Cisco Identity Services Engine (ISE)

We use it for network access control.

It isolates the bring your own devices and the guests from the corporate network. It also segregates connections when a user comes in and connects. There is a certain profile review that goes on to confirm that the device is allowed to access resources on the network.

The policies allow us to enforce certain rules on the network to be able to screen our users more effectively. It allows us to have more visibility to what the users are trying to do on the network, which really helps us know how to control them.

There is value because it helps us secure the network and prevents certain things from happening which could cause financial loss. This demonstrates good value for money.

They should make their integrations with other manufacturers less restrictive. They should work on their integration with other vendors.

The integrations with the switches and the wireless controllers are not really straightforward. There is what they call the best practice for them, but it may not be what we have on-premise. We have to find a workaround with certain configurations to make them work.

We have been using the solution since 2021.

I am just working with the switches and Cisco Identity Services Engine (ISE) .

It works and does what it is supposed to do. It is stable.

It is pretty scalable.

We have used customer service.

Positive

I have not used any previous solutions and am not sure about others.

It is a bit complicated. The implementation took us about two months.

It is deployed on-premises.

I have not compared with other vendors, but the license is reasonably priced.

The cost is about 100 million Ugandan shillings, which converts to approximately $30,000 per year.

I have considered trying Juniper and D-Link switches.

I am only using the Cisco Identity Services Engine (ISE)  and the switches. Higher licensing is required for additional features. I rate this solution 8 out of 10.

Positive

I use Cisco Identity Services Engine (ISE)  for wireless authentication and device administration.

Cisco Identity Services Engine (ISE)  is good with device administration.

Cisco Identity Services Engine (ISE) is very good at device administration. This is one of the best features. Other than that, for the wireless authentication and network access control (NAC) use cases, it is not a solid product because there are better products for NAC than Cisco Identity Services Engine (ISE).

Cisco Identity Services Engine (ISE) needs to improve the profiling preauthentication. They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases. This will give them a roadmap for software-defined access (SDA) use cases and network segmentation. Threat detection capabilities are very weak. Additionally, the product is vulnerable and has many bugs.

I have been working with Cisco Identity Services Engine (ISE) for around four years or more.

The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication. Device administration runs smoothly. Authentication and NAC use cases do not. I would rate the stability as four out of ten.

Scalability is limited. Factors like architecture, business nature, and legal limitations such as GDPR affect it. I would rate it as four or five out of ten.

Technical support is poor. It heavily relies on a reactive approach, and resolving issues can take a long time. Simple issues can take 72 hours or more than six months for resolution. I rate the technical support as one out of ten.

Negative

We also use Forescout. We use both Cisco Identity Services Engine (ISE) and Forescout simultaneously.

The initial setup is challenging. For enterprises, it can take months due to VM setup requirements, poor tech support, and Cisco Identity Services Engine (ISE) having many bugs. Small setups might take a day, but larger enterprise setups are much longer.

Cisco tech support and professional services are poor, lacking clear requirements and solutions.

The return on investment for Cisco Identity Services Engine (ISE) is difficult to gauge due to complexities. For enterprise customers, it comes at a lower cost and is comparatively cost-effective. Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.

Setup costs vary. Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective. Dedicated resources are needed due to the demanding nature of Cisco Identity Services Engine (ISE), making large organizational costs significant. 

For small organizations, it's effective - not for larger ones.

We have evaluated and used Forescout alongside Cisco Identity Services Engine (ISE).

For small setups and if the backend infrastructure is Cisco-based, Cisco Identity Services Engine (ISE) is suitable. However, for large organizations with mixed infrastructure, other solutions should be considered. I would rate it four out of ten based on my experience from the last year.

The primary use case of Cisco Identity Services Engine (ISE)  is to serve as a security solution that can specify the endpoints in an organization for segmentation. This involves defining the reachability domain for each endpoint in an organization. 

It automates pushing access lists or authorizations and offers profiling to define and manage endpoints. It provides profiling to help organizations define the type and points of the endpoints, building security rules, and providing health checks to ensure endpoints comply with rules.

The solution offers automation and real-time visibility, which aids in monitoring and troubleshooting issues with endpoints. 

The product provides feedback about the network based on endpoint behavior, assisting in understanding the network's current state.

The solution is integrated with other Cisco devices and can offer automation for an organization, making deployments more dynamic and providing real-time visibility. It gives feedback on what is happening within the network and assists mostly with troubleshooting. 

Additionally, it's considered highly reliable and scalable.

The licensing scheme is complex and could use enhancement to provide more options. Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features. The complex licensing schema and the need for improvement in pricing are primary areas for improvement.

The Cisco Identity Services Engine (ISE)  has been deployed for a long time in various environments.

Cisco Identity Services Engine (ISE) is considered very reliable and stable. Although it is not one hundred percent reliable theoretically, in practice, it offers great reliability.

The solution is described as very scalable, and there are minimal issues with scalability.

Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.

Positive

Setup is not about deploying ISE itself, but rather about managing the number of switches and endpoints in the organization. After initial deployment, routine upgrades and backups are part of the normal process.

A specific implementation team is not mentioned, but deployment complexity varies depending on the organization size and manpower available.

Cisco ISE is more expensive but covers a lot of features. The pricing scheme could be improved. Compared to other solutions like HPE ClearPass , Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.

Detailed mentions of other solutions include HPE ClearPass  and Fortinet. However, these are mentioned for comparison purposes rather than as alternatives considered before using Cisco ISE.

It is suggested to keep the review anonymous and refrain from making personal information public.

I'd rate the solution eight out of ten.

We used it mainly for network access control and full stream for devices.

The product is expensive. It would also be a good add-on to have some machine learning.

I have been using Cisco Secure Firewall for one year.

The product is stable.

The solution is scalable.

The initial setup is straightforward.

It's also recommended for clients during deployment. You're making everything very efficiently managed within the policies. The deployment is also very smooth, allowing you to configure your rooms easily. Once the initial setup is done, it becomes straightforward to understand, especially regarding Windows maintenance.

It was deployed to protect the network from unauthorized users but does not contribute directly to operational efficiency.

Cisco ISE doesn't come cheap but it's still valid working.

We recommend it to our customers.

Cisco ISE provides authentication for various applications. It can integrate with other applications to manage access, including Privileged Access Management for those applications. For a comprehensive environment, Cisco ISE should be able to integrate and provide asset management for an IT organization or any organization.

Overall, I rate the solution an eight out of ten.