Some options are required in the tool, especially to help in scenarios where if a user's ID gets locked, that person cannot unlock the ID from ARCON Privileged Access Management. Even the technical team in my company cannot unlock any locked ID with the help of the tool. Even if there is an admin password, ARCON Privileged Access Management releases it using its functionalities, allowing users to generate a password during an emergency. If an ID gets locked, the tool cannot unlock it, making it an area where improvements are required.

One common problem I faced with ARCON PAM was compatibility issues with certain software versions. For example, if a user was using a non-supported SQL version, they would encounter errors. Resolving these issues often involved troubleshooting for days, and if no solution was found, we had to raise a ticket with the OEM for a patch. Additionally, there were occasional issues with password resets.

I would like for it to be dependent on Windows as opposed to Linux.

Sometimes, ARCON Privileged Access Management's website would crash. So, because of this, video logs and other such related things are not captured. Sometimes, we face certain performance issues while using the solution.

Apart from the aforementioned details, to make it better in terms of features, we need a backup strategy.

In the product, different things are available. Now there are other products, and there are similarities between those other products. So, they will have that script done. What we usually do is if you run the script, it will take one backup and keep it somewhere. So, we need that backup strategy since it is important.

Bulk password automation is not available in ARCON when compared to other products, and the cloud service is not intuitive for this behavior. For me, these could be some areas of improvement. 

Sometimes it gets stuck between servers and I would like to see this improved in the future.

ARCON Privileged Access Management lacks a notification feature. The solution is very complex to use, and its product flow is not that good. ARCON Privileged Access Management is not a user-friendly solution, and the application flow from one screen to another is very complex. You need high expertise and skills to use the solution.

A few areas for improvement in ARCON would be performance optimization, ensuring smoother management. Also, clarity on licensing mechanisms, particularly regarding user accounts, could use some improvement. It would be great if these details were readily available on the website for easy access and communication with customers.

Compared to BeyondTrust, ARCON Privileged Access Management fails to provide its users with functionalities like managing AD Bridging and addressing the OT assets from an OT standpoint, including operational technology devices. The solution lacks to offer a governance mechanism for operational technology assets. ARCON has not addressed all of these areas where they lack, while BeyondTrust has a solution for the unaddressed issues by ARCON.

There are some features lacking but they typically are added when the upgrades are released.

I'll provide feedback on additional features after the project is completed. I think it would be better to comment on that after the implementation is finished.

The tool is giving an error while accessing the services. I need to modify the DLP file, which involves altering the coding for development purposes. Others may modify some reports. ARCON is dependent on these modifications. As an admin, I cannot edit & customize reports. When I request a personalized report from ARCON, the report template provides the changes.

While some features have been added, the video-capturing functionality for PAM is currently limited to Linux-based systems. When using Windows RDP or Windows-related solutions, command retrieval is not available, allowing users to execute the delete command without capturing the action. It is recommended that video-capturing capabilities be expanded to Windows environments to address this issue. Additionally, enhancing the video log functionality to enable faster and more efficient identification of user actions would be beneficial.

I think hazard flow could be improved, the data compliance part. We need to ensure that no data from any of our users is being accessed or compromised by any privileged user or a team member. There are some things on the database side which are missing and could be included. This is a web-based interface with multiple windows and you have to keep logging in. It should be that you can run any command in any window. It's really about the interface and navigating it.

We have the load balancer and we have certain cloud environments. So, if you take Microsoft hypervisor - which comes with its own interface, its own web layer, etc. - something like that also requires privileged IDs. As per our institution policy now, everything has to come through ARCON. We have demanded that these kind of advanced features also should be there.

They have improved a little bit in providing all the interface, but as of now it is not comprehensive, not at all the interfaces, but the major ones are covered. Whatever we have demanded, they have tried to provide the solution. In fact, with a little bit of time, because of new technology, integrations, and dependency on the OEM side - taking all these things into consideration - they have done a good job in integrating many of the technologies which we have demanded.

For example, vCenter that is a hypervisor for VMware. They have a vCenter environment. Now it can be easily integrated with ARCON. We have a plug-in for that. It was not there last year, now they have come up with it and it is working very well. So my cloud management user IDs are now using ARCON for managing the cloud.

When the ARCON product was not on the mark - we got this account six years back - we gave all the requirements to them and they took our requirements as a positive, and built all the features we wanted, because we are supporting multiple customers. Now I see the product is ready, it has all the features, it meets all the requirements.

We have given them a few more requirements like SSH keys, or to have the risk factors. They are working on those, they are in the development stage.

Also, they they should focus on support. The support needs to be very strong. Since the product is becoming stronger, their support team also should be equally strong. They should respond to open queries within the time limit they have set. Their support team should be more technical, to understand the issue or the set up.

This product has only a basic set of features. There is nothing really special about it.

The support services need to be improved.

The interface should be easier to use. One thing that would help is better documentation.

Managing users is difficult, so that is something that can be improved.

There are a few improvements that could be made. One is that it should be browser-agnostic and, frankly, it is working well on Internet Explorer. It should work on popular browsers like Mozilla and Firefox.

Also, I would like to see a "wild card" kind of a feature or something that would enable us to search the video.

Finally, it would be helpful to have a "Favorites" list. For example, if I have 100 servers but I only go to 10 servers frequently, a Favorites list would allow me to go through those 10 servers only.

The auto-password change feature which was recently added. It is supposed to change the password. However, in some cases, while changing the password, it has caused me to lose to connection due to network-related issues or something similar. What we need to have is a type of log for failure of password change. We would like to have something that somebody can act upon, then rectified the problem.

It should support the SQL Always On platform with FQDN name instead of IP, so where all the databases are managed centrally.

In our company, we are not managing single-single SQL Servers, we are putting in a technology called Always On, where all the databases are managed centrally.

Whatever solutions or tools we have, we need one SQL instance or something that we can provide from that Always On system so that way, from the database side, there is high availability, it is in two or three different physical locations. If tomorrow something bad were to happen, and your main site was down, you wouldn't need to worry because all the same data would be available on the other site.

For this database, ARCON first said, "We do support Always On." Then we started migrating this database to the Always On database and slowly we came to see that they have two different databases, which are keeping recording logs or something - the sessions become very high. As soon as it is replicating, it is not shrinking the database. They told us, "Okay, keep our database separate from your Always On. Give us a standalone." 

So the reason that's not going to benefit our organization is because, single-handed, we were managing from one platform. Now we have to manage two, three, four, five different, single-single, standalone databases, which will create more overhead for our admin staff.

There are no APIs readily available. There are hundreds of products available on the market. It could be many applications, not just the server gateway. For many applications, by default, we will get the API. Let's say I'm trying to integrate "XYZ" application with another application. When we do that, usually, we look for APIs. But ARCON does not have the APIs readily available. Having that, for a complete end-to-end solution, would really help. 

As I mentioned, I'm working on automation for ARCON so that whatever the ARCON administrator is doing will be automated, rather than having to do it manually. For that, I had to spend months to get the API developed myself. Having that handy out of the box, that would really help, because what I am doing is not limited or restricted to the three or four cases. I'm going to automate the complete end-to-end solution of ARCON administration in our organization. So having an API would really help me.

Currently, we can manage only the SSH or RDP connections, but there are many more devices that are present, apart from our SSH and RDP. We want all this to be part of the ARCON solution. For the password management, they should increase the pool of supported devices, they should have more connectors.

They have to work on their tech support. 

In addition, they have to consider that upgrades should be easy for the administrators. Currently, along with the upgrade of the ARCON solution, we have to consider the desktops and the endpoints from where the solution will have to be accessed. We have to upgrade those endpoints and desktops as well. So upgrades are not smooth.

They also have to work on a cloud solution, because most things are going towards the cloud. A cloud integration should be considered in ARCON. We have not seen one up until now.

This product is lacking in terms of dashboarding analytics and should have user behavior analytics. It should also have better dashboarding for executive management and security managers, which this product is missing. 

Another important feature where this product is lacking, in terms of the managing the accounts, is in the active directory (provisioning and non-provisioning), or bridging it with the active directory. Thus, it needs anti-bridging.

ARCON needs three important things:

• The user behavior analytics should be there. 
• The dashboarding should be improved.
• Anti-bridging should be built into product.

This would make the product a comprehensive privileged R&D product.

In the future, I would like to have a type of functionality for the product with the mobile application. This would be helpful for some of our approvers, so they can approve at any point of time, sitting anywhere in the world when requests come in through the mobile application. Using the app, they can upload requests of the administrator or users. We would like to see this type functionality go on the product roadmap.

For the in-house built applications, they need to provide good, solid access through their portal.

One thing which needs improvement is where it is keeping video logs of Windows Servers, whatever activities are being carried out by the administrator. Because Windows logs are a video, they are unsearchable, so if you need to search for a specific administrator and what he has done on a server, right now you need to go through different video logs of that particular timeframe. I think they are coming up with an additional feature where in it can be indexed and can be searchable.

I can't think of anything because the features which we require, it has everything that we need. So I cannot tell you much about the improvements required for this product. We are using all the features, and it is good to have.

The only thing is, while the product is good, they could do something on the support side. Support is quite good, but some improvements are required because the time to resolve is four hours. If they could reduce that to two hours, that would be good for us.

The solution needs more work on the password management side of things. Password management is a big challenge for us, and I would like to improve this aspect. We're finding that BeyondTrust is better in this regard, which is why we're probably going to migrate over. It will offer better security I think.

We expect improvement in the dashboards to provide visibility of password compliance status, whenever a password is opened from the vault. Also, flexibility to customize the live dashboard. 

We would also like to see support for privileged accounts used in web-based systems like Blue Coat Secure Web Gateway, VMware ESXI management tools, etc.

• Security
• Access management
• Illegal activity finding.

The product is good but a lot of things can be changed, the way the system has been designed. All the access levels have currently been provisioned so a little more effort could be put into it to have a more friendly environment and user experience. The management portal could be a more friendly environment wherein I could deploy with fewer management resources from my side. We have been requesting from the ARCON team to have fewer management activities.

The product is browser dependent. As of now, it only works on Internet Explorer from the client side. The product should not be browser dependent and should be compatible with all the modern browsers. Admins cannot use any other browsers (Chrome, Edge, Firefox, etc.) to access the client manager online, and have to stick with IE for accessing the services.

Most people are either Chrome users or Firefox users. For them, I have to convince them to use IE.

This has been communicated to the company some time ago. They said this is already under development, to make the product work in the other browsers.

The usability should be expanded to other browsers like Chrome and Firefox. That would help us roll out our solution quickly.

They need to support all web browsers. At the moment it only supports Explorer, IE. They have to come up with a solution to support all browsers.