The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.
N/A
Cisco Umbrella
Score 8.7 out of 10
N/A
Cisco now offers OpenDNS Umbrella Web Filtering. Cisco acquired OpenDNS in August 2015, and rebranded the product as Cisco Umbrella.
ISE stacks well up against other products in our portfolio with protocols like RADIUS, TACACS and REST APIs. ISE is in many ways good for integration with both other Cisco products (switches, firewalls, WLAN controllers) and products from other vendors. Even with cloud services …
In our case, the entire core of our network is based on Cisco technologies as well as user access. For this reason it was the simplest choice given that both by integration and by knowledge of the platform it was the solution with the least complexity and the best adoption …
The simplicity of administration, the possibility of having a roaming user scheme with differential security policies for each case, and its integration with other products were key when deciding and undoubtedly generated a very positive impact both in the tasks of the IT team …
Overall, management is not terrible if you have a stable network that is not overly complex. If you don't, this product will take considerable time to plan for an effective solution. I will say support is not very helpful, so if you need assistance after the initial sales rep assisted setup, good luck and be prepared to spend hours on the phone.
Well suited to networks that include Active directory, as you can hook it into the directory to allow you to target specific users and computers. Not particularly well suited to personal users due to the price point, and also not well suited to organisations with disorganised IT, since the system can be bypassed simply by changing the DNS server of the device. You need a dedicated IT department to ensure these sorts of settings are locked down
Manage high-privilege access to communications equipment. It allows to be granular in the permissions, to have it integrated with the LDAP users and, most importantly, to audit what tasks each user performed.
Profile users and devices and assign privileges and access levels based on that combination. It greatly improves the user experience, since it does not depend on the network it is in, but on the access levels it has depending on the device. It also allows self-managed guest access with approval flow, which is essential for our business.
It has also allowed us to automate actions based on findings from StealWatch, Umbrella, AMP, etc.
Umbrella Virtual Appliances have been buggy in resolving local domain hosts.
Integration between other Cisco and Meraki products is complicated.
Reporting is not always accurate; for example, if you configure a Meraki access point to use an Umbrella Virtual Appliance, you lose device reporting. All reporting shows up under the AP's IP.
First off I never give anything a "10" unless it's perfect. LOL - I grade on the curve. I think OpenDNS/Umbrella is a very good product. I think that fact that Cisco absorbed them is one of the proofs of that. I have used the product back when it was free for companies our size. I have not always appreciated the cost - but in the post pandemic cyber chaos, I believe the cost benefit ratio is still very high. I have honestly not looked at other products because Umbrella continues to work to my satisfaction. I consider Umbrella to be one of the key layers in my cyber security strategy.
For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.
Better features and easy to manage system with great customer support and overall usability is great as it works for hybrid environment with ease as it is having features for on prem users as wells as cloud users with great customer support and great team of trained engineers to support our opeartions.
Cisco Umbrella's availability was great, they got back to me in less than an hour to get my problem solved.
We needed to get our Meraki AP's hooked up to Cisco Umbrella to monitor that specific traffic and they got back to me promptly, they guided me and explained every question I had.
Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals. I feel like this is a USP for Cisco support.
We have not had a chance to use Cisco support frequently, but when we needed to troubleshoot some issues that we were having with the agent installation, the support was very responsive and the solution that they offered worked. The only reason I give it one less point is that the turnaround time for non-critical issues is very long.
The implementation just required us a bit of study because there are a lot of options and configurations available. I believe that the interface could be a bit better, but it works fine. We did an initial setup and only need to do changes when a new demand appears. Other than that, we just keep it running.
So the security team selected Forescout because of its inventory functionality. We have had to utilize Cisco ISE though to actually push the SGT Policies as well as the SGACL mappings and the SXP Propagation across the switch infrastructure. There is a lot more configuration that has to happen in Forescout in order for it to manage the switches.
We used a product before this called iPrism by EdgeWave and also briefly tried Barracuda Web Security in the cloud. We were having such a large influx of service desk calls about proxy-based layer 7 web filters that we wanted to step back and pick something more at the DNS level, to protect our employees but not hover over their social media use, etc. Cisco will also employ a layer 7 proxy if a site is suspicious, which does require us to push a certificate out should we want that feature. For most policies we have it enabled.
Cisco ISE is fairly expensive, but I feel that the time it saves our team is well worth it.
We have been able to roll this our to all of our teams, and they can each manage their own device and it is really convenient to have each team mange their own devices
Once it is deployed and configured, it seems like there isn't much upkeep, so we don't have to hire someone to manage it we do it by committee.
Positive ROI when the service keeps users from going to malicious websites.
We had it deployed while users were internal and external with the AnyConnect Umbrella module so our protection was both on and off the corporate network.
