I would absolutely recommend One Identity.

Very large organizations with complex technologies and a very large number of devices can consider other options. But One Identity has a very good suite of technologies.

To prepare for Safeguard you need to know your network, and if you think you do, you don't. You need to have network personnel available during the deployment to maintain tempo in the deployment. If you don't have access to people who are able to change things in the firewalls and the like, you will stall. 

The documentation, what you need to do, is very clear, but every network is different, and you really need to know where you put your Safeguard solution and that you have access to people that can help you fit it into your existing network. That's a very important step.

You also need to know what "high privilege" means to you because it's not defined in Wikipedia. You cannot go there and see what applies to your systems. You need to know that yourself. Be sure about what you want to protect and what levels of protection you want, beforehand. 

And, as I mentioned, there is the issue with certificates, which is an issue for every company. It's quite a hard thing to know. Not everyone is a professional when it comes to certificates. You may need to know the certificate chain, and you might have to update it with new information and roll that out to your organization. That might not be your first thought when implementing it in your system. 

But the main focus is the network, especially if you're also going to deploy Safeguard in your own cloud. That creates a little bit more of a challenge.

We use their product called Active Roles as well. We haven't really done any integration with other parts of our business. We have just given administrators and people with high privilege a secure way to access their systems through RDP and SSH. But we have not integrated any robots or development flow as of now. We are too young in this journey.

Take your time. Talk to as many different aspects of the business in the company as you can. Get a lot of input from many people. Know how to sift through good and bad input. Use Professional Services, if you can. The tech on-demand services was much cheaper than their full-blown professional services. For the tech on demand services, we never had to wait more than a few days for some type of response.

The training was pretty easy. There was a one-day training class for the admin. Then, for the users, there were a couple of Word docs that we circulated around which were good enough.

We have not integrated it with other parts of our business. It is standalone and independent.

More time is being spent because there are more steps to check out a password or if you get a password.

We have just starting to really use the product. There is a lot of design, building, and configuring involved, so we have just started to truly take advantage of some of the features it has.

We haven't set up any type of approvals. We're pretty tight on who can see and request passwords in the first place. I would imagine at some point in time we'll probably end up utilizing the Approval Anywhere feature, just not right now.

As far as privilege access management goes, I'd rate it a nine (out of 10). So far, the product has been really easy to use and set up. I'd just make the rollout and implementation of the transparent mode better.

I give One Identity Safeguard a nine out of ten.

Privileged users continue to utilize their connection to the target systems, thus remaining unaffected during the deployment process.

Normally, reading the documentation would be sufficient to start using Safeguard for both those who manage the solution and the end-users. However, in real life, I conducted some technical training sessions for Safeguard administrators and Safeguard end users. For end users, in most cases, a two to three-hour training session was enough to familiarize them with the management console. This console is used to request extensions to target systems and perform other related tasks. On the other hand, administrators usually required six to eight hours of training. However, the duration can vary depending on the specific project. For instance, a standard deployment with four nodes would differ from a non-standard deployment with twelve nodes distributed across an entire continent. In such cases, customers may need additional training to ensure business continuity in the event of issues occurring at a specific site. This training would focus on the technical aspects of implementing a business continuity plan.

When preparing to deploy Safeguard, our first step is to engage in a comprehensive discussion with the customer regarding their project goals. We inquire about the specific reasons behind their need to incorporate a PAM solution. Once we have a clear understanding of their use cases, we proceed to address the technical aspects. From a technical perspective, one of the most crucial questions is to define the scope of the target systems, including the types of operating systems and protocols that will be utilized to establish connections, such as RDP, SSH, HTTP, or MSS. After establishing the scope of the target systems, we then proceed to define the scope of the end users who will utilize Safeguard. These users will establish privileged sessions with the target systems. Additionally, we determine the source of identity information for privileged users, which is typically the active directory, although, in some instances, a DAP service deployed in the customer's infrastructure may be utilized. Once these preliminary steps are completed, we have all the necessary tools and information to proceed with the deployment process itself.

We're partners. We've resold the solution in the past, although we aren't doing so now. We're not active resellers. It's more opportunity-based.

We are using the most up-to-date version of the solution. 

While we have yet to integrate the solution with other parts of our business, we are looking to integrate it in the future with DevOps. We're in the planning phase of that.

The flexibility and integration process is seamless. I've definitely had worse experiences. The resources we had weren't very experienced and we got through everything with very few headaches. From a security and productivity standpoint, it's good. 

I'd rate the product eight out of ten.

I would rate One Identity Safeguard a nine out of ten.

I would rate One Identity Safeguard eight out of ten.

A moderate amount of training was required for our people to start using One Identity Safeguard.

We have up to five people using the solution.

The only maintenance required is for patching.

One Identity Safeguard is a great product once we become familiar with it. The GUI takes some getting used to.

I would rate One Identity Safeguard an eight out of ten.

We conducted training sessions for all employees and managers in our company. The training was tailored to each person's skills in order to streamline the training process and facilitate the deployment procedures.

I would recommend it if you are looking for a privilege management or identity management solution. If you are having challenges with reporting and compliance, it will certainly be helpful because you will get a lot of details for auditing and monitoring purposes.

I would rate it a nine out of ten. It is an amazing product, but its cost needs improvement.

Make sure to always get the support. This solution could not be successfully implemented with no support of the HR and procurement system. You will need to mature all of your HR and procurement processes to do the deployment in a secure manner. This is a security solution, not an IT solution. If you want to deploy it as a security requirement, you need to ensure that the HR and procurement processes are correctly in place. You can use it as a technology solution, because not all the technology requires security, but all security requires technology.

We haven't activated the session recordings yet. We have tested it, and while it worked successfully, we didn't apply it fully because of internal technical issues.

All the logs in the system are recorded and sent to our security operations center (SOC) for analysis. In our SOC, we have end user behavior analysis, but do not depend directly on One Identity to provide this. However, I might ask to have a report for the user behavioral analysis going forward.

I can rate the solution as an eight (out of 10).

Start with your current state. That's what we did. Then, create a roadmap of where you are, where you need to be over the next five years. Once you're able to assess the current state and you have a plan in place, you can pick the product that's going to help you get to that future state.

The biggest lesson I have learned from using this product is to be open-minded in trying to figure out where we could use some enhancements. Just because you choose a product you don't have to be 100 percent, all-in on the product. There is always room for opportunities. Whenever there is feedback or challenges, take them and then see what you can do better. My focus is the end-user who is using the product. We have to make sure that using this product doesn't affect users' day-to-day operations.

We started using the solution's behavior analytics feature but it never really took off because we got overwhelmed with other areas that we needed to address. It's something that is on the roadmap for us to eventually take a look at, or at least refresh the project plan and commit some time and some resources to it.

We are looking to integrate Safeguard with RSA. RSA has a component and we're looking to streamline the metrics around that component. When a product is brought online, there's a way for us to go in and do a scan of that machine or that endpoint. Ideally what should happen is that we'll go to Safeguard, check out a password, push that password to the vulnerability management scanner, and scan it. When that scan is done, it actually checks in the password and rotates it. It's our vulnerability management solution that we're looking to integrate. We're doing a PoC on that right now.

Safeguard is a next-generation tool when it comes to privileged access management. They have done a nice job figuring out all the features that need to be available out-of-the-box. I do have high expectations for Safeguard. I continue to look forward to future releases because I know it's going to get even better.

I rate One Identity Safeguard eight out of 10.

The advice I would give to organizations considering this solution would be that before they make a commitment they need to try to find a local support resource. They will want to be able to get local support because that can be critical. But otherwise, I think it is a good product and a good buy. I would buy it again. As a partner, I would also sell it again because I am confident in it as a product and a solution.  

On a scale from one to ten, where one is the worst and ten is the best, I would rate the One Identity Safeguard solution as a nine-point-five out of ten. I'm very happy. If I have to choose an integer, it would have to be a nine. Ten would mean it is perfect and there are things I think can be improved.  

I would rate One Identity Safeguard three out of ten.

I only recommend One Identity Safeguard for small businesses.

When using One Identity Safeguard, we need to be patient.

My customers use the One Identity Safeguard virtual appliances.

I have not used the Cloud Assistant feature of the solution.

I have not used the Remote Access feature for privileged users in One Identity Safeguard.

My company does not integrate the solution with any other parts of the business, such as development, operations, and RPA. It was just tested but not rolled out in production.

In terms of how the deployment of One Identity Safeguard affects privileged users may be a complex question because the customer didn't have a previous infrastructure. The customer is now building the infrastructure, so it's a dynamic environment. The customer doesn't have an old environment.

I'm a One Identity Safeguard integrator, and my company also resells it.

Regarding maintenance, usually, it's not required. Still, sometimes a user could complain about not being able to access passwords in One Identity Safeguard or that there is some misconfiguration I need to analyze, and in the end, the issue is with the target appliance and not One Identity Safeguard.

My rating for One Identity Safeguard is eight out of ten overall.

My impression of the form factor of the Safeguard physical appliance is not good and not bad. It's neutral. Similarly, feedback about the usability and functionality is neutral.

My advice, if you have the budget, is to buy other products, like CyberArk Privileged Access Manager or BeyondTrust Endpoint Privilege Management. If you don't have that kind of budget you can use this product.

It is a very easy solution. In case of any problem, you can contact the distributor or the vendor, and they will help you.

I have worked with physical and virtual appliances. We went for virtual appliances because they are easy for us. We have servers in our company, so we have the space and resources to install them.

I would rate One Identity Safeguard a 10 out of 10. I have used it for some time, and I enjoyed working with it.

When you use Safeguard in production, it provides traceability and protection around your platform.

I would rate the solution as a seven (out of 10) because of the interface.

I have seen the future of analytics, and it's very interesting. I hope to have the time to try and learn something about that.

Clearly assess your needs and formulate the necessary requirements, then proceed from there with the selection of an appropriate solution. In our case, One Identity Safeguard became this solution. However, this solution is not a panacea for all ills. It is possibly you’ll find that a different solution is more suitable.

I would rate the solution as a nine (out of 10). In order to rate it as a 10, it should have what I would like to see in its coming new releases.

Foreign Language: (Russian)

Как и для чего вы используете этот продукт?

Мы используем это решение для контроля доступа привилегированных пользователей, таких как администраторы приложений, к внутренней сети. Это решение позволяет нам записывать и регистрировать пользовательские сессии.

Мы используем виртуальные устройства на платформе VMware. Виртуализация таких сервисов позволяет нам гибко масштабировать конфигурацию нашего оборудования и предоставляет значительно больше возможностей для построения стабильной структуры.

Как это помогло моей организации?

Это решение позволило нам обеспечить удаленный доступ к внутренней инфраструктуре компании в контексте пандемии COVID-19. Это сделало этот доступ более прозрачным и контролируемым для отделов информационной безопасности.

Мы легко интегрировали этот продукт с нашей системой SIEM для сбора событий. Благодаря этой интеграции мы смогли создавать подходящие регулярные отчеты о привилегированных пользовательских соединениях. Поэтому наши подразделения информационной безопасности могут лучше видеть, кто подключается к удаленной инфраструктуре.

Какие функции вы нашли наиболее ценными?

Наиболее ценной функцией является регистрация сеансов с их визуализацией, то есть запись видео. Эта функциональность позволяет нам восстанавливать действия пользователя в случае каких-либо инцидентов.

Решение прозрачно интегрируется в инфраструктуру, и пользователи этого не замечают. Я бы дал этой функции самый высокий рейтинг.

Хотя функция «прозрачного режима» никак не повлияла на мониторинг, она привела к увеличению удобства подключения пользователей.

Это решение визуализирует сеансы RDP и регистрирует сеансы SSH.

Что нуждается в улучшении?

Я хотел бы видеть поддержку RDP через HTTPS, чтобы этот продукт можно было использовать вместе с терминалом Microsoft.

Я хотел бы визуализировать сессии SSH.

Я хотел бы использовать встроенные механизмы балансировки трафика со встроенным механизмом балансировки нагрузки при использовании нескольких экземпляров.

Как долго я использую этот продукт/решение?

Около четырех лет.

Что я думаю о стабильности этого продукта/решения?

За четыре года использования мы не встретили ни одного сбоя или сбоя системы. Продукт стабилен.

Что я думаю о масштабируемости решения?

Увеличивая количество пользователей, мы можем довольно легко добавить к виртуальным устройствам процессоры и память или диски для хранения записей, что труднее сделать на аппаратном (физическом) устройстве.

У нас есть два администратора, участвующих в развертывании, настройке и обслуживании этого решения. В разгар пандемии у нас было до 3000 пользователей, подключенных через решение и способных работать из дома.

Как бы вы оценили техническую поддержку этого продукта/решения?

Мы использовали техническую поддержку One Identity. Я бы оценил это как превосходное. Они отвечают на все заданные вопросы быстро и качественно.

Какое решение я использовал ранее и почему я переключился?

Ранее мы не использовали другое решение.

Как прошла начальная настройка?

Виртуальное устройство развертывается из доставленного образа без каких-либо проблем. Настройка занимает от 15 до 20 минут, включая первоначальную установку и настройку. Он также доступен для любого администратора с компетенцией Unix.

Мы используем функцию «прозрачного режима» для подключения административных пользователей через SSH к серверам Unix. При настройке этой функции проблем не возникало, так как все было просто. Решение хорошо документировано и вполне понятно при настройке.

Потребовалось около одного или двух рабочих дней для администрирования решения, ознакомления с документацией и настройками, а также для тестирования различных вариантов конфигурации. Это было не очень сложно. Для наших пользователей особых нюансов не было, так как подключение прозрачно. Они не понимают и не видят, что они соединяются через пространство One Identity Safeguard.

Наша стратегия внедрения заключалась в том, чтобы использовать это решение для управления удаленными сеансами привилегированных пользователей, в первую очередь с нашей службой поддержки Информационных Технологий. Теперь мы используем продукт для этой цели. В целом стратегия имела успех.

Какой была была ваша прибыль на инвестиции в One Identity Safeguard?

Мы не испытали никаких потерь, поскольку контроль действий привилегированных пользователей в первую очередь сводит к минимуму риска и создает отсутствие потерь.

Какой у меня опыт работы с ценами, стоимостью установки и лицензированием?

Лицензирование и ценообразование довольно просты. Количество каналов регистрации лицензий зависит от потребностей заказчика. Я бы посоветовал оценить количество одновременных сеансов за единицу времени и перейти оттуда к покупке лицензии.

Прежде чем выбрать этот продукт, вы оценивали другие варианты?

Мы оценили Safeguard и другой продукт. В конечном итоге мы выбрали Safeguard.

Safeguard - это внешнее (по отношению к управляемым системам) решение, которое позволяет вам записывать сессии. Его конкурентом было агентское решение, которое было размещено на целевых серверах. С решением конкурента был риск отключения записи привилегированного пользователя.

Какой еще у меня совет?

Четко оцените свои потребности и сформулируйте необходимые требования, а затем приступайте к выбору подходящего решения. В нашем случае One Identity Safeguard стал таким решением. Однако это решение не является панацеей от всех болезней. Возможно, вы обнаружите, что другое решение более подходит.

Я бы оценил решение как девять (из 10). Чтобы оценить его как 10, у него должно быть то, что я хотел бы видеть в его будущих новых выпусках.

It is a good solution. There is no limit to its usage in a company, e.g., IT or financial.

Check the basic rules in the documentation because the solution is easy to use.

I would rate the solution as 10 out of 10.

We are very pleased with the Safeguard platform feature. You can't find this technology anywhere else.

On a scale from one to ten, one being the worst and ten being the best, I would give this product a nine rating. If the technical support was better I'd give it a 10 out of 10.

The solution is part of our identity and access management product. We use Saviynt as our identity, governance and administrative tool. We certify all privilege accounts on a schedule basis. There is some integration with our identity and access management platform/program at the bank. It allows us to be in a position where we can identify and detect as well as prevent any type of privilege act that's being used as a threat at the bank. The integration was easy. It didn't pose any problems.

We have had a mixed bag regarding the solution’s usability and functionality. We have had some people who said that the tools worked nicely. They checked out their credentials every morning, use them for the better part of the day. We set the duration for eight hours. Once somebody checks out something in the morning, they pretty much use that password for the entire day. For some groups, this created a problem because of the type of work that they do, such as long running processes. We've had some issues where their password expired while a process was still running. We had to work with our IT engineering group to come up with a different type of the duration for their needs. One Identity has been very good at working with us to help us through these use cases. 

Understand each use case very carefully and thoroughly. This changes the way someone conducts their business. We had to be cognizant of the impact to our day-to-day operations. If I could do it all over again, I would spend more time understanding the impact of a security tool, such as a privileged access management solution. I think we could have done somethings better than we did.

We haven't started to use the solution’s behavior analytics feature, but as we start building up some data, then that puts us in a position to be able to identify any type of exception or anomalous behavior. We haven't built up enough trending data to leverage that functionality at this time.

We are very happy with the tool. I would rate the solution as an eight (out of 10).

I'm a product partner. 

We are using the latest version of the solution. 

I have yet to use the cloud assistant feature, so I can't say much about that aspect of the solution. We also do not use the solution's secure remote access feature for privileged users. We don't have it integrated with DevOps or RPA.

While basic knowledge is important, there isn't much training required to start using the solution. 

I'd rate the solution six out of ten.

If you're looking for something that is easy to use with a very intuitive interface — even the administrator interface is very intuitive — I would highly recommend Safeguard. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with.

The biggest lesson I have learned from using Safeguard is to make sure you have enough accounts available for individuals' sessions so that they can check out. The way Safeguard works, an account is created just for Safeguard. Individuals go in as themselves and then they have to check out this account in order for that account to be able to remote to the server. That account would be the only one allowed to remote to the server. But if multiple people have the account checked out for multiple hours, that presents an issue. So keep your session times as minimal as possible. Even for timeout, allow them to change it if they think they're going to use it longer. But the important thing is to make sure that you either have enough accounts or have your session timeouts limited.

We do use the solution's behavior analytics feature, but I wouldn't say that it's too useful at this point for us because we know what their usage is because it has to be done through tickets. For how long they're using it, what kind of configurations they're doing, and what they're doing, the analytics piece of it is more expected for us, as a result. It does help us to identify risky actions without having to create a set of rules or policies, and without any effort on our part. But in our environment, if users don't put in a ticket and provide effective comments, then our approvals group doesn't approve it. There's no automatic approval set up. An individual reviews every request, so malicious use would not be possible.

My advice to others wanting to implement this solution is to do the implementation slowly and concentrate.

I rate One Identity Safeguard a nine out of ten.

Before you decide, do a full analysis of your requirements and see if the product fulfills them. Performing such an analysis after the fact is going to be difficult.

Look at the entire portfolio, since it has changed so rapidly. The capabilities have improved quite a bit. You need to make sure not to miss out on any features.

The Approval Anywhere for Privileged Passwords is a really good concept, because it enables admins to do other work, be more flexible, and work from home. However, we don't have any real experience with it yet, as we are looking into it at the moment.

I rate One Identity Safeguard eight out of 10. It's an excellent solution and a perfect fit for our use case.

My advice to others is One Identity Safeguard is a must to have because it's part of the cybersecurity framework, such as Nest ISO. We should have an identity management solution to manage the whole identity, such as privileged users.

I rate One Identity Safeguard an eight out of ten.

Test it and its competitors. You will probably choose SPS.

Both the search functionality and speed have been greatly improved.

We are not using privileged passwords.

Try more functions and use them! It’s a very powerful product; much more complex than all other competitors. But, almost all companies use it on less than 30% of their infrastructure.

It's a great product for our industry, which is banking.

I haven't used other products, but I would highly recommend One Identity SPS.

I would rate it an eight out of 10.

We use the on-premises deployment model. We're an integrator company for this solution.

In terms of advice, I'd say new users should involve the integrator architecture team from the beginning.  From a technical perspective, you need to have discussions with the network team from the beginning.

I'd rate the solution nine out of ten.

It is a good solution, but it needs more marketing.

Most important criteria when selecting a vendor:

• The support
• How long the product has been in the market.

Develop product functional and implementation methods.