What needs improvement with ARCON Privileged Access Management?

In terms of improvements, I suggest implementing password rotation for service-based accounts, as that should be included.

The solution could be more stable as we've encountered bugs and issues. I'd also suggest adding a browser isolation feature to prevent cache storage on endpoints and mitigate cache-based attacks. This could be crucial as many attacks originate from browsers. In future releases, I would like to see AI features added. It would be beneficial for tasks like detecting malicious activity during sessions, enhancing response capabilities, and providing hunting queries for log analysis.

Some options are required in the tool, especially to help in scenarios where if a user's ID gets locked, that person cannot unlock the ID from ARCON Privileged Access Management. Even the technical team in my company cannot unlock any locked ID with the help of the tool. Even if there is an admin password, ARCON Privileged Access Management releases it using its functionalities, allowing users to generate a password during an emergency. If an ID gets locked, the tool cannot unlock it, making it an area where improvements are required.

A few areas for improvement in ARCON would be performance optimization, ensuring smoother management. Also, clarity on licensing mechanisms, particularly regarding user accounts, could use some improvement. It would be great if these details were readily available on the website for easy access and communication with customers.

ARCON Privileged Access Management lacks a notification feature. The solution is very complex to use, and its product flow is not that good. ARCON Privileged Access Management is not a user-friendly solution, and the application flow from one screen to another is very complex. You need high expertise and skills to use the solution.

The tool is giving an error while accessing the services. I need to modify the DLP file, which involves altering the coding for development purposes. Others may modify some reports. ARCON is dependent on these modifications. As an admin, I cannot edit & customize reports. When I request a personalized report from ARCON, the report template provides the changes. While some features have been added, the video-capturing functionality for PAM is currently limited to Linux-based systems. When using Windows RDP or Windows-related solutions, command retrieval is not available, allowing users to execute the delete command without capturing the action. It is recommended that video-capturing capabilities be expanded to Windows environments to address this issue. Additionally, enhancing the video log functionality to enable faster and more efficient identification of user actions would be beneficial.

Sometimes, ARCON Privileged Access Management's website would crash. So, because of this, video logs and other such related things are not captured. Sometimes, we face certain performance issues while using the solution. Apart from the aforementioned details, to make it better in terms of features, we need a backup strategy. In the product, different things are available. Now there are other products, and there are similarities between those other products. So, they will have that script done. What we usually do is if you run the script, it will take one backup and keep it somewhere. So, we need that backup strategy since it is important.

Bulk password automation is not available in ARCON when compared to other products, and the cloud service is not intuitive for this behavior. For me, these could be some areas of improvement.

Compared to BeyondTrust, ARCON Privileged Access Management fails to provide its users with functionalities like managing AD Bridging and addressing the OT assets from an OT standpoint, including operational technology devices. The solution lacks to offer a governance mechanism for operational technology assets. ARCON has not addressed all of these areas where they lack, while BeyondTrust has a solution for the unaddressed issues by ARCON.

Sometimes it gets stuck between servers and I would like to see this improved in the future.

There are some features lacking but they typically are added when the upgrades are released.

This product has only a basic set of features. There is nothing really special about it. The support services need to be improved. The interface should be easier to use. One thing that would help is better documentation. Managing users is difficult, so that is something that can be improved.

I think hazard flow could be improved, the data compliance part. We need to ensure that no data from any of our users is being accessed or compromised by any privileged user or a team member. There are some things on the database side which are missing and could be included. This is a web-based interface with multiple windows and you have to keep logging in. It should be that you can run any command in any window. It's really about the interface and navigating it.

The solution needs more work on the password management side of things. Password management is a big challenge for us, and I would like to improve this aspect. We're finding that BeyondTrust is better in this regard, which is why we're probably going to migrate over. It will offer better security I think.

* Security * Access management * Illegal activity finding.

Currently, we can manage only the SSH or RDP connections, but there are many more devices that are present, apart from our SSH and RDP. We want all this to be part of the ARCON solution. For the password management, they should increase the pool of supported devices, they should have more connectors. They have to work on their tech support. In addition, they have to consider that upgrades should be easy for the administrators. Currently, along with the upgrade of the ARCON solution, we have to consider the desktops and the endpoints from where the solution will have to be accessed. We have to upgrade those endpoints and desktops as well. So upgrades are not smooth. They also have to work on a cloud solution, because most things are going towards the cloud. A cloud integration should be considered in ARCON. We have not seen one up until now.

There are a few improvements that could be made. One is that it should be browser-agnostic and, frankly, it is working well on Internet Explorer. It should work on popular browsers like Mozilla and Firefox. Also, I would like to see a "wild card" kind of a feature or something that would enable us to search the video. Finally, it would be helpful to have a "Favorites" list. For example, if I have 100 servers but I only go to 10 servers frequently, a Favorites list would allow me to go through those 10 servers only.

There are no APIs readily available. There are hundreds of products available on the market. It could be many applications, not just the server gateway. For many applications, by default, we will get the API. Let's say I'm trying to integrate "XYZ" application with another application. When we do that, usually, we look for APIs. But ARCON does not have the APIs readily available. Having that, for a complete end-to-end solution, would really help. As I mentioned, I'm working on automation for ARCON so that whatever the ARCON administrator is doing will be automated, rather than having to do it manually. For that, I had to spend months to get the API developed myself. Having that handy out of the box, that would really help, because what I am doing is not limited or restricted to the three or four cases. I'm going to automate the complete end-to-end solution of ARCON administration in our organization. So having an API would really help me.

This product is lacking in terms of dashboarding analytics and should have user behavior analytics. It should also have better dashboarding for executive management and security managers, which this product is missing. Another important feature where this product is lacking, in terms of the managing the accounts, is in the active directory (provisioning and non-provisioning), or bridging it with the active directory. Thus, it needs anti-bridging. ARCON needs three important things: * The user behavior analytics should be there. * The dashboarding should be improved. * Anti-bridging should be built into product. This would make the product a comprehensive privileged R&D product. In the future, I would like to have a type of functionality for the product with the mobile application. This would be helpful for some of our approvers, so they can approve at any point of time, sitting anywhere in the world when requests come in through the mobile application. Using the app, they can upload requests of the administrator or users. We would like to see this type functionality go on the product roadmap.

For the in-house built applications, they need to provide good, solid access through their portal.

The auto-password change feature which was recently added. It is supposed to change the password. However, in some cases, while changing the password, it has caused me to lose to connection due to network-related issues or something similar. What we need to have is a type of log for failure of password change. We would like to have something that somebody can act upon, then rectified the problem.

The product is good but a lot of things can be changed, the way the system has been designed. All the access levels have currently been provisioned so a little more effort could be put into it to have a more friendly environment and user experience. The management portal could be a more friendly environment wherein I could deploy with fewer management resources from my side. We have been requesting from the ARCON team to have fewer management activities.