NetIQ Privileged Account Manager
Strengths: Solid auditing, easy to manage.
Weaknesses: Documentation could have used more visuals, web support weak.
Verdict: Nice product, but needs a bit better documentation and support.
The NetIQ Privileged Account Manager offers a four-tiered approach to managing privileged access. This product allows for privilege elevation in order to complete a task, management of shared credentials through the use of policy and approval workflows, manage privileged remote sessions with a system and, finally, manage application-to-application passwords and credentials. This comprehensive approach allows for ultimate management and securing of privileged accounts and their associated passwords.
This tool comes as a software-based install that can be set up on a Windows server within the environment. The installation is quite straightforward and also includes a MySQL database backend, which is suitable for most deployments. At the conclusion of the install, all other management is done via a web-based management interface. We found this interface to be easy to use with an intuitive navigation structure and clean layout. From a configuration perspective, this product can pull systems in from Active Directory or systems can be added manually. Once systems are configured within the interface, access to systems and accounts can be done using Active Directory users or groups, as well providing easy integration with the already existing infrastructure. On the user side, users access Privileged Account Manager via a web-based user interface. This interface has an intuitive tab-top design and allows for easy navigation to access systems using RDP or SSH with one click and without exposing credentials to users.
This product includes excellent auditing and reporting features. All sessions are fully logged and can be reported on directly within the management console. Event logs are broken down and color-coded to provide more clarity on event types and to make finding unauthorized behavior easy. Security administrators can also access full session recordings that include bookmarked keylogging so that it is quick and easy to get directly to the point when a change is made. Further, administrators can shadow a session without users knowing they are there and terminate the session in the case of unauthorized activity.
Documentation includes an installation guide and an administrator guide both in PDF format. These are well-organized and include many clear, step-by-step instructions. However, there was a lack of diagrams, screen shots and other visuals to enhance and clarify configuration procedures. This can cause a bit of confusion during installation or configuration resulting in later troubleshooting.
NetIQ includes the first year of basic support as part of the purchase price of the product. Basic support includes 8/5 phone- and email-based technical support as well as access to a small assistance area on the website which includes product documentation and a knowledge base. After the first year, support can be renewed as part of an annual agreement, which starts at $31 per managed endpoint. Premium 24/7 technical support is also offered at a higher cost.
At a price of $150 per managed endpoint, we find this product a reasonable value for the money. The NetIQ Privileged Account Manager provides a good amount of easy to use functionality with some solid reporting and auditing features.