To be honest, it totally depends on your organization's needs, size, budget, etc.
As per my research and experience, I would suggest if you are looking for a larger enterprise with more than 3000 privileged accounts, go with CyberArk PAM, but it is more traditional and can be costly.
If you are in the mid-market to enterprise level and looking for more advanced PAM with modern identity-based capabilities, go with miniOrange PAM. It is much more cost-effective than other traditional vendors, but because it is a recent player, there can be a gap in documentation.
If these two do not work, then look for BeyondTrust, Delinea, or One Identity.
Search for a product comparison in Privileged Access Management (PAM)
Project Manager at a consultancy with 501-1,000 employees
Real User
Feb 18, 2021
Hi Simone,
Following are the products which you can look for your requirement. I recommend to select any solutions depend on the your organization need. Is it needed on premise or on cloud. Do you need SAAS service or have in house deployment. On these conditions cost will differ. My personal opinion is
I would first state that you are asking an unqualified question. The PAM tool that matches your organizations requirements, use cases, volume, and many other considerations, will need to be considered in this equation. I like the previous answer by Kishan as I like those products and see them employed successfully. The converse is also true if not carefully scoped and evaluated.
PAM tools can be costly and contain confounding arrays of security features and terminology synchronization will be key in ensuring you are getting what you actually are asking for. On top of the software cost implications you will have the Architectural, Implementation, and Administration costs nipping at your heels. Consider also that this is not a "PAM Project", but a long term Program and buy-off must start from the very top of your organization.
I have witnessed, and participated, in projects that started out with your question, and many went off the rails, unless important considerations are taken into account:
1. Define your requirements with granularity, including integration with your existing infrastructure such as: Authentication / Authorization / MFA, syslog, analytics, Disaster Recovery and High Availability just to name a few.
2.Determine your overall goals relating to Least Privilege, Standing Privilege, Just in time Privilege, and No standing privilege. Do you require Session Recording and Keystroke Logging, as they are not always bundled into the initial price and sometimes not together, and may be individual features in your initial quotations and can unpleasantly surprise you.
3. Provision a comprehensive test environment to confirm the viability of the product choices within your infrastructure.
4. Select a vendor or integration partner to back-fill the expertise gaps in your organization as these skill-sets are very expensive and marketable.
I apologize for not answering your question directly, but I would consider looking into the Gartner resources, KuppingerCole and so on.
In a short direct answer I favor CyberArk, BeyondTrust, Thycotic, Centrify, and StealthBits, and these are definitely not in any preferential order.
VP & Head of Cybersecurity Manager at a financial services firm with 1,001-5,000 employees
Real User
Feb 18, 2021
Hi Simone,
When we started the PAM journey we POC'ed three vendors based on the use cases and the roadmap for your requirements. Since the world is shifting to cloud infrastructure, i would recommend looking at these vendors.
One Identity (Safe Guard), CyberArk, and Beyondtrust. We decided to go with One Identity because it was the right fit for our use cases and requirements. We have been using safe guard for several years and it did not disappoint so far! Rock Solid tool.
Director at a tech services company with 1-10 employees
Real User
Feb 19, 2021
When It comes to PAM, I would say Thycotic, CyberArk, BeyondTrust are the ones I normally include in RFPs. However, where your environment is exclusively Azure cloud-based, I say that Microsoft's Azure AD Premium provides a pretty good PIM solution. These are different solutions to achieve the same goal of managing privileged access.
Privileged Access Management (PAM) solutions provide organizations with the ability to secure, control, and monitor access to critical information and resources by privileged users.
PAM is crucial for businesses that need to safeguard sensitive data and maintain compliance with industry regulations. It restricts privileged access to only those users who need it and tracks their activities, helping prevent security breaches. Solutions in the PAM category offer comprehensive tools to manage...
To be honest, it totally depends on your organization's needs, size, budget, etc.
As per my research and experience, I would suggest if you are looking for a larger enterprise with more than 3000 privileged accounts, go with CyberArk PAM, but it is more traditional and can be costly.
If you are in the mid-market to enterprise level and looking for more advanced PAM with modern identity-based capabilities, go with miniOrange PAM. It is much more cost-effective than other traditional vendors, but because it is a recent player, there can be a gap in documentation.
If these two do not work, then look for BeyondTrust, Delinea, or One Identity.
Hi Simone,
Following are the products which you can look for your requirement. I recommend to select any solutions depend on the your organization need. Is it needed on premise or on cloud. Do you need SAAS service or have in house deployment. On these conditions cost will differ. My personal opinion is
CyberArk,
Thycotic,
Wallix
Beyondtrust
Microsoft Azure AD Premium
Thanks,
Kishan
I would first state that you are asking an unqualified question. The PAM tool that matches your organizations requirements, use cases, volume, and many other considerations, will need to be considered in this equation. I like the previous answer by Kishan as I like those products and see them employed successfully. The converse is also true if not carefully scoped and evaluated.
PAM tools can be costly and contain confounding arrays of security features and terminology synchronization will be key in ensuring you are getting what you actually are asking for. On top of the software cost implications you will have the Architectural, Implementation, and Administration costs nipping at your heels. Consider also that this is not a "PAM Project", but a long term Program and buy-off must start from the very top of your organization.
I have witnessed, and participated, in projects that started out with your question, and many went off the rails, unless important considerations are taken into account:
1. Define your requirements with granularity, including integration with your existing infrastructure such as: Authentication / Authorization / MFA, syslog, analytics, Disaster Recovery and High Availability just to name a few.
2.Determine your overall goals relating to Least Privilege, Standing Privilege, Just in time Privilege, and No standing privilege. Do you require Session Recording and Keystroke Logging, as they are not always bundled into the initial price and sometimes not together, and may be individual features in your initial quotations and can unpleasantly surprise you.
3. Provision a comprehensive test environment to confirm the viability of the product choices within your infrastructure.
4. Select a vendor or integration partner to back-fill the expertise gaps in your organization as these skill-sets are very expensive and marketable.
I apologize for not answering your question directly, but I would consider looking into the Gartner resources, KuppingerCole and so on.
In a short direct answer I favor CyberArk, BeyondTrust, Thycotic, Centrify, and StealthBits, and these are definitely not in any preferential order.
Hi Simone,
When we started the PAM journey we POC'ed three vendors based on the use cases and the roadmap for your requirements. Since the world is shifting to cloud infrastructure, i would recommend looking at these vendors.
One Identity (Safe Guard), CyberArk, and Beyondtrust. We decided to go with One Identity because it was the right fit for our use cases and requirements. We have been using safe guard for several years and it did not disappoint so far! Rock Solid tool.
When It comes to PAM, I would say Thycotic, CyberArk, BeyondTrust are the ones I normally include in RFPs. However, where your environment is exclusively Azure cloud-based, I say that Microsoft's Azure AD Premium provides a pretty good PIM solution. These are different solutions to achieve the same goal of managing privileged access.