DS3 Authentication Server
The widest range of authentication methods on test.
Can be complex to integrate; LDAP support is an add-on.
An all-encompassing product for financial institutions.
DS3's Authentication Server runs on Sun's server hardware and is primarily designed to protect banking applications from threats such as phishing.
While appliances are generally easier to set up and configure than software, the DS3 Authentication Server is still quite a tricky beast to deal with. For example, LDAP authentication isn't built in by default, and you have to download and compile an add-on if you want to use your existing directory of users.
It does have Radius support, though, so you can add two-factor authentication to remote access such as VPNs quite easily.
The server is platform-agnostic and there are no dedicated agents for common web servers, such as IIS or Apache. Instead, authentication is handled through Java applets, so you'll need the necessary development staff to generate the code to introduce two-factor authentication to your web services. DS3 has a demonstration website that runs under TomCat, which is useful from a coding perspective to get an idea of how the system fits together.
It won't integrate with your existing Windows domain, however, so this product isn't a good choice if you want to protect workstation access.
The server is managed through a web front-end, which lets you define multiple domains, each with its own security policy and list of users.
One server, therefore, can be used to protect multiple resources.
For financial environments, DS3 Authentication Server is a good choice as it provides one of the widest range of tokens we've seen. As well as the standard keyring tokens, it has support for USB tokens, smart cards, pre-printed scratch cards that can be used up to 20 times and, if you install the GPRS modem component, single-use passwords via SMS.
This excellent range lets you deal with long- and short-term clients, spending accordingly on the authentication method.
As with Thales's Authentication Server and Gemalto's Protiva, integration with your existing infrastructure requires quite a bit of work with the help from developers. The DS3 Server's excellent authentication support makes it very flexible, though, and it will appeal to financial institutions. However, its single-focus approach means that it's not ideal if you want enterprise-wide protection.