One Identity Safeguard Reviews

The primary use case for our One Identity Safeguard solution is to optimize security across private accounts, accounts which can be secured upstream and downstream. The solution enables us to implement encryption protocols across channels. It is designed so that depending on the cryptographic case, different policies can be applied in correlation. 

I don't think it's improved our organization internally. I've had to suspend workflows and focus my time and attention on creating technical, instructional, documentation regarding user procedures and practices.

The majority of the features offered with this solution are the same as with other similar systems. The most unique and valuable features are the upstream and downstream throughput capacities; the Safeguard platform provides agile integration.

In actuality, all the features are valuable. They're good and user-friendly.

The technical support for this solution needs to be immediate, intuitive, and responsive especially as it refers to supporting ticket submissions and processing.

Furthermore, we've had trouble understanding how certain policy framework applies. I would like to see clearly laid out policies or better support and explanations around policy dynamics.

The stability and downtime of the solution could also be upgraded to include a messaging function which would give users a clear understanding of what's happening without having to navigate to a particular section of the page.

Lastly, I would also like to see the price reduced.

It's very stable. There are about 150 users, mostly administration, currently using this solution in our company. We don't encounter many problems with the system.

I am encountering issues when it comes to the scalability of the solution.

Our experience with technical support has been disappointing. We require more prompt and faster response times. We require answers to our questions right away but we haven't received that level of support.

The initial setup was very easy. We followed the given instruction protocol. We also used white papers when necessary for clarification and better understanding. It only took us one month to implement.

We used an integrator for the deployment. It was a good experience. 

Setup cost, pricing and licensing are all very expensive.

We are very pleased with the Safeguard platform feature. You can't find this technology anywhere else.

On a scale from one to ten, one being the worst and ten being the best, I would give this product a nine rating. If the technical support was better I'd give it a 10 out of 10.

One of the most valuable features is that it supports the Linux operating system. Also, the transparent mode for privileged sessions is a very good solution.

On a scale of one to ten, the stability is an eight.

The scalability is great.

Technical support is great. We use the case platform.

We didn't switch from another product. Using this solution has been a great decision in helping with our tasks.

Deployment of the solution took two to three months. Our engineers installed it.

It's a great product for our industry, which is banking.

The primary use case for our customers is to monitor and audit external vendors, as well as keep track of internal actions when privileged user accounts are being used to access systems internally.

For our customers, it's much easier for them to be in line with audits. A lot of our customers work in the medical field, where it is important for them to keep track of external vendors, e.g., maintaining medical appliances inside of a hospital. This solution gives them real confidence that they can keep their customers safe and their data protected.

There are a variety of protocols that it supports.

The video-like stream and audit capabilities, in combination with its indexing capabilities to search for critical events quickly, are valuable features.

The transparent mode for privileged sessions is really nice because it keeps the integration quite smooth. Also, users don't have to change the way that they currently are used to working. 

It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage.

There are some features which are still missing compared to other competitors. For example, some customers need legacy VPN authentication capabilities.

The automated change of the passwords, which is now integrated, could be improved to be more flexible regarding different systems.

The overall stability has improved quite a bit throughout the years. The appliances run well, both virtual and physical. The product is pretty good, especially compared to other vendors and products.

Because of the nature of the connections being monitored, you can load balance it quite well. It is easy to shift the load from one appliance to another. However, the high availability function of the box itself requires a long time to switch over from one appliance to another. So, there is room for improvement

The technical support is tremendous. For large projects, we have had some challenges, but we were never left alone by the vendor. Also, in one case for a small customer, One Identity assigned one engineer to help with assessing the AD infrastructure of our customers, which was really helpful.

The install and deployment are quite rapid. For a smaller project, sometimes it only takes us about two to three days to implement and get the policies inline. For larger projects, it's actually also not that long for the appliance itself. The product requires a lot of changes on the management side, how vendors work, and how you need to counsel people how to use it, especially in Germany. Then, they are monitored, which is the quite larger portion of it.

For our implementations in Germany, we implement an explicit model most of the time. Therefore, the transparent mode for privileged sessions has not been used that much in my projects.

Look at the entire portfolio, since it has changed so rapidly. The capabilities have improved quite a bit. You need to make sure not to miss out on any features.

The Approval Anywhere for Privileged Passwords is a really good concept, because it enables admins to do other work, be more flexible, and work from home. However, we don't have any real experience with it yet, as we are looking into it at the moment.

We primarily use One Identity Safeguard for Privileged Sessions (SPS) for managing our customers' access to their critical systems.

We are able to demonstrate what has happened on the systems and who did what, when we have to investigate, in regards to audits using evidence.

• Acting as a proxy
• Session encryption
• Flexibility of usage

The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between. Thus, it is transparent for them.

The system is easy to manage, as it is not a system that you will change everything all of a sudden. It evolves most of the time with customer requests.

• We have not yet found the solution to be extensible through cloud-delivered services.
• Our external indexers are able to integrate with a hardware security module (HSM), which is good. What we have now requested is the integration of HSM with the SPS solution to be able to not have to manage certificates and the private key outside of any tamperproof system.
• We would like to be able to generate certificate signing requests (CSRs) from the interface for certificates. 
• We would like to be able to manage the lifecycle of the archived audit traits. If they are on the box, the cleanup and archiving policies are applied, as soon as they are archived on the external share, this does not apply. We need our customers to not have to manually delete these archives.
  
• From a web interface perspective, we would like to be able to duplicate connections, so we can reorder them.

We have not had a major issues regarding stability once we migrated our users onto the virtual solution. However, for some users, the physical appliance has been a bit buggy.

As of now, we use mainly virtual and have not tested the scalability and high availability, because it is a new thing.

The technical support is good. There has been great improvement to all the knowledge base articles available. Therefore, we are able to find a lot of solutions already when we create support requests.

It takes us a long time to make the people from product management and development to understand our needs, e.g., integrating this product with HSM.

Because we are a service provider, we have to demonstrate that our systems are really tamperproof. We had that experience previously, and now again, with One Identity SPS, as the product fits our needs.

The initial setup is quite simple, not complex. The installation documentation is good, so the installation is okay. You just need to read the documentation, understand how it works, and how it has to be integrated. Once you do your homework, it's quite easy.

We are the integrator for the deployment.

To install and deploy the solution for the customers, we count one day for a workshop with all the people involved: network, business users, IT, support, etc. Then, for the implementation, it can take another one to five days.

It is the life of our customers because it brings a lot of security. So, the return on investment is really on all aspects of compliance, security, and audit.

We implement this solution upon customer request.

Test it and its competitors. You will probably choose SPS.

Both the search functionality and speed have been greatly improved.

We are not using privileged passwords.

We use Safeguard for privileged sessions. It's primarily used as a solution for accessing our production environments.

We were able to take an environment where we had several hosts managed by different people and consolidate that into a single, centrally managed solution.

The extensible framework for authentication is one of the most valuable features. We use an MFA plug-in and a lot of different factors, depending on what the business use-cases are. And of course, the auditing functionality is also valuable.

We have also found the solution to be extensible through cloud-delivered services. It's worked out well. The SPS instances we use are located on-premise, but we can still utilize them to access resources in the cloud. That's not a problem. We haven't deployed any SPS itself in the cloud, but it works fine for our cloud environments.

Feature-wise, right now, it has most of the features that we're looking for. It could improve a bit on the management side of things. One example would be when doing an upgrade. We have a highly-available appliance spare, and even though we have two nodes, there's no way to do an upgrade without taking everything completely offline. It would be nice if they could improve that.

The product has generally been stable. We have had some issues, mainly due to the types of traffic. Our end-users are doing different things through SSH tunnels that were not expected on the appliance. We've been working with support to resolve that.

The product is scalable.

Tech support has been great. They've been responsive and knowledgeable, so we've been happy with them.

It took us about three or four weeks for the initial setup and deploy. Part of that was developing a plug-in for the multi-factor authentication. We were able to do it in a way that wasn't disruptive, with our current infrastructure. At their discretion, the end-users were allowed to move over, one-by-one. After we deployed it, it took about two months for all of the users to actually migrate over to using it.

Privileged management. 

Administrators can administrate the privileged accounts. It is a safer way to monitor the administrators.

Its hardware and compliance.

Stability is very good.

Scalability is very good.

The customer service and technical support are very good.

The initial setup is very easy.

I compared different solutions, like Oracle.

It is a good solution, but it needs more marketing.

Most important criteria when selecting a vendor:

• The support
• How long the product has been in the market.

Flexible modes are easily integrated into the customer infrastructure. It's easy to find needed information and the indexer does a good job.

Secure replays: Balabit SCB supports multiple security officers (something like senior and junior officer), who can encrypt upstream, and downstream flows, with different SSL certificates. For example, one officer can see replays, and another officer can only see replays by pressing on a key.

When I worked in a bank, it greatly facilitated the control admins and reduced the length of investigations.

With release 4f4a, I am pleased with the changes. The developers have spent a lot of time optimizing the interface for the convenience of users and it’s functional. Now, I think the best way to improve it will be to optimize the software, because the software begins to consume more resources (physical).

I have been using Shell Control Box for more than two years.

By the new releases, I see that it uses some more resources, but this time it's not affected anything.

We have not had any scalability issues.

I rate technical support 5/5. They are quick and informative.

I tested many another products, but there was an issue about productivity, which was critical to our choice.

Initial setup was easy. There was step-by-step preinstalled software, which took two minutes.

I think it's individual by owner and product.

We evaluated CyberArk and Splunk.

Develop product functional and implementation methods.

• Fully transparent for users.
• Supports many protocols.
• Full OCR indexing: You can find anything that happened in sessions, including commands, programs opened, etc. Without OCR, you would only be able to find who did which sessions, but not the content of the sessions or what admins have been doing.
• Non-agent approach: A very important feature that is able to monitor access to devices which are not computers, such as switches, firewalls, or any device which uses SSH, TELNET, HTTPS. You are able to monitor access to the Internet by web browser, because SCB can work as a HTTP/S proxy.

Our customers use it to provide full privileged-access monitoring for external users/administrators, so they are fully compliant and still have easy access to external user’s activity.

VMware PCoIP protocol support: Many customers are switching from normal computers/environment to VDI infrastructure and some of them are switching to VMware Horizon that uses PCoIP protocol, which is not supported right now.

Central management for more SCB boxes: If you have many boxes in a customer infrastructure (right now we have one customer of this kind in POC and they will need eight boxes) with the same configuration/purpose, you have to do everything 8x. I know this feature is on the roadmap, but nobody knows when it will be available.

I’ve been using Balabit for six years.

We have not had stability issues.

We have not had scalability issues.

I give technical support a 4.5/5.

We did not use any previous solutions.

It was super easy to deploy, not complicated, and did not have the hidden Capex that competitors do!

It’s an easy license model; you can choose virtual or hardware appliances.

We evaluated ObserveIT and CyberArk.

Try more functions and use them! It’s a very powerful product; much more complex than all other competitors. But, almost all companies use it on less than 30% of their infrastructure.