Cisco Identity Services Engine (ISE)

My main use case for Cisco Identity Services Engine (ISE)  is providing MAC technology and Network Admission Control, which allows us to enforce authentication for users as we implement Zero Trust for cybersecurity to enhance our cybersecurity.

Also, the great feature of Cisco Identity Services Engine (ISE)  is using posture, which allows us to deploy conditions per the device or checklist for any request to join a device to our network and also profiling.

For a specific example of how I'm using Cisco Identity Services Engine (ISE) for network admission control or posture assessment in my environment, we have implemented the AAA and 802.1X integrating Cisco Identity Services Engine (ISE) with our edge switches, so any user wanting to join the network must first enter a username and password from the domain controller. After this, the switch will ask Cisco Identity Services Engine (ISE) for this user, and Cisco Identity Services Engine (ISE) will ask the domain controller if this user already exists or not. Based on the existence of the username and password provided, we can permit or deny access. We are also providing posture assessment on the device, checking if antivirus is enabled, the version of antivirus, and if it is updated or not, along with whether it is allowing our service, for example, confirming if the required service is open or disabled. After evaluating these conditions, we either allow the device to join our network or deny access.

The best features that Cisco Identity Services Engine (ISE) offers are its usability. MAC solution or MAC technology and Network Admission Control as a native technology are very difficult, but Cisco Identity Services Engine (ISE) makes it easier for users to have MAC technology with a simplified GUI and a stable product.

The GUI and usability stand out for me compared to other solutions I've seen, such as Meraki and ClearPass  from HP.

Cisco Identity Services Engine (ISE) has powerful integration capabilities, and we have already integrated it with WSA, also implementing the PXGrid feature from Cisco to enhance integration with our WSA and ESA .

Cisco Identity Services Engine (ISE) has positively impacted my organization by protecting our network from unauthorized access, providing guest access for our guests, managing all switches, and allowing us to implement TACACS on Cisco Identity Services Engine (ISE), where we can monitor the admins of the switches without needing to create admin accounts on every switch.

Cisco Identity Services Engine (ISE) could be improved by allowing us to switch back to the legacy license, as the new license model is more complicated, and Cisco Identity Services Engine (ISE) does not provide a legacy-based license.

I have been using Cisco Identity Services Engine (ISE) for about six months.

The most powerful benefit of Cisco Identity Services Engine (ISE) is its stability.

The most notable aspect of Cisco Identity Services Engine (ISE) is its scalability. You can run an all-in-one deployment and switch to distributed mode as your company grows, relying on Cisco Identity Services Engine (ISE) to support your scalability needs.

TAC support from Cisco is a notable feature; it provides very professional support, and you can rely on them to resolve issues effectively. I would rate the customer support a ten.

Cisco Identity Services Engine (ISE) is the only solution I have used.

I have noticed measurable improvements in security and efficiency since implementing Cisco Identity Services Engine (ISE), as we have increased security significantly compared to before and everything has changed in security after we implemented it.

I have seen a return on investment as we save time controlling all switches using Cisco Identity Services Engine (ISE) TACACS, and we also save money because we increased security, stopped incidents, and reduced breaches and security breaches.

My experience with pricing, setup cost, and licensing indicates that the legacy license of Cisco Identity Services Engine (ISE) is more usable and affordable. I believe Cisco needs to reconsider their new license model.

I did not evaluate other options before choosing Cisco Identity Services Engine (ISE).

My advice for others looking into using Cisco Identity Services Engine (ISE) is to be well-prepared before implementing a MAC solution by checking all of Cisco Identity Services Engine (ISE)'s features and deciding what you want to implement, such as posture, profiling, or access control with 802.1X. The GUI and usability stand out for me compared to other solutions I've seen, such as Meraki and ClearPass  from HP. I would rate this review a ten overall.

I am working with switches, wireless, and SD-WAN solutions, but regarding the opinion itself, it depends what one would like to get.

For what we do, the most useful feature in Cisco Identity Services Engine (ISE)  is RADIUS authentication. We are using the guest portal as well, the Wi-Fi guest portal capability from Cisco Identity Services Engine (ISE) .

The Wi-Fi guest portal feature allows us to give access to non-company devices on the locations we have for visitors.

We use the Cisco Identity Services Engine (ISE) profiling feature to onboard new devices whenever they're connected and assign them the correct profiles. It was mostly used when the ISE was deployed, but it's still used.

The adaptability of Cisco Identity Services Engine (ISE) policy enforcement can fit to the site we have depending on which kind of devices we have on site and then the needs for authentication, granting access and then assigning each device into its correct network for segmentation.

For what we're doing so far, it's quite easy for us; we are not doing too much complicated stuff, so it's quite easy for us to onboard a new site into the current policy we have.

The most useful feature in Cisco Identity Services Engine (ISE) is RADIUS authentication. We are using the guest portal as well, the Wi-Fi guest portal capability from Cisco Identity Services Engine (ISE).

The Wi-Fi guest portal feature allows us to give access to non-company devices on the locations we have for visitors.

We use the Cisco Identity Services Engine (ISE) profiling feature to onboard new devices whenever they're connected and assign them the correct profiles. It was mostly used when ISE was deployed, but it's still used.

The adaptability of Cisco Identity Services Engine (ISE) policy enforcement can fit to the site we have depending on which kind of devices we have on site and then the needs for authentication, granting access and then assigning each device into its correct network for segmentation.

For what we're doing so far, it's quite easy for us; we are not doing too much complicated stuff, so it's quite easy for us to onboard a new site into the current policy we have.

Cisco Identity Services Engine (ISE) has simplified guest access management for us without compromising security for our organization.

The log capacity in Cisco Identity Services Engine (ISE) could be enhanced because today natively on the ISE can only have a look at the logs from the day before. You cannot search into the oldest logs; you have to use another tool for that. This can be blocking if you don't have any log consolidation solution. To do a search for an issue or something that happened two days ago, you cannot search directly in there.

The capacity of Cisco Identity Services Engine (ISE) could be enhanced.

Something between one week and one month for the log capacity would be nice.

Sometimes when we have upgrades or failovers with Cisco Identity Services Engine (ISE), we had some minor issues. It took something around two or three days before it came back to a stable situation.

For the size of our company, Cisco Identity Services Engine (ISE) is a scalable solution. It's working fine.

It's working fine because we are using many other Cisco products, so the interaction between Cisco tools is fine. However, you can have some latency issues depending on where your devices are. We don't have many devices spread on other geographies than EMEA; we have some of them in APAC, but for a really big deployment, scalability could force you to deploy more complex architectures. In this case, that would be the only drawback.

I have contacted Cisco support.

Their support is really good. Cisco support has pretty good teams for support and every time we had good answers and we could somehow solve the issues we had.

The setup of Cisco Identity Services Engine (ISE) was done by a third party, by a subcontractor. It would be hard for me to tell you how easy or not it was because the person was used to deploy this product already, but it wasn't that long, so we migrated from the previous environment to the current one we are using. Deployment or upgrade was quite acceptable.

Setup and migration of Cisco Identity Services Engine (ISE) took something around two weeks because this one is handling all the authentication we have worldwide. We took our time to make sure that migration was fine and we also merged. We had separated ISEs before, so we merged into a consolidated one, which is why it took more time.

I haven't faced any other kind of issues or difficulties with Cisco Identity Services Engine (ISE).

The biggest benefit of Cisco Identity Services Engine (ISE) as a product for me is that it is stable and reliable.

On a scale of 1-10, I would rate Cisco Identity Services Engine (ISE) a 9.

We use it for network access control.

It isolates the bring your own devices and the guests from the corporate network. It also segregates connections when a user comes in and connects. There is a certain profile review that goes on to confirm that the device is allowed to access resources on the network.

The policies allow us to enforce certain rules on the network to be able to screen our users more effectively. It allows us to have more visibility to what the users are trying to do on the network, which really helps us know how to control them.

There is value because it helps us secure the network and prevents certain things from happening which could cause financial loss. This demonstrates good value for money.

They should make their integrations with other manufacturers less restrictive. They should work on their integration with other vendors.

The integrations with the switches and the wireless controllers are not really straightforward. There is what they call the best practice for them, but it may not be what we have on-premise. We have to find a workaround with certain configurations to make them work.

We have been using the solution since 2021.

I am just working with the switches and Cisco Identity Services Engine (ISE) .

It works and does what it is supposed to do. It is stable.

It is pretty scalable.

We have used customer service.

I have not used any previous solutions and am not sure about others.

It is a bit complicated. The implementation took us about two months.

It is deployed on-premises.

I have not compared with other vendors, but the license is reasonably priced.

The cost is about 100 million Ugandan shillings, which converts to approximately $30,000 per year.

I have considered trying Juniper and D-Link switches.

I am only using the Cisco Identity Services Engine (ISE)  and the switches. Higher licensing is required for additional features. I rate this solution 8 out of 10.