Wednesday | 3 December, 2008

New tools control access by privileged users

Cyber-Ark tops field of four privilege account management (PAM) products

Tom Henderson and Rand Dvorak (Network World) 29/04/2008 10:43:33

Page:

In this test we closely examined four PAM products from Cyber-Ark, e-DMZ, Quest and Symark in terms of installation, integration with operating system and corporate applications, management and user accessibility. What we found was three distinctly different approaches to password issuance, management and access style. (There are not four approaches because the e-DMZ and Symark products were literally cut from the same cloth as the latter OEMed code from the former and did not fork that code until about 15 months ago.)

We picked Cyber Ark Enterprise Password Vault (EPV) as the Clear Choice winner as it offers the widest compatibility list for operating systems, applications and 'rolling your own' passwords. It also offers an in-depth understanding of directory services that we used in that it's able to find them, deal with them, and get moving in very short order with a degree of flexibility that was often more robust than the competition.

While e-DMZ's PAR and Symark's PowerKeeper are cut from the same cloth, the companies have been competing to add features, manageability and compatibility. In our view, Symark is a bit ahead in that regard.

Quest's Privilege Manager (QPM) for Unix is a product in transition, recently licensed by Quest to add to its list of identity management products. We found QPM to be a customizable kit for managing privilege through the use of a proxy agent. It's an interesting approach, and the customizing can be rapidly replicated for larger Unix-alike (we used Linux and FreeBSD) environments.

How we tested password security products

Each product was tested on a gigabit Ethernet switched network containing servers running Windows 2003 Enterprise Edition, FreeBSD 5.0, Red Hat Enterprise Linux 5 and Novell SUSE Enterprise Server 10 (all patched to current revisions). Two products, e-DMZ PAR and Symark PowerKeeper, were supplied on appliances, and we installed Quest Privilege Manager for Unix on VMware ESX Server on a Dell 1950 server and Cyber-Ark on VMware ESX Server on an HP585G2 server. The VMware ESX servers were also used to house target servers under the control of the products.

Page: