The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.
Aruba ClearPass and Cisco ISE are very similar in nature. The biggest differentiator that I have seen is the Cisco ISE ecosystem around native Adaptive Network Controls, programmable interfaces, pxGrid, and Cisco TrustSec environment. Due to the span of products Cisco has in …
So I also have deployed a system called TPAs by Aruba. It's functionality-wise, it's similar to ISE, and also has its pros and cons, but I'm more towards ISE in this case. And I also use some other systems that are in the same field, for example. But this is not really fully …
We just use Cisco for this kind of purpose, I know the market and the other vendors, other players have a lot of solutions that perform the same action, but for me Cisco is the best one.
So the security team selected Forescout because of its inventory functionality. We have had to utilize Cisco ISE though to actually push the SGT Policies as well as the SGACL mappings and the SXP Propagation across the switch infrastructure. There is a lot more configuration …
Cisco ise is great at what it does. There are much cheaper solutions, but that also comes with it's disadvantages of the support that is usually there. But when you are up against Free Radius....what more is there to say for a lot of the smaller companies that is going to be …
ISE stacks well up against other products in our portfolio with protocols like RADIUS, TACACS and REST APIs. ISE is in many ways good for integration with both other Cisco products (switches, firewalls, WLAN controllers) and products from other vendors. Even with cloud services …
Cisco Identity Services Engine (ISE) Stacks up nicely alongside them and we chose Cisco because our business is a Cisco shop and keeping our number of support vendors low is a big way that we keep things simple resulting in a low headcount in the IT Dept. We use it in …
Cisco Identity Services Engine (ISE) stacks up well against other systems because it does what it says and is stable. For us, Cisco Identity Services Engine (ISE) is great for managing access to our network devices and systems. Cisco Identity Services Engine (ISE) might not do …
We are using a lot of other Cisco solutions, so the integration between them became much better and easier and also gave us a relatively easy way of implementing network automation. We have planned to implement Software define network with the Cisco DNA Center, so Cisco …
In our case, the entire core of our network is based on Cisco technologies as well as user access. For this reason it was the simplest choice given that both by integration and by knowledge of the platform it was the solution with the least complexity and the best adoption …
Cisco ISE is way ahead of other products when it comes to Network Access Control technology. With its granularity level controls and zero trust architecture, we can leverage its extensive policy enforcement to create rules based upon users/processes/machines. It gives so much …
Overall, management is not terrible if you have a stable network that is not overly complex. If you don't, this product will take considerable time to plan for an effective solution. I will say support is not very helpful, so if you need assistance after the initial sales rep assisted setup, good luck and be prepared to spend hours on the phone.
Manage high-privilege access to communications equipment. It allows to be granular in the permissions, to have it integrated with the LDAP users and, most importantly, to audit what tasks each user performed.
Profile users and devices and assign privileges and access levels based on that combination. It greatly improves the user experience, since it does not depend on the network it is in, but on the access levels it has depending on the device. It also allows self-managed guest access with approval flow, which is essential for our business.
It has also allowed us to automate actions based on findings from StealWatch, Umbrella, AMP, etc.
I guess the user experience itself, it's sometimes a little bit slow, but this is also dependent on the platform and the scale of the deployment of course. But actually functionality-wise it's really, really good. But yeah, it could sometimes be a little quicker to react on the good front.
For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.
We do have to occasionally reboot the servers when they get low on memory, but we're also a few versions behind. Availability has generally been pretty good though with no major outages in the time that we've had it implemented.
Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals. I feel like this is a USP for Cisco support.
I did participate in the implementation of Cisco ISE and while there were times when it was confusing and we had a lot of trial and error, overall the experience was fine.
So the security team selected Forescout because of its inventory functionality. We have had to utilize Cisco ISE though to actually push the SGT Policies as well as the SGACL mappings and the SXP Propagation across the switch infrastructure. There is a lot more configuration that has to happen in Forescout in order for it to manage the switches.
Cisco ISE is fairly expensive, but I feel that the time it saves our team is well worth it.
We have been able to roll this our to all of our teams, and they can each manage their own device and it is really convenient to have each team mange their own devices
Once it is deployed and configured, it seems like there isn't much upkeep, so we don't have to hire someone to manage it we do it by committee.