Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

Portnox CORE vs. Cisco ISE: NAC Comparison

The greatest challenge faced by a growing organization is providing highly scalable network access and monitoring traffic for any threats. A few years back, organizations had a fixed number of systems assigned to each user over a network, but that has changed. With more and more devices per user, there is an exponentially increasing threat to the network, demanding a robust security system.

Network Access Control (NAC) solutions help restrict users and devices on your network and reduce your attack surface. Portnox CORE and Cisco ISE are some of the foremost NAC solutions, and this article will help you pick an option based on your needs.

Feature Comparison: Portnox CORE vs. CISCO ISE

Device Discovery

Device discovery is the first step in mapping, setting up, and monitoring devices on network infrastructure. Device discovery locates devices connected to a network and collects details to generate a device and user inventory. Portnox CORE and Cisco ISE provide an array of device discovery features that rightly make them the industry leaders.

Let’s see how they compare against each other here.

Portnox CORE

Portnox CORE functions on physical and virtual Windows servers and communicates with existing infrastructure to gain holistic visibility of all the connected assets. Portnox CORE also delivers real-time, event-driven, and continuous visibility for all the devices on a network. Their configuration support validates devices’ authorization and ensures compliance on the network.

As far as unauthorized hubs or access points are concerned, Portnox CORE can make discoveries, notify the network, and take action against them. If authorized, Portnox CORE provides support to discover, authenticate, and control each device on a network independently.

Cisco ISE

Cisco Identity Service Engine (ISE) offers dynamic device detection and classifies endpoints connected to a network. Cisco ISE uses the MAC address of a device as an identifier and collects the various attributes to build a user endpoint database for a network. The device is attributed to user-defined policy-based conditions and matched to a profile library.

Once the devices are classified under the library, they can be authorized to the network and provided access based on their respective profile. An organization can also set access as per devices used, wherein they can be offered full access from a managed device but limited access on a BYOD.

Certificate management

A modern network access solution is complete with a robust certificate management solution. Organizations are turning to digital certificates as the best means to protect a network against over-the-air attacks and phishing. A certificate management solution should help you manage the certificate lifecycle and provide effective onboarding. Let’s see how Portnox Core and Cisco ISE compare in cert management.

Portnox CORE

Portnox CORE uses AgentP as an endpoint to help enroll users for a device certificate. AgentP enables users with managed devices to self-enroll for certificate distribution. For users with BYOD devices, AgentP generates a root certificate upon adding the root certificate to a list of trusted organizational certificates.

Portnox integrates with existing Microsoft Endpoint Manager Intune and can use Intune to authenticate users as an alternative to Portnox’s agent or agentless options.

Cisco ISE

Cisco ISE uses certificates for communication between their ISE nodes, external servers like Syslog and feed servers, and end-user portals such as the guest, BYOD, and sponsor. Cisco ISE utilizes its administrative node for certificate management. This node is also known as the Policy Administrative Node (PAN).
In Cisco, ISE nodes trust the root certificates of other nodes in the same cluster of network resources. The admin must enter their login details to join the fixed nodes’ PAN

Active Directory (AD) Integration 

AD provides a unified platform to manage an organization’s data access. Microsoft introduced it in early 2000, forming the foundation of data management and network security in organizations worldwide. However, Active Directory is an antiquated, on-premise software that is largely incompatible with modern cloud infrastructure.

Microsoft has deprecated AD in favor of Azure AD, thus leaving a lot of unresolved issues in remaining Active Directory environments. Unfortunately, many organizations today are stuck with an on-prem AD network and find themselves unable or unwilling to migrate to the cloud, so AD compatibility is still a feature that’s in demand.

Let’s see how Portnox CORE and Cisco ISE support Active Directory.

Portnox CORE

Portnox uses the Portnox AD broker that runs on-prem on the customer’s AD. The AD broker connects to the organization’s Active directory using the LDAP or the SLDAP protocol. Device security is an inbuilt feature and begins with the Software Development Lifecycle (SDL). The SDL ensures the constant updating of AD.

Cisco ISE

Cisco ISE supports multiple AD domains by joining different nodes in an AD cluster. With ISE, a user can choose any subset in a domain required by network devices for authentication. It uses a Security Identifier (SID) to manage user attributes in a group.

RADIUS Server Authentication

A RADIUS (Remote Access Dial-in User Service) server is an integral component of Network Access Control. It is a server that authenticates users to the network after checking the directory to confirm they are authorized. A good RADIUS server supports multiple types of authentication, enforces policy decisions, and provides network visibility through accounting.

RADIUS can be deployed both on-prem and in the cloud; however, a cloud RADIUS is known to have immense benefits. With cloud RADIUS, you can retire your LDAP and AD servers for a RADIUS that integrates with the existing network. While on-prem RADIUS is pricey, cloud RADIUS can fit into your existing infrastructure on a budget.
Let us see how Portnox CORE and Cisco ISE compare in terms of RADIUS authentication

Portnox CORE

While Portnox CORE integrates with Portnox CLEAR to provide a Cloud RADIUS, many features like Cloud IDP lookup and a PKI are still in their nascent stages. Portnox also has a lot to be desired, when it comes to its implementation. Customers feel that a better implementation strategy could be a boon for users looking to use it.

Cisco ISE

Cisco ISE provides superior on-premise RADIUS solutions. However, on-prem RADIUS solutions are pricey and need a lot of infrastructure for initial set-up. Cisco ISE is tied to a lot of its native products thus making it no viable to tie up with other vendors. Thus, customers feel that a better solution would be to go for a vendor neutral RADIUS solution.

The Best in Cloud RADIUS Authentication

If you are looking for better RADIUS authentication, choose one that is future-proof and integrates with your existing infrastructure. SecureW2 offers the industry’s only fully-managed Cloud RADIUS that supports passwordless authentication and is vendor-neutral. It enables seamless integration with any cloud IDP.

Our complementary turnkey Public Key Infrastructure gives you the tools to manage digital certificates throughout their entire lifecycle, allowing more robust and customized security policies.

Network Access Control Solutions for Every Organization

Portnox CORE and Cisco ISE integrate well with on-premise networks, but their credential-based security isn’t as secure as digital certificates. On-premise networks are costly in terms of money, time, and human resources compared to cloud alternatives. They’re also relics of the past that are only becoming obsolete and more vulnerable as time goes on.

SecureW2 offers a comprehensive suite of network security products that simplify network access. Our managed PKI helps you deploy certificate-based authentication for all the devices across your organization.

You can get a digital certificate on all the managed devices through our auto-enrollment gateway for MDMs and the self-enrolling application for BYODs. We further provide guest authorization through our JoinNow NetAuth for -sponsored guests to access the network. Finally, our Cloud RADIUS authenticates all the certificates for a seamless experience.

Our products are quick and easy to deploy and integrate seamlessly with your existing infrastructure. Reach out to us for more information on our wide range of products.

Learn about this author

Anusha Harish

Anusha is a copywriter with a passion for telling stories through her writing. With a law degree and keen research skills, she writes articles to help customers make informed decisions. A movie buff and a bookworm, she can be found tucked away with a book and a cup of coffee mostly.

Portnox CORE vs. Cisco ISE: NAC Comparison