Skip to main content
TrustRadius
Cisco Identity Services Engine (ISE)

Cisco Identity Services Engine (ISE)

Overview

What is Cisco Identity Services Engine (ISE)?

The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.

Read more
Recent Reviews

Cisco ISE for ZTA

9 out of 10
January 23, 2024
Incentivized
Cisco ISE is leveraged internally to address network access control across wired, wireless, and remote client VPN authentication and …
Continue reading

Cisco ISE Review

9 out of 10
June 15, 2023
Incentivized
Today it is used for TACACS/Device Administration as well as SGT Mappings, SGACL distribution and SXP Propagation for Trustsec. It …
Continue reading

Cisco ISE

8 out of 10
June 09, 2023
Incentivized
Currently ISE is used to manage authentication to all of our wireless infrastructure but we are currently going down the path of micro …
Continue reading

Cisco ISE

7 out of 10
June 09, 2023
Incentivized
Cisco Identity Services Engine (ISE) is currently used for authentication of endpoints devices and users (RADIUS & TACACS)
Continue reading

Great!

10 out of 10
June 08, 2023
Incentivized
BTD Manufacturing utilizes Cisco ISE to authenticate domain devices and as well issue secure group tags to end users that log in to each …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

Video Reviews

2 videos

Cisco Identity Services Engine User Review | A hefty but secure solution
02:39
Cisco Identity Services Engine (ISE) Review
04:33
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Cisco Identity Services Engine (ISE)?

The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

14 people also want pricing

Alternatives Pricing

What is NordLayer?

NordLayer provides cybersecurity tools for businesses of any size or work model developed by the standard of NordVPN. NordLayer helps organizations secure networks and enhance internet security and modernizes network and resource access with technical improvements aligning with the best regulatory…

What is Perimeter 81?

Perimeter 81 is a Zero Trust Network as a Service from the company of the same name in Tel Aviv, designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Return to navigation

Product Details

What is Cisco Identity Services Engine (ISE)?

A critical component of any zero-trust strategy is securing the workplace that everyone and everything connects to. So the vendor presents the Cisco Identity Services Engine (ISE) as a solution that enables a dynamic and automated approach to policy enforcement that simplifies the delivery of highly secure network access control. ISE empowers software-defined access and automates network segmentation within IT and OT environments.

Cisco Identity Services Engine (ISE) Competitors

Cisco Identity Services Engine (ISE) Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.

Aruba ClearPass, Forescout Platform, and Trellix Endpoint Security ENS are common alternatives for Cisco Identity Services Engine (ISE).

Reviewers rate Usability and Support Rating highest, with a score of 7.

The most common users of Cisco Identity Services Engine (ISE) are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(110)

Attribute Ratings

Reviews

(1-25 of 39)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We are using the Cisco Identity Services Engine as a AAA Server for Client Authentication (Network Access Control wired and WiFi) and User Authentication (Cisco Secure Client). We also do the Guest WiFi Authentication over the Cisco Identity Services Engine. Additionally, also the PX Grid Integration is used to connect with Cisco FMC, LiveAction, DNA\Catalyst-Center.
  • AAA
  • Guest Portal
  • Easy Updates
  • Better Orientation through the product (many things are hard to find)
  • Better BYOD Integration
  • Logging
Guest Wifi Authentication is done very well. Lots of possibilities. AAA Authentication is also done very well. Easy to setup and to manage. BYOD is not very good integrated might needs some improvement.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We currently use Cisco ISE to manage our MAB environment and also for user authentication via 802.11x. It's also used for VPN authentication and for TACACS for our other Cisco gear.
  • It makes MAB authentication very customizable and easy to implement.
  • It makes managing VPN access easier.
  • It does a very good job with wireless 802.11 authentication.
  • Rules and policy sets can get a little confusing and complicated.
  • The UX/UI could definitely use some work as it can be cumbersome.
  • Using logs for diagnosing issues can be tedious.
Cisco ISE is a great addition to any mid to large size business where you'd like to manage all your device authentication in one place. Cisco ISE will handle all your TACACS, MAB and 802.11x needs in a single pane of glass, which is great in itself, but you can also use it to manage VPN ACLs amongst other things. With all that said, ISE would be complete overkill for a smaller business as it's very expensive and would have too many features that would be wasted on a smaller network environment.
January 23, 2024

Cisco ISE for ZTA

Score 9 out of 10
Vetted Review
ResellerIncentivized
Cisco ISE is leveraged internally to address network access control across wired, wireless, and remote client VPN authentication and authorization. Providing protection through Cisco ISE, the compliance of the machines is evaluated, and proper access is granted to compliant PCs. In addition, the device administration allows for infrastructure to be authenticated and authorized from a centralized location, providing a single account for device administration driven by Active Directory or any identity provider.
  • Centralized Identity Management
  • User and Device Authentication and Authorization
  • Device Posture Compliance
  • Device Administration
  • Persistent Session Network Access
  • Third-Party Integration
  • Resource Consumption
  • Intuitive GUI
Cisco ISE works excellently as a NAC for network onboarding, maintaining persistent sessions, and overall alignment for Zero Trust Architectures. As a cornerstone to the Cisco TrustSec (CTS) environment, Cisco ISE provides the ability to tag hosts as they are onboarded and distribute this information throughout a security ecosystem, to be leveraged by firewalls, switching infrastructure, and server policing mechanisms. Its ability to maintain a persistent session allows other data reporting mechanisms to change the level of access to hosts if the compliance status were to change. The programmable back end allows for the management to be performed from a centralized console, or via the built-in GUI of the Cisco ISE product itself.
Jay Kroning | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use Cisco Identity Services Engine and our main authentication/authorization software for wireless, VPN and TACACS to our network devices. We leverage Cisco Identity Services Engine with posturing policies with our Cisco Secure Client VPN to ensure access to our network resources is coming from a trusted device. We were also able to build our wireless policies to only allow company owned equipment to access our wireless network and provide an internet only access policy for mobile devices for our employees that had no core network access.
  • Posturing
  • Reporting
  • Strong library of access policy options
  • Always room for improving reporting
  • Dashboard needs a refresher
  • Live log improvements
Cisco Identity Services Engine is well suited for VPN access policies and posturing. Very easy to implement and provides those extra checks and layers of security from devices trying to access your network. The Guest Access Portal needs revision it's clunky at times and only creates more work on the back end for support teams to setup access if needed.
December 05, 2023

ISE ISE Baby!

Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use Cisco Identity Services Engine for aaa authentication for our Wi-Fi and guest access. Have had minor issues with stability and one of our nodes going into high CPU usage, meaning it had to be reset and when HA at the device level isn't setup it can cause disruption.
  • RADIUS
  • Guest Portal
  • Sponsor Portal
  • Options are a little bit busy e.g. work center will list the same menu multiple times
  • Required resources are a little bit heavy when SMB, scaled back version would be great
Highly recommend, great analytics, easy to troubleshoot with the logging.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use it for authentication and authorization by a variety of services.
  • The policy-based solution is good to have a good overview of the different types of authentication and authorizations used. So you can use it with many other products.
  • It is a bit critical to upgrade the solution. Many things that can go wrong, many things that do go wrong during upgrades. It's quite a heavy product.
It's well suited for authentication to wireless networks and wired networks, and also for management access still suited.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use it for our customers exactly. They use it for network access control. So we are using it to make the customer's premises and customer network more secure and to give the customer insight into who has access to his network and that he can control all access and also have the log files and everything.
  • Actually, it is pretty good with scalability. So I have one big customer who has offices around the world and we have a worldwide deployment in place at this customer. And yeah, we run it 24/7 and actually, we have great results with that.
  • I guess the user experience itself, it's sometimes a little bit slow, but this is also dependent on the platform and the scale of the deployment of course. But actually functionality-wise it's really, really good. But yeah, it could sometimes be a little quicker to react on the good front.
If a company wants to get into network access control, then I think there are not really many better products around. So I would highly recommend to give us a look because it is really a full solution in this field and we have been greatly successful with using it for a lot of our customers.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Cisco ISE is pretty good at understanding user behavior. We deployed there using on WIFI environment for authentication and certificate stuff. So it was a pretty good solution in order to have your network secure and in order to have the visibility of everything.
  • I think the user experience part is the best. In my personal opinion, I think the user performance is very good as well. The way that IT guys and IT staff can manage our company is pretty good also. So in general, the five-star solution for sure is a pretty good one.
  • As I wasn't part of team implementation. I haven't any kind of examples at this time.
I think in general for companies who like to have wifi and authentication parts for their equipment, Cisco ISE is a pretty good one. In order to offer security and everything for your users, it adheres to our physical solution so you don't have to spend a lot of money.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
So the identity service engine is the NAC, network access control, and we configure it to make sure that unauthorized people cannot get into the network, whether it's wireless or wired connections.
  • I'm happy with the dynamic. The Dynamic Access Control Lists where we have multiple departments, people, or users from different departments. Whenever they plug their laptops in different sockets, they still get the same correct VLAN. And this is one of the features that we heavily use. So people can roam into the building and if I work for HR, for example, I plug in my laptop, I still be part of the HR VLAN for security.
  • I would say with the logging, I'm not happy with the logging, right? It's not clear. And sending also the logs to a central SIEM box is not quite easy. I faced all those issues with the logging. The logging of the box is not that good.
I like the idea of that box of the Cisco ISE integrating with the WLC, Cisco wireless controllers. This gives us a lot of room for flexibility. So yeah, that's something I like about it.
June 15, 2023

Cisco ISE Review

Score 9 out of 10
Vetted Review
Verified User
Incentivized
Today it is used for TACACS/Device Administration as well as SGT Mappings, SGACL distribution and SXP Propagation for Trustsec. It addresses our need for TACACS Authentication with DUO integration for 2 Factor.

At Previous employment, I used all arrays to include TACACS, profiling, posture enforcement, Wired and Wireless radius auth (EAP TLS) as well as guest portal and Web Auths. At this company it meet the universities need for Device management as well as NAC.
  • TACACS Device Authentication
  • Radius Authentication for clients
  • Device Profiling and having flexibility for customization
  • The ability to utilize airospace for a single VPN and utilize Groups instead of having to manage so many DAP policies
  • The user interface has improved but could still get better
  • The upgrade and deployment process can get time consuming
  • More integration without the need for pxgrid
  • License for users and features be more simplified
In most areas it has been able to meet the needs of the organization. The only area that was not was the posture enforcement on the campus environment where we had tons of IoT or BYOD devices and managing the levels for the OS Patching and Antivirus became a nightmare
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use it to authenticate computers and users at the layer 2 switch level to provide port security so no one can plug any devices to the network.
  • user authentication via port security
  • user authentication via TACACS
  • external identity with MS AD
  • work together with DUO
  • the policy profiler is very hard to navigate with a lot of scrolling up/down and side to side.
Centralized radius server for everything
June 09, 2023

Cisco ISE

Score 8 out of 10
Vetted Review
Verified User
Incentivized
Currently ISE is used to manage authentication to all of our wireless infrastructure but we are currently going down the path of micro segmentation with ISE.
  • It works really well with 802.1X
  • Easy to navigate
  • Constant support
  • Patches are sometimes hit or miss when fixing existing bugs
  • It does not do SCEP for certificates.
If you use a lot of Cisco equipment ISE is great. I do not know many situations when it is less appropriate.
June 09, 2023

Cisco ISE

Score 7 out of 10
Vetted Review
Verified User
Incentivized
Cisco Identity Services Engine (ISE) is currently used for authentication of endpoints devices and users (RADIUS & TACACS)
  • Radius Authentication
  • TACACS Authentication
  • Endpoint posturing and compliance
  • Guest Authentication
  • Device authentication with Azure AD
  • Seamless expansion of disk space
Cisco Identity Services Engine (ISE) is a good product, however, there are opportunities for improvement
June 08, 2023

Great!

Score 10 out of 10
Vetted Review
Verified User
Incentivized
BTD Manufacturing utilizes Cisco ISE to authenticate domain devices and as well issue secure group tags to end users that log in to each device.
  • logging
  • authentication
  • authorization
  • Cisco ise has issues with locking up when going to the threat pane. version: 3.1 patch 3
Cisco ISE gives you peace of mind around what is on your network. There shouldn't be a need to allow outside/guest devices on your network as they could have a worm that could propagate across your network. This will allow you to quarantine/separate devices.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
On the management side we use it as our TACACS server to access our network and security devices.
On the campus, ISE is used to handle all AAA Radius requests, dot1x/MAB for corporate endpoints, medical solutions and IoT. It also serves as a guest portal for guests in the hospital.
  • Manage policies in a multi-tenant fashion
  • Provides very verbose Radius logs
  • Endpoint Visibility is neat, clean and very usefull
  • in first place, and by far, licensing is a pain, unclear (even within cisco, see TAC cases we raised)
  • Endpoint Group management could be improved, we can't modify/alter the hierarchical structure on the fly
  • On ISE2.7 API is weak... hopefully 3.x is adressing that issue.
  • Upgrade process is painfull and long (rebuild, test, load backup, switchover)
I also used it for VPN access and adding all the feature (AAA, Posture, SGT, etc...) ISE is a key component of a modern security architecture.
In a scenario of managing NAC for campus network, ISE a very good tool.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We are using ise succesfully in securing our network with 802.1x and tacacs. We are moving towards Zero Trust and integrated with our MDM with SCCM to validate compliance of critical patches. This is working ok. Next we wanted to verify the vulnerability score from our scanners. We can connect to our Tenable server with api but we cannot run a credentialed scan on a newly discovered device. We can kick off a ping and nmap scan but that doesn't give us a vulnerability score. So when people connect to the vpn and we try to scan them to make sure that they are safe we fail.
  • 1x authentication with Dynamic Vlan assignment depending on what they should have access to.
  • TACACS/Admin access with RBAC using AD
  • provides great logs
  • the UI is usually very slow
  • Native Password change portal for local identities(tacacs users)
  • ability with RBAC to show the policies but restrict access to modify. Right now you can only show or hide but not restrict control of what they can do. This is not very helpful for our tier 2 admins that are trying to troubshoot issues as they don't see the policies. The work around is giving full read only admin account which isn't always ideal
Ise does great for controlling TACACS and Radius authentications. It is pretty easy to make rules very granular. There is a learning curve but that comes with anything.

I wish the licensing a was a lot easier and not so expensive. I feel like you would be able to reach more markets as the price alone pushes people away. It's the idea that you would sell more and make up the margins lost.
February 11, 2023

Happy

Score 9 out of 10
Vetted Review
Verified User
Incentivized
Network Access (NAC), VPN authentication, Sponsor Portals.
ISE is central i our design for user and machine authentication and log of user activity. We also use ISE for posture to ensure healthy machines before granting access. Also the TACACS feature is used to ensure admin access happens in a controlled way.
  • Authentication
  • Authorization
  • Accounting
  • Posture conditions
  • GUI implementation
  • Backup/Restore
ISE is well suited for combining authentication policies. ISE is well suited for combining authorization policies. ISE is well suited for large scale deployments. ISE is well suited for TACACS authentication of network device administrators. ISE is less suited for Posture with MAC, Linux and to some extent also for Windows.
February 08, 2023

Best AAA solution

Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use ISE for every possible network authentication scenario from VPN to securing all the network ports across the enterprise. Though it has some flows, it's clearly the best AAA solution available on the market currently, especially if you use Cisco network gear on access layer too. If you can afford it, the best solution in industry.
  • authentication
  • authorization
  • accounting
  • GUI
  • bugs
It makes sense mostly for larger enterprises, where cost can be accepted and features above open source solutions are worth the money. Obviously it's not your product for a SOHO environment.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use it as one of our many network monitoring tools. The problems addressed our minor to major security incidents and protocols. More specifically, we use it to ensure that traffic across our network stays clean as we own our own proprietary enclave.
  • Security Protocol explanations
  • Tips to enhance your security
  • Presenting security layouts that show what you have deployed
  • No current issues
It is well suited for large networks like we have, but may not be useful in networks supporting less than 100 people
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Cisco ISE allowed us to rid of port security and seamlessly swap equipment out. It tracking what equipment is allowed on the network makes our lives easier. Thank you Cisco ISE for all you do
  • Blocks unwanted items
  • Network Mapping
It is well suited on smaller networks. It can lower the bandwidth for some networks if they aren't built for it
February 08, 2023

ISE Cream

Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use it mainly for dot1x wireless/wired authentication, guest access and device Administration.
  • dot1x
  • tacacs+
  • scaling
  • APIs
  • profiling
  • posture
  • guest portals
Everything related wired/wireless dot1x - ISE is excellent. In wouldn't recommend it for guest portals.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
I use Cisco Identity Services Engine for 802.1x secure network access. I can authorize users by different access policies if users connect from mobile devices or from wired access.
  • Authentication
  • Authorization
  • Accounting
  • Trustsec
  • Reporting
  • User interface
I feel Cisco Identity Services Engine is the best product for securing access to network (Wired, WLAN, VPN).
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We have a Cisco Identity Services Engine (ISE) that provides Reporting on and Radius Authentication Connection between AD and Our Cisco AnyConnect VPN. This allows me to report and record our connections (who, where, IP address, username, connection time, etc.) and push logs out to our Alien-vault SEIM with greater detail than the ASA devices would provide otherwise. It also lets us filter by IP address or Physical Address for some of our other channels so that only specific users can use those specific channels as opposed to anyone who can connect to our VPN portal. In essence, the business case is that it allows you greater control over who you allow into your systems and who you allow connecting to other systems in your control lowering the risk that someone will just come across a password and try to log into your VPN or Cisco Systems, that lower chance of compromise at such a high and remotely accessible level leads to lower risk and better stability overall. As a bonus, logging and reporting also help with troubleshooting.
  • Logging
  • Reporting
  • Access Control
  • Identification
  • Conditional Blocking
  • GUI Interface Flow
  • Ease of Use
  • Automatic Configuration
Because if you understand Cisco, once it is set-up it works, practically forever, and there is nothing better than having something that will work forever
Score 8 out of 10
Vetted Review
Verified User
Incentivized
IBM is a Cisco partner and therefore sells solutions based on Cisco Identity Services Engine (ISE).

It is also used internally for the authentication of users on the network from laptops to cell phones, obtaining maximum security at the authentication and authorization level of devices.

This solution is very important to prevent people from the network from being able to log in.
  • The solution cuts down on the repercussions of getting malware or ransomware.
  • The ability to integrate our Cisco AnyConnect connections to the active directory has been great.
  • It would be nice if it could be configured easily by default.
  • Could be integrated with social networks for guest authentication.
  • Price/cost/licensing
  • Feature D\documentation--how things should work--could be improved.
Cisco Identity Services Engine (ISE) is well suited for companies that wish to keep their access restricted. Cisco Identity Services Engine (ISE) is great at AAA (authentication, authorization, and accounting) of users who log in either physically, or virtually via a client remote access VPN. Cisco Identity Services Engine (ISE) might be less appropriate for those who are on a strict budget or don't necessarily care about security.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We are using ISE for the Endpoint authentication and authorization. It solves the Task of authenticating our wired and wireless clients that are trying to access the network and giving them different access rights. Also, we are using ISE as a part of the DNA Center ecosystem and also as a Tacacs server for different network components.
  • EP Authorization.
  • EP Authentication.
  • Tacacs server.
  • Give information to the DNA Center.
  • DNA Center Integration stability.
  • Cisco license server communication.
  • Handling of CA and Certificates.
For the Cisco infrastructure, it is a must-have solution for handling TACACS authentication with all network devices. Also, it is one of the best solutions that I have seen for the network admission in control, identifying, and authentication of the end device that is trying to access the network. And it is a part of the DNA center automation.
Return to navigation