CA Technologies Privileged Access Manager
March 01, 2016
Starts at £17,460
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Good feature set with highly scalable architecture and API-level automation.
- Weaknesses: High cost.
- Verdict: CA typically has addressed the larger enterprises well and this is no exception. The price, feature set and assumed integration all are hallmarks of large enterprises. In that environment, worth your consideration.
Privileged Access Manager from CA Technologies is an appliance-based access gateway for securing access to systems using privileged accounts. This product comes as an appliance, but is available in physical, virtual or cloud versions. Once deployed, this tool can control transparent login to systems with privileged credentials through a Java-based applet in a browser window or integration with native applications. Further, CA Privileged Access Manager allows developers to integrate authentication directly into code to enable dynamic changing of passwords without the need to store passwords in clear text within the application or automated scripts. It also has capability to integrate at the API level for highly customisable automation and scripting.
From a deployment standpoint, this offering provides many options. Aside from a physical appliance, the Privileged Access Manager is available as a ready-to-deploy OVF virtual appliance or Amazon Virtual Machine Image for cloud deployments. Once deployed, authentication and policy can be set up directly through integration with Active Directory. The appliance comes with many roles predefined for different types of users and access, but it is also quite easy to create custom roles and permissions to systems, credentials and applications. It also features session containment rules, which can keep a user from accessing certain applications or making changes to specific files. If a user violates the set policy a configured number of times, the session is automatically terminated. Along with containment, policy can also be set so that even as a privileged user, users cannot make changes that are unauthorised through the server protection functionality. For the end-user, the web-based interface is intuitive to navigate with a simple layout. Access types are clearly displayed and easy to understand.
Aside from containment policy, this product includes a number of reporting, auditing and monitoring options. All user sessions are fully recorded and indexed by session activity. Privileged Access Manager also integrates directly with security information and event managers (SIEM), including deep integration with Splunk for full auditing and event correlation. However, a SIEM is not necessary to access detailed logs and audit events.
Documentation included several PDF guides. Among these were implementation and planning guides as well as API integration guides. We found all submitted documentation to be well-organised and easy to follow. Much of the documentation included diagrams and configuration examples as well.
CA offers no-cost basic support during installation and evaluation of the product. Once the tool is purchased, customers can also buy standard eight-hours-a-day/five-days-a-week or 24/7 premium assistance through a support agreement. Support subscriptions include phone and email-based technical aid as well as access to a large online customer support portal. This includes resources, such as product guides and documentation, a knowledge base and online tutorials and videos.
At a starting price of £17,448, the CA Privileged Access Manager carries quite the price tag for its feature set. We do find this solution to be a good value for the money, especially for larger environments. It offers some very flexible integration options that may be required in certain networks with direct API-level automation and high scalability.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report