Try our new research platform with insights from 80,000+ expert users

CyberArk Privileged Access Manager vs Delinea Secret Server comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 13, 2024
 

Categories and Ranking

CyberArk Privileged Access ...
Ranking in Enterprise Password Managers
2nd
Ranking in Privileged Access Management (PAM)
1st
Average Rating
8.6
Number of Reviews
193
Ranking in other categories
User Activity Monitoring (1st), Mainframe Security (3rd), Operational Technology (OT) Security (3rd)
Delinea Secret Server
Ranking in Enterprise Password Managers
5th
Ranking in Privileged Access Management (PAM)
2nd
Average Rating
8.0
Number of Reviews
51
Ranking in other categories
No ranking in other categories
 

Q&A Highlights

AG
Aug 14, 2023
 

Featured Reviews

SatishIyer - PeerSpot reviewer
Jun 21, 2022
Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK
When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time. PTA is essentially the monitoring interface of the broker (e.g. Privileged Access Management, the Vault, CPM, PSM, etc.), and it's where you can capture your broker bypass and perform related actions. For this reason, we thought that this kind of mapping would be required, but CyberArk informed us that they did not have the capability we had in mind with regard to MITRE ATT&CK. I am not sure what the situation is now, but it would definitely help to have that kind of alignment with one of the more well-known frameworks like MITRE. For CyberArk as a vendor, it would also help them to clearly spell out in which areas they have full functionality and in which ares they have partial or none. Of course, it also greatly benefits the customers when they're evaluating the product.
Avinash Gopu. - PeerSpot reviewer
Feb 1, 2024
Effective for password rotation policies triggered by audit requirements, it helps maintain compliance standards and seamless integration with third-party tools
The "App to App" feature has been most impactful. It allows secure communication between applications without requiring direct user access, which is crucial for several applications. Additionally, working in the finance department, we are heavily focused on enhancing audit reporting and compliance. So, the GRC (Governance, Risk & Compliance) capabilities of Delinea Secret Server have also been crucial for us. We implemented a custom reporting system that can automatically send reports to auditors daily, weekly, or according to your organization's needs. We also upgraded the audit role within Secret Server, allowing auditors to access and analyze the reports directly. Additionally, Secret Server provides comprehensive logging capabilities. Auditors can see what data users access, their access levels, and their activities, including check-in and check-out times. Furthermore, Secret Server helped us manage privileged, elevated access, which we call "K2K." As the lead for this project, I could identify users with the highest access levels and implement specific policies to monitor their activity on servers.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It takes people out of the machine work of ensuring credentials remain up-to-date, and handles connection brokering such that human usage and credential management remain independent."
"We have demoted a lot of domain admins and taken a lot of that away from people, giving it a shared account structure."
"I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors."
"The most valuable aspects of the solution include password management and Rest API retrieval of vaulted credentials."
"All access to our servers by both staff and vendors is monitored and recorded."
"The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis."
"It's a highly flexible solution that can adapt to each customer's needs."
"The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself."
"Number one is the password vault; it's very good. Number two, they have a feature for remote desktops that are created on a per session basis, which is very good for security."
"One of the features I find most valuable is workflow, which allows you to configure the solution to have multiple approvals."
"It is able to manage storage and use of personal passwords."
"Its most valuable feature is its main purpose - the password changing and the Heartbeat so the user has access to only their SVN and does not have access to any other. Thycotic's access privileged management tool allows you to grant access to users for a specific period of time and with specific attributes and privileges."
"The privileged access management, which is the Safe Access Model is the most valuable feature."
"The "App to App" feature has been most impactful. It allows secure communication between applications without requiring direct user access, which is crucial for several applications."
"The most valuable feature is session monitoring."
"I like that it is Windows-based. It is good that primarily, it is not an appliance. Some of the other applications in the space, such as a Quest Software CPAM or a Safeguard, are appliances, so you can't deploy the ends of them. With Thycotic, you can either install your Temporal Protection module physically in the VM host, or you can use BouncyCastle for high-security module capabilities."
 

Cons

"The solution is too big and complex for any businesses that are small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses."
"Enhanced PSM support for Java based applications."
"Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together."
"The price is high compared to Azure Key Vault. It's the most expensive solution."
"It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill."
"As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel."
"The major pain point that we have is the capacity of CyberArk due to the sheer volume of NPAs that we are managing. We are a large organization and we have hundreds of thousands of non-personal accounts to manage. We have already found out that there are certain capacity limitations within CyberArk that might introduce performance issues. From my perspective, something that would be valuable would be if the vault could hold more passwords and be more scalable."
"I would prefer that this is a fully-managed service, rather than have to manage the software ourselves and keep it up to date."
"There could be tweaks here and there. For example, instead of going to one main function to do this and another main function to do that, the solution could remap the user interface so that a person only has to go through one function. The way that function branches off should make a bit more sense."
"It is expensive compared to other solutions in this category and for what it does."
"I formerly used only one service: the remote server. For example, I connected to the Active Directory user and the computer's console. But now, I need to do a remote connection to the domain controller. Maybe it only connects to that tool, the Active Directory users, and the computer management console, but not to the domain controller. Another thing Delinea could add is multi-factor authentication."
"In many PAM tools, when users request a password checkout, they need to provide justification. However, in my experience across four organizations, nobody actually reads the justifications. Users can simply type anything and get the password. This becomes a risk and compliance issue. There needs to be continuous improvement in this area, focusing on problem identification and mitigation strategies."
"The challenge for me with Delinea is that I may not be able to pitch it to an account with a low budget for PAM."
"Although the password policy was interesting, the default setting was inadequate."
"An area for improvement in Delinea Secret Server is its integration with ICAP servers."
"The technical support needs improvement. For example, if you have any problems on the server configuring the IIS, they would provide you very limited details and they would tell you the problem is on your end."
 

Pricing and Cost Advice

"This product is very expensive."
"No, I do not have any advice on the price of the product."
"Overall, its pricing is really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules of the basic PAM, except the add-on modules like adware and server protection. It also doesn't include the licenses for domain controller protection or maybe an API call-related feature. For the basic privileged access management, the bundle pricing is really good, but when it comes to an agent-based solution for advanced cyber protection or application identity managers, it is expensive. Services are also very expensive if you hire the services team from CyberArk, but these guys are really good. For a couple of large banking projects, we had an experience with them. The banks wanted to have things quickly and efficiently, so we had to hire them. If we take four weeks, these guys can do everything on a weekend. They charge quite a big sum of money, but they know the system well."
"CyberArk is very expensive and there are additional fees for add-ons."
"This solution is considered to be more expensive than others out there on the market today."
"I haven't seen the numbers. I know it is not cheap, but I don't know what it is. I would rate it a six out of ten in terms of pricing. It is definitely more expensive than the other product, but it also provides more functionality, and it is modular too. So, we pay for the functionality we're actually going to use, and that's nice."
"CyberArk Enterprise Password Vault is a very expensive product."
"Licensing fees are paid on a yearly basis."
"They are priced quite well."
"It isn't terribly expensive."
"Secret Server is expensive when compared to the cost to some alternatives."
"Its price is okay. We don't compete on pricing. We seldom use price to win over our competitors. We prefer it this way because if we can sustain the price, we make more margin as well. We don't want the price to go down to the bottom where despite the win, there's no margin at all."
"There is an annual license needed to use Delinea Secret Server."
"I would give the price a four on a scale from one to ten, with one being the cheapest and ten being the most expensive. We pay for the license on a yearly basis, and we paid for three years. It costs around 5000 a year."
"When comparing the price of Thycotic Secret Server with other solutions it is reasonable."
"It would be beneficial if it were reduced."
report
Use our free recommendation engine to learn which Enterprise Password Managers solutions are best for your needs.
812,628 professionals have used our research since 2012.
 

Answers from the Community

AG
Aug 14, 2023
Aug 14, 2023
Based on your extensive list of requirements, CyberArk Privileged Access Manager appears to align well with your needs due to its comprehensive feature set, strong security controls, integration capabilities, and advanced analytics for privileged access. However, it's important to conduct in-depth evaluations, demos, and discussions with each vendor to ensure that the chosen tool meets all your...
See 2 answers
Nurlan Temirbulatov - PeerSpot reviewer
Dec 7, 2022
Hello Avinash, it all depends on the timeline and urgency of the project. If you need to deploy a PAM tool that focuses on standing privileges, stopping lateral movement, and incorporating Zero Standing Privileges as part of Zero Trust, then please consider looking at Remediant. I've worked for BeyondTrust and have gone up against the other big players such as Delinea, Centrify, CyberArk, and HashiCorp. They more or less all offer similar solutions, but looking at your current requirements, Remediant really excels in delivering a simple, yet very effective tool in a matter of days and weeks, not months and years. 
DN
Aug 14, 2023
Based on your extensive list of requirements, CyberArk Privileged Access Manager appears to align well with your needs due to its comprehensive feature set, strong security controls, integration capabilities, and advanced analytics for privileged access. However, it's important to conduct in-depth evaluations, demos, and discussions with each vendor to ensure that the chosen tool meets all your specific needs and integrates seamlessly into your existing infrastructure. However, I recommend visiting the official website of Broadcom (the company that acquired Symantec's enterprise security business) or contacting their sales representatives to get the most up-to-date information about their PAM solutions, including any rebranding or changes that may have occurred. When evaluating any PAM solution, it's essential to consider factors such as security, integration capabilities, ease of use, vendor support, scalability, and alignment with your organization's specific needs and compliance requirements. It's also a good practice to request demonstrations, proofs of concept, and references from vendors to ensure that the solution meets your expectations. Remember to involve key stakeholders, such as IT, security, compliance, and management teams, in the decision-making process to ensure alignment with organizational goals and requirements.
 

Top Industries

By visitors reading reviews
Educational Organization
29%
Financial Services Firm
13%
Computer Software Company
12%
Manufacturing Company
6%
Educational Organization
36%
Computer Software Company
12%
Financial Services Firm
7%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Sailpoint IdentityIQ compare with CyberArk PAM?
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...
What do you like most about CyberArk Privileged Access Manager?
The most valuable features of the solution are control and analytics.
What is your experience regarding pricing and costs for CyberArk Privileged Access Manager?
CyberArk Privileged Access Manager comes at a high cost. But the solution is worth its price.
Looking for recommendations and a pros/cons template for software to detect insider threats
This is an inside-out --- outside-in --- inside-in question, as an insider can be an outsider as well. There is no short answer other than a blend of a PAM tool with Behavioral Analytics and Endpo...
What do you like most about Delinea Secret Server?
The privileged access management module is the most reliable feature.
What is your experience regarding pricing and costs for Delinea Secret Server?
If you're requesting licenses or pricing, then you have to fill out a questionnaire that they try to gain insight into what your environment is like, what you're trying to discover, and what you're...
 

Also Known As

CyberArk Privileged Access Security, CyberArk Enterprise Password Vault
Thycotic Secret Server, Delinea Password Reset Server
 

Learn More

 

Overview

 

Sample Customers

Rockwell Automation
Secure-24, University of San Diego, International Rescue Committee, San Francisco Ballet, Perkins Coie, University of San Diego, D.S.S. Limited, Turbo's Hoet, Eclipse Computing, Cathay Bank, Stellarise, J&R Consulting
Find out what your peers are saying about CyberArk Privileged Access Manager vs. Delinea Secret Server and other solutions. Updated: September 2024.
812,628 professionals have used our research since 2012.