How would you compare Cisco ISE (Identity Services Engine) vs Forescout Platform?
Hi,
I have been researching these two products: Cisco ISE (Identity Services Engine) vs Forescout Platform, Please advise which one would you choose and why?
Security Solution Engineer at a computer software company with 501-1,000 employees
Real User
Sep 10, 2021
Although both are NAC solutions, Cisco ISE and Forescout are totally different products.
Cisco ISE is part of the pre-admission NAC systems family (like Aruba Clearpass) based on 802.1X.
Forescout, instead, is part of the post-admission family (like FortiNAC or the brand-oriented Extreme network NAC solution).
In other words, Forescout (and all the post-admission NACs) does not use primary.
802.1x but a mix of tricks and various methods ( ssh SNMP API and traffic mirror DHCP DNS traffic, and yes also 802.1x, if needed) to admit or reject the access of an identity AFTER it has accessed the network.
If an identity changed somehow its behavior AFTER it has been admitted, a post-admission NAC system may react by changing its state, for instance changing its VLAN or disconnecting it.
So the answer to your question is : you must choose the NAC solution according to your needs, your network and your budget too (Forescout is 40-50% more expensive than Cisco ISE).
Almost all NAC solution licensing is based on concurrent users. So, you must compare all NAC solutions per user/ price/year.
Senior Network Engineer at a government with 5,001-10,000 employees
Real User
Sep 13, 2021
@reviewer1660839 Last I looked at ISE, and it has been awhile, ISE uses lots of different licenses, and one user might consume several of them depending on what he is doing. Each license last for 1-3 years and costs money. Did Cisco ISE change that and now only has one license per endpoint no matter what they are doing?
Forescout Platform and Cisco Identity Services Engine (ISE) are key competitors in the network access control category. Forescout offers broader integration across diverse environments, while Cisco ISE provides tighter security within the Cisco ecosystem, benefiting from enhanced user authentication and policies.Features: Forescout Platform excels in comprehensive endpoint visibility and flexible deployment without needing the 802.1x protocol. It integrates across various security solutions,...
Although both are NAC solutions, Cisco ISE and Forescout are totally different products.
Cisco ISE is part of the pre-admission NAC systems family (like Aruba Clearpass) based on 802.1X.
Forescout, instead, is part of the post-admission family (like FortiNAC or the brand-oriented Extreme network NAC solution).
In other words, Forescout (and all the post-admission NACs) does not use primary.
802.1x but a mix of tricks and various methods ( ssh SNMP API and traffic mirror DHCP DNS traffic, and yes also 802.1x, if needed) to admit or reject the access of an identity AFTER it has accessed the network.
If an identity changed somehow its behavior AFTER it has been admitted, a post-admission NAC system may react by changing its state, for instance changing its VLAN or disconnecting it.
So the answer to your question is :
you must choose the NAC solution according to your needs, your network and your budget too (Forescout is 40-50% more expensive than Cisco ISE).
Almost all NAC solution licensing is based on concurrent users. So, you must compare all NAC solutions per user/ price/year.
@reviewer1660839 Last I looked at ISE, and it has been awhile, ISE uses lots of different licenses, and one user might consume several of them depending on what he is doing. Each license last for 1-3 years and costs money. Did Cisco ISE change that and now only has one license per endpoint no matter what they are doing?