Cisco Identity Services Engine (ISE)

I am working with switches, wireless, and SD-WAN solutions, but regarding the opinion itself, it depends what one would like to get.

For what we do, the most useful feature in Cisco Identity Services Engine (ISE)  is RADIUS authentication. We are using the guest portal as well, the Wi-Fi guest portal capability from Cisco Identity Services Engine (ISE) .

The Wi-Fi guest portal feature allows us to give access to non-company devices on the locations we have for visitors.

We use the Cisco Identity Services Engine (ISE) profiling feature to onboard new devices whenever they're connected and assign them the correct profiles. It was mostly used when the ISE was deployed, but it's still used.

The adaptability of Cisco Identity Services Engine (ISE) policy enforcement can fit to the site we have depending on which kind of devices we have on site and then the needs for authentication, granting access and then assigning each device into its correct network for segmentation.

For what we're doing so far, it's quite easy for us; we are not doing too much complicated stuff, so it's quite easy for us to onboard a new site into the current policy we have.

The most useful feature in Cisco Identity Services Engine (ISE) is RADIUS authentication. We are using the guest portal as well, the Wi-Fi guest portal capability from Cisco Identity Services Engine (ISE).

The Wi-Fi guest portal feature allows us to give access to non-company devices on the locations we have for visitors.

We use the Cisco Identity Services Engine (ISE) profiling feature to onboard new devices whenever they're connected and assign them the correct profiles. It was mostly used when ISE was deployed, but it's still used.

The adaptability of Cisco Identity Services Engine (ISE) policy enforcement can fit to the site we have depending on which kind of devices we have on site and then the needs for authentication, granting access and then assigning each device into its correct network for segmentation.

For what we're doing so far, it's quite easy for us; we are not doing too much complicated stuff, so it's quite easy for us to onboard a new site into the current policy we have.

Cisco Identity Services Engine (ISE) has simplified guest access management for us without compromising security for our organization.

The log capacity in Cisco Identity Services Engine (ISE) could be enhanced because today natively on the ISE can only have a look at the logs from the day before. You cannot search into the oldest logs; you have to use another tool for that. This can be blocking if you don't have any log consolidation solution. To do a search for an issue or something that happened two days ago, you cannot search directly in there.

The capacity of Cisco Identity Services Engine (ISE) could be enhanced.

Something between one week and one month for the log capacity would be nice.

Sometimes when we have upgrades or failovers with Cisco Identity Services Engine (ISE), we had some minor issues. It took something around two or three days before it came back to a stable situation.

For the size of our company, Cisco Identity Services Engine (ISE) is a scalable solution. It's working fine.

It's working fine because we are using many other Cisco products, so the interaction between Cisco tools is fine. However, you can have some latency issues depending on where your devices are. We don't have many devices spread on other geographies than EMEA; we have some of them in APAC, but for a really big deployment, scalability could force you to deploy more complex architectures. In this case, that would be the only drawback.

I have contacted Cisco support.

Their support is really good. Cisco support has pretty good teams for support and every time we had good answers and we could somehow solve the issues we had.

Positive

The setup of Cisco Identity Services Engine (ISE) was done by a third party, by a subcontractor. It would be hard for me to tell you how easy or not it was because the person was used to deploy this product already, but it wasn't that long, so we migrated from the previous environment to the current one we are using. Deployment or upgrade was quite acceptable.

Setup and migration of Cisco Identity Services Engine (ISE) took something around two weeks because this one is handling all the authentication we have worldwide. We took our time to make sure that migration was fine and we also merged. We had separated ISEs before, so we merged into a consolidated one, which is why it took more time.

I haven't faced any other kind of issues or difficulties with Cisco Identity Services Engine (ISE).

The biggest benefit of Cisco Identity Services Engine (ISE) as a product for me is that it is stable and reliable.

On a scale of 1-10, I would rate Cisco Identity Services Engine (ISE) a 9.

We use it for network access control.

It isolates the bring your own devices and the guests from the corporate network. It also segregates connections when a user comes in and connects. There is a certain profile review that goes on to confirm that the device is allowed to access resources on the network.

The policies allow us to enforce certain rules on the network to be able to screen our users more effectively. It allows us to have more visibility to what the users are trying to do on the network, which really helps us know how to control them.

There is value because it helps us secure the network and prevents certain things from happening which could cause financial loss. This demonstrates good value for money.

They should make their integrations with other manufacturers less restrictive. They should work on their integration with other vendors.

The integrations with the switches and the wireless controllers are not really straightforward. There is what they call the best practice for them, but it may not be what we have on-premise. We have to find a workaround with certain configurations to make them work.

We have been using the solution since 2021.

I am just working with the switches and Cisco Identity Services Engine (ISE) .

It works and does what it is supposed to do. It is stable.

It is pretty scalable.

We have used customer service.

Positive

I have not used any previous solutions and am not sure about others.

It is a bit complicated. The implementation took us about two months.

It is deployed on-premises.

I have not compared with other vendors, but the license is reasonably priced.

The cost is about 100 million Ugandan shillings, which converts to approximately $30,000 per year.

I have considered trying Juniper and D-Link switches.

I am only using the Cisco Identity Services Engine (ISE)  and the switches. Higher licensing is required for additional features. I rate this solution 8 out of 10.

Positive

I use Cisco Identity Services Engine (ISE)  for wireless authentication and device administration.

Cisco Identity Services Engine (ISE)  is good with device administration.

Cisco Identity Services Engine (ISE) is very good at device administration. This is one of the best features. Other than that, for the wireless authentication and network access control (NAC) use cases, it is not a solid product because there are better products for NAC than Cisco Identity Services Engine (ISE).

Cisco Identity Services Engine (ISE) needs to improve the profiling preauthentication. They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases. This will give them a roadmap for software-defined access (SDA) use cases and network segmentation. Threat detection capabilities are very weak. Additionally, the product is vulnerable and has many bugs.

I have been working with Cisco Identity Services Engine (ISE) for around four years or more.

The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication. Device administration runs smoothly. Authentication and NAC use cases do not. I would rate the stability as four out of ten.

Scalability is limited. Factors like architecture, business nature, and legal limitations such as GDPR affect it. I would rate it as four or five out of ten.

Technical support is poor. It heavily relies on a reactive approach, and resolving issues can take a long time. Simple issues can take 72 hours or more than six months for resolution. I rate the technical support as one out of ten.

Negative

We also use Forescout. We use both Cisco Identity Services Engine (ISE) and Forescout simultaneously.

The initial setup is challenging. For enterprises, it can take months due to VM setup requirements, poor tech support, and Cisco Identity Services Engine (ISE) having many bugs. Small setups might take a day, but larger enterprise setups are much longer.

Cisco tech support and professional services are poor, lacking clear requirements and solutions.

The return on investment for Cisco Identity Services Engine (ISE) is difficult to gauge due to complexities. For enterprise customers, it comes at a lower cost and is comparatively cost-effective. Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.

Setup costs vary. Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective. Dedicated resources are needed due to the demanding nature of Cisco Identity Services Engine (ISE), making large organizational costs significant. 

For small organizations, it's effective - not for larger ones.

We have evaluated and used Forescout alongside Cisco Identity Services Engine (ISE).

For small setups and if the backend infrastructure is Cisco-based, Cisco Identity Services Engine (ISE) is suitable. However, for large organizations with mixed infrastructure, other solutions should be considered. I would rate it four out of ten based on my experience from the last year.

The primary use case of Cisco Identity Services Engine (ISE)  is to serve as a security solution that can specify the endpoints in an organization for segmentation. This involves defining the reachability domain for each endpoint in an organization. 

It automates pushing access lists or authorizations and offers profiling to define and manage endpoints. It provides profiling to help organizations define the type and points of the endpoints, building security rules, and providing health checks to ensure endpoints comply with rules.

The solution offers automation and real-time visibility, which aids in monitoring and troubleshooting issues with endpoints. 

The product provides feedback about the network based on endpoint behavior, assisting in understanding the network's current state.

The solution is integrated with other Cisco devices and can offer automation for an organization, making deployments more dynamic and providing real-time visibility. It gives feedback on what is happening within the network and assists mostly with troubleshooting. 

Additionally, it's considered highly reliable and scalable.

The licensing scheme is complex and could use enhancement to provide more options. Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features. The complex licensing schema and the need for improvement in pricing are primary areas for improvement.

The Cisco Identity Services Engine (ISE)  has been deployed for a long time in various environments.

Cisco Identity Services Engine (ISE) is considered very reliable and stable. Although it is not one hundred percent reliable theoretically, in practice, it offers great reliability.

The solution is described as very scalable, and there are minimal issues with scalability.

Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.

Positive

Setup is not about deploying ISE itself, but rather about managing the number of switches and endpoints in the organization. After initial deployment, routine upgrades and backups are part of the normal process.

A specific implementation team is not mentioned, but deployment complexity varies depending on the organization size and manpower available.

Cisco ISE is more expensive but covers a lot of features. The pricing scheme could be improved. Compared to other solutions like HPE ClearPass , Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.

Detailed mentions of other solutions include HPE ClearPass  and Fortinet. However, these are mentioned for comparison purposes rather than as alternatives considered before using Cisco ISE.

It is suggested to keep the review anonymous and refrain from making personal information public.

I'd rate the solution eight out of ten.