Swivel Secure Swivel Appliance
January 02, 2013
$3,527 for a standard hardware appliance, and Swivel ranges from $94 to $1.28 per user.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Combines an already known PIN with a random security string for strong authentication.
- Weaknesses: Lack of PDF guides.
- Verdict: Solid authentication, but a bit light on documentation and a little pricey.
The Swivel Appliance from Swivel Secure is driven by PINsafe, which allows users to combine PINs with randomly generated security strings to provide robust strong authentication. The trick is that the one-time password is a combination of the user's PIN and the security string that the user must put together, making it quite difficult for anyone other than that particular user to create the password. This product can be deployed to leverage all the existing authentication infrastructure already in place, which makes adding this unique strong authentication to the environment quite easy.
This tool can be deployed as a physical appliance, virtual appliance or software-only installation. The virtual appliance is distributed in OVF format and is compatible with all virtual infrastructures, including VMware and Microsoft Virtual Server. As for the initial setup of the appliance, we found getting it up and running in our test environment took only a few minutes. The appliance is managed through a web-based management console, called Webmin. We found this to be clean and organized with an intuitive layout.
This appliance offers a lot in the way of integration with the environment and applications. Administrators can easily add strong authentication to network infrastructure, such as VPNs from Juniper, Cisco, SonicWALL, and Check Point, among others, as well as web applications, such as SharePoint, Outlook Web Access and Microsoft Terminal Services. Furthermore, the Swivel Appliance can manage cloud-based application authentication, including Microsoft Office 365, Microsoft Azure, Google Apps and Salesforce. On the user side, users can get the security strings from SMS, phone or native apps for Apple iPhone, Google Android, RIM BlackBerry and Windows Mobile devices.
Documentation included a couple of short user guides to help get the appliance up and running. Most of the documentation can be found in the knowledge base on the Swivel website. While we found all documentation in the knowledge base to be easy to follow and to contain many screen shots and step-by-step configuration examples, we would have liked to also see a formal user and administrator guide for offline access if necessary. We did find a help guide on the appliance itself, but a full PDF is always preferred.
Swivel offers both eight-hours-a-day/five-days-a-week and 24/7 technical assistance to customers as part of a support and maintenance agreement. Customers receive both phone- and email-based technical aid, as well as access to updates, patches, bug fixes and upgrades. Customers also can access new uses and features as they become available, including mobile clients, change PIN-type applications and new integration options. Also available to all customers is no-cost access to an online knowledge base.
At a price starting at around $3,500 for the server hardware, plus an additional $94 per user, this product is not low cost, but we do find it to be a good value for the money overall. The Swivel PINsafe allows for fully integrated strong authentication that is easy for users to engage, but hard for somebody to compromise. On top of being easy to use, this product offers many integration options that can meet the needs of almost any enterprise easily without too much management overhead.
Sign up to our newsletters
SC Magazine Articles
- Women in IT Security: 10 Power Players
- Report: Phishing costs average organization $3.7 million per year
- Scanner identifies thousands of malicious Android apps on Google Play, other markets
- Women in IT Security: Women of influence
- DARPA seeks to develop program that drastically improves DDoS defense
- DOJ issues new 'stingray' policies and begins requiring a warrant
- Outdated websites deliver TeslaCrypt via Neutrino Exploit Kit: Heimdal
- Scammers and schemers look to cash in on Ashley Madison breach
- ACLU asks DOJ to withhold funds for LAPD body cams
- A question of balance between security solutions and the people who use it