Bomgar Privileged Access Management and Bomgar Vault
Strengths: Solid privileged access management built on top of a comprehensive set of remote access features.
Weaknesses: Price could become prohibitive in certain environments.
Verdict: Good feature set and certainly worth exploring, though price could raise an issue in large environments with lots of distributed administrator endpoints.
Bomgar Privileged Account Management and Vault is an agentless, proxy-based appliance that helps secure privileged account access and monitor systems accessed with those accounts. This product incorporates privileged session management with a secure password vault that ensures that privileged account passwords are secured and cannot be compromised by unauthorized individuals. The vault also can automatically rotate and randomize passwords to ensure all accounts stay secure on an ongoing basis. The secure remote access protocol that Bomgar uses can secure sessions through RDP, SSH and Telnet, allowing secure access to many types of applications.
Bomgar Privileged Access Management is deployed as an application proxy server and comes as a physical appliance, virtual appliance or cloud appliance. The proxy-based deployment allows for access to systems through a browser window without the need for agents. The system integrates directly with Active Directory or LDAP to set user and group access to credentials, as well as pull in systems to manage. We found the overall web-based management interface to be easy to navigate and well-organized. From the user side, the web-based user interface was intuitive and easy to navigate as well. For more advanced access, full thick client versions can provide more functionality than through a basic web session. The thick client also has built-in functionality to easily transfer files between the user and the endpoint and also directly restart or manage services. These additional functions are controlled by policy with Bomgar and activity is logged and can be reported.
From usability and auditing perspectives, we found this solution to include a comprehensive feature set. When a user begins a remote session or checks out credentials, an administrator is notified through email with session information. All sessions are recorded and include a full log of session activity. One standout feature is the inclusion of over-the-shoulder shadowing and collaboration. Aside from being able to simply shadow a user during a session, this product allows for users to collaborate with each other all in the same session. This feature is also available when using the mobile client as well so users can make required changes securely and seamlessly from anywhere.
Documentation included guides for the administrator, user and the appliance install. We found all of these to include a good amount of detail and provide clear step-by-step configuration and usage instructions. Guides also included many screen shots and configuration examples.
Bomgar offers phone and email-based technical support to customers as part of an annual maintenance plan. Customers with a plan get access to product updates and upgrades at no additional cost. Also offered is a large support portal on the website which includes resources such as support chat, technical documentation, knowledge base and diagnostic tools.
At a prices starting at about $3,000 for the virtual appliance plus $320 per managed endpoint, we find this product to be a good value for the money. Bomgar Privileged Accessed Management offers all the functionality of standard access management solutions with added features, such as session collaboration and a full-function mobile application that allows for secure remote privileged access from anywhere. However, we do realize that for larger environments, price could become an issue.