BeyondTrust Endpoint Privilege Management vs CyberArk Privileged Access Manager comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between BeyondTrust Endpoint Privilege Management and CyberArk Privileged Access Manager based on real PeerSpot user reviews.

Find out in this report how the two Privileged Access Management (PAM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed BeyondTrust Endpoint Privilege Management vs. CyberArk Privileged Access Manager Report (Updated: November 2022).
655,994 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Logs that get collected on the Privilege Management console from the agents are very good. They help us to identify the aspects from which we have to whitelist an application.""It has some features that other products don't have yet, differentiation that sets it apart in the marketplace... Those features are a centralized dashboard and the ability to issue and revoke entitlements within minutes. That makes a difference.""It is straightforward. It is a good technology, and it is made to do one single thing.""Technical support is good.""What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy.""The privileged access and the application control are helpful in making sure we have good, robust challenge responses. Blacklisting with trusted application protection is also beneficial for us.""It's relatively straightforward to set up, especially if you are deploying to the cloud."

More BeyondTrust Endpoint Privilege Management Pros →

"CyberArk Privileged Access Manager's main benefit is it provides secure access to our servers. There are features to capture the user activity, it provides video recording processing. If the users are logged in to the server, we can see what activities they are performing. It's a very nice tool for Privileged Access Management. They have plenty of useful services and the solution has fulfilled our needs.""The technical support is good.""It supports lots of requirements in the privileged access management area.""The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task.""It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization.""What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users.""The technical support for this solution is very good. If I was to rate it on a scale of one to five, I would give it a five.""It has a centralized page where you can manage everything. This makes work easier. You don't have to remember different module URLs or browser applications. It is very easy to get all the secure identities of other environments into a single page, which is very important for us as it helps a lot in terms of operations, e.g., reduces management time. This is a single page where you can manage all accounts and onboard them to the CyberArk. You can then secure and see passwords from everywhere. So, there is a single pane of glass where you can manage all the identities across environments as well as across different types of identities."

More CyberArk Privileged Access Manager Pros →

Cons
"Reporting analytics is one of the areas that can be improved. It is a new cloud-based solution. So, many more specific reports can come out natively. Currently, we get all the events, and we put them in plug-ins. From there, we generate our own design of reports. If there is a much more solid or robust reporting analytics framework within the product itself, it would be helpful.""There is room for improvement in having the solution align more with standards. We're always shoehorning the product into the standards. It's not that it doesn't work for standards, it does. But Quick Start Policies are pretty close to what we need. The vendor needs to keep looking at GDPR, 27001, and 27701. That's why our clients buy the product.""If you don't get the implementation right at the outset, you will struggle with the product.""What's bothering me, which is true of all of them, is that sometimes, the error codes that come up don't necessarily get reflected in the searches within their support sites or they're out of date. I would rather search by an error code than type in the text and search for it by text because the error code means that it is programmatic, and it is known. It might not be desired, but it at least is not unexpected. If you don't have an error code, you just get an anomalous error, and if it is lengthy, it can be difficult to search and find the specific instance you're looking for. This is something I would like all of them to improve. BeyondTrust, CyberArk, Centrify, and Thycotic could do some improvements in staying up to date and actually allowing you to search based on the product version. They are assuming that everybody is on their way to release. They put out a new release, but it is not reflected on the support site, which makes no sense to me, especially when they revamp all the error codes. They all have been guilty of this in some way.""They need to come up with better integrative options which should be customer-centric.""They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment.""It keeps on breaking every now and then. It is not yet mature. Every time something new comes up or we run into some new issues, the culprit is BeyondTrust because the agents and the adapter are not mature. The new development process goes on, and they're not able to handle things. It should be mature. It shouldn't break every now and then."

More BeyondTrust Endpoint Privilege Management Cons →

"Some aspects of the administration need improvement, though they have recently made improvements to the API. However, the management with the interface and configuration are not so user-friendly. It has not changed much during all the years that CyberArk has been on the market. The management part, like platform management as well as PSM connectors definition and management, could be improved, even if it has already been done with the API.""If you are an administrator or architect, then the solution is kind of complicated, as it is mostly focused on the end user. So, they need to also focus on the people who are implementing it.""We found a lot of errors during the initial setup. They should work to improve the implementation experience and to remove errors from the process.""It is very complex and difficult to set up the solution.""The support services could act faster when people reach out to resolve issues.""The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments.""The turnaround time for technical support is lengthy.""Report creation could be improved. The policies could be more customized."

More CyberArk Privileged Access Manager Cons →

Pricing and Cost Advice
  • "Price-wise, it is very competitive. In our area, government entities and banks don't go for the monthly payment. It is a headache even for us in terms of finance and procurement to go for monthly payments. Quarterly might be more logical and reasonable, but the minimum that we go for is one year, and sometimes, we even try to compile and give one offering for three years."
  • "Its pricing and licensing are okay. We were in the perpetual model when it was on-prem, and now, with the SaaS service, we have a subscription model. As a customer, I would always like to see a lower price, but it seems to be priced at the right model currently, and we are trying to get the maximum benefits out of it."
  • More BeyondTrust Endpoint Privilege Management Pricing and Cost Advice →

  • "I believe that this solution is priced well. It's the market leader and I think that it's the best solution."
  • "Overall, its pricing is really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules of the basic PAM, except the add-on modules like adware and server protection. It also doesn't include the licenses for domain controller protection or maybe an API call-related feature. For the basic privileged access management, the bundle pricing is really good, but when it comes to an agent-based solution for advanced cyber protection or application identity managers, it is expensive. Services are also very expensive if you hire the services team from CyberArk, but these guys are really good. For a couple of large banking projects, we had an experience with them. The banks wanted to have things quickly and efficiently, so we had to hire them. If we take four weeks, these guys can do everything on a weekend. They charge quite a big sum of money, but they know the system well."
  • "The price of this solution is quite reasonable."
  • "The solution is very expensive and requires a license. We pay for an enterprise license."
  • "Pricing is quite high and it could be improved."
  • "They have two types of licensing: purchase and subscription. You have to pay for each admin user, such as Microsoft admin, mail admin, database admin, etc."
  • "The price of CyberArk support could be a little bit less. Otherwise, pricing is fine."
  • "Before we bought it, they were licensing each function individually, which got complicated and very expensive. When we decided to buy it, it was much more straightforward and still quite expensive, but it brings a lot of value and risk reduction to the organization."
  • More CyberArk Privileged Access Manager Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Privileged Access Management (PAM) solutions are best for your needs.
    655,994 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:This is an inside-out --- outside-in --- inside-in question, as an insider can be an outsider as well. There is no short answer other than a blend of a PAM tool with Behavioral Analytics and Endpoint… more »
    Top Answer:It has some features that other products don't have yet, differentiation that sets it apart in the marketplace... Those features are a centralized dashboard and the ability to issue and revoke… more »
    Top Answer:The licensing is paid on a yearly basis. I can't speak, however, to the actual cost of the solution.
    Top Answer:We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the… more »
    Top Answer:Return on investment on over all product solution cost. especially hardware cost. when the licence increase due to jumpbox concept Hardware requirement also increase. secondly customisation duration… more »
    Ranking
    Views
    7,359
    Comparisons
    4,606
    Reviews
    6
    Average Words per Review
    1,112
    Rating
    8.5
    Views
    30,825
    Comparisons
    19,623
    Reviews
    31
    Average Words per Review
    910
    Rating
    8.3
    Comparisons
    Also Known As
    BeyondTrust PowerBroker, PowerBroker, BeyondTrust Endpoint Privilege Management for Windows, BeyondTrust Endpoint Privilege Management for Mac, BeyondTrust Endpoint Privilege Management for Linux, BeyondTrust Endpoint Privilege Management for Unix
    CyberArk Privileged Access Security
    Learn More
    CyberArk
    Video Not Available
    Overview

    BeyondTrust Endpoint Privilege Management enables organizations to mitigate attacks by removing excess privileges on Windows, Mac, Unix/Linux and networked devices. Remove excessive end user privileges and control applications on Windows, Mac, Unix, Linux, and networked devices without hindering end-user productivity.

    Key Solutions Include:

    -ENTERPRISE PASSWORD SECURITY

    Discover, manage and monitor all privileged accounts and SSH keys, secure privileged assets, and report on all privileged account activity in a single solution.

    -ENDPOINT LEAST PRIVILEGE

    Enforce least privilege across all Windows and Mac endpoints, gain visibility into target system vulnerabilities, and control access to privileged applications without disrupting user productivity or compromising security.

    -SERVER PRIVILEGE MANAGEMENT

    Gain control and visibility over Unix, Linux and Windows server user activity without sharing the root or administrator account.

    -A SINGLE PLATFORM FOR MANAGEMENT, POLICY, REPORTING AND THREAT ANALYTICS

    Utilize a single solution to manage PAM policies and deployment, understand vulnerability and threat analytics, and provide reporting to multiple stakeholders and complementary security systems.

    Learn more at https://www.beyondtrust.com/privilege-management

    CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

    CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

    Benefits of CyberArk Privileged Access Manager

    Some of CyberArk Privileged Access Manager’s benefits include:

    • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
    • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
    • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

    Reviews from Real Users

    CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

    PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

    Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

    Offer
    Learn more about BeyondTrust Endpoint Privilege Management
    Learn more about CyberArk Privileged Access Manager
    Sample Customers
    Aera Energy LLC, Care New England, James Madison University
    Rockwell Automation
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company18%
    Comms Service Provider10%
    Financial Services Firm9%
    Government7%
    REVIEWERS
    Financial Services Firm26%
    Insurance Company15%
    Healthcare Company9%
    Computer Software Company8%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm14%
    Comms Service Provider11%
    Government7%
    Company Size
    REVIEWERS
    Small Business55%
    Midsize Enterprise5%
    Large Enterprise40%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise13%
    Large Enterprise64%
    REVIEWERS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise67%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise14%
    Large Enterprise68%
    Buyer's Guide
    BeyondTrust Endpoint Privilege Management vs. CyberArk Privileged Access Manager
    November 2022
    Find out what your peers are saying about BeyondTrust Endpoint Privilege Management vs. CyberArk Privileged Access Manager and other solutions. Updated: November 2022.
    655,994 professionals have used our research since 2012.

    BeyondTrust Endpoint Privilege Management is ranked 6th in Privileged Access Management (PAM) with 7 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 38 reviews. BeyondTrust Endpoint Privilege Management is rated 8.6, while CyberArk Privileged Access Manager is rated 8.2. The top reviewer of BeyondTrust Endpoint Privilege Management writes "A simple and flexible solution for controlling the access and improving the security posture". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". BeyondTrust Endpoint Privilege Management is most compared with CyberArk Endpoint Privilege Manager, Delinea Secret Server, Cisco ISE (Identity Services Engine), Fortinet FortiAuthenticator and SailPoint IdentityIQ, whereas CyberArk Privileged Access Manager is most compared with Azure Active Directory (Azure AD), Cisco ISE (Identity Services Engine), WALLIX Bastion, Delinea Secret Server and Saviynt. See our BeyondTrust Endpoint Privilege Management vs. CyberArk Privileged Access Manager report.

    See our list of best Privileged Access Management (PAM) vendors.

    We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.