Wallix AdminBastion Suite
Strengths: Flexible bastion-based deployment allows for ultimate integration in the enterprise.
Weaknesses: None that we found.
Verdict: Lots of bells and whistles for this unique approach to privileged access management. For its unique approach to the entire privileged account management problem, we make Wallix our Best Buy.
The AdminBastion Suite from Wallix takes a very interesting approach to privilege account management and access. This tool not only acts as a gateway or proxy between an end-user and a privileged system, it acts as the full intermediary. All communication is set to come into the server, so there are no firewalls to configure even on privileged systems. This means that this arrangement can sit anywhere in the enterprise and broker access to privileged systems that can now be hardened to the tightest security possible. The AdminBastion is completely agentless and clientless and is integrated into Active Directory for authentication and user policy management. Further, it can fully automate password changes on Windows, Linux, Oracle, Cisco and Active Directory. This solution also offers credential check-out, approval workflows and single sign-on capabilities.
This system comes as a fully hardened Debian Linux server that can be deployed as a physical server, virtual server or cloud-based server. Once the server is deployed, all configuration and management is done using a simple and cleanly designed web-based interface. This interface is intuitive to navigate and has a comfortable navigation structure. Configuring system access - and then assigning users or groups to access policy - was also quite simple and intuitive. From the user perspective, this tool offers a fully seamless experience. Users access resources from their web-based portal and for access to sessions, such as RDP and SSH, they can be launched directly from the browser using the HTML5-based access manager. Employing approval workflows, users can also request access to resources.
Because of the way AdminBastion handles connections with systems, it can offer clientless and agentless session recording and full logging of session events. It can also use optical character recognition to determine specific activities and if a user is in violation of access policy. All text typed within a session is also logged and matched up with a bookmark within the recording for easy event auditing. Audit logs can be sent directly to a security information and event manager for additional auditing capabilities.
Documentation included an administrator guide, which focused mostly on configuration and management of the appliance, and a user guide, which focused on user interaction with all the parts of the system. All documentation is well-organized and easy to follow. Both PDF documents included a plethora of screen shots, configuration examples and step-by-step instructions.
Wallix offers a few levels of support services to customers ranging from basic (Silver) up to premium (Platinum). These include varying levels of technical support response times, number of users authorized to access support and hardware support. All levels include access to product updates and patches, as well as access to an online support portal, which includes a knowledge base and other support resources.
At a price starting just shy of $400 per server, this product is a great value for the money. The Wallix AdminBastion provides a new design for an old problem of privileged account access. This product can be easily integrated into any environment and begin offering exceptional value from the moment it is deployed.