Symantec Privileged Access Manager Valuable Features

MB
System Administrator at Alghanim Industries

It's easy to use and easy to configure. Compared to BeyondTrust, it's a little complicated.

View full review »
it_user715158 - PeerSpot reviewer
Information Security Manager at United Parcel Service

Transparent login for users of privileged IDs (Linux, Windows). This prevents sharing of the password because it is never seen.

View full review »
it_user613575 - PeerSpot reviewer
Sr. Security Analyst at a retailer with 1,001-5,000 employees
  • High availability/stability
  • Flexibility
  • Security
  • Excellent support

We need a solution that is very reliable for our users. We need something that has the ability to handle requests for network ports and various configurations. Security is one of the highest priorities and part of that is tracking/auditing. Xceedium/CA PAM support has been excellent and that is one of the main reasons we have stuck with this solution. We have had the same core team supporting us over the years and they work with us through any issues.

View full review »
Buyer's Guide
Symantec Privileged Access Manager
March 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
it_user715158 - PeerSpot reviewer
Information Security Manager at United Parcel Service

I have been in the security business for almost 30 years. We have never had a solution in place where we could really manage and control privileged accounts in the company. This solution really makes a big difference. We started rolling it out for our Linux base. It has been invaluable to us already, and it has only been a year.

View full review »
it_user778803 - PeerSpot reviewer
Program Manager at a financial services firm with 10,001+ employees

The session recording is useful. We can capture what each of our users are doing.

It gives you list of servers, so you can see which users have access to which servers. This is really useful, so we can make sure nobody is getting extra access than what is needed. It is also isolated from Internet, so there is no way hackers or anybody can come into the systems.

View full review »
it_user707178 - PeerSpot reviewer
Project Coordinator at a logistics company with 10,001+ employees

Gives us the ability to rotate passwords automatically in the vault, on in any interval, via a scheduled job or password view. This takes out the management of passwords from the user and CA PAM can control the password maintenance.

View full review »
it_user705717 - PeerSpot reviewer
Senior Systems Administrator at a tech company with 5,001-10,000 employees

The most valuable element is the keystroke tracking feature.

We use the tool in our FedRAMP data centers. Whenever an employee does some work at the command line in the servers, app servers or database servers, we need to track what they do.

We use the tool to do just that. We bought it for that purpose. That is why this is the most important feature for us.

View full review »
it_user705711 - PeerSpot reviewer
System Support Analyst at a financial services firm with 10,001+ employees

I mostly do support for the product so I’m aware of all the features this product offers. I like the fact that passwords are checked-in automatically. In case you forget to release the account so that other people can use it, it keeps the account secured by changing the password automatically.

You can do A2A integration. You can have your own script, which can then run outside of PA to retrieve the password and perform other tasks.

It has CLI commands for bulk changes. I’ve used that feature to on-board thousands of accounts, and it saved time and effort rather than doing it manually.

View full review »
JO
Tech Lead at a financial services firm with 5,001-10,000 employees

For me, it is the robust API which is the most valuable feature. This allows for low maintenance costs and allows applications to automatically connect. This is great to automate security of the DevOps pipeline for shared secrets across environments. Also, being on Linux and a virtual appliance is great.

View full review »
it_user621030 - PeerSpot reviewer
Works at a tech vendor with 10,001+ employees

The product is for privileged access for a jump server using a PIV card.

View full review »
it_user479766 - PeerSpot reviewer
CIO/Management Consultant at a tech company with 51-200 employees

The CA PAM’s ability to seamlessly integrate and provide a demarcation between users and systems is the most attractive aspect. It:

  • Enables all control to start with Xsuite’s Deny All, Permit by Exception (DAPE) approach to limit privilege access controls.
  • Enables all privileged users to see only those systems and access methods to which they’re expressly allowed access. Privileged users include Vendor Integration and Partners.
  • Enables and verifies all system policies, providing an additional level of control by selectively filtering commands issued.
  • Enables unauthorized commands to be blocked, with optional user warnings and policy violation alerts to security teams and logs.
  • Enables sessions of users attempting to violate policies to be terminated, or accounts deactivated; enterprise policy control.
  • Enables “leapfrogging” prevention, which allows one system to be used as a launch point for additional attacks / lateral movement.
  • Enables full stack and system integration.
  • Enables service integration with all systems using APIs or application to application.

These features greatly assist us and our clients in protecting their data privacy.

View full review »
it_user526257 - PeerSpot reviewer
Senior Solutions Architect, at a tech services company with 10,001+ employees
  • Ease of use.
  • The way in which it can learn about the connectivity to systems, e.g., VMware vCenter Console; it can wrap that into its internal Java-based shell. Therefore, one does not need a terminal server solution.
  • The non-Java based client.
  • Two integration options with AD using SAML and the AD GC ports.
  • The API explorer.

This system comes with a built in Java client which handles the connectivity to remote systems, e.g. the VMware vCenter Console Web Interface.

When you add the system to the CA PAM, you can put the connection into “learn mode” where you map out where the username and the password and submit fields are. You can then configure the system in PAM with the relevant credentials and then based on the information it “learned” about where the username and password and submit fields are and what needs to go where, it presents you with a vCenter Web Interface and logs you onto vCenter automatically based on your PAM permissions. This vCenter Web Console is effectively proxied via this Java Client that CA PAM has available and happens through the PAM system – the end user does not make a direct connection to vCenter.

In other PAM solutions that we tested, one had to setup a Microsoft Remote Desktop Server (TS) and publish the vCenter Web Interface and integrate that published app with the PAM solution so that when a user wants to access the particular vCenter server, PAM initiates the Remote Desktop Server published app – inserts the credentials – to provide you with access to vCenter.

When integrating with Active Directory for authentication purposes – most vendors support LDAP. For larger AD environments, the LDAP integration supports the Microsoft MSFT ports (3268 & 3269) that allows one to look for nested group memberships across multiple child domains. Another way to integrate with AD is to use SAML.

We were able to use both methods with the CA PAM solution. With another vendor we tested, they did not support SAML.

View full review »
CF
Senior Security Engineer at a comms service provider with 10,001+ employees

The password manager is a valuable feature. It saves time for the user. The users do not have to remember the password or change the password. It is a user-friendly solution.

View full review »
AP
IT Security Consultant at a tech services company with 51-200 employees
  • Session Management (Session Control and Recording)
  • Very good in reliability
  • Deployment Model: Available in both hardware and software appliance with one step installation only
View full review »
it_user558579 - PeerSpot reviewer
IT Infrastructure Director at a construction company with 1,001-5,000 employees

CA PAM has session recording, which is a very valuable feature. Overall, it is generally easy to use. It's a relatively simple product to setup and configure. You're not looking at tons of Professional Services hours to get it running.

View full review »
it_user599001 - PeerSpot reviewer
Co Founder & Chief Operating Officer at a tech services company with 51-200 employees

The most valuable feature is the general concept of securing privileged passwords. Having worked in IT for a long time, I know how privileged passwords can float around. They pass from person to person and don’t get changed when they should be changed, such as when someone key who knows them leaves the organization. So, I appreciate the value of locking all that down.

View full review »
it_user779106 - PeerSpot reviewer
Information Security at ITG

Whoever built it from the ground up, they understand how an organization is laid out. You can tell. When a user comes in, it automatically picks up their information. It is very easy to use. The interface is very friendly, colorful, and bold. I really like that. It is friendly to the users. 

View full review »
it_user624780 - PeerSpot reviewer
Director, Managed Services - Analytics & Data Solutions at a tech services company with 51-200 employees
  • Consolidates access to all the systems
  • Easy to deploy/virtual
  • Records access for troubleshooting issues
View full review »
it_user558024 - PeerSpot reviewer
Director Of Information Security at a insurance company with 1,001-5,000 employees

So far the best value is the centralized management of all administrative accounts. Before PAM, domain administrators, Unix administrators with root access, end-users with elevated desktop privileges, and so on, were managed by those individual groups themselves. Now we have a way to separate the management of accounts with and without elevated privileges. This provides better control over who can see what information, and who can perform which actions.

So all the different roles (such as database admin, Unix admin, network administrator), are now centralized into one system. Users are authenticated with a single sign-on to access only what is appropriate for their role. It also enables us to take a generic role, like an administrator, and grant certain access rights to that role. Then you can apply the generic role, but go inside and make it granular. That isn't available in the product off the shelf, like in Microsoft or Red Hat.

It also integrates with our identity management system in which the roles and responsibilities are defined. Syncing the two systems is very helpful as well.

View full review »
it_user351294 - PeerSpot reviewer
Technical Director at a tech services company with 51-200 employees

It consists of three components that work well together: access controls, SIEM, and password recording capabilities.

View full review »
Balamurali P - PeerSpot reviewer
Solution Architect at a tech consulting company with 501-1,000 employees

The DB clustering is a really good benefit of using CA PAM.

View full review »
Sudip Karmacharya - PeerSpot reviewer
Information Security Specialist at CAS Trading House

It is simple to integrate. For other solutions, we have to install a component that can directly deploy from the OVA in this system.

View full review »
AS
Security Consultant at a tech services company with 10,001+ employees

Privileged account management for Windows (domain and local) and Unix.

View full review »
it_user572919 - PeerSpot reviewer
Architect at a comms service provider with 10,001+ employees

One of the key things for us about the product is around its simplicity. Being able to put in the technology that allows the business to remove complexity and also allow the security improvements. This is high on our agenda. 

View full review »
it_user705741 - PeerSpot reviewer
Sr. Oracle DBA at a government with 10,001+ employees

One of the valuable features is the randomly generated password. It is a strong way to protect the security access to the network and servers in our department of Homeland Security Environmental Management System.

View full review »
it_user572856 - PeerSpot reviewer
Security Engineer at EarthLink

With CA PAM, it's mainly the vaulting of credentials that we're looking for, and then after that, probably the bastion functionality where we force all of our administrators through that to get to the servers. We'll also do session recording of both RDP and the SSH sessions through it.

View full review »
it_user712038 - PeerSpot reviewer
Business Coach & Consultant

If I remember correctly, it was the two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors. That was pretty huge for us.

View full review »
it_user589527 - PeerSpot reviewer
IT Infrastructure Manager at a tech services company

The most important feature is that we do not need to know the passwords any more; just having access to the end point; and that it’s easy to manage users and the account.

View full review »
it_user762522 - PeerSpot reviewer
Solution Architect at a tech services company with 10,001+ employees

The most common features that I use are password vaulting and password management. 

View full review »
it_user708474 - PeerSpot reviewer
Pre-Sales Engineer at a tech services company with 51-200 employees

Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated.

The recording feature uses a proprietary format that is very light, even with high definition videos, allowing you to use very little hard drive space. This has proven very valuable when managing large amounts of sessions.

View full review »
it_user651831 - PeerSpot reviewer
Cloud SME

When you look at the whole PAM itself, session manager is very important. It records what happens. Access manager and credential manager are very important as well. Those are the key things. Session manager, access manager, and credential manager.

View full review »
it_user707196 - PeerSpot reviewer
Principal Consultant

Some of the valuable features are safe access to company resources, quick, comprehensible, and intuitive management interface, and good integration capabilities. Control on targets could be extended through CA PAM Server Control component. It now includes an optional risk evaluation engine (CA Threat Analytics for Privileged Access Manager).

View full review »
it_user459162 - PeerSpot reviewer
Presale Engineer with 51-200 employees

Access control and Password Management, because almost every customer wants to protect and audit their server(s), as well as their credentials.

View full review »
it_user705705 - PeerSpot reviewer
Finance at a tech services company with 10,001+ employees

Manager user/admin’s password, so it’s more secure and password will be changed on time.

View full review »
it_user616500 - PeerSpot reviewer
Security Engineer

Transparent login and cluster synchronization. This is quite stable compared with other products. It is easy to manage for the administrator.

View full review »
it_user713793 - PeerSpot reviewer
Citrix / Windows Administrator/PM at a government with 10,001+ employees

The tool helps us manage local, domain, and service accounts. It helps us meet compliance standards.

View full review »
it_user705735 - PeerSpot reviewer
IAM Architect at a tech services company with 5,001-10,000 employees

So far, we’re using the RDP-gateway and the “published application” features.

  • The RDP-gateway: For limiting which server an operator can access.
  • The “published applications” feature: To minimize the exposure of sensitive usernames and passwords.
View full review »
it_user531528 - PeerSpot reviewer
Security Consultant

One of the most valuable items is the load balancing feature.

View full review »
OI
Engineer at a university with 51-200 employees

The best features are the comprehensive coverage of the required features for the PAM solution like a credential vault, a session recording, an endpoint agent, security analytics. All those things. 

View full review »
RS
Especialista em CA at a tech services company with 5,001-10,000 employees

It offers access control of privileged accounts.

View full review »
it_user705699 - PeerSpot reviewer
Consultor Senior TI y Seguridad de Datos at a tech services company

Session Recording: This feature is very useful and powerful. This application is very easy, fast, and trustworthy!

View full review »
it_user621822 - PeerSpot reviewer
Works

Monitoring privileged users’ actions is valuable because of the high level of trust and wide-ranging access insiders typically enjoy. The impact of an insider breach incident can be quite high.

View full review »
it_user708468 - PeerSpot reviewer
Senior Engineer at a tech services company with 1,001-5,000 employees

Access management and security compliance.

View full review »
it_user705714 - PeerSpot reviewer
Systems/Software Engineer at a tech vendor with 10,001+ employees

Used for securing privileged accounts. This is the why people choose this particular product: To manage credentials and record sessions.

View full review »
it_user707184 - PeerSpot reviewer
Security and Governance Manager (Principal Director) at a tech services company with 201-500 employees

The solution has the capability to address hybrid eco-systems, both on-premises and cloud services. Most of the high privileges now include tenant administrator credentials.

Integration with the AD RBAC model is also a great feature, as we can tie it to the central repository.

The FIPS-140-2 certification is really a nice option with every governmental response.

View full review »
it_user707193 - PeerSpot reviewer
IT Security & Compliance at a energy/utilities company with 1,001-5,000 employees

The password vault and access to the systems are the most valuable features. It meets with the objective of password vault with controlled access to systems.

View full review »
it_user705702 - PeerSpot reviewer
IT Operations at a retailer with 10,001+ employees
  • Password management (Linux/Windows) and session recording.
  • Platform to access any (RDP, Telnet, SSH device in Datacenter).
View full review »
it_user705732 - PeerSpot reviewer
Ingeniero de servicios at a tech services company with 51-200 employees

The possibility to control the remote activity and establish different policies, because it depends on the position of workers, how much access they needed, and in what platforms they connect. The possibility to separate this in an easy way is very useful.

View full review »
it_user595743 - PeerSpot reviewer
Cloud Solutions Architecture Manager at a tech services company with 501-1,000 employees

I have found the automated authentication to be most valuable.

View full review »
Buyer's Guide
Symantec Privileged Access Manager
March 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.