Security Architect, InfoSec Consultant at Confidential ( Sensitive Industry)
Real User
2018-06-14T11:28:24Z
Jun 14, 2018
Question seems to be answered logically and creativity is mandatory. J.
So Anyone who can logon with their credentials like the AD logon (or Secure id or even the Windows Logon) to the Cyber Ark Portal and see some accounts (which they are given access through the safes or some role groups) after they logon can be called as the Privileged Users.
Example: Suppose John is a part of the Windows Administration Team .
1.John is a Privileged User.
Now, the objects or the accounts that you see after the logon (accounts that you are given access) with your standard authentication ( like the AD account or or Secure id or even the Windows logon) can all be treated as the Privilege Accounts. These are the accounts that can be used to connect to the target systems for some administrative access. Such accounts are Privileged Accounts.
Example: Suppose John is a part of the Windows Administration Team .
2. WintelAdmin1 is the Privileged Account that John as a Privilege user can use to manage his Windows task and troubleshooting or making configuration changes.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
Hello community,
I am the Associate VP and Cyber Security Specialist at a large bank.
I am researching PAM tools. These are our requirements for the PAM tool needed:
- Privileged Access Governance and Administrative
- Privileged Accounts Discovery and Management
- Privileged Credentials Management
- Privileged Session Management
- Privileged Access Logging, Reporting, and Audit
- Privi...
Hello Avinash, it all depends on the timeline and urgency of the project. If you need to deploy a PAM tool that focuses on standing privileges, stopping lateral movement, and incorporating Zero Standing Privileges as part of Zero Trust, then please consider looking at Remediant. I've worked for BeyondTrust and have gone up against the other big players such as Delinea, Centrify, CyberArk, and HashiCorp. They more or less all offer similar solutions, but looking at your current requirements, Remediant really excels in delivering a simple, yet very effective tool in a matter of days and weeks, not months and years.
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the management of user identities, systems, data, and cloud services. It works great for Identity Access Management, specifically for cleaning up inactive and orphaned accounts. It has the joiner-mover-leaver feature.
One of the features we like is the large availability of connectors for different applications and platforms. You can also recertify an account, which is very useful. It is well suited for large companies with lots of users and applications. However, for small companies, it might be a bit of an overkill.
Sailpoint has a steep learning curve, so it is not for inexperienced users. Moreover, it doesn’t offer a lot of supporting documentation. It also doesn’t integrate well with other solutions.
We chose CyberArk despite the cost because it works great for password management. CyberArk helps manage privileged accounts and service accounts, for example, when users need to connect remotely into systems. It is especially useful for IT staff to access their privileged accounts without having to remember the passwords every time - individually and even as a group.
What we like the most about CyberArk is the ease of use and effectiveness in managing privileged accounts. For instance, it automatically changes the passwords for privileged accounts and reconciles and verifies passwords. New users can obtain secure credentials with minimal time and effort.
The initial cost is high, which can be a bit of a stretch for small organizations. It also has high requirements for the initial setup and is difficult to customize. The performance could be faster.
Conclusions
While Sailpoint IdentityIQ is a very good privileged account solution, CyberArk is better suited for us because of its ease of use and efficiency in password management.
The two products are actually complimentary. Both companies have been very good about staying in their lanes and are their respective market leaders.
CyberArk's PAM solution is aimed at protecting privileged accounts by providing features like vaulting, credential rotation, session monitoring and recording. They also have solutions for DevOps and Secrets management.
SailPoint is an Identity Governance solution and actually manages CyberArk as an application the same way it manages accounts and privileges in SAP, AD, AAD and over 100 more applications. For CyberArk, it can add/change/delete users as well as create safes and assign users to those safes. At a user account certification time, it will show the CyberArk users and their associated privileges and allow the user's manager or other appropriate people to approve or revoke the privileged access.
SailPoint creates an Identity warehouse so that a user's accounts and entitlements are gathered, managed and reported on in a centralized manner. See Youtube for a quick explanation - SailPoint Identity Governance Integrates with CyberAek Privileged Access Security.
SailPoint does not provide the vault and session management functions that CyberArk does.
Top 5 Privileged Access Management (PAM) Tools
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews ...
Question seems to be answered logically and creativity is mandatory. J.
So Anyone who can logon with their credentials like the AD logon (or Secure id or even the Windows Logon) to the Cyber Ark Portal and see some accounts (which they are given access through the safes or some role groups) after they logon can be called as the Privileged Users.
Example: Suppose John is a part of the Windows Administration Team .
1.John is a Privileged User.
Now, the objects or the accounts that you see after the logon (accounts that you are given access) with your standard authentication ( like the AD account or or Secure id or even the Windows logon) can all be treated as the Privilege Accounts. These are the accounts that can be used to connect to the target systems for some administrative access. Such accounts are Privileged Accounts.
Example: Suppose John is a part of the Windows Administration Team .
2. WintelAdmin1 is the Privileged Account that John as a Privilege user can use to manage his Windows task and troubleshooting or making configuration changes.
Hope that makes some sense.