Item: Cisco Identity Services Engine (ISE)
Rating: 9
Author: Simon Watkins

Use Cases and Deployment Scope

For many years, there has been a lack of focus on the security of the corporate Local Area Network. Typically as a user you could connect any devices onto a network via any free patch points, get an IP address and then potentially access network resources. With compliance and security in mind, this is now not considered an acceptable position and a consistent security posture need to be applied to any device connecting to any portion of the network whether it be wired or wireless.

Pros and Cons

Dot1x NAC
Profiling

Posturing - there are many other MDM solutions in the marketplace
Policy creation and libraries can be difficult to navigate

Return on Investment

Adds another layer of security on the LAN and wireless networks
Ability to effectively manage Cisco network devices with the assurance that all actions are logged

Alternatives Considered

These are two completely different products however there is some cross-over in terms of tracking endpoints on the network. These products would complement each other in as much as the Cisco Prime would be used to manage the network (and use ISE credentials to access network devices for example) and the Cisco ISE would ensure that only authorized users would have access to the network. Security is all about providing layers of defense on the network and it not about deploying single-point solutions and hoping that these can be relied on for sufficient security.

Support Rating

Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals.

I feel like this is a USP for Cisco support.

Key Insights

Do you think Cisco Identity Services Engine (ISE) delivers good value for the price?

Yes

Are you happy with Cisco Identity Services Engine (ISE)'s feature set?

Yes

Did Cisco Identity Services Engine (ISE) live up to sales and marketing promises?

Yes

Did implementation of Cisco Identity Services Engine (ISE) go as expected?

Yes

Would you buy Cisco Identity Services Engine (ISE) again?

Yes

Other Software Used

Cisco Prime LAN Management Solution, Cisco Meraki MX Firewalls, Cisco Meraki Systems Manager

Likelihood to Recommend

We deploy Cisco Identity Service Engine (ISE) to provide the following types of services:

Network device administration - provide AAA services (Authentication, Authorization & Accounting) for any IT users who need to access Cisco routers, switches and firewalls
802.1x - Network Access Control for any users accessing the network as a wired, wireless or VPN client
Profiling services - used to profile new devices on the network and is particularly useful for devices that do not support 802.1x (e.g. some IP phones)
A whole host of other functionality is available with particular use cases

I do think that Cisco ISE may not be appropriate for really small networks, due to the purchase costs and complication of management.

Walking on thin ISE - 802.1x and so much more

Overall Satisfaction with Cisco Identity Services Engine (ISE)