Appgate SDP vs. Cisco Identity Services Engine (ISE) vs. SecureLink Enterprise Access

It is best suited for larger companies with lots of remote workers that need complex access management. We've barely scratched the surface on what Appgate can do via its API.

Incentivized

Cisco ISE integrates will with a Cisco solution such as firewalls, network switches and routers. It does an incredible job of granting access based on the role that an individual or groups have, and the ability to remove access to that individual or group is also east. In our environment ISE is used to authenticate external users that have access by vpn, and also to manage access to the large network infrastructure

Incentivized

It does exactly what it needs to. The only times I've had serious issues with rolling out to a vendor is when they have a "contractual agreement" to only use their solution. Almost every vendor that I've worked with and shown this product to has been skeptical for the first 5 minutes and fully converted to liking the ease of use of the product by 10 minutes

• Software-Defined perimeter
• Hide resources to non-authorized/authenticated users.

Incentivized

• The most beneficial thing that I love about it, there are tons of things that I love about ISE and that it does well, but the most fascinating that I feel about is its integration with DNA center or Catalyst Center using PX Grid as the protocol wherein ISE acts as a policy server for the entire campus hand in hand with Catalyst Center to make sure that the policy policy follows the user and also in the background hand in hand with DNA Center or Catalyst Center makes sure microsegmentation is implemented so that east west traffic is blocked and takes care of the campus.

Incentivized

• Easy to setup on a client PC or server for access
• Organizes client connections by gatekeeper so it is easy to find what you need
• File transfer option is great for uploading files to client servers

• Live logging in the client. Currently you have to "download" the logs into a zip file and then open that zipfile to look at the logs. There's no logfile to tail or watch.
• Load balancing between controllers could be better. Currently relies on round robin DNS and sometimes a browser will pick a different IP than previous and you'll get a big "LOST CONNECTION TO CONTROLLER" message.

Incentivized

• Trustsec needs more documentation and configuration best practice examples
• The licensing model can be difficult to explain and understand for customers
• Difficult to get an accurate benchmark to know exactly how many Cisco Identity Services Engine nodes and the size of the deployment should be

Incentivized

• Java based. Always an issue. I know they are working on this and it will be Javaless if we need it. I know that Java can cause issues across the board and I understand the need of it, but it does not make it any better when there are Java issues.
• Stronger integration with the Active Directory. Currently its only read-only, which is good and bad.
• I would love to see an App. I know they are working on this as well.

We are so very reliant on Cisco Identity Services Engine at this point that finding another solution would be a big hassle for us.

Incentivized

We are happy using securelink to access our client environments

For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.

Incentivized

We do have to occasionally reboot the servers when they get low on memory, but we're also a few versions behind. Availability has generally been pretty good though with no major outages in the time that we've had it implemented.

Incentivized

yes it does. depending on where you coming from. Logs are pretty busy same as report. it also depending on devices count and design.

Incentivized

The company has been supportive overall of our needs and desired features. I have not personally called the support services, but I've heard no direct complaints either.

Incentivized

Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals. I feel like this is a USP for Cisco support.

Incentivized

The employees at Securelink have always been responsive and seem to be invested in the success of my company. They truly understand what their product means to us so if there is a problem, they are always willing to help. In the rare event that something is found on their end, they will be proactive and reach out to someone to help and get something on calendar for a fix

Training can only cover certain areas, there are a lot of areas training just can't cover. You have to learn by doing it.

Incentivized

I think our system integrators lacks some competencies and this has led to an implementation that is still perfectible. (i.e. dedicating an interface for intra-cluster communication)

Incentivized

The existing system was FortiGate. The management of the system was a hassle. Because IT personnel had to manually create VPN accounts, user passwords were known to who created them and the end user did not have a way to change them. This created a security issue in the event an IT engineer left the company.

Incentivized

I think all give some visibility of device monitoring and management, but Cisco Identity Services Engine gives a good way to manage more details about the device in a centralized way that gives a wider range of monitoring and control than the other softwares individually. I don't think Cisco Identity Services Engine eliminates the need for these other software as of now, but there is potential for Cisco Identity Services Engine to be able to take over more of these roles.

Incentivized

Securelink seems to work better than LogMein for a large enterprise group. Our company has over 10,000 different connections and securelink manages them well.

Cisco ISE was competitively priced and Cisco was able to leverage some of our existing contracts to help ease the purchase.

Incentivized

It's fully customised and comprehensive. only thing is you need to know what you want. Proper research and planning would save lots of time and effort .

Incentivized

• We are achieving our goals with this tool by hiding resources behind it.
• It is a new model that requires a different thought process for many in network operations.

Incentivized

• I don't know about negatives because we haven't seen it right now, but positive impact is one is the roadmap we have. And now since we are going ahead with doing the deployment of Cisco ISE, we see that we are getting closure to, so at the end of the day, we have to make sure that operationally we stay excellent. So that's where operational excellence comes in. Cisco ISE is basically addressing that for us. Right now we are in a situation if there is a WIFI issue or if there is an authentication issue, it gets really difficult to isolate the problem. But with Cisco ISE , this functionality is going to come in. So we believe that it would be a good ROI.

Incentivized

• I've found that Securelink allows me to get a vendor access to an application for support purposes much faster than a provisioned VPN account and the red tape around this. I can set up a vendor to access an application suite in a half hour and it will be more secure than regular provisioning.
• The ROI is yet to be seen on this, but it certainly makes Compliance, Internal Audit, and Legal very happy, which helps everybody.
• Internally, there is much more push back and it has been problematic. For a tech, to have to log in to a server and navigate to a system is considered cumbersome, when before all they had to do was open up Putty or RDP to a server to get in. The only way to combat this is to force them to use Securelink by removing rights. Near impossible for the domain admins.