Quest Software Defender 5.3
Strengths: Functionality, ease of use, integration options, strong two-factor authentication
Weaknesses: Can get quite costly in an enterprise deployment
Verdict: Provides plenty of features for a fair price
Quest Defender 5.3 provides strong two-factor authentication through a variety of token options. It is an all-inclusive offering delivering both client-side and server-based functionality and management.
The initial implementation took some time but the end result was a surprisingly easy-to-use interface. Defender 5.3 interfaces with Microsoft Active Directory, extending the Schema and utilising AD tools and techniques. The Defender security server and management GUI were both easy to navigate and understand, even without the documentation, which was detailed and complete.
The solution provides many enterprise features, such as: load balancing and redundancy for multiple points of authentication; numerous token support options; extensive reporting and auditing; LDAP, AD and Radius integration; synchronous and asynchronous authentication scenarios; and self-provisioning.
We tested the Defender desktop login that provided two-factor authentication to the desktop. We also tested the optional Defender reporting feature and were impressed with its capabilities. Additional options that we did not test include: Defender WebMail, web-based access to email; Defender Self Registration, that allows users to self register their tokens; and Defender EAP Agent, support for two-factor authentication for VPN and RRAS Server.
We tested with Quest Digipass Go-3 hardware one-time tokens. Defender has support for OATH-compliant tokens, as well as a wide array of soft and hard tokens from Digipass and Defender. It also has tokens for mobile devices running Palm, Windows Mobile or BlackBerry. The software tokens can be installed on the device or on a removable media device, to provide added security. One-time passwords can be sent to mobile devices using SMS, turning a mobile phone or PDA into a hardware token.
The documentation was great; we used it for the installation but did not really require it for the remaining effort. Support options include standard 8/5, with options to upgrade to 24/7.
This is a really nice enterprise solution that is easy on the user and system administrator.