Cisco ISE for ZTA
Updated January 23, 2024

Cisco ISE for ZTA

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review

Overall Satisfaction with Cisco Identity Services Engine (ISE)

Cisco ISE is leveraged internally to address network access control across wired, wireless, and remote client VPN authentication and authorization. Providing protection through Cisco ISE, the compliance of the machines is evaluated, and proper access is granted to compliant PCs. In addition, the device administration allows for infrastructure to be authenticated and authorized from a centralized location, providing a single account for device administration driven by Active Directory or any identity provider.
  • Centralized Identity Management
  • User and Device Authentication and Authorization
  • Device Posture Compliance
  • Device Administration
  • Persistent Session Network Access
  • Third-Party Integration
  • Resource Consumption
  • Intuitive GUI
  • Alignment to regulatory requirements for Zero Trust Architectures
  • Increase in visibility of assets equating to less lost or missing
  • Centralized infrastructure authentication resulting in single administrative accounts
Aruba ClearPass and Cisco ISE are very similar in nature. The biggest differentiator that I have seen is the Cisco ISE ecosystem around native Adaptive Network Controls, programmable interfaces, pxGrid, and Cisco TrustSec environment. Due to the span of products Cisco has in its portfolio, the integrations between these products is both robust and native to each product.

Do you think Cisco Identity Services Engine (ISE) delivers good value for the price?


Are you happy with Cisco Identity Services Engine (ISE)'s feature set?


Did Cisco Identity Services Engine (ISE) live up to sales and marketing promises?


Did implementation of Cisco Identity Services Engine (ISE) go as expected?


Would you buy Cisco Identity Services Engine (ISE) again?


Cisco ISE works excellently as a NAC for network onboarding, maintaining persistent sessions, and overall alignment for Zero Trust Architectures. As a cornerstone to the Cisco TrustSec (CTS) environment, Cisco ISE provides the ability to tag hosts as they are onboarded and distribute this information throughout a security ecosystem, to be leveraged by firewalls, switching infrastructure, and server policing mechanisms. Its ability to maintain a persistent session allows other data reporting mechanisms to change the level of access to hosts if the compliance status were to change. The programmable back end allows for the management to be performed from a centralized console, or via the built-in GUI of the Cisco ISE product itself.

Cisco Security

Security is the investment in prevention. However, leveraging these inspection products to augment other areas of IT provides a richer ROI. As an example, reporting on the type of traffic passing a firewall allows the organization to better understand what the network is used for, or using MFA to determine what users/user groups are accessing resources.
The Cisco security ecosystem provides native integrations between the product line to provide a la carte security. Cisco ISE provides authentication for the service edge, but this decision could be bolstered when using Cisco Secure Network Analytics (SNA) to review traffic in transit. When bolstered with deep packet inspection using a Firepower NGFW, the end to end data flow is observed and enforced - with all components sharing their information.
Cisco has products for each part of Network Security and reporting. The additional tools with SIEM/SOAR to provide automated response and remediation shortens the Mean Time to Resolution of security incidents, with robust reporting to provide forensics. Other vendors only addressed certain aspects creating difficulties for full integration.
Cisco ISE provide programmatic APIs to deliver policy or customize endpoints, create an information sharing for security using the pxGrid, granular reporting, and the ability to "hold" the connection to issue Change of Authorization as the endpoint or user changes role. This is done through RADIUS protocols at the connection level versus other vendor's SNMP Read Write to the port. This difference can cause issues for multi-host ports in which the SNMP Read Write authorizes the first host and puts all additional hosts into the same VLAN for segmentation.
I envision AI moving security and threats to that of machine versus machine. In this future environment, the AI of the security must detect new anomalies and attack vectors while the AI of attackers will attempt to go undetected by acting as an authenticated/authorized user of the network. These attacks may take longer but go unnoticed without deeper inspection of the security product.
I leverage Firepower for predictive threat detection and analysis to date. Firepower is able to send sample of encrypted data to the Cisco cloud to determining the credibility of the flow or threat of an attack. However, overall, no in-house AI/ML is used for threat detection currently, as the resources required can be quite extensive.