Cisco Identity Services Engine (ISE) vs. Sophos NAC Advanced (discontinued)

Overall, management is not terrible if you have a stable network that is not overly complex. If you don't, this product will take considerable time to plan for an effective solution. I will say support is not very helpful, so if you need assistance after the initial sales rep assisted setup, good luck and be prepared to spend hours on the phone.

Incentivized

Sophos Network Access Control would be most effective in an enterprise environment where there are many different groups of users, including guest users because it has the ability to block unauthorized users and control the access of guest users. It would not be well suited for an environment with less than 1000 users because as far as I know, the license requires at least that many users.

Incentivized

• Manage high-privilege access to communications equipment. It allows to be granular in the permissions, to have it integrated with the LDAP users and, most importantly, to audit what tasks each user performed.
• Profile users and devices and assign privileges and access levels based on that combination. It greatly improves the user experience, since it does not depend on the network it is in, but on the access levels it has depending on the device. It also allows self-managed guest access with approval flow, which is essential for our business.
• It has also allowed us to automate actions based on findings from StealWatch, Umbrella, AMP, etc.

Incentivized

• Provides enforcement of security policies for Windows PCs
• As part of the Sophos Security Suite provides outstanding protection from viruses
• Uses a very nice web-based GUI

Incentivized

• I guess the user experience itself, it's sometimes a little bit slow, but this is also dependent on the platform and the scale of the deployment of course. But actually functionality-wise it's really, really good. But yeah, it could sometimes be a little quicker to react on the good front.

Incentivized

• Customer support was basically non-existent during the time we needed it the most. This should be #1 priority for any company.
• Lack of support for Linux servers and Mac OS
• The reporting system relies on information provided by the agents
• Wide scale removal process needs some vast improvements. When using a batch removal script, it wrecks the NIC drivers to the point that they have to be removed and reinstalled.

Incentivized

We are so very reliant on Cisco Identity Services Engine at this point that finding another solution would be a big hassle for us.

Incentivized

For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.

Incentivized

We do have to occasionally reboot the servers when they get low on memory, but we're also a few versions behind. Availability has generally been pretty good though with no major outages in the time that we've had it implemented.

Incentivized

ISE performance has never been an issue for us. The system doesn't tend to slow down at all.

Incentivized

Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals. I feel like this is a USP for Cisco support.

Incentivized

I did participate in the implementation of Cisco ISE and while there were times when it was confusing and we had a lot of trial and error, overall the experience was fine.

Incentivized

So the security team selected Forescout because of its inventory functionality. We have had to utilize Cisco ISE though to actually push the SGT Policies as well as the SGACL mappings and the SXP Propagation across the switch infrastructure. There is a lot more configuration that has to happen in Forescout in order for it to manage the switches.

Incentivized

I have used Mcafee Antivirus Suite, Trend Micro, and Vipre Antivirus. I actually had more experience with Vipre than anything else so that is the one that I will be comparing it too. From what I remember, Vipre was more expensive but had better customer support. Other than that, they both do pretty much thing as well as what all the others do. I personally do not believe that any enterprise level antivirus solution is better than any other, it boils down to which one can your company afford, and which one fits best with your needs.

Incentivized

Yes, we have the ability to scale ISE to however many nodes and clusters we want, but of course this takes time and money for licenses.

Incentivized

• Cisco ISE is fairly expensive, but I feel that the time it saves our team is well worth it.
• We have been able to roll this our to all of our teams, and they can each manage their own device and it is really convenient to have each team mange their own devices
• Once it is deployed and configured, it seems like there isn't much upkeep, so we don't have to hire someone to manage it we do it by committee.

Incentivized

• Positive -- We were able to control guest users access
• Positive -- Using the entire Sophos Security Suite I only remember one major virus while I was with the company which saves on downtime, and IT man hours
• Negative -- The time we spent removing this, and reinstalling NIC drivers because the removal process crashed them cost the company in IT man hours.

Incentivized