Privileged access management (PAM) solutions are defined as a subset of identity and access management (IAM) technology that lets you monitor, govern, and maintain records of how privileged users and devices access business assets and networks in line with corporate protocol and regulatory compliance norms. In this article, we explain privileged access management in detail. We also discuss how to navigate the technology market to find the right solution for your company, keeping in mind the must-have features and the top 10 recommendations for 2021.
Table of Contents
What Is a Privileged Access Management Solution?
Privileged access management (PAM) solutions are a subset of identity and access management (IAM) technology that lets you monitor, govern, and maintain records of how privileged users and devices access business assets and networks in line with corporate protocol and regulatory compliance norms.Â
As per a recent industry survey, 78%Opens a new window of small to mid-sized businesses said a PAM solution was integral to their cybersecurity program, even though a staggering 76% were yet to deploy one. In another surveyOpens a new window , it was revealed that nearly 1 in 3 companies have invested in new access management tools in the wake of remote working but still feel inadequately protected.Â
At a time when employees continue to be the weakest link in most enterprises’ security posture, access privileges need regular checks, updates, and auditing. Identifying and deploying the right privileged access management solution is essential to addressing this gap in enterprise security.Â
Also Read: What Is Privileged Access Management (PAM)? Definition, Components and Best Practices
7 Key Must-Have Features You Need in Your PAM Solution
When assessing privileged access management solutions for your company, check against the following parameters:Â
Essential Features of a PAM Solution
- Multi-factor authentication: The PAM solution should support multi-factor authentication using mobile-based OTP, email passwords, physical keys, etc., depending on the user role. Another good idea is to deploy MFA at every point of request and not just at the time of login. PAM should also integrate with third-party MFA for extra protection.Â
- Audit trails for compliance: One of the most common reasons companies implement privileged access management solutions is to ensure an audit trail of access activities. The solution must keep detailed records of login attempts, and access approvals, preferably as documentation and video formats. These must be locked in a secure vault.Â
- Password vaults: Vaults in a PAM solution store confidential data like access credentials, passwords, compliance records, screen recordings, keystrokes data, etc. The vault must be fully encrypted and centrally accessible for a single source of visibility into access activity across the organization.Â
- Support for remote systems: Secure remote access is now an organizational must-have with the rise of WFH. In addition to remote internal users, you also need to monitor and record privileged access from guest accounts, such as trusted vendors, external auditors, contractual employees, and so on. PAM will bring your distributed enterprise under your security umbrella without any risk of exposure.Â
- Support for hybrid hosting environments: Your PAM solution should be able to govern and track access to traditional data warehouses, public/private cloud applications, and web-based SaaS apps. Along with this, there should be application-to-application protection, so that privilege from one environment does not “creep†into activities elsewhere.Â
- SIEM integrations: By integrating with your security information and event management (SIEM) software, PAM can directly send security alerts, raise tickets, and trigger automated remediation. PAM-SIEM integrations can save you a sizable amount of IT efforts, as there are connected approval workflows without fragmenting the audit trail.Â
- Access workflow governance: The workflow manager feature of PAM lets you define and enforce security rules for different access conditions. It determines how the user obtains access and scenarios where access can be reset or revoked.Â
Keeping these must-have features in mind, you can weigh your options, consider your organization’s unique needs, and select the best privileged access management solution for your enterprise.Â
Top 10 Privileged Access Management Solutions in 2021
PAM solutions come in all shapes and sizes, from being completely hosted on-premise to SaaS-based, minimizing your installation and maintenance overheads. They could also focus on a specific use case like remote user access, vendor security, access automation, or security analytics. The ten solutions listed below, in alphabetical order, cover all of these common use cases and are suitable for large-scale implementations, scalable across various security needs.Â
Disclaimer: This is a curated list based on publicly available information from various sources and may include vendor websites that sell to mid-to-large enterprises. Readers are advised to conduct their own final research to ensure the best fit for their unique organizational needs.
1. ARCON Privileged Access Management
Overview: ARCON is a leading enterprise security vendor with many IAM products, including PAM and PAM SaaS. ARCON PAM can be aligned to meet the requirements of on-premise and the cloud, or even DevOps environments.Â
Best for: Large enterprises and security resellers.Â
Key features: ARCON Privileged Access Management boasts of the following features:Â
-
- Privileged access controls on a ‘need-to-know’ and ‘need-to-do basis’
- Password vaulting, automated password changing, and randomized privileged passwords
- Sessions security with real-time session monitoringÂ
- SSO integrations and multi-factor authenticationÂ
- Audit trail of privileged activities and analytics for decision makingÂ
- Just-in-time privileges for least privilege accessÂ
USP: ARCON has several advantages that make it a leading solution in its space. Its wide range of integrations with authentication providers, the ability to add security layers around privileged accounts and customized reporting make it suitable for various security use cases.Â
Editorial comments: While ARCON PAM is a highly robust offering (with several features a small to mid-sized organization may not need), the PAM SaaS edition makes it accessible to companies of every size. Its video log feature is particularly useful for monitoring privileged access.Â
2. BeyondTrust Privileged Remote Access
Overview: BeyondTrust PAM solution is meant specifically for companies with a large distributed presence, witnessing frequent third-party or guest access. The company combined with a remote support specialist, Bomgar, in 2018 to build an end-to-end secure remote access solution with string privilege controls.Â
Best for: Large enterprises which share data and network access with third parties.Â
Key features: You can expect the following features with BeyondTrust Privileged Remote Access:Â
-
- VPN-less secure remote access to the corporate networkÂ
- Integration with password management toolsÂ
- Business rules to prevent the risk of privilege creep
- Comprehensive audit trails and session forensics for complianceÂ
- Built-in password vault and optional integration with BeyondTrust Password SafeÂ
- Access workflow consolidation with SIEM process automationsÂ
USP: BeyondTrust’s biggest USP is that it goes beyond monitoring remote access to enable secure user onboarding as well. You can leverage the platform to onboard third-party vendors in line with security policies and privilege controls.Â
Editorial comments: As the recent SolarWinds attack demonstrated, third-party security risk is a massive concern for modern enterprises. If you’re looking for a PAM solution that can monitor and regulate data flow to or from remote users, BeyondTrust is an excellent option.Â
Also Read: Top 10 Customer Identity Management Solutions in 2021
3. Centrify Privileged Access Service
Overview: Cybersecurity giant, Centrify has several offerings for managing access controls, including a password vault, credential management, secure remote access, access approval workflows, and multi-factor authentication. Together, these form Centrify Privileged Access Service, the company’s holistic solution for privileged access management.Â
Best for: Mid-sized to large companies, particularly if you are an AWS user.Â
Key features: Some of the key features to expect with Centrify Privileged Access Service are:Â
-
- Vault for storing account credentials and passwords (on-premise or the cloudOpens a new window )
- SSH keys and privileged credentials based on security policies
- Risk-aware MFA and VPN-less access for remote user security
- Secure administrative access via Jump Box, ensuring a clean access sourceÂ
- Automated temporary access rules and self-service access request approvalÂ
- Privilege threat analytics and user behavior analyticsÂ
USP: An interesting USP of Centrify is that it gives you incredible flexibility when implementing MFA. You can apply MFA not just at login but also during password checkout, remote session initiation, or at any time there is a new request.Â
Editorial comments: Centrify combines rich features with flexibility to offer a privileged access service that can be deployed as SaaS, or a customer-managed implementation, backed by the underlying Centrify Platform. It covers onsite and remote access equally well.Â
4. CyberArk Privileged Access Security Solution
Overview: CyberArk offers a least privileged solution that can protect against credential loss-related data breaches. The company is backed by its research wing, CyberArk Labs, which produces innovative research on emerging threat techniques.Â
Best for: Small, mid-sized, and large enterprises.
Key features: CyberArk Privileged Access Security Solution has the following features to offer:Â
-
- Access manager to discover accounts, monitor sessions, and remediate risky activities
- Isolation of credential and sessions to prevent leaksÂ
- Recording of key events with tamper-resistant audits
- Integration with applications, IT platforms, and automation toolsÂ
- Automated credential managing and rotation
- Password and credential vault for secure storageÂ
USP: CyberArk’s USP is its sheer simplicity. The solution connects with your application landscape and server ecosystem and maintains a vault and privilege management portal within your network firewall. The entire solution architecture is scalable to support enterprise growth.Â
Editorial comments: CyberArk Privileged Access Security Solution is just one piece of the puzzle. You can expand it further through the company’s solutions for vendor privileges, endpoint privileges, and cloud entitlement, maturing your security posture as your enterprise grows.Â
Also Read: What Is Biometric Authentication? Definition, Benefits, and Tools
5. Foxpass
Overview: Foxpass is a server and network access automation solution that also addresses privileged access management use cases. It automates server and network access in line with your corporate security policies, along with self-service SSH keys and password management.
Best for: Small, digital-native companies looking for a smartly designed and highly configurable solution.Â
Key features: Using Foxpass, you can leverage the following key capabilities:Â
-
- API-based server access controlÂ
- Cloud-hosted LDAP and RADIUS that syncs with Google, Office365, etc.
- Full logs of LDAP and RADIUS requests with automated threat detection
- Enforceable rules for MFA, SSH keys, and password rotation
- Extended event login from 1-90 daysÂ
- Option to run the cache database on a local serverÂ
USP: An important USP is Foxpass’s local cache feature that can keep your systems running in case of downtime or temporary connectivity issues. Further, Foxpass has a free signup option, reducing the barriers to entry.Â
Editorial comments: Foxpass is ideal for organizations looking to enhance their server and network access capabilities, with its target user being your engineering teams. It integrates with SUDO, Samba, and other system integration software for granular controls.Â
6. Iraje Privileged Access Manager
Overview: Iraje is a security software provider that specializes in privilege access management technology. The company has a wide range of products across ETL, change management, security audits, etc., designed to support enterprises across their entire digital transformation journey.Â
Best for: Mid-sized to large enterprises, particularly those using Azure Active Directory.Â
Key features: Iraje Privileged Access Manager has the following key features:Â
-
- Scalable solution architecture for hundreds of users and thousands of devicesÂ
- SSO, MFA, and third-factor authentication
- One-time access for guest and temporary privileged accounts
- Automated alerts on password opening and password rotation
- Live session viewing and terminationÂ
- Text logs and text search within videosÂ
USP: Iraje Privileged Access Manager covers your entire gamut of requirements from discovering, managing, monitoring, controlling, and maintaining compliance around network/session access. What’s more, it has behavioral analytics to support your decision-making.Â
Editorial comments: Despite Iraje not being popularly recognized as among the leading security vendors, the company has deep specialization in PAM technology, delivering solutions in this space for 20+ years. Do keep in mind that Iraje Privileged Access Manager is best suited for enterprises with a sizable Windows ecosystem dependency.Â
Also Read: Top 11 Facial Recognition Software in 2021
7. One Identity
Overview: One Identity is a globally recognized IAM technology provider, so it makes sense for the company to have a compelling PAM solution as well. Its offering called Total Privileged Access Management comprises the essential features for secure role-based access, including authentication, analytics, password management, and more.Â
Best for: SaaS version for small to mid-sized businesses; private deployment meant for large enterprises and managed service providers.Â
Key features: Here are the key features to expect with One Identity:Â
-
- Account and system discovery to find hidden privileges in your networkÂ
- The option to store privileged accounts inside a hardened appliance
- Session activity recording (keystrokes, mouse movement, and windows viewed)
- Analytics on the content accessed and the commands issued
- Unix, Linux, and Mac OS X integrations in Active Directory for authenticationÂ
- Pattern-free analysis to detect unknown “bad†or suspicious behaviors
USP: One Identity has a robust analytics module, including real-time threat detection, screen content analysis, and behavioral biometrics. You could potentially identify unauthorized user access by mapping their keystrokes to the known keystroke pattern of an authorized user. One Identity also has password vaulting, session control, and audit capabilities.Â
Editorial comments: One Identity offers a powerful solution for large enterprises or those providing security services. Its integration with technology platforms like Blue Prism, HashiCorp, VMware, etc., SIEM tools, MFA vendors, and IT services platforms like ServiceNow make it possible to build an entire secure ecosystem around One Identity PAM.Â
8. Symantec Privileged Access Management
Overview: Symantec PAM is the privileged access management solution by Broadcom, a global infrastructure and software solution provider. It offers a privileged credential vault, session recording, and other essential PSM features to help protect your assets across traditional data centers, software-defined data centers, SaaS apps, and the public cloud.Â
Best for: Mid-sized to large organizations leveraging DevOps processes.Â
Key features: Symantec Privileged Access Management offers the following features:Â
-
- A zero-trust vault for admin credentials (root passwords, SSH keys, etc.)
- Detailed threat analytics powered by machine learningÂ
- Host-based access control for Docker, UNIX, and Linux usersÂ
- Application-to-application password management, including DevOps use cases
- Audit data and forensic evidence for compliance
- Full privileged user lifecycle management
USP: Symantec PAM has the unique ability to streamline and automate processes across the entire lifecycle of a privileged user account, including account creation, access requests, separation of duties, violation checks, and de-provisioning. This is powered by advanced automation that also makes it ready for DevOps and CI/CD pipelines.Â
Editorial comments: Symantec PAM makes it possible to streamline application development through secure DevOps and eliminate privilege risks associated with multi-stakeholder asset utilization. Its encrypted, tamper-proof vault stores forensic data for future audits.Â
9. Thycotic Secret Server
Overview: Thycotic Secret Server is an enterprise-grade PAM solution that promises 99.9% uptime when deployed on the Azure cloud. It also supports on-premise implementations and offers privileged controls for various service, application, root, and administrator accounts in your enterprise.Â
Best for: Mid- to large-sized enterprises.Â
Key features: The key features of Thycotic Secret Server are:Â
-
- Encrypted, centralized vault to store privileged credentials
- Privilege discovery to obtain an accurate view of service, application, administrator, and root accounts
- Policies to ensure password complexity and rotate credentials automaticallyÂ
- Workflow setup for third-party access requests and approvals
- Session controls including policy-based session launch, real-time monitoringOpens a new window , and recording
USP: Thycotic promises a great deal of flexibility with nearly endless customizations, impressive integrations, scalability across traditional databases, apps, hypervisors, network devices, etc., support from Thycotic’s professional service providers, and turnkey installations.Â
Editorial comments: Thycotic enables robust PAM through an easy to install and use solution. Even non-digitally native enterprises can get started with PAM using Thycotic’s professional service providers and comprehensive features that cover all the bases.Â
Also Read: How to Secure Online Identities With Passwordless Authentication
10. WALLIX Bastion
Overview: WALLIX is an access security specialist with several tools for privileged access management. The company has a session manager, password manager, and access manager, not to mention Privilege Elevation and Delegation Management (PEDM) and Application-to-Application Password Manager (AAPM) capabilities.Â
Best for: Companies of every size, especially those looking for an integration-ready modular solution.Â
Key features: Here are some of the most prominent features to expect with WALLIX:Â
-
- Secure remote access via HTML5-based secure connectivityÂ
- Just-in-Time (JIT) and Zero Standing Privilege security policies
- The option of Privileged Access Managed as a service operated by the WALLIX team
- Deployment on the cloud across AWS, Azure, and Google or KVM/OpenStack, Hyper-V, and VMware
- Single console to monitor and audit remote access to all Bastions (assets)
- Integrates with other security solutions like WALLIX Trustelem for SSO and WALLIX Authenticator for MFA
USP: A major USP that places WALLIX ahead of the pack is that it is available in three versions – classic for SMBs, advanced for large enterprises, and premium for very large accounts, such as resellers and security managed services providers.Â
Editorial comments: Companies with an established security posture won’t have to undergo a complete overhaul with WALLIX. Its modular solution architecture and REST APIs let you fetch a single feature or functionality into a different user interface (including RPA).Â
Also Read: Identity Management Day: Experts Outline Best Practices to Secure Online Identities
These are the top ten privileged access management or PAM solutions available in the market today. Remember, as security threats become more sophisticated, your control mechanisms must evolve in tandem – which is why the PAM solution space is poised to grow from $92 million in 2016Opens a new window to over $3.7 billion by the end of 2021. This gives you plenty of options to choose from, factoring in your computing environment, the diversity and hierarchy of role-based access, and the compliance needs of your industry.Â
Note: It is best to check for volume-based pricing for your current and projected number of users (including guests), as applicable for the hosting environment of your choice.Â
What are your thoughts on the growing need for privileged access management in 2021 and beyond? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear your suggestions!