We changed our name from IT Central Station: Here's why
Senior Software Engineer with 501-1,000 employees
Reseller
Top 5Leaderboard
Good technology that works well with networks, routers and switches, but should include third-party integration
Pros and Cons
  • "When you push out the policy, it is able to populate the entire network at one time."
  • "Third-party integration is important, as well as the continuous adaptation feature which is the AIOps. It would be helpful to include the AIOps."

What is our primary use case?

We are resellers. We provide and deploy solutions for our customers.

Cisco ISE (Identity Services Engine) helps the operation to automate.

What is most valuable?

It works very well with the network, router, and switches. It is able to enforce the policy and assigns the traffic a Security Group tag.

A Google user is able to enforce access throughout the router and switches ensuring the traffic going through has the same policy.

When you push out the policy, it is able to populate the entire network at one time.

It's quite good, the market is using this solution.

What needs improvement?

This solution has enhanced features that make it difficult to use. To make it easier, it should be made without PxGrid.

It should be able to work with third-party routers and switches. We want to work in an environment where there are multi-vendors that require PxGrid.

Their software-defined access is not easy to implement. You have to have a good understanding of how to implement it. It would be helpful if they could make it easier for the customer to adopt.

Third-party integration is important, as well as the continuous adaptation feature, which is the AIOps. It would be helpful to include the AIOps.

For how long have I used the solution?

They are currently on version 3.1.

What do I think about the stability of the solution?

If the customer has more than 200,000 users, the performance becomes a bit laggy.

What do I think about the scalability of the solution?

In terms of scalability, it's available on the cloud, but I have not yet tested the features on the cloud.

It is used mainly by our customers, who use it for their entire infrastructure. They have anywhere from 50,000 to 100,000 users.

How are customer service and technical support?

Technical support could be better. They outsource the support.

We are brought all around the world, it is similar to following the sun.

Which solution did I use previously and why did I switch?

Currently, I am using SD-WAN (Software-Defined WAN) from Silver Peak.

How was the initial setup?

To complete the installation, you need to be technically knowledgeable. The setup could be easier.

What's my experience with pricing, setup cost, and licensing?

For the content, and the technologies it is made to be a bit more complex. 

The technology is good, but to use some of the other features, and capabilities, they request that we purchase the Cisco DNA Center. As a result, the bundled price is a little high.

Once you purchase the DNA, you will need the SNA then the license, overall it's very expensive.

If, however, you implement Cisco ISE without the DNA and the SDA, the price is reasonable.

What other advice do I have?

To avoid running into any complications when getting this solution up and running, you should get technically trained and comfortable with it before applying it.

I would rate Cisco ISE (Identity Services Engine) a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
IT Manager at Shanta Mining
Real User
Lacks properly knowledgeable support, but has stability
Pros and Cons
  • "So far, we have had no issues with the stability."
  • "The solution lacks properly knowledgeable support, especially internationally, and this is why I am exploring other applications."

What is our primary use case?

I am not certain if I am using the latest version. It is the one which is made for TV. 

We use the solution to access control. Prior to any device being authenticated on the network, a person must login to the solution's site for authentication purposes. 

What is most valuable?

While the solution has a host of features, we only use the one involving access control. 

We are looking into further uses for it. My aim is to deploy it across all three of our sites and not just one. 

What needs improvement?

There is much room for improvement, especially after having perused the documentation on the solution's website. 

The solution lacks properly knowledgeable support, especially internationally, and this is why I am exploring other applications. 

I would need time to expand my knowledge of the solution and consult with the Cisco engineers before I could point to other pain points. 

For how long have I used the solution?

I have been using Cisco ISE (Identity Services Engine) since 2015. 

What do I think about the stability of the solution?

So far, we have had no issues with the stability. 

How are customer service and technical support?

There should be more knowledgeable support, particularly in the international sphere. 

I have no doubt that we will get there. They contacted me yesterday, which makes it likely that by weeks-end we should be able to build a structure and do many things with the solution. This would allow me to know where I am standing, explore further and even examine the possibility of implementing some of Cisco's other features. 

Which solution did I use previously and why did I switch?

We did not use other solutions prior to the current one and will likely not explore others in the future. The current one should be fine. 

How was the initial setup?

The installation was straightforward, although it will likely involve a more complex implementation in the future.

As the previous installation was not complex, it did not take long. 

What's my experience with pricing, setup cost, and licensing?

I believe I have paid around $1,000 in licensing fees. The license is annual. 

Which other solutions did I evaluate?

We did not really explore other options prior to using the solution. We considered Fortigate, but found it to not be very straightforward, which is why we decided to go with the current solution. 

What other advice do I have?

While we have focused on the access control aspects of the solution, the documentation demonstrates that it has many more features, so I would like to explore it further. 

We are customers of Cisco. 

At the moment, we have around 250 users making use of the solution. 

I rate Cisco ISE (Identity Services Engine) as a five out of ten. This is because I wish to explore further any additional features that can add value to our organization, especially on the IT security side. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,780 professionals have used our research since 2012.
Corporate Information Technology Security Manager at a financial services firm with 10,001+ employees
Real User
Top 20
Integrates well with other Cisco products, but they need to provide better network visibility and also release an agentless version
Pros and Cons
  • "The features that do work, work well, and we use it on a daily basis."
  • "The interface is not very user-friendly and it is not simple to use."

What is our primary use case?

We use Cisco ISE for 802.1 network authentication.

What is most valuable?

ISE integrates well with other Cisco products.

What needs improvement?

This solution does not provide us with enough visibility into our network. We would like to see additional information that it does not show. In general, the reporting is not very useful.

ISE needs to have better integration with third-party products.

A basic profiling engine would make a good addition because device profiling is very important.

This product requires the use of agents and ideally, I would like an agentless version. I think that they should get rid of them because they are hard to manage and deploy. Also, they are not useful.

The interface is not very user-friendly and it is not simple to use.

For how long have I used the solution?

I have been using the Cisco Identity Services Engine for six years.

What do I think about the stability of the solution?

This is a stable product. The features that do work, work well, and we use it on a daily basis.

What do I think about the scalability of the solution?

I would say that this product is scalable because we are using it in our central headquarters, in addition to several branch offices.

How are customer service and technical support?

We do not pay for Cisco SMARTnet, so we did not contact technical support.

Which solution did I use previously and why did I switch?

Prior to using ISE, we were using a solution by Trustwave. It is a different product because it uses Name Poisoning methods. It was an interesting solution but we changed because the price of support is too high. We opted to instead purchase a new product.

How was the initial setup?

The initial setup is not simple. I don't consider our deployment to be complete because we were unsuccessful at trying to use the majority of the features. The fact that we can't solve these problems is why we are searching for another solution.

What about the implementation team?

We had assistance from a consultant for the deployment.

Internally, we have a team of five administrators who manage this product.

What's my experience with pricing, setup cost, and licensing?

The SMARTnet technical support is available at an additional cost.

Which other solutions did I evaluate?

I am currently doing research on Fortinet FortiNAC because I find that Cisco ISE is not a very powerful tool.

What other advice do I have?

My advice for anybody who is considering Cisco ISE is to first run a proof of concept to see that all of the features work well. In my opinion, you have to see all of the features.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network & Security Engineer at a engineering company with 201-500 employees
Real User
Excessive lagging, expensive, complicated installation, but has good features and support
Pros and Cons
  • "The RADIUS Server holds the most value."
  • "I would like to see the product simplified more, especially with the configuration."

What is most valuable?

The RADIUS Server holds the most value.

The TACACS feature in ISE is good.

We also use the Posture feature to control the environment.

The product features are quite good.

What needs improvement?

One of the main issues in  Cisco ISE (Identity Services Engine) is that it lags excessively.

Sometimes Cisco ISE (Identity Services Engine) just doesn't work properly, due to misconfiguration.

I would like to see the product simplified more, especially with the configuration.

For how long have I used the solution?

I have been working with Cisco ISE (Identity Services Engine) for approximately two years.

We are using version 2.7 Patch 2.

What do I think about the scalability of the solution?

Cisco ISE (Identity Services Engine) is easy to scale.

I have approximately 450 Apex end-based licenses.

Currently, we don't have plans to expand.

How are customer service and support?

Technical support as always is one of the best.

How was the initial setup?

The initial setup was a bit complex. It took us three to four weeks to complete the setup and get it up and running. We had help from the reseller.

It was deployed by a vendor.

What about the implementation team?

It was installed by a vendor.

What's my experience with pricing, setup cost, and licensing?

It's a bit expensive, especially the licensed product.

The hardware is purchased one time. 

The support license is reasonable, but when compared to other products, such as ClearPass or Fortinet, the base license for users is much lower in other products. In general, Cisco is more expensive.

I would like to see one license based on one user. We do not need to use multiple licenses in order to have multiple features in the product.

One of the issues in ISE is that if you need more features you have to have multiple licenses per user. One user can have three or four licenses. 

It would be beneficial to have a single license that included all of the features.

Which other solutions did I evaluate?

We are currently trying to deploy Fortinet network access control. The support from Fortinet is disappointing.

We are in the testing phases, but there is a good possibility that we will go with Fortinet.

We have not used it yet. We will try the POCs this week coming.

What other advice do I have?

I would suggest having an experienced engineer implement the product. If there is an error when implementing, you will experience many issues, especially lagging.

If it was well implemented I would rate it a nine out of ten, because it's good.

Cisco ISE (Identity Services Engine) is used in large enterprise companies. In our company and with our implementation, I would rate  Cisco ISE (Identity Services Engine) a four out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Senior Software Engineer with 501-1,000 employees
Reseller
Top 5Leaderboard
A one-stop solution to streamline security policy management
Pros and Cons
  • "They have recently made a lot of improvements. My clients don't have much to complain about."
  • "It should be virtualized because many people have begun migrating to the cloud. They should offer a hybrid version."

What is our primary use case?

We use ISE for security group tagging in terms of guests and visitors who access the network to make sure that they actually go through this to control their privilege access to ensure they don't actually access the internal network, etc. 

Our clients use ISE as a form of security policy management so that users and devices between the wired, wireless, and VPN connections to the corporate network, can be managed accordingly.

Take a house for example. Sometimes you need to access a room via a certain keyhole, so you use a key that is unique to that door. With ISE, you can segment this process in terms of policy management based on the security tag. You actually grant the user access based on the tagging.

That's the IT trend — saving a lot on operating costs to manage the different users and access methods.

Within our company, we have roughly 200 employees using this solution.

What is most valuable?

My clients are always talking about the segregation capabilities. Segmentation refers to how you can actually segregate employee and non-employee client access. 

What needs improvement?

They have recently made a lot of improvements. My clients don't have much to complain about — it's a one-stop-shop.

It should be virtualized because many people have begun migrating to the cloud. They should offer a hybrid version. 

What do I think about the stability of the solution?

It's stable but there's a limitation of up to 200,000 users. If you have a big number of users, then you have to customize the installation process. 

What do I think about the scalability of the solution?

It's only scalable up to 20,000 users. 

How are customer service and technical support?

I would say Cisco's support has been getting worse. I think they outsource a lot of skillsets.

How was the initial setup?

The initial setup is pretty straightforward. They actually provide a lot of help to IT administrators which makes setting it up rather easy.

The whole setup takes about three days because you need to basically configure the network, test the configuration, and then you need to cut over to production. 

What was our ROI?

Our customers definitely see a return on their investment with this solution.

What's my experience with pricing, setup cost, and licensing?

I think licensing costs roughly $2,000 a year. ISE is more expensive than Network Access Control.

What other advice do I have?

If you wish to use ISE, you must have a deep understanding of IT. If you don't, setting it up properly will be very complex.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Rammohan Manike
Sr Consultant at a tech services company with 10,001+ employees
Real User
It works the same globally no matter where you deploy it
Pros and Cons
  • "The core point is that Cisco ISE is the same globally compared to FortiAuthenticator. Whether I deploy in China, the US, South Africa, or wherever, I'm can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability."
  • "Cisco ISE could be simplified somewhat. I would also prefer certificate-based authentication over confirmation-based authentication for all the processes. It's possible for us to do a workaround, but the process needs to be simplified."

What is our primary use case?

I'm using Cisco ISE for integration. We are currently using it for 82.X, but we are planning on using it for a different use case in the next couple of quarters.

What is most valuable?

The core point is that Cisco ISE is the same globally compared to FortiAuthenticator. Whether I deploy in China, the US, South Africa, or wherever, I'm can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability. 

What needs improvement?

Cisco ISE could be simplified somewhat. I would also prefer certificate-based authentication over confirmation-based authentication for all the processes. It's possible for us to do a workaround, but the process needs to be simplified. 

For how long have I used the solution?

I've been using Cisco ISE for more than a year.

What do I think about the stability of the solution?

Cisco ISE is stable.

What do I think about the scalability of the solution?

I haven't really tried to scale ISE, but I don't think we'd face any challenges with hard gentle scaling.

How are customer service and support?

We have a good relationship with Cisco support. However, when they do a new release, they take their time. I don't have much of an issue with Cisco support itself, but working with their customer success team and those types of things can be a challenge. It's not just the response time. It's the total resolution time. They'll respond quickly, but when they get the particular fix, it's a challenge. 

How was the initial setup?

In the previous versions, the setup was okay. But as they add more capabilities, it gets more complicated to deploy and maintain the solution. We expect these complexities as part of the roadmap and evolution. We have to set the policy definitions manually because there is no discovery process to define what needs to be authenticated. When a new device is added, we might have to configure something so that it's integrated or set up some data flows of the service we need to do it. These are some of the maintenance activities that we must do to keep it live. We have a good IT team that numbers around 25 people and serves a decent number of customers.

What's my experience with pricing, setup cost, and licensing?

Customers respond to a low price. From the point of view of integration, Cisco ISE hikes up the cost of security, but otherwise, I think it should be okay.

What other advice do I have?

I rate Cisco ISE nine out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Hassan Ayoub
Technology Manager at Advanced Integrated Systems
Reseller
Top 20
Good integration, visibility, and automation
Pros and Cons
  • "The most valuable feature is the integration with StealthWatch and DNA as one fabric."
  • "The ISE software needs to be improved so that it is easier to administer."

What is our primary use case?

We are a system integrator and Cisco ISE is one of the products that we sell and implement at our customers side. I have built ISE's POC and provided training to our customers.

I also used real rent lab which was including; Active Directory integration, network access and core switches, access points, wireless access controller, and end points. (some end points have cisco client - anyconnect, and have not), and Web Server for creating wireless authentication portal solution end to end

The AAA features were awesome and have important attributes, and also the security groups (SGTs) concept to enforce policies for each group of users, regardless they coming via wired or wireless network devices. also i see the guest authentication is very rich and easy tom implement 

How has it helped my organization?

Cisco ISE offer one central point to create different policies for different group of users and enforce policies to each entity regardless it connected to network through wired or wireless network devices. it provide in this way more mobility and wireless-wired converged network. Also it integrates very well with network devices to control ports configurations services authentication and authorization. ISE also integrate with DNA center and stealthwatch to enable customer have SDN (Software defined Network) Fabric. 

What is most valuable?

Combines authentication,authorization,accounting(AAA),posture,and profilerinto one appliance

Provides for comprehensive guest access management for Cisco ISE administrators.

Enforces endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for all endpoints that access the network,including 802.1X Environments

EmploysadvancedenforcementcapabilitiesincludingTrustsecthroughthe use of SecurityGroup Tags(SGTs) and Security Group Access Control Lists (SGACLs)• Supports scalability to support a number of deployment scenarios from small office to large enterprise environments

What needs improvement?

The ISE software needs to be improved  in role to be easier to administer. SOftware enhancement required to have easier way to find the featured required to implement and also need enhancement of features sorting. Completing processes can be complex when try to implement some solutions. also steps are complex and the troubleshooting as well. As an example, if you intend to make AAA policy and enforce it on a group of users, you will find the software very confusing................................

For how long have I used the solution?

I have been using Cisco ISE for three months.

Which solution did I use previously and why did I switch?

We did not use another similar solution prior to this one.

How was the initial setup?

The initial setup was fine.

What's my experience with pricing, setup cost, and licensing?

The price for Cisco ISE is high.

Which other solutions did I evaluate?

We did not evaluate other options before adopting this solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: My Company is Cisco Reseller
Laurent Canac
Network & Security Architect at Canac IT
Real User
Top 20
Easy implementation, simple to add policies, and very stable
Pros and Cons
  • "The implementation is very simple."
  • "The web interface needs improvement. The new web interface that they have is not as easy to manage and we find it to be very slow."

What is most valuable?

The .1x authentication schema is the most valuable aspect of the solution. It makes it possible to have multiple policies and it can still adapt to us. We can authenticate and calculate our trajectory and so on. The policy is very easy to put in place. It's got to be easy due to the fact that we have more than 200,000 devices.

The implementation is very simple.

What needs improvement?

The web interface needs improvement. The new web interface that they have is not as easy to manage and we find it to be very slow.

The solution might require two authentications. They should make a new authentication to authenticate both the device and the users. Right now, we are authenticating the PC, the workstation, but not as a user. A good addition would be to authenticate the user separately to get more information.

For how long have I used the solution?

I've been using the solution for five years.

What do I think about the stability of the solution?

The solution is stable. I haven't witnessed bugs or glitches. It doesn't freeze or crash. It's reliable.

What do I think about the scalability of the solution?

The solution is quite scalable.

We started with two clients and we've since scaled up to 20 clients.

Which solution did I use previously and why did I switch?

Cisco ISE was the first full solution we've used.

How was the initial setup?

The initial setup wasn't complex for us. We found the process of implementing the solution very straightforward.

For our organization, in terms of deployment, the first implementation took one month, and for the global implementation took six months.

For maintenance, a company needs one or two people to handle it, one of which should be full-time.

What's my experience with pricing, setup cost, and licensing?

The pricing is okay. It's reasonable for functionality, however, if you're going to implement it as a full-stack with Cisco Connect, and a work station, and so on, it's very high.

What other advice do I have?

I'd advise other companies to really take care in regards to the network devices that they want to authenticate. 

For most of the cases, the biggest rooms are the easiest to manage, however, the smallest ones require specific implementation in all devices. It is very tricky due to the fact that you are obliged to put in place the rules that are not so secure and that's why it's very important to know what devices are connected on the network.

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cisco ISE (Identity Services Engine) Report and get advice and tips from experienced pros sharing their opinions.