Has improved authentication management and simplified visitor network access
What is our primary use case?
I am working with switches, wireless, and SD-WAN solutions, but regarding the opinion itself, it depends what one would like to get.
For what we do, the most useful feature in Cisco Identity Services Engine (ISE) is RADIUS authentication. We are using the guest portal as well, the Wi-Fi guest portal capability from Cisco Identity Services Engine (ISE).
The Wi-Fi guest portal feature allows us to give access to non-company devices on the locations we have for visitors.
We use the Cisco Identity Services Engine (ISE) profiling feature to onboard new devices whenever they're connected and assign them the correct profiles. It was mostly used when the ISE was deployed, but it's still used.
The adaptability of Cisco Identity Services Engine (ISE) policy enforcement can fit to the site we have depending on which kind of devices we have on site and then the needs for authentication, granting access and then assigning each device into its correct network for segmentation.
For what we're doing so far, it's quite easy for us; we are not doing too much complicated stuff, so it's quite easy for us to onboard a new site into the current policy we have.
What is most valuable?
The most useful feature in Cisco Identity Services Engine (ISE) is RADIUS authentication. We are using the guest portal as well, the Wi-Fi guest portal capability from Cisco Identity Services Engine (ISE).
The Wi-Fi guest portal feature allows us to give access to non-company devices on the locations we have for visitors.
We use the Cisco Identity Services Engine (ISE) profiling feature to onboard new devices whenever they're connected and assign them the correct profiles. It was mostly used when ISE was deployed, but it's still used.
The adaptability of Cisco Identity Services Engine (ISE) policy enforcement can fit to the site we have depending on which kind of devices we have on site and then the needs for authentication, granting access and then assigning each device into its correct network for segmentation.
For what we're doing so far, it's quite easy for us; we are not doing too much complicated stuff, so it's quite easy for us to onboard a new site into the current policy we have.
Cisco Identity Services Engine (ISE) has simplified guest access management for us without compromising security for our organization.
What needs improvement?
The log capacity in Cisco Identity Services Engine (ISE) could be enhanced because today natively on the ISE can only have a look at the logs from the day before. You cannot search into the oldest logs; you have to use another tool for that. This can be blocking if you don't have any log consolidation solution. To do a search for an issue or something that happened two days ago, you cannot search directly in there.
The capacity of Cisco Identity Services Engine (ISE) could be enhanced.
Something between one week and one month for the log capacity would be nice.
What do I think about the stability of the solution?
Sometimes when we have upgrades or failovers with Cisco Identity Services Engine (ISE), we had some minor issues. It took something around two or three days before it came back to a stable situation.
What do I think about the scalability of the solution?
For the size of our company, Cisco Identity Services Engine (ISE) is a scalable solution. It's working fine.
It's working fine because we are using many other Cisco products, so the interaction between Cisco tools is fine. However, you can have some latency issues depending on where your devices are. We don't have many devices spread on other geographies than EMEA; we have some of them in APAC, but for a really big deployment, scalability could force you to deploy more complex architectures. In this case, that would be the only drawback.
How are customer service and support?
I have contacted Cisco support.
Their support is really good. Cisco support has pretty good teams for support and every time we had good answers and we could somehow solve the issues we had.
How would you rate customer service and support?
How was the initial setup?
The setup of Cisco Identity Services Engine (ISE) was done by a third party, by a subcontractor. It would be hard for me to tell you how easy or not it was because the person was used to deploy this product already, but it wasn't that long, so we migrated from the previous environment to the current one we are using. Deployment or upgrade was quite acceptable.
Setup and migration of Cisco Identity Services Engine (ISE) took something around two weeks because this one is handling all the authentication we have worldwide. We took our time to make sure that migration was fine and we also merged. We had separated ISEs before, so we merged into a consolidated one, which is why it took more time.
What other advice do I have?
I haven't faced any other kind of issues or difficulties with Cisco Identity Services Engine (ISE).
The biggest benefit of Cisco Identity Services Engine (ISE) as a product for me is that it is stable and reliable.
On a scale of 1-10, I would rate Cisco Identity Services Engine (ISE) a 9.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
3 years of hands-on experience as an administrator managing Cisco Identity Services Engine (ISE) .
What do you like best about the product?
With 3 years of experience administering Cisco ISE, I find its biggest strengths are centralized access control, strong security enforcement, and clear visibility into network activity. It simplifies managing user, device, and guest access while integrating well with other security tools to strengthen overall network defense.
What do you dislike about the product?
he VPN gateway must be properly configured to prompt for and process password changes, since Cisco ISE only validates credentials against the identity source. If this setting is not enabled on the VPN device (such as ASA/FTD with AnyConnect), users won’t see a prompt to update expired passwords, even if Active Directory allows the change.
What problems is the product solving and how is that benefiting you?
Cisco ISE solves the challenge of controlling who and what connects to the network by providing centralized authentication, authorization, and accounting (AAA). It gives visibility into users and devices, enforces consistent security policies, and streamlines guest and BYOD access. For me as an admin, this means fewer security gaps, easier policy management, and stronger protection of critical resources without having to manage multiple disconnected tools.
Vulnerability enggine
What do you like best about the product?
Dynamic and context-aware access policies based on user, device type, time, and location.
Profiling and posture assessment for both managed and unmanaged devices.
Centralized policy management that scales across large distributed networks.
What do you dislike about the product?
Complexity in Configuration and Policy Design:
ISE has a steep learning curve. Setting up policies—especially for large environments with multiple identity sources and posture checks—can become complex and time-consuming.
What problems is the product solving and how is that benefiting you?
Unauthorized Access Control
It ensures that only authenticated and authorized users/devices can access specific network segments—reducing insider threats and lateral movement.
Network access controls and policy management increase security visibility and control
What is our primary use case?
We use it for network access control.
It isolates the bring your own devices and the guests from the corporate network. It also segregates connections when a user comes in and connects. There is a certain profile review that goes on to confirm that the device is allowed to access resources on the network.
What is most valuable?
The policies allow us to enforce certain rules on the network to be able to screen our users more effectively. It allows us to have more visibility to what the users are trying to do on the network, which really helps us know how to control them.
There is value because it helps us secure the network and prevents certain things from happening which could cause financial loss. This demonstrates good value for money.
What needs improvement?
They should make their integrations with other manufacturers less restrictive. They should work on their integration with other vendors.
The integrations with the switches and the wireless controllers are not really straightforward. There is what they call the best practice for them, but it may not be what we have on-premise. We have to find a workaround with certain configurations to make them work.
For how long have I used the solution?
We have been using the solution since 2021.
What was my experience with deployment of the solution?
I am just working with the switches and Cisco Identity Services Engine (ISE).
What do I think about the stability of the solution?
It works and does what it is supposed to do. It is stable.
What do I think about the scalability of the solution?
How are customer service and support?
We have used customer service.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I have not used any previous solutions and am not sure about others.
How was the initial setup?
It is a bit complicated. The implementation took us about two months.
What about the implementation team?
It is deployed on-premises.
What's my experience with pricing, setup cost, and licensing?
I have not compared with other vendors, but the license is reasonably priced.
The cost is about 100 million Ugandan shillings, which converts to approximately $30,000 per year.
Which other solutions did I evaluate?
I have considered trying Juniper and D-Link switches.
What other advice do I have?
I am only using the Cisco Identity Services Engine (ISE) and the switches. Higher licensing is required for additional features. I rate this solution 8 out of 10.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Secure environments are ensured with robust network control and policy enforcement
What is our primary use case?
We use
Cisco Identity Services Engine (ISE) as a network access control for both LAN and WAN and also for Wi-Fi.
What is most valuable?
Cisco Identity Services Engine (ISE) offers authentication using RADIUS, enhancing network security by separating and segregating networks. It prevents unauthorized access to network points. This solution ensures organizations have secure environments and also supports robust policy enforcement, allowing control over who has access to various parts of the network.
What needs improvement?
I would say they need to expand the hardware compatibility. The whole setup works well with Cisco access points and Cisco switches, but when you have multiple vendors in the environment, such as HP switches or access points like Aruba, you'll find they will not work well with Cisco Identity Services Engine (ISE).
For how long have I used the solution?
I have been using Cisco Identity Services Engine (ISE) since 2017.
What was my experience with deployment of the solution?
The learning curve is challenging, and it is not user-friendly for everyone. Both the staff and the IT team face challenges. It is a bit complex in terms of deployment and usability, requiring a high level of skills. One of our deployments took about three months because of its complexity and the large size of our environment.
What do I think about the stability of the solution?
Cisco Identity Services Engine (ISE) is very stable. I would rate it a nine.
What do I think about the scalability of the solution?
It is very scalable, and I would rate it a nine out of ten for scalability.
How are customer service and support?
Their support service is rated eight.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
For network access control, I have worked with Fortinet.
How was the initial setup?
The setup and deployment process is very complicated. It's due to the security aspects which are not straightforward, making it a challenge.
What was our ROI?
Our customers have seen a return on investment because of the increased security, which reduces time dealing with threats and downtime.
What's my experience with pricing, setup cost, and licensing?
Cisco Identity Services Engine (ISE) is very expensive. It is meant for enterprises, not for SMBs. The license costs can range between $50,000 to $100,000 per year for enterprises.
Which other solutions did I evaluate?
We have evaluated Fortinet for network access control.
What other advice do I have?
Cisco Identity Services Engine (ISE) is very involving and requires committed and skilled IT personnel for deployment and day-to-day management. Enterprises with large infrastructures, like in the banking and energy sectors, may find it beneficial. I would rate it nine as it is good and does what it's supposed to do.
Enhanced device administration hindered by complex deployment and security limitations
What is our primary use case?
I use Cisco Identity Services Engine (ISE) for wireless authentication and device administration.
How has it helped my organization?
Cisco Identity Services Engine (ISE) is good with device administration.
What is most valuable?
Cisco Identity Services Engine (ISE) is very good at device administration. This is one of the best features. Other than that, for the wireless authentication and network access control (NAC) use cases, it is not a solid product because there are better products for NAC than Cisco Identity Services Engine (ISE).
What needs improvement?
Cisco Identity Services Engine (ISE) needs to improve the profiling preauthentication. They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases. This will give them a roadmap for software-defined access (SDA) use cases and network segmentation. Threat detection capabilities are very weak. Additionally, the product is vulnerable and has many bugs.
For how long have I used the solution?
I have been working with Cisco Identity Services Engine (ISE) for around four years or more.
What do I think about the stability of the solution?
The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication. Device administration runs smoothly. Authentication and NAC use cases do not. I would rate the stability as four out of ten.
What do I think about the scalability of the solution?
Scalability is limited. Factors like architecture, business nature, and legal limitations such as GDPR affect it. I would rate it as four or five out of ten.
How are customer service and support?
Technical support is poor. It heavily relies on a reactive approach, and resolving issues can take a long time. Simple issues can take 72 hours or more than six months for resolution. I rate the technical support as one out of ten.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We also use Forescout. We use both Cisco Identity Services Engine (ISE) and Forescout simultaneously.
How was the initial setup?
The initial setup is challenging. For enterprises, it can take months due to VM setup requirements, poor tech support, and Cisco Identity Services Engine (ISE) having many bugs. Small setups might take a day, but larger enterprise setups are much longer.
What about the implementation team?
Cisco tech support and professional services are poor, lacking clear requirements and solutions.
What was our ROI?
The return on investment for Cisco Identity Services Engine (ISE) is difficult to gauge due to complexities. For enterprise customers, it comes at a lower cost and is comparatively cost-effective. Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.
What's my experience with pricing, setup cost, and licensing?
Setup costs vary. Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective. Dedicated resources are needed due to the demanding nature of Cisco Identity Services Engine (ISE), making large organizational costs significant.
For small organizations, it's effective - not for larger ones.
Which other solutions did I evaluate?
We have evaluated and used Forescout alongside Cisco Identity Services Engine (ISE).
What other advice do I have?
For small setups and if the backend infrastructure is Cisco-based, Cisco Identity Services Engine (ISE) is suitable. However, for large organizations with mixed infrastructure, other solutions should be considered. I would rate it four out of ten based on my experience from the last year.
Which deployment model are you using for this solution?
On-premises
Automation and real-time visibility aids in monitoring and troubleshooting issues with endpoints
What is our primary use case?
The primary use case of Cisco Identity Services Engine (ISE) is to serve as a security solution that can specify the endpoints in an organization for segmentation. This involves defining the reachability domain for each endpoint in an organization.
It automates pushing access lists or authorizations and offers profiling to define and manage endpoints. It provides profiling to help organizations define the type and points of the endpoints, building security rules, and providing health checks to ensure endpoints comply with rules.
How has it helped my organization?
The solution offers automation and real-time visibility, which aids in monitoring and troubleshooting issues with endpoints.
The product provides feedback about the network based on endpoint behavior, assisting in understanding the network's current state.
What is most valuable?
The solution is integrated with other Cisco devices and can offer automation for an organization, making deployments more dynamic and providing real-time visibility. It gives feedback on what is happening within the network and assists mostly with troubleshooting.
Additionally, it's considered highly reliable and scalable.
What needs improvement?
The licensing scheme is complex and could use enhancement to provide more options. Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features. The complex licensing schema and the need for improvement in pricing are primary areas for improvement.
For how long have I used the solution?
The Cisco Identity Services Engine (ISE) has been deployed for a long time in various environments.
What do I think about the stability of the solution?
Cisco Identity Services Engine (ISE) is considered very reliable and stable. Although it is not one hundred percent reliable theoretically, in practice, it offers great reliability.
What do I think about the scalability of the solution?
The solution is described as very scalable, and there are minimal issues with scalability.
How are customer service and support?
Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.
How would you rate customer service and support?
How was the initial setup?
Setup is not about deploying ISE itself, but rather about managing the number of switches and endpoints in the organization. After initial deployment, routine upgrades and backups are part of the normal process.
What about the implementation team?
A specific implementation team is not mentioned, but deployment complexity varies depending on the organization size and manpower available.
What's my experience with pricing, setup cost, and licensing?
Cisco ISE is more expensive but covers a lot of features. The pricing scheme could be improved. Compared to other solutions like HPE ClearPass, Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.
Which other solutions did I evaluate?
Detailed mentions of other solutions include HPE ClearPass and Fortinet. However, these are mentioned for comparison purposes rather than as alternatives considered before using Cisco ISE.
What other advice do I have?
It is suggested to keep the review anonymous and refrain from making personal information public.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Long Successful Journey
What do you like best about the product?
All-in-One Solution
Central Control
Compatibility and scalability
Support (Either by Cisco TAC, Community, Wep,...)
What do you dislike about the product?
High Cost.
Complexity for beginners.
Changing the Schema especially for the Licensing.
What problems is the product solving and how is that benefiting you?
Authorization for Users ( WLAN), Devices and Administrators.
Profiling Posturing.
Integrates with other applications to manage access
What is our primary use case?
We used it mainly for network access control and full stream for devices.
What needs improvement?
The product is expensive. It would also be a good add-on to have some machine learning.
For how long have I used the solution?
I have been using Cisco Secure Firewall for one year.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
The solution is scalable.
How was the initial setup?
The initial setup is straightforward.
It's also recommended for clients during deployment. You're making everything very efficiently managed within the policies. The deployment is also very smooth, allowing you to configure your rooms easily. Once the initial setup is done, it becomes straightforward to understand, especially regarding Windows maintenance.
It was deployed to protect the network from unauthorized users but does not contribute directly to operational efficiency.
What's my experience with pricing, setup cost, and licensing?
Cisco ISE doesn't come cheap but it's still valid working.
What other advice do I have?
We recommend it to our customers.
Cisco ISE provides authentication for various applications. It can integrate with other applications to manage access, including Privileged Access Management for those applications. For a comprehensive environment, Cisco ISE should be able to integrate and provide asset management for an IT organization or any organization.
Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Comprehensive and allows you to control access to network resources granularly based on policies
What is our primary use case?
We use the solution for network access control.
What is most valuable?
Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies.
What needs improvement?
Cisco ISE is very complex and not very easy to deploy. There are a lot of prerequisites for the tool.
For how long have I used the solution?
I have been using Cisco ISE (Identity Services Engine) for three years.
What do I think about the stability of the solution?
We did not face any issues with the solution’s stability.
What do I think about the scalability of the solution?
Cisco ISE is a very scalable solution.
How are customer service and support?
We are working with a partner for support and are very happy with them.
On a scale from one to ten, where one is bad and ten is good, I rate their support a seven or eight out of ten.
Which solution did I use previously and why did I switch?
Compared to Cisco ISE, Fortinet NAC is more consumer-friendly.
How was the initial setup?
On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a four out of ten.
What about the implementation team?
The project lasted a few months, but the planning took several months. Cisco ISE itself means nothing. It has to have the network set up to ensure the network penetration is in place, and we're still working on that.
What was our ROI?
Security is about risk control and exposure avoidance. You can only calculate its return on investment based on how you avoid penalty fees. Cisco ISE improves our security stats.
What's my experience with pricing, setup cost, and licensing?
If you consider money only, Cisco ISE is not a cheap solution. Functionality-wise, however, it offers a very good price for the value you receive.
What other advice do I have?
The solution's compliance and policy enforcement capability has benefited our organization by simplifying work.
The solution operates in the background, and users generally don't interact with it. Cisco ISE is the security framework layer between network resources and end users using them. Users do not go into Cisco ISE to do anything.
It's like Active Directory for Identity. If you're an end user, you don't work in Active Directory, but you authenticate Active Directory to use resources on the network. The same applies to Cisco ISE, and users don't interact with it directly. They are affected by it to the extent to which they are accessing network resources.
Cisco ISE has a very comprehensive integration suite and we did not face a lot of challenges in integrating this solution with other security tools. If they know how to use it, I would recommend the solution to other organizations with similar security needs.
Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
