KuppingerCole Report
Leadership Compass
By Paul Fisher

Privileged Access Management

Privileged Access Management (PAM) is one of the most important areas of risk management and security in any organization. Privileged accounts have traditionally been given to administrators to access critical data and applications. But, changing business practices, hybrid IT, cloud and other aspects of digital transformation has meant that users of privileged accounts have become more numerous and widespread. To reduce the risk of privileged accounts being hijacked or fraudulently used, and to uphold stringent regulatory compliance within an organization, a strong PAM solution is essential.
By Paul Fisher
pf@kuppingercole.com

1 Introduction

This report is an overview of the market for Privilege Access Management (PAM) solutions and provides a compass to help buyers find the solution that ...

Login Get full Access

1.1 Market segment

Privileged Access Management (PAM) solutions are critical cybersecurity controls that address the security risks associated with the use of privileged ...

With the attack surface expanding and the number of attacks increasing every year, an integrated and more comprehensive PAM solution is required – o ...

Login Get full Access

1.2 Delivery models

This Leadership Compass is focused on PAM products that are offered in on-premises deployable form as an appliance or virtual appliance, in the cloud ...

Login Get full Access

1.3 Required capabilities

In this Leadership Compass, we focus on solutions that help organizations reduce the risks associated with privileged access, through individual or sh ...

At KuppingerCole, we classify the Privileged Access Management (PAM) market into the following key technology functions with PAM vendors providing var ...

Login Get full Access

1.3.1 Privileged Account Data Lifecycle Management (PADLM)

The usage of privileged accounts must be governed as well as secured. The PADLM function serves as a tool to monitor the usage of privilege accounts o ...

Login Get full Access

1.3.2 Shared Account Password Management (SAPM)

Best practice demands that organizations switch to single identity privileged accounts, but shared privileged accounts still exist in many organizatio ...

Login Get full Access

1.3.3 Application to Application Password Management (AAPM)

Part of digital transformation is the communication between machines and applications to other applications and database servers to get business-relat ...

Login Get full Access

1.3.4 Controlled Privilege Elevation and Delegation Management (CPEDM)

This is another increasingly important function related to the fluid and fast changing needs of digital organizations. As the name suggests it allows ...

Login Get full Access

1.3.5 Endpoint Privilege Management (EPM)

EPM offers capabilities to manage threats associated with local administrative rights on laptops, tablets, smartphones or other endpoints. EPM tools e ...

Login Get full Access

1.3.6 Session Recording and Monitoring (SRM)

Session Recording and Monitoring offers basic auditing and monitoring of privileged activities. SRM tools can also offer authentication, authorization ...

Login Get full Access

1.3.7 Just in Time (JIT)

Just-in-time (JIT) privileged access management can help drastically condense the privileged threat surface and reduce risk enterprise-wide by grantin ...

Login Get full Access

1.3.8 Privileged Single Sign-On (SSO)

Single sign-on is a user authentication system that permits a user to apply one set of login credentials (i.e. username and password) to access multip ...

Login Get full Access

1.3.9 Privileged User Behaviour Analytics (PUBA)

PUBA uses data analytic techniques, some assisted by machine learning tools, to detect threats based on anomalous behaviour against established and qu ...

Login Get full Access

1.4 Other advanced features

PAM should accommodate the presence of a multitude of privileged users within an organization which includes temp workers, contractors, partner organi ...

Login Get full Access

2 Leadership

Selecting a vendor of a product or service must not be only based on the comparison provided by a KuppingerCole Leadership Compass. The Leadership Com ...

The PAM market is highly dynamic, and there have been a few changes in our Overall Leaders and Challengers for 2020. We had more vendors join the full ...

Product Leadership is the first specific category examined below. This view is mainly based on the analysis of product/service features and the overal ...

Again, CyberArk is rated as the leading vendor, followed by BeyondTrust and Thycotic with a hair’s breadth between them. While the three have some d ...

Next, we examine innovation in the marketplace. Innovation is, from our perspective, a key capability in all IT market segments. Customers require inn ...

The pacing in innovation has changed with five companies vying at the top of the innovation space, reflecting the growing awareness of the importance ...

Finally, we analyze Market Leadership. This is an amalgamation of the number of customers, number of managed identities, ratio between customers and m ...

In this section there are few surprises as the biggest longest-serving companies tend to dominate although even here there is some flux with a flatten ...

Login Get full Access

3 Correlated view

While the Leadership charts identify leading vendors in certain categories, many customers are looking not only for a product leader, but for a vendor ...

Login Get full Access

3.1 The Market/Product Matrix

The first of these correlated views contrasts Product Leadership and Market Leadership. This is where we see a more granular breakdown of the results ...

Vendors below the line have a weaker market position than expected according to their product maturity. Vendors above the line are sort of “overperf ...

Login Get full Access

3.2 The Product/Innovation Matrix

This view shows how Product Leadership and Innovation Leadership are correlated. It is not surprising that there is a pretty good correlation between ...

Vendors below the line are more innovative, vendors above the line are, compared to the current Product Leadership positioning, less innovative.

In ...

Login Get full Access

3.3 The Innovation/Market Matrix

The third matrix shows how Innovation Leadership and Market Leadership are related. Some vendors might perform well in the market without being Innova ...

Vendors above the line are performing well in the market compared to their relatively weak position in the Innovation Leadership rating; while vendors ...

Login Get full Access

4 Products and vendors at a glance

This section provides an overview of the various products we have analyzed within this KuppingerCole Leadership Compass on PAM. This overview goes int ...

Login Get full Access

4.1 Ratings at a glance

Based on our evaluation, a comparative overview of the ratings of all the products covered in this document is shown in Table 1.

Login Get full Access

In addition, we provide in Table 2 an overview which also contains four additional ratings for the vendor, going beyond the product view provided in t ...

Login Get full Access

5 Product/service evaluation

This section contains a quick rating for every product/service we’ve included in this KuppingerCole Leadership Compass document. For many of the pro ...

Login Get full Access

5.1 ARCON

Founded in 2006 and based in Mumbai (India), ARCON offers its Privilege Account Management Suite to manage privileged access across various delivery m ...

Login Get full Access

5.2 BeyondTrust

After acquiring Avecto, Lieberman software and BeyondTrust, Bomgar decided to merge the businesses and keep the BeyondTrust brand for the new entity. ...

Login Get full Access

5.3 Broadcom Inc.

A new name in the PAM Leadership Compass but the presence of the US chip manufacturing giant is explained by its acquisitions of CA Technologies and s ...

Login Get full Access

5.4 Centrify

Based in the US, Centrify offers several PAM modules as part of an overall suite which includes privilege access, authentication, privilege elevation ...

Login Get full Access

5.5 CyberArk

Headquartered in Israel and the US, CyberArk is one of the more mature providers of PAM solutions having been in the market since 1999. It has continu ...

Login Get full Access

5.6 Devolutions

Founded in 2010, Canadian firm Devolutions started out by providing remote access solutions to SMBs. It has since added PAM solutions to its portfolio ...

Login Get full Access

5.7 EmpowerID

Based in Ohio (US), EmpowerID offers several products within its broader IAM portfolio, of which EmpowerID Privileged Access Management (PAM) is its r ...

Login Get full Access

5.8 Fudo Security

FUDO Security, with offices in California and Poland was founded in 2012. It offers FUDO PAM as its primary PAM product in the market. FUDO Security h ...

Login Get full Access

5.9 Hitachi ID Systems

Hitachi ID, headquartered in Canada, is a global IAM software provider that originated as MTech Information Technology and acquired by Hitachi in 2008 ...

Login Get full Access

5.10 Krontech

Based in Turkey, Krontech is the technology arm of Kron, a telco firm publicly listed on the Istanbul stock exchange. Krontech offers its Single Conne ...

Login Get full Access

5.11 ManageEngine

Headquartered in Pleasanton, US, ManageEngine is a part of the India-based Zoho Corporation founded in 1996. PAM360 is the company’s main offering t ...

Login Get full Access

5.12 Micro Focus

UK based Micro Focus has seen some tribulations in recent years following the not so smooth acquisition of HPE’s former software assets. The company ...

Login Get full Access

5.13 One Identity

California-based One Identity, which specializes in IAM solutions also offers a good range of products that fulfill the fundamentals of PAM. It provid ...

Login Get full Access

5.14 OnionID

Onion ID which has offices in the US and India specializes in PAM solutions for cloud applications, servers, hosted databases, containers, APIs, and s ...

Login Get full Access

5.15 Osirium

Based in the UK, Osirium offers a range of Privileged Access solutions. This includes basic PAM that includes session management, task management and ...

Login Get full Access

5.16 Remediant

Based in San Francisco, Remediant is a single product PAM company founded in 2013. Its SecureONE product uses agent-less and vault-less technology at ...

Login Get full Access

5.17 Sectona

Founded in 2017, Mumbai (India) based Sectona is one of the youngest of PAM market entrants and sells Spectra PAM as its PAM solution. Sectona is fund ...

Login Get full Access

5.18 Senhasegura

Based in São Paulo, Brazil, MT4 Networks produces Senhasegura as its flagship PAM product. Comprised of multiple modules, Senhasegura offers comprehe ...

Login Get full Access

5.19 SSH Communications Security

Based in Helsinki, Finland, SSH.COM offers PrivX as its primary product in the PAM market. PrivX is a relatively new offering in the market by SSH.COM ...

Login Get full Access

5.20 STEALTHbits Technologies

Founded 2002, in Stealthbits is a US based company that offers several solutions designed to help organizations meet their GRC obligations. Part of th ...

Login Get full Access

5.21 Systancia

France based Systancia has several workplace and application virtualization tools. As part of this it offers the Cleanroom platform, which it develope ...

Login Get full Access

5.22 Thycotic

Based in Washington D.C. (US), Thycotic offers the Secret Server platform as its primary PAM. Secret Server is known for its comprehensiveness, ease o ...

Login Get full Access

5.23 WALLIX

Based in France, WALLIX provides WALLIX Bastion as its primary PAM product in the market. At the core of Bastion is password management, session manag ...

Login Get full Access

5.24 Xton Technologies

Founded in 2017 and based in the US, XTON Technologies offers its XTON Access Manager (XTAM) platform to enterprise customers with a strong emphasis o ...

Login Get full Access

6 Vendors and Market Segments to watch

Aside from the vendors covered in detail in this Leadership Compass document, we also observe other vendors in the market that we find interesting. So ...

Login Get full Access

6.1 Deep Identity

Based in Singapore, Deep Identity is a regional provider of Identity Management software, offering Deep PIM as its primary PAM product which is essent ...

Login Get full Access

6.2 HashiCorp Vault

San Francisco (US) based HashiCorp is a provider of application development and delivery management software for datacenters. Built on an open source ...

Login Get full Access

6.3 Identity Automation

Houston (US) based Identity Automation is an IAM solution provider that offers RapidIdentity Privileged Access Management as its PAM product in the ma ...

Login Get full Access

6.4 IRaje

India based IRaje offers Privileged Identity Manager (PIM) as a complete PAM solution with a compelling feature set and the flexibility to customize a ...

Login Get full Access

6.5 NRI Secure Technologies

Japan based NRI Secure Technologies offers SecureCube Access Check primarily providing Privileged Session Management (PSM) capabilities. Operating in ...

Login Get full Access

6.6 ObserveIT

ObserveIT provides a comprehensive agent based PSM platform that is deployable and scalable across a variety of IT systems. Offers detailed user behav ...

Login Get full Access

6.7 Saviynt

Saviynt is a US based company founded in 2010 that specializes in IGA and Identity solutions. It has recently entered the PAM market with a new cloud ...

Login Get full Access

6.8 Venafi

US based Venafi offers TrustAuthority, a machine identity protection platform that also offers extensive SSH key management for securing privileged ac ...

Login Get full Access

Methodology

Copyright

©2020 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded back in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top