One Identity Safeguard Review

Session auditing and replay capabilities help to secure our production environment


What is our primary use case?

We use this solution to separate the office environment from the production environment with a secure network zone. All user sessions go through One Identity Safeguard before they can reach the production environment. All sessions are audited and they are indexed/searchable through the GUI.

How has it helped my organization?

All user sessions are going through Safeguard. They are all audited and secured with forcing the minimum security settings on the side of the user. With this setup, you can easily secure all of the connections to the production environment from the office. Especially if you have a lot of different places connecting to the production environment, it is a PCI DSS requirement that you secure the flow.

What is most valuable?

The most valuable feature is auditing the sessions. All of the sessions (RDP, SSH, Citrix) can be audited and replayed on demand.

Complete indexing on SSH sessions means that all commands are searchable after indexing.

What needs improvement?

Management of the farm of appliances. When you have more than one server to handle the traffic, you need to configure everything on each console and maintain seperately. The cluster feature is coming in the next versions, until then you can handle with some scripts but its not straight forward. In case you want to use a farm of appliances instead of one you should consider this.

Monitoring of the platform should be easier and more functional so that you can have a clear picture of the running service. Again when you have a farm of appliances you need to have all the monitoring data centrally so you know what is happening with the overall service. This feature is missing. You have to go on each server to see what is the status there.

For how long have I used the solution?

We have been using this solution for one year.

What do I think about the stability of the solution?

This is an extremely stable product. Outages depend only on your environment. The service can run smoothly forever, depending on your company's setup and possible maintenance outages.

What do I think about the scalability of the solution?

No problem to scale. It's always a good option to use a load balancer in front of the solution to handle the traffic.

How are customer service and technical support?

Our experience with technical support has been extremely good. 

If you previously used a different solution, which one did you use and why did you switch?

This was the first implementation of such a product in the company.

How was the initial setup?

Setup is straightforward as long as you plan correctly.

What about the implementation team?

The initial setup was with the vendor. They have extremely good knowledge of the product and provide good support.

What was our ROI?

This solution provides PCI-DSS compliance, so ROI can be considered very good.

What's my experience with pricing, setup cost, and licensing?

The full license is expensive but if you plan to use it in a big organization then it is the best option because it is more flexible.

Which other solutions did I evaluate?

More options where evaluated, like Centrify and CyberArk, before we choose this solution.

What other advice do I have?

Before you decide, do a full analysis of your requirements and see if the product fulfills them. Performing such an analysis after the fact is going to be difficult.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See it in Action

Learn More About Safeguard

Add a Comment
Guest
Sign Up with Email