Cisco Identity Services Engine (ISE) vs. FortiNAC vs. Netskope CASB

Cisco ISE integrates will with a Cisco solution such as firewalls, network switches and routers. It does an incredible job of granting access based on the role that an individual or groups have, and the ability to remove access to that individual or group is also east. In our environment ISE is used to authenticate external users that have access by vpn, and also to manage access to the large network infrastructure

Incentivized

If you have a mid/large enterprise network and you need to comply with any of the IT security standards, FortiNAC will help you as it provides complete protection and will provide you needed reports, like logins, times, tries of unauthorized connections. All that can be passed to your existing siem or integrated with other forti products.

Incentivized

The Netskope CASB solution is well-suited for any company due to the proliferation of SaaS applications. With the agent being installed on endpoints, the product is well suited for remote work environments where a managed corporate network may not be available. The agent allows visibility and controls to be applied to any networks the devices connect to.

• The most beneficial thing that I love about it, there are tons of things that I love about ISE and that it does well, but the most fascinating that I feel about is its integration with DNA center or Catalyst Center using PX Grid as the protocol wherein ISE acts as a policy server for the entire campus hand in hand with Catalyst Center to make sure that the policy policy follows the user and also in the background hand in hand with DNA Center or Catalyst Center makes sure microsegmentation is implemented so that east west traffic is blocked and takes care of the campus.

Incentivized

• Protects network
• Provides reports
• Easy to configure and maintain

Incentivized

• Policies against integrated SaaS applications.
• Visibility into cloud applications usage and risk.
• Cloud Confidence Index (research into security confidence of providers).

Incentivized

• Trustsec needs more documentation and configuration best practice examples
• The licensing model can be difficult to explain and understand for customers
• Difficult to get an accurate benchmark to know exactly how many Cisco Identity Services Engine nodes and the size of the deployment should be

Incentivized

• Updates sometimes a bit buggy

Incentivized

• Public IP for user can be from different country then it came from
• Sometimes you can't get anywhere with Netscope ON
• Location is the key for speed so users complain for speed of 'internet'
• Some location blocks Netscope IP ranges

Incentivized

We are so very reliant on Cisco Identity Services Engine at this point that finding another solution would be a big hassle for us.

Incentivized

For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.

Incentivized

Really easy to use for administrators and for end users, as all is unified in one single agent. Management and deployment is also very easy to do, so overall it is a user and administrator friendly product.

Incentivized

We do have to occasionally reboot the servers when they get low on memory, but we're also a few versions behind. Availability has generally been pretty good though with no major outages in the time that we've had it implemented.

Incentivized

yes it does. depending on where you coming from. Logs are pretty busy same as report. it also depending on devices count and design.

Incentivized

Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals. I feel like this is a USP for Cisco support.

Incentivized

There have been some struggles with their infrastructure keeping pace with demand and load. Support can only do so much and has to defer to known problems being escalated.

Incentivized

Training can only cover certain areas, there are a lot of areas training just can't cover. You have to learn by doing it.

Incentivized

I think our system integrators lacks some competencies and this has led to an implementation that is still perfectible. (i.e. dedicating an interface for intra-cluster communication)

Incentivized

I think all give some visibility of device monitoring and management, but Cisco Identity Services Engine gives a good way to manage more details about the device in a centralized way that gives a wider range of monitoring and control than the other softwares individually. I don't think Cisco Identity Services Engine eliminates the need for these other software as of now, but there is potential for Cisco Identity Services Engine to be able to take over more of these roles.

Incentivized

We felt that Netskope provided a more holistic view in the CASB space from a user and usage perspective. In addition, the cost structure for Menlo was a bit higher and was a bit more complicated in the installation and maintenance perspectives

Incentivized

Cisco ISE was competitively priced and Cisco was able to leverage some of our existing contracts to help ease the purchase.

Incentivized

It's fully customised and comprehensive. only thing is you need to know what you want. Proper research and planning would save lots of time and effort .

Incentivized

• I don't know about negatives because we haven't seen it right now, but positive impact is one is the roadmap we have. And now since we are going ahead with doing the deployment of Cisco ISE, we see that we are getting closure to, so at the end of the day, we have to make sure that operationally we stay excellent. So that's where operational excellence comes in. Cisco ISE is basically addressing that for us. Right now we are in a situation if there is a WIFI issue or if there is an authentication issue, it gets really difficult to isolate the problem. But with Cisco ISE , this functionality is going to come in. So we believe that it would be a good ROI.

Incentivized

• ROI was great as this not so expensive tool delivers so much more than a simple network authentication
• Got Fully compliant with our internal IT policies in network access area

Incentivized

• ROI is difficult to quote but protection against threat is biggest ROI for any company
• Confidential data is governed at micro level
• Upload/download of documents even to unwarranted sites like pdf convertor is blocked

Incentivized