Fully integrated with Active Directory – no requirement for complex proprietary databases
From the moment we first put pen to paper and finger to keyboard Defender 5 was conceived with Active Directory in mind, unlike all of our competitors, who have hastily adapted their offerings in order to state support. |
Utilizes Active Directory replication to propagate configuration changes – no need for complex and unreliable mechanisms or manual intervention to replicate changes to remote servers and agents
Active Directory is an industry strength distributed directory, utilized by organizations that exist on a global scale. Therefore, proven reliability is a must in terms of Defender's ability to deliver data throughout the directory, where and when required. By leveraging the Active Directory backbone to store user and token properties, Defender maximizes its benefits and provides a globally scalable product. Other competitive products use Active Directory in a very different fashion, by copying data from their proprietary databases to and from Active Directory in an attempt to leverage its replication, but still retaining their legacy data systems and structures as bolt-ons to the Active Directory environment. |
Fault tolerance and redundancy possible at every Domain Controller
Scalability is crucial for a true enterprise product like Defender 5. Redundancy and fault tolerance are critical facets of the ability of the products ability to scale. Defender Security Servers (DSS’s) can be installed at as many appropriate or critical points throughout the AD environment as required. |
Management is performed using the standard Microsoft Windows native administration tools "Users and Computers" – no need for proprietary management tools which are typically complex and unwieldy
Security, while absolutely essential, should not disrupt work patterns any more than necessary. As a result of the conceptual, ground up design process, Defender 5 has been able to leverage the advantages of native and user familiar administration tools, ensuring that implementation is straightforward, with no new interfaces to learn. |
Proxy functionality allows for controlled rollout and staged migration
We are aware, that for many organizations wishing to replace their legacy authentication solutions, the ability to stage this process is vital. Defender allows undefined users to be proxied to a secondary legacy system, for subsequent migration to the Active Directory and Defender systems in a controlled fashion. |
Authenticates ANY RADIUS compliant software or hardware
Defender has been designed around standards, including its support for RADIUS. By adopting RADIUS, Defender can integrate with, and authenticate, any RADIUS compliant device or application. |
Supports both asynchronous, synchronous, software and hardware tokens
Defender has been designed to be as flexible as possible, supporting many types, varieties and form-factors of token, including asynchronous and synchronous hardware, as well as a variety software and PDA tokens. |
Support PINS, AD Password or both during authentication
We support Personal Identification Numbers (PIN’s), Passwords both Active Directory and Defender where remote access solutions do not wish to propagate internal AD passwords beyond their firewalls, and token responses for all authentications. We can combine these options to create different policies for different users as well as different access routes. |
Supports a wide range of tokens from multiple manufacturers, ensuring the most appropriate token type for every user
Unlike all the leading competitive products on the market today, Defender has no axe to grind for a particular token. We do not manufacture tokens; therefore we are free to encourage our customers to select the most appropriate token solutions for their users. This may mean several different token types within an organisation, rather than one size fails to fit all solution, we often face in competitive situations. |
Largest Token Selection available on the market today
It is PassGo’s policy to be driven by our customers, and as new token hardware is developed, and demand is identified, we endeavour to work with manufacturers to support their hardware. This approach has led to Defender support for the largest selection of tokens in any strong authentication solution on the market today. |
No-nonsense licensing model, includes all agents and product extensions
PassGo recognises that while licensing is important to ensure the ongoing development and support of a product, it should be as unobtrusive and flexible as possible for users. PassGo only license Defender 5 by the number of users wishing to authenticate. All Security Servers and agents are included within this base license model. |
Can be configured with multiple tokens of any type for each user as well as multiple tokens of different types for each user |
While at first glance, the ability to assign multiple tokens to an individual user may not seem that important, it is a frequently used option, for example, travelling staff often have a soft token as well as a hardware token, thus ensuring they can access their office systems whether their laptop is available or not, i.e. through an airport Internet terminal. |
Also, many users like to have access to the Defender Mobile (SMS) token. This ensures that they forget their token, they can use their mobile phone, via SMS, to obtain emergency access. |
Helpdesk feature keeps users working even with lost, broken or stolen tokens
In the real world, people are always the weakest link; we are fallible and will forget our passwords and tokens. For this reason, Defender includes Helpdesk modules to permit temporary one-off, or time limited access in such circumstances, this ensures that your staff are kept working and your business kept running at all times. |
Users are allowed to securely register their own tokens, significantly reducing the burden of administration
Some time ago, while upgrading from a legacy authentication product to Defender, we recognise the issues for security administration in assigning and distributing hardware to a large user base. As a result, PassGo developed a unique secure mechanism, which allows users to receive a token, and securely assign that token to their account, thus removing the entire additional administrative burden created through the conventional token assignment route. This is now a standard part of Defender, and routinely provides substantial time savings. |
Quick and straightforward installation and configuration
Installation has been carefully considered to ensure the process is painless and simple. A small to medium installation is often complete in less than an hour. |
Comprehensive web-based reporting module
With Compliance an ever present issue for organizations today, the ability to determine what happened, when and by who is vital. Defender 5 has a comprehensive web based reporting module to deliver essential information in an instant. |
Secure WebMail Access Solution – provided as part of the product at no extra charge
Defender contains a remote web access email solution called WebMail. This allows secure remote access to corporate email services, authenticated with a token, from anywhere in the world. This module operates with Microsoft Exchange, Lotus Notes and Novel GroupWise. |
No programmed token expiry
A number of security solution vendors programme a date beyond which their tokens will ‘die’. PassGo do not do this, but instead, advise their customers of projected token life expectancy, to maximize return on hardware investment. |
Supports the Microsoft Extensible Authentication Protocol, EAP
Defender can be utilized via the Extensible Authentication Protocol, EAP to supplement the authentication process, e.g. to add strong authentication to the Microsoft VPN client. |
Support for the full range of RADIUS attributes including custom attributes and group membership information required by the latest generation of SSL VPN Devices
A number of hardware or appliance based remote access devices require customizations which are achieved through the use of custom RADIUS attributes. Defender provides a high degree of generic support for RADIUS attributes and payload in order to deliver greater out-of-the-box flexibility. |
Utilizes intelligent mechanisms to avoid problems caused by user account lockout
Defender has an intelligent Account lockout reset function, which can be configured to reset a locked account after a pre-determined time period. |
Independently tested and approved by Microsoft via their independent testing partner, VeriTest
Defender has been tested and certified by Microsoft’s independent testing partner, VeriTest. |
