Leiberman RED Identity Management [EOL] Review

Runs pre-configured operations with little human intervention.


What is most valuable?

The solid-state aspects of the platform. Once properly built out, the ERPM environment will run pre-configured, complex operations with little human intervention.

How has it helped my organization?

We have benefited as follows:

  • Automation of the rotation of privileged credentials across the enterprise
  • The Active Directory discovery almost always uncovers previously undiscovered accounts that are running processes in the environment
  • Provides visibility of all accounts and secures them: This greatly reduces the attack surface
  • Ability to manage passwords on multiple platforms – Windows, Linux, cloud-based and on-premise from a single pane: This is conducive to sound security practices.

What needs improvement?

The included session recording is not very robust.

The session recording feature is supplementary to the core product. It is an implementation of Microsoft Expressions and IIS Media components, freely available from Microsoft, that plugs into the ERPM product.

With this enabled, sessions that are launched through the ERPM Application Launcher can be recorded, using those free MS components and the exposed ERPM web service.

It records simple, flat Windows Media Viewer format files, and is suitable for very basic recording needs. It is not a very scalable or robust offering and offers no session management capabilities.

ERPM can run without this component enabled. ObserveIT integrates very well with the product and provides true robust recording and management capabilities. The product integrates successfully with Balabit as well.

For how long have I used the solution?

I have used the product for thirty months.

What do I think about the stability of the solution?

We did encounter a few issues. Versions 5.5.0 and 5.5.1, which were feature releases, experienced some issues. These seemed to be alleviated by Version 5.5.2.

What do I think about the scalability of the solution?

We did not encounter any scalability issues. Through zone processors and proper hardware scaling, I never saw any limits to the capacity of the product. It is built to be scalable to a virtually infinite capacity. One customer tests this almost daily and is able to support large environments with ERPM.

How is customer service and technical support?

I would give technical support a rating of 10/10. They are 100% U.S. based in Austin Texas. Their guys are top notch.

Which solutions did we use previously?

I didn’t use another solution previously.

How was the initial setup?

The initial setup was mixed. The product requires a SQL backend and SSL certificates. This is simple enough to provide, but most organizations manage those assets outside of the group that ends up implementing ERPM.

There is usually some internal pain getting all the people that need to be involved on-board. But once these pieces are in place, along with the SSL certificates and SQL backend, the setup is a snap.

What's my experience with pricing, setup cost, and licensing?

Do a full PoC in production. The AD discovery data alone usually shows people the true scope of their password issues. It will also reveal how many licenses will be needed.

Workstations, which are often an afterthought, are an attractive attack surface. I would include them in the PoC as well. The licensing for workstations is pennies on the dollar compared to servers.

Which other solutions did I evaluate?

We evaluated Lumension, but everyone in my organization was pretty sold on ERPM.

What other advice do I have?

Do a full PoC, compare it to other products, and ensure that ERPM or competing products will integrate well into your current security operations and owned systems.

ERPM has a full suite of API integrations, and any competing products considered should have that as well.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email