Silverfort Pricing

Our pricing is structured around three simple packages based on the number of protected users across our protection modules. For more information on these packages and what’s included in each protection module, take a look below – or to request a quote, schedule a quick call with the team.

Silverfort Essential

Base Platform
(Including ITDR & ISPM)
All users

+

Advanced MFA
A sample of users

+

Service Account Protection
A sample of users

+

Authentication Firewall
A sample of users

Silverfort Pro
(Most Popular)

Base Platform
(Including ITDR & ISPM)
All users

+

Advanced MFA
10% of users

+

Service Account Protection
10% of users

+

Authentication Firewall
10% of users

Silverfort Unified

Base Platform
(Including ITDR & ISPM)
All users

+

Advanced MFA
All users

+

Service Account Protection
All users

+

Authentication Firewall
All users

Base Platform

Included in all packages for all users

Identity Visibility & Auditing

  • Authentication logs across all human users and service accounts and identity providers
  • Exporting authentication logs to SIEM
  • Discovery of users, devices, and resources across all identity providers

Identity Security Posture Management (ISPM)

  • Legacy authentication protocols (NTLMv1, Cleartext LDAP, weak encryption, etc.)
  • Password hygiene (unchanged passwords, old passwords, etc.)
  • Vulnerable user accounts (shadow admins, stale users, admins with SPN, etc.)
  • Domain configuration issues (unconstrained delegation, non-admin DC owner, etc.)
  • Vulnerable resources (Log4Shell exposure, shared devices, etc.)

Identity Threat Detection & Response (ITDR)

Detection & alerting on:

  • Known attack patterns (Brute force, Kerberoasting, etc.)
  • ML-based anomaly detection (Lateral movement, unauthorized access, etc.
  • External risk indicators (SIEM, XDR, etc.)

 

  • Respond to threats with real-time access block
  • Integration with 3rd party SOAR response and mediation playbooks
  • Reporting with executive risk assessment reports

Silverfort’s Protection Modules

In addition to our Base Platform – which is included for all users in all packages – we offer three Protection Modules covering the full range of identity security concerns: Universal MFA, Service Account Protection, and Authentication Firewall. Your chosen package will determine the number of users covered by these Protection Modules. Find out more about each module below.

Universal MFA

Protect any resource with MFA

  • AD authentications (legacy systems, command-line interfaces, on-prem infrastructure, etc.),
  • desktop logon,
  • Azure AD,
  • Okta,
  • PingFederate,
  • ADFS,
  • RADIUS

 

Use any MFA type

  • All leading MFA methods (mobile push, OTP, FIDO2, etc.),
  • All leading MFA providers (Azure MFA, Okta Verify, PingID, HYPR, Duo, Yubico, RSA SecureID, etc.),
  • Silverfort MFA desktop and mobile app (optional),
  • Phishing and MFA bombing protection

 

Cyber insurance compliance: includes report

 

Risk-based policies: respond to detected threats with step-up MFA verification

Service Account Protection

Service account discovery: 

  • Inventory of all service accounts (name, group membership, attributes, behavior, etc.),
  • classifications to different types (M2M, hybrid, scanners, etc.),
  • identify service accounts that are also used manually by admins,
  • discover privileges, interactive logins, broadly used accounts and more

 

Service account monitoring: map all sources and destinations for each service account and get behavioral analysis of each service account’s unique activity patterns

 

Service account protection: 

  • Block or alert when service accounts are used outside their intended purpose,
  • automated access policy suggestion based on the service account normal behavior,
  • policy automation and APIs including ServiceNow integration,
  • discover and export a list of all privileged service accounts’ sources, destinations and dependencies to simplify and accelerate their onboarding to the PAM

Authentication Firewall

Identity Segmentation & Risk-Based Policies

  • Apply identity segmentation rules to allow/deny access in different scenarios
  • Respond to detected threats by blocking access in real time

 

Prevent Use of Insecure Protocols

  • Block access of users over insecure protocols
  • NTLM, NTLMv2, etc

 

Prevent PAM bypass

  • Ensure privileged users can only access resources through the PAM

Ask for Pricing