We performed a comparison between CyberArk Privileged Access Manager and Delinea Secret Server based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Delinea Secret Server has an edge over CyberArk in this comparison. According to reviews, Secret Server is easier to set up, more reasonably priced, and more user friendly.
"The regulation of accounts is by far the most needed and valuable part of the application."
"It supports lots of requirements in the privileged access management area."
"It is very simple to use."
"It allows users to self-provision access to the accounts that they need."
"We found the initial setup to be easy."
"It's secure and reliable. I especially appreciate that it's locked down and only allows access to authorized components."
"It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization."
"It is an extremely scalable solution."
"I have found the password management and the secret management features to be the most valuable. Our customers find its ease of integration and the use of power shells really attractive."
"Its most valuable feature is its main purpose - the password changing and the Heartbeat so the user has access to only their SVN and does not have access to any other. Thycotic's access privileged management tool allows you to grant access to users for a specific period of time and with specific attributes and privileges."
"There has been no downtime this year."
"The user interface is quite good. It's very straightforward."
"The product provides a native user experience without requiring users to install additional software or agents."
"I find it really easy and computer confident, and the experience with the product is really good. Additionally, customizations are easy."
"The most valuable feature of this solution is that it provides us with a secure way of managing passwords."
"The solution is scalable."
"The current user interface is a little dated. However, I hear there are changes coming in the next version."
"I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs.""
"We had an issue with the Copy feature... Apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it."
"The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials."
"They are sometimes not flexible with things. For instance, from one day to another, there might be something that had been done years ago by CyberArk, then they say, "We do not support that." You then have to initiate a complaint and start working with them. Things might become complicated and months pass while you are working with them. Usually, they are good and fast, but sometimes they seem to be blocked with problems, e.g., you will suddenly be working with another team instead of the team that you were working with the day before."
"I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine."
"The tool’s pricing and scalability can be better."
"When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time."
"Delinea Secret Server can improve by extending the monitoring policies and making the performance better."
"The initial setup and deployment can be cumbersome."
"Documentation could be improved if they were to include more about connectors. There is not enough documentation."
"It is expensive compared to other solutions in this category and for what it does."
"We faced some upgrade issues, especially during the management and administration parts. I found it less straightforward than on many other platforms, even outside password managers."
"There are some things that I know are really important to include like A/B version features which are available in Windows. I would say that they should be included in the road map."
"When working with larger enterprises Thycotic Secret Server becomes a little cumbersome to work with because they do not allow as much flexibility as some of the other competitors, such as CyberArk. Thycotic Secret Server could improve by being more flexible when it comes to customization, and increase the number of API integrations."
"Although the password policy was interesting, the default setting was inadequate."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews while Delinea Secret Server is ranked 2nd in Privileged Access Management (PAM) with 47 reviews. CyberArk Privileged Access Manager is rated 8.8, while Delinea Secret Server is rated 8.2. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Delinea Secret Server writes "Effective for password rotation policies triggered by audit requirements, it helps maintain compliance standards and seamless integration with third-party tools ". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, WALLIX Bastion, One Identity Safeguard and Zscaler Internet Access, whereas Delinea Secret Server is most compared with Azure Key Vault, HashiCorp Vault, IBM Security Secret Server, CyberArk Enterprise Password Vault and BeyondTrust Endpoint Privilege Management. See our CyberArk Privileged Access Manager vs. Delinea Secret Server report.
See our list of best Privileged Access Management (PAM) vendors.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hello Avinash, it all depends on the timeline and urgency of the project. If you need to deploy a PAM tool that focuses on standing privileges, stopping lateral movement, and incorporating Zero Standing Privileges as part of Zero Trust, then please consider looking at Remediant. I've worked for BeyondTrust and have gone up against the other big players such as Delinea, Centrify, CyberArk, and HashiCorp. They more or less all offer similar solutions, but looking at your current requirements, Remediant really excels in delivering a simple, yet very effective tool in a matter of days and weeks, not months and years.