Cisco Identity Services Engine (ISE) Reviews

22 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.0 out of 100

Do you work for this company? Learn how we help vendors

TrustRadius TRUE Badge

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-6 of 6)

Companies can't remove reviews or game the system. Here's why.
March 02, 2021
Sebastián Sarasate | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Cisco ISE began to be used to solve the problem of Wi-Fi authentication. Later the authorization and accounting capabilities were incorporated for the accesses of the technical equipment. We are currently rolling out the profiling features. All with a focus on security and user experience, seeking safer accesses, a higher level of control and auditing, [and] additionally a profiling based on user / device that allows simplifying administration and that people can perform their tasks regardless of the device they are using.
  • Manage high-privilege access to communications equipment. It allows to be granular in the permissions, to have it integrated with the LDAP users and, most importantly, to audit what tasks each user performed.
  • Profile users and devices and assign privileges and access levels based on that combination. It greatly improves the user experience, since it does not depend on the network it is in, but on the access levels it has depending on the device. It also allows self-managed guest access with approval flow, which is essential for our business.
  • It has also allowed us to automate actions based on findings from StealWatch, Umbrella, AMP, etc.
  • It could be integrated with third party products.
  • The interface could be a bit more user friendly.
  • Could be integrated with social networks for guest authentication.
In my humble opinion, Cisco ISE is a highly recommended product.
There are multiple application scenarios but I consider that if some of the following premises are met, I would not hesitate to go for it:

- Network authentication based on LDAP or Certificates is required

- Authentication, authorization and accounting are required for administrative access.

- Granular permission delegation is required.

- It seeks to automate actions at the network access level based on security risks in real time.
Read Sebastián Sarasate's full review
November 09, 2020
Simon Watkins | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
For many years, there has been a lack of focus on the security of the corporate Local Area Network. Typically as a user you could connect any devices onto a network via any free patch points, get an IP address and then potentially access network resources. With compliance and security in mind, this is now not considered an acceptable position and a consistent security posture need to be applied to any device connecting to any portion of the network whether it be wired or wireless.
  • Dot1x NAC
  • Profiling
  • Posturing - there are many other MDM solutions in the marketplace
  • Policy creation and libraries can be difficult to navigate
We deploy Cisco Identity Service Engine (ISE) to provide the following types of services:
  • Network device administration - provide AAA services (Authentication, Authorization & Accounting) for any IT users who need to access Cisco routers, switches and firewalls
  • 802.1x - Network Access Control for any users accessing the network as a wired, wireless or VPN client
  • Profiling services - used to profile new devices on the network and is particularly useful for devices that do not support 802.1x (e.g. some IP phones)
  • A whole host of other functionality is available with particular use cases
I do think that Cisco ISE may not be appropriate for really small networks, due to the purchase costs and complication of management.
Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals.

I feel like this is a USP for Cisco support.
Read Simon Watkins's full review
November 03, 2020
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Cisco Identity Services Engine segments our employees from our students through 802.1x authentication. Both on the wired and wireless network, with both PEAP and EAP-TLS authentication. We also provide Guest WiFi access through ISE, which is very useful for guest lectureres or any other visitors. Cisco ISE provides us a highly scalable and centrally manageable solution, providing us with a lot of insight regarding clients connected to our network.
  • Endpoint profiling.
  • Scalability.
  • Flexibility.
  • Visibility.
  • Interface could use an update.
  • Licensing/cost.
If you really want to do advanced authentication with profiling, posturing, etc. ISE really is a great solution. However, if you are looking for a very basic authentication solution with no further visiblity or authentication flows, cheaper solutions are available from many different vendors. Although I have only experienced Microsoft Network Policy Server as another solution, I must say that ISE is easier to troubleshoot endpoint problems and have more visibility all around.
For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.
We usually see very little issues, but when we do our support partner usually makes contact with TAC in order to get us going again. We usually see frequent patches in the works for ISE.
Read this authenticated review
October 29, 2020
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Cisco ISE is being used currently for 802.1x on wireless and partial wired networks, guest services on wireless and wired, IoT authorization on wireless, and TACACS server for 4k network devices from various vendors. It solved the problems of having multiple authentication and integration into one dedicated deployment.
  • Wireless authentication with EAP
  • Wireless guest management with hotspot
  • Device Access management TACACS+
  • Authentication for non-EAP, IoT Authorization, and iPSK
  • The licensing model is difficult to understand as it has changed in 2020.
  • Feature Documentation, how things should work, could be improved.
  • Webinars available for all (official ones from Cisco).
Cisco ISE is well suited as an 802.1x authentication server. Other features come on top of it to accurately make the network decide who connects to what in a very secure way. Yes, there are other vendors with the same capability but I suspect that they do not have the same feature set as ISE.
It requires an expert in the ISE to be able to operate it. It requires lots of reading to be able to accomplish what you need, and yes, such solutions are expected to be complex.
Skilled TAC when it comes to such product, nothing more to say.
Read this authenticated review
February 11, 2020
Anonymous | TrustRadius Reviewer
Score 1 out of 10
Vetted Review
Verified User
Review Source
ISE is NOT being used at my organization. The project started well, but quickly fell apart when we started planning the rollout beyond the initial phase. The difficulty for the consultant, who had tons of Cisco security certifications, to get answers in a timely fashion dragged out the process, with promise after promise not delivered. It wasn't necessarily the fault of the consultant.
  • Guest services.
  • Basic assignment of 802.1x devices on WiFi.
  • Working with the existing network infrastructure tools.
  • Mobile device mgmt integration.
If you have just a few device types, fairly flat network (a limited number of VLANs and remote sites, for instance), or don't need exceptions to rules or non-802.1x devices, it might be good for you. Or if you just need guest on-boarding, then that might be a good system. But, then again, if that's your environment, then maybe you just go with the Meraki line.
Again, this should be a huge zero! So many calls back to support, hotfixes, and escalations. Once you get past the basics, you change one thing and two things break. Hours on the phone with support, time on hold with "I need to check with xyz. Hang on." Our network infrastructure is mostly Cisco, so it's not like we can blame it on a lot of non-Cisco components. And when unrecognized devices came on-board, there was a whole new set of issues that had to be escalated.
Read this authenticated review
December 07, 2019
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use ISE to provide access to networking devices and systems. We currently are using TACACS with AD authentication to authenticate to devices. We like having the ability to centrally control all our devices and log activities. When a new employee is added to their team's ACLs, they then are granted access to the devices they need.
  • Centrally manages all devices in one place. It's never fun to have to manage multiple systems.
  • Very solid platform. We haven't had any issues with things not working properly.
  • Has built in profiles for many devices and systems. It really makes it quick to build out.
  • Lot and lots of settings. if they could simplify the process or have a template that would make things easier.
  • No batch edit. Would be nice to change settings of multiple devices at a time.
We have hundreds of devices, and it's great that we can manage them from one system. We have different vendors and Cisco ISE handles them all. We are a corporate environment where every team uses different systems and has different needs. Cisco ISE and very robust and can handle pretty much all situations and devices. We use this where TACACS is dipping into our AD system and it works great. Cisco ISE would be less Ideal if you are not using a TACACS or Radius and just have users. You could add all the users into ISE, but that seems like a lot of work.
You can always get someone to talk to right away, and I love that they have chat. For the most part, even their first contact reps are very knowledgable. With this being a Cisco product, there are a ton of online documentation and forums where you can get expert help.
Read this authenticated review

Cisco Identity Services Engine (ISE) Scorecard Summary

What is Cisco Identity Services Engine (ISE)?

A critical component of any zero-trust strategy is securing the workplace that everyone and everything connects to. So the vendor presents the Cisco Identity Services Engine (ISE) as a solution that enables a dynamic and automated approach to policy enforcement that simplifies the delivery of highly secure network access control. ISE empowers software-defined access and automates network segmentation within IT and OT environments.
Categories:  Network Security

Cisco Identity Services Engine (ISE) Competitors

Cisco Identity Services Engine (ISE) Technical Details

Operating Systems: Unspecified
Mobile Application:No