ARCON Privileged Access Management Reviews

ARCON PAM offers two main access control use cases: dynamic and fixed. In the dynamic use case, users request access to services through the admin, who approves the request and grants access to a specific user account. In the fixed use case, generic users are validated, and the admin manages the password. Additionally, the admin can take a real-time session for any user accessing any service.

The important features are the APM and password-retrieving tool.

The tool is giving an error while accessing the services. I need to modify the DLP file, which involves altering the coding for development purposes. Others may modify some reports. ARCON is dependent on these modifications. As an admin, I cannot edit & customize reports. When I request a personalized report from ARCON, the report template provides the changes.

While some features have been added, the video-capturing functionality for PAM is currently limited to Linux-based systems. When using Windows RDP or Windows-related solutions, command retrieval is not available, allowing users to execute the delete command without capturing the action. It is recommended that video-capturing capabilities be expanded to Windows environments to address this issue. Additionally, enhancing the video log functionality to enable faster and more efficient identification of user actions would be beneficial.

I have been using ARCON PAM for the last five years.

I rate the solution’s stability a seven out of ten.

The solution is scalable.

I rate the solution’s scalability an eight out of ten.

We directly contact and raise the ticket to the support team.

I have used CyberArk before. CyberArk is the most famous PAM solution. Also, it is a very costly solution.

Overall, I rate the solution a seven out of ten.

Controlling the privileged access to all the target servers.

Provisioning of all administrative access through this solution. The privileged administrators are logging in to the solution using their domain ID and then getting access to the required servers based on their credentials. The administrators do not need to know the actual administrator's password. Otherwise, in an environment if you have N of servers, the administrator needs to know the ID password of each and every server. After implementation of this solution they are all stored in the password vault of this solution.

So in this case, let's say one administrator is managing a hundred servers. He may not know the different passwords of the different servers. That person will log in to this solution using his domain ID and password and he will get access to the servers he is managing. This is a primary use of this particular solution.

And then, after storing this administrator password in this password vault of the solution, the solution can automatically go and change the password based on the defined frequency with the defined complexity.

Additionally, it is recording video records for Windows and command-line reports for others, Linux and AIX, of whatever activities being carries by that particular administrator.

One thing which needs improvement is where it is keeping video logs of Windows Servers, whatever activities are being carried out by the administrator. Because Windows logs are a video, they are unsearchable, so if you need to search for a specific administrator and what he has done on a server, right now you need to go through different video logs of that particular timeframe. I think they are coming up with an additional feature where in it can be indexed and can be searchable.

We haven't had any issues with stability.

We have designed a solution such that it has been implemented in both the production as well as the DR environments. Whenever we wanted to upgrade the product to the next version, we upgrade the DR first, then production. And whenever production is being upgraded, the entire access is switched over to DR for all the users. So effectively there is no down time for the end users, the administrators.

The stability of the product becomes very important. Otherwise, if the server in the solution is down, all the administrators lose their access for administration. It has proved its stability over the last five to six years.

We never had scalability issues. The primary issue will be storing the logs. The storage is attached to the SAN, so whenever there is a space crunch, in terms of storing the logs, we just increase the SAN storage. That's it. In terms of computer requirements, we never had an issue in terms of performance.

We had a little different model altogether. We had their resource on site for our support. We used to talk to the onsite person only. So I wouldn't be a right person to give you feed back on the tech support, as such. But whenever we had to escalate to tech support, there was a good response.

We did not have a previous solution.

The setup is pretty straightforward, it is normal. There is application server, there's a gateway server and there's a database server. I don't think there is any complexity in that. 

The product's pricing is good value.

In terms of licensing, go for user-based licensing, without any limit on the target servers.

We evaluated different solutions. We evaluated CyberArk and, if I remember correctly, we had evaluated one more Indian product. I don't recollect its name.

Primarily we took the decision to go ahead with ARCON because the criteria for privileged administrative environment as a domain was evolving a lot at that time. It was in 2012. We felt that they offered many customizations, anything which was required that was specific to the customer's environment. They offered that customization to us. And they have come up with a number of customizations, and a number of good features over that period of time. With CyberArk, we didn't have that much flexibility in terms of customizing the product.

Obviously your administrators should participate in the decision to buy this product, because they will have to go through the solution to access any server or any device on which they wish to do administration. At times, initially, it may seem to people who are doing administration that their flexibility is removed. You have to make them aware that the solution brings them flexibility in terms of not remembering the passwords of many servers; when they have a number of servers to be administered, they write down the passwords. Those issues are taken away.

It also provides a lot of security to the administrator himself. He can also review what commands fired, what commands did not fire.

The solution was suited for the purpose when we evaluated it, and it has also evolved to meet the different needs, additional needs. I think it's continuing to evolve.

Compared to BeyondTrust, ARCON Privileged Access Management fails to provide its users with functionalities like managing AD Bridging and addressing the OT assets from an OT standpoint, including operational technology devices. The solution lacks to offer a governance mechanism for operational technology assets. ARCON has not addressed all of these areas where they lack, while BeyondTrust has a solution for the unaddressed issues by ARCON.

I have experience with ARCON products for ten years. With ARCON Privileged Access Management, I have experience of around nine months. Since I work in the pre-sales department and am not a developer, I won't be able to give you a complete or detailed insight into the solution's technical aspects. My company only recommends ARCON Privileged Access Management to potential users. We already have customers using the solution. My company has a partnership with ARCON.

It is a stable solution. Stability-wise, I rate the solution a seven or eight out of ten.

The solution's technical support team was good.

The deployment process for the solution was easy.

ARCON Privileged Access Management's pricing is reasonable.

Some of our customers who use the solution are satisfied while some are not. We have also received some negative feedback from some of our customers. So, I recommend BeyondTrust over ACRON Privileged Access Management owing to its additional features and easier deployment process. BeyondTrust is also available on a hybrid cloud. However, if you compare the costs of both solutions, BeyondTrust is on the higher side. Overall, I rate the solution a seven out of ten.

Used for server access management.

It has all the features that we require. In this regard I cannot tell you much other than that this solution is good for us, and we have been using it for a long time.

The most important feature is to know who is accessing the servers, the entire conversation that is happening between the servers and the client is recorded. It is a good feature if you want to do some analysis, and for investigation. So it is helpful to us.

I can't think of anything because the features which we require, it has everything that we need. So I cannot tell you much about the improvements required for this product. We are using all the features, and it is good to have.

The only thing is, while the product is good, they could do something on the support side. Support is quite good, but some improvements are required because the time to resolve is four hours. If they could reduce that to two hours, that would be good for us.

There has been no problem.

No issues with scalability.

Technical support is good, whenever we have issues they will resolve the issue, so the support is good.

The setup is not complicated because we implemented it in a single virtual platform, and using that console we integrated all the server platform for access, and directed user privileges. We provided users with a single sign-on.

The pricing works for us. Comparatively, this software's pricing is good.

We have suggested to other operations that they test this product. We have always spoken well about this product.

We prefer not to talk about our use cases for security reasons.

Overall, aside from the lack of password management, this solution is the best. It's a very good product.

The solution needs more work on the password management side of things. Password management is a big challenge for us, and I would like to improve this aspect. We're finding that BeyondTrust is better in this regard, which is why we're probably going to migrate over. It will offer better security I think.

I've been working with the solution for the past two and a half years.

The stability is really good on this solution. This product is really amazing. But in terms of our security, password management is a little bit of a worry for us. Security-wise, we need to change the password frequently. This product only has options for changing the password once a week, every two weeks, two days, or three days. Our recommendation is whenever users want to access the target server, they have to, every time, change the password. So this option is not available currently and it's a weak point.

The solution is scalable, but the security level doesn't increase. That might be an issue for larger companies and continues to be an issue for us. Still, we consider it to be a very good product.

We use this product quite extensively and on a daily basis.

We've made contact with the technical support team on multiple occasions. We even reached out about increasing the password security protocols as an added feature and they said they would consider it, however not much has changed there. They said they were going to release it as a new feature in the next release. That never happened. It's the reason we're looking at another product. It would have been great if they actually responded to their client's needs a bit more.

The initial setup is very straightforward. It's not complex at all.

We handle every aspect of the solution, from deployment and troubleshooting all the way through to managing and accounting. I personally have an administrator-level certification so I know personally how to handle the implementation of the solution and how to work everything in the background.

Deployment takes a maximum of two hours. It's not a long process.

We were able to implement the solution in-house using our own team. we didn't require the assistance of any integrators, resellers or consultants.

We're customers; we don't have any relationship with the business. We're not a reseller or anything like that. We just use the product.

Currently, we're using the solution. However, it's our intention to migrate to BeyondTrust in the near future.

Currently, we are using the latest version of the solution.

I'd like new users to know that the deployment really is quite straightforward, and it's easy to manage and troubleshoot. It's simple to restore the database within minutes if necessary as well. There are some great features that are available on the solution that makes it a worthwhile addition to a business. For us, security remains a concern, and password management is lacking. If an organization shares those concerns, this may not be the perfect solution for them.

Overall, I would rate the solution eight out of ten.

This product has helped us to protect privileged accounts and comply with password policies for privileged accounts. The video logs help us to identify any misuse of privileged accounts.

• Integrated dual factor authentication using mobile app
• Single sign-on
• Password vault
• Video recording

We expect improvement in the dashboards to provide visibility of password compliance status, whenever a password is opened from the vault. Also, flexibility to customize the live dashboard. 

We would also like to see support for privileged accounts used in web-based systems like Blue Coat Secure Web Gateway, VMware ESXI management tools, etc.

We faced one issue where video logs were not opening from all systems. The issue was solved after a version upgrade.

We found the product is scalable if we provide the recommended hardware by the vendor.

We have not had any issue with support. Support personnel are available whenever support is required.

We did not use any other solution.

Initial setup is straightforward and it can easily integrate with OS, database, network devices, etc., without the need for any connectors.

The product is available with competitive pricing. Licensing is not complex. We calculated the license requirements by counting the number of admins and the number of devices which were going to integrate with it.

We evaluated Iraje and CyberArk.

Every organization has a different environment, so do a thorough evaluation for different connection channels it supports like RDP, SSH, Telnet, web browsers, etc.

• Multi-user, multi-OS, multi-database, and multi-hardware platforms
• Cisco, Huawei, IBM, HP, Dell, etc.
• Lots of networking equipment including F5 Networks.

• It helps in managing privileged access management as well as password management.
• Auto-discovery
• Access control.

• Auto-discovery
• Access control
• Privilege management
• Security controls
• Identity discovery
• Usage of privileged accounts
• Time of sessions and monitoring of sessions.

• Security
• Access management
• Illegal activity finding.

Good.

Good.

Good.

No.

Good.

Yes.

It's not yet calculated.

No.

No.

No.

Provides a secure way of accessing the critical services in our organization, with a lot of auditing features built in. It really helps in daily system/network administration tasks by logging the changes executed, in a secured and reliable way.

Logging, particularly screen recording for Windows RDP sessions. Also, command-logging for SSH sessions. This really helps us to see what commands/changes have been executed in a particular service at a given point of time, and by whom.

The product is browser dependent. As of now, it only works on Internet Explorer from the client side. The product should not be browser dependent and should be compatible with all the modern browsers. Admins cannot use any other browsers (Chrome, Edge, Firefox, etc.) to access the client manager online, and have to stick with IE for accessing the services.

Most people are either Chrome users or Firefox users. For them, I have to convince them to use IE.

This has been communicated to the company some time ago. They said this is already under development, to make the product work in the other browsers.

No issues with stability.

No issues with scalability.

Good. They are fine. They respond quickly whenever I put a ticket. Almost all the tickets I've created, I've gotten a pretty quick response. I cannot pinpoint any single instance, but almost all the tickets, whenever I have a problem, they have been good on the other side, and they are very happy to assist us. We are happy with that.

We have never used a PAM solution before. ARCON is the first of its kind in our organization.

Setup was straightforward.

Pricing is reasonable.

ARCOS is a powerful, stable, and reasonable product for anyone looking for a PAM solution.