This content is part of the Buyer's Guide: Network security basics: A Buyer's Guide
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Cisco Identity Services Engine: Security product overview

The Cisco Identity Services Engine network access control system can be deployed as an appliance or virtual machine in a private cloud and offers compatibility for BYOD devices.

Editor's Note: This Cisco ISE product overview is part of a series on buying network security products for the enterprise. The series explores the evolution of network security and lays out some major use cases. It also looks at the buying criteria for network security products and compares the leading network security vendors in the market.

Cisco's Identity Services Engine (ISE) is a great product to implement if your network is primarily comprised of other Cisco infrastructure gear. The tool integrates well with other Cisco products, including routers, switches, wireless LANs and next-generation firewalls (NGFWs). The technology used to simplify provisioning, management and communication between network components is called TrustSec. TrustSec is a network segmentation approach that reduces much of the hassle in providing an end-to-end security framework.

There are different licensing packages for the Cisco Identity Services Engine, depending on what security functions your organization needs. The base license includes basic network access functions, guest management and encryption. The plus license includes compatibility for BYOD, profiling, endpoint protection and TrustSec features. The advanced license package includes all base and plus features with mobile device management (MDM), posture and compliance or remediation features. There also is a wireless license to oversee wireless devices.

NAC platform options

Cisco Identity Services Engine can be deployed using one of two hardware appliances or as a virtual appliance in VMWare ESX or ESXi environments for private or hybrid cloud deployments.

Cisco ISE SNS-3415 appliance
The SNS-3415 appliance is a Cisco Identity Services Engine platform for smaller deployments. The hardware is equipped with four 1 GbE interfaces, and is driven by a single 2.4 GHz Intel Xeon processor. The device has 16 GB of memory and a single high-speed 600 GB hard disk drive (HDD).

Cisco ISE SNS-3495 appliance 
The Cisco Identity Services Engine SNS-3495 appliance is the larger NAC hardware appliance from Cisco. The hardware, with four 1 GbE interfaces, is based on two 2.4 GHz Intel Xeon processors, doubles the memory of the SNS-3415 to 32 GB, and includes two high-speed 600 GB drives, set up in a RAID 1 configuration.

Cisco ISE virtual appliance 
Cisco recommends users build their virtual machines with specifications equal to, or greater than, equivalent hardware appliances. At minimum, a Cisco Identity Services Engine deployment requires at least 4 GB of memory and 200 GB of disk space.

Pricing and support

Cisco ISE hardware and support is purchased through Cisco partners, which set the final purchase price. Cisco's list price for an SNS-3415 hardware appliance, with a one-year ISE Plus license for 1,000 devices, lists for just over $50,000.

Cisco's Smart Net Total Care support includes phone and email support, remote troubleshooting, firmware upgrades and defective hardware replacement. Prices are based on how quickly replacement hardware is shipped to a customer.

Next Steps

Read our buyer's guide on network access control.

Learn how port security relates to network access control.

Examine how network access control has adapted to IoT.

Check out our five tips for managing guest access to your network.

This was last published in December 2015

Dig Deeper on Network Security Best Practices and Products