EXECUTIVE VIEW. KuppingerCole Report

Similar documents
EXECUTIVE VIEW. One Identity SafeGuard 2.0. KuppingerCole Report

KuppingerCole Whitepaper. by Dave Kearns February 2013

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

1 Introduction Product Description Strengths and Challenges Copyright... 6

Digital Risk and Security Awareness Survey

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Security Fundamentals for your Privileged Account Security Deployment

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

HIPAA Regulatory Compliance

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Zero Trust in Healthcare Centrify Corporations. All Rights Reserved.

WHITEPAPER. Moving towards a holistic Cyber Risk Governance approach. KuppingerCole Report

NEXT-GENERATION DATACENTER MANAGEMENT

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Understand & Prepare for EU GDPR Requirements

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

the SWIFT Customer Security

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Best Practices in Securing a Multicloud World

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ACCENTURE & COMMVAULT ACCENTURE CLOUD INNOVATION CENTER

CyberArk Privileged Threat Analytics

DATACENTER SERVICES DATACENTER

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

2018 Trends in Hosting & Cloud Managed Services

To Audit Your IAM Program

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

The Why, What, and How of Cisco Tetration

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES

Network Security Protection Alternatives for the Cloud

Secure Access & SWIFT Customer Security Controls Framework

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

2 Me. 3 The Problem. Speaker. Company. Ed Breay Sr. Sales Engineer, Hitachi ID Systems.

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

5 OAuth Essentials for API Access Control

Security Readiness Assessment

CipherCloud CASB+ Connector for ServiceNow

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

Overview. Business value

Next Generation Privilege Identity Management

SOLUTION OVERVIEW. Enterprise-grade security management solution providing visibility, management and reporting across all OSes.

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices. Internal Audit, Risk, Business & Technology Consulting

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

Cybersecurity Roadmap: Global Healthcare Security Architecture

Secret Server HP ArcSight Integration Guide

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Securing Your Amazon Web Services Virtual Networks

SIEMLESS THREAT MANAGEMENT

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Safeguarding Cardholder Account Data

Securing the Virtualized Environment: Meeting a New Class of Challenges with Check Point Security Gateway Virtual Edition

1 Hitachi ID Suite. 2 Agenda. 3 Corporate. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Accelerate Your Enterprise Private Cloud Initiative

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Alliance Key Manager A Solution Brief for Partners & Integrators

SOLUTION OVERVIEW. Smooth initial setup and business continuity ensured by ESET experts

Alliance Key Manager A Solution Brief for Technical Implementers

Office 365 Buyers Guide: Best Practices for Securing Office 365

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

ONE PRODUCT, THREE SOLUTIONS

CA ARCserve Backup. Benefits. Overview. The CA Advantage

Cracking the Access Management Code for Your Business

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Mastering The Endpoint

How to Deliver Privilege Access Management

Optimizing Infrastructure Management with Predictive Analytics: The Red Hat Insights Approach

5 OAuth EssEntiAls for APi AccEss control layer7.com

Three Key Challenges Facing ISPs and Their Enterprise Clients

Mobile Data Security Essentials for Your Changing, Growing Workforce

Information Lifecycle Management for Business Data. An Oracle White Paper September 2005

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

IT Consulting and Implementation Services

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

2 The IBM Data Governance Unified Process

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

MOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Windows Server The operating system

Partner Center: Secure application model

Changing face of endpoint security

Security and Compliance

Securing Your Microsoft Azure Virtual Networks

Ten Innovative Financial Services Applications Powered by Data Virtualization

Securing Digital Transformation

HP Device as a Service (DaaS)

Transcription:

KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger August 2017 is a mature enterprise-class offering for Privilege Management, supporting the key areas of the market such as Shared Account and Privileged Password Management, Session Monitoring, Account Discovery, and others. The solution convinces with its approach for rapid deployment and an overall strong feature set. by Martin Kuppinger mk@kuppingercole.com August 2017 Content 1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 6 Related Research Leadership Compass: Privilege Management - 72330 Vendor Report: Thycotic - 71112 Snapshot: - 70633

1 Introduction In the age of digital transformation, the requirements for IT, but also the ways IT is done, are changing. Organizations need to reinvent themselves and become agile and more innovative, while meeting ever increasing regulation all in addition to constantly improving security, by having the right counter measures and preventing attacks. On the other hand, with the vast number of attacks that organizations are facing and the burgeoning of regulations, organizations must invent new methods of meeting these needs while still perfectly serving their customers. In addition, smart manufacturing and the internet of things massively expand the attack surface of organizations. Among the various countermeasures Privilege Management plays a central role. Privilege Management describes the domain of technologies that help better manage and control socalled privileged accounts, i.e. accounts having elevated privileges and thus exposing a higher risk. Such accounts also include shared accounts, which frequently have elevated privileges, but are at even higher risk due to the nature of shared credentials. The capabilities of Privilege Management services nowadays range from Shared Account Password Management to Session Management and Privileged Behavior Analytics. Privilege Management can be considered a domain of Cybersecurity since attackers usually go after the high privilege accounts. The users of the privileged accounts have the broadest access to sensitive company data such as HR records, financial information, payroll details or a company s IP. Therefore, a strong emphasis needs to be placed on protecting these accounts, which eventually results in a reduced risk of breaches. Furthermore, Privilege Management is an essential element in protecting organizations against attacks that are not yet identified. What commonly are called zero-day attacks have usually, in fact, been running for a shorter or longer period of time, sometimes for years. All attacks go through a phase where they are run but are not yet detected. Traditional technologies such as signature-based Anti- Malware don t help in these scenarios. New Cybersecurity tools looking for anomalies and outliers can help identify such long-running attacks. Privilege Management helps in two ways in these situations. On the one hand, it increases the protection of digital assets by protecting the most critical accounts and access to these systems. On the other hand, Privileged Behavior Analytics helps in identifying anomalies in privileged user behavior. Additionally, Privilege Management also is part of the IAM (Identity and Access Management) domain, because it is about managing accounts and their passwords, as well as their access at runtime, e.g. by monitoring sessions. Privilege Management thus is an essential element of both Cybersecurity and IAM infrastructures of organizations. It helps in mitigating risks and in protecting the crown jewels of organizations, their valuable digital assets and systems. Thus, it is no surprise that the market for Privilege Management is evolving, with new vendors entering and new and modernized offerings delivering better ways to tackle the challenges of Privilege Management. Page 2 of 7

When looking at the core area of Privilege Management, we expect to see Shared Account Password Management, Privileged Single Sign-On, Privileged Account Discovery and the management of their lifecycles, and Session Monitoring capabilities, which are a common feature in products nowadays. The main features we look at in these areas include, but are not restricted to, the following: Shared Account and Privilege Password Management Central management of shared account privileges Automated credential rotation or OTPs Secure Access to privileged credentials Privileged Single Sign-On (SSO access to multiple privileged sessions) Simple management of session assignments to users Ad-hoc and upfront authorization of access with support of approval lifecycles Simple yet secure UIs Privileged Account Discovery and Lifecycle Management Automated discovery of privileged accounts on servers, clients, and other systems in scope (e.g. network devices) Integration into CMDBs Simple (automated) grouping of accounts and systems Session Monitoring, Analysis, and Recording Session Monitoring Session Recording Session Analysis All for both CMD based and GUI based sessions 2 Product Description Thycotic is a Washington DC based software vendor, incorporated in May, 2000. Thycotic provides Privilege Management and Active Directory self-service solutions. Their approach is similar to most of the other vendors in this space, and they offer a full featured Privilege Management product. The company is privately held and recently funded by Insight Venture Partners. Thycotic is shedding the underdog label and becoming a globally distributed, enterprise ready solution. Thycotic has achieved this by coming from the lower end of the market and steadily making their way into enterprise level clients, helping some very large organizations enhance their privilege security program. Thycotic is a very interesting and young-minded vendor, in that they focus very much on features supporting the emerging platforms such as support for REST and cloud services. They have gone from Page 3 of 7

being a pure Shared Account and Privileged Password Management software vendor to now offering a full-fledged Privilege Management platform ready for global enterprises. Thycotic offers their Privilege Management solution, Secret Server, in two deployment models: onpremises leveraging the Microsoft stack and Software as a Service (SaaS) delivered from the Microsoft Azure platform. Secret Server is an application which relies on Microsoft Technology regarding web and application server technology. It provides a secure storage for information based on AES 256 encryption. Passwords are stored in a Microsoft SQL Server database which can be mirrored. All communication is encrypted. The use of a Microsoft SQL Server and the Microsoft infrastructure factually means that deployment is straightforward, but no specific hardened platform is offered. Thycotic has opted to deliver their solution on technology that is most readily available in organizations, allowing for rapid installation and implementation. Furthermore, advanced configuration such as active-/active-replication must be configured at the level of Microsoft SQL Server. On the other hand, Thycotic s cloud deployment overcomes the potential challenges associated with installing and maintaining the required Microsoft infrastructure. The common frontend nowadays for all management tasks is browser-based. Additionally, mobile interfaces are provided. Based on the extensive set of REST-based APIs, further integration with existing applications and automation is straightforward. The internal management concept is well-thought-out. Security is based on a role concept based on preconfigured roles, which can be tailored to the specific needs of customers. Furthermore, there are features such as 2FA (Two Factor Authentication), workflows for custom approvals, and other capabilities such as SIEM integration (Security Information and Event Management), real-time alerting and other important capabilities. The system supports a variety of target systems, from RDP, SSH session, and PuTTY to managing Cisco environments, Unix and Linux servers, Windows server, VMware ESX, a variety of databases, IBM Mainframes, and other systems. On the other hand, there is also integration e.g. into Microsoft Active Directory for obtaining account information, into CMDBs, and other systems. For the target environments, capabilities such as the management of passwords and their automated rotation, single sign-on access to sessions, session monitoring, and others are provided. Account discovery is another important feature of the product. Overall, all major features listed as requirements for that type of product are supported at a good to excellent level, providing a comprehensive solution for the core areas of Privilege Management. Notably, Thycotic offers additional products for Privileged Behavior Analytics and for Endpoint Privilege Management, thus also covering the emerging areas in the Privilege Management market. Auditing is also supported, including out-of-the-box-reports targeted at the specific requirements of various compliance regulations, as well as the ability to create custom reports that tailor to the organization s requirements is available in a free 25 user edition, which is restricted to the basic password vault and management features, and in two other editions. The professional edition provides the baseline capabilities for Privilege Management. This edition is also available from the cloud. The Page 4 of 7

premium edition adds workflow capabilities, service account management, and additional integration features. Some other features such as high availability and disaster recovery support are add-ons. Despite the need for various Microsoft infrastructure components, counts amongst the tools in the market segment that are easiest to deploy. This is due to the heritage of Thycotic starting at the small end of the market, where complex and long-running deployment projects never have been an option. 3 Strengths and Challenges Thycotic nowadays has numerous high-profile clients, and Secret Server has proven to be a mature enterprise class solution. would fit well into any organization looking for a good, reliable and comprehensive Privilege Management solution. A strength of the product is support for rapid deployment, based on the long-standing experience of Thycotic with a very large number of smaller customers where complex deployments involving professional services will not work. Recently, they have added Privileged Behavior Analytics capabilities which, however, aren t yet featurecomplete and are not fully integrated with Secret Server. Furthermore, there is a solution for Endpoint Privilege Management available from Thycotic as well, allowing for application whitelisting and privilege elevation. From our perspective, is an interesting alternative to the established leaders in the Privilege Management market, providing a number of innovative features and strong capabilities in the key areas of Privilege Management. Strengths Supports a broad number of systems Automatic password rotation of system accounts Simple implementation & user friendly Historical Auditing Web and mobile access Session monitoring capabilities Strong set of APIs Challenges Still limited partner ecosystem Can only be implemented on a Microsoft stack, optionally available as cloud deployment Some features only available as add-on Page 5 of 7

4 Copyright 2017 Kuppinger Cole Ltd. All rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them. Page 6 of 7

The Future of Information Security Today KuppingerCole supports IT professionals with outstanding expertise in defining IT strategies and in relevant decision making processes. As a leading analyst company KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business. KuppingerCole, founded in 2004, is a global Analyst Company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies. For further information, please contact clients@kuppingercole.com Kuppinger Cole Ltd. Sonnenberger Strasse 16 65193 Wiesbaden Germany Phone +49 (211) 23 70 77 0 Fax +49 (211) 23 70 77 11 www.kuppingercole.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback