IT Central Station is now PeerSpot: Here's why

One Identity Safeguard OverviewUNIXBusinessApplication

One Identity Safeguard is #2 ranked solution in top User Behavior Analytics - UEBA tools and #3 ranked solution in top Privileged Access Management (PAM) tools. PeerSpot users give One Identity Safeguard an average rating of 8 out of 10. One Identity Safeguard is most commonly compared to CyberArk Privileged Access Manager: One Identity Safeguard vs CyberArk Privileged Access Manager. The top industry researching this solution are professionals from a computer software company, accounting for 27% of all views.
What is One Identity Safeguard?

One Identity Safeguard securely stores, manages, records and analyzes privileged accounts and access. It is an integrated solution that combines a secure hardened password safe and a session management and monitoring solution with threat detection and analytics.

One Identity Safeguard Buyer's Guide

Download the One Identity Safeguard Buyer's Guide including reviews and more. Updated: April 2022

One Identity Safeguard Customers

Cavium

One Identity Safeguard Video

Archived One Identity Safeguard Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Director of Information Security at a healthcare company with 1,001-5,000 employees
Real User
Approval Anywhere feature enables review and approval of a request with one click
Pros and Cons
  • "There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time..."
  • "There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product."

What is our primary use case?

We use it primarily for our IT team, so they can access our production and pre-production environments, to have better accountability. They have to create a ticket, check it out, and then they have to get approval from our approvers group. So there's accountability from beginning to end, and we also record the sessions.

How has it helped my organization?

The time frame to get sessions rolling has been cut to a third. From a productivity standpoint that's tremendous.

In addition to that, the ease of use is fantastic because our IT team is able to check out sessions very quickly because it's so intuitive and easy to work with. They're pleased with it and it allows them to do their jobs much faster. That's probably the largest way it has improved things for us.

Finally, because of the intuitiveness and ease of use for end-users it has been really simple to train on. This product has worked flawlessly for us.

What is most valuable?

There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time, resulting in an increase in productivity and a decrease in issues and errors and interface problems. It increases redundancy and gives us a much easier interface to use.

We're using virtual appliances for Safeguard because of the flexibility of virtual appliances. We can snapshot them, we can restore them quickly. There's a lot more flexibility with virtual.

We use the solution’s Approval Anywhere feature, and it allows a group of five individuals to receive notifications on their phones, through Starling, and review a request and approve it with one click.

We also use the solution’s “transparent mode” feature for privileged sessions. We record them and we also review them. That way, if there are problems with any configurations they did, we can go back and review them. Also, for mentoring, teams utilize it to help individuals deploy code better or to make changes to configurations. There are a lot of positives with that feature. It was very easy to start using this feature. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with. The rollout of "transparent mode" was seamless for our users. We sent out picture instructions on how to do it and offered to get on a call with people to discuss it with us, but nobody had any questions. In terms of the monitoring itself, it doesn't affect things any differently than the previous solution. It's pretty much the same. Obviously, using the tools is easier, but we were monitoring the same type of information as before.

What needs improvement?

There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product. Because we don't tie it to an RDP session, you actually have to click the download button and then open the RDP session from there, versus just clicking the launch button and it automatically opening RDP.

For how long have I used the solution?

Before Safeguard we used TPAM, which is one identity's product as well. We upgraded but we've been using the overall product since 2016.

What do I think about the stability of the solution?

Overall the solution is very stable. We have not had any major issues on it. It's a nice system.

The only issue I have run into was with our failover two our redundant. There was a pointer to the One Identity platform, it's called an SPP, and it wasn't pointing correctly. But we were able to resolve it. There have really been no issues besides that. Otherwise, everything is very seamless when doing failover and full redundancy.

What do I think about the scalability of the solution?

We can continue to add more VMs to support thresholds. We can certainly scale up with it. It's being used on about 300 servers right now and we have plans to expand to about 200 more.

We have 50-plus people using safeguard right now and they're all in IT. For deployment and maintenance we have one to two people.

How are customer service and support?

We haven't had to use technical support. It's been a solid platform so far.

Which solution did I use previously and why did I switch?

Previous to this, we were using TPAM and, while it worked, it was horrible to work with. When we saw and got a demo of Safeguard and saw that we would be able to approve things from our phones, saw the user interface which was so much nicer — more intuitive, a lot easier to configure — we went from our teams complaining about the old product every day to not hearing one complaint at all. As a matter of fact, I hear compliments about how much they love Safeguard.

The feedback I have had from users has been a lot of compliments about how much they enjoy working in the interface. It's so much easier to use. It's quick. They can get to the point of checking out a server and of being compliant with security requirements, while at the same time being able to troubleshoot an issue much faster than they used to be able to.

How was the initial setup?

The initial setup was a little complex.

What about the implementation team?

We worked with an integrator, Rallypoint Solutions, to accomplish it because we hadn't accomplished it before with Safeguard specifically. The integrator was tremendous. I have nothing but good things to say about Rallypoint. They helped integrate the whole thing. They really had a great understanding of it. We worked with them throughout the entire setup. We were the hands and they were guiding us. Overall, it was very easy to get up and running.

It did take about a week, eight hours a day — so 40 hours — to get fully up and running and everything imported from the old system into the new one, and to make sure all testing and redundancy were done.

The deployment was not disruptive to our privileged users at all. We ran both the old system and the new system in parallel and allowed them to migrate over after a period of two weeks. However, we had most people on it the first week and they loved it. They were eager to get off the old system.

It required no training. I provided step-by-step picture instructions that we had written out and that was it. They were good to go. We did have a strategy in place, if we needed to work with our teams from a training standpoint. We had sessions set up and ready to go where a live person could walk them through it. But none of our IT users seemed to need that. It was very intuitive.

What was our ROI?

We have seen ROI using Safeguard. For example, configuring a session in the old version used to take them 10 or 15 minutes, or more. Not only that, but the live person who was the approver had to be logged into the system. So the requester could actually wait a couple of hours before somebody would be able to log in and approve the session. With Safeguard, it's approved within less than a minute because approvers get the notifications on their phones and are able to review the tickets effectively. They understand what's being accomplished and know that it has a ticket number with more detailed information that they can verify, and they can approve the session right there. The individual gets that approval immediately. We went from an average of from anywhere between 15 minutes and two hours down to less than a minute or two. That's tremendous.

What's my experience with pricing, setup cost, and licensing?

They offer a fair price for a robust solution.

In addition to the standard licensing fees there are costs for Starling, but they're very minimal annually. You need Starling to use the mobile Approval Anywhere feature that is so convenient. So it's worth every dime. That extra cost is so small that it's not really even noticeable.

There are integration costs if you aren't looking to do it yourself. I highly recommend their integrators. They are a little expensive but certainly worth the money.

Which other solutions did I evaluate?

We did evaluate other solutions, but this is the best choice. We went with Safeguard because of the flexibility, the interface, and a more seamless migration from the old system to the new system. And costs were a consideration, obviously.

What other advice do I have?

If you're looking for something that is easy to use with a very intuitive interface — even the administrator interface is very intuitive — I would highly recommend Safeguard. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with.

The biggest lesson I have learned from using Safeguard is to make sure you have enough accounts available for individuals' sessions so that they can check out. The way Safeguard works, an account is created just for Safeguard. Individuals go in as themselves and then they have to check out this account in order for that account to be able to remote to the server. That account would be the only one allowed to remote to the server. But if multiple people have the account checked out for multiple hours, that presents an issue. So keep your session times as minimal as possible. Even for timeout, allow them to change it if they think they're going to use it longer. But the important thing is to make sure that you either have enough accounts or have your session timeouts limited.

We do use the solution's behavior analytics feature, but I wouldn't say that it's too useful at this point for us because we know what their usage is because it has to be done through tickets. For how long they're using it, what kind of configurations they're doing, and what they're doing, the analytics piece of it is more expected for us, as a result. It does help us to identify risky actions without having to create a set of rules or policies, and without any effort on our part. But in our environment, if users don't put in a ticket and provide effective comments, then our approvals group doesn't approve it. There's no automatic approval set up. An individual reviews every request, so malicious use would not be possible.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
VP & Head of Cybersecurity Manager at a financial services firm with 1,001-5,000 employees
Real User
Functionality is straightforward with a simple checkout process and integration of checkout proxy ID
Pros and Cons
  • "It's one of the best products we've seen. When you start looking at the functionality and use cases and usability of the product, it's straightforward. They designed this product with the end-user in mind, and they also had the sysadmin who is supporting the product in mind. They really did a nice job. Overall, it's a nice product to work with."
  • "From a usability perspective, what we are finding out is that our privileged domain admin users, in particular, want functionality for extending a checkout session. So we are working with One Identity support to see if there's an enhancement that can be made to the product."

What is our primary use case?

We started with administrative use cases and we were able to take control of all the local administrator accounts for endpoints and servers. We then started controlling privileged accounts for our domain administrators as well as for any kind of privileged account that had access to our switches, routers, and the like. 

This year we're looking at taking control of all of the servers and application accounts. But that's going to be a longer journey for us because there are a lot more of those accounts, and there is a lot more testing that needs to be done because of the nature of the accounts.

Another use case this year is integrating Safeguard into the SQL database, so we can start taking control of the SA accounts within SQL. 

Furthermore, we have a use case where we are using Safeguard to manage the account for our IIGA solution, which is our identity governance solution. When it creates new users or transfers or terminates users, it's using a privileged account that is being handled by Safeguard.

We have a lot more use cases but these are enough to give you an idea of how we use it.

How has it helped my organization?

We went from a state where privileged accounts were being used and not being monitored or even audited to our situation now where we are starting to monitor these privileged accounts more closely. That's where we show value in the product. Whenever a change is happening, we know because we find it in the logs. Our reporting and monitoring team is looking at it, and they are now starting to question changes that are associated with some kind of ticket or some kind CAB (change advisory board) request. It has improved our visibility for privileged access.

What is most valuable?

We have physical appliances for this solution. We went with that version of it because it was easier for us to deploy it and not have the IT engineers involved with our deployment. We wanted to control everything, from the deployment to the supportability to the usability of the product. I really enjoy the form factor of the appliance because it's definitely a change from the previous version, which was a bigger box. This one is a lot easier. It doesn't take up room on the rack, and it's very efficient as far as resources go.

The ease of use of the GUI is a really nice feature. It has a nice look and feel to it.

The actual checkout process is simple. You log into the portal and you're presented with accounts. That makes that so much easier because you don't have to go searching for stuff. It identifies what accounts you have, you click on it, and you go through the checkout process.

It's one of the best products we've seen. When you start looking at the functionality and use cases and usability of the product, it's straightforward. They designed this product with the end-user in mind, and they also had the sysadmin who is supporting the product in mind. They really did a nice job. Overall, it's a nice product to work with.

We use the Approval Anywhere feature and, through an app, it allows us to approve or deny requests. We don't have that turned on across the board, but we are turning it on slowly but surely. It adds an extra layer of security for critical passwords without adding time-consuming approval processes. That extra layer of security is our "belt and suspender" approach. It's making sure that you are approved to make a change, especially during production hours; it's approved by the person's manager.

What needs improvement?

From a usability perspective, what we are finding out is that our privileged domain admin users, in particular, want functionality for extending a checkout session. So we are working with One Identity support to see if there's an enhancement that can be made to the product. 

There is another area for improvement that I have sent over to One Identity. I said, "Whenever you check out a password, there should be a radio code associated with the password." That's something that we're trying to work on with them. It was submitted as a request for enhancement. Sometimes, you can't tell if an "O" is an "O" or a zero is a zero. If we had a radio code, the person could correctly read that password and make sure that they're not fat-fingering it.

For how long have I used the solution?

We've been using One Identity Safeguard since the end of 2017, so it's a little over two years. I was also a user of the previous version, which was TPAM, for many more years in my previous role.

What do I think about the stability of the solution?

We have never had an issue with the software or even with the appliances.

What do I think about the scalability of the solution?

It's very scalable. It doesn't matter what size of organization you have. If you have an organization of 1,000 or 100,000, the product is going to be scalable to your needs.

In our company, we have sporadic roles and we have about 55 users who are tuned into Safeguard. We're managing over 3,000 privileged accounts. Some of the users' roles are network administrators, IT administrators, help desk administrators, and InfoSec administrators. Our marketing team has users of the product, as they have applications whose passwords are being managed through Safeguard. We have a nice blend of users who are using the product daily. It has really done a good job of keeping up with the demand.

We definitely have plans to expand the usage of the product. Any area that's going to require some kind of privileged account, especially as we go through a digital transformation in deploying cloud services, Safeguard is going to be right there with us and will give us that flexibility to manage those kinds of accounts.

For deployment and maintenance of the solution we have a staff of one who reports directly to me. He's a senior cybersecurity engineer.

How are customer service and technical support?

Safeguard's technical support is one of the better ones that I have worked with. There's always room for improvement, but every time that I do pick up the phone it's been fine. 

Which solution did I use previously and why did I switch?

In my previous role I used Dell Quest TPAM, which was the previous version of Safeguard.

How was the initial setup?

The initial setup was very straightforward because my team had the expertise in deploying a PAM solution, which was TPAM, in the past. This wasn't really that much different. We were able to deploy the full infrastructure, including DR redundancy, without Professional Services.

Because of scheduling conflicts, it took a few weeks to deploy. The main boxes were up within a week, but the full circle of deployment of the product was about a month or so because of those scheduling issues.

Standing up the appliance, plugging it in, and getting started was very straightforward. So kudos to One Identity for really listening to what the user population had to say about TPAM, because it is definitely reflected in the Safeguard product.

In terms of the effect on our privileged users, it's always going to be disruptive when you change something. People don't like change. We introduced this slowly but surely. We took a real "crawl, walk, run" type of methodology. We took the most basic use cases, and then we would update our support documentation to support the product. As we deployed it, we kept finding areas that we needed to document. It wasn't so easy to deploy something that was going to change somebody's workday process flow. But a year later, we're in a different state. It's been adopted and people are drinking from the same water hose.

We had in mind that we needed to handle the local administrator accounts and the privileged accounts, and we moved on from there. We knew that doing the local administrator account, which is really a non-human account, was going to give us the biggest bang for the buck. We knew that was something that we would achieve fairly quickly, and we did.

The training for end-users wasn't that bad. The product is straightforward. When you start working on a product with a lot of the features that you had suggested, in a previous version, be implemented, it's really nice to see that the company is listening to clients and the user population. That helped us in training our employees who use the product. The training was extremely straightforward, and people really caught onto it fairly quickly.

What was our ROI?

We absolutely see return on our investment. We're minimizing the risk of potential insider and external threats. We're managing all the privileged accounts, and we have minimized the risks of an account being hijacked and being used to compromise domains.

We are already seeing the return because we conduct annual penetration tests to see if we're able to compromise the network.

Which other solutions did I evaluate?

We evaluated CyberArk and BeyondTrust in addition to Safeguard. We went through a bake-off and Safeguard had one of the best sets of functionalities. It even had simple stuff for integration of a checkout proxy ID. You could check out the password and then it would just proxy to the endpoint. An example would an SSH session you needed for an account that was checked out.

CyberArk was going to require a lot of resources, both human and infrastructure resources, that we didn't have the bandwidth to take on. BeyondTrust fell short of some of the use cases that we had. One of the use cases was relationship. We had a core team that decided on the product and when the core team did its scoring, Safeguard came out just a little bit ahead of BeyondTrust and well ahead of CyberArk.

What other advice do I have?

Start with your current state. That's what we did. Then, create a roadmap of where you are, where you need to be over the next five years. Once you're able to assess the current state and you have a plan in place, you can pick the product that's going to help you get to that future state.

The biggest lesson I have learned from using this product is to be open-minded in trying to figure out where we could use some enhancements. Just because you choose a product you don't have to be 100 percent, all-in on the product. There is always room for opportunities. Whenever there is feedback or challenges, take them and then see what you can do better. My focus is the end-user who is using the product. We have to make sure that using this product doesn't affect users' day-to-day operations.

We started using the solution's behavior analytics feature but it never really took off because we got overwhelmed with other areas that we needed to address. It's something that is on the roadmap for us to eventually take a look at, or at least refresh the project plan and commit some time and some resources to it.

We are looking to integrate Safeguard with RSA. RSA has a component and we're looking to streamline the metrics around that component. When a product is brought online, there's a way for us to go in and do a scan of that machine or that endpoint. Ideally what should happen is that we'll go to Safeguard, check out a password, push that password to the vulnerability management scanner, and scan it. When that scan is done, it actually checks in the password and rotates it. It's our vulnerability management solution that we're looking to integrate. We're doing a PoC on that right now.

Safeguard is a next-generation tool when it comes to privileged access management. They have done a nice job figuring out all the features that need to be available out-of-the-box. I do have high expectations for Safeguard. I continue to look forward to future releases because I know it's going to get even better.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
One Identity Safeguard
April 2022
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: April 2022.
596,970 professionals have used our research since 2012.
VP Risk Management at a financial services firm with 1,001-5,000 employees
Real User
We can record everything third-party vendors do to ensure that they're only doing the needed changes
Pros and Cons
  • "We are able to log and get reporting on all privileged activity that is being performed. We like the fact that we can leverage the session recording feature, which is especially valuable when we're dealing with third-party vendors that have to remote into our our boxes and servers to do any work on behalf of the bank. Now, we can record everything they are doing to ensure that they're only doing the changes that were needed. In addition, we use it to leverage knowledge transfer with our internal staff."
  • "Some of the out-of-the-box reporting isn't that rich. We spoke to our Safeguard reps who have acknowledged that some of the reporting features can certainly be improved and that we're not the only customer who has cited this. There are very little out-of-the-box reporting capabilities. You have to build the queries and the report. I believe in the next release they're going to be addressing this."

What is our primary use case?

The three main use cases that we have are:

  1. Ensure our human and non-human privilege accounts are locked up in a password vault. 
  2. Have workflows to handle the major types of usage, such as break glass and business as usual. 
  3. Changes in usage of the credentials are tied into approved change requests. 

These drive our first goal to take all our privileged users on the help desk, our local accounts on our desktops, our servers (web servers, app servers, or database servers), and individuals in our network group who do our firewalls, then migrate all these human accounts into Safeguard Password Vault. Last Fall, we went group by group and revised their accounts. We took away any type of privilege account that they had, ensuring that all of these accounts were then migrated to the Vault. They could then check out passwords to facilitate any type of privilege activities they needed to do on behalf of the bank.

We use virtual appliances for this solution, which made sense for us, especially if we will plan to perhaps migrate to the cloud. Right now, it's all virtualized on-premise.

How has it helped my organization?

Anytime new tools and technologies are being brought into the bank, the biggest impact is to the process, procedures, and culture. There is a culture change when any new technology gets rolled out. This solution changes the way we have done the business for many years. We're taking a very controlled, conservative approach in how we roll the technology out.

What is most valuable?

It is working as it's supposed to work. We had a lot of good support from the One Identity team who helped us build it and do a test. 

We are able to log and get reporting on all privileged activity that is being performed. We like the fact that we can leverage the session recording feature, which is especially valuable when we're dealing with third-party vendors that have to remote into our our boxes and servers to do any work on behalf of the bank. Now, we can record everything they are doing to ensure that they're only doing the changes that were needed. In addition, we use it to leverage knowledge transfer with our internal staff.

We use the solution’s Approval Anywhere feature. We do have the Starling 2FA app on our mobile devices. We haven't rolled out the request and approval yet. We want to get people to use it in their daily functions, whether it's business as usual work, break glass, or any changes that they need to make tied into an approved formal change request. Starting in April, we will be rolling out the request and approval phase. Based on the type of change being requested, break glass will need to be approved, especially if they're doing it during the daytime or off-hours. Then, we will have change requests tied into our change-advisory board. Once there's a change that's approved via our CAB process, then that person will be allowed to check out the credentials they need and tie it back into the ServiceNow ticket that was created. This gives us the audibility between when that change was being made and ensuring that it's being performed for its intended purposes. We are taking a crawl-walk-run approach.

What needs improvement?

Some of the out-of-the-box reporting isn't that rich. We spoke to our Safeguard reps who have acknowledged that some of the reporting features can certainly be improved and that we're not the only customer who has cited this. There are very little out-of-the-box reporting capabilities. You have to build the queries and the report. I believe in the next release they're going to be addressing this.

For how long have I used the solution?

We have been using Safeguard in a production capacity for about nine months now.

What do I think about the stability of the solution?

We haven't had any problems at all. 

There was one issue where we had to put a certain fix on and were able to work with the One Identity people. We downloaded the fix and put it onto our dev environment. After it was baked into our dev environment for a day or so, we then scheduled that change to go live into our production environment. That went very smoothly.

Two people are needed for deployment and maintenance. They're both in the cybersecurity area. There's a manager along with a senior cyber security analyst who runs the platform.

What do I think about the scalability of the solution?

The tool does everything that it is designed to do. It is one of the leading privileged access management products out on the market. They rebuilt the whole product, giving it a nice brand a new clean user interface, which is very user-friendly and easy to use. One Identity has done a very good job taking the old product, TPAM, and doing a whole refresh of that tool. We're very happy with the Safeguard product.

We have approximately 50 to 60 human privilege accounts whose roles are everything, everywhere. From the information security department to the desktop people, there are about 12 users in that area. There are about 20 people who comprise our IT engineering group and another 15 or so who comprise our network team. Then, there are the third-party users who have to login on behalf of the bank to do changes for us, which is another 10 or so privileged accounts which have been setup for a one-time usage when a third-party vendor needs to remote into our system. Crawl-walk-run impacts about 30 percent of all the changes being made. Most changes are made to the production environment and need to be done with a privilege account.

How are customer service and technical support?

I would rate the technical support as very good and strong. We're happy with the support we get from our One Identity team. We see it as something that will be accepted more as the culture changes at the bank. We did the human accounts first because with the non-human service accounts there have been challenges this year. You have to tread water very slowly since you have to do a good analysis and understand what these non-human service accounts are used for. It's not just a simple lock them up in a vault type of scenario. It will take us a bit more time to put a plan together beginning in the second quarter to address the onboarding of these non-human service accounts into the password vault.

There wasn't much training required for those who manage the product. It was pretty straightforward. We did do training though. We had a training manual as well as a hour training class with various user groups. Our hour training, manual, and how-to guide along with being able to support issues/concerns via our cybersecurity team was beneficial to the success of the implementation.

Which solution did I use previously and why did I switch?

We did not use another solution previously.

Prior to this Safeguard implementation, we did not know when somebody was using their elevated privileges to do certain features or functions. We only hoped that it was according to whomever the change request was associated. Now that we're able to audit log and record what is being done, we can play back all the sessions to make sure no type of unattended usage of the privilege or elevated credentials were being used. From securing the bank standpoint, it has helped tremendously.

How was the initial setup?

The team shared with us that the initial setup was pretty straightforward.

The deployment took no more time from when we got the servers brought in to when got the software installed. This took a few weeks to get it up, configured, and customized for our needs. Then, there was some sandbox testing which was done, then we started the pilots within the first three months of having the solution stood up.

Anytime you are putting in a deployment change that affects privilege users, it's going to create some problems. That's why we took a very slow approach of taking one user from all of our various groups. We had one person from each of our teams: desktop, network, and IT engineering. We worked with them for about a month. We tried to shake out any bugs and issues that they would have before we gradually rolled it out to others. 

People are very adverse to change. When you have this type of a solution, the technical capabilities of the product along with all the process change creates some issues. However, we expected that.

What about the implementation team?

My role was as head of identity and access management to work in concert with our cybersecurity manager. It is his team who owned and rolled out the technology to the bank. My responsibility was making sure from an identity and access management process that the procedures had been in place and they satisfied our internal and external audit requirements. I'm more of the process guy, not the technician.

What was our ROI?

Being in information security, anytime you can sit down with the board of directors, and say "We now have a more secure bank," there is ROI. The reason: The biggest threat to any bank is an insider threat. Now, with our privileged access, we have them logged, recorded, and locked up in a password vault so we know who's making changes, when they're making change, and why they're making changes. This helps greatly improve the security posture of the bank. That's what we use to sell and justify that it was a good investment for the bank.

Which other solutions did I evaluate?

In addition to Safeguard, we looked at a product by the name of CyberArk and one by the name of BeyondTrust. These were the three products that we brought in for a proof of concept. In the summer of 2018, we made the decision to go with Safeguard. Then, between June and July 2019, we had it up and running, starting pilots and rolling it out accordingly.

When we did our scoring criteria on the three products, all the products were very close. What it came down to was price. We had individuals on the cyber team who had previous experience with the One Identity Privileged Access Management product at that time, which was called TPAM back then. Those individuals had a very good relationship and understanding of that tool. This weighed into our decision as well as cost to go with the One Identity Safeguard solution. It was definitely cheaper than the other two products that we evaluated.

What other advice do I have?

The solution is part of our identity and access management product. We use Saviynt as our identity, governance and administrative tool. We certify all privilege accounts on a schedule basis. There is some integration with our identity and access management platform/program at the bank. It allows us to be in a position where we can identify and detect as well as prevent any type of privilege act that's being used as a threat at the bank. The integration was easy. It didn't pose any problems.

We have had a mixed bag regarding the solution’s usability and functionality. We have had some people who said that the tools worked nicely. They checked out their credentials every morning, use them for the better part of the day. We set the duration for eight hours. Once somebody checks out something in the morning, they pretty much use that password for the entire day. For some groups, this created a problem because of the type of work that they do, such as long running processes. We've had some issues where their password expired while a process was still running. We had to work with our IT engineering group to come up with a different type of the duration for their needs. One Identity has been very good at working with us to help us through these use cases. 

Understand each use case very carefully and thoroughly. This changes the way someone conducts their business. We had to be cognizant of the impact to our day-to-day operations. If I could do it all over again, I would spend more time understanding the impact of a security tool, such as a privileged access management solution. I think we could have done somethings better than we did.

We haven't started to use the solution’s behavior analytics feature, but as we start building up some data, then that puts us in a position to be able to identify any type of exception or anomalous behavior. We haven't built up enough trending data to leverage that functionality at this time.

We are very happy with the tool. I would rate the solution as an eight (out of 10).

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Edouard Camoin - PeerSpot reviewer
Chief Information Security Officer at Outscale
Real User
Provides all the information that we need for an investigation, but the interface needs more organization
Pros and Cons
  • "We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless."
  • "The interface is better now, but it still could be improved a lot. It needs more organization, menus, automatic refresh of information, and Web 2.0."

What is our primary use case?

We are using the virtual appliance. We are a cloud company working widely with virtualization. We provide virtual machine to our customers. When we deploy a new solution, we try to use our system to show our customers that it works for them. That is why we are using a virtual appliance which validates the usage.

For now, we are using it for traceability of access inside the platform because we are a certified company: ISO 27001, SecNumCloud, HDS... We use this solution to monitor the session of our administrator and also to capitalize on incidents. When you have an incident in the night and our Level 3 people are working on it, they don't have the time to document all they do on the platform. The main goal is to have the service up as fast as possible. We are now recording the session, and the morning after the incident, we can see the session and understand what has been done to resolve the incident.

We are using the latest version of Safeguard.

How has it helped my organization?

When we are asked to do an investigation for a server, we have all the information that we need. We never have any problems as all the information is available to us.

What is most valuable?

The transparent proxy is the most valuable feature. When you are connecting to a server inside the platform, the user doesn't need to change their habit. They just have to make small configurations to their workstation, then it is transparent for them. Our users like the solution because it's transparent. Users doesn't need to have interaction with 3DS OUTSCALE IT or security team to work as usual. It's interesting for the users because they don't have to think, "I have to note all that I've done during the incident to remember it".

We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless.

The "transparent mode" allows for better visibility. With its monitoring, we can do investigations which are good for us and improve our system.

What needs improvement?

The interface is better now, but it still could be improved a lot. It needs more organization, menus, automatic refresh of information, and Web 2.0.

An official HashiCorp Vault connector would be very helpful inside the platform.

SSH implementation is not 100% compatible with standard SSH (openssh). For example : JumpHost.

As a result, some options require manual tunning, and complicated user-side configs, where it could be much simpler

For how long have I used the solution?

We have been using it for a long time: six years.

What do I think about the stability of the solution?

It is very stable. We have never had incidents with it. When we lost a connection with our Active Directory, the system continued to work. When we lost the storage on the virtual appliance, we restarted it, then it was fine. Thus, the product is very stable. 

One or two people are needed for deployment and maintenance. For the deployment, it's done by the security team for now. However, in the near future, it will be managed by the operations team.

We upgrade about every two months the latest version.

What do I think about the scalability of the solution?

We don't use the scalability. When we need a new appliance, we deploy it inside another network. We don't need scalability for now, but if we grow quickly, we will need to think about it.

We have about 50 users inside the company, including the security team, operations team, infrastructure team, and Level 1 support.

We are using 75 percent of the parallel session unless there is an incident, then we can use all the slots.

How are customer service and technical support?

I used the technical support once. It was good. I had the answer to my question quickly. I have direct access to the pre-sales team and my account manager. So, I called in and my problem was solved.

Which solution did I use previously and why did I switch?

Yes but we had to quit it because they didn't have what we needed and it was very expensive. 

How was the initial setup?

In the beginning six years ago, we started with a small instance. We used it very simply and learned how to manage it. 

With the newest version that we massively deployed, we had one week to know how to install it and how it works. Now, we know how it works very well.

Install is fairly simple, with basic options.

Configuration requires a little explanation on the way it works but is straightforward too.

What about the implementation team?

We deployed it ourselves.

What was our ROI?

We have seen ROI in terms of time. It's easier for us to investigate incidents, which is helpful. It has improved our performance with investigations. It used to take a month to write an incident. Now, it takes us a week, cutting the time down by a fourth.

What's my experience with pricing, setup cost, and licensing?

Our licensing costs are on a yearly basis.

Which other solutions did I evaluate?

We evaluated CyberArk, which was pretty good, but it is very expensive. CyberArk's interface was better. Also, CyberArk's login was not so transparent. We chose One Identity because it has a transparent login in interruption in the network.

What other advice do I have?

When you use Safeguard in production, it provides traceability and protection around your platform.

I would rate the solution as a seven (out of 10) because of the interface.

I have seen the future of analytics, and it's very interesting. I hope to have the time to try and learn something about that.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IT Security Consultant at a tech services company with 11-50 employees
Consultant
Efficient and stable with excellent technical support
Pros and Cons
  • "The solution's most valuable features are the efficiency and the quality of the recording."
  • "I would like to see an adjustment with more enterprise architecture. You can buy multiple appliances but you can not fully separate different functions, so scaling might be a bit more complicated."

What is our primary use case?

We primarily use the solution for managing and monitoring privileged users, both internal and external.

How has it helped my organization?

Gave much more visibility over who is doing what and more granular control over external support engineers.

What is most valuable?

The solution's most valuable features are the efficiency and the quality of the recording.

What needs improvement?

I would like to see an adjustment with more enterprise architecture. Currently for SPS (SafeGuard for Privileged Sessions) there is only a single appliance option (both virtual and physical). It can be scaled using a load balancer to handle huge amount of sessions (although the device is quite efficient), but it also means you will need to purchase multiple boxes. It would be beneficial to have segregated modules as an option and you could buy and implement them separately. For example: trap module (proxy), audit module (search interface), storage module (store and encrypt recordings), etc.

For how long have I used the solution?

I've been using the solution for over three years with multiple customers and installations.

What do I think about the stability of the solution?

The stability of the solution is good.

What do I think about the scalability of the solution?

If your current architecture is not designed for this, then it can it may be difficult to expand beyond a certain amount. Our current biggest deployment is for thousands of users.

How are customer service and technical support?

Technical support is brilliant. They are very helpful.

Which solution did I use previously and why did I switch?

I was using other solutions in a lab environment for some demos and comparisons, but in real practice, I have not integrated other solutions.

How was the initial setup?

The initial setup is quite straightforward. However, to figure out how to use it, a consultant or an integrator for new users is highly advised.

What about the implementation team?

We're integrators for the solution. We help clients implement it.

Which other solutions did I evaluate?

Yes, I made some comparison on CyberArk, BeyondTrust, SSH and CA.

What other advice do I have?

We use the on-premises deployment model. We're an integrator company for this solution.

In terms of advice, I'd say new users should involve the integrator architecture team from the beginning.  From a technical perspective, you need to have discussions with the network team from the beginning.

I'd rate the solution nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner and integrator
Head of Information Security at a financial services firm
Real User
Enables us to implement encryption protocols across channels
Pros and Cons
  • "The most unique and valuable features are the upstream and downstream throughput capacities; the Safeguard platform provides agile integration. In actuality, all the features are valuable. They're good, user-friendly."
  • "Our experience with technical support has been disappointing. We require more prompt and faster response times. We require answers to our questions right away but we haven't received that level of support."

What is our primary use case?

The primary use case for our One Identity Safeguard solution is to optimize security across private accounts, accounts which can be secured upstream and downstream. The solution enables us to implement encryption protocols across channels. It is designed so that depending on the cryptographic case, different policies can be applied in correlation. 

How has it helped my organization?

I don't think it's improved our organization internally. I've had to suspend workflows and focus my time and attention on creating technical, instructional, documentation regarding user procedures and practices.

What is most valuable?

The majority of the features offered with this solution are the same as with other similar systems. The most unique and valuable features are the upstream and downstream throughput capacities; the Safeguard platform provides agile integration.

In actuality, all the features are valuable. They're good and user-friendly.

What needs improvement?

The technical support for this solution needs to be immediate, intuitive, and responsive especially as it refers to supporting ticket submissions and processing.

Furthermore, we've had trouble understanding how certain policy framework applies. I would like to see clearly laid out policies or better support and explanations around policy dynamics.

The stability and downtime of the solution could also be upgraded to include a messaging function which would give users a clear understanding of what's happening without having to navigate to a particular section of the page.

Lastly, I would also like to see the price reduced.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It's very stable. There are about 150 users, mostly administration, currently using this solution in our company. We don't encounter many problems with the system.

What do I think about the scalability of the solution?

I am encountering issues when it comes to the scalability of the solution.

How are customer service and technical support?

Our experience with technical support has been disappointing. We require more prompt and faster response times. We require answers to our questions right away but we haven't received that level of support.

How was the initial setup?

The initial setup was very easy. We followed the given instruction protocol. We also used white papers when necessary for clarification and better understanding. It only took us one month to implement.

What about the implementation team?

We used an integrator for the deployment. It was a good experience. 

What's my experience with pricing, setup cost, and licensing?

Setup cost, pricing and licensing are all very expensive.

What other advice do I have?

We are very pleased with the Safeguard platform feature. You can't find this technology anywhere else.

On a scale from one to ten, one being the worst and ten being the best, I would give this product a nine rating. If the technical support was better I'd give it a 10 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Department at a financial services firm with 10,001+ employees
Real User
Supports Linux and the scalability is great

What is most valuable?

One of the most valuable features is that it supports the Linux operating system. Also, the transparent mode for privileged sessions is a very good solution.

What do I think about the stability of the solution?

On a scale of one to ten, the stability is an eight.

What do I think about the scalability of the solution?

The scalability is great.

How are customer service and technical support?

Technical support is great. We use the case platform.

Which solution did I use previously and why did I switch?

We didn't switch from another product. Using this solution has been a great decision in helping with our tasks.

How was the initial setup?

Deployment of the solution took two to three months. Our engineers installed it.

What other advice do I have?

It's a great product for our industry, which is banking.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at Controlware GmbH
Consultant
There is a very logical, clear user interface, and the integration of scripts is thoughtfully implemented
Pros and Cons
  • "It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage."
  • "The technical support is tremendous."
  • "The high availability function of the box requires a long time to switch over from one appliance to another."
  • "The automated change of the passwords, which is now integrated, could be improved to be more flexible regarding different systems."

What is our primary use case?

The primary use case for our customers is to monitor and audit external vendors, as well as keep track of internal actions when privileged user accounts are being used to access systems internally.

How has it helped my organization?

For our customers, it's much easier for them to be in line with audits. A lot of our customers work in the medical field, where it is important for them to keep track of external vendors, e.g., maintaining medical appliances inside of a hospital. This solution gives them real confidence that they can keep their customers safe and their data protected.

What is most valuable?

There are a variety of protocols that it supports.

The video-like stream and audit capabilities, in combination with its indexing capabilities to search for critical events quickly, are valuable features.

The transparent mode for privileged sessions is really nice because it keeps the integration quite smooth. Also, users don't have to change the way that they currently are used to working. 

It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage.

What needs improvement?

There are some features which are still missing compared to other competitors. For example, some customers need legacy VPN authentication capabilities.

The automated change of the passwords, which is now integrated, could be improved to be more flexible regarding different systems.

What do I think about the stability of the solution?

The overall stability has improved quite a bit throughout the years. The appliances run well, both virtual and physical. The product is pretty good, especially compared to other vendors and products.

What do I think about the scalability of the solution?

Because of the nature of the connections being monitored, you can load balance it quite well. It is easy to shift the load from one appliance to another. However, the high availability function of the box itself requires a long time to switch over from one appliance to another. So, there is room for improvement

How are customer service and technical support?

The technical support is tremendous. For large projects, we have had some challenges, but we were never left alone by the vendor. Also, in one case for a small customer, One Identity assigned one engineer to help with assessing the AD infrastructure of our customers, which was really helpful.

How was the initial setup?

The install and deployment are quite rapid. For a smaller project, sometimes it only takes us about two to three days to implement and get the policies inline. For larger projects, it's actually also not that long for the appliance itself. The product requires a lot of changes on the management side, how vendors work, and how you need to counsel people how to use it, especially in Germany. Then, they are monitored, which is the quite larger portion of it.

For our implementations in Germany, we implement an explicit model most of the time. Therefore, the transparent mode for privileged sessions has not been used that much in my projects.

What other advice do I have?

Look at the entire portfolio, since it has changed so rapidly. The capabilities have improved quite a bit. You need to make sure not to miss out on any features.

The Approval Anywhere for Privileged Passwords is a really good concept, because it enables admins to do other work, be more flexible, and work from home. However, we don't have any real experience with it yet, as we are looking into it at the moment.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Cedric Jolivet - PeerSpot reviewer
Identity & Access Manager at Reist Telecom Gmbh
Real User
We are able to demonstrate what has happened on systems and who did what, but we want to be able to generate CSRs from the interface for certificates
Pros and Cons
  • "The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between."
  • "The system is easy to manage, as it is not a system that you will change everything all of a sudden. It evolves most of the time with customer requests."
  • "For some users, the physical appliance has been a bit buggy."
  • "We would like to be able to generate certificate signing requests (CSRs) from the interface for certificates."

What is our primary use case?

We primarily use One Identity Safeguard for Privileged Sessions (SPS) for managing our customers' access to their critical systems.

How has it helped my organization?

We are able to demonstrate what has happened on the systems and who did what, when we have to investigate, in regards to audits using evidence.

What is most valuable?

  • Acting as a proxy
  • Session encryption
  • Flexibility of usage

The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between. Thus, it is transparent for them.

The system is easy to manage, as it is not a system that you will change everything all of a sudden. It evolves most of the time with customer requests.

What needs improvement?

  • We have not yet found the solution to be extensible through cloud-delivered services.
  • Our external indexers are able to integrate with a hardware security module (HSM), which is good. What we have now requested is the integration of HSM with the SPS solution to be able to not have to manage certificates and the private key outside of any tamperproof system.
  • We would like to be able to generate certificate signing requests (CSRs) from the interface for certificates. 
  • We would like to be able to manage the lifecycle of the archived audit traits. If they are on the box, the cleanup and archiving policies are applied, as soon as they are archived on the external share, this does not apply. We need our customers to not have to manually delete these archives.
  • From a web interface perspective, we would like to be able to duplicate connections, so we can reorder them.

What do I think about the stability of the solution?

We have not had a major issues regarding stability once we migrated our users onto the virtual solution. However, for some users, the physical appliance has been a bit buggy.

What do I think about the scalability of the solution?

As of now, we use mainly virtual and have not tested the scalability and high availability, because it is a new thing.

How are customer service and technical support?

The technical support is good. There has been great improvement to all the knowledge base articles available. Therefore, we are able to find a lot of solutions already when we create support requests.

It takes us a long time to make the people from product management and development to understand our needs, e.g., integrating this product with HSM.

Which solution did I use previously and why did I switch?

Because we are a service provider, we have to demonstrate that our systems are really tamperproof. We had that experience previously, and now again, with One Identity SPS, as the product fits our needs.

How was the initial setup?

The initial setup is quite simple, not complex. The installation documentation is good, so the installation is okay. You just need to read the documentation, understand how it works, and how it has to be integrated. Once you do your homework, it's quite easy.

What about the implementation team?

We are the integrator for the deployment.

To install and deploy the solution for the customers, we count one day for a workshop with all the people involved: network, business users, IT, support, etc. Then, for the implementation, it can take another one to five days.

What was our ROI?

It is the life of our customers because it brings a lot of security. So, the return on investment is really on all aspects of compliance, security, and audit.

Which other solutions did I evaluate?

We implement this solution upon customer request.

What other advice do I have?

Test it and its competitors. You will probably choose SPS.

Both the search functionality and speed have been greatly improved.

We are not using privileged passwords.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
IDM Architect at a tech company with 10,001+ employees
Real User
Extensible authentication framework enables use-case-dependent MFA
Pros and Cons
  • "The extensible framework for authentication is one of the most valuable features. We use an MFA plug-in and a lot of different factors, depending on what the business use-cases are. And of course, the auditing functionality is also valuable."
  • "Even though we have two nodes, there's no way to do an upgrade without taking everything completely offline. It would be nice if they could improve that."

What is our primary use case?

We use Safeguard for privileged sessions. It's primarily used as a solution for accessing our production environments.

How has it helped my organization?

We were able to take an environment where we had several hosts managed by different people and consolidate that into a single, centrally managed solution.

What is most valuable?

The extensible framework for authentication is one of the most valuable features. We use an MFA plug-in and a lot of different factors, depending on what the business use-cases are. And of course, the auditing functionality is also valuable.

We have also found the solution to be extensible through cloud-delivered services. It's worked out well. The SPS instances we use are located on-premise, but we can still utilize them to access resources in the cloud. That's not a problem. We haven't deployed any SPS itself in the cloud, but it works fine for our cloud environments.

What needs improvement?

Feature-wise, right now, it has most of the features that we're looking for. It could improve a bit on the management side of things. One example would be when doing an upgrade. We have a highly-available appliance spare, and even though we have two nodes, there's no way to do an upgrade without taking everything completely offline. It would be nice if they could improve that.

What do I think about the stability of the solution?

The product has generally been stable. We have had some issues, mainly due to the types of traffic. Our end-users are doing different things through SSH tunnels that were not expected on the appliance. We've been working with support to resolve that.

What do I think about the scalability of the solution?

The product is scalable.

How are customer service and technical support?

Tech support has been great. They've been responsive and knowledgeable, so we've been happy with them.

How was the initial setup?

It took us about three or four weeks for the initial setup and deploy. Part of that was developing a plug-in for the multi-factor authentication. We were able to do it in a way that wasn't disruptive, with our current infrastructure. At their discretion, the end-users were allowed to move over, one-by-one. After we deployed it, it took about two months for all of the users to actually migrate over to using it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user841344 - PeerSpot reviewer
System Consultant at a tech services company with 1,001-5,000 employees
Consultant
The initial setup is very easy

What is our primary use case?

Privileged management. 

How has it helped my organization?

Administrators can administrate the privileged accounts. It is a safer way to monitor the administrators.

What is most valuable?

Its hardware and compliance.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Stability is very good.

What do I think about the scalability of the solution?

Scalability is very good.

How are customer service and technical support?

The customer service and technical support are very good.

How was the initial setup?

The initial setup is very easy.

Which other solutions did I evaluate?

I compared different solutions, like Oracle.

What other advice do I have?

It is a good solution, but it needs more marketing.

Most important criteria when selecting a vendor:

  • The support
  • How long the product has been in the market.
Disclosure: My company has a business relationship with this vendor other than being a customer: Quest partner.
it_user589470 - PeerSpot reviewer
IT Security Engineer
Vendor
Flexible modes can be integrated into the customer infrastructure and it supports multiple security officers.

What is most valuable?

Flexible modes are easily integrated into the customer infrastructure. It's easy to find needed information and the indexer does a good job.

Secure replays: Balabit SCB supports multiple security officers (something like senior and junior officer), who can encrypt upstream, and downstream flows, with different SSL certificates. For example, one officer can see replays, and another officer can only see replays by pressing on a key.

How has it helped my organization?

When I worked in a bank, it greatly facilitated the control admins and reduced the length of investigations.

What needs improvement?

With release 4f4a, I am pleased with the changes. The developers have spent a lot of time optimizing the interface for the convenience of users and it’s functional. Now, I think the best way to improve it will be to optimize the software, because the software begins to consume more resources (physical).

For how long have I used the solution?

I have been using Shell Control Box for more than two years.

What do I think about the stability of the solution?

By the new releases, I see that it uses some more resources, but this time it's not affected anything.

What do I think about the scalability of the solution?

We have not had any scalability issues.

How are customer service and technical support?

I rate technical support 5/5. They are quick and informative.

Which solution did I use previously and why did I switch?

I tested many another products, but there was an issue about productivity, which was critical to our choice.

How was the initial setup?

Initial setup was easy. There was step-by-step preinstalled software, which took two minutes.

What's my experience with pricing, setup cost, and licensing?

I think it's individual by owner and product.

Which other solutions did I evaluate?

We evaluated CyberArk and Splunk.

What other advice do I have?

Develop product functional and implementation methods.

Disclosure: My company has a business relationship with this vendor other than being a customer: We sell BalaBit products.
it_user598935 - PeerSpot reviewer
Chief Technology Officer & Solution Architect at a tech services company with 51-200 employees
Real User
I like the support for many protocols, full OCR indexing and non-agent approach.

What is most valuable?

  • Fully transparent for users.
  • Supports many protocols.
  • Full OCR indexing: You can find anything that happened in sessions, including commands, programs opened, etc. Without OCR, you would only be able to find who did which sessions, but not the content of the sessions or what admins have been doing.
  • Non-agent approach: A very important feature that is able to monitor access to devices which are not computers, such as switches, firewalls, or any device which uses SSH, TELNET, HTTPS. You are able to monitor access to the Internet by web browser, because SCB can work as a HTTP/S proxy.

How has it helped my organization?

Our customers use it to provide full privileged-access monitoring for external users/administrators, so they are fully compliant and still have easy access to external user’s activity.

What needs improvement?

VMware PCoIP protocol support: Many customers are switching from normal computers/environment to VDI infrastructure and some of them are switching to VMware Horizon that uses PCoIP protocol, which is not supported right now.

Central management for more SCB boxes: If you have many boxes in a customer infrastructure (right now we have one customer of this kind in POC and they will need eight boxes) with the same configuration/purpose, you have to do everything 8x. I know this feature is on the roadmap, but nobody knows when it will be available.

For how long have I used the solution?

I’ve been using Balabit for six years.

What do I think about the stability of the solution?

We have not had stability issues.

What do I think about the scalability of the solution?

We have not had scalability issues.

How are customer service and technical support?

I give technical support a 4.5/5.

Which solution did I use previously and why did I switch?

We did not use any previous solutions.

How was the initial setup?

It was super easy to deploy, not complicated, and did not have the hidden Capex that competitors do!

What's my experience with pricing, setup cost, and licensing?

It’s an easy license model; you can choose virtual or hardware appliances.

Which other solutions did I evaluate?

We evaluated ObserveIT and CyberArk.

What other advice do I have?

Try more functions and use them! It’s a very powerful product; much more complex than all other competitors. But, almost all companies use it on less than 30% of their infrastructure.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are Diamond Partner, but my own experience with Balabit and their SCB predates our company.
PeerSpot user
PreSales Engineer at a tech vendor with 201-500 employees
Real User
It offers four-eye and gateway authentication with a real-time audit capability.

What is most valuable?

Monitoring and controls privileged access to remote server/appliances for RDP/SSH/HTTP/ICA/VNC protocols

Four-eye authentication and gateway authentication with real-time audit capability

Credential storage and user mapping policies

Inband destination selection with DNS resolve/mapping internal resources

Detailed audit search capability into proprietary video stream for all protocols supported with keylog functions

How has it helped my organization?

  • Improved security
  • Detailed audits for support/maintenance activities done by admin/technician and third-party engineers
  • Drastically reduced unauthorized and improper use of systems and servers

What needs improvement?

The only improvement would be to manage more concurrent sessions.

For how long have I used the solution?

I have been using it for four years.

What do I think about the stability of the solution?

I have not encountered any stability issues.

What do I think about the scalability of the solution?

I have encountered scalability issues. The system needs to be properly analysed before putting it into production. Supported protocols have different needs in terms of computing power, and this directly impacts the number of concurrent sessions that can be managed.

How are customer service and technical support?

Customer Service:

absolutely perfect

Technical Support:

Technical support is 10/10, absolutely.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

The initial setup is straightforward, but you need to have a pre-defined plan, know how to implement authentication or the authentication store if used, and also how to do network integration.

What's my experience with pricing, setup cost, and licensing?

I don't know about pricing, but licensing is based on concurrent session through SCB.

Which other solutions did I evaluate?

Before choosing this product, I did not evaluate other options.

Disclosure: My company has a business relationship with this vendor other than being a customer: i'm working as system integrator, for Balabit products in Italy.
Buyer's Guide
Download our free One Identity Safeguard Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2022
Buyer's Guide
Download our free One Identity Safeguard Report and get advice and tips from experienced pros sharing their opinions.