Summing up Symantec VIP Service, a multifactor authentication tool
Expert David Strom looks at the Symantec VIP multifactor authentication product and how it can benefit enterprise security.
Symantec is one of the largest and most well-known security vendors in the IT industry.
The Symantec Validation and ID Protection (VIP) Service is a multifactor authentication (MFA) product that uses biometrics and smartphones to supplement standard username/password logins on a variety of servers and services.
Symantec VIP Manager and MFA products like it prevent unauthorized logins to company resources, applications and services, even when passwords have been compromised or shared among a number of different services by the end user. It is appropriate for medium-sized and large enterprises, especially those that want to make use of a variety of external Software-as-a-Service-based services.
Symantec doesn't use a version number to identify its software releases, but claims it upgrades its cloud-based VIP Manager service every quarter.
Currently, there are three support levels: Basic Maintenance (business hours only), Essential Support Services (24/7) and Business Critical Services, which includes a dedicated support manager for each customer account.
Symantec VIP tokens and applications
Symantec has been in the multifactor authentication space for some time, as evidenced by the long list of mobile phones that it supports and its wide selection of tokens, including desktop and smartphone apps (using both a text service and voice calls) and various hardware tokens. This puts Symantec VIP Manager, along with VASCO and RSA, in the top tier of multifactor authentication vendors.
Symantec VIP also provides more than 30 different integration methods for common apps, such as SharePoint, Cisco, Juniper and SonicWall VPNs. This makes it more flexible and able to support a wider application collection with stronger authentication methods, another indication of how long Symantec has been in the MFA business.
Just to show how popular VIP credentials are, they are used to authenticate more than 100 different websites at present, indicating Symantec's large market share.
In addition, customers can add a bit of JavaScript code to VIP to integrate it with their other web-based applications directly. This adds to VIP's flexibility in strengthening the security of the custom-developed apps organizations develop and deploy.
Symantec VIP management and administration
Symantec sells a risk-based analysis add-on product for VIP, which adds the ability to adjust the login process based on risks discovered by the software; for example, a user who is logging in from two widely disparate geographic locations almost concurrently. The company also offers VIP Enterprise Gateway, which adds Active Directory/RADIUS integration, as well as VPN and local network access to web servers for either Windows or Linux.
Once users have been authenticated as valid, they can go to a self-service portal to register and manage all of their credentials. Some of Symantec's competitors don't offer self-service options.
However, VIP has a few weaknesses that shouldn't be overlooked. First, it offers fewer and less customizable reports than its competitors, although they can be exported, which is the minimum that its competitors offer.
Second is the lack of any policies for granular or group access: Each user has to be set up with particular token credentials. Its competitors, such as RSA, VASCO and SecureAuth, have more granular policies that are easier to set up.
Another downside is that Symantec charges 7 cents for each text message, and 25 cents for voice-based authentications. This used to be a very popular method for providing the additional authentication factor, given that almost everyone has a cell phone that can be included in the authentication process. However, with man-in-the-middle attacks on the rise, this authentication method is starting to fall out of favor.
Conclusion
Symantec has been around a long time in the authentication space and has one of the largest collections of tokens and applications available in its VIP multifactor authentication product.
Installation of the product is its biggest weakness, partly because of the mix of cloud-based authentication and on-premises services that need to be configured.