CA Privileged Access Manager Review

One stop access for all things involving privileged access management


What is our primary use case?

  • Privileged account management
  • Session management
  • Session recording
  • One stop access for all things involving privileged access management.

How has it helped my organization?

  • Earlier admins used to access critical system from their desktop, which was a security threat considering the wide variety of compromises happening on endpoint. Now, all the privileged access is tunneled through PAM.
  • With password management, we can enforce complicated password policies and very important frequent password changes, i.e., weekly.
  • Most importantly, we now have recordings for each and every privileged session which is used for auditing, compliance, and investigations.

What is most valuable?

Privileged account management for Windows (domain and local) and Unix.

What needs improvement?

Service account management is a key area where the product needs to develop. Currently, the product supports service account discovery, but only if the host name of the server is known. For unknown host names, it is still a dark area.

In comparison with Thycotic and CyberArk, the service account management functionality needs to be extended to application pools, SQL database, PowerShell scripts, service account discovery, etc.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We experience stability issues after every patch upgrade. This is a place where CA needs to improve drastically.

What do I think about the scalability of the solution?

The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster. It comes in four forms.

  1. Physical appliance
  2. Virtual instance
  3. AWS
  4. Azure (just launched).

How is customer service and technical support?

The technical support has improved a lot in last year with the advent of the European technical support team.

Which solutions did we use previously?

No previous solution was used.

How was the initial setup?

Initial setup is very straightforward and ease to configure. It is similar to any appliance-based network security device.

What's my experience with pricing, setup cost, and licensing?

Pricing is fair compared to other top vendors, like CyberArk. The licensing is simple and scalable.

Which other solutions did I evaluate?

We did not evaluate any other solutions.

What other advice do I have?

Go for it if your key areas are password/session management of Windows/Unix/database.

Be careful if you want to use this for service account management.

There are some technical challenges while integrating the web-based console (security devices) for transparent login/single sign-on.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest
Sign Up with Email