Brief product summary: StrongDM

StrongDM describes itself as a control plane to manage and monitor access to databases, servers, and Kubernetes clusters. The tool simplifies user management in your existing SSO and keeps the underlying credentials and keys hidden from end users. It provides clear auditing logs for all database queries, complete SSH and RDP sessions, and kubectl activity.

StrongDM has coined the term Dynamic Access Management (DAM) as their evolution of Privileged Access Management (PAM).

StrongDMPomerium
Context-aware gateway
Tunnel
ClientRequired for all machines, devices and protocols.Not required for HTTP-based services.
Continuous authorizationNo. Access is delegated on a per connection basis.Yes, every single request is authentication and authorized.
Device identityYes, via fingerprinting.Yes.
Open Source
Data tenancy & privacyExpansion of information boundary.You have full control over your data and information.
Integrates with multiple Identity Providers
LatencyGood.Best. Deployed at edge, no latency or bandwidth costs.
Policy DescriptionsCan only support simple rules.Can support complex rules.
Layer47
Audit logsSession replays and query history for TCP services.Each request creates an identity and context enriched audit entry.
TCP Session Recording

Our Recommendation

You can use StrongDM with Pomerium to ensure your servers and services are protected.

  • StrongDM is a great tool for securing your databases and collecting full session replay logs on SSH/RDP sessions.
  • Use Pomerium to secure your HTTP-based applications, collect full audit logs, and retain control over data to meet compliance mandates.

Use Cases

  • Have your code and secure it too — StrongDM provides a layer of authentication in front of non-HTTP based legacy services and applications that are not built for the modern threat landscape.
  • Auditing and logging — StrongDM deconstructs every protocol for auditable logging of database queries, SSH/RDP sessions, and kubectl activity.

Strengths

  • Easily provide or revoke access — StrongDM provides fast onboarding and secure off-boarding for simplified user access management.
  • Rich session logging — StrongDM is able to provide session-replay style audit logs for TCP based services like databases, SSH, and RDP.

Weaknesses

  • Client necessary everywhere — The nature of StrongDM’s design requires installing their client onto devices, which can be a heavy ask for end users or the device it runs on.
  • Not web-native — StrongDM was not designed with securing HTTP in mind, so they have grafted their layer 3 and 4 solution to support HTTP. As a result, StrongDM cannot replicate Pomerium’s layer 7 features, where each request can be authenticated, authorized, and logged for auditing purposes, making StrongDM not ideal for HTTP-based applications and services.

Revolutionize Your Security: Achieve Compliance Hassle-Free!

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Download Now
Download Now