January 21, 2013
Approx. c£5 per user
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Cross-platform; SAML 2.0; mobile smart credential technology; built-in auditing and reports generator
- Weaknesses: No built-in support for biometric readers
- Verdict: A good choice at the right price with a decent feature set
A big name in the digital certificate and identity space, Entrust should be a name familiar to all security consultants, and with good reason. With its IdentityGuard product, Entrust integrates physical and logical, mobile and cloud security, all at a surprisingly low price.
The initial setup of IdentityGuard was about as complicated as we expected, given the feature set of the product. That said, it wasn't an especially difficult process, and the installation guide was written in such a way that we were never left wondering what the next step was. Since we were testing with Active Directory as our user repository, we needed to extend our schema with a LDIF file provided by Entrust. We then ran the IdentityGuard installer file, choosing to use the integrated Tomcat application server. After completing that process, a configuration panel appeared that guided us through setting up the link to Active Directory, product licensing and setting up the first IdentityGuard administrator.
Supported on Linux, Solaris, Oracle and Windows servers, IdentityGuard is a highly flexible solution. Providing authentication for workstation, application and VPNs, it supports a number of different authenticators, including software and physical Oath tokens, grids, smartcards, machine identity and geolocation based on IP. The product is SAML 2.0 compliant, and comes with built-in support for Salesforce.com, Google Apps and Office 365.
A very interesting innovation, however, comes by way of Entrust's mobile smart credential application. Available for iOS, Android and BlackBerry, mobile smart credential uses either a mobile phone's near field communication chip or the Bluetooth stack to emulate a smartcard, allowing users to log into their workstations and applications just by having their mobile phone present, with the workstation seeing the phone as a standard smartcard. Considering the fact that IdentityGuard can be integrated with physical access control systems, the possibilities for its mobile technology become clear.
We also liked the fact that IdentityGuard offers very granular lockout policies, allowing administrators to set authentication failure thresholds on a per-method level. So for example, say a system requires a standard password and either a one-time password or a grid authentication. The end-user just can't seem to figure out how the grid works, and consistently inputs the wrong information. Rather than locking the user's entire account, the system simply locks out that user's ability to use the grid, and forces the one-time password method. Couple that with the product's self-service modules, and users are empowered to manage their own credentials without making numerous trips to the help desk.
The one thing we didn't like was that there is no built-in support for biometric readers. While biometric data can be captured through the smartcard enrolment process and stored on a smartcard, there's no way to simply scan a finger and log in to a workstation or application without third party utilities.
Entrust did a fantastic job with its product documentation. It has made available planning, installation and deployment guides for each module, along with user guides for the client pieces. It's all clearly organised and indexed, bookmarked and hyperlinked, with clear screenshots where appropriate.
Entrust has three levels of support: silver provides 12/5 phone and email support; gold expands those hours to 24/5; and platinum expands them even further to 24/7. Entrust also offers 24/7 emergency support for non-platinum subscribers, and it hosts a FAQs section and a knowledgebase on its website.
At a cost of approximately c£5* per user, IdentityGuard is surprisingly affordable, given the impressive feature set. Its support plans are billed annually, with silver costing 18 per cent of the total solution cost, gold costing 20 per cent and platinum at 22 per cent.
(*Converted from US dollars.)
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report