Symantec Advanced Authentication Reviews

It is a stable and highly customizable solution. Many customers rely on it to secure their banking accounts, integrate with government systems, and manage privileged access across various platforms. Our customers use Symantec Advanced Authentication not only for banking applications but also for providing robust authentication methods such as SMS verification, smartphone app authentication, and email-based authentication. These various authentication mechanisms offer flexibility and security, allowing users to choose the method that best suits their needs while ensuring strong protection for their accounts.

Its adaptability is evident in its integration capabilities with a wide range of systems, including Azure, ServiceNow, and IT service management solutions. This versatility ensures that organizations can leverage it to enforce robust authentication mechanisms tailored to their specific needs.

Symantec's multifactor authentication solution provides tailored processes for customers' banking and enterprise applications. It integrates seamlessly with SMS gateways for SMS verification, offers a secure app for generating tokens without constant internet connectivity, and provides email-based authentication for added flexibility.

Symantec's authentication methods offer flexibility, including tokens and biometrics, enhancing security similar to other products. What sets Symantec apart is its extensive global implementation, stability, and strong security. These qualities have proven to be significant advantages, as they haven't posed any notable threats or challenges for our customers upon deployment.

I would rate the user experience and ease of management with Symantec's product as six out of ten.

One of the most valuable aspects is its remarkable stability. Rarely do my customers encounter issues or complaints once it's been properly configured. Once set up, it consistently delivers reliable performance.

There has been a need for aggressive development to modernize the product and align it with contemporary security requirements. While the rebranding has been a step forward, further enhancements are essential to meet the evolving demands of the market. It lacks features such as ActiveSync Exchange security, and it doesn't offer alternatives like password-less authentication via biometrics or patches. While Symantec mainly relies on traditional token-based or password-based methods, newer authentication methods are missing from its repertoire. Support services often lack promptness and depth of knowledge, leaving customers waiting for weeks to resolve issues. In the realm of multifactor authentication, swift resolution of problems is critical, as any slowdown or interruption can significantly impact operations. Urgent improvement is necessary to ensure that support responses are faster and more effective, aligning with the demands of MFA implementation.

We have been working with it for fifteen years.

It offers excellent stability capabilities once its set up properly.

The scalability of this solution is exceptional.

Deploying Symantec depends on the complexity of the environment. If there are multiple applications involved, implementation may take some time to ensure everything is integrated properly. Initial setup, especially for SMS-based authentication, requires integration with the load balancer and other infrastructure components, which can be time-consuming. However, for simpler scenarios with just one or two applications, deployment is relatively straightforward and can be completed quickly. Overall, the deployment process is generally manageable, with complexity varying depending on the specific requirements of each environment. Understanding the specific requirements is crucial when implementing Symantec. Knowing factors like workload balance and the nature of applications involved helps determine the level of customization needed. Customers must decide the security level they seek, whether offloading MFA to the load balancer or integrating it at the application level. Each choice affects the implementation process, with load balancer offloading generally making deployment easier, while application-level integration requires more extensive authentication adjustments. Ultimately, the chosen approach should align with the desired security objectives.

The price is reasonable.

For those considering implementation, if your needs align with traditional MFA or Symantec's Advanced Authentication, it's a highly recommended choice due to its stability and scalability. However, if you seek a more modern MFA solution with extensive user flexibility, such as passwordless options or pattern-based authentication, Symantec may not be the ideal fit. Overall, I would rate it seven out of ten.

Symantec Advanced Authentication can be useful for wherever you require a strong authentication. If you want a strong authentication, second factor authentication, by email, SMS, or soft token, you can use this tool. 

I've had multiple customers running their banking solutions and applications integrated with Symantec. Whether it is web-based applications or PAM applications, privileged access management, it can be integrated with this strong authentication solution. So far, our customers are very happy. 

This solution is deployed on-prem. 

One of the most valuable features of this solution is that it's a strong authentication solution that's able to integrate with applications. 

This solution could be improved with risk-based authentication. I think that this product has everything that most customers are looking for, but modern technology has people looking for security tools with risk-based authentication, which they have a separate tool for. If they could integrate this, it would improve Symantec Advanced Authentication. They have to look at what's newly trending and how things are moving forward, and then adapt and adopt those features. 

Symantec's technical support should also be improved, in terms of response time. 

We have been using Symantec Advanced Authentication for a long time. 

This solution is stable. 

This product is pretty scalable. 

Symantec has very bad support, so I have no words for it. It's one of the worst support experiences I've ever had. The response time is very bad and the priority calls take more time to get resolved. Sometimes it takes months to resolve tickets. 

The initial setup process is easy. It's straightforward, but as far as integration, the complexity will depend on the application and how those applications will be integrated. 

For implementation, generally, you will require one to two people, including an architect and implementers. 

There are eventually going to be implementation costs. Sometimes you're required to have custom code developments there, so that has to be part of the implementation price. 

The competitors are RSA and Microsoft. Symantec Advanced Authentication was one of the top leading products back in the day and, still, it is very stable. 

I rate Symantec Advanced Authentication a seven out of ten. 

We have at least two to three customers using this solution, both of which are reasonably big-sized customers. Some customers have it for about 5,000 to 10,000 servers. 

To those considering implementing this solution, I would advise them to look at what their requirements are. If they want to integrate their active directory, if they want to have an integration with their exchange or application to enable multi-factor authentication, then they need to look into design because architecture is important. Sometimes you can do an architectural level integration at the firewall end, at the load balancer area, and do it in one shot for all applications, rather than going at silos and installing one application, and doing multi-factor authentication for each application. It depends on architecture, so when you are selecting a product, you have to make sure that you do the right architecture. 

Right now we are using it only for PIN creation and PIN verification.

It has been pretty good, but there have been a few things that need to be taken away. CA has to know about them.

Rules on Risk Authentication are very good.

It actually increases our revenue and the customer base.

They definitely need to automate a few processes like the Wiley process. Even though Wiley is part of the CA group, it is not present in CA Advanced Authentication. I want that to be integrated, and not have to implement Wiley in-house during implementation.

Regarding database, they don't support some of the systems like ours. We had to get a workaround implementation for that. The CA consultant definitely helped us with that but still, we had to face a few issues while integrating it with FedEx.

Advanced Authentication talks about the Device ID. But how the device ID is captured, I want to know more about that. 

Stability is pretty strong.

Scalability is pretty strong.

We were not previously using another solution. We went with CA because of customer demand.

Straightforward.

None.

For this type of product it has to be able to handle a sufficient customer base. You have to take the traffic load into consideration, will it take the capacity.

I give it an eight out of 10 because we had a few glitches during the database connections, during installation, so I was not happy with it.

Check that it can handle your database first, before you get into the product.

It tells us exactly what we want in terms of authentication to various applications and provides protection for users who access them. Our users can have access to applications securely through various devices.

It adds a strong layer of security for the multi-factor authentication. Rather than just the one factor with your password, it gives you a one-time password and adds an extra layer of security with encryption. 

We have seen quite a few issues with bugginess. It is indeed pretty buggy and we have had to install some fixes.

We did not have any issues with deploying it.

Stability is indeed an issue with all the bugs we have experienced. We have installed some fixes, but it is still not 100% stable.

We have had no issues scaling it.

I was not involved in the setup.

It is quite buggy, so I would be careful with the product.

Ease of deployment: no need to keep up with physical devices for multi-factor authentication; no software to deploy on end-user computers requiring administrative rights.

The delivery of multi-factor authentication using a SaaS model keeps us from having to keep our servers/infrastructure updated. It also helped us roll out the service much faster than building it out ourselves.

My team migrated away from RSA SecurID hard tokens to the digital certificate-based authentication.

It would be nice to have some level of integration with a separate user store (i.e., Active Directory integration) such that the user name would stay the same across identity management platforms. I would like some level of integration with AD to avoid having two separate user stores. We only want one user store to maintain.

We deployed it in October 2015; I have used it for approximately one year.

I have not encountered any stability issues.

To date, I have not encountered any scalability issues.

Technical support is very good. (I give it a 4 out of 5.)

RSA SecurID: Our service was coming up to being “end of support” and we decided to switch platforms rather than paying to upgrade our platform.

The support of the user interaction was the only issue. The only issue we had with the initial setup was configuring the certificate-based SAML integration between our SSL VPN service and the CA Advanced Authentication service. There was a minor issue that we were able to resolve in about 30 minutes of troubleshooting.

Other than that, the initial setup went very smooth. Getting users to self-enroll in the service was the next challenge but it was overcome with good communications to the field and the service desk where users would call in trouble tickets.

The initial setup of the tenant is a big cost element of the service and we were doing multiple tenants for our customer. Given that structure, the costs for building additional tenants seemed exorbitant given that the business rules and portal setup work effort was very easy after the initial setup. CA should price additional tenants much less than the first tenant for a single customer.

Before choosing this product, we evaluated Gemalto soft token-based, two-factor authentication.

Make sure you understand the up-front costs and the ongoing cost structure. Users are billed when they are built into the portal, so also make sure your users enroll right away.

For Votorantim bank, the best feature is the token solution. We can analyze any transaction that is declined or blocked. We can make a decision to release or block the transaction or anything else.

CA products are the best fit with our backend systems. CA is the best tool for our backend solution. This solution has made the bank more secure.

We are looking for something that can fingerprint a check. For example, if you lose your credit card, they can double-check your identity with your fingerprint.

We have used this solution for approximately a year and a half.

The stability is very good. We never have any stability problems.

The tool’s scalability is good. We can scale down during the operations if we need to.

I was involved in the setup as the solution architect. I did everything on the project to release it to the production environment. It was a complex process because we are talking about a security project. When we talk about this kind of product, it is normal for it to be complex.

We looked into other vendors, such as Novell and Oracle. We reviewed IBM, but they did not have the best fit for our backend systems. CA fits better with our backend system.

I would suggest that others first analyze their backend systems very well. Make sure that the backend systems are a good fit with the new product that they are buying.

When selecting a vendor, I look for technical knowledge. This is the first thing that our bank analyzes. The second thing, as always, is the price.

Aside from the two factor authentication requirements that we have, as far as having access to HIPA protected data, there's also the risk engine that helps us evaluate and answer questions like "When was the last time and location that a person accessed that data?" It's infeasible within time and place, they can't have been in Dallas at 3:00 and then at Florida at 3:30 and say, "Yeah, it's the same person accessing that data."

It will therefore help us respond with "Hey, maybe we need to re-evaluate and see if that's really the same person." We try to make sure that our customers only use one device to access that data, preferably their work device. We don't really want them accessing that from their home PCs and potentially exposing that data to other places. So, we'll use device fingerprinting as well to make sure that we are getting them on just that one device and not letting them proliferate on other devices we wouldn't like.

It allows us to assure our customers that we are protecting their data. We deal with a lot of other data. They'll have contractual and as well as Federal requirements to protect that. It's just another tool in our toolbox to make sure that happens.

The solution itself is pretty stable. We are working with the teams to get new functionality to help some of our more recent challenges, different customers and applications that we, developers wanted to use that data different ways. And so, sometimes it becomes a challenge to integrate them into our existing tool set. But, CA has been pretty good about working with us to make sure we have the right resources and expertise to customize our tools if we need to or help us with something new.

If we're not using the right product or we need to use something else, they're usually really good about saying, "Hey, well, we have this offering that'll maybe work a little bit better for what you're trying to do." Or for example, if we're doing stuff with your traditional data centers versus doing things in the cloud, sometimes the same methods and parents you would use in one place don't really translate to the other. And if you try to force it, then it doesn't scale well. That's where they would come in and help us with something different.

It's really good. They make sure that if we are having a challenge with a issue that is taking too long for instance, do we need to get more people to understand the problem? Do we need to start having regular work sessions whether it's a WebEx or if you see in real-time what we're seeing, they can better understand what issue we're having so they can address it and get us back to where we need to be.

Sometimes getting this set up does take a bit longer. It's not always install, next, next, next, finish. We have so many requirements that we're trying to meet again either from Contractual or Federal standpoint that we're not always the easiest to configure for. We have a lot of special cases and we'll present a lot of challenges to them that again they'll help us like, "Well, to do this, you're going to need this, this, this and this." And again, help us get all the right pieces in place wherever they need to be, working the way they need to and deployed.

If you just need basic 2-factor, it fills the bill. Where we get our value is the risk-evaluation and those additional protections.

Make sure you have all your requirements identified and really think about what you're trying to accomplish. A lot of times, we'll have a problem and we'll already have a solution in mind. And, "How do we make this fit this?" Versus "Well, what do we actually need to get done?" And build all that out first. Then talk to your support team like, "Well, here's what we're trying to do." And then maybe get their feedback because sometimes they'll have a different idea of what you should be doing with your portfolio instead of trying to, "Well, I've got this square peg here, and this is kind of roundish but I think I can actually hit it hard enough, I can make it work." They may have something that's a little rounder for you and give you some of the same things that you're trying to look for.

Arcot, for us, is really about multi-factor authentication. We use it on our client's side and, I think, probably the two biggest features of that are from the end-user experience. So, it is basically a token that is stored on the device which represents something you have, but the user actually logs in effectively with a password. They're not really aware that they've got a second factor. So, that's quite nice.

The second distinctive feature is that it has protection against brute force attacks, which means even if you got a hold of the token and you tried to guess passwords or try a brute force circuit, it will always return a value of which you cannot tell whether it is successful at all.

The main benefit is really around the fact that there is a soft token. The cost of having to distribute a hard token isn't there. Some of our colleagues in other business divisions are issuing cards or some other second-factor device. This gets quite expensive, so being able to issue a soft token, but still having fairly strong security, is a big factor for us.

Arcot itself is based on a browser technology. This means that the office ID is effectively stored as a cookie in the browser. One of the things we have seen from our customers is that certain policies dictate that browser caches are cleared, which means cookies get deleted. This then means that some classes of users have to continuously download the office ID and go through the long process. So we would like to see that addressed, where the office ID becomes a bit more persistent or presented in a better way.

I don't really get involved on the operational side of things; I'm an architect. I would hear of issues. I don't think we have many issues operationally with Arcot. I think it's a very mature product, so I don't think there's issues there.

As a technology, it is more of an end-user one as the Arcot ID goes onto the end-user platform. In terms of scalability, there's really not much to say about it. It goes against the backend authentication services. It's built to scale to very large capacity, so we don't have any issues with scalability from Arcot and certainly not on the backend services.

I can't really comment. I don't really engage with them, but I would imagine support is pretty good. Otherwise, we would have issues because if these things can't be fixed or cannot reach support, these are critical banking infrastructure which supports critical banking applications. So if the support isn't there, we would have gotten rid of it a long time ago.

I think one thing I would say would be to make sure you test all of your use cases against Arcot. Make sure you understand the enrollment process, the de-enrollment process, understand how to authenticate use cases, and ensure that it covers everything that you need.

The most valuable feature is that we get a wide range of authentication methods and authentication integrators. Different platforms can get a service authentication with transparency to the final user. With the transparency we also get strong authentication forms and connectors.

We submit our company to SOX compliance, and it helps us with applying controls to for that.

The cloud implementation with different platforms and software has been great for our clients.

It needs faster implementation on the cloud for our customers.

We have a very old and very big legacy system to control. Technical support has been able to help us with hit.

Initial setup was medium-to-high complexity because everyone -- process, business, technical, application people -- needed to be involved. We needed to set many standards and be advised by many committees to make the setup a success.

We used CA as part of the planning and delivery.

No, because this is a very specialized solution for which there aren't many other vendors.