Cisco Identity Services Engine (ISE)

Cisco Identity Services Engine (ISE)

Top Rated
TRUE
About TrustRadius Scoring
Score 8.8 out of 100
Top Rated
TRUE
Cisco Identity Services Engine (ISE)

Overview

Recent Reviews

Simple Authentication

10 out of 10
January 14, 2022
We use Cisco ISE for many different things in our organization. We use it for radius authentication for wireless clients, VPN clients, …
Continue reading

Cisco ISE - Super Engine

10 out of 10
September 27, 2021
We are using this product for endpoint management for all of our users, it helps us to manage the BYOD & guest login.
Continue reading

ISE, ISE, baby

10 out of 10
August 30, 2021
ISE is used to cover our Wired and Wireless Dot1x authentication. We make extended use of the "My Devices" portal integration to allow …
Continue reading

Reviewer Sentiment

N/A
Positive ()
N/A
Negative ()
Learn how we calculate reviewer sentiment

Awards

TrustRadius Award Top Rated 2022

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Cisco Identity Services Engine (ISE), and make your voice heard!

Pricing

View all pricing
N/A
Unavailable

What is Cisco Identity Services Engine (ISE)?

The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

1 person want pricing too

Alternatives Pricing

N/A
Unavailable

What is WatchGuard Network Security?

WatchGuard Network Security is a network security and firewall software. WatchGuard includes secure Wi-Fi, multi-factor authentication, and network intelligence products and services designed for SMB’s.

What is Titania Nipper?

Nipper discovers vulnerabilities in firewalls, switches and routers, automatically prioritizing risks to an organization. Its virtual modelling is designed to reduce false positives and identify exact fixes to help users stay secure and compliant.Audits: Firewalls | Switches | Routers The vendor…

Features Scorecard

No scorecards have been submitted for this product yet..

Product Details

What is Cisco Identity Services Engine (ISE)?

A critical component of any zero-trust strategy is securing the workplace that everyone and everything connects to. So the vendor presents the Cisco Identity Services Engine (ISE) as a solution that enables a dynamic and automated approach to policy enforcement that simplifies the delivery of highly secure network access control. ISE empowers software-defined access and automates network segmentation within IT and OT environments.

Cisco Identity Services Engine (ISE) Competitors

Cisco Identity Services Engine (ISE) Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Comparisons

View all alternatives

Frequently Asked Questions

What is Cisco Identity Services Engine (ISE)?

The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.

What is Cisco Identity Services Engine (ISE)'s best feature?

Reviewers rate Support Rating highest, with a score of 5.9.

Who uses Cisco Identity Services Engine (ISE)?

The most common users of Cisco Identity Services Engine (ISE) are from Enterprises (1,001+ employees) and the Financial Services industry.

Reviews and Ratings

 (42)

Ratings

Reviews

(1-18 of 18)
Companies can't remove reviews or game the system. Here's why
Chandan Singh Rathore | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We are using Cisco Identity Services Engine (ISE) in our organization for all users. It gives us endpoint visibility, which is connected in our infra, and zero trust access control, as per the defined rules and policies. We are using it to authenticate our users based on their role/process, before granting them access to our network.
  • Zero trust network access control.
  • Easy on-boarding.
  • Radius.
  • Security compliance.
  • Tacacs.
  • Simple Network Management Protocol (SNMP).
  • SSO can be improved.
  • Cost efficiency.
Cisco ISE is best suited for almost all types of infra, it doesn't matter whether it's small or large. It provides zero trust architecture and compliance checks on endpoints before allowing users to connect to the office network. We can automate the entire BOYD on-boarding process and guest management process to save time.
January 14, 2022

Simple Authentication

Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Cisco ISE for many different things in our organization. We use it for radius authentication for wireless clients, VPN clients, device authentication as well as TACACS authentication of our Cisco switches, routers, wireless controllers, and firewalls. We also use Cisco ISE for our guest wireless authentication portal.
  • ISE is extremely good at authentication. It is easy to use and policy can be created in such a way that authentication can be secured.
  • ISE is really good for guest wireless within your organization. It's not only simple to create guest accounts but it's also simple for the end-user. The options that are available are endless.
  • ISE is great at logging. The logging aspect of ISE makes it easy to search through the logs when issues arise and find things easily which cuts down on troubleshooting time.
  • ISE could really make improvements on software updates and patches. The updates and patches typically take a very long time to install.
  • ISE could improve some of its technical documentation on how to implement certain features that ISE can offer.
If a colleague were to ask me what to use as an authentication server I would only recommend Cisco ISE. The in-depth policies that you can create make it extremely handy when you want to make an authentication rule as specific as possible. Even if only needed a simple RADIUS server I would still recommend Cisco ISE over anything else.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Secures access to the network at its edge, leveraging 802.1x protocol and MAB. Provides Web Authentication to wireless Guest network. Two nodes, all-in-one, multi-site deployment. Two node deployment provides us required redundancy in case of failure and maintenance, e.g., ISE software updates. ISE allows to prevent unauthorized endpoint access to corporate resources, provides visibility and insight on network access. Support for TACACS+ protocol allows us to control who can have access to network devices and what level of access is granted too.
  • Authentication and authorisation network access.
  • Simplicity with policy creation.
  • Aiding troubleshooting network access.
  • Authentication and authorisation access to network devices.
  • Built-in guest portal web design.
  • View of the raw Radius attributes.
Cisco ISE is an amazing Network Access Control system. Network access authentication and authorization policies are made easy to create and maintain. ISE spreads its wings when combined with Cisco's networking hardware - switches, wireless LAN controllers, firewalls, etc. However, leveraging ISE services when other vendor networking hardware is deployed isn't impossible nor difficult - it is simple, effective, and pleasant to configure and manage too, but a few fairly advanced features might not be available. With the recent version available for the public cloud, there is no scenario where using ISE might be less appropriate than other vendors' NAC products.
September 27, 2021

Cisco ISE - Super Engine

Score 10 out of 10
Vetted Review
Verified User
Review Source
We are using this product for endpoint management for all of our users, it helps us to manage the BYOD & guest login.
  • Endpoint security.
  • BYOD implementation.
  • AAA services.
  • More stable software for ISE.
It's one of the best tools for endpoint management and security of networks. It also decreases the administrative part on switch management, streamlined network visibility, robust guest experiences, extensive policy enforcement, [and] self-service device onboarding. Centralized management is the core of this tool. Device administration access control and auditing [are] also important features.
Sonu Kumar | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We used it as a corporate deployed SDN network in our office in 2019 and it was the second deployment in India then. While designing network architecture to ensure smooth and most secure authenticated network access decided to go opt for Cisco ISE network.
Below are the targets to achieve after the deployment of ISE:
  • Automated VLAN assignment to the users as per their relevant departments.
  • Pre-defined network-level access to the users.
  • Automated identity identification and validation at endpoints level.
  • Most secured network access.
  • Less manual IT interventions.
  • Reduced IT network operations.
  • Zero trust and regain control mechanism.
  • Secure Network access to the trusted users and endpoints.
  • Automated IT network policy implementation.
  • When trust method failed between ISE and the endpoints the collected logs are not enough to identify the root cause of network authentication failure.
Cisco Identity Services Engine is most suitable for organizations having a larger number of employees or department groups. ISE helps to reduce network IT operations costs and manual interventions as well. We may apply the network IT policies smoothly and ensure only secure network access.
August 30, 2021

ISE, ISE, baby

Score 10 out of 10
Vetted Review
Verified User
Review Source
ISE is used to cover our Wired and Wireless Dot1x authentication. We make extended use of the "My Devices" portal integration to allow guest users to register TVs/Consoles onto a segregated network. Furthermore, we are working to implement the profiling and posture features. We are excited in particular by the agentless posturing.
  • Integrates with all out Cisco Network Access Devices.
  • My Devices portal for guest users.
  • The ability to extend centralized Dot1x authentication.
  • Workflow for posturing is very convoluted.
  • Profiling endpoints is not as clean as it should.
  • V 3.0 is rife with bugs.
ISE is well suited for a large enterprise environment that relies heavily on RADIUS and TACACS authentication for both network access and device administration. It is exceptionally useful for managing guest access without an unsecured and open network.

ISE is less useful for smaller office deployments that feature only 1-3 servers and have a single site. For that kind of infrastructure, the licensing cost would be wasteful.
Score 8 out of 10
Vetted Review
Verified User
Review Source
The IT department uses Cisco ISE for its network access control and integrates with our primary identity management. ISE allows us to have the first line of defense for authenticating a device on the network and avoiding rogue devices from joining. Open network ports can lead to easy access by an intruder and we wanted to mitigate that risk as much as possible.
  • Network access management
  • Device discovery
  • Access control
  • User experience
  • Administrator ease of use
  • Reliability
ISE is well suited for organizations that use all modern Cisco switching equipment and want to control port access as well as implement the least privileges with micro-segmentation.
Score 9 out of 10
Vetted Review
Verified User
Review Source
IBM is a Cisco partner and therefore sells solutions based on Cisco Identity Services Engine (ISE).

It is also used internally for the authentication of users on the network from laptops to cell phones, obtaining maximum security at the authentication and authorization level of devices.

This solution is very important to prevent people from the network from being able to log in.
  • The solution cuts down on the repercussions of getting malware or ransomware.
  • The ability to integrate our Cisco AnyConnect connections to the active directory has been great.
  • It would be nice if it could be configured easily by default.
  • Could be integrated with social networks for guest authentication.
  • Price/cost/licensing
  • Feature D\documentation--how things should work--could be improved.
Cisco Identity Services Engine (ISE) is well suited for companies that wish to keep their access restricted. Cisco Identity Services Engine (ISE) is great at AAA (authentication, authorization, and accounting) of users who log in either physically, or virtually via a client remote access VPN. Cisco Identity Services Engine (ISE) might be less appropriate for those who are on a strict budget or don't necessarily care about security.
Score 7 out of 10
Vetted Review
Verified User
Review Source
We currently use Cisco ISE to manage our MAB environment and also for user authentication via 802.11x. It's also used for VPN authentication and for TACACS for our other Cisco gear.
  • It makes MAB authentication very customizable and easy to implement.
  • It makes managing VPN access easier.
  • It does a very good job with wireless 802.11 authentication.
  • Rules and policy sets can get a little confusing and complicated.
  • The UX/UI could definitely use some work as it can be cumbersome.
Cisco ISE is a great addition to any mid to large size business where you'd like to manage all your device authentication in one place. Cisco ISE will handle all your TACACS, MAB and 802.11x needs in a single pane of glass, which is great in itself, but you can also use it to manage VPN ACLs amongst other things.

With all that said, ISE would be complete overkill for a smaller business as it's very expensive and would have too many features that would be wasted on a smaller network environment.
Score 8 out of 10
Vetted Review
Verified User
Review Source
Cisco Identity Services Engine is used in my Organization to segment guess and Corp Wifi networks through 802.1x authentication and guest portal. We also utilize ISE for port protection and a host of other security features. Cisco ISE is a highly scalable and centrally manageable solution that does require some care and feeding, but overall, it is a good product and not too difficult to manage after the initial setup.
  • Port protection
  • Guess wireless access
  • 1x Authentication
  • Price
  • Ease of initial setup
  • Poor licensing model
  • More detailed documentation for administrators
Overall, management is not terrible if you have a stable network that is not overly complex. If you don't, this product will take considerable time to plan for an effective solution. I will say support is not very helpful, so if you need assistance after the initial sales rep assisted setup, good luck and be prepared to spend hours on the phone.
Score 10 out of 10
Vetted Review
Verified User
Review Source
We are using ISE for identity management as it was intended. We have ISE authenticating and authorizing users as they log onto the network. We also use ISE for authentication and authorization of network device access. This way we can keep accountability and be notified on when and what device was logged onto as well if anything was changed.
  • Security
  • 1X
  • Device management
  • Cheaper
  • Easier implmentation
  • Better UI navigation
ISE is well suited for companies that wish to keep their access restricted. ISE is great at AAA (authentication, authorization, and accounting) of users who log in either physically, or virtually via a client remote access VPN. ISE might be less appropriate for those who are on a strict budget or don't necessarily care about security.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Cisco Identity Services Engine (ISE) provides end-to-end visibility and ensures a very safe network. It is [integrative] with a lot of third-party and Cisco products to build a secure infra.
  • Context visibility
  • Segmentation
  • Threat response
  • Older versions were a little unstable, current versions are much better
Cisco Identity Services Engine (ISE) is well suited to secure company internal network, for guest authentications, to onboard personal devices, for posture checks and multiple other facilities. ISE can also provide passive context and pxgrid services.
Sebastián Sarasate | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Cisco ISE began to be used to solve the problem of Wi-Fi authentication. Later the authorization and accounting capabilities were incorporated for the accesses of the technical equipment. We are currently rolling out the profiling features. All with a focus on security and user experience, seeking safer accesses, a higher level of control and auditing, [and] additionally a profiling based on user / device that allows simplifying administration and that people can perform their tasks regardless of the device they are using.
  • Manage high-privilege access to communications equipment. It allows to be granular in the permissions, to have it integrated with the LDAP users and, most importantly, to audit what tasks each user performed.
  • Profile users and devices and assign privileges and access levels based on that combination. It greatly improves the user experience, since it does not depend on the network it is in, but on the access levels it has depending on the device. It also allows self-managed guest access with approval flow, which is essential for our business.
  • It has also allowed us to automate actions based on findings from StealWatch, Umbrella, AMP, etc.
  • It could be integrated with third party products.
  • The interface could be a bit more user friendly.
  • Could be integrated with social networks for guest authentication.
In my humble opinion, Cisco ISE is a highly recommended product. There are multiple application scenarios but I consider that if some of the following premises are met, I would not hesitate to go for it:
- Network authentication based on LDAP or Certificates is required
- Authentication, authorization and accounting are required for administrative access.
- Granular permission delegation is required.
- It seeks to automate actions at the network access level based on security risks in real time.
Simon Watkins | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
For many years, there has been a lack of focus on the security of the corporate Local Area Network. Typically as a user you could connect any devices onto a network via any free patch points, get an IP address and then potentially access network resources. With compliance and security in mind, this is now not considered an acceptable position and a consistent security posture need to be applied to any device connecting to any portion of the network whether it be wired or wireless.
  • Dot1x NAC
  • Profiling
  • Posturing - there are many other MDM solutions in the marketplace
  • Policy creation and libraries can be difficult to navigate
We deploy Cisco Identity Service Engine (ISE) to provide the following types of services:
  • Network device administration - provide AAA services (Authentication, Authorization & Accounting) for any IT users who need to access Cisco routers, switches and firewalls
  • 802.1x - Network Access Control for any users accessing the network as a wired, wireless or VPN client
  • Profiling services - used to profile new devices on the network and is particularly useful for devices that do not support 802.1x (e.g. some IP phones)
  • A whole host of other functionality is available with particular use cases
I do think that Cisco ISE may not be appropriate for really small networks, due to the purchase costs and complication of management.
Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals.

I feel like this is a USP for Cisco support.
Score 8 out of 10
Vetted Review
Verified User
Review Source
Cisco Identity Services Engine segments our employees from our students through 802.1x authentication. Both on the wired and wireless network, with both PEAP and EAP-TLS authentication. We also provide Guest WiFi access through ISE, which is very useful for guest lectureres or any other visitors. Cisco ISE provides us a highly scalable and centrally manageable solution, providing us with a lot of insight regarding clients connected to our network.
  • Endpoint profiling.
  • Scalability.
  • Flexibility.
  • Visibility.
  • Interface could use an update.
  • Licensing/cost.
If you really want to do advanced authentication with profiling, posturing, etc. ISE really is a great solution. However, if you are looking for a very basic authentication solution with no further visiblity or authentication flows, cheaper solutions are available from many different vendors. Although I have only experienced Microsoft Network Policy Server as another solution, I must say that ISE is easier to troubleshoot endpoint problems and have more visibility all around.
For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.
We usually see very little issues, but when we do our support partner usually makes contact with TAC in order to get us going again. We usually see frequent patches in the works for ISE.
October 29, 2020

Cisco ISE Review

Score 10 out of 10
Vetted Review
Verified User
Review Source
Cisco ISE is being used currently for 802.1x on wireless and partial wired networks, guest services on wireless and wired, IoT authorization on wireless, and TACACS server for 4k network devices from various vendors. It solved the problems of having multiple authentication and integration into one dedicated deployment.
  • Wireless authentication with EAP
  • Wireless guest management with hotspot
  • Device Access management TACACS+
  • Authentication for non-EAP, IoT Authorization, and iPSK
  • The licensing model is difficult to understand as it has changed in 2020.
  • Feature Documentation, how things should work, could be improved.
  • Webinars available for all (official ones from Cisco).
Cisco ISE is well suited as an 802.1x authentication server. Other features come on top of it to accurately make the network decide who connects to what in a very secure way. Yes, there are other vendors with the same capability but I suspect that they do not have the same feature set as ISE.
It requires an expert in the ISE to be able to operate it. It requires lots of reading to be able to accomplish what you need, and yes, such solutions are expected to be complex.
Skilled TAC when it comes to such product, nothing more to say.
Score 1 out of 10
Vetted Review
Verified User
Review Source
ISE is NOT being used at my organization. The project started well, but quickly fell apart when we started planning the rollout beyond the initial phase. The difficulty for the consultant, who had tons of Cisco security certifications, to get answers in a timely fashion dragged out the process, with promise after promise not delivered. It wasn't necessarily the fault of the consultant.
  • Guest services.
  • Basic assignment of 802.1x devices on WiFi.
  • Working with the existing network infrastructure tools.
  • Mobile device mgmt integration.
If you have just a few device types, fairly flat network (a limited number of VLANs and remote sites, for instance), or don't need exceptions to rules or non-802.1x devices, it might be good for you. Or if you just need guest on-boarding, then that might be a good system. But, then again, if that's your environment, then maybe you just go with the Meraki line.
Again, this should be a huge zero! So many calls back to support, hotfixes, and escalations. Once you get past the basics, you change one thing and two things break. Hours on the phone with support, time on hold with "I need to check with xyz. Hang on." Our network infrastructure is mostly Cisco, so it's not like we can blame it on a lot of non-Cisco components. And when unrecognized devices came on-board, there was a whole new set of issues that had to be escalated.
December 07, 2019

Great device manager!

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use ISE to provide access to networking devices and systems. We currently are using TACACS with AD authentication to authenticate to devices. We like having the ability to centrally control all our devices and log activities. When a new employee is added to their team's ACLs, they then are granted access to the devices they need.
  • Centrally manages all devices in one place. It's never fun to have to manage multiple systems.
  • Very solid platform. We haven't had any issues with things not working properly.
  • Has built in profiles for many devices and systems. It really makes it quick to build out.
  • Lot and lots of settings. if they could simplify the process or have a template that would make things easier.
  • No batch edit. Would be nice to change settings of multiple devices at a time.
We have hundreds of devices, and it's great that we can manage them from one system. We have different vendors and Cisco ISE handles them all. We are a corporate environment where every team uses different systems and has different needs. Cisco ISE and very robust and can handle pretty much all situations and devices. We use this where TACACS is dipping into our AD system and it works great. Cisco ISE would be less Ideal if you are not using a TACACS or Radius and just have users. You could add all the users into ISE, but that seems like a lot of work.
You can always get someone to talk to right away, and I love that they have chat. For the most part, even their first contact reps are very knowledgable. With this being a Cisco product, there are a ton of online documentation and forums where you can get expert help.