Delinea Secret Server Reviews

We've used it for auto-discovery, and password management on mainframes, networks, applications, and firewalls. We've also used it for password rotation.

We use it for credential management, including rotation for both human and non-human accounts, as well as session monitoring.

Delinea Secret Server supports our remote access needs.

For remote access needs, we have implemented MFA (Multi-Factor Authentication) and SSO (Single Sign-On) across various applications. We use third-party tools like Ping and SailPoint to integrate with the PAM tools.

Moreover, password rotation has been effective in our environment. We weren't rotating many application passwords before, but an audit from the OCC (Office of the Comptroller of the Currency) triggered a change. 

We now rotate all non-human accounts except for Active Directory and local accounts. It's a best practice, so we set a 30-day rotation for some applications like mainframes and applications that support direct password changes. For others, we set it to 8 hours.

Initially, the application teams struggled to adapt to the PAM culture. It's an organizational-wide change, so it took some time. We guided the application owners and platform teams on setting password rotation policies and initial password guidelines. 

This helped minimize the impact of breaches, especially in Linux and Windows environments. We also have continuous monitoring with Splunk. We integrated the Delinea Secret Server logs into Splunk for centralized log management.

Our customers who require an active-active mode, rather than active-passive, tend to go for Delinea Secret Server.

After working on several PAM solutions, I've noticed that Delinea Secret Server doesn't offer any exceptional features; most solutions have similar capabilities such as automatic password rotation, activity log monitoring, and activity log auditing.

My clients, who are mostly North American clients like SpartanNash and CFI, use Delinea Secret Server for maintaining privileged passwords for their service accounts. Delinea also includes privileged session monitoring and keystroke logging, which is similar to CyberArk.

People are moving towards Delinea Secret Server to store their passwords due to its cheaper cost compared to CyberArk. It provides session monitoring and keystroke logging, which help in maintaining security.

The primary use case for Delinea Secret Server is to sort the privileged passwords. It can also change passwords after a set period or revoke passwords when someone leaves the company. Delinea needs to be on-premises because Turkish regulations do not allow cloud-based security solutions for some sectors. 

Delinea's network integration is the most useful. For example, I use a Check Point firewall connect to SmartConsole, so I need to do a lot of configuration in Delinea Secret Server. Native integration with Check Point is valuable. You can also go download whatever API you need from the cloud, whether you're using Check Point, Palo Alto, etc.  Enriched discovery is another good feature. If you are dealing with several kinds of systems, you can see which system requires privileged access to my network.

We primarily use the solution for privileged access management. 

Delinea Secret Server is like a vault for the users to store their device passwords and is also used for auditing sessions monitoring password production, et cetera.

The most valuable feature is the subscription on offer.

We like the policies that can be put in place. The password duration backup part and even the pipeline are useful. 

The solution offers useful APIs as well. 

We find the initial setup to be simple. 

It's scalable. 

The stability is great. 

The pricing is good.

Support is helpful.

Account discovery and asset discovery is easier in Delinea than in other solutions.

We recently had to reset every company password globally, which I am in the process of undertaking at the moment. 

It seems to be working well for us. While we did encounter several glitches, I believe this owed itself to the solution not having been fully deployed, even though they owned it for some time. We have since deployed it fully and are learning as we go, especially as concerns the various international laws, such as the GDPR. Yet, it works well for us. 

We recently had to do a global reset of every company password, something we are still in the process of doing. While we had a few glitches, this likely attributes itself to them not having fully deployed, even as they owned the solution for a while. Now that we have done so, we find ourselves to be learning as we go, especially as concerns the various international laws, such as the GDPR. This said, it works well for us. 

As I am partial to CyberArk, I rate Thycotic Password Reset Server as a nine out of ten, owing to the minor glitches I mentioned. 

The initial setup was very straightforward for us. However, as it would not deploy easily with our 2019 servers, we were forced to make a few code changes. It continued to deploy for 2012, something I found to be odd, but started working flawlessly only after I made a few code changes. 

My only negative thing to say about Thycotic would involve the servicing not having been written for 2019.

I need to look at using their tool's true multi-tenancy capability to cater to multiple customers within a single platform architecture without compromising security. Information security is key, and an MSP model's objective is to have a privileged access management solution.

Secret Server is called a secret server for a reason. You can create multiple secret servers underneath the parent for every secret server. Every "parent" will be considered as one customer, secret server #1, secret server #2, etc. Under every secret server, you can create multiple secret servers. Those secrets will belong to customers A, B, and C, respectively. If I want to access a customer's Windows environment under a secret server, I will create a secret group called "Windows." This group will be onboarded with customer A's Windows environments within their secret server. We have a logically separated environment as an MSP model.

The privileged access management module is the most reliable feature, along with the password manager.

The primary use case is managing access for user groups and individuals in a very large environment.  

One of the best things about Thycotic is that it is very easy-to-use. It is logical, it has well-designed screens and a nice GUI interface. It has good performance and is generally a pleasure to operate.