, no one could access the secure connection network. In order for any laptop or any endpoint device to attach to my network, it needs to be authorized or be certified to be connected."
"It gives you list of servers, so you can see which users have access to which servers. This is really useful, so we can make sure nobody is getting extra access than what is needed."
"For me, it is the robust API which is the most valuable feature. This allows for low maintenance costs and allows applications to automatically connect. This is great to automate security of the DevOps pipeline for shared secrets across environments. Also, being on Linux and a virtual appliance is great."
"We know we can scale up with what we have, and we probably will not need to buy any further appliances down the road."
"Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated."
"The RDP-gateway: For limiting which server an operator can access."
"We have received good support from the tech support team."
"It will provide us with more security."
"The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster."
 

Cons

"The interface is a little bit complex."
"If I was going to improve anything, it would be the ease of migration. It's really difficult at the moment if you're looking to upgrade ISE 2.1 and you want to go to ISE 3.1 or 3.2, that whole upgrade path and, particularly, the licensing is quite a minefield to sort out."
"The knocks I have against the product are the number of bugs that we encounter, constantly, and the amount of upgrading that we have to do."
"Cisco ISE does not recognize devices and that is an issue we faced during its integration with our existing devices."
"Some of the reporting could be improved."
"Profiling is a really good feature. However, it sometimes is a challenge for customers when there are issues with the remediation part. I would add a built-in remediation solution. That would be a very nice feature."
"They should improve the upgrades. It's not easy to upgrade the solution."
"I don't see as many customers as I should adopting the onboarding feature. I think Cisco should make that process a lot easier and less intrusive on the end users' devices."
"The response time for support could be faster. Some features should be added: cloud-based, VPN-less, more secure, and it should be adjusted in a hybrid environment."
"They should include some assignments in the test environment to explore the product's features."
"Broadcom has neglected product development since acquiring Symantec, and nothing major has been added to PAM."
"Recent releases need improvement in webpage management. For instance, navigating through a webpage that acts like a wizard, where I proceed to the next page and enter more information, is not handled well by the system."
"I would like this solution to be simpler. It should have a one-click access that works together with AWS."
"The support for other remote assistance tools would be excellent. Free included tools in Windows (Remote Assist) and Microsoft SCCM Configuration Manager (ConMgr Remote Control) allow companies to reduce the amount of RDP connections and expand the usage of the tools are frequently used by companies to provide technical support for remote assistance."
"The management console could be improved."
"They need to do a little bit more on the mainframe side.​"
 

Pricing and Cost Advice

"Standard licensing gives backup access and very few features, and then there's VM licensing - each VM we use needs to be licensed."
"There is a license to use this solution and the price is reasonable."
"It costs around 50,000 baht in the first year, but I'm unsure about the second year."
"Cisco is expensive, but it's the cost for all the functions and value it brings. Functions like internet solutions, integrations, security, and many more features are important, but it's expensive for some clients."
"Licensing has got much simpler since Cisco moved to the DNA model because we just have the three tiers, but it could always stand to be improved upon."
"Cisco ISE's licensing can get pricey."
"I get very good pricing from Cisco, so I don't have a problem with that. I also don't have a problem with licensing because we get enterprise or global licensing."
"There are three levels of pricing: basic, plus, and apex. Basic satisfied our needs."
"The prices are not low, but one can ask for a discount. It’s not the cheapest PAM solution."
"The version we are using is affordable compared to BeyondTrust, which is maybe three to four times as expensive, but it depends on the features."
"Appliances are relatively cheap, don’t skimp. Make sure you have redundancy, high availability, and enough appliances to manage the concurrent workload."
"Don’t go with an agent model. Don’t go with a model that has you buying a thousand different parts. Go with PAM that gives you everything, or you’ll just be paying costs of implementing another tool that PAM would have just given you up front."
"The licensing is simple and scalable."
"Pricing is fair compared to other top vendors."
"They offer per-device, per-user, or monthly and yearly licensing models."
"It is reasonably priced."
report
Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
848,989 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
25%
Computer Software Company
14%
Financial Services Firm
8%
Government
7%
Computer Software Company
17%
Manufacturing Company
16%
Comms Service Provider
14%
Financial Services Firm
13%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?
Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...
What are the main differences between Cisco ISE and Forescout Platform?
OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...
How does Cisco ISE compare with Fortinet FortiNAC?
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...
What do you like most about Symantec Privileged Access Manager?
We can check the activities in the server for fragile files and documents in case of any issues.
What is your experience regarding pricing and costs for Symantec Privileged Access Manager?
Due to the nature of the solution, it is hard to gauge, but compared to competitors, the pricing is very good. I would rate it as an eight and a half out of ten.
What needs improvement with Symantec Privileged Access Manager?
Recent releases need improvement in webpage management. For instance, navigating through a webpage that acts like a wizard, where I proceed to the next page and enter more information, is not handl...
 

Also Known As

Cisco ISE
CA PAM, Xceedium Xsuite, CA Privileged Access Manager
 

Overview

 

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
NEOVERA, Telesis, eSoft
Find out what your peers are saying about Cisco, Hewlett Packard Enterprise, Fortinet and others in Network Access Control (NAC). Updated: April 2025.
848,989 professionals have used our research since 2012.