We are using it in-house for phone profiling and for users' computer authentication needs.

The policy and segmentation that we use are currently based on the users and their domains. Let's say different domains, such as HR or finance and procurement. We have policies where users are assigned VLANs or specific requirements and are directed to corresponding policies where services are activated. They have access to specific services based on their domain or vertical.

Many Cisco ISE features are good. It offers automatic profiling of phones and computers, enabling administrators to identify and categorize devices seamlessly. Additionally, Cisco ISE can block anonymous devices attempting to connect to the network. This includes unauthorized attempts from non-domain computers or users trying to obscure their identity to gain network access. Cisco ISE ensures such attempts are thwarted by enforcing full identification authentication.

I struggled with spoofing, specifically the max spoofing feature, which I believe has started working after version 3. Before that, it was not that effective. They could incorporate some AI features.

I have been using Cisco ISE for over three years.

The product is stable.

I rate the solution’s stability a out of ten.

Scalability is also good. I haven't seen any problem because I currently have a new deployment for the ISE and other branches. Getting an integrated access setup is easy, and scalability is also fine. Initially, the scale upon the licensing part and that sizing is low. ISE's existing policies pretty much work very well. There are no significant changes you have to make.

We have more than a thousand users using this solution.

ISE support is good.

The initial setup is straightforward. They are very easy to manage and not complicated at all.

We have received all our files from the client and deployed them. Currently, we are using single active nodes. We have one Primary Admin Node, which is active, and one Policy Service Node. We don't have a secondary admin node for administrative purposes. We have an active operational node. The deployment is pretty simple. You download the file from Cisco, import it into your Cisco ISE, and follow the prompts to set it up based on your requirements, including IPs, basic security needs, DNS servers, etc. Once the initial setup is complete, you can begin creating policies.

Cisco ISE protects your environment from potential physical attacks. This ensures that your environment and users are fully safe, thus enhancing your overall security posture as a first line of defense.

We don't have the full license. An enterprise license includes Apex and device management. We secured it for one of our new branches where the deployment will start. We have a full enterprise license, including Apex and device management, to cut costs.

The problem is we have a team of five. I look into the security and infrastructure part.

Integrating Cisco ISE depends on the specific products you're working with. Each integration may present unique challenges that require individualized solutions. There isn't a one-size-fits-all checklist for potential issues.

They were looking to protect their assets, such as devices, from somebody. If they have an environment exposed to users who frequently come to their office, and it's not a very closed environment, then Cisco ISE is very much required. It's the first place where the attack starts. From a risk and compliance perspective, ISE is essential.

Overall, I rate the solution an eight out of ten.

The solution is being used for authentication purposes and for sharing assessments. 

Cisco ISE has helped improve our security. 

It helps ensure that you are working in accordance with the organizational policy before you join the network. Also, the solution is very reliable. 

I would like to see better management. Integration with other platforms can also be improved. 

Cisco ISE does not recognize devices and that is an issue we faced during its integration with our existing devices.

I have been working with Cisco ISE (Identity Services Engine) for ten years. 

The stability of the solution is average. I would rate the stability of the solution a seven out of ten. 

The solution's scalability is average. I would rate the scalability a seven out of ten. 

The initial setup of Cisco ISE is complex. For the deployment, the solution needs to be installed and then it needs to be integrated with the network and certificates to get to the endpoints. 

I would like to advice that Cisco ISE is a reliable and stable solution although it is not very easy to use. They should work on integrating the solution with other platforms.

Overall, I will rate the solution an eight out of ten. 

I do the designing and implementation and hand it over to the customer. Sometimes, I provide support to the customer. The solution is used for network access control. I have implemented almost all the features of the product.

TACACS is valuable. The product is useful for device administration.

We face many bugs. The vendor is trying to improve it by releasing new patches and hotfixes.

I have been using the solution for almost five years.

I rate the tool’s stability a six out of ten. It breaks down a lot.

I rate the tool’s scalability a seven out of ten. To scale the solution, we must decide which persona should be added. There are different personas for management, monitoring, and policy enforcement. It needs some calculations. I have a lot of clients. One of my clients has 20,000 to 50,000 users.

The initial setup is not easy. It should be designed properly. The solution has almost two or three personas. The design must be reviewed correctly. The implementation is not easy. It is a little bit complex compared to other NAC solutions. The time taken for deployment depends on the size of the implementation. It can take from one week to one year.

The solution is not that cheap.

We are partners. A lot of customers are using Cisco’s infrastructure. The product can be integrated easily. We have faced a lot of issues while integrating other tools. Overall, I rate the solution an eight out of ten.

We use it to secure our networks. We can secure our switches and wireless networks, basically everything.

We use it primarily for wireless security, but it can be used for many other things as well, like LAN and WAN security.

There is room for improvement in CLI. Most things are done through the GUI, and there aren't many commands or troubleshooting options available compared to other Cisco products like switches and routers. We have more visibility on the CLI for those devices, but the GUI seems limited. Moreover, sometimes, GUI seems very pathetic. 

I have experience working with this solution. I have been using it for four to five years. We still use the old version, but we plan to migrate to the new version soon because they recently changed their licensing model.

The product is stable. We don't face many challenges. It's stable, so  I would rate it around a nine out of ten.

The product is scalable. I would rate the scalability a ten out of ten. We have medium-sized businesses as our clients. 

There was some delay.

Positive

Setup wasn't difficult because we already had a solution in place. It was very easy to install.

The deployment definitely took weeks.

I would rate the pricing an eight out of ten, one being cheap and ten being expensive.

Overall, I would rate the solution a nine out of ten. 

We use the solution to secure the endpoint. Before the user connects to the network, it can be investigated whether to connect.

Cisco ISE has a powerful posturing tool with security requirements. This data can be integrated with the device identity and threat intelligence surface, enabling you to create granular policies based on a device's identity. Just like we made policies based on Samsung or Lenovo, you can now do the same based on its compliance posture.

You have to restart the system to change the DNS or NTP server.

I have been using Cisco ISE as a system integrator for three years.

I rate the solution’s stability an eight out of ten.

The solution’s scalability is good. We cater the solution to medium-sized businesses.

I rate the solution’s scalability an eight out of ten.

The initial setup is easy. One engineer can deploy it in three hours.

The product has moderate pricing and comes with a subscription model.

We must check the compatibility with the other device before using Cisco ISE. Fortinet or Palo Alto provides integration to another device.

The solution has medium maintenance.

Overall, I rate the solution a nine out of ten.

We primarily use the solution for network access control solution and network device access management. The solution comes with features like posturing.

The valuable feature of the solution lies in its integration capabilities with other applications. This facilitates seamless operations like Microsoft migration across networks and call center management. The ability to segregate multiple domain users in the Access Network ensures efficient, logical management.

The tracking mechanism in Cisco ISE is relatively costly, especially its vendor-specific protocol. It would be beneficial if it could support open source or other devices with a similar checking mechanism, but unfortunately, it remains proprietary.

I have been working with the solution for the past five years.

The solution is highly-stable. I rate it a perfect ten.

The solution is scalable. We have three users for the Cisco ISE.

Their customer service and support is excellent.

Positive

The setup is straightforward. Effective planning is crucial for the setup of Cisco ISE. Placement of the virtual solution requires careful consideration of network accessibility from all branches. Different components may need placement in various areas in a large network. So, thoughtful planning for the architecture is important. It takes around two days for the deployment.

Previously, Cisco ISE had a perpetual licensing model, but now they have shifted to a subscription-based licensing system. We now have to pay recurring costs. This change in the pricing model has presented challenges for many customers accustomed to the simplicity of the previous licensing model.

I recommend this solution to all. Overall, I rate it a perfect 10.

I am a Senior Technical Consultant. I have worked in professional services as a Cisco Gold partner for the last ten years. 

I have been offering Cisco ISE for the last three to four years. We do small deployments, upgrades, and those types of things.

We see a lot of customers wanting to use Cisco ISE primarily for 802.1X wired and wireless and also for posture device administration, and guest access.

A lot of our customers who come to us do not have any sort of NAC solution in place at all. They don't have a RADIUS, they might have a Soft MPS or something along those lines, but Cisco ISE is far superior. It gives them far more visibility and the policies are more configurable. The ability to do dynamic access lists, dynamic VLAN environments, and that type of thing, and it just gives them a different level of security altogether.

It's been just great at securing our infrastructure from end to end. With the operational launch and live logs, as soon as you spot anything, you can just do one click and you can stop that device from getting access to the network. So it's very responsive and quick in that sense.

Maybe some customers with ACS and MPS can consolidate the device admin into one platform.

The most valuable feature is the visibility element, the ability for customers to be able to see what devices are actually on their network. Without a solution like ISE, they would have no idea what devices are connected to their network. It offers them the ability to authenticate devices via mobile.

I don't really know how to improve it, I think it's a great product. If I compare Cisco with something like ClearPass, for example, ISE is a lot more intuitive in terms of all the workflows and the work centers. They give you all the building blocks you need to be able to configure it. It's quite useful and quite easy to manage. 

If I was going to improve anything, it would be the ease of migration. It's really difficult at the moment if you're looking to upgrade ISE 2.1 and you want to go to ISE 3.1 or 3.2, that whole upgrade path and, particularly, the licensing is quite a minefield to sort out. If I wanted anything to be easier, it would be this.

It's been around for many years now. Since version three, stability-wise, it's been pretty reliable. We know the versions to avoid. We know the stable versions.  Besides some upgrades and that type of thing, it's generally pretty solid.

A lot of customers that I see are small deployments, maybe a single node or a two-node cluster, but we know that the product does scale. We do have customers that scale beyond just the two nodes. It's proven to be a scalable product.

We see a lot of customers getting frustrated with Cisco TAC because they don't get the responsiveness that they believe they should be getting. But as a gold partner, we are able to leverage our influence, so when our customers come to us, we can escalate a lot of stuff for them. We use our influence. We're able to get stuff remediated fairly quickly. We find that they respond to us better than maybe to our customers.

I think Cisco is fairly straightforward in terms of device admin. 802.1X  is quite easy to deploy. As you then start to look at guest access, profiling, posture, and that type of thing, it does ramp up a little bit and we get a little bit more involved. Some stuff is straightforward and other is not as much. 

Generally, over the last few years, it's been mainly deployed on-prem, but we're now starting to see a shift. Users are really willing to move to cloud with Azure-type deployments. I'm doing some labs this week because we're seeing so many requests for cloud.

If I take the two that I really compared, it would be LogSoft MPS. Cisco ISE has a lot more features, you can do a lot more regarding the policies than you can currently with MPS.

I also have limited experience with ClearPass. ClearPass is a lot more difficult to configure and manage and is less intuitive. The visibility side of ISE is far superior as well. 

I'd give it a nine out of ten. There are some hurdles with upgrading and licensing in particular, which is why I wouldn't give it a ten.