ARCON Privileged Access Management Pros and Cons

It gives us a lot of comfort in terms of security level. Our infrastructure devices and servers are secured and nobody can have unauthorized access to them.

The best part of this product is the administrator convenience. The portal is very user-friendly. An administrator can use it very easily.

After storing the administrator password in this password vault of the solution, the solution can automatically go and change the password based on the defined frequency with the defined complexity.

It is recording video records for Windows and command-line reports for others, Linux and AIX, of whatever activities being carries by that particular administrator.

For compliance, each change I do, in each of the servers, is clearly recorded. We recently faced an audit and this was an awesome feature. Even our auditor had praise for it saying, "This is really a good feature."

The user interface, overall, is really good. If I have some 20 servers in my ID, I can easily see for which servers I have read-only access, for which servers I have prompt-access, and for which servers I have server admin access.

Previously, we had to go through some effort to change the credentials of our devices. The process was subject to human error... For things like managing credentials, some kind of register had to be maintained. With the Password Vault of ARCON, all these processes are automated. The credentials are changed, as per the schedule. The information is encrypted, kept in our vault, and sent to all the email addresses within the ARCON solution itself.

With this log available, we can drill down to the activities performed by the people within our kiosk. There is a great feature where in the case of Unix servers, we have our own text-based logs. In the case of Window's server, we cannot create a text-based log, so our kiosk takes the screenshot or picture of the screen when I am working. It does this every three seconds.

The initial setup was very simple. There was only one server we had to setup. We needed to store all the passwords, and a secure database is used.

One important feature is the administrator access, mainly for Windows machines as well as Linux machines. It is important for us because there is accountability associated with each user ID. And the recordings are also helpful.

It was very easy for us to move this application and database from on-premise to cloud, as well as configure new things, such as load balancing. The product is very compatible.

Video and audio logs are there for any activities that the privileged admin carries out.

The entire conversation that is happening between the servers and the client is recorded. It is a good feature if you want to do some analysis, and for investigation.

The video logs help us to identify any misuse of privileged accounts.

If you take Microsoft hypervisor - which comes with its own interface, its own web layer, etc. - something like that also requires privileged IDs. As per our institution policy now, everything has to come through ARCON. We have demanded that these kind of advanced features also should be there.

This product is lacking in terms of dashboarding analytics and should have user behavior analytics. It should also have better dashboarding for executive management and security managers, which this product is missing.

Anti-bridging should be built into product.

One thing which needs improvement is where it is keeping video logs of Windows Servers, whatever activities are being carried out by the administrator. Because Windows logs are a video, they are unsearchable, so if you need to search for a specific administrator and what he has done on a server, right now you need to go through different video logs of that particular timeframe. I think they are coming up with an additional feature where in it can be indexed and can be searchable.

There are no APIs readily available... I'm working on automation for ARCON so that whatever the ARCON administrator is doing will be automated, rather than having to do it manually. For that, I had to spend months to get the API developed myself. Having that handy out of the box, that would really help...

Currently, we can manage only the SSH or RDP connections, but there are many more devices that are present, apart from our SSH and RDP. We want all this to be part of the ARCON solution. For the password management, they should increase the pool of supported devices, they should have more connectors.

Currently, along with the upgrade of the ARCON solution, we have to consider the desktops and the endpoints from where the solution will have to be accessed. We have to upgrade those endpoints and desktops as well. So upgrades are not smooth.

The auto-password change feature which was recently added. It is supposed to change the password. However, in some cases, while changing the password, it has caused me to lose to connection due to network-related issues or something similar. What we need to have is a type of log for failure of password change.

It should be browser-agnostic and, frankly, it is working well on Internet Explorer. It should work on popular browsers like Mozilla and Firefox.

I would like to see a "wild card" kind of a feature or something that would enable us to search the video.

It would be helpful to have a "Favorites" list. For example, if I have 100 servers but I only go to 10 servers frequently, a Favorites list would allow me to go through those ten servers only.

For the in-house built applications, they need to provide good, solid access through their portal.

We expect improvement in the dashboards to provide visibility of password compliance status, whenever a password is opened from the vault. Also, flexibility to customize the live dashboard.

We would like to see support for privileged accounts used in web-based systems like Blue Coat Secure Web Gateway, VMware ESXI management tools, etc.

They need to support all web browsers. At the moment it only supports Explorer, IE. They have to come up with a solution to support all browsers.