To be honest, it totally depends on your organization's needs, size, budget, etc.
As per my research and experience, I would suggest if you are looking for a larger enterprise with more than 3000 privileged accounts, go with CyberArk PAM, but it is more traditional and can be costly.
If you are in the mid-market to enterprise level and looking for more advanced PAM with modern identity-based capabilities, go with miniOrange PAM. It is much more cost-effective than other traditional vendors, but because it is a recent player, there can be a gap in documentation.
If these two do not work, then look for BeyondTrust, Delinea, or One Identity.
Search for a product comparison in Privileged Access Management (PAM)
Project Manager at a consultancy with 501-1,000 employees
Real User
Feb 18, 2021
Hi Simone,
Following are the products which you can look for your requirement. I recommend to select any solutions depend on the your organization need. Is it needed on premise or on cloud. Do you need SAAS service or have in house deployment. On these conditions cost will differ. My personal opinion is
I would first state that you are asking an unqualified question. The PAM tool that matches your organizations requirements, use cases, volume, and many other considerations, will need to be considered in this equation. I like the previous answer by Kishan as I like those products and see them employed successfully. The converse is also true if not carefully scoped and evaluated.
PAM tools can be costly and contain confounding arrays of security features and terminology synchronization will be key in ensuring you are getting what you actually are asking for. On top of the software cost implications you will have the Architectural, Implementation, and Administration costs nipping at your heels. Consider also that this is not a "PAM Project", but a long term Program and buy-off must start from the very top of your organization.
I have witnessed, and participated, in projects that started out with your question, and many went off the rails, unless important considerations are taken into account:
1. Define your requirements with granularity, including integration with your existing infrastructure such as: Authentication / Authorization / MFA, syslog, analytics, Disaster Recovery and High Availability just to name a few.
2.Determine your overall goals relating to Least Privilege, Standing Privilege, Just in time Privilege, and No standing privilege. Do you require Session Recording and Keystroke Logging, as they are not always bundled into the initial price and sometimes not together, and may be individual features in your initial quotations and can unpleasantly surprise you.
3. Provision a comprehensive test environment to confirm the viability of the product choices within your infrastructure.
4. Select a vendor or integration partner to back-fill the expertise gaps in your organization as these skill-sets are very expensive and marketable.
I apologize for not answering your question directly, but I would consider looking into the Gartner resources, KuppingerCole and so on.
In a short direct answer I favor CyberArk, BeyondTrust, Thycotic, Centrify, and StealthBits, and these are definitely not in any preferential order.
VP & Head of Cybersecurity Manager at a financial services firm with 1,001-5,000 employees
Real User
Feb 18, 2021
Hi Simone,
When we started the PAM journey we POC'ed three vendors based on the use cases and the roadmap for your requirements. Since the world is shifting to cloud infrastructure, i would recommend looking at these vendors.
One Identity (Safe Guard), CyberArk, and Beyondtrust. We decided to go with One Identity because it was the right fit for our use cases and requirements. We have been using safe guard for several years and it did not disappoint so far! Rock Solid tool.
Director at a tech services company with 1-10 employees
Real User
Feb 19, 2021
When It comes to PAM, I would say Thycotic, CyberArk, BeyondTrust are the ones I normally include in RFPs. However, where your environment is exclusively Azure cloud-based, I say that Microsoft's Azure AD Premium provides a pretty good PIM solution. These are different solutions to achieve the same goal of managing privileged access.
PAM solutions help manage and control access to critical resources by elevating security measures to protect sensitive data. They provide a framework for governing privileged credentials and actions, reducing the risk of breaches caused by unauthorized access. PAM ensures that only authorized users can access and manage privileged accounts, which are often targeted by cyber attackers. It integrates with existing IT environments to streamline security protocols and minimize risks associated...
To be honest, it totally depends on your organization's needs, size, budget, etc.
As per my research and experience, I would suggest if you are looking for a larger enterprise with more than 3000 privileged accounts, go with CyberArk PAM, but it is more traditional and can be costly.
If you are in the mid-market to enterprise level and looking for more advanced PAM with modern identity-based capabilities, go with miniOrange PAM. It is much more cost-effective than other traditional vendors, but because it is a recent player, there can be a gap in documentation.
If these two do not work, then look for BeyondTrust, Delinea, or One Identity.
Hi Simone,
Following are the products which you can look for your requirement. I recommend to select any solutions depend on the your organization need. Is it needed on premise or on cloud. Do you need SAAS service or have in house deployment. On these conditions cost will differ. My personal opinion is
CyberArk,
Thycotic,
Wallix
Beyondtrust
Microsoft Azure AD Premium
Thanks,
Kishan
I would first state that you are asking an unqualified question. The PAM tool that matches your organizations requirements, use cases, volume, and many other considerations, will need to be considered in this equation. I like the previous answer by Kishan as I like those products and see them employed successfully. The converse is also true if not carefully scoped and evaluated.
PAM tools can be costly and contain confounding arrays of security features and terminology synchronization will be key in ensuring you are getting what you actually are asking for. On top of the software cost implications you will have the Architectural, Implementation, and Administration costs nipping at your heels. Consider also that this is not a "PAM Project", but a long term Program and buy-off must start from the very top of your organization.
I have witnessed, and participated, in projects that started out with your question, and many went off the rails, unless important considerations are taken into account:
1. Define your requirements with granularity, including integration with your existing infrastructure such as: Authentication / Authorization / MFA, syslog, analytics, Disaster Recovery and High Availability just to name a few.
2.Determine your overall goals relating to Least Privilege, Standing Privilege, Just in time Privilege, and No standing privilege. Do you require Session Recording and Keystroke Logging, as they are not always bundled into the initial price and sometimes not together, and may be individual features in your initial quotations and can unpleasantly surprise you.
3. Provision a comprehensive test environment to confirm the viability of the product choices within your infrastructure.
4. Select a vendor or integration partner to back-fill the expertise gaps in your organization as these skill-sets are very expensive and marketable.
I apologize for not answering your question directly, but I would consider looking into the Gartner resources, KuppingerCole and so on.
In a short direct answer I favor CyberArk, BeyondTrust, Thycotic, Centrify, and StealthBits, and these are definitely not in any preferential order.
Hi Simone,
When we started the PAM journey we POC'ed three vendors based on the use cases and the roadmap for your requirements. Since the world is shifting to cloud infrastructure, i would recommend looking at these vendors.
One Identity (Safe Guard), CyberArk, and Beyondtrust. We decided to go with One Identity because it was the right fit for our use cases and requirements. We have been using safe guard for several years and it did not disappoint so far! Rock Solid tool.
When It comes to PAM, I would say Thycotic, CyberArk, BeyondTrust are the ones I normally include in RFPs. However, where your environment is exclusively Azure cloud-based, I say that Microsoft's Azure AD Premium provides a pretty good PIM solution. These are different solutions to achieve the same goal of managing privileged access.