Item: Cisco Identity Services Engine (ISE)
Rating: 1
Author: Verified User

Use Cases and Deployment Scope

ISE is NOT being used at my organization. The project started well, but quickly fell apart when we started planning the rollout beyond the initial phase. The difficulty for the consultant, who had tons of Cisco security certifications, to get answers in a timely fashion dragged out the process, with promise after promise not delivered. It wasn't necessarily the fault of the consultant.

Pros and Cons

Guest services.
Basic assignment of 802.1x devices on WiFi.

Working with the existing network infrastructure tools.
Mobile device mgmt integration.

Return on Investment

It certainly wasted a lot of SE resources.
It was a waste of budget and time of my people to try to get it running.

Alternatives Considered

Tempered Networks, Forescout CounterACT and Aruba ClearPass

We made more progress with Forescout in 2 days than we did in 8 months trying to get ISE operational. It isn't even close. The MDM add-in worked almost immediately, and the lack of reliance on 802.1x made the entire setup process extremely quick.

Since building automation and remote sites are a big part of what we're doing, Tempered is fitting the priorities we have for segmentation. Our plan is to implement Forescout for on-boarding, and Tempered for IoT and remote sites.

We decided pass on testing ClearPass. We talked to a few existing users of ClearPass. They were happy with their implementations, but the implementation effort and tendencies toward 802.1x made it feel more like ISE than it did Forescout.

The Tempered system has some game changing capabilities when it comes to the things that it does well. I solves a lot of problems that traditional NAC doesn't even come close to addressing. For IoT, it's a game changer.

Support Rating

Again, this should be a huge zero! So many calls back to support, hotfixes, and escalations. Once you get past the basics, you change one thing and two things break. Hours on the phone with support, time on hold with "I need to check with xyz. Hang on." Our network infrastructure is mostly Cisco, so it's not like we can blame it on a lot of non-Cisco components. And when unrecognized devices came on-board, there was a whole new set of issues that had to be escalated.

Key Insights

Do you think Cisco Identity Services Engine (ISE) delivers good value for the price?

Are you happy with Cisco Identity Services Engine (ISE)'s feature set?

Did Cisco Identity Services Engine (ISE) live up to sales and marketing promises?

Did implementation of Cisco Identity Services Engine (ISE) go as expected?

Would you buy Cisco Identity Services Engine (ISE) again?

Other Software Used

Microsoft Teams, Audacity

Likelihood to Recommend

If you have just a few device types, fairly flat network (a limited number of VLANs and remote sites, for instance), or don't need exceptions to rules or non-802.1x devices, it might be good for you. Or if you just need guest on-boarding, then that might be a good system. But, then again, if that's your environment, then maybe you just go with the Meraki line.

Stay away from ISE like you would a minefield

Overall Satisfaction with Cisco Identity Services Engine (ISE)