2021-12-08T12:16:00Z

Which is the best Privileged Account Management solution?

Hi, 

Which is the best Privileged Account Management solution for an enterprise? Why?

How is the privileged account management solution deployed? Can it work on-premises or in the cloud in physical or virtual environments, hosted on Windows or Linux OS?

Thank you!

Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
  • 6
  • 208
6
PeerSpot user
6 Answers
NajibulIslam - PeerSpot reviewer
Technical Account Manager (Information Security) at Trustaira
Reseller
Top 5Leaderboard
2021-12-13T05:43:28Z
Dec 13, 2021

Hi Mr. @Shibu Babuchandran,


Previously Mr. Belenky answered it here What is PAM & Why choose?


You can check the Gartner magic quadrant, Forrester wave for checking the PAM solutions in the market. 


As per the organization's requirements and budget, you can easily choose suitable PAM solutions. 


Every PAM solution has 3 modalities of deployment: on-premises, hosted and Cloud. 


For deployment of what your organization wants as per compliance (Cloud, on-premises), if your organization wants the subscription-based license and doesn't interested to manage the hardware/machines/VM then you can go to the cloud but if your organization wants to Perpetual license then you have a good choice to select on-premises license.

When you choose any PAM solution you must have taken an idea about the license model for your organizational requirements (user-based or hardware-based), HA/DR modality.

Most users are used to the Windows environment. So, if you choose the Windows-based OS then your existing IT person manages it easily and Windows always give the patch update (every week) - you don't need to worry about the critical patches.

Search for a product comparison in Privileged Access Management (PAM)
GJ
PAM Architect at a tech services company with 11-50 employees
MSP
Top 5Leaderboard
2021-12-15T17:00:11Z
Dec 15, 2021

Shibu,


Your question is reminiscent to which religion is the true religion. 


Most solutions have cloud and hybrid cloud solutions. Most solutions have both Physical and Virtualized solutions. 


Most solutions support both Windows and Linux. When you say enterprise I am going to assume that you are referring to “Large and Multi-platform”.


Short Answer: Perform an event in your enterprise to determine your requirements by accomplishing the following:



  1. PAM Champion (CISO, CIO, Security Architect)

  2. Business, Technical and Functional Requirements

  3. Previous “Audit” findings to qualify immediate remediation requirements

  4. Interconnected business processes

  5. Determine target Platforms

  6. Fully documented “Use Cases” for the target platforms

  7. Session recording requirements

  8. Audit requirements


These items are but a few and should be expanded based on your requirements. Progressing through these will provide clarity for you to determine additional areas to examine. The work product of this event will SIGNIFICANTLY qualify the Vendor selection from the available solutions out there. This will also prevent you from having buyer’s remorse in your initial product selection if it cannot meet the enterprise's needs.


If you are indeed an Enterprise, it would be an idea worth consideration to also examine the “Care and Feeding” of the solution:


A. You should be looking for a managed solution because the expertise to implement and manage these types of solutions is expensive to train and more expensive to keep.


B. It should also be able to weave into your existing administration models with minor alterations for automation.


C. Direct connection to Provider for automated download and installation of updates, security patches, and enhancements.


D. Capabilities to dynamically employ and leverage “Least Privilege” and segregation of duties principles.


E. Capabilities to Auto-Discover new systems and Accounts targeted for management.


F. Auto-Onboarding capabilities for these newly Discovered Systems and Accounts.


G. Analytics and Reporting capabilities to the nth degree.


H. Future modifications altering this solution should be exclusive to new Platforms for onboarding.

JP
Pre Sales Technician at DotForce
Real User
Top 20
2021-12-14T08:03:18Z
Dec 14, 2021

Hi,


DISCLAIMER: I belong to the company that is a distributor of Stealthbits (part of Netwrix) in Southern Europe, so I just going to mention this option.


Stealthbits based the privilege assignments in activities, instead of the access. That's why they call their solution Stealthbits Privileged Activity Manager (SbPAM).


The feature that I like most is the activity token. This allows creating a privileged account for the specified task, for the time required and in the desired scope. Once the task is completed, this account is deleted, so none of the user accounts are receiving privileges at any time.


This makes it very easy to accomplish the least privileged access model in a very effective way.


It works with AD, Azure AD and more, and each version includes new and very useful capabilities.


This solution is younger than most of the other solutions, but it is reaching a high maturity very fast, which is very receptive to the customers' demands and suggestions and gives excellent support.


I recommend you to consider it!

Nurlan Temirbulatov - PeerSpot reviewer
Sales Engineer at Remediant
Vendor
Top 20
2021-12-13T20:31:15Z
Dec 13, 2021

Hello @Shibu Babuchandran,


My name is Nurlan and I'm an SE at Remediant, who had spent the last 5 years specifically within PAM space.


Remediant's SecureONE solution specializes in stopping lateral movement by removing standing privileges across Windows, MacOS, and Linux machines. Whether machines are on-network, remote or in the cloud, we can help you minimize the blast radius of stolen credentials. This is a security blindspot for many organizations, regardless of whether they are at the beginning of their PAM journey or had already accumulated a stack of PAM investments.


It's very fast to deploy, can be completed over a couple of days, as opposed to the usual timelines of weeks and months that are associated with the most common type of PAM solutions. You don't need an FTE to manage it and can easily automate everything by leveraging published APIs.


Having said this, it would be beneficial to learn about your immediate objectives. 


Are you trying to remove admin privileges from the users, are you trying to lockdown user endpoints (implement allow list/block list) or are you looking to vault your admin credentials? 


Maybe you're looking to implement LAPS-like functionality, but not use LAPS itself?


The PAM field as a whole has expanded greatly and the spending on PAM tools has increased among enterprises and SMB companies. 

Vendor
2021-12-13T16:53:28Z
Dec 13, 2021

Hi @Shibu Babuchandran ​,


Full disclosure - I am an SE for Hitachi ID so naturally, I am biased. That said, Hitachi ID Bravura Privilege is a PAM solution. It scales well to both small and large enterprises and comes complete with all of the extras you normally pay additional fees for with other vendors. Session monitoring, all connectors, vault storage, high availability/fault tolerance, personal vault, etc.


It is available as an on-prem, SaaS or hybrid deployment model. We can provide licensing either by managed systems or by the number of users. All services are performed by non-offshore highly trained employees.


We have many reference customers in all verticals and would be happy to speak with you about any PAM initiatives you may have. 


While analyst recommendations and magic quadrants are useful, they often don't tell the whole story. Looking forward to chatting with you.


Bruce Macdonald, 


Sr. Sales Engineer

EB
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
2021-12-09T14:22:05Z
Dec 9, 2021

Hi @Richard Nagygyörgy, @Sanjeet Kumar Bhuyan and @ABHILASH TH,


Do you have any recommendations to share with @Shibu Babuchandran ​and the community?


Thanks! 

Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
708,461 professionals have used our research since 2012.
Related Questions
Siby Ragh - PeerSpot reviewer
Practice Lead- Cyber Defense at Injazat Data Systems
Apr 2, 2023
Hello peers,  I work for a large computer software company and I am currently researching PAM solutions.  Which solution do you prefer: ARCON Privileged Access Management or Microsoft PAM? What are the pros and cons of each solution? Thank you for your help.
See 1 answer
Hicham Barnoussi - PeerSpot reviewer
Managing Partner at Smpl ID
Apr 2, 2023
Hello Siby, I suggest looking for PAM-leading solutions, both solutions you have mentioned are not recommended, Microsoft doesn't have a PAM solution and Arcon won't fulfill the local compliance requirements like NESA, etc.... check solutions that are leading in the PAM area.
ML
Director at Seg Inf
Dec 23, 2022
Hello community,  I am a Director at a large financial services firm. I am looking for a tool that will help me limit the privileges given to administrators and privileged users. Which tool do you recommend and why? Thank you for your help.
See 2 answers
NajibulIslam - PeerSpot reviewer
Technical Account Manager (Information Security) at Trustaira
Dec 23, 2022
Hi, If you share the devices/asset category may get the best suitable answer from this community. Here I can help you with the system privilege maintenance. If your organization has a Windows and Linux base, then you can choose the Delinea Server Suite solution to manage all privileged users. Why is Delinea Server Suite best for your organization? I hope your Windows asset is managed by a domain controller that manages your users and also manages the group policy. To use Server Suite, you can join your Linux systems in your domain controller by creating the zoning policy. To use this solution you can also manage the MFA/2FA in your all system (Windows/Linux). When a privileged user uses any administrative command in that time, approval is required by an admin from Server Suite. The admin can also create the workflow to execute any command needed to give the security question before executing that. So you can minimize your effort when you connect your Linux environment and workgroups assets in Domain Controller and based on your policy, you create the group policy for users and assign it from a single pane of glass.
Nurlan Temirbulatov - PeerSpot reviewer
Sales Engineer at Remediant
Dec 23, 2022
Hello, I think you would find a lot of value in taking a look at Remediant's solution called SecureONE.  As you may know, lateral movement is the step that makes domain-wide attacks possible. We specialize in stopping lateral movement by discovering standing privileges and removing them. These days, a compromise of one machine is almost guaranteed, so it's important to see where else on the network do the compromised credentials have access. We give you visibility of where standard users' credentials as well as administrators' credentials have access to within your organization. Many customers do not realize the spread and severity of standing privileges, even when they may already have a vault and application control in place. If this sounds any bit interesting, please visit our website and schedule a demo. Thank you!
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 18, 2022
Top 5 Privileged Access Management (PAM) Tools PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews ...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Jan 17, 2022
Cyber Security has become one of the top priorities in today’s hyper-connected fast-growing technologies like cloud, mobile, and virtualization, making the lives of security professionals more challenging. Building multiple layers of security on the perimeter such as VPNs, access controls, firewalls, IDS, IPS, SIEMs and email gateways are no longer considered fully effective. It needs to be c...
See 2 comments
DM
Director at DNAX s.r.o.
Jan 12, 2022
As a cybersecurity professional, I would NEVER outsource a PAM solution anywhere outside of my company, no matter how beneficiary it could look at a first sight. In the end, it can cost you everything.
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Jan 17, 2022
HI @DavidMateju​, Thanks for your response, can you let us know in more detail the reason for not outsourcing a PAM solution.
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Dec 11, 2021
                                What is Privileged Account Management (PAM)? Privileged account management can be defined as managing and auditing account and data access by privileged users. A privileged user is someone who has administrative access to critical systems. For instance, anyone who can set up and delete user accounts and roles on your Oracle database is a privileged user. Lik...
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 18, 2022
Top 5 Privileged Access Management (PAM) Tools 2022
Top 5 Privileged Access Management (PAM) Tools PeerSpot’s crowdsourced user review platform help...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Jan 17, 2022
Privileged Access Management as a Service (PAMaaS): benefits and service offerings
Cyber Security has become one of the top priorities in today’s hyper-connected fast-growing tec...
Download Free Report
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
DOWNLOAD NOW
708,461 professionals have used our research since 2012.