We just raised a $30M Series A: Read our story
2019-01-24T13:13:00Z

What needs improvement with Cisco ISE (Identity Services Engine)?

76

Please share with the community what you think needs improvement with Cisco ISE (Identity Services Engine).

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
3333 Answers

author avatar
Top 5LeaderboardReseller

This solution has enhanced features that make it difficult to use. To make it easier, it should be made without PxGrid. It should be able to work with third-party routers and switches. We want to work in an environment where there are multi-vendors that require PxGrid. Their software-defined access is not easy to implement. You have to have a good understanding of how to implement it. It would be helpful if they could make it easier for the customer to adopt. Third-party integration is important, as well as the continuous adaptation feature, which is the AIOps. It would be helpful to include the AIOps.

2021-09-18T05:17:58Z
author avatar
Top 20Reseller

The initial setup could be simplified. The support could be faster and the pricing could be reduced.

2021-08-11T12:27:27Z
author avatar
Top 5LeaderboardReal User

The solution isn't as dynamic as it could be. There are some limitations, specifically around switches. Deploying to a machine, as opposed to a dedicated appliance, can be a bit difficult. The network solutions need to be improved by Cisco.

2021-07-28T11:23:25Z
author avatar
Top 20Consultant

The solution infrastructure configuration is complicated to set up. They have improved over the years but there is still a lot of room to improve. When comparing the simplicity to other vendors, such as Fortinet and Aruba they are behind.

2021-06-15T15:06:54Z
author avatar
Top 5LeaderboardReal User

It perfectly does everything we have been looking for it to do. I have not discovered any feature sets or items that are lacking. It's a much more functional product than the old Cisco ACS that it replaced. That being said, during deployment, they shipped us the Cisco ISE with the 3.1 operating system, which was incompatible with the license that we had purchased, which would only allow us to go up to version 2.9. Because of this, we actually had to do a factory reset and a reload to the operating system — to an older version of the operating system. This required a very extensive process. We had to take out the Cisco ISE and put it into a factory reset mode to get it to roll back to the old operating system. If we were doing an upgrade, this would have been very simple, but as we were doing a downgrade, it was extremely complex and very labor-intensive. I was crawling through the server room, through wires, to plug things in, to get it to connect in the way that it needed to be connected with an external device in order to actually get it to roll back. I don't like that the licensing structure doesn't allow us to have the 3.1 operating system — it forces us to use version 2.9. If you don't want to pay a monthly or a yearly subscription fee, either that device should have come automatically with the 2.9 version operating system, or it should have been much easier to actually roll it back. Additionally, support should have realized that our license requires us to have the 2.9 operating system instead of the 3.1 operating system, which would have saved us a lot of time. It would be nice if it could be configured easily by default. If you're configuring a Cisco device, you pretty much need the support of a CCNA-level technician to be able to do it. It would be nice if there was a default or a more simple way to do it. It's not really a requirement to use the device because you can purchase the premium support or you could get a CCNA in-house to do it. Just having that ability to say, "Hey, we want to set this up" without too many complications or without having to bring in support would be nice.

2021-05-19T11:58:51Z
author avatar
Top 5Real User

It is too complex. It should be easy to use. We are not such a big team. We only have three engineers to work with this, and we don't use all of the functionality of the product. Its range of functionality is too wide for us, and this is the reason why we are thinking of switching to a more simple product. We have shortlisted a Microsoft solution. We have a big footprint for Microsoft products, especially in security. As a global strategy, we try to leverage to the maximum what is possible around Microsoft.

2021-03-01T10:08:26Z
author avatar
Top 5MSP

An issue with the product is it tends to have a lot of bugs whenever they release a new release. We've always found ourselves battling out one bug or another. I think, overall they need to form a quality assurance standpoint. ISE has always had this issue with bugs. Even if you go to a Cisco website and you type all the bug releases for ISE, you'll find a lot of bugs. Because the product is kind of intrusive, right? It's in the network. Whenever you have a bug, if something doesn't work, that always creates a lot of noise. I would say that the biggest issue we're having is with all the product bugs. Also, the graphical user interface is very heavy. By heavy, I mean it's quite fancy. It's equipped with a lot of features and animations that sometimes slow down the user interface. It's a technical product — I don't think a lot of engineers really need fancy GUIs. We pretty much look for functionality, but I think Cisco, for some reason, is putting an emphasis on its GUIs looking better. We always look for functionality over fancy features. We've had issues with different browsers, and sometimes it's really slow. From a functionality standpoint, we would rather the GUI was light and faster to navigate. ISE has a very good logging capability but because their GUI is so slow, we feel it's not as flexible or user-friendly as we would like it to be, especially when it comes to monitoring and logging. At the end of the day, we're implementing ISE for security. And that means visibility. Of course, you can export the data into other products to get that visibility, but we would like to have a better type of monitoring, maybe better dashboards, and better analytics capabilities within the product. Analytics is one thing that's really lacking. Even if you're to extract a report, it just takes a lot of time. So, again, that comes down to product design, but that's definitely an area for improvement. I think it does the job well, but they can definitely improve on the monitoring and analytics side.

2021-02-26T22:28:45Z
author avatar
Top 5LeaderboardReseller

They have recently made a lot of improvements. My clients don't have much to complain about — it's a one-stop-shop. It should be virtualized because many people have begun migrating to the cloud. They should offer a hybrid version.

2021-02-19T03:10:20Z
author avatar
Top 20Real User

Segmentation can be improved. They can also improve security policies for each group of users, and automation can also be better. The software interface could be better. They should make it easier for users to find features.

2021-02-16T16:16:11Z
author avatar
Top 20Real User

The solution is not so user-friendly. It's very difficult to navigate through different manuals. The documentation should be simplified so that it is easier to understand. It would take time for a beginner to understand and familiarize themselves with the solution. There's a bit of a learning curve. Cisco ISE is not very stable. They could work on that aspect. We'd like the pricing to be better. The product is not easily scalable. Currently, if you want to do something with authentication, you need to have an additional document agent, however, these are short on all Microsoft endpoints. We then need to come up with some alternate options so that I don't have to modify any native applications on it. By default, Windows should be able to support and onboard the devices. Right now I need to have a Cisco AnyConnect as an agent to be deployed for authentication.

2021-02-16T09:54:24Z
author avatar
Top 20Real User

In terms of the improvements I need, they've already, according to my research, done those improvements with their new versions. The features have already improved on their newer version, and that's why we need to update to that new version. What is required is that Cisco needs to be doing health checks and following up with the customer to ensure that their Cisco partners have done the deployment right. That's something that has really helped us. Whenever a partner comes and does any deployment, we would, later on, engage Cisco for a health check, so that Cisco could assist with their products. They would check whether it has been deployed following the best practices - or they would just alert us on which features that we have paid for and we are not taking advantage of that. Cisco needs to continue with that health check. That engagement with their customers to reconfirm everything is like a quality assurance that the Cisco partners have given the right stuff to their customers. This product doesn't work in isolation. For example, when we talk of posturing the Microsoft updates, the system that does automatic updates for Microsoft needs to work in an ideal fashion. The antivirus needs to work. OF course, the antivirus is not Cisco. Those products need to work as they should so that integration of the ISE product will work as well. When all factors are held constant, Cisco works well.

2021-02-12T19:47:39Z
author avatar
Top 5LeaderboardReal User

The user interface can be improved.

2021-01-30T09:18:44Z
author avatar
Top 20Real User

There should be better documentation on the implementation of the solution. I learned how to implement it from watching videos. I felt the documentation was too complicated and I also learn better from watching videos. In my experience, there needs to be better documentation for firewall integration as well, we had some trouble early on.

2020-12-24T23:11:29Z
author avatar
Real User

It is a good product, but in order to use all of the functions of the product, you must have a good understanding of the product. You must know how to use and manage it. It is a little bit complicated to configure and manage. It must be simplified to make it easy to manage for end users. In the initial stage, we found ISE complicated for end users. It was not easy to manage it or to write authentication and authorization protocol. They must improve its management and make it easy for end users. The monitoring and reporting capabilities can be improved because end users want to quickly see what is happening in their network. There were some restrictions in working with other vendors. It should also have a better and easy integration with other vendors.

2020-11-08T06:56:35Z
author avatar
Top 20Reseller

The ISE software needs to be improved in role to be easier to administer. SOftware enhancement required to have easier way to find the featured required to implement and also need enhancement of features sorting. Completing processes can be complex when try to implement some solutions. also steps are complex and the troubleshooting as well. As an example, if you intend to make AAA policy and enforce it on a group of users, you will find the software very confusing................................

2020-08-22T14:36:00Z
author avatar
Real User

As I treat the system basically as a user would, and am not overly technical, I can't say what features, if any, the solution is missing. I'm working from China currently and the only real issue is that, within the country, there's some concern around Cisco and its ability to offer the solution for the long term. As the United States has banned the Huawei version in their country, we feel there may be retaliation in ours and Cisco will get banned as a countermeasure from the government. The future of Cisco in China is in question. Our local partners are worried about the situation.

2020-08-11T06:17:30Z
author avatar
Top 20Real User

The web interface needs improvement. The new web interface that they have is not as easy to manage and we find it to be very slow. The solution might require two authentications. They should make a new authentication to authenticate both the device and the users. Right now, we are authenticating the PC, the workstation, but not as a user. A good addition would be to authenticate the user separately to get more information.

2020-07-29T07:45:53Z
author avatar
Top 20Real User

Because we have a large database and 4,000 network devices, the solution can lag a bit when you're running updates or different things because of the fact that it's so big and it is such a resource hog. But the biggest problem we've encountered is that it finds errors or people are rejected or not authenticated without a clear explanation as to why. A second issue is that we're currently on 2.4 and Cisco's gold standard now is 2.7. They are a little slow with that. I'd really like the solution to dive down a little deeper when something's not profiling. As it stands now, you have to go through and search what hasn't profiled. Microsoft, for example, gives you a direction to look at and will even be specific sometimes and tell you there is a password error, or the password hasn't been updated, or it's not meeting the policy and that's why it won't let it through. Those are very helpful because you know exactly what's required to solve a problem. Cisco is getting better with it, but they fail in some areas because of a network connectivity issue, or it's not getting DCAP quick enough and it fails. Those things would be more helpful to understand when it's going through, so you are able to triage it a little better. I mean, it does point you in a direction, but sometimes you have to dig a lot deeper to find the right direction and figure out what kept it from profiling. One big issue we've discovered is that people are not rebooting their machines or powering them off at night. We're trying to ensure that is done by sticking messages on screens.

2020-07-22T08:17:27Z
author avatar
Real User

The software is a little bit complicated to understand in the beginning, meaning the implementation. It needs proper documentation so that we can understand the options more easily.

2020-07-13T06:55:00Z
author avatar
Top 20Real User

This solution does not provide us with enough visibility into our network. We would like to see additional information that it does not show. In general, the reporting is not very useful. ISE needs to have better integration with third-party products. A basic profiling engine would make a good addition because device profiling is very important. This product requires the use of agents and ideally, I would like an agentless version. I think that they should get rid of them because they are hard to manage and deploy. Also, they are not useful. The interface is not very user-friendly and it is not simple to use.

2020-06-25T10:49:25Z
author avatar
Reseller

I'd like to see an easier way to upgrade to larger versions, as well as more best practices that are easier to locate on their support page.

2019-07-02T06:57:00Z
author avatar
Real User

An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment. Also, I've not explored MDM but if it should be integrated.

2019-06-23T09:40:00Z
author avatar
Real User

The stability of this solution needs to be improved. It should not be necessary to go to each individual set of alarms and acknowledge them in order for them to go away. There should be a single button that can be pressed to dismiss all of the alarms at once.

2019-06-17T08:45:00Z
author avatar
Real User

Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better. It needs a better solution for reduced complexity. I think to add more people to four-thousand users is going to be hard. Cisco needs to make it easier to add more people.

2019-05-23T06:10:00Z
author avatar
Reseller

There should be an easier way to do the upgrades. Customers were having issues going from one version to the next. There are a lot of steps to get to the next version from the previous version which ends up being a bit of the headache with the upgrade.

2019-02-18T10:19:00Z
author avatar
Reseller

So far we have had no complaints from customers. No major complaints in terms of ISE. They do complain obviously if the ISE service stops working. Normally that happens if there's a server flaw or some problem at the data center somewhere. There can more integration between the wireless controller management and ISE. Consolidation or integration of the controller and ISE dashboards would be great. It's not that bad but would make for simplified support if it could be combined into one dashboard.

2019-02-18T10:19:00Z
author avatar
Real User

There are issues with respect to the posture assessment function. It's been observed that customers are not receiving total access to the network because the assessment agent is glitchy and malfunctions from time-to-time. I would like to see refining of the compliance assessment and adding more detailed compliance of endpoints on the user end. We have also had to deal with some cache update issues in conjunction with Cisco's tech support team. Unfortunately, they had trouble providing suitable solutions within specific and desirable time frames. The next release should offer more inter-operability, increased cross-integration functionality.

2019-02-10T10:25:00Z
author avatar
Real User

It has many complications from the administration perspective, it's not easy to learn. Not like other solutions that are very friendly and easy to go through. It needs to be more user-friendly. We'll see the same name on more than one tab so we need to realize why that name is there or why only the main tab is not like the other. I cannot believe that Cisco is the best case of security integration however it is easier to implement. They are good at integration, I do not expect more from them in that regard. They could think about developing VXLAN. They have LDN switches, we need to get into contextual switches, not catalyst switches. Normal switches. I wish they could explore developing more VXLAN options.

2019-02-10T10:06:00Z
author avatar
Real User

Support and integration for the active devices needs to be worked on. Their features mainly work well with Mac devices. If we use an HP the Mac functionalities may no longer be able to deliver.

2019-02-05T07:16:00Z
author avatar
Real User

Since we have started, we struggled a lot to implement this solution into our network, and we opened a case a couple of times. Up until this point, nothing else needs to be improved with this product.

2019-02-04T08:44:00Z
author avatar
Real User

They should improve the upgrades. It's not easy to upgrade the solution.

2019-01-31T08:49:00Z
author avatar
Real User

The compliance and posture don't always work. They should make it more stable. With each upgrade, we lose some functionality. We have to wait for another upgrade. I would like to see them develop some type of device management, like an iPad feature, just to be able to give security access to certain devices for management. Mainly for the suppliers and the third parties. Another feature I would like to see would be for them to create the ability to integrate with other products from the start. We always search for products that integrate with us and so it would ease the management and then everybody would be entered.

2019-01-28T12:39:00Z
author avatar
Real User

I would like for them to improve the reporting.

2019-01-24T13:13:00Z
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,529 professionals have used our research since 2012.