Director, Technology Operations and Engineering at a tech services company with 51-200 employees
Real User
2017-02-09T17:19:16Z
Feb 9, 2017
First: Make sure it has all the functionality your company absolutely requires right out of the box. Waiting for "the next version" is not a game you want to play.
Second: Make sure that when your needs change in the future, the tool will still be a good choice and had the capability to grow with your scaling and increased functionality needs.
Third: Make sure it can integrate with world class Two Factor and Multi Factor Authentication Software Solutions, like those provided by SyferLock Technology Corporation. (Some bias :)
We are partial to Lieberman Software, Open IAM, and CyberArk depending on your needs.
Search for a product comparison in Privileged Access Management (PAM)
CyberArk PAS Solution Professional | Project Manager at Wipro Technologies
Consultant
2017-02-14T04:27:39Z
Feb 14, 2017
Few key aspects I would look for in the PIM solution are,
1.Functionalities to achieve the defined scope, e.g. protect, control and monitor privileged accounts (Operating systems / Application / Database)
2.Availability of OOTB integration functionalities with other systems (SIEM / Monitoring Tools / 2 Factor Authentication)
3.Should provide high availability / failover to DR environment with no data loss.
4.Scalable components.
5.Easy to use GUI
6.Availability of OOTB connectors to manage password and sessions of devices.
7.Ability to establish concurrent sessions to the target devices with least amount of time.
Identity Management & Security Market Expert // Microsoft MVP at a tech consulting company with 51-200 employees
Consultant
2017-02-10T11:15:37Z
Feb 10, 2017
Question 1: do I need a on-premises or cloud solution ?
Question 2: is my project included or not non-classic-OS items ? - like router, switch, firewall, etc.
Question 3: do i need to get advanced and accurate reports ?
Question 4: is my project a compliance project or a security project ?
Question 5: is the shared admin account management is key in my project ?
Depending the answer, you will get the short list of potencial suppliers which fit with your needs.
Director of Marketing at Lieberman Software Corporation
Vendor
2017-02-09T20:16:59Z
Feb 9, 2017
Speed and coverage. You need to change privileged passwords faster than attackers can exploit them. And, you need to change all privileged credentials across your entire network quickly - not just domain passwords but local admin passwords as well as passwords on routers, switches, etc. If you’re changing your passwords every 90 days and somebody breaks in on day one, how long will they have access to your environment with that credential? At least 90 days and that’s assuming that you can detect them. If you can’t detect them, they’ll be in there 90 days, 120 days, 200 days… years. So, find a solution that can change passwords as often as every couple of hours. That way, you're able to stop zero days in their tracks. Keep the bad guys out and prevent malicious insiders from having continuous access. Lieberman Software can help!
Some of the aspects are
- Richness in the functionalities that the tool provides.
- Support for basic functionalities like Password Vaulting, Passwod Checkout, Session Checkout, Session or Keystroke recording, Auto Discovery of the privileged accounts on the end points and privileged members
- Support for break glass and approval system
- Support for API based integration with applications
- Ease of integration with Identity Management systems
- Ease of integration with SIEM
These are some of the aspects I could think of at this moment. There could be many more.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
Hello peers,
I work for a large computer software company and I am currently researching PAM solutions.
Which solution do you prefer: ARCON Privileged Access Management or Microsoft PAM? What are the pros and cons of each solution?
Thank you for your help.
Hello Siby, I suggest looking for PAM-leading solutions, both solutions you have mentioned are not recommended, Microsoft doesn't have a PAM solution and Arcon won't fulfill the local compliance requirements like NESA, etc.... check solutions that are leading in the PAM area.
Hello community,
I am a Director at a large financial services firm.
I am looking for a tool that will help me limit the privileges given to administrators and privileged users. Which tool do you recommend and why?
Thank you for your help.
Technical Account Manager (Information Security) at Trustaira
Dec 23, 2022
Hi,
If you share the devices/asset category may get the best suitable answer from this community. Here I can help you with the system privilege maintenance. If your organization has a Windows and Linux base, then you can choose the Delinea Server Suite solution to manage all privileged users. Why is Delinea Server Suite best for your organization? I hope your Windows asset is managed by a domain controller that manages your users and also manages the group policy. To use Server Suite, you can join your Linux systems in your domain controller by creating the zoning policy. To use this solution you can also manage the MFA/2FA in your all system (Windows/Linux). When a privileged user uses any administrative command in that time, approval is required by an admin from Server Suite. The admin can also create the workflow to execute any command needed to give the security question before executing that. So you can minimize your effort when you connect your Linux environment and workgroups assets in Domain Controller and based on your policy, you create the group policy for users and assign it from a single pane of glass.
Hello, I think you would find a lot of value in taking a look at Remediant's solution called SecureONE. As you may know, lateral movement is the step that makes domain-wide attacks possible. We specialize in stopping lateral movement by discovering standing privileges and removing them. These days, a compromise of one machine is almost guaranteed, so it's important to see where else on the network do the compromised credentials have access. We give you visibility of where standard users' credentials as well as administrators' credentials have access to within your organization. Many customers do not realize the spread and severity of standing privileges, even when they may already have a vault and application control in place. If this sounds any bit interesting, please visit our website and schedule a demo. Thank you!
Top 5 Privileged Access Management (PAM) Tools
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews ...
Cyber Security has become one of the top priorities in today’s hyper-connected fast-growing technologies like cloud, mobile, and virtualization, making the lives of security professionals more challenging. Building multiple layers of security on the perimeter such as VPNs, access controls, firewalls, IDS, IPS, SIEMs and email gateways are no longer considered fully effective. It needs to be c...
As a cybersecurity professional, I would NEVER outsource a PAM solution anywhere outside of my company, no matter how beneficiary it could look at a first sight. In the end, it can cost you everything.
What is Privileged Account Management (PAM)?
Privileged account management can be defined as managing and auditing account and data access by privileged users.
A privileged user is someone who has administrative access to critical systems. For instance, anyone who can set up and delete user accounts and roles on your Oracle database is a privileged user.
Lik...
First: Make sure it has all the functionality your company absolutely requires right out of the box. Waiting for "the next version" is not a game you want to play.
Second: Make sure that when your needs change in the future, the tool will still be a good choice and had the capability to grow with your scaling and increased functionality needs.
Third: Make sure it can integrate with world class Two Factor and Multi Factor Authentication Software Solutions, like those provided by SyferLock Technology Corporation. (Some bias :)
We are partial to Lieberman Software, Open IAM, and CyberArk depending on your needs.
integration with IGA, GRC
Few key aspects I would look for in the PIM solution are,
1.Functionalities to achieve the defined scope, e.g. protect, control and monitor privileged accounts (Operating systems / Application / Database)
2.Availability of OOTB integration functionalities with other systems (SIEM / Monitoring Tools / 2 Factor Authentication)
3.Should provide high availability / failover to DR environment with no data loss.
4.Scalable components.
5.Easy to use GUI
6.Availability of OOTB connectors to manage password and sessions of devices.
7.Ability to establish concurrent sessions to the target devices with least amount of time.
Thanks
Question 1: do I need a on-premises or cloud solution ?
Question 2: is my project included or not non-classic-OS items ? - like router, switch, firewall, etc.
Question 3: do i need to get advanced and accurate reports ?
Question 4: is my project a compliance project or a security project ?
Question 5: is the shared admin account management is key in my project ?
Depending the answer, you will get the short list of potencial suppliers which fit with your needs.
Speed and coverage. You need to change privileged passwords faster than attackers can exploit them. And, you need to change all privileged credentials across your entire network quickly - not just domain passwords but local admin passwords as well as passwords on routers, switches, etc. If you’re changing your passwords every 90 days and somebody breaks in on day one, how long will they have access to your environment with that credential? At least 90 days and that’s assuming that you can detect them. If you can’t detect them, they’ll be in there 90 days, 120 days, 200 days… years. So, find a solution that can change passwords as often as every couple of hours. That way, you're able to stop zero days in their tracks. Keep the bad guys out and prevent malicious insiders from having continuous access. Lieberman Software can help!
Thanks for reaching out to me.
Some of the aspects are
- Richness in the functionalities that the tool provides.
- Support for basic functionalities like Password Vaulting, Passwod Checkout, Session Checkout, Session or Keystroke recording, Auto Discovery of the privileged accounts on the end points and privileged members
- Support for break glass and approval system
- Support for API based integration with applications
- Ease of integration with Identity Management systems
- Ease of integration with SIEM
These are some of the aspects I could think of at this moment. There could be many more.