Thycotic Secret Server Review

Discovering passwords which are expired or changed and enforcing password policy compliance.


What is most valuable?

  • Heart beats – it tells me when passwords on file are no longer working. This could be an oversight, but could also be a sign of hacker activity.
  • Secret Expiry – reports on passwords that haven’t been changed and may be out of policy.
  • Remote Password Changing – along with Secret Expiry, this enables me to stay compliant with password change policies.
  • Network Discovery – scans networked machines for accounts, bringing machines in to password policy compliance, and uncovering unknown or backdoor accounts. It also enables the discovery of the total reach of an account, i.e. a service account for which you dare not change the password as you don’t fully know the implications of missing an instance of the account that could fail critical operations.

How has it helped my organization?

We previously had a very lax password policy, and passwords were stored in Excel spreadsheets. Passwords were often not documented, or the documented password was not updated if changed. We now have a much stricter, safer password policy. Secret Server has improved security, productivity and helped achieve a much higher state of compliance.

What needs improvement?

Session recording could offer more control and block certain actions or commands.

I have experience of other products that focus on session recording, so I’m aware of what advanced functionality can be achieved.
Specifically, I’m referring to:

* blacklisting and/or whitelisting certain commands
* OCR capabilities

Now I know these aren’t currently supported, but they may be available in future releases.

For how long have I used the solution?

We have used this solution for more than three years.

What do I think about the stability of the solution?

Very occasionally indexes won’t contain all the search results expected.

What do I think about the scalability of the solution?

We have not encountered any scalability issues as this is a highly scalable product.

How is customer service and technical support?

Technical support is good. Online and offline documentation is clear and well written. Support technicians are punctual and friendly.

Which solutions did we use previously?

I have worked with customers of other solutions. They found it hard to separate accounts assigned to the same asset for different teams. For example, a server has SQL and database accounts. These credentials would all be visible to anyone with access to the server asset which isn’t a desirable situation. DBA has access to a local administrator account. Server admin has access to the payroll DB account!

How was the initial setup?

Based entirely on the Microsoft stack (IIS, MS-SQL), installation is quick and easy.

What's my experience with pricing, setup cost, and licensing?

Pricing is very flexible. Download the free trial version. You can downgrade to the free version (it’s free for life!) or pay for the exact feature set you require.

Which other solutions did I evaluate?

We evaluated LastPass Enterprise, RoboForm, Password Manager Pro, Kaspersky Password Manager and CyberArk.

What other advice do I have?

I’d recommend you engage a reseller to discuss your requirements, and download the free trial version.

Disclosure: My company has a business relationship with this vendor other than being a customer: I work as a security consultant for Satisnet Ltd, a Thycotic reseller. We chose to engage with Thycotic after a lot of research in the PAM space for a large corporate customer.
Add a Comment
Guest
Sign Up with Email