The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.
N/A
Zscaler Internet Access
Score 8.9 out of 10
N/A
Zscaler Internet Access™ (ZIA) is a secure web gateway (SWG), delivering cloud native cyberthreat protection and zero trust access to the internet and SaaS apps.
Cisco ISE integrates will with a Cisco solution such as firewalls, network switches and routers. It does an incredible job of granting access based on the role that an individual or groups have, and the ability to remove access to that individual or group is also east. In our environment ISE is used to authenticate external users that have access by vpn, and also to manage access to the large network infrastructure
Zscaler Internet Access is effectively a cloud firewall. It thrives best for traveling users that need a consistent experience as the multiple Service Edges around the world will help reduce the bottleneck and latency of VPNs hosted on firewalls. Also reduces the cost to spin up small locations that wouldn't necessarily need a firewall on site for Zonal traffic (this rings true for any SSE product). However troubleshooting this tool is a bit of a beast as previously mentioned - the logs are pretty minimal and the first reaction after perusing logs is typically to get a pcap file (which used to be a last resort for Network Engineers).
The most beneficial thing that I love about it, there are tons of things that I love about ISE and that it does well, but the most fascinating that I feel about is its integration with DNA center or Catalyst Center using PX Grid as the protocol wherein ISE acts as a policy server for the entire campus hand in hand with Catalyst Center to make sure that the policy policy follows the user and also in the background hand in hand with DNA Center or Catalyst Center makes sure microsegmentation is implemented so that east west traffic is blocked and takes care of the campus.
Single Pane of Glass Management - Everything is very easy to access and monitor the entire environment from an internet security perspective.
Install Flexibility - We can and do install Zscaler Internet Access on both our client devices as well as our SD-WAN appliances and servers. This allows us to control internet security even on devices without an agent in our networks.
The activate button when making changes could be better, activate seems somewhat like a misnomer especially to newer admins/engineers to the product, a more accurate word would be publish.
Blocked action message for the user could be more user friendly
For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.
The application is easy to install and configure on all Windows devices. To troubleshoot any internet issue, we can easily collect all the relevant logs from Zscaler and check the exact issue. The only problem is with the uninstall, as a dedicated crew needs to provide the password.
We do have to occasionally reboot the servers when they get low on memory, but we're also a few versions behind. Availability has generally been pretty good though with no major outages in the time that we've had it implemented.
Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals. I feel like this is a USP for Cisco support.
I cannot give a fair rating for this as I have not had to contact Zscaler support. There was one time we had to contact them because we needed to check if they were having issues on their end. Our ISP was actually the problem but support seemed very friendly.
I did participate in the implementation of Cisco ISE and while there were times when it was confusing and we had a lot of trial and error, overall the experience was fine.
I think all give some visibility of device monitoring and management, but Cisco Identity Services Engine gives a good way to manage more details about the device in a centralized way that gives a wider range of monitoring and control than the other softwares individually. I don't think Cisco Identity Services Engine eliminates the need for these other software as of now, but there is potential for Cisco Identity Services Engine to be able to take over more of these roles.
Zscaler Intenet Access outperformed the competition due to its lightning-fast policy delivery and cross-compatibility. It is easy to track employee usage and block unnecessary websites, reducing company internet usage. Zscalar installed on every system increases cloud-based software bandwidth, decreasing user turnaround time and increasing efficiency.
It's fully customised and comprehensive. only thing is you need to know what you want. Proper research and planning would save lots of time and effort .
I don't know about negatives because we haven't seen it right now, but positive impact is one is the roadmap we have. And now since we are going ahead with doing the deployment of Cisco ISE, we see that we are getting closure to, so at the end of the day, we have to make sure that operationally we stay excellent. So that's where operational excellence comes in. Cisco ISE is basically addressing that for us. Right now we are in a situation if there is a WIFI issue or if there is an authentication issue, it gets really difficult to isolate the problem. But with Cisco ISE , this functionality is going to come in. So we believe that it would be a good ROI.
We just turned off the general VPN this week, post Zscaler rollout of ZPA & ZIA, but it's still the "new" kid on the block, so "everything" is a Zscaler issue.
The ZIA implementation revealed to us exactly how inadequate our internal policies regarding internet access are. Instead of leveraging the tool to reduce risk factors, we find ourselves adjusting ZIA policies to accommodate user complaints rather than adhering to company policy enforcement.
