Quest Software Defender 5.3
February 01, 2009
£55.90 per enabled user licence, with additional hw/sw token cost
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Functionality, ease of use, integration options, strong two-factor authentication
- Weaknesses: Can get quite costly in an enterprise deployment
- Verdict: Provides plenty of features for a fair price
Quest Defender 5.3 provides strong two-factor authentication through a variety of token options. It is an all-inclusive offering delivering both client-side and server-based functionality and management.
The initial implementation took some time but the end result was a surprisingly easy-to-use interface. Defender 5.3 interfaces with Microsoft Active Directory, extending the Schema and utilising AD tools and techniques. The Defender security server and management GUI were both easy to navigate and understand, even without the documentation, which was detailed and complete.
The solution provides many enterprise features, such as: load balancing and redundancy for multiple points of authentication; numerous token support options; extensive reporting and auditing; LDAP, AD and Radius integration; synchronous and asynchronous authentication scenarios; and self-provisioning.
We tested the Defender desktop login that provided two-factor authentication to the desktop. We also tested the optional Defender reporting feature and were impressed with its capabilities. Additional options that we did not test include: Defender WebMail, web-based access to email; Defender Self Registration, that allows users to self register their tokens; and Defender EAP Agent, support for two-factor authentication for VPN and RRAS Server.
We tested with Quest Digipass Go-3 hardware one-time tokens. Defender has support for OATH-compliant tokens, as well as a wide array of soft and hard tokens from Digipass and Defender. It also has tokens for mobile devices running Palm, Windows Mobile or BlackBerry. The software tokens can be installed on the device or on a removable media device, to provide added security. One-time passwords can be sent to mobile devices using SMS, turning a mobile phone or PDA into a hardware token.
The documentation was great; we used it for the installation but did not really require it for the remaining effort. Support options include standard 8/5, with options to upgrade to 24/7.
This is a really nice enterprise solution that is easy on the user and system administrator.
SC Webcasts UK
Senior Accreditor, Security Risk and Assurance Manager
Disclosure & Barring Service - Liverpool, Merseyside
DV Cleared Systems Architect - 6 Months - London
Computerfutures - London (North), London (Greater)
CISO – Chief Information Security Officer (Up to £100K)
Evolution Recruitment - London (North), London (Greater)
Head of Security Strategy – London
Evolution Recruitment - London (West), London (Greater)
Information Security Manager
Infosec People - Hammersmith, West London
Sign up to our newsletters
SC Magazine UK Articles
- It's a trap! WhatsApp Gold 'premium' version lures users to malware
- SC Awards Europe 2016 winners announcements!
- Microsoft ends common password use and password lockout
- ISIS radicalises 'lone wolves' through strong social media presence
- 1.5 billion Windows computers potentially affected by unpatched 0-day exploit
- 86% of over-55s worldwide think they're safe from cyber-criminals
- 69% of office professionals in the UK hoard data
- 70% of IDTMs want UK gov to do more so young people enter tech field
- SWIFT adds additional protective measures for members to ensure cyber-security compliance
- Presidential debate 2016: Candidates pledge cyber-investment, differ on Russia