We performed a comparison between AWS CloudTrail and CyberArk Privileged Access Manager based on real PeerSpot user reviews.
Find out in this report how the two User Activity Monitoring solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."What I found most valuable in AWS CloudTrail is that it provides a good context of what's happening in the environment, so it's an excellent way to baseline what's occurring. I also like that AWS CloudTrail helps with audits."
"In one specific scenario, we encountered a situation where a terminated employee still had access to our environment without our knowledge. With AWS CloudTrail, we could track and monitor the employees' activities, revealing that they were downloading specific files from our customer's environment. Without it enabled, we wouldn't have been aware of this."
"AWS CloudTrail integrates with AWS Config and provides custom event, security, and compliance auditing."
"The product’s most valuable feature is monitoring. It helps us audit the changes in AWS account at the application and resource level."
"AWS CloudTrail helps in accelerating incident investigation and response. It increases it because I pull out the logs to CloudTrail, and from CloudTrail watch, I'll send it to the Security Hub and do a visualization with Prometheus and Grafana."
"The solution is good as a central logging platform for showing all cloud events."
"It is a stable solution. AWS handles it well."
"If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network."
"The most valuable features of the solution are control and analytics."
"The users have the ability to rotate passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically."
"It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."
"The established sessions on the target systems are fully isolated and the privileged account credentials are never exposed to the end-users or their client applications and devices."
"We like it for the ability to automatically change passwords. At least for my group, that's the best thing."
"The fact that I can put my vault here in a central location on one net for example, and I'll have a CPM in California, a CPM in Texas, a CPM in New York, a CPM in Florida, and actually be able to grow with my company and not necessarily have to continue to grow my vault until I get to a certain number accounts - yet I can still manage everything across the country, if not the world - I love that. I love the flexibility and the capability of being able to pull those components out."
"We have been able to manage application credentials in CyberArk, whether they come as a custom plugin or straight out-of-the-box."
"Maybe if we could do direct queries on CloudTrail without needing to export it to Athena, that'd be great."
"The platform’s reporting log sheet feature could be more user-friendly."
"Once the organization defines its policies, it must immediately enable AWS CloudTrail and integrate it with auto-remediation procedures using Lambda functions. This ensures that the main administrator can receive information quickly and on time without delay."
"The solution should incorporate visibility for CloudWatch events."
"Filtering multiple values within the console is a feature that has yet to exist in AWS CloudTrail. You can look up a user identity, service, or action, but you can't search for multiple dimensions."
"The solution's operation visibility could be improved."
"The usual workload is sometimes delayed by the solution."
"The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow."
"Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge."
"Performance of PIM could be better and intended for usability as well as security."
"Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
"The scalability, sometimes, is lacking. It works really well for more static environments... But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up."
"The one place where we found that this product really needs to improve is the cloud. Simple integrations don't exist, even today. We don't have anything specific on CyberArk for managing, SaaS products, SaaS vendors, SaaS credentials. I understand it's a vendor-based thing and that they have to coordinate with the other vendors to be able to do that, and there are integrations coming. But these are the major places where CyberArk definitely needs to invest some more time."
"I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
AWS CloudTrail is ranked 3rd in User Activity Monitoring with 8 reviews while CyberArk Privileged Access Manager is ranked 1st in User Activity Monitoring with 144 reviews. AWS CloudTrail is rated 8.8, while CyberArk Privileged Access Manager is rated 8.8. The top reviewer of AWS CloudTrail writes "Very comprehensive logs with good points of view for auditing and compliance". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". AWS CloudTrail is most compared with Ekran System, whereas CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and One Identity Safeguard. See our AWS CloudTrail vs. CyberArk Privileged Access Manager report.
See our list of best User Activity Monitoring vendors.
We monitor all User Activity Monitoring reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
