One Identity Safeguard Valuable Features

Tor Nordhagen - PeerSpot reviewer
Executive Director at Semaphore

The identity discovery is good, and the performance is pretty good value.

View full review »
Daniel Pettersson - PeerSpot reviewer
System Manager at a retailer with 10,001+ employees

The whole product solves the privileged access management challenge for our company. We have a secure tunnel, a secure session manager, and automatic logging of sessions, which is good for forensic purposes. We have a rich level of logs and can trace what happened on which machine and see who did what.

Feedback from our users on the usability is positive regarding the UI experience. Instead of keeping their credentials on them somewhere, they now have a very easy-to-use portal with a nice GUI. There has been some feedback from people saying, "Couldn't it do this," or "Now I have to do that". But that's basically change management and not a real problem. There is some getting used to the UI, but I think the UI is very easy to understand and to use. The usability is very good and that's one of the main ways Safeguard stands out from the competition.

View full review »
CE
Expert Systems Architect at Tempur Sealy International, Inc.

The password part is the most valuable because we were going to start vaulting certain accounts to get a lot of passwords changed. Historically, we have had really stale passwords on non-human and service accounts. E.g., on one of our service accounts, the password hasn't changed for 17 years. It was not even that complicated or good of a password in the first place. 

This solution has definitely helped us consolidate. It replicates to other appliances, so we're replicating to our DR site. Thus, if anything were to happen to our data center or personnel, whomever was trying to pick up the pieces and try to put the business back together would at least have all the passwords available to them.

The physical appliance form factors are pretty nice. They are definitely Dell inspired and easy to set up with accurate instructions. We have had no problems.

Regarding usability and functionality:

  • It has a nice, clean interface. 
  • It's pretty direct and easy to personalize. 
  • Users can set up favorites on certain things that they request. Very often, they shortcut it. So, it reduces the clicks down to three clicks. 
  • You can have a password for any account. 
  • It's auditable, which makes the security guys' happy.
View full review »
Buyer's Guide
One Identity Safeguard
March 2024
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
RR
Independent Consultant

A dealbreaker for customers is the capabilities of the privileged analytics module, which can be extremely useful in certain cases. From a functionality standpoint, I would like to emphasize One Identity Safeguard architecture itself is quite mature. It offers high availability and enables end users to deploy the solution with 99.999 percent uptime, which is crucial in an enterprise environment with a large number of endpoints.

View full review »
Darius Radford. - PeerSpot reviewer
Managing Partner at Knightswatch Cyber

It's a good solution for managing identities under OneFile for authorization.

So far, the useability and functionality are very good.

We use the Approval Anywhere, or cloud assistant feature and it is great. It enables us to add an extra layer of security for critical passwords without adding time to the approval process.

The secure remote access feature for privileged users has been useful as well. We've had moderate success with it. It doesn't apply to some reference levels. We do like that it does not make us use a VPN. It gives us more flexibility. We can push out to mobile users a bit easier. 

View full review »
EK
Professional Service Manager at a financial services firm with 501-1,000 employees

The first feature I like about One Identity Safeguard is the live contact point for the VPNs. This has been working very well for us, as it's both highly available and reliable.

The second thing I like is the services that let us review all the contacts and take all the passwords from another administrator. These services are very reasonable. For instance, some of the third-parties will leave our company and support, but then fail to relinquish the usernames and passwords. With the security orchestra that One Identity Safeguard provides, this is no longer a problem.

View full review »
Yehuda Fabian - PeerSpot reviewer
System Administrator at Shaare Zedek Medical Centre

We currently use only one feature, which is privileged access to remote desktop servers with rotating passwords for privileged accounts. This is the main feature we use, and it typically disconnects external users from the system before giving them a different user to use for logging in. We have to use the Safeguard session in an integrated separate session or with the exact name available to record the sessions.

View full review »
DN
Security Architect at a media company with 51-200 employees

There are numerous valuable data protection features, including the content and information that offer us more scalable protection as needed.

We also have access to immediate support for situations that we are unable to handle.

View full review »
SS
Manager Engineering at a comms service provider with 1,001-5,000 employees

All the features are promising, but we love the reporting feature because we can get each and every report. That's a major compliance requirement. Its reporting is really amazing, and it has made life a lot easier.

Its setup is quick. It is easy to set up and operate. It doesn't matter whether you have a deep IT background or not.

View full review »
FI
Chief Information Security Officer at a financial services firm with 51-200 employees

We use the solution’s Approval Anywhere feature which enables us to add an extra layer of security for critical passwords without adding time-consuming approval processes. In the past, we were having problems when a user went on vacation. There were many recalled cases of password sharing. When we received this type of incidence and started to investigate, we found out the past setup had no solution. For example, if someone with a daily duty went on vacation, they still had to do it within the office. That is why sometimes people tried to justify the sharing of passwords by the importance of their duties. Now, by using this platform, if someone goes on a vacation, out of office, or needs urgent/planned leave, then our setup will select the functions tied to that person and automatically delegate them to the next person. That person can start performing that duty based on their access. No sharing of passwords is required.

View full review »
DT
VP & Head of Cybersecurity Manager at a financial services firm with 1,001-5,000 employees

We have physical appliances for this solution. We went with that version of it because it was easier for us to deploy it and not have the IT engineers involved with our deployment. We wanted to control everything, from the deployment to the supportability to the usability of the product. I really enjoy the form factor of the appliance because it's definitely a change from the previous version, which was a bigger box. This one is a lot easier. It doesn't take up room on the rack, and it's very efficient as far as resources go.

The ease of use of the GUI is a really nice feature. It has a nice look and feel to it.

The actual checkout process is simple. You log into the portal and you're presented with accounts. That makes that so much easier because you don't have to go searching for stuff. It identifies what accounts you have, you click on it, and you go through the checkout process.

It's one of the best products we've seen. When you start looking at the functionality and use cases and usability of the product, it's straightforward. They designed this product with the end-user in mind, and they also had the sysadmin who is supporting the product in mind. They really did a nice job. Overall, it's a nice product to work with.

We use the Approval Anywhere feature and, through an app, it allows us to approve or deny requests. We don't have that turned on across the board, but we are turning it on slowly but surely. It adds an extra layer of security for critical passwords without adding time-consuming approval processes. That extra layer of security is our "belt and suspender" approach. It's making sure that you are approved to make a change, especially during production hours; it's approved by the person's manager.

View full review »
UO
Cyber Security Engineer at a financial services firm with 5,001-10,000 employees

I like Safeguard's snapshot feature that enables us to review the last time an application was opened and by whom. If there are any issues, we can look behind the scenes to see what has been done. We can suspend a user's access or close off a server. 

View full review »
MA
Senior Vice President (Infrastructure Systems/Information Security) at MAXUT

The part of this product that I like the most is the transparent mode. That is the number one advantage of the product. I also like the ease-of-use. That is what Quest is known for. The interface is interactive, relatively easy-to-use.  

I like the fact that we are using a proxy server. Also, I like the fact that it is integrated in such a way that I can connect to my Linux and Unix resources using my AD credentials. They map the AD credentials to Linux accounts. So, when I am connected to my AD accounts, it acts as a sort of proxy to convert it to the Unix account that it is configured for. That is quite useful.  

View full review »
AA
Cybersecurity Director at a sports company with 501-1,000 employees

We don't need to use VPN for remote access.

View full review »
SP
Senior Consultant at a tech vendor with 5,001-10,000 employees

What I like about One Identity Safeguard is its interface, which is easy to understand, even for people new to the product. I also like that the solution collects data without any access to the machine, plus it has a feature that lets people explore access to machines within a network.

Regarding the usability and functionality of One Identity Safeguard, the most common feedback I receive from users is that the solution is easy to use and can easily move data.

I also like that One Identity Safeguard lets you configure the maximum number of connections to the target, a configuration I didn't find in its competitor.

My customers use the transparent mode for privileged sessions in One Identity Safeguard, and it is easy to use, though it may be more difficult to configure. I haven't received any customer complaints about that feature, so it's not that difficult to use.

To start using One Identity Safeguard in terms of training for people who manage the solution and the end-users, my colleague and I took a course from One Identity. That training was enough for the basic features, but for some other features, my colleague and I had to create some tickets, though he and I know the database and processes. For users, it is easy because my company provides them with a two-page resource manual with screenshots. Then, I spent some time with the managers to show how One Identity Safeguard works, which is very easy because I've used the solution before. 

The analytics interface of One Identity Safeguard is also easy to understand.

View full review »
SR
Consultant at a manufacturing company with 11-50 employees

I like the discovery functionality and the change password feature through the check-in. I also like the bulk import with the help of templates that come with it out of the box. With the help of these few features, my tasks are made easier.

We also use the Secure Remote Access feature for privileged users. Access is based on group membership and with that membership they connect to the remote machine. It's an easy process to manage. 

View full review »
MW
Solution Consultant at Quest Egypt Software

One of the most important aspects is that it is very easy to use and install. It is also agentless, so all of the operations happen more smoothly than any other product. Our end-users find it easy. They have a web application. They only need to enter the credentials, and they can access the Safeguard session. They can use it very fast without any problems. Its learning curve is very low.

View full review »
EC
Chief Information Security Officer at Outscale

The transparent proxy is the most valuable feature. When you are connecting to a server inside the platform, the user doesn't need to change their habit. They just have to make small configurations to their workstation, then it is transparent for them. Our users like the solution because it's transparent. Users doesn't need to have interaction with 3DS OUTSCALE IT or security team to work as usual. It's interesting for the users because they don't have to think, "I have to note all that I've done during the incident to remember it".

We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless.

The "transparent mode" allows for better visibility. With its monitoring, we can do investigations which are good for us and improve our system.

View full review »
AP
Head of Department of Technical Means of Protection at BrokerCreditService

The most valuable feature is the logging sessions with their visualization, which is video recording. This functionality allows us to restore the actions of a user in the event of any incidents.

The solution transparently integrates into the infrastructure and users do not notice it. I would give this feature the highest rating.

While the "transparent mode" feature did not affect the monitoring in any way, it led to an increase in the convenience of connecting users.

This solution visualizes RDP sessions and logs SSH sessions.

View full review »
FF
Security Business Consultant at a tech services company with 201-500 employees

The most interesting thing about this product is it is very easy to implement and configure as well as its usability. Also, for the final user, the work experience doesn't change when using the SPS for the Linux administrator, which is fantastic. You change only a little bit of the connection. Everything else is really easy.

View full review »
SS
Head of Information Security at a financial services firm

The majority of the features offered with this solution are the same as with other similar systems. The most unique and valuable features are the upstream and downstream throughput capacities; the Safeguard platform provides agile integration.

In actuality, all the features are valuable. They're good and user-friendly.

View full review »
MM
IDM Architect at a tech company with 10,001+ employees

The extensible framework for authentication is one of the most valuable features. We use an MFA plug-in and a lot of different factors, depending on what the business use-cases are. And of course, the auditing functionality is also valuable.

We have also found the solution to be extensible through cloud-delivered services. It's worked out well. The SPS instances we use are located on-premise, but we can still utilize them to access resources in the cloud. That's not a problem. We haven't deployed any SPS itself in the cloud, but it works fine for our cloud environments.

View full review »
RI
VP Risk Management at a financial services firm with 1,001-5,000 employees

It is working as it's supposed to work. We had a lot of good support from the One Identity team who helped us build it and do a test. 

We are able to log and get reporting on all privileged activity that is being performed. We like the fact that we can leverage the session recording feature, which is especially valuable when we're dealing with third-party vendors that have to remote into our our boxes and servers to do any work on behalf of the bank. Now, we can record everything they are doing to ensure that they're only doing the changes that were needed. In addition, we use it to leverage knowledge transfer with our internal staff.

We use the solution’s Approval Anywhere feature. We do have the Starling 2FA app on our mobile devices. We haven't rolled out the request and approval yet. We want to get people to use it in their daily functions, whether it's business as usual work, break glass, or any changes that they need to make tied into an approved formal change request. Starting in April, we will be rolling out the request and approval phase. Based on the type of change being requested, break glass will need to be approved, especially if they're doing it during the daytime or off-hours. Then, we will have change requests tied into our change-advisory board. Once there's a change that's approved via our CAB process, then that person will be allowed to check out the credentials they need and tie it back into the ServiceNow ticket that was created. This gives us the audibility between when that change was being made and ensuring that it's being performed for its intended purposes. We are taking a crawl-walk-run approach.

View full review »
SA
IT Specialist at a tech services company with 201-500 employees

The monitoring system is very good.

It has a very nice user interface.

The product is very fast to implement.

We use the solution's transparent mode for privileged sessions.

View full review »
PJ
Director of Information Security at a healthcare company with 1,001-5,000 employees

There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time, resulting in an increase in productivity and a decrease in issues and errors and interface problems. It increases redundancy and gives us a much easier interface to use.

We're using virtual appliances for Safeguard because of the flexibility of virtual appliances. We can snapshot them, we can restore them quickly. There's a lot more flexibility with virtual.

We use the solution’s Approval Anywhere feature, and it allows a group of five individuals to receive notifications on their phones, through Starling, and review a request and approve it with one click.

We also use the solution’s “transparent mode” feature for privileged sessions. We record them and we also review them. That way, if there are problems with any configurations they did, we can go back and review them. Also, for mentoring, teams utilize it to help individuals deploy code better or to make changes to configurations. There are a lot of positives with that feature. It was very easy to start using this feature. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with. The rollout of "transparent mode" was seamless for our users. We sent out picture instructions on how to do it and offered to get on a call with people to discuss it with us, but nobody had any questions. In terms of the monitoring itself, it doesn't affect things any differently than the previous solution. It's pretty much the same. Obviously, using the tools is easier, but we were monitoring the same type of information as before.

View full review »
RC
Software Solutions Architect at a computer software company with 11-50 employees

I have found the most useful feature of One Identity Safeguard to be Privileged Sessions.

View full review »
reviewer1161345 - PeerSpot reviewer
Works with 10,001+ employees

The most valuable feature is auditing the sessions. All of the sessions (RDP, SSH, Citrix) can be audited and replayed on demand.

Complete indexing on SSH sessions means that all commands are searchable after indexing.

View full review »
SF
Security Consultant at Controlware GmbH

There are a variety of protocols that it supports.

The video-like stream and audit capabilities, in combination with its indexing capabilities to search for critical events quickly, are valuable features.

The transparent mode for privileged sessions is really nice because it keeps the integration quite smooth. Also, users don't have to change the way that they currently are used to working. 

It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage.

View full review »
Mahfoudh Bousaidi - PeerSpot reviewer
Network & Security Engineer at Onetechpro dz

Safeguard has the ability to record and retrieve in the full-video format.

View full review »
CJ
Identity & Access Manager at Reist Telecom
  • Acting as a proxy
  • Session encryption
  • Flexibility of usage

The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between. Thus, it is transparent for them.

The system is easy to manage, as it is not a system that you will change everything all of a sudden. It evolves most of the time with customer requests.

View full review »
it_user598935 - PeerSpot reviewer
Chief Technology Officer & Solution Architect at a tech services company with 51-200 employees
  • Fully transparent for users.
  • Supports many protocols.
  • Full OCR indexing: You can find anything that happened in sessions, including commands, programs opened, etc. Without OCR, you would only be able to find who did which sessions, but not the content of the sessions or what admins have been doing.
  • Non-agent approach: A very important feature that is able to monitor access to devices which are not computers, such as switches, firewalls, or any device which uses SSH, TELNET, HTTPS. You are able to monitor access to the Internet by web browser, because SCB can work as a HTTP/S proxy.
View full review »
OH
Head of Department at a financial services firm with 10,001+ employees

One of the most valuable features is that it supports the Linux operating system. Also, the transparent mode for privileged sessions is a very good solution.

View full review »
Walid Semrani - PeerSpot reviewer
Networking and Security Engineer at a tech services company with 1-10 employees

We deployed it into our company for controlling a client's behavior in our data center. It is very useful to control their connections, such as RDP. 

View full review »
PS
IT Security Consultant at a tech services company with 51-200 employees

The solution's most valuable features are the efficiency and the quality of the recording.

View full review »
it_user841344 - PeerSpot reviewer
System Consultant at a tech services company with 1,001-5,000 employees

Its hardware and compliance.

View full review »
it_user437646 - PeerSpot reviewer
PreSales Engineer at a tech vendor with 201-500 employees

Monitoring and controls privileged access to remote server/appliances for RDP/SSH/HTTP/ICA/VNC protocols

Four-eye authentication and gateway authentication with real-time audit capability

Credential storage and user mapping policies

Inband destination selection with DNS resolve/mapping internal resources

Detailed audit search capability into proprietary video stream for all protocols supported with keylog functions

View full review »
it_user589470 - PeerSpot reviewer
IT Security Engineer

Flexible modes are easily integrated into the customer infrastructure. It's easy to find needed information and the indexer does a good job.

Secure replays: Balabit SCB supports multiple security officers (something like senior and junior officer), who can encrypt upstream, and downstream flows, with different SSL certificates. For example, one officer can see replays, and another officer can only see replays by pressing on a key.

View full review »
Buyer's Guide
One Identity Safeguard
March 2024
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.