Delivery director at a tech services company with 51-200 employees
Real User
Top 20
2024-09-16T03:08:00Z
Sep 16, 2024
Delinea Secret Server can improve in areas like statistics and notifications, and risk scoring, especially for highly privileged accounts where financial transactions occur. Additionally, complex management features similar to BeyondTrust's PMUL for Unix and Linux might be an area for improvement.
When Delinea upgrades the tool, it rejects our password, saying that it is not compliant and strong. Earlier, we used ten-character passwords which were strong and compliant. It is very difficult to change the password. If we use a service account, most people are unsure where we use those accounts. If we reset the password to make it compliant, we are not sure what the impact will be. Either it should sync with the application automatically, or it has to inform us so that we can easily track and make it compliant with a strong password. This is the only feature that needs to be improved. We use a mobile authenticator. Whenever we reset the account of a user who lost his password, it asks for a recovery code or key. When we generate it for the first time, it provides the recovery key. We have to save that key to reset it. If we do not save it, the end user cannot automatically change it. He has to raise a ticket for the administrator, and the administrator has to reset it from the console side. It has to be made simple so that the end user can easily change his recovery key.
One of the product areas that could be improved is the ease of handling SSL certificates within the application, as it currently requires manual command-line configurations.
In many PAM tools, when users request a password checkout, they need to provide justification. However, in my experience across four organizations, nobody actually reads the justifications. Users can simply type anything and get the password. This becomes a risk and compliance issue. There needs to be continuous improvement in this area, focusing on problem identification and mitigation strategies.
It's a good, very good, superb even product, but the challenge for me with Delinea is that I may not be able to pitch it to an account with a low budget for PAM. Delinea is a good technical solution, but those with experience, especially in Thycotic, will find it easy to use Delinea.
The integration with the ticketing system ServiceNow is complex. That can be enabled with an API-based out-of-the-box consumption. We have customized it, and the features cannot be used without customization. Ideally, there should be a direct mapping between our ticketing system to Delinea instead of having to do custom development.
In terms of the user interface, it's good. However, installation can sometimes be difficult, depending on the environment. We are deploying it in our own private laboratory, not as a secret server cloud. Additionally, CyberArk has a more robust site and development team compared to Delinea. They also provide more educational resources on recent happenings in cybersecurity, the latest attacks, newsletters that educate people in the field, and how to create two opportunities. Delinea could improve in research and development and educate the public on recent trends in the industry.
Senior System Analyst at a government with 1,001-5,000 employees
Reseller
Top 20
2023-03-24T11:37:23Z
Mar 24, 2023
An area for improvement in Delinea Secret Server is its integration with ICAP servers. This integration would help in scanning for transfers and determining if they are one-way or not, and whether they contain values. Additionally, there is a need to enforce the copy-based policy across all secrets in the Delinea Secret Server platform, instead of having it as a personal configuration.
Technical Account Manager (Information Security) at Trustaira
Reseller
Top 10
2022-10-03T12:52:09Z
Oct 3, 2022
Occasionally, the proxy does not work so well. For example, when the custom client application is integrated with a Teams solution. The server integration needs improvement. We find the documentation hard to understand. Support can sometimes be slow.
Head of Platform Engineering at Ascend Group Co., Ltd.
Real User
Top 10
2022-07-29T15:17:00Z
Jul 29, 2022
They could improve the container platform and SPO. The cloud database technologies should be improved. The web browser isolation recording could be improved. When you do anything from the web portal, it cannot record properly. You can only record via remote desktop or secure share. But when the admin performs by web access we cannot record the session.
Assistant Manager, Cyber Security at BracNet Limited
Reseller
2022-06-16T13:49:43Z
Jun 16, 2022
Support could be better. I have heard about a lot of problems in the Bangladesh market. People are saying that there are support issues. So, Delinea should focus on support and services.
Senior Product Manager and Technology Consultant at Barikat
Reseller
Top 10
2022-05-25T15:49:00Z
May 25, 2022
I formerly used only one service: the remote server. For example, I connected to the Active Directory user and the computer's console. But now, I need to do a remote connection to the domain controller. Maybe it only connects to that tool, the Active Directory users, and the computer management console, but not to the domain controller. Another thing Delinea could add is multi-factor authentication.
Program Manager at a recruiting/HR firm with 5,001-10,000 employees
Real User
2022-01-04T21:51:33Z
Jan 4, 2022
We recently had to do a global reset of every company password, something we are still in the process of doing. While we had a few glitches, this likely attributes itself to them not having fully deployed, even as they owned the solution for a while. Now that we have done so, we find ourselves to be learning as we go, especially as concerns the various international laws, such as the GDPR. This said, it works well for us. As I am partial to CyberArk, I rate Thycotic Password Reset Server as a nine out of ten, owing to the minor glitches I mentioned. The initial setup was very straightforward for us. However, as it would not deploy easily with our 2019 servers, we were forced to make a few code changes. It continued to deploy for 2012, something I found to be odd, but started working flawlessly only after I made a few code changes. My only negative thing to say about Thycotic would involve the servicing not having been written for 2019.
It would be helpful to have integration with various platforms, such as Azure Active Directory on multiple platforms. Adding this type of feature can add to Password Reset Server. I would like to see improvement with the integration with Azure Active Directory. This would mean that we can have support on multiple platforms such as Windows, Linux, and Mac. Currently, it is a standalone application, but if it could be combined with other Thycotic products, it would be a good on-premises, as one platform. It would be altogether a very good package.
Secret Server is a fully-featured Privileged Access Management (PAM) solution available both on premise and in the cloud. It empowers security and IT ops teams to secure and manage all types of privileged accounts and offers the fastest time to value of any PAM solution.
Delinea Secret Server can improve in areas like statistics and notifications, and risk scoring, especially for highly privileged accounts where financial transactions occur. Additionally, complex management features similar to BeyondTrust's PMUL for Unix and Linux might be an area for improvement.
When Delinea upgrades the tool, it rejects our password, saying that it is not compliant and strong. Earlier, we used ten-character passwords which were strong and compliant. It is very difficult to change the password. If we use a service account, most people are unsure where we use those accounts. If we reset the password to make it compliant, we are not sure what the impact will be. Either it should sync with the application automatically, or it has to inform us so that we can easily track and make it compliant with a strong password. This is the only feature that needs to be improved. We use a mobile authenticator. Whenever we reset the account of a user who lost his password, it asks for a recovery code or key. When we generate it for the first time, it provides the recovery key. We have to save that key to reset it. If we do not save it, the end user cannot automatically change it. He has to raise a ticket for the administrator, and the administrator has to reset it from the console side. It has to be made simple so that the end user can easily change his recovery key.
One of the product areas that could be improved is the ease of handling SSL certificates within the application, as it currently requires manual command-line configurations.
In many PAM tools, when users request a password checkout, they need to provide justification. However, in my experience across four organizations, nobody actually reads the justifications. Users can simply type anything and get the password. This becomes a risk and compliance issue. There needs to be continuous improvement in this area, focusing on problem identification and mitigation strategies.
It's a good, very good, superb even product, but the challenge for me with Delinea is that I may not be able to pitch it to an account with a low budget for PAM. Delinea is a good technical solution, but those with experience, especially in Thycotic, will find it easy to use Delinea.
There's room for improvement regarding user interface and new functionality.
The integration with the ticketing system ServiceNow is complex. That can be enabled with an API-based out-of-the-box consumption. We have customized it, and the features cannot be used without customization. Ideally, there should be a direct mapping between our ticketing system to Delinea instead of having to do custom development.
The solution's remote support feature needs improvement.
In terms of the user interface, it's good. However, installation can sometimes be difficult, depending on the environment. We are deploying it in our own private laboratory, not as a secret server cloud. Additionally, CyberArk has a more robust site and development team compared to Delinea. They also provide more educational resources on recent happenings in cybersecurity, the latest attacks, newsletters that educate people in the field, and how to create two opportunities. Delinea could improve in research and development and educate the public on recent trends in the industry.
The tool should integrate additional features like OCR.
An area for improvement in Delinea Secret Server is its integration with ICAP servers. This integration would help in scanning for transfers and determining if they are one-way or not, and whether they contain values. Additionally, there is a need to enforce the copy-based policy across all secrets in the Delinea Secret Server platform, instead of having it as a personal configuration.
It would be better if they had a Linux version of the secret server.
The customer service and support team could be improved, and the solution could be more user-friendly.
The product can be improved by reducing the number of updates provided and limiting notifications to mainly major updates.
Occasionally, the proxy does not work so well. For example, when the custom client application is integrated with a Teams solution. The server integration needs improvement. We find the documentation hard to understand. Support can sometimes be slow.
Delinea Secret Server can improve by extending the monitoring policies and making the performance better.
They could improve the container platform and SPO. The cloud database technologies should be improved. The web browser isolation recording could be improved. When you do anything from the web portal, it cannot record properly. You can only record via remote desktop or secure share. But when the admin performs by web access we cannot record the session.
The setup for this solution is complex. I'm not going to lie, you need a specialized system security engineer to deploy it.
Support could be better. I have heard about a lot of problems in the Bangladesh market. People are saying that there are support issues. So, Delinea should focus on support and services.
The UI needs improvement because the interface is a little clumsy.
I formerly used only one service: the remote server. For example, I connected to the Active Directory user and the computer's console. But now, I need to do a remote connection to the domain controller. Maybe it only connects to that tool, the Active Directory users, and the computer management console, but not to the domain controller. Another thing Delinea could add is multi-factor authentication.
We recently had to do a global reset of every company password, something we are still in the process of doing. While we had a few glitches, this likely attributes itself to them not having fully deployed, even as they owned the solution for a while. Now that we have done so, we find ourselves to be learning as we go, especially as concerns the various international laws, such as the GDPR. This said, it works well for us. As I am partial to CyberArk, I rate Thycotic Password Reset Server as a nine out of ten, owing to the minor glitches I mentioned. The initial setup was very straightforward for us. However, as it would not deploy easily with our 2019 servers, we were forced to make a few code changes. It continued to deploy for 2012, something I found to be odd, but started working flawlessly only after I made a few code changes. My only negative thing to say about Thycotic would involve the servicing not having been written for 2019.
The initial setup and deployment can be cumbersome.
It would be helpful to have integration with various platforms, such as Azure Active Directory on multiple platforms. Adding this type of feature can add to Password Reset Server. I would like to see improvement with the integration with Azure Active Directory. This would mean that we can have support on multiple platforms such as Windows, Linux, and Mac. Currently, it is a standalone application, but if it could be combined with other Thycotic products, it would be a good on-premises, as one platform. It would be altogether a very good package.