2021 PRIVILEGED ACCESS MANAGEMENT BUYER’S GUIDE · 2021. 1. 8. · 1 The Forrester Wave: Privileged Identity Management, July 2016 2 Thycotic “2018 Global State of Privileged

1

2021PRIVILEGED ACCESSMANAGEMENTBUYER’S GUIDE

© 2021 | Solutions Review | 500 West Cummings Park | Woburn, Massachusetts 01801 | USA

PRIVILEGED ACCESS MANAGEMENT BUYER’S GUIDE

2

MARKET OVERVIEWAlmost uniformly, hackers prefer attacking the easy targets. Although we rarely discuss it, the hackers you need to worry about aren’t dark hooded teenagers in their parents’ basement. Instead, these are stone-cold professionals who cause data breaches for a living.

As such, they don’t want to waste their time on targets with next-generation identity and access management solutions; that constitutes a major drain on their own time and resources. They want to maximize their time and their efficiency, just like any other employee. Therefore, they target enterprises with minimal identity and access management protections. These guarantee a payout.

And how do hackers gain access to easy targets? Through unmanaged and unmonitored privileged accounts. According to Centrify, 74 percent of all breaches begin with compromised or stolen privileged credentials. This applies both to small businesses and large enterprises. According to LastPass, 43 percent of cyber attacks target small businesses—and 60 percent of small businesses shut down in the aftermath of a breach.

Yet, even with mounting evidence, enterprises continue to adequately invest in—or outright neglect—privileged access management. Thycotic determined that 70 percent of all enterprises fail to discover all of the privileged credentials in their network. In fact, 40 percent never look for all of their privileged accounts. The vast majority fail to provision their privileged accounts, secure logins, or revoke permissions from former employees.

Despite all of this worrying information, the absence of visibility might prove the most damning piece of information here. Privileged credentials can move about your network far more easily than regular user accounts. They can access finances, customer data, proprietary assets, and user data as part of their everyday workflows. In fact, privileged credentials can even destroy the entire IT environment with the right moves. There are no excuses for failing to discover, provision, and control all of your privileged credentials.

Thankfully, privileged access management solutions facilitates credential visibility and works to secure them from malicious use. It regulates and almost completely automates the creation and removal privileged credentials, preventing both secret account creation and orphaned accounts.

Enter this Buyer’s Guide; we detail the top Privileged Access Management solution providers with individual profiles, key features, and capability references. The Editors at Solutions Review cut through the rhetoric to provide an unbiased rundown of these unique vendors. Additionally, we provide the Bottom Line: our take on what makes the featured providers unique, distinctive, or exceptional. Let this provide a solid start to your selection.

Ben Canner, Editor



3

Sources:

1 The Forrester Wave: Privileged Identity Management, July 2016

2 Thycotic “2018 Global State of Privileged Access Management (PAM) Risk & Compliance”

3 Gartner “Best Practices For Privileged Access Management”

180 percent of data breaches involve the use of privileged credentials.

80%

262% of enterprises fail to provision for privileged access accounts.

62%

251% fail to enact secure logins for privileged access accounts.

51%

270% of enterprises fail to discover all of the privileged access accounts in their networks.

70%

255% fail to revoke permissions after a privileged employee is removed.

55%

263% don’t have security alerts in place for failed privileged access account login attempts.

63%

65% of enterprises allow for the unrestricted, unmonitored, and shared use ofprivileged accounts.

65%

3



4

5 Key Capabilities To Consider When Evaluating A Privileged Access

Management Solution

Two-factor and Multifactor Authentication add additional steps (or factors) to the privileged authentication process. Typically, these additional factors involve pairing username and passwords, with an action or something the user has, such as an SMS message to their phone, a secure email, or a token. Small-to-midsized businesses (SMBs) and large enterprises must move past the username/password paradigm, as passwords have proven increasingly easy to steal in recent years.

Employees should be given just enough privileges and permissions to do their jobs effectively, ensuring limited network and data damage if their credentials are abused. In addition, PAM solutions will often provide granular, role-based access controls that allow administrators to regulate privileges and entitlements based on a user’s individual role. Additional privileges can often be granted via self-service requests and can be approved or denied directly. They can also be granted on a limited basis.

Regular and privileged users can log onto a single platform that gives them automatic login access to multiple applications, databases, and communications for a set period of time. This allows users to present only one set of credentials for their everyday work processes, rather than forcing them to continually re-enter passwords or remember multiple passwords for logging into several different applications.

PAM solutions can also limit the authority of privileged access users over their assigned enterprise systems and the commands they can enter into those systems. This prevents employees or hackers from escalating privileges without security team or administrator permission or move laterally within the network into systems they should not have control over or authority within. Your IT security team can set access policies to determine the lateral movement capabilities of your employees.

PAM solutions provide your enterprise security team the capabilities to monitor, record, and audit privileged accounts’ activity on your corporate network. This not only serves as a secondary layer of protection against insider threats and hackers, but it is also often a crucial part of regulatory compliance protocols and mandates for almost all industries. These monitoring and recording capabilities allow IT administrators to review accounts in the event of an incident.

Two-Factor or Multifactor Authentication

Role-Based Access Controls

Single Sign-On

Limit Lateral Access

Monitoring Privilege Use



5

3 Privileged Access Management Questions You Must Answer Before

Selecting Your Solution

This is one of those seemingly easy privileged access management questions proving much harder to answer the more you investigate it. Privilege creep can result in users having permissions they no longer need as they move throughout roles in your enterprise. Additionally, discrepancies in the onboarding process can bestow unnecessary access. This means your ordinary users might have privileges unknown to your security teams (and even to them)…and which can prove devastating in the wrong hands.

Legacy solutions are inadequate to handle the demands of modern enterprise’s users and privileges. Your enterprise needs a next-generation solution. There is no way around it. According to One Identity, 31% of enterprises use outdated or manual methods like pen and paper to manage their superuser’s credentials. But writing down passwords invites the unscrupulous to steal passwords or for those passwords to end up in the wrong hands.

This query becomes more complicated the more you look into it. Not all superusers are or should be created equal in terms of digital permissions. Instead, your enterprise should look to enforce the principle of least privileges throughout all of your users’ identities. The principle of least privileges dictates users should have the least amount of permissions possible. Ideally, superusers should only have the access they absolutely need to accomplish their daily tasks.

Who Has Privileged Access In your Enterprise?

What Privileged Access Management Tools Do You Have?

What Access Do Your Privileged Credentials Have?



6

7 .......................................................................................

8 .......................................................................................

9 .......................................................................................

10 .....................................................................................

11 .....................................................................................

12 .....................................................................................

13 .....................................................................................

14 .....................................................................................

15 .....................................................................................

16 .....................................................................................

17 .....................................................................................

18 .....................................................................................

BeyondTrust

Broadcom

Centrify

CyberArk

Devolutions

Ekran

ManageEngine

MicroFocus

One Identity

Remediant

Thycotic

Xton

Solution Provider Profiles



7

One of the most recognized names in the privileged access management market, Arizona-based BeyondTrust focuses on eliminating insider privilege abuse and increasing application visibility. Their Least Privilege Management and Server Privilege Management solutions offer app-to-app password management capabilities and broad support for PIV-based authentication. BeyondTrust offers machine learning and predictive analytics which analyzes privileged password, user, and account behaviors. Since its 2018 acquisition by Bomgar, BeyondTrust also boasts capabilities designed to eliminate manual user password changes and provide quick time to value and deployment.

Key Features

BeyondTrust11695 Johns Creek Pkwy

Johns Creek, GA United States

+1 (770) 407-1800www.beyondtrust.com

Bottom LineBeyondTrust offers customizable privileged session management capabilities, which can provide companies with a versatile solution. BeyondTrust is ideal for companies with many different operating systems in their network and therefore remote workforces. Recently, it announced its Windows and Mac offerings are available via SaaS. Also, BeyondTrust was named a Leader in the 2020 Gartner Magic Quadrant for Privileged Access Management.

Enterprise Password ManagementBeyondTrust grants security teams the power to discover, profile, and manage all known and unknown assets as well as shared, user, and service accounts to gain control over credentials both regular and privileged. Also allows for the whitelisting, blacklisting, and greylisting of applications to ensure network safety.

Server Privilege Through BeyondTrust’s capabilities, users can control access to Unix, Linux, and Windows servers with fine-grained policy control. BeyondTrust also offers integration and behavioral analysis to identify security anomalies and improve their overall server security while simplifying their privileged access management deployments.

Least Privilege ManagementBeyondTrust allows enterprise security teams visibility into applications and endpoints alike and can assign privileges to apps and tasks rather than users to prevent credentials abuse. They also offer privileged session recording capabilities to facilitate privilege evaluations and possible rescinding when necessary.



8

Since acquiring CA Technologies in 2018, Broadcom has folded CA Technologies’ privileged access management in their portfolio of enterprise solutions. In fact, they renamed their CA Privileged Access Management to the Layer7 Privileged Access Management solution. This solution works through granular authorization of users to systems and accounts. Also, it constantly monitors privileged activity to assess for risk and trigger automated mitigations when high risk is detected. Other key features privileged account vaulting and rotation and key or token-based authentication. Layer7 Privileged Access Management controls privileged access across all IT resources, including in the cloud, and discovering all virtual and cloud-based resources.

Key Features

Broadcom1320 Ridder Park DrSan Jose, California

United States+1 (408) 433-8000

www.broadcom.com

Bottom LineBefore its acquisition, CA Technologies was named to the Gartner 2018 Privileged Access Management Magic Quadrant as a Leader. In 2019, they received attention as a Visionary in the 2019 Gartner Magic Quadrant for Access Management; since Broadcom incorporated CA Technologies portfolio into their own, they should have the capabilities to protect complex and demanding environments. Broadcom emphasizes their automated risk mitigation and scalability as well as their protection of hybrid enterprise IT environments. They continue to mature their PAM capabilities for enterprises.

Privileged Credential VaultThis capability protects and manages sensitive administrative credentials. Layer7 stores credentials in a secure vault and automatically rotates them to ensure compliance. Moreover, Broadcom enforces zero-trust access model ensures that only authorized users receive privileged access.

Threat AnalyticsBroadcom’s solution provides continuous, intelligent monitoring that assess privileged user behavior and leverages machine learning. This enables compare current threat actors to historical observations and behaviors of other users. Threat intelligence can also automatically trigger mitigation and remediation efforts when it detects high-risk behaviors.

Host-Based Access ControlLayer7 protects critical servers with fine-grained security controls. It’s host-based access control protects and monitors files, folders, processes, registries, and connections; it can also manage and enable UNIX and Linux users to be authenticated using active directory.



9

Centrify transformed itself into an almost exclusively PAM-as-a-service solution provider since 2018; in fact, Gartner no longer considers them an access management provider. Centrify offers their Privileged Access Security solution through a cloud architecture. Centrify’s capabilities include single sign-on, user provisioning, and multi-factor authentication (MFA). Centrify is particularly notable for its secure remote access capabilities, which are some of the strongest in the market. Centrify provides a broad set of user authentication methods including out of band (OOB) push mode and mobile endpoint biometric modes with remote access that supports different use cases including privileged users.

Key Features

Centrify3300 Tannery Way

Santa Clara, CAUnited States

+1 (669) 444-5200www.centrify.com

Bottom LineCentrify’s focus on PAM capabilities and solutions, spurred by its separation from Idapative, attracts plenty of industry attention. In the first Gartner 2018 Privileged Access Management Magic Quadrant, it received the title of Leader for its SaaS-deliver full remote PAM, among other capabilities. It made a reappearance in the 2020 Magic Quadrant. Its solution remains lightweight and customers express appreciation for its customer service. During RSA 2020, it received an award for “Cutting Edge Privileged Account Security” from Cyber Defense Magazine.

Enterprise-wide Multifactor AuthenticationCentrify prevents compromised credentials by implementing multi-factor authentication across every user and every IT resource, bypassing the password weaknesses inherent in single factor authentication and due to password reuse or fatigue.

Automated Account Management Centrify allows administrators to manage their employees’ access to all their applications from any source: Active Directory, LDAP, Cloud Directory or external identity. It also secures and manages the privileged accounts used to access cloud and mobile application databases.

Federated Privilege Access Centrify enables secure remote access for outsourced IT administrators and third-party developers to your enterprise’s digital infrastructure through federated authentication. It also secures thousands of apps and enables access to network cloud and on-premises through consolidated login parameters.



10

Founded in Israel and based out of Massachusetts, CyberArk commands a large share of the modern PAM market. The solution provider’s Privileged Account Security Solutions offer enterprise-grade, policy-based solutions that secure, manage, and log privileged accounts and activities for both protection and evaluation. CyberArk also uses behavioral analytics on privileged account usage to detect and flag potential anomalies from insider and external threats. Key components of CyberArk’s PASS include an SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, and Endpoint Privilege Manager. They also offer the CyberArk Privilege Cloud as a cloud-delivered PAM solution to simplify the storage and rotation of credentials and monitoring privileged access.

Key Features

CyberArk60 Wells AveNewton, MA

United States+1 (888) 808-9005www.cyberark.com

Bottom LineOne of the most recognized PAM solutions providers, CyberArk offers strong capabilities in an intuitive package. Customers praise them for its excellent technical support, its proactive assistance, and its mitigation of risks. Overall, it is known to be secure, compliant with most regulatory institutions, and possessing of strong password vaulting capabilities. Indeed, In 2020, CyberArk acquired IDaaS provider Idaptive and was named a Leader in the 2020 KuppingerCole Leadership Compass for Privileged Access Management . It was again named a Leader in the Gartner PAM 2020 Magic Quadrant.

Privileged Session ManagerCyberArk’s PAM capabilities isolates, controls, and monitors privileged user access on critical Unix, Linux, and Windows-based systems, databases, and virtual machines. It also includes risk-based session review and the automation of privileged tasks. It further offers compliance demonstration tools.

On-Demand Privileges ManagerCyberArk eliminates unneeded root privileges and allows privileged users to run authorized administrative commands from native sessions. They also allow enterprises to detect, alert, and respond to attacks on privileged accounts in real-time with privileged threat analytics.

Enterprise Password VaultCyberArk secures, rotates and controls access to privileged credentials in accordance with your enterprise’s privilege credentials policies to prevent unauthorized access to superuser accounts. It also features detailed audit reporting to prepare a clear view of privileged user activity.



11

Devolutions positions itself as a privileged access management specifically geared for SMBs. In fact, Devolutions has worked with small businesses for a decade. As such, it offer companion features and tools to meet organizations’ specific use cases for its Devolutions Password Server. These include the Devolutions Launcher for fast launching of remote sessions and the Devolutions Web Login, which allows for the secure injection of passwords into websites via a secure credentials vault. The Password Server itself is a full-featured shared account and password management solution. It can be used in combination with Remote Desktop Manager for privileged account and session management tools integrating over 150 integrations and technologies.

Key Features

Devolutions1000 Notre-Dame

Lavaltrie, QCJ5T 1M1, Canada+1 (888) 935-0608

www.devolutions.net

Bottom LineDevolutions received an Honorable Mention in the 2018 Gartner Magic Quadrant for Privileged Access Management. The companion features, including the Launcher and Remote Session Storage, enable enterprises of all sizes to benefit from privileged access management. Users describe Devolutions’ solutions as user-friendly and praise its cloud-based deployment. Devolutions announced the Devolutions Password Server for SMB privileged access management earlier in 2020.

Launch Privileged SessionsDevolutions establishes privileged sessions and remote connections to servers, websites, and applications. It features account brokering to launch remote sessions and inject credentials without ever exposing passwords with our account brokering system.

Secure Passwords & AccessDevolutions automatically rotates credentials on various account types and enforce system-wide password policies. Also, it can rotate passwords to enable automatic password randomization on privileged accounts after being used.

Vault Privileged AccountsDevolutions enables enterprises to store, manage, and share privileged accounts, passwords, and credentials in a secure centralized vault. Also, it manages and controls access to all your privileged entries in your encrypted, on-premise vault.



12

Ekran System is an insider threat protection platform that provides proper security control over your enterprise’s privileged accounts. It offers lightweight software agents for all kinds of endpoints, supporting any access scheme and network architecture, including hybrid. Agents combine access management functionality with comprehensive activity monitoring, recording, and alerting and enable essential incident response capabilities. Ekran System’s solution serves to enhance third-party vendor management, remote and on-site employee control, and other security tasks.

Key Features

Ekran System3500 South DuPont Hwy

Dover, DEUnited States

+1 (952) 217-7041www.ekransystem.com

Bottom LineEkran System is a flexible software platform supporting a wide range of operating systems, virtual and physical infrastructures, servers, and desktops. Offering a combination of clients with various configurations, Ekran System can fit your enterprise’s infrastructure and security requirements. All parts are managed via a single web-based control center, enabling easy maintenance and multi-tenant and high-availability deployments. Ekran System delivers powerful activity monitoring and session recording capabilities, allowing supervisors to control security after access is granted. It also integrates well with other SIEM and ticketing systems.

One-time Passwords and Manual Login ApprovalEkran System provides one-time password functionality to protect critical endpoints, provide access to third-party vendors, and handle emergency access scenarios. These credentials may be generated by security administrators or requested by a user and manually approved by an administrator. Once access is granted, a security administrator may connect to the session and follow it in real time.

Multi-factor Authentication and Secondary AuthenticationEkran System clients enable multi-factor authentication on protected endpoints. They also support secondary authentication, identifying users of shared accounts with individual credentials.

PASM Toolset for Jump ServersEkran System enables a full set of privileged account and session management features with its jump server software clients and centralized secure password vault. The Ekran System jump server client allows your security team to control a whole segment of your infrastructure via unlimited concurrent sessions.



13

ManageEngine is primarily based out of California and is the IT management division of the Zoho Corporation. Their privileged identity management solution incorporates their Password Manager Pro product, which can discover, store, control, audit, and monitor privileged accounts. ManageEngine also offers ease-of-use with an intuitive user interface for their PAM solutions which supports approval workflows and real-time alerts on password access. ManageEngine’s discovery engine is capable of discovering and enumerating Windows local and domain accounts on the enterprise network, virtual environment, and on Linux devices with equal efficiency. The Manager Pro product acts as a centralized credentials vault and can manage shared accounts across operating systems.

Key Features

ManageEngine4141 Hacienda Dr

Pleasanton, CAUnited States

+1 (925) 924-9500www.manageengine.com

Bottom LineThe ManageEngine Password Manager Pro is a solution best suited to small to mid-sized businesses. According to customer feedback, it is reportedly easy to install and configure, relieving the burden on enterprise’s IT help-desks. Overall its implementation is described as easy and the solution as having a strong feature set. ManageEngine will work well in hybrid systems. ManageEngine appeared in the Privileged Access Management Magic Quadrant for 2020.

Key Manager PlusThis allows for the discovery of all SSH keys and SSL certificates in your network and then consolidate them in a secure, centralized repository. Given the difficulty in establishing visibility over privileges, this proves critical for many enterprises. It can also create and deploy new key pairs on target systems and rotate them periodically.

Password Manager Pro MSPFor enterprises with stretched cybersecurity talent and resources, this can securely store and manage clients’ privileged accounts from a centralized console, backed with multi-tenant architecture for clear data segregation. It can also exhibit 24/7 monitoring to watch for credentials abuse and potential infiltration.

Password Manager ProThis can centralize password storage, and automate frequent password changes in critical systems to improve IT productivity and help with compliance mandates. It can also control access to IT resources and applications based on roles and job responsibilities to ensure the Principle of Least Privileges.



14

Micro Focus owns the NetIQ identity and access management suite, a highlyscalable set of solutions. These include NetIQ Privileged Account Manager, the NetIQ Directory and Resource Administrator, the NetIQ Group Policy Administrator, and the NetIQ Change Guardian. These allow for the streamlined privileged access management in the hybrid enterprise and simplify delegated administration of Microsoft Active Directory. Further, Micro Focus’s NetIQ Change Guardian can monitor critical files, systems, and applications in real time to detect unauthorized privileged activity.

Key Features

Micro Focus4555 Great America Pkwy

Santa Clara, CAUnited States

+1 (650) 258-6827www.microfocus.com

Bottom LineThrough the NetIQ suite, Micro Focus offers a robust yet affordable privileged access management and administration-focused solution with a large network of channel partners, ideal for small to mid-sized businesses. Recently, they appeared in the 2019 and 2020 KuppingerCole Leadership Compass for Privileged Access Management and the 2018 Gartner Privileged Access Management Magic Quadrant.

Zero TrustNetIQ provides oversight and automation required to implement a comprehensive Zero Trust Strategy. It also provides active session management to identify suspicious activity and allows for just-in-time termination.

Continuous MonitoringThe NetIQ Privileged Account Manager provides activity recording and remediation to prevent breaches and support governance and compliance. It can monitor privileged activity to identify potential threats throughout the identity lifecycle.

Advanced Authentication Micro Focus also provides an intelligent and flexible multifactor authentication solution built to meet today’s enterprise-level challenges and scale with your enterprise. It can also harden your environment and integrate with Azure MFA capabilities.



15

One Identity’s Privileged Password Manager solution lets enterprises enable secure automated control and auditing on their privileged accounts. The Privileged Password Manager offers session management features, as well as active directory bridge between different operating systems across the enterprise network. One Identity’s products are offered via a modular and integrated approach, allowing customers to add new capabilities quickly by building on existing investments; as an example, by integrating their Identity Manager Solution with Privileged Password Manager, users can request, provision, and attest to privileged and general-user access within the same console.

Key Features

One Identity+1 (800) 306-9329

www.oneidentity.com

Bottom LineOne Identity’s Privileged Password Manager is ideal for organizations focused on the password management side of privileged access. As a result of its broad international support makes the One Identity Privileged Password Manager particularly attractive to global enterprises. Previous efforts to refocus on PAM capabilities appear to have paid off: One Identity appears in the KuppingerCole PAM Leadership Compass 2019 as a Leader and as a Visionary in the Privileged Access Management Magic Quadrant for 2020.

Risk Reducer One Identity facilitates better security decisions by combining security information and policies from multiple expert sources and intelligence networks to reduce identity and personal information exposure and eliminate information silos in the enterprise network. This reduces the privileged access attack surface, depriving hackers of ideal targets.

Privilege Safe and Privilege Account Governance One Identity can automate granting privileged credentials, via established policies and approvals. It can also simplify privilege management via defined roles and access approval workflows. They can also store those privileges in a secure vault and govern their permissions to recognize and remediate potential vulnerabilities.

Self Service Access Portal One Identity reduces IT effort via a customizable online intuitive “shopping cart” portal, which enables users to request access to network resources, physical assets, groups and distribution lists. It also controls access rights and permissions for their entire identity lifecycle while leveraging predefined approval processes and workflows.



16

As a PAM provider, Remediant specializes in Just-in-Time (JIT) access and Privilege Discovery. As such, it offers the Remediant SecureONE solution for Just-in-Time Privileged Access Management; the solution also prevents lateral movement attacks and helps discover privileged access accounts on enterprise networks. It can also inventory accounts with no agent, provide continuous monitoring, and remove standing access across the enterprise. Remediant offers businesses real-time security operations center insights and comprehensive reporting; it also offers multifactor authentication to supplement JIT access.

Key Features

Remediant2 Embarcadero Center

San Francisco, CAUnited States

+1 (415) 854-8771

www.remediant.com

Bottom LineRemediant received praise in the KuppingerCole Leadership Compass for Privileged Access Management 2020. In 2019, Gartner named them a Cool Vendor in Identity and Access Management. Customers praise Remediant for its ability to clean up accounts and for its reporting of privileged users.

Single-action Access ReductionRemediant offers lateral movement protection through single-click interactions. This enables IT administrators to removes users from privileged access across the entire network within a single pane-of-glass.

Just-in-Time AdministrationRemediant enables the instant elevation upon request and with no shared accounts. These interactions are secured with multifactor authentication, and access is automatically rescinded after a predetermined amount of time.

Continuous DiscoveryRemediant SecureONE constantly scans for privileged access accounts across the entire IT infrastructure. It can scan up to 150,000 endpoints within 2 to 3 hours, enabling for discovery and management of privileged accounts.



17

Thycotic offers its Secret Server and Privilege Manager products as enterprise-level privileged access management tools. Its solutions include Enterprise Password Management, High Speed DevOps Secrets Management, Least Privilege Policy Enforcement and endpoint protection. The vendor also offers two-factor authentication support, integration with SIEM and CRM software, and redundant architecture options for high availability and disaster recovery. Thycotic deployment can take as little as 15 minutes for Windows environments. The company is headquartered in Washington, D.C.

Key Features

Thycotic1101 17th St NWWashington, DC

United States+1 (202) 802-9399www.thycotic.com

Bottom LineThycotic provides quick privileged access management deployment times and strong identity and basic password management. These factors make it a strong choice for both small and medium businesses as well as large enterprises looking for a fully functional privilege management tool. Thycotic reference customers describe it as responsive to user needs and knowledgeable in management support. Thycotic was named a leader in Privileged Identity by Forrester Research and in the KuppingerCole Leadership Compass. In 2020, Thycotic acquired Onion ID. It rose from the Visionary to the Leader Quadrant in the 2020 Gartner report.

Privilege ManagerPrivilege Manager automatically removes privileges and adds policy-based controls so users can leverage tools without needing to call on a Help Desk

Product Integration and Application Control Thycotic controls application download permissions and manages privilege within applications both on prem and off. It integrates with interior products such as Secret Server to enforce multilayered protection of privileged credentials.

Secret Server Cloud Secret Server Cloud is designed for instant deployment of privileged access capabilities with no infrastructure requirements and can be configured rapidly. It also offers PAM-as-a-Service for no management overhead.



18

Xton Technologies is a growing influence in the privileged access management market with experienced professionals behind it. Xton Technologies’ goal is to provide simple and affordable PAM software to enterprises. Their XT Access Manager Solution offers multifactor authentication controls, can store and share security keys with users and superusers, delegate the execution of privileged commands, and lock down privileged accounts with suspicious activity. Xton Technologies also provides solutions to combat social engineering attacks and limit the internal attack surface and a free trial option with easy deployment and integration. As part of their overall mission, they regularly perform solution updates to handle large volumes of records and authentication demands.

Key Features

Xton1210 Northbrook Dr

Trevose, PAUnited States

+ 1 (844) [email protected]

Bottom LineThe Xton Access Manager is deliberately designed to be an affordable enterprise-class PAM solution that is easy to install, deploy, and manage. Enterprises of all sizes seeking out a PAM solution without complex implementation, configuration, and ongoing maintenance demands may want to consider Xton Access Manager. Xton continues to upgrade their solution and foster their customization options; they have innovated heavily in the managed services provider marketplace, offering privileged access management to such managed services providers to help secure their client bases.

Privileged Account ManagementWith Xton Access Manager, access credentials (passwords, keys, certificates, documents and more) to privileged accounts are kept safe, secure and out of the reach of threats, both internal and external. Xton also repotates passwords and minimizes the number of users who can access them, ensuring the Principle of Least Privilege.

Privileged Job Management Xton Access Manager reduces the number of privileged accounts in the network and controls access to active privileged accounts. This enables the appropriate people or processes to perform work on critical computers and devices at the right time.

Privileged Session Management Xton Access Manager establishes a secure, interactive session to remote Windows, Unix or Mainframe endpoints, Network Devices like Cisco, Juniper or Palo Alto, and Websites or Web Management Portals to monitor privileged access activity. This makes it a strong option for remote workforces and BYOD cultures.



19

ABOUTSOLUTIONS REVIEW

Solutions Review is a collection of technology news sites that aggregates, curates, and creates the best content within leading technology categories. Solutions Review’s mission is to connect buyers of enterprise technology with the best solution sellers.

Over the past four years, Solutions Review has launched ten technology buyer’s guide sites in categories ranging from cybersecurity to wireless 802.11, as well as mobility management, business intelligence and data analytics, data integration, and cloud platforms.

Information for this report was gathered via a meta-analysis of available online materials and reports, conversations with vendor representatives, and examinations of product demonstrations and free trials. Solutions Review does not endorse any vendor, product or service depicted in this publication and does not advise technology users to base their vendor selection entirely on this research. Solutions Review disclaims all warranties, expressed or implied, regarding this research, including any warranties of merchantability or fitness for a particular purpose.

Documents

2021 PRIVILEGED ACCESS MANAGEMENT BUYER’S GUIDE · 2021. 1. 8. · 1 The Forrester Wave: Privileged Identity Management, July 2016 2 Thycotic “2018 Global State of Privileged