1. leader badge
    Within the solution, I love the fact that everything is recorded. The configuration capabilities are great, too. The technical support for this solution is very good. If I was to rate it on a scale of one to five, I would give it a five.
  2. leader badge
    Being able to use a proxy server is an advantage.It is generally easy-to-use and install.
  3. Find out what your peers are saying about CyberArk, One Identity, Thycotic and others in Privileged Access Management. Updated: March 2021.
    474,595 professionals have used our research since 2012.
  4. There has been no downtime this year.It is able to manage storage and use of personal passwords.
  5. What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy.
  6. 100% compliant and you don't have to maintain ID management for each and every user.The initial setup is very straightforward. It's not complex at all.
  7. Its video recording capabilities have definitely been key for us.The interface is very simple. It doesn't need any plug-ins, just browsers that are installed at the beginning.
  8. report
    Use our free recommendation engine to learn which Privileged Access Management solutions are best for your needs.
    474,595 professionals have used our research since 2012.
  9. We are convinced that Fudo PAM is better than competing products like WALLIX.it's perfect to control and administer computers in our company.
  10. The most valuable feature of this solution is that it is easy to use.

Advice From The Community

Read answers to top Privileged Access Management questions. 474,595 professionals have gotten help from our community of experts.
Simone Antonaci
Kindly advise on the top 5 solutions within the industry to look at. 
author avatarKishan Kendre
Real User

Hi Simone,


Following are the products which you can look for your requirement. I recommend to select any solutions depend on the your organization need. Is it needed on premise or on cloud. Do you need SAAS service or have in house deployment. On these conditions cost will differ. My personal opinion is 


CyberArk, 


Thycotic, 


Wallix


Beyondtrust


Microsoft Azure AD Premium


Thanks,


Kishan


author avatarJan Zeilinga
User

When It comes to PAM, I would say Thycotic, CyberArk, BeyondTrust are the ones I normally include in RFPs.  However, where your environment is exclusively Azure cloud-based, I say that Microsoft's Azure AD Premium provides a pretty good PIM solution. These are different solutions to achieve the same goal of managing privileged access. 

author avatarreviewer1324719 (PAM Architect at a tech services company with 11-50 employees)
Real User

I would first state that you are asking an unqualified question. The PAM tool that matches your organizations requirements, use cases, volume, and many other considerations, will need to be considered in this equation. I like the previous answer by Kishan as I like those products and see them employed successfully. The converse is also true if not carefully scoped and evaluated.


PAM tools can be costly and contain confounding arrays of security features and terminology synchronization will be key in ensuring you are getting what you actually are asking for. On top of the software cost implications you will have the Architectural, Implementation, and Administration costs nipping at your heels. Consider also that this is not a "PAM Project", but a long term Program and buy-off must start from the very top of your organization.


I have witnessed, and participated, in projects that started out with your question, and many went off the rails, unless important considerations are taken into account:


1. Define your requirements with granularity, including integration with your existing infrastructure such as: Authentication / Authorization / MFA, syslog, analytics, Disaster Recovery and High Availability just to name a few.


2.Determine your overall goals relating to Least Privilege, Standing Privilege, Just in time Privilege, and No standing privilege. Do you require Session Recording and Keystroke Logging, as they are not always bundled  into the initial price and sometimes not together, and may be individual features in your initial quotations and can unpleasantly surprise you.


3. Provision a comprehensive test environment to confirm the viability of the product choices within your infrastructure.


4. Select a vendor or integration partner to back-fill the expertise gaps in your organization as these skill-sets are very expensive and marketable.


I apologize for not answering your question directly, but I would consider looking into the Gartner resources, KuppingerCole and so on.


In a short direct answer I favor CyberArk, BeyondTrust, Thycotic, Centrify, and StealthBits, and these are definitely not in any preferential order.


author avatarreviewer1308201 (Information Security | Cybersecurity | VP, Cybersecurity Manager at a financial services firm with 1,001-5,000 employees)
Real User

Hi Simone,


When we started the PAM journey we POC'ed three vendors based on the use cases and the roadmap for your requirements.  Since the world is shifting to cloud infrastructure, i would recommend looking at these vendors.  


One Identity (Safe Guard), CyberArk, and Beyondtrust.  We decided to go with One Identity because it was the right fit for our use cases and requirements.  We have been using safe guard for several years and it did not disappoint so far! Rock Solid tool.


Oluwatosin Soyoye
My Bank is currently looking at PAM Solutions. Kindly advise on the top 5 solutions within the industry that can be looked at. We would like to engage from the OEM point of view to have a POC carried out before we make any commercial engagement.
author avatarOleg Shaburov
User

I'd say that everything depends on your detailed requirements. I can tell that I know many customers who selected One Identity because it was ideal for their needs. Here is what they valued most:


1. Ease of deployment. After several months of piloting competitive solutions, One Identity pilot was started within 1 week (in basic scenarios that can be started within 2 days).


2. No need to deploy agents on servers. That is really important for critical infrastructure.


3. No need to change tools on the client's side. Admins really like it. They are not forced to use some inconvenient tools.


4. Scalability: I'd say that there is no company whose needs cannot be covered by this solution.


If you value the same things than have a look at One Identity.

author avatarAlex Lozikoff
User

I would advise choosing among Gartner MQ Leaders. You are a Bank so the solution should be robust. According to the latest Gartner PAM MQ the leader are CyberArk, Centrify, Beyond Trust, Thycotic. If you need 5 options, take a look at One Identity.


FUDO was excluded by Gartner from the latest PAM MQ.

author avatarAji Joseph
Reseller

PAM solutions worth considering are CyberArc, Centrify, Beyond Trust, Thycotic & Fudo.

author avatarreviewer989748 (Security Analyst at a financial services firm with 201-500 employees)
Real User

BeyondTrust


CyberArk


Thycotic


Centrify

One identity


These are the big players. While they can all do PAM, things you should consider in making a choice include have a success criteria, what you want to achieve, cost, ease of implementation and management, scalability, etc. 


Go for the features you need and fits your requirement and not nice to have. 

author avatarOleg Shaburov
User

What answer will you give for such question: 'what is the best car?'


Is it 'Ferrari, Bugatti, Aston Martin' or "BMW, Mercedes, Audi' or 'Jeep, Toyota, Mitsubishi'?


Give us more info and we will be able to give better advice.


I'd say that if session management is important for you than One Identity should definitely in the list.


And please don't make your choice based on marketing. Test in your infrastructure and you will definitely see the difference. 

Menachem D Pritzker
On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass. Hacked accounts included Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Kim Kardashian, and Kanye West, Benjamin Netanyahu, and several high profile tech companies, including Apple and Uber. The hackers posted variation of a message asking follower to transfer thousands of dollars in Bitcoin, with the promise that double the donated amount would be returned. How could Twitter have been better prepared for this? How do you rate their response?
author avatarKen Shaurette
Real User

I like the potential for catching an unusual activity like that with our recently implemented endpoint detection tool, Cynet360.  It seems so far to have about the highest level of transparency into the endpoint with a 24x7x365 backing of monitoring.  

author avatarPrasanna VA
Real User

It's understood that internal tool probably shared by Internal Employee as RCA. The tool was used to reset associated Mail Address of account thereby Password Reset of Choice. In MFA of Identity related features, it's more secured on keeping it with associated Mobile Secure Pin or SoftCrypto Code in Future to avoid compromise at this moment is the lesson learned. 

author avatarreviewer989748 (Security Analyst at a financial services firm with 201-500 employees)
Real User

The use of two factor authentication by Twitter

author avatarParesh Makwana
Reseller

This is one of the Identity theft issue, which means some one hack your password or account and do activity which he she is not suppose to do. basic reason of hack of your identity or password is Social engineering. second reason is system has week privilege access management. If you have less control on admin id or privilege id then enter firm has to suffer along with the customer of that firm. For me the take away of this event is to protect privilege ID and you good PAM PIM tool with two factor and UBA included.  

author avatarRussell Webster
Real User

Span of control, Solid RBAC, Privileged Access Management (PAM) 

Paresh Makwana
I am a director of a small tech services company. How do you think AI and ML will help or work with Privileged Identity Management (PIM) and Privileged Access Management (PAM)?
author avatarIdan Shoham
Real User

First, terminology - there really is no such thing as privileged identity management. PAM systems broker access to existing accounts and other entitlements - they do not normally create or manage the lifecycles of identities (login accounts, etc.) which is what identity management means. That's just a misnomer introduced and later abandoned by some vendors.

As for the link between ML/AI and PAM - it is basically to identify unusual but authorized access and trigger either extra authorization or at least alerts.
It's normal that John connects to root on the Linux server M-F in the morning, but it's really strange at 3AM on Saturday, so invite John's manager to approve the odd-looking request.

author avatarAslamImroze
Reseller

Typically any new latest PAM comes with a great number of options for automation. Integration with JSON scripts is also possible. It depends on what is the use case you want to achieve. If an ML can trigger AI to send some request to PAM then based upon the input received and configured automation rules in PAM the action will be taken. BeyondTrust PAM can do this.

See more Privileged Access Management questions »

What is Privileged Access Management?

Privileged Access Management (PAM) oversees requirements of critical, private accounts living in an enterprise’s IT infrastructure. It is alternatively called Privileged Identity Management (PIM), Privileged Account Management or Privileged Session Management – collectively known as PxM. A privileged user is a person who can access the administrative backend of a critical system, delete data or change settings. PAM is essential to strong security.

The Privileged Access Management process is normally used as a tool for information security, and IT Central Station users look for richness in the functionality provided for oversight. Enterprises must prevent unauthorized backend system access while always adhering to compliance. Privileged Access Management safeguards aggressive data breaches and is intended to protect confidential data from the efforts of bad actors. PAM is constantly being updated to protect the security of the enterprise IT Central Station users are responsible for controlling shared frameworks and monitor authorized user access along with interim levels of permissions for privileged access within an enterprise.

IT and DevOps teams look for a number of categories necessary for Privileged Access Management, sometimes referred to as a “PAM Solution.” Requirements include life cycle and provisioning management, authorization, authentication, password management, access controls and auditing. Operating system components such as routers, switches, and firewalls all come into question with Privileged Access Management.

Functionality must meet risk management and compliance parameters. The goal is to protect, control and monitor operating systems, applications and the database. This can be achieved in part through session recording and session isolation to prevent unauthorized access, always a concern whether IT is talking about on-premises or cloud solution.

IT professionals are looking for easy to use GUI, availability of OOTB integration functionalities with other systems and availability of OOTB connectors to manage password and sessions of devices. High availability / failover to DR environment with no data loss should be provided and scalable components are key. Time is always a factor, so having the agility and ability to establish and manage simultaneous operating sessions to target devices is ideal. Ultimately, speed, coverage and security are the best ways to keep out the bad guys.

Find out what your peers are saying about CyberArk, One Identity, Thycotic and others in Privileged Access Management. Updated: March 2021.
474,595 professionals have used our research since 2012.