Privileged Access Management

1 Introduction

This report is an overview of the market for Privilege Access Management (PAM) solutions and provides a compass to help buyers find the solution that ...

1.1 Market segment

Privileged Access Management (PAM) solutions are critical cybersecurity controls that address the security risks associated with the use of privileged ...

With the attack surface expanding and the number of attacks increasing every year, an integrated and more comprehensive PAM solution is required – o ...

1.2 Delivery models

This Leadership Compass is focused on PAM products that are offered in on-premises deployable form as an appliance or virtual appliance, in the cloud ...

1.3 Required capabilities

In this Leadership Compass, we focus on solutions that help organizations reduce the risks associated with privileged access, through individual or sh ...

At KuppingerCole, we classify the Privileged Access Management (PAM) market into the following key technology functions with PAM vendors providing var ...

1.3.1 Privileged Account Data Lifecycle Management (PADLM)

The usage of privileged accounts must be governed as well as secured. The PADLM function serves as a tool to monitor the usage of privilege accounts o ...

1.3.2 Shared Account Password Management (SAPM)

Best practice demands that organizations switch to single identity privileged accounts, but shared privileged accounts still exist in many organizatio ...

1.3.3 Application to Application Password Management (AAPM)

Part of digital transformation is the communication between machines and applications to other applications and database servers to get business-relat ...

1.3.4 Controlled Privilege Elevation and Delegation Management (CPEDM)

This is another increasingly important function related to the fluid and fast changing needs of digital organizations. As the name suggests it allows ...

1.3.5 Endpoint Privilege Management (EPM)

EPM offers capabilities to manage threats associated with local administrative rights on laptops, tablets, smartphones or other endpoints. EPM tools e ...

1.3.6 Session Recording and Monitoring (SRM)

Session Recording and Monitoring offers basic auditing and monitoring of privileged activities. SRM tools can also offer authentication, authorization ...

1.3.7 Just in Time (JIT)

Just-in-time (JIT) privileged access management can help drastically condense the privileged threat surface and reduce risk enterprise-wide by grantin ...

1.3.8 Privileged Single Sign-On (SSO)

Single sign-on is a user authentication system that permits a user to apply one set of login credentials (i.e. username and password) to access multip ...

1.3.9 Privileged User Behaviour Analytics (PUBA)

PUBA uses data analytic techniques, some assisted by machine learning tools, to detect threats based on anomalous behaviour against established and qu ...

1.4 Other advanced features

PAM should accommodate the presence of a multitude of privileged users within an organization which includes temp workers, contractors, partner organi ...

2 Leadership

Selecting a vendor of a product or service must not be only based on the comparison provided by a KuppingerCole Leadership Compass. The Leadership Com ...

The PAM market is highly dynamic, and there have been a few changes in our Overall Leaders and Challengers for 2020. We had more vendors join the full ...

Product Leadership is the first specific category examined below. This view is mainly based on the analysis of product/service features and the overal ...

Again, CyberArk is rated as the leading vendor, followed by BeyondTrust and Thycotic with a hair’s breadth between them. While the three have some d ...

Next, we examine innovation in the marketplace. Innovation is, from our perspective, a key capability in all IT market segments. Customers require inn ...

The pacing in innovation has changed with five companies vying at the top of the innovation space, reflecting the growing awareness of the importance ...

Finally, we analyze Market Leadership. This is an amalgamation of the number of customers, number of managed identities, ratio between customers and m ...

In this section there are few surprises as the biggest longest-serving companies tend to dominate although even here there is some flux with a flatten ...

3 Correlated view

While the Leadership charts identify leading vendors in certain categories, many customers are looking not only for a product leader, but for a vendor ...

3.1 The Market/Product Matrix

The first of these correlated views contrasts Product Leadership and Market Leadership. This is where we see a more granular breakdown of the results ...

Vendors below the line have a weaker market position than expected according to their product maturity. Vendors above the line are sort of “overperf ...

3.2 The Product/Innovation Matrix

This view shows how Product Leadership and Innovation Leadership are correlated. It is not surprising that there is a pretty good correlation between ...

Vendors below the line are more innovative, vendors above the line are, compared to the current Product Leadership positioning, less innovative.

In ...

3.3 The Innovation/Market Matrix

The third matrix shows how Innovation Leadership and Market Leadership are related. Some vendors might perform well in the market without being Innova ...

Vendors above the line are performing well in the market compared to their relatively weak position in the Innovation Leadership rating; while vendors ...

4 Products and vendors at a glance

This section provides an overview of the various products we have analyzed within this KuppingerCole Leadership Compass on PAM. This overview goes int ...

4.1 Ratings at a glance

Based on our evaluation, a comparative overview of the ratings of all the products covered in this document is shown in Table 1.

In addition, we provide in Table 2 an overview which also contains four additional ratings for the vendor, going beyond the product view provided in t ...

5 Product/service evaluation

This section contains a quick rating for every product/service we’ve included in this KuppingerCole Leadership Compass document. For many of the pro ...

5.1 ARCON

Founded in 2006 and based in Mumbai (India), ARCON offers its Privilege Account Management Suite to manage privileged access across various delivery m ...

5.2 BeyondTrust

After acquiring Avecto, Lieberman software and BeyondTrust, Bomgar decided to merge the businesses and keep the BeyondTrust brand for the new entity. ...

5.3 Broadcom Inc.

A new name in the PAM Leadership Compass but the presence of the US chip manufacturing giant is explained by its acquisitions of CA Technologies and s ...

5.4 Centrify

Based in the US, Centrify offers several PAM modules as part of an overall suite which includes privilege access, authentication, privilege elevation ...

5.5 CyberArk

Headquartered in Israel and the US, CyberArk is one of the more mature providers of PAM solutions having been in the market since 1999. It has continu ...

5.6 Devolutions

Founded in 2010, Canadian firm Devolutions started out by providing remote access solutions to SMBs. It has since added PAM solutions to its portfolio ...

5.7 EmpowerID

Based in Ohio (US), EmpowerID offers several products within its broader IAM portfolio, of which EmpowerID Privileged Access Management (PAM) is its r ...

5.8 Fudo Security

FUDO Security, with offices in California and Poland was founded in 2012. It offers FUDO PAM as its primary PAM product in the market. FUDO Security h ...

5.9 Hitachi ID Systems

Hitachi ID, headquartered in Canada, is a global IAM software provider that originated as MTech Information Technology and acquired by Hitachi in 2008 ...

5.10 Krontech

Based in Turkey, Krontech is the technology arm of Kron, a telco firm publicly listed on the Istanbul stock exchange. Krontech offers its Single Conne ...

5.11 ManageEngine

Headquartered in Pleasanton, US, ManageEngine is a part of the India-based Zoho Corporation founded in 1996. PAM360 is the company’s main offering t ...

5.12 Micro Focus

UK based Micro Focus has seen some tribulations in recent years following the not so smooth acquisition of HPE’s former software assets. The company ...

5.13 One Identity

California-based One Identity, which specializes in IAM solutions also offers a good range of products that fulfill the fundamentals of PAM. It provid ...

5.14 OnionID

Onion ID which has offices in the US and India specializes in PAM solutions for cloud applications, servers, hosted databases, containers, APIs, and s ...

5.15 Osirium

Based in the UK, Osirium offers a range of Privileged Access solutions. This includes basic PAM that includes session management, task management and ...

5.16 Remediant

Based in San Francisco, Remediant is a single product PAM company founded in 2013. Its SecureONE product uses agent-less and vault-less technology at ...

5.17 Sectona

Founded in 2017, Mumbai (India) based Sectona is one of the youngest of PAM market entrants and sells Spectra PAM as its PAM solution. Sectona is fund ...

5.18 Senhasegura

Based in São Paulo, Brazil, MT4 Networks produces Senhasegura as its flagship PAM product. Comprised of multiple modules, Senhasegura offers comprehe ...

5.19 SSH Communications Security

Based in Helsinki, Finland, SSH.COM offers PrivX as its primary product in the PAM market. PrivX is a relatively new offering in the market by SSH.COM ...

5.20 STEALTHbits Technologies

Founded 2002, in Stealthbits is a US based company that offers several solutions designed to help organizations meet their GRC obligations. Part of th ...

5.21 Systancia

France based Systancia has several workplace and application virtualization tools. As part of this it offers the Cleanroom platform, which it develope ...

5.22 Thycotic (OEMed by IBM)

Based in Washington D.C. (US), Thycotic offers the Secret Server platform as its primary PAM. Secret Server is known for its comprehensiveness, ease o ...

5.23 WALLIX

Based in France, WALLIX provides WALLIX Bastion as its primary PAM product in the market. At the core of Bastion is password management, session manag ...

5.24 Xton Technologies

Founded in 2017 and based in the US, XTON Technologies offers its XTON Access Manager (XTAM) platform to enterprise customers with a strong emphasis o ...

6 Vendors and Market Segments to watch

Aside from the vendors covered in detail in this Leadership Compass document, we also observe other vendors in the market that we find interesting. So ...

6.1 Deep Identity

Based in Singapore, Deep Identity is a regional provider of Identity Management software, offering Deep PIM as its primary PAM product which is essent ...

6.2 HashiCorp Vault

San Francisco (US) based HashiCorp is a provider of application development and delivery management software for datacenters. Built on an open source ...

6.3 Identity Automation

Houston (US) based Identity Automation is an IAM solution provider that offers RapidIdentity Privileged Access Management as its PAM product in the ma ...

6.4 IRaje

India based IRaje offers Privileged Identity Manager (PIM) as a complete PAM solution with a compelling feature set and the flexibility to customize a ...

6.5 NRI Secure Technologies

Japan based NRI Secure Technologies offers SecureCube Access Check primarily providing Privileged Session Management (PSM) capabilities. Operating in ...

6.6 ObserveIT

ObserveIT provides a comprehensive agent based PSM platform that is deployable and scalable across a variety of IT systems. Offers detailed user behav ...

6.7 Saviynt

Saviynt is a US based company founded in 2010 that specializes in IGA and Identity solutions. It has recently entered the PAM market with a new cloud ...

6.8 Venafi

US based Venafi offers TrustAuthority, a machine identity protection platform that also offers extensive SSH key management for securing privileged ac ...

7 Related Research

Advisory Note: Trends in Privileged Access Management for the Digital Enterprise –71273Architecture Blueprint: Access Governance and Privilege Management – 79045
Blog: PAM Can Reduce Risk of Compliance Failure but is Part of a Bigger Picture
Blog: Privileged Access Management Can Take on AI-Powered Malware to Protect
Blog: Taking One Step Back: The Road to Real IDaaS and What IAM is Really About
Executive View: BeyondTrust Password Safe – 80067Executive View: CyberArk Privilege Cloud – 80122
Executive View: Devolutions PAM Solution – 80070
Executive View: One Identity Safeguard Suite – 80074
Executive View: Thycotic Privilege Manager – 80004
Executive View: Wallix Bastion – 79053
Executive View: Xton Technologies Access Manager – 80128
Leadership Brief: Privileged Account Management Considerations – 72016
Leadership Compass: Identity Provisioning – 70949
Leadership Compass: Identity Governance & Administration – 71135
Leadership Compass: Privilege Management - 72330
Whitepaper: AI, Machine Learning and Privilege Access Management – 80120
Whitepaper: Privileged Access Requirements for Small to Medium Size Businesses (SMB) – 80123
Whitepaper: Understanding Privilege Access Management – 80302