What are the top 5 PAM solutions?

Hi Simone,

Following are the products which you can look for your requirement. I recommend to select any solutions depend on the your organization need. Is it needed on premise or on cloud. Do you need SAAS service or have in house deployment. On these conditions cost will differ. My personal opinion is 

CyberArk, 

Thycotic, 

Wallix

Beyondtrust

Microsoft Azure AD Premium

Thanks,

Kishan

When It comes to PAM, I would say Thycotic, CyberArk, BeyondTrust are the ones I normally include in RFPs.  However, where your environment is exclusively Azure cloud-based, I say that Microsoft's Azure AD Premium provides a pretty good PIM solution. These are different solutions to achieve the same goal of managing privileged access. 

I would first state that you are asking an unqualified question. The PAM tool that matches your organizations requirements, use cases, volume, and many other considerations, will need to be considered in this equation. I like the previous answer by Kishan as I like those products and see them employed successfully. The converse is also true if not carefully scoped and evaluated.

PAM tools can be costly and contain confounding arrays of security features and terminology synchronization will be key in ensuring you are getting what you actually are asking for. On top of the software cost implications you will have the Architectural, Implementation, and Administration costs nipping at your heels. Consider also that this is not a "PAM Project", but a long term Program and buy-off must start from the very top of your organization.

I have witnessed, and participated, in projects that started out with your question, and many went off the rails, unless important considerations are taken into account:

1. Define your requirements with granularity, including integration with your existing infrastructure such as: Authentication / Authorization / MFA, syslog, analytics, Disaster Recovery and High Availability just to name a few.

2.Determine your overall goals relating to Least Privilege, Standing Privilege, Just in time Privilege, and No standing privilege. Do you require Session Recording and Keystroke Logging, as they are not always bundled  into the initial price and sometimes not together, and may be individual features in your initial quotations and can unpleasantly surprise you.

3. Provision a comprehensive test environment to confirm the viability of the product choices within your infrastructure.

4. Select a vendor or integration partner to back-fill the expertise gaps in your organization as these skill-sets are very expensive and marketable.

I apologize for not answering your question directly, but I would consider looking into the Gartner resources, KuppingerCole and so on.

In a short direct answer I favor CyberArk, BeyondTrust, Thycotic, Centrify, and StealthBits, and these are definitely not in any preferential order.

Hi Simone,

When we started the PAM journey we POC'ed three vendors based on the use cases and the roadmap for your requirements.  Since the world is shifting to cloud infrastructure, i would recommend looking at these vendors.  

One Identity (Safe Guard), CyberArk, and Beyondtrust.  We decided to go with One Identity because it was the right fit for our use cases and requirements.  We have been using safe guard for several years and it did not disappoint so far! Rock Solid tool.