We performed a comparison between CyberArk Privileged Access Manager and Delinea Secret Server based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Delinea Secret Server has an edge over CyberArk in this comparison. According to reviews, Secret Server is easier to set up, more reasonably priced, and more user friendly.
"It is an extremely scalable solution."
"There are no issues with scalability. Our clients are very happy to use the product."
"The automatic rotation of credentials is probably the most useful feature."
"It is a robust product."
"It has helped from an auditing perspective identify who has access to privileged accounts."
"The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so."
"The automatic change of the password and Privileged Session Manager (PSM) are the most valuable features. With Privileged Session Manager, you can control the password management in a centralized way. You can activate these features in a session; the session isolation and recording. You apply the full intermediation principle. So, you must pass through CyberArk PAM to get access to the target system. You don't need to know the password, and everything that you do is registered and auditable. In this case, no one gets to touch the password directly. Also, you can implement detection and response behavior in case of a breach."
"The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used)."
"I like that you can change the password remotely."
"The "App to App" feature has been most impactful. It allows secure communication between applications without requiring direct user access, which is crucial for several applications."
"I really like the zero trust piece."
"The discovery engine is really robust and flexible. It had some session management features that are better compared to some other vendors. Overall the GUI is very good and straightforward to operate compared to other solutions. For example, CyberArk and Hitachi tend to be hard to navigate."
"Its most valuable feature is its main purpose - the password changing and the Heartbeat so the user has access to only their SVN and does not have access to any other. Thycotic's access privileged management tool allows you to grant access to users for a specific period of time and with specific attributes and privileges."
"I like that it is Windows-based. It is good that primarily, it is not an appliance. Some of the other applications in the space, such as a Quest Software CPAM or a Safeguard, are appliances, so you can't deploy the ends of them. With Thycotic, you can either install your Temporal Protection module physically in the VM host, or you can use BouncyCastle for high-security module capabilities."
"One valuable feature is that it will support a dedicated database. Delinea provides multiple features, like reporting and remote password changes."
"The solution is scalable."
"The product could be easier to use. More work needs to be done on this aspect; it is not good enough yet. It also takes up a lot of server space. Sometimes we need to use up to seven servers."
"I think having a distributed architecture would certainly help this solution."
"I would love them to improve their UI customizing features."
"It should be easier to install. It is a comprehensive product, which makes it difficult to install. You need to have their consulting services in order to get it all installed and set up correctly because there is so much going on. It would be nice if there were an easier way to do the installation without professional services. I suspect they get a fair amount of their money from professional services. So, there is not a huge incentive."
"The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots."
"I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs.""
"PAM could be more user-friendly and CyberArk could update the documentation to include more real-world examples. You have to learn it yourself through trial and error. In particular, the online documentation should have more information about troubleshooting."
"The continuous scanning of the assets is limited to Windows and Unix. We like to have the solution scan any databases, network devices, and security devices for privileged accounts. That would be very helpful."
"One of the things that we want is to be able to do some of the management of it using APIs."
"They could improve the container platform and SPO."
"I think that the main interface should integrate better with non-standard applications and clients, to connect with other systems."
"I would like to see improvement with the integration with Azure Active Directory. This would mean that we can have support on multiple platforms such as Windows, Linux, and Mac."
"In many PAM tools, when users request a password checkout, they need to provide justification. However, in my experience across four organizations, nobody actually reads the justifications. Users can simply type anything and get the password. This becomes a risk and compliance issue. There needs to be continuous improvement in this area, focusing on problem identification and mitigation strategies."
"We find the documentation hard to understand."
"As I am partial to CyberArk, I rate Thycotic Password Reset Server as a nine out of ten, owing to the minor glitches I mentioned."
"In terms of what could be improved, the whole thing with distributed engines, et cetera, is a little bit tricky."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews while Delinea Secret Server is ranked 2nd in Privileged Access Management (PAM) with 47 reviews. CyberArk Privileged Access Manager is rated 8.8, while Delinea Secret Server is rated 8.2. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Delinea Secret Server writes "Effective for password rotation policies triggered by audit requirements, it helps maintain compliance standards and seamless integration with third-party tools ". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, WALLIX Bastion, One Identity Safeguard and Zscaler Internet Access, whereas Delinea Secret Server is most compared with Azure Key Vault, HashiCorp Vault, IBM Security Secret Server, ManageEngine PAM360 and BeyondTrust Endpoint Privilege Management. See our CyberArk Privileged Access Manager vs. Delinea Secret Server report.
See our list of best Privileged Access Management (PAM) vendors.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hello Avinash, it all depends on the timeline and urgency of the project. If you need to deploy a PAM tool that focuses on standing privileges, stopping lateral movement, and incorporating Zero Standing Privileges as part of Zero Trust, then please consider looking at Remediant. I've worked for BeyondTrust and have gone up against the other big players such as Delinea, Centrify, CyberArk, and HashiCorp. They more or less all offer similar solutions, but looking at your current requirements, Remediant really excels in delivering a simple, yet very effective tool in a matter of days and weeks, not months and years.