SafeWord PremierAccess 4.0
Strengths: Excellent integration with Active Directory; wide range of token support
Weaknesses: May need developers for web application deployment
Verdict: One of the easiest products to use to protect your network
SafeWord PremierAccess adds an authentication server to your network that can protect your VPN connections. Most vendors are supported, including Check Point, Nortel and Cisco, as well as Citrix applications, Outlook Web Access and Windows Domains. For the last option, you need to install the client software on your PCs.
Authentication can be through smart cards or Secure Computing's own tokens, which come in gold, silver and platinum. Gold tokens generate a single-use password after a PIN has been entered. Typing in the wrong PIN generates an invalid code, so you'll have to warn your users.
Silver tokens are operated by a single button, while the platinum version comes with a keypad. The company also supports a wide variety of other two-factor devices, as well as mobile authentication, so that a single-use password can be SMSed to an employee's phone. The tokens are event-based, which means they do not need to remain in sync with the authentication server.
There is a choice of management options, including Secure Computing's own console, which is available with the Enterprise Solution Pack that also adds authentication for Unix login, web servers and web applications, plus it ships with SafeWord's own Radius server.
For standard installation, management is through Active Directory. The beauty of this approach is that you don't have to learn a new management tool. Instead, each user entry has a SafeWord tab, which you can use to issue and revoke tokens and, most useful for silver tokens, an enforced static PIN as an extra precaution against token theft.
The added benefit of SafeWord's approach is that it's very easy to see all your users; some of the other products we tested integrate with Active Directory but force you to manually enter usernames to register users for authentication.
The authentication to other services is performed by dedicated agents installed on those servers, although integration with web applications is a little trickier and you'll need developers.
SafeWord is just about the easiest product to manage in this group, particularly for Microsoft-based servers. However, it's also highly extendable, so that you can use the same system to protect all of your enterprise resources.