ISE review
Updated March 13, 2025

ISE review

zaiqiang Pan | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cisco Identity Services Engine (ISE)

Used for access control for remote access VPN, Enterprise Wi-FI with RADIUS service; and for Network devices access control with TACACS+. It is the primary access control for user network access control, and admin access control for network devices. This is for the enterprise cope, we run our network in a consolidated enterprise scope.

Pros

  • TACACS+ for NAD access control
  • 1X with RADIUS
  • RDIUS service for RAVPN

Cons

  • software bugs for ISE itself, or the AnyConnect/Secure Client
  • ISE profiling need keep updating for new model of devices, especially VOIP phones, or confernece VTC devices.
  • ISE posture flow is troublesome, with the preposture redirection flow. There are too many constrains for building this flow/ACL, with user logon scripts, or access to printers, AD, etc.
  • increase network access control
  • understand what is connected to your network

Do you think Cisco Identity Services Engine (ISE) delivers good value for the price?

Yes

Are you happy with Cisco Identity Services Engine (ISE)'s feature set?

No

Did Cisco Identity Services Engine (ISE) live up to sales and marketing promises?

No

Did implementation of Cisco Identity Services Engine (ISE) go as expected?

Yes

Would you buy Cisco Identity Services Engine (ISE) again?

Yes

Cisco Identity Services Engine (ISE) is good for basic 802.1X based RADIUS, and TACACS+ usage. The profiling rules need to keep up to date for most common devices. The posture flow needs design changes, or best practice changes to accommodate user logon situations. Maybe, should allow user login first, then just catch the non-compliant only. For the pre-posture should be easier to let user access.

Cisco Security

Protect data and information is a mandate. There are also compliance requirement for cyber security.
Cisco provide a comprehensive protection for network access security. Compared with other player in the field, Cisco is leading in the product coverage of different use cases.
Cisco product are more comprehensive in features.
It is scalable, with comprehensive features.
Because ISE is used to control access of network, it collected a lot information about the endpoint and user, these information can be used by AI to analyze any anomaly or high risk behaviors.
Not yet.

Resilience and Reliability

Multiple data center deployment with redundancy.
cyber security is a layered approach here. This is just one layer of the whole picture.
There are certain bugs, and features are missing from current version of ISE. There are also some negative feature we don't like.
But in general, ISE is the tool for network layer access control.
It is not an easy implementation for a large organization, this is decided by organization existing infrastructure, and process.
There were bugs before for site level redundancy, but cisco fixed it.
We are not integrated with many tool yet, only the MDM tool. Looking into integrae with more security tools.
  • we also use it for device inventory and discovery.

Using Cisco Identity Services Engine (ISE)

14000 - USDOT have sub agencies that manage across transportation sectors, like high way, vehicle safty, maritime, transit, railway, pipeline and hazardous material transportation. All the users across the enterprise use Cisco ISE for network access authentication and authorization. We use it as access control engine for RADIUS authentication for all users and devices.
3 - Network engineers with knowledge of Cisco ISE product itself, general knowledge about RADIUS, TACACS+, posture, profiling, device provisioning, 802.1X protocol, Public key infrastructure and certificate based authentication. CDP, LLDP, DHCP, http, Active Directory. General knowledge of Windows OS, iPhone/iPad IOS, Cisco IOXE, MacOS.
  • Device authentication
  • User authentication
  • device security posture
  • Device profiling
  • Cisco Secure Client
  • SGT and TrustSec
  • Integration with other security tool like Tenable.SC and Intune

Evaluating Cisco Identity Services Engine (ISE) and Competitors

Yes - Cisco ACS.
  • Scalability
  • Integration with Other Systems
  • Ease of Use
Scalability is needed due to size of the network.
Marketing information sometime just talk what it can do, but don't talk about under what conditions or limitations. So, real experience, understanding the pre-requirements and feature limitation are important.

Cisco Identity Services Engine (ISE) Implementation

  • Implemented in-house
Yes - for Wi-Fi and VPN first, then open mode with posture for wired access; last switch to close mode for wired access.
Change management was a small part of the implementation and was well-handled
  • Posture status is a big issue for our implementation. Most case you should have posture as last steps, but we had posture before we implemented with wired access.

Cisco Identity Services Engine (ISE) Training

  • Online Training
Training can only cover certain areas, there are a lot of areas training just can't cover. You have to learn by doing it.

Configuring Cisco Identity Services Engine (ISE)

It is very complex.
Even though Cisco had a lot of documents about ISE, they are need to keep them up to date.
No - we have not done any customization to the interface
No - we have not done any custom code
We run into big issue with pre-posture ACL. For Windows OS, the concept of posture assessment can only run under user context, thus must run after user logon is a big issue. Our user logon process is complicated and need accessing a lot resources for the logon process. We have to switch to a " assume innocent first" for all devices for the pre-posture ACL.

Cisco Identity Services Engine (ISE) Support

ISE is complicated product, it is involve a lot different areas of networking.
ProsCons
Quick Resolution
Good followup
Problems get solved
Kept well informed
Immediate help available
Quick Initial Response
Need to explain problems multiple times
Yes. We purchase premium support from Cisco.
It is a production system that have huge impact for all the users.
Yes - We just take some work around the issue.
Our account team are helping in drive resolution of our issues.

Using Cisco Identity Services Engine (ISE)

ISE is a complicated product, involve too much functions, not only ISE itself, also include switch/WLC/VPN configurations, endpoint configurations.
ProsCons
Like to use
Relatively simple
Consistent
Feel confident using
Requires technical support
Slow to learn
Lots to learn
  • device profiling
  • MAB
  • Client provisioning
  • Posture

Cisco Identity Services Engine (ISE) Reliability

It is scalable. We don't have performance issue.

Integrating Cisco Identity Services Engine (ISE)

Relationship with Cisco

My account team are responsive.
I am not involve on this aspect.
We have enterprise agreements with 3 year terms.
no.

Upgrading Cisco Identity Services Engine (ISE)

Yes - The upgrade process is complicated and long. It is complicated product.
  • mainly for mitigate vulnerability of the product.

Comments

More Reviews of Cisco Identity Services Engine (ISE)

  1. Home
  2. Network Security Software
  3. Cisco Identity Services Engine (ISE) Reviews
  4. User Review of Cisco Identity Services Engine (ISE)