What is our primary use case?
We use this solution to separate the office environment from the production environment with a secure network zone. All user sessions go through One Identity Safeguard before they can reach the production environment. All sessions are audited and they are indexed/searchable through the GUI. Some of the data are transferred to our SIEM solution. For the moment we use the product for RDP and SSH sessions. We are going to use it for Citrix farms also in transparent mode.
How has it helped my organization?
All user sessions are going through Safeguard. They are all audited and secured with forcing the minimum security settings on the side of the user. With this setup, you can easily secure all of the connections to the production environment from the office. Especially if you have a lot of different places connecting to the production environment, it is a PCI DSS requirement that you secure the flow. In our company we already audited the product as part of the PCI DSS certification.
What is most valuable?
The most valuable feature is auditing the sessions. All of the sessions (RDP, SSH, Citrix) can be audited and replayed on demand.
Complete indexing on SSH sessions means that all commands are searchable after indexing.
What needs improvement?
Management of the farm of appliances. When you have more than one server to handle the traffic, you need to configure everything on each console and maintain seperately. The cluster feature is coming in the next versions, until then you can handle with some scripts but its not straight forward. In case you want to use a farm of appliances instead of one you should consider this.
Monitoring of the platform should be easier and more functional so that you can have a clear picture of the running service. Again when you have a farm of appliances you need to have all the monitoring data centrally so you know what is happening with the overall service. This feature is missing. You have to go on each server to see what is the status there.
For how long have I used the solution?
We have been using this solution for two years.
What do I think about the stability of the solution?
This is an extremely stable product. Outages depend only on your environment. The service can run smoothly forever, depending on your company's setup and possible maintenance outages.
What do I think about the scalability of the solution?
No problem to scale. It's always a good option to use a load balancer in front of the solution to handle the traffic.
How are customer service and technical support?
Our experience with technical support has been extremely good.
Which solution did I use previously and why did I switch?
This was the first implementation of such a product in the company.
How was the initial setup?
Setup is straightforward as long as you plan correctly.
What about the implementation team?
The initial setup was with the vendor. They have extremely good knowledge of the product and provide good support.
What was our ROI?
This solution provides PCI-DSS compliance, so ROI can be considered very good.
What's my experience with pricing, setup cost, and licensing?
The full license is expensive but if you plan to use it in a big organization then it is the best option because it is more flexible.
Which other solutions did I evaluate?
More options where evaluated, like Centrify and CyberArk, before we choose this solution.
What other advice do I have?
Before you decide, do a full analysis of your requirements and see if the product fulfills them. Performing such an analysis after the fact is going to be difficult.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Which version of this solution are you currently using?
Securely store, manage, record and analyze privileged access
Prevent security breaches and limit damage by putting in place a privileged access management solution. Get a free 45-day trial, or request a demo of One Identity SafeGuard.