Try our new research platform with insights from 80,000+ expert users

CyberArk Privileged Access Manager vs Netgate pfSense comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.0
CyberArk Privileged Access Manager enhances security, saves costs, and automates processes for improved control over privileged accounts.
Sentiment score
7.4
Netgate pfSense offers affordable, reliable network security on old hardware, saving costs compared to brands like Cisco and Juniper.
The return on investment lies in improved security infrastructure, addressing over-privileged access, and reducing the risk of credential compromise, which is a major source of data breaches.
The end users have the authority to reconcile the password or verify it before using session isolation, which is one of the unique features that can be enabled through Privileged Session Manager, preventing any attacks from happening within the organization when connected with sessions through CyberArk Privileged Access Manager.
During our quantitative analysis, we estimated potential savings of one to ten million dollars a year by using a PAM solution.
If they can save their data from attackers then it would save them at least two days of not working plus the cost of recovery, which would be much more than the cost of the system and maintenance.
Since the memory leak fixes, it's been incredibly stable and requires minimal maintenance.
In four years of using it, that payment of 189 dollars per year has already paid off.
 

Customer Service

Sentiment score
6.5
CyberArk's support is improving, with overall quality appreciated but needing faster response times and better initial case handling.
Sentiment score
8.0
Netgate pfSense support is generally responsive and helpful, bolstered by a strong community and comprehensive documentation.
CyberArk has been exceptional in coming back to us with immediate responses.
It could be forever until you talk to someone who knows what they are doing.
They are helpful, but complex issues can take a long time to resolve, which can delay solutions for urgent customer issues.
When I provide detailed information about the problem, they've been able to reply quickly with a solution or go research the problem and get back to us quickly with a fix.
They are highly responsive.
I couldn't imagine having better support.
 

Scalability Issues

Sentiment score
7.7
CyberArk Privileged Access Manager is praised for its scalability, though some users face licensing and initial planning difficulties.
Sentiment score
7.0
Netgate pfSense is praised for scalability and flexibility, suitable for various environments, but may face challenges with high traffic.
The CPM can reportedly handle up to 50,000 accounts independently without issue.
I would rate it a ten out of ten for scalability.
They had 40,000 passwords in this one safe, and it was saving the last ten iterations of each password object. That means they had 400,000 password objects in this safe. They exceeded the limit.
If I put things into a certain context and say that we have a network that has around 100 people, then you don't put up a device that can manage 100 people. Instead, you need to get a device that can manage 150 to 200 people, and then you can create room for growth.
I don't think Netgate pfSense can offer much scalability for big enterprises.
Even with a jump from a 50 megabit to a 500 megabit internet connection and approximately 65 active VPN clients, our firewall operates smoothly without any strain.
 

Stability Issues

Sentiment score
7.8
CyberArk Privileged Access Manager is praised for stability and reliability, with most issues arising from configuration or user errors.
Sentiment score
6.8
Netgate pfSense is praised for reliability, with few stability issues linked to hardware, configuration, or external factors.
Proper fine-tuning and expertise ensure the product performs well.
Overall, the stability of the solution is high.
It has a large customer base and positive feedback within my network.
I rate the solution's stability a ten out of ten.
I've noticed a substantial improvement in stability and ease of use for upgrades and patching over the past year or two.
When I replace consumer routers with pfSense for small businesses with two or three employees, they are often amazed to discover the router can run for a year without a reboot.
 

Room For Improvement

CyberArk Privileged Access Manager requires UI improvements, expanded features, better integration, and accessible pricing for enhanced user experience.
Netgate pfSense needs enhanced usability, improved integration, better VPN features, simpler licensing, and improved monitoring for better performance.
They want everything to be on the cloud, but even in the SaaS version of CyberArk Privileged Access Manager, they need to deploy some servers on-premises.
We cannot generate a plug-in for web-based applications.
If they want clients to move to the cloud, they need to support them in real-time.
There is some trade-off between having a certain level of security and maintaining acceptable performance.
If I need to go between different VLANs, I have VLAN 19.1 and VLAN 19.2, and I strictly use Netgate pfSense, but it doesn't route very efficiently and works quite slowly.
They should support the idea of configuration management as code from source code and provide a more robust API for managing the pfSense configuration.
 

Setup Cost

Enterprise buyers find CyberArk costly but justify it with its top-notch capabilities and comprehensive security features.
Enterprise users choose Netgate pfSense for its cost-effectiveness due to its open-source nature and flexible hardware and support costs.
CyberArk is expensive compared to other products I know.
CyberArk is comparatively expensive compared to other PAM solutions, such as Delinea, especially during renewal.
CyberArk's SaaS solution is particularly expensive.
The price of setup is approximately €500 to €800, which also includes the initial monitoring.
You can acquire a decent embedded PC for around a hundred dollars and install pfSense on it, effectively creating a robust firewall solution.
The product is free of cost.
 

Valuable Features

CyberArk Privileged Access Manager excels in security with credential management, AI-enhanced threat detection, and extensive integration capabilities.
Netgate pfSense offers performance, cost-effectiveness, scalability, strong community support, and robust firewall capabilities ideal for diverse organizations.
CyberArk Privileged Access Manager helps ensure data privacy because we now know who is using which credentials and at what time.
It keeps a record of activities, allowing me to easily fetch screen recordings to detect any misuse and see who did what and what happened.
It can integrate with Splunk, SNMP, and other solutions and technologies.
With pfSense, network configurations adhere to standard practices, facilitating troubleshooting without the need for complex overlays or policies.
The price point is the most valuable aspect of the solution.
I like the tool's flexibility in the sense that you do not have to buy an appliance. You can put it on your own hardware, and it can be very simplistic hardware with simple configurations.
 

Categories and Ranking

CyberArk Privileged Access ...
Average Rating
8.6
Reviews Sentiment
6.9
Number of Reviews
221
Ranking in other categories
User Activity Monitoring (1st), Enterprise Password Managers (2nd), Privileged Access Management (PAM) (1st), Mainframe Security (2nd), Operational Technology (OT) Security (3rd)
Netgate pfSense
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
217
Ranking in other categories
Firewalls (1st)
 

Mindshare comparison

While both are Network Security Systems solutions, they serve different purposes. CyberArk Privileged Access Manager is designed for Privileged Access Management (PAM) and holds a mindshare of 18.3%, down 22.8% compared to last year.
Netgate pfSense, on the other hand, focuses on Firewalls, holds 13.3% mindshare, down 22.0% since last year.
Privileged Access Management (PAM)
Firewalls
 

Featured Reviews

Lasantha Wijesinghe - PeerSpot reviewer
We have visibility and control through real-time user behavior analytics
It took us some time to realize its benefits because there was a learning curve for us. It took us about a year to get our heads around this product and start effectively using it. It is a journey. It takes at least five years for any company to make this product very useful and reach maturity. It is not only the product's fault. The company needs to have a vision, and the company culture needs to go with it. Senior leadership needs to support the vision. You need to have lots of ingredients for success. If everything is in place, you will see success after one year. In the first year, it is a struggle for everybody. My company was bought by a bigger company, and they were very new to privileged access management. Everybody was struggling. The advice I would give is to have a good vision for privileged access management. You need dedicated teams, senior management support, and proper company policies and standards before implementing the solution. Start building knowledge slowly and avoid jumping into the deep end without preparation. I would rate CyberArk Privileged Access Manager a nine out of ten.
Vincent Hamm - PeerSpot reviewer
I appreciate the depth of what the solution can do and the simplicity of the initial setup
We do a lot of managed services and are currently trying to get people off of L2TP VPN. Apparently, we can download a mobile config file from a configured NetGate device, and we're primarily Apple. We've experimented with it on a device that's not a production device, and we can't seem to get the phase one IPSec set correctly so that the Apple config will accept it. We've tried looking at the documentation but haven't found anything. While it's not the highest priority, it is rather frustrating. We'd like to do this, and the feature is right there, but we can't get it configured. We certainly don't want to try it on a production machine because it will break the current VPN. I would like to download the Apple mobile config so that I can tell it to configure my VPN connection to do that. We have some cross-platform things. So there's also a Windows VPN. You can download a script or a PowerShell, put it on a Windows machine, and it can connect to the VPN. It would be nice if I could say I want Mac only, Windows only, or both. I wish it could configure the IPSec phase one and phase two, or at least give me solid instructions on how to configure that. It doesn't supply out-of-the-box visibility to drive decisions. You get 75 log lines, so if you're trying to troubleshoot something, you have to look at one log and then another. It integrates with SysLog systems, but our customers are not at the level where they want to pay for some third-party SysLog system. Usually, we can get things taken care of fairly quickly. I would like to have the ability to control all my devices from one place. With Ubiquiti, you can get a controller that allows you to control all of your Wi-Fi devices, switches, and routers. From one area, you can switch to that customer and see what's happening in their environment. That's not part of pfSense. I understand why it's not because pfSense is open source and community supported. That's something that someone in the community needs to pick up and run with. It's not something the pfSense can easily implement. If they could, that'd be great.
report
Use our free recommendation engine to learn which Privileged Access Management (PAM) solutions are best for your needs.
850,671 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
33%
Financial Services Firm
12%
Computer Software Company
11%
Manufacturing Company
6%
Computer Software Company
15%
Comms Service Provider
11%
Government
7%
Educational Organization
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Sailpoint IdentityIQ compare with CyberArk PAM?
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...
What do you like most about CyberArk Privileged Access Manager?
The most valuable features of the solution are control and analytics.
What is your experience regarding pricing and costs for CyberArk Privileged Access Manager?
With the current model of licensing, for my use cases, sometimes it's hard to convince the management and get budget approvals for it. It's expensive and you're not getting anything new. It's just ...
Help me find the best open source router
You don't really specify what type of router you are looking for but if you are talking about a gateway router I recommend PFSense. This software solutions can be installed on youf own hardware or ...
How do I choose between Fortinet FortiGate and pfSense?
Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate both cost-effective and efficient. One of the features we like most is that Fo...
What is the difference between PfSense and OPNsense?
Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and client, Open VPN and client, and PPTP client. Both also have intrusion detection a...
 

Also Known As

CyberArk Privileged Access Security, CyberArk Enterprise Password Vault
No data available
 

Overview

 

Sample Customers

Rockwell Automation
Nerds On Site Inc., RKC Development Inc., Expertech, Fisher's Technology, Ncisive, Consulting, CPURX, Vaughn's Computer House Calls, Imeretech LLC, Digital Crisis, Carolina Digital Phone, Technigogo Technology Services, The Simple Solution, SwiftecITInc, Rocky Mountain Tech Team, Free Range Geeks, Alaska Computer Geeks, Lark Information Technology, Renaissance Systems Inc., Cutting Edge Computers, Caretech LLC, GoVanguard, Network Touch Ltd, P.C. Solutions.Net, Vision Voice and Data Systems LLC, Montgomery Technologies, Techforce, Concero Networks, ASONInc, CPS Electronics and Consulting, Darkwire.net LLC, IT Specialists, MBS-Net Inc., VOICE1 LLC, Advantage Networking Inc., Powerhouse Systems, Doxa Multimedia Inc., Pro Computer Service, Virtual IT Services, A&J Computers Inc., Envision IT LLC, CommunicaONE Inc., Bone Computer Inc., Amax Engineering Corporation, QPG Ltd. Co., IT 101 Inc., Perfect Cloud Solutions, Applied Technology Group Inc., The Digital Sun Group LLC, Firespring
Find out what your peers are saying about CyberArk, Delinea, One Identity and others in Privileged Access Management (PAM). Updated: April 2025.
850,671 professionals have used our research since 2012.