Credential and Secrets Management | Saviynt | Cyberark | Beyondtrust | Thycotic | Centrify |
---|---|---|---|---|---|
Single consolidated solution for password and secrets management that doesn’t require additional licenses | Requires Conjur | Requires Secrets Safe | Requires DevOps Secrets Vault | Secrets storage only, no management or creation | |
Role-based elevation of privileged access | Static roles – No role request | Static roles – No role request | Static roles – No role request | Static roles – No role request | |
Time-bound accounts to deliver just-in-time access | For servers and applications | Servers only | Servers only | Servers only | Servers only |
Session Management | Saviynt | Cyberark | Beyondtrust | Thycotic | Centrify |
Zero-touch jumpbox for recording application sessions with no terminal servers required | |||||
Risk data with context provided from Windows event logs as part of a privileged session | |||||
Single platform for SaaS application sessions with full session recording | Requires either Idaptive or Terminal Servers | Requires terminal servers | Requires Cloud Access Controller | Requires terminal servers | |
Platform | Saviynt | Cyberark | Beyondtrust | Thycotic | Centrify |
Converged platform for both IGA and PAM | PAM only | PAM only | PAM only | PAM only | |
Risk Exchange, which provides bi-directional integration with third-party security solutions, such as SIEM and UEBA, to exchange risk data and make risk-based decisions | One-way export | One-way export | One-way export | One-way export | |
Lower total cost of ownership with no infrastructure or components for the customer to manage | |||||
Privileged Access Governance and Administration | Saviynt | Cyberark | Beyondtrust | Thycotic | Centrify |
Ability to provide governance over third-party PAM solutions | |||||
Support for multi-step conditional workflows with a risk-based workflow engine | Basic workflow | Basic workflow | Basic workflow | Basic workflow | |
Comprehensive privileged access certification that can be event driven or run periodically as needed | Requires third-party solution | Requires third-party solution | Requires third-party solution | Requires third-party solution | |
Ability to scan multi-cloud environments for workloads and entitlements | Separate product – Cloud Entitlements Manager | AWS instance and Azure virtual machine discovery only | AWS Instance discovery only | AWS Instance discovery only | |
Monitoring, Auditing and Reporting | Saviynt | Cyberark | Beyondtrust | Thycotic | Centrify |
Full session monitoring and recording including over the shoulder monitoring and session termination | |||||
Ability to monitor cloud platforms, services, and workloads for security misconfigurations | |||||
Ability to report on non-compliance with standards, such as CIS |