Silverfort Pricing

Based on number of users

2 pricing models:

Base Platform

+ any number of modules to address specific needs

OR

Unified Identity Protection Platform

Which includes all modules and capabilities

VIEW OUR FEATURE LIST

Product Module Available Features

Base Platform

Advanced MFA

Service Account Protection

ITDR

Unified Identity Protection

Infrastructure

Identity visibility & auditing

Authentication logs across all user accounts and identity providers

Exporting authentication logs to SIEM

Discovery of users, devices, and resources across all identity providers

Identity security posture management (ISPM)

Legacy authentication protocols (NTLMv1, Cleartext LDAP, weak encryption, etc.)

Password hygiene (unchanged passwords, old passwords, etc.)

Vulnerable user accounts (shadow admins, stale users, admins with SPN, etc.)

Domain configuration issues (unconstrained delegation, non-admin DC owner, etc.)

Vulnerable resources (Log4Shell exposure, shared devices, etc.)

Protect any resource with MFA

AD authentications (including legacy systems, command-line interfaces, on-prem infrastructure, etc.)

Desktop logon

Azure AD

Okta

PingFederate

ADFS

RADIUS

Use any MFA type

Supporting all leading MFA methods (mobile push, OTP, FIDO2, number matching, etc.)

Supporting all leading MFA providers (Azure MFA, Okta Verify, PingID, HYPR, Duo, Yubico, RSA SecureID, etc.)

Silverfort MFA desktop and mobile app (optional)

Phishing and MFA bombing protection

Cyber insurance compliance

Cyber insurance compliance report

Service account discovery

Inventory of all service accounts (name, group membership, attributes, behavior, etc.)

Classifications to different types (M2M, hybrid, scanners, etc.)

Identify service accounts that are also used manually by admins

Discover privileges, interactive logins, broadly used accounts and more

Service account monitoring

Map all sources and destinations for each service account

Behavioral analysis of each service account’s unique activity patterns

Service account protection

Block or alert when service accounts are used outside their intended purpose

Automated access policy suggestion, based on the service account normal behavior

Policy automation and APIs

Discover and export a list of all privileged service accounts’ sources, destinations and dependencies to simplify and accelerate their onboarding to the PAM (if needed)

Detection & alerting

Known attack patterns (brute force, Kerberoasting, etc.)

ML-based anomaly detection (lateral movement, unauthorized access, etc.)

External risk indicators (SIEM, XDR, etc.)

Respond to threats with real-time access block

Risk-based policies – respond to detected threats by blocking access in real-time

Risk-based policies – respond to detected threats with step-up MFA verification

Integration with 3rd party SOAR response and remediation playbooks

Reporting

Executive risk assessment reports

Authentication firewall

Apply identity segmentation rules to allow/deny access in different scenarios

Block access of users over insecure protocols (NTLMv1, etc.)

Prevent PAM bypass by ensuring that privileged users can only access resources through the PAM