We just raised a $30M Series A: Read our story

Centrify Privileged Access Service Competitors and Alternatives

Get our free report covering CyberArk, Thycotic, HashiCorp, and other competitors of Centrify Privileged Access Service. Updated: October 2021.
553,954 professionals have used our research since 2012.

Read reviews of Centrify Privileged Access Service competitors and alternatives

GJ
PAM Architect at a tech services company with 11-50 employees
Real User
Top 5Leaderboard
A stable, scalable, and easy-to-deploy solution that can track malicious use or send analytics to a host

Pros and Cons

  • "What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy."
  • "What's bothering me, which is true of all of them, is that sometimes, the error codes that come up don't necessarily get reflected in the searches within their support sites or they're out of date. I would rather search by an error code than type in the text and search for it by text because the error code means that it is programmatic, and it is known. It might not be desired, but it at least is not unexpected. If you don't have an error code, you just get an anomalous error, and if it is lengthy, it can be difficult to search and find the specific instance you're looking for. This is something I would like all of them to improve. BeyondTrust, CyberArk, Centrify, and Thycotic could do some improvements in staying up to date and actually allowing you to search based on the product version. They are assuming that everybody is on their way to release. They put out a new release, but it is not reflected on the support site, which makes no sense to me, especially when they revamp all the error codes. They all have been guilty of this in some way."

What is our primary use case?

We are an integrator, and we do a lot of Identity and Access Management and Privileged Identity. I am only just getting into this solution. I am not trained in it, but I've been reading about it. I have recommended it for a client based on their requirements and based on what I know about CyberArk versus a couple of others. I have not implemented it yet. I have the agent running on the system where I am actually profiled. I have its latest version.

In terms of use case, it primarily has two things, and you can choose whatever you want in the middle. One side is that you can use it to allow the user to have specific administrative rights and do certain things without having to call the help desk. For example, you can allow users to be able to install certain applications. You can also have a whitelist or a blacklist of things that they are allowed to install, which saves a boatload of money in calling the help desk. The other side is to rein in administrators so that they don't go too far or do something outside of the bounds. The help desk personnel would have different restrictions when they log into a workstation than regular users.

What is most valuable?

What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. 

It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy.

What needs improvement?

What's bothering me, which is true of all of them, is that sometimes, the error codes that come up don't necessarily get reflected in the searches within their support sites or they're out of date. I would rather search by an error code than type in the text and search for it by text because the error code means that it is programmatic, and it is known. It might not be desired, but it at least is not unexpected. If you don't have an error code, you just get an anomalous error, and if it is lengthy, it can be difficult to search and find the specific instance you're looking for. This is something I would like all of them to improve. BeyondTrust, CyberArk, Centrify, and Thycotic could do some improvements in staying up to date and actually allowing you to search based on the product version. They are assuming that everybody is on their way to release. They put out a new release, but it is not reflected on the support site, which makes no sense to me, especially when they revamp all the error codes. They all have been guilty of this in some way.

For how long have I used the solution?

I started using it about a month ago when I was doing the appraisal of it, and I put it on a virtual machine. Our work machine is a virtual machine.

What do I think about the stability of the solution?

It is very stable. I had worked on a competitor's product two years ago, and it was rather buggy. It had issues. Sometimes, it used to hang the machine. Because you're running an agent on the workstation, it could have a memory conflict or an application conflict. It doesn't happen anymore because you've got it pretty much running strictly in Windows.

What do I think about the scalability of the solution?

It is very scalable. 

How are customer service and technical support?

I used their email support, which is very good.

Which solution did I use previously and why did I switch?

I didn't switch the client to this one. I recommended this one because it stays under the BeyondTrust umbrella. It also helped them in getting a discount for volume and being a loyal customer and things like that. They also didn't have to add new infrastructure. 

CyberArk is a very good product, and I like it. I've been trained in it, but I have not implemented it. I am not going to ask the customer to install another infrastructure or another platform, especially when the products are fairly equal or equal enough to not be an issue to put on a table. If I had recommended CyberArk, they would have to put in a CyberArk infrastructure and retrain a whole bunch of administrators to administer that. They would also have to train a whole bunch of support people to manage off-hours, holidays, weekends, and things like that. Every time you add another brand, it adds to your soft costs, which can make a solution pretty expensive.

Hard costs are so much fun, and they're much easier. I've seen people get up and just start writing on a dry erase board because they know all the hard costs. It would be good if they would just be honest with themselves and the clients and explain what some of the soft costs are in terms of additional training or a more significant hardware footprint.

How was the initial setup?

It is pretty straightforward to get the agent installed. You install the agent and the server component, and you let the users do whatever they've been doing for the last 10 or 20 years of their life. You also create profiles. For example, I had a developer profile for both Windows and Linux, and I had a profile for a regular user, help desk, and engineering. After you create profiles, an administrator can look at their activities in the log and analyze things like the following:

  • Why did he install CCleaner on the machine?
  • Why did he install this application?
  • Why did he elevate a command prompt to do something? What is he doing?
  • Why does he need administrator command prompts?

You can then add things like this to your blacklist, and you can create a profile that will allow or disallow that.

    What other advice do I have?

    I would rate BeyondTrust Endpoint Privilege Management a nine out of ten. 

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    CA
    Information System Security Engineer at a non-profit with 1,001-5,000 employees
    Real User
    Integration with applications is easy, but key rotation needs notable improvement

    Pros and Cons

    • "The best feature is the integrity of the .NET applications in our company."
    • "The big problem with Azure Key Vault is key rotation. We haven't found a good way to synchronize the credentials between the databases and Key Vault."

    What is our primary use case?

    Our primary use case for Azure Key Vault is cloud applications that are being developed and deployed on Azure. In addition, we use it to store secrets that are used for on-premises applications.

    What is most valuable?

    The best feature is the integrity of the .NET applications in our company.

    What needs improvement?

    The big problem with Azure Key Vault is key rotation. We haven't found a good way to synchronize the credentials between the databases and Key Vault.

    For how long have I used the solution?

    We have been using Microsoft Azure Key Vault for about one and a half years.

    What do I think about the stability of the solution?

    Azure Key Vault is stable. We haven't had issues with it in terms of reliability.

    What do I think about the scalability of the solution?

    The scalability of Key Vault depends on how we develop applications. The technical part of integrating between the cloud and Key Vault is easy. It's more that the development of life cycle processes needs to be improved. That's one of the big problems. They have to improve it so that all projects and all servers achieve integration easily. But that's not so much an Azure Key Vault issue. It has more to do with the processes of our company.

    We don't look at the number of users but, rather, what are called service principals in Azure Key Vault. We have a lot of service principal applications.

    How are customer service and support?

    Our first step is always to try to find issues ourselves. If we can't handle an issue we escalate the request to a local Microsoft support provider. If they don't have the answer, they go directly to Microsoft.

    Which solution did I use previously and why did I switch?

    We have been using Azure Key Vault and Centrify. We have begun a migration to CyberArk because our provider told us about a technology change and offered to migrate us from Centrify to CyberArk. We are looking to understand what CyberArk's capabilities are in comparison with Azure Key Vault. We are trying to decide which option is the best one to go with. What we have learned is that each product has particular issues that make us think that we need to keep both. The issue we have is with the rotation of databases and servers. CyberArk accomplishes it better. That's why we are trying to integrate these two solutions.

    How was the initial setup?

    It's not complex to set up. It's easy to configure secrets.

    What can be a little difficult is establishing a good design and governance of the Key Vault repositories. Sometimes it's difficult to understand if we need one key vault or multiple key vaults. Do we need a key vault instance for an environment or do we need multiple key vaults for our databases or maybe multiple key vaults for the segregation of services according to on-premises and cloud? But creating a secret and integrating an application you're going to consume the secret with is easy.

    We have four operators responsible for Key Vault and CyberArk.

    What's my experience with pricing, setup cost, and licensing?

    Azure is cheaper than CyberArk. You can configure a lot of applications with it, but the key rotation issue is there. CyberArk has good key rotation. It integrates with a lot of technologies and a lot of different types of databases. CyberArk is good, but it's quite expensive. 

    Both Azure Key Vault and CyberArk are paid annually.

    What other advice do I have?

    I would rate Azure Key Vault a seven out of 10 because of the key rotation issues. They are a big problem. The integration of the application is easy, but key rotation is not easy. It needs a lot of improvement.

    From what I have seen from CyberArk in terms of services, key rotation, and its integration with technologies, it's quite good. The big problem is its pricing. I would rate CyberArk at 8.5 out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    JM
    Project Manager at a healthcare company with 10,001+ employees
    Real User
    Top 10
    Simple and 100% compliant with great features; saved us many hours of down time

    Pros and Cons

    • "100% compliant and you don't have to maintain ID management for each and every user."
    • "Hazard flow could be improved, the data compliance portion."

    What is our primary use case?

    Our company is involved in the health care sector and our primary use case of this solution is for compliance. Previously we used a system that included an Excel sheet but it would crash all the time because we have a large number of IT executives; tech related, application development and other administrators. We weren't able to receive the complete audit file that told us who was accessing and who was deleting what. It wasn't in compliance with data information security. For that reason we introduced the PAM solution and it's working extremely well. We're using it constantly on a daily basis. We are customers of ARCON and I'm a project manager. 

    What is most valuable?

    There are several valuable features in the solution. First, it's 100% compliant and you don't have to maintain ID management for each and every user. That's from the management perspective. From the technical aspect I would say that it completely meets our requirements. 

    What needs improvement?

    I think hazard flow could be improved, the data compliance part. We need to ensure that no data from any of our users is being accessed or compromised by any privileged user or a team member. There are some things on the database side which are missing and could be included. This is a web-based interface with multiple windows and you have to keep logging in. It should be that you can run any command in any window. It's really about the interface and navigating it.

    For how long have I used the solution?

    I've been using this solution for over a year. 

    What do I think about the stability of the solution?

    The solution is very stable. I've read that it has been recommended by most of the financial institutions worldwide and I bet most of the companies in India, where I am, are promoting it.

    What do I think about the scalability of the solution?

    This is absolutely scalable. We currently have 90 users out of 150 employees and we aim to increase that by the next quarter. It was delayed because of Covid. 

    How are customer service and technical support?

    We contacted technical support once or twice in the implementation stage because there was an issue with the database team. The problem got solved and we were happy with that. 

    Which solution did I use previously and why did I switch?

    We did a few POC, proof of concept. One was with Centrify and also with another solution. When our POC was done, it was clear that PAM was the best solution for us and I was happy with the result. We also heard from other companies that they were happy with this solution and word-of-mouth is also an important source. 

    How was the initial setup?

    The initial setup was really simple but the database portion was a little more complicated and some of the features we had expected were not initially there. They were able to sort it out. Deployment was done in-house and expected to take two months but ended up taking four to five months until we were happy with it. It's a beautiful solution and we're much happier.

    What's my experience with pricing, setup cost, and licensing?

    The pricing for this product is on the cheaper side. 

    What other advice do I have?

    This is a very good enterprise solution and I would say that all enterprise companies should be using products like this. We're satisfied with the features and availability of this product.

    I would rate this solution a 10 out of 10. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Get our free report covering CyberArk, Thycotic, HashiCorp, and other competitors of Centrify Privileged Access Service. Updated: October 2021.
    553,954 professionals have used our research since 2012.