Quest Software Defender v5.3
Strengths: Functionality, ease of use and integration options.
Weaknesses: Can get costly in an enterprise deployment.
Verdict: Very nice offering for the enterprise.
SummaryThe Defender v5.3 from Quest Software provides strong two-factor authentication through a variety of token options. This solution is all-inclusive delivering both client-side and server-based functionality and management.
The initial implementation takes some time, but the end result is a surprisingly easy to use interface. Defender integrates with Microsoft AD extending the schema and utilizing AD tools and techniques. The Defender Security Server and Defender Management GUI were easy to navigate and understand.
The solution provides many enterprise features, such as load balancing and redundancy for multiple points of authentication, numerous token support options, extensive reporting and auditing, LDAP, AD and RADIUS integration, synchronous and asynchronous authentication scenarios, and user self provisioning.
We tested the Defender Desktop Login, which provides two-factor authentication to the desktop. We also tested the optional Defender reporting feature and were impressed with its capabilities. Additional options that we were not able to test include: Defender WebMail, secure web-based access to email systems; Defender Self Registration, which allows users to self register their tokens; and Defender EAP Agent, which supports two-factor authentication for VPN and RRAS Server.
We tested with the supplied Quest Digipass Go-3 hardware one-time tokens. Defender has support for OATH compliant tokens, as well as a wide array of soft and hard tokens from Digipass and Defender. Additionally, Defender has tokens for mobile devices running Palm, Win Mobile or BlackBerry. The software tokens can be installed locally on the device or optionally on a removable media device to provide added security in the case of a lost or stolen device. One-time passwords can be sent to mobile devices using SMS, turning a cell phone or PDA into a hardware token.
Documentation was great and we used it for the installation, but did not really require it for the remaining effort.
Support options include standard eight hours a day/five days a week assistance, with options to upgrade to 7/24 support.
This is a real nice enterprise solution that is easy on the user and system administrator.