One Identity Safeguard Reviews

We use Safeguard for privileged sessions. It's primarily used as a solution for accessing our production environments.

We were able to take an environment where we had several hosts managed by different people and consolidate that into a single, centrally managed solution.

The extensible framework for authentication is one of the most valuable features. We use an MFA plug-in and a lot of different factors, depending on what the business use-cases are. And of course, the auditing functionality is also valuable.

We have also found the solution to be extensible through cloud-delivered services. It's worked out well. The SPS instances we use are located on-premise, but we can still utilize them to access resources in the cloud. That's not a problem. We haven't deployed any SPS itself in the cloud, but it works fine for our cloud environments.

Feature-wise, right now, it has most of the features that we're looking for. It could improve a bit on the management side of things. One example would be when doing an upgrade. We have a highly-available appliance spare, and even though we have two nodes, there's no way to do an upgrade without taking everything completely offline. It would be nice if they could improve that.

The product has generally been stable. We have had some issues, mainly due to the types of traffic. Our end-users are doing different things through SSH tunnels that were not expected on the appliance. We've been working with support to resolve that.

The product is scalable.

Tech support has been great. They've been responsive and knowledgeable, so we've been happy with them.

It took us about three or four weeks for the initial setup and deploy. Part of that was developing a plug-in for the multi-factor authentication. We were able to do it in a way that wasn't disruptive, with our current infrastructure. At their discretion, the end-users were allowed to move over, one-by-one. After we deployed it, it took about two months for all of the users to actually migrate over to using it.

Privileged management. 

Administrators can administrate the privileged accounts. It is a safer way to monitor the administrators.

Its hardware and compliance.

Stability is very good.

Scalability is very good.

The customer service and technical support are very good.

The initial setup is very easy.

I compared different solutions, like Oracle.

It is a good solution, but it needs more marketing.

Most important criteria when selecting a vendor:

• The support
• How long the product has been in the market.

Flexible modes are easily integrated into the customer infrastructure. It's easy to find needed information and the indexer does a good job.

Secure replays: Balabit SCB supports multiple security officers (something like senior and junior officer), who can encrypt upstream, and downstream flows, with different SSL certificates. For example, one officer can see replays, and another officer can only see replays by pressing on a key.

When I worked in a bank, it greatly facilitated the control admins and reduced the length of investigations.

With release 4f4a, I am pleased with the changes. The developers have spent a lot of time optimizing the interface for the convenience of users and it’s functional. Now, I think the best way to improve it will be to optimize the software, because the software begins to consume more resources (physical).

I have been using Shell Control Box for more than two years.

By the new releases, I see that it uses some more resources, but this time it's not affected anything.

We have not had any scalability issues.

I rate technical support 5/5. They are quick and informative.

I tested many another products, but there was an issue about productivity, which was critical to our choice.

Initial setup was easy. There was step-by-step preinstalled software, which took two minutes.

I think it's individual by owner and product.

We evaluated CyberArk and Splunk.

Develop product functional and implementation methods.

• Fully transparent for users.
• Supports many protocols.
• Full OCR indexing: You can find anything that happened in sessions, including commands, programs opened, etc. Without OCR, you would only be able to find who did which sessions, but not the content of the sessions or what admins have been doing.
• Non-agent approach: A very important feature that is able to monitor access to devices which are not computers, such as switches, firewalls, or any device which uses SSH, TELNET, HTTPS. You are able to monitor access to the Internet by web browser, because SCB can work as a HTTP/S proxy.

Our customers use it to provide full privileged-access monitoring for external users/administrators, so they are fully compliant and still have easy access to external user’s activity.

VMware PCoIP protocol support: Many customers are switching from normal computers/environment to VDI infrastructure and some of them are switching to VMware Horizon that uses PCoIP protocol, which is not supported right now.

Central management for more SCB boxes: If you have many boxes in a customer infrastructure (right now we have one customer of this kind in POC and they will need eight boxes) with the same configuration/purpose, you have to do everything 8x. I know this feature is on the roadmap, but nobody knows when it will be available.

I’ve been using Balabit for six years.

We have not had stability issues.

We have not had scalability issues.

I give technical support a 4.5/5.

We did not use any previous solutions.

It was super easy to deploy, not complicated, and did not have the hidden Capex that competitors do!

It’s an easy license model; you can choose virtual or hardware appliances.

We evaluated ObserveIT and CyberArk.

Try more functions and use them! It’s a very powerful product; much more complex than all other competitors. But, almost all companies use it on less than 30% of their infrastructure.

Monitoring and controls privileged access to remote server/appliances for RDP/SSH/HTTP/ICA/VNC protocols

Four-eye authentication and gateway authentication with real-time audit capability

Credential storage and user mapping policies

Inband destination selection with DNS resolve/mapping internal resources

Detailed audit search capability into proprietary video stream for all protocols supported with keylog functions

• Improved security
• Detailed audits for support/maintenance activities done by admin/technician and third-party engineers
• Drastically reduced unauthorized and improper use of systems and servers

The only improvement would be to manage more concurrent sessions.

I have been using it for four years.

I have not encountered any stability issues.

I have encountered scalability issues. The system needs to be properly analysed before putting it into production. Supported protocols have different needs in terms of computing power, and this directly impacts the number of concurrent sessions that can be managed.

absolutely perfect

Technical support is 10/10, absolutely.

I did not previously use a different solution.

The initial setup is straightforward, but you need to have a pre-defined plan, know how to implement authentication or the authentication store if used, and also how to do network integration.

I don't know about pricing, but licensing is based on concurrent session through SCB.

Before choosing this product, I did not evaluate other options.