Secret Server (originally from Thycotic, now from Delinea since the 2021 Thycotic merger with Centrify) is an enterprise password management application, which is available with either a cloud-based or on-premise deployment which emphasizes fast deployment, scalability, and simplicity.
N/A
Symantec VIP
Score 9.0 out of 10
N/A
Symantec Validation and ID Protection Service (VIP) is presented as a
user-friendly, cloud-based strong authentication
service that enables enterprises to secure access to networks
and applications without impacting productivity. Also included with VIP Enterprise two-factor authentication is Symantec VIP Access Manager, a single access point to protect cloud and on-premise web apps via Single Sign-On (SSO).
I would recommend Delinea to any organization or colleague, as I have used it to support our shared services model, as well as a dedicated model for people support to customers, for privileged access management. Delinea has provided us with effective methods for handling unnecessary login attempts to the customer infrastructure. Additionally, the connection thread is available in the audit trail for review, which is a valuable feature to have.
Symantec VIP is best suited in environments where you need two factor authentication. As explained before, Symantec VIP is super easy to use and manage for our users across our entire organization. If you have your users using a virtual private network, Symantec VIP is the way to go; no doubt about it!
Password Management: Its entire purpose, really. Secret Server stores passwords in an incredibly easy to use way. They can be organized in groups, they contain all the information about the site or system the password is used for (including URLs for websites), and even a notes field. You can set up specific policies for expirations and complexity, and Secret Server can even generate strong passwords for you. Using a password is simple, too, since you can just click a button to add it to your clipboard; you don't even have to unmask the password.
Security: The passwords are stored encrypted in a SQL database, and the application requires an authenticated login. This could be local, but we tie it into Active Directory. Each folder of passwords has groups assigned (in our case, again, AD, but you can make them local groups) with different permission levels, so we can compartmentalize passwords. Desktop technicians don't have access to network switch passwords, etc.
Easy Setup: It took me about an hour to get the server running, from spinning up the VM to importing our old password list. It took a little longer to organize the passwords into proper folders, and then assigning groups, but it was easy to do.
Personal Passwords: Each user also gets a personal folder, where they can keep their own, unshared passwords. This is nice for sites or systems with individualized logins (e.g., a firewall, VPN, etc.)
Favorites: Secret Server lets you tag passwords as "favorites" so you can easily find ones you use constantly. The search feature is nice, but this is nicer.
The UI is intuitive and simple to use and navigate. When generating a secure token to be used for VPN access, all the navigation is clear and intuitive. There is no confusion when our users use Symantec VIP.
Every generated token expires after 30-60 seconds, thus providing an extra layer of security and reducing any risk of someone re-using a token or pin to gain unauthorized access into our system.
The app is super responsive and has no lag and little to no latency. Everything loads quickly and is super speedy.
Our department can opt for a 6 digit code which we can use while logging in on different sites and SSO access can be easily set up and achieved with this tool.
when setting a token to a phone call, the phone calls often take a minute + to call the user.
When Symantec's VIP app is removed or reinstalled on a phone, the credential ID will change, and that dictates a call to the helpdesk to allow the user access.
Temporary security codes while handy, must be set to expire immediately to stay secure.
My rating is purely based on the configurational activities, as feature-wise delineation has all the features that are very beneficial for customers, though the implementation is a bit more manual work, which can be reduced with a low-code platform. Along with that, we can have a better UI to have intuitiveness and can manage the platform for shared customers in a better way. Overall, it is a very good tool for PAM.
There were not very many solutions that provided the entire package of taking an account from creation and deactivating it when no longer needed, as well as providing the discovery of unknown service accounts. Other solutions like RoboForm and LastPass did not offer the ability to manage your service accounts and added layers of complication to ensure security.
The Symantec VIP solution has a more easy implementation process, which makes implementation faster. The Prove Of Concept of the solution presents the best results compared with Duo. The final price charged was cheaper. Consultants that participate in the process get show to us in a more clear manner all scenarios where we can use the Symantec VIP.
