| Credential and Secrets Management | Saviynt | Cyberark | Beyondtrust | Thycotic | Centrify |
|---|---|---|---|---|---|
| Single consolidated solution for password and secrets management that doesn’t require additional licenses | Requires Conjur | Requires Secrets Safe | Requires DevOps Secrets Vault | Secrets storage only, no management or creation | |
| Role-based elevation of privileged access | Static roles – No role request | Static roles – No role request | Static roles – No role request | Static roles – No role request | |
| Time-bound accounts to deliver just-in-time access | For servers and applications | Servers only | Servers only | Servers only | Servers only |
| Session Management | Saviynt | Cyberark | Beyondtrust | Thycotic | Centrify |
| Zero-touch jumpbox for recording application sessions with no terminal servers required | |||||
| Risk data with context provided from Windows event logs as part of a privileged session | |||||
| Single platform for SaaS application sessions with full session recording | Requires either Idaptive or Terminal Servers | Requires terminal servers | Requires Cloud Access Controller | Requires terminal servers | |
| Platform | Saviynt | Cyberark | Beyondtrust | Thycotic | Centrify |
| Converged platform for both IGA and PAM | PAM only | PAM only | PAM only | PAM only | |
| Risk Exchange, which provides bi-directional integration with third-party security solutions, such as SIEM and UEBA, to exchange risk data and make risk-based decisions | One-way export | One-way export | One-way export | One-way export | |
| Lower total cost of ownership with no infrastructure or components for the customer to manage | |||||
| Privileged Access Governance and Administration | Saviynt | Cyberark | Beyondtrust | Thycotic | Centrify |
| Ability to provide governance over third-party PAM solutions | |||||
| Support for multi-step conditional workflows with a risk-based workflow engine | Basic workflow | Basic workflow | Basic workflow | Basic workflow | |
| Comprehensive privileged access certification that can be event driven or run periodically as needed | Requires third-party solution | Requires third-party solution | Requires third-party solution | Requires third-party solution | |
| Ability to scan multi-cloud environments for workloads and entitlements | Separate product – Cloud Entitlements Manager | AWS instance and Azure virtual machine discovery only | AWS Instance discovery only | AWS Instance discovery only | |
| Monitoring, Auditing and Reporting | Saviynt | Cyberark | Beyondtrust | Thycotic | Centrify |
| Full session monitoring and recording including over the shoulder monitoring and session termination | |||||
| Ability to monitor cloud platforms, services, and workloads for security misconfigurations | |||||
| Ability to report on non-compliance with standards, such as CIS |
