The KuppingerCole Privileged Access Management (PAM) Report

News | 02.05.2023

The KuppingerCole Leadership Compass provides an overview of insights on the leaders in innovation, product features, and market reach for Privileged Access Management (PAM).

These vendors use a variety of software tools to enable organizations to control and monitor privileged access to endpoints, servers, applications, and cloud resources. The report is the most comprehensive of its type covering more vendors than any other and presents a unique guide to the PAM market.

Our vendors of Senhasegura, Ekran System, CyberArk, and MicroFocus were included in the report. Softprom — Cyber Security Distributor of Senhasegura, Ekran System, and CyberArk and 100+ vendors. We provide a full cycle of support at all stages of the IT projects: presale, pilot, implementation, training, and technical support. Always open to collaboration and partnerships.

Highlights of Privilege Access Management (PAM) report

  1. The emergence of Cloud Infrastructure Entitlement Platforms (CIEM) is disrupting the traditional PAM market; some traditional vendors now offering CIEM-type capabilities.
  2. Dynamic cloud access demands continue to grow as organizations struggle with unauthorized clouds and personal cloud creation by Lines of Business (LOB), end users, and Developers.
  3. New market entrants continue to appear but with highly focused PAM apps rather than suites, usually 100% cloud-native.
  4. A market divide is emerging between centralized, multi-capability PAM platforms and smaller PAM and CIEM apps purchased for small businesses or LOBs
  5. Vaults vs. password less continues to be a choice but no sign yet of a persistent decline of vaults and password capabilities
  6. Just in Time (JIT) and Zero Standing Privilege (ZSP) demands are beginning to impact the market with vendors either now offering those capabilities or have in their roadmap.
  7. The number of PAM and PAM capable vendors (including Vendors to Watch) has increased despite mergers and acquisitions among established vendors.
  8. More granular and revised scoring by KuppingerCole has resulted in a realignment of vendors to reflect new capability demands and the changing market
  9. PAM Leadership Compass 2022 has revised Spider Graph categories to reflect changing market demands

Required Capabilities for Privileged Access Management (PAM)

The KuppingerCole PAM Leadership Compass analyses and rates PAM platforms that cover the following key capabilities:

Classic PAM Capabilities

Account management

  • Application to Application Password Management (AAPM)
  • Password/credential vaulting
  • Shared Account Password Management (SAPM)
  • Privileged Session Management (PSM)
  • Controlled Privilege Escalation and Delegation Management (CPEDM).
  • Endpoint Privilege Management (EPM) 


  • Just in Time Provisioning (JIT
  • Privilege Single Sign-On (SSO)
  • Multi-Factor Authentication 

Session management and analytics

  • Fine-grained access control
  • Privileged Account Discovery and Lifecycle Manager (PADLM)
  • Privileged User Behaviour Analytics (PUBA)
  • Privileged Remote Access
  • Session Recording and Monitoring (SRM) 

Extended PAM

Account management

  • Application to Application Password Management (AAPM)
  • Controlled Privilege Escalation and Delegation Management (CPEDM)
  • Privileged Remote Access
  • DevOps support 


  • Just in Time Provisioning (JIT)
  • Ephemeral credentials
  • CIEM

Session management and analytics

  • Privilege IT task-based automation
  • Privileged Access Governance

The PAM Leadership Compass analyzes software platforms that manage privileged access for User identities, Service identities, Admin identities, Machine identities, API Identities

The PAM Leadership Compass covers software platforms that:

  • Control privilege of identities of all kinds by enforcing Least Privilege across multi-hybrid environments
  • Provide Privileged Access Management to those identities that have access to specific high-value and critical services, applications, and data in dynamic multi-hybrid environments
  • Provide Just in Time access to services, applications, and data in dynamic multi-hybrid environments in line with security policies and business demands
  • Manage entitlements of privileged identities with access to resources at the most granular level, enabling compliance with access governance policies.
  • Manage multiple entities and all modern identity types including machine and non-machine

Below is short information about our vendors from The KuppingerCole report.

CyberArk Identity Security Platform — more details here

Security: strong positive, Functionality: strong positive, Deployment: strong positive, Interoperability: positive, Usability: strong positive


  • One of the widest support levels for platforms and deployments
  • Has continued to add features in the last year to maintain its leadership
  • CyberArk is a public Identity Security company, which breeds trust for customers along with its history
  • Intuitive and robust UI design with strong threat analytics capabilities offering real-time threat detection and remediation
  • Effective DevOps support and broad support for cloud applications and infrastructure
  • A strong and functional technology and channel partner ecosystem 


  • The high modularity of the solution could be unfavorable for certain deployments
  • The complete solution may be overkill for some smaller PAM deployments, but PAMaaS is a step forward here
  • CyberArk continues to invest heavily in R&D to tackle both PAM use cases while expanding to address needs in the wider identity management spectrum. This may lead it vulnerable to some smaller PAM niche app providers at specific market points

CyberArk Identity Security Platform | The KuppingerCole Privileged Access Management (PAM) Report

Ekran System Platform — more details here

Security: neutral, Functionality: weak, Deployment: neutral, Interoperability: neutral, Usability: weak


  • Effective use of AI to detect hackers and unauthorized users in UEBA capability
  • API-driven integrations are a good start and foundation for future scalability
  • Solid session monitoring tools
  • Available to run from AWS
  • Ekran System’s experience in IAM should give confidence to potential PAM buyers 


  • Lacks some of the key PAM capabilities such as task management and privilege escalation
  • Some, but still limited DevOps capabilities that need development
  • Needs more investment and innovation to compete with the best

Ekran System Platform | The KuppingerCole Privileged Access Management (PAM) Report

Micro Focus NetIQ Privileged Account Manager — more details here

Security: neutral, Functionality: neutral, Deployment: neutral, Interoperability: positive, Usability: neutral


  • Good for organizations that already adopt other NetIQ IAM products, especially with new family integrations
  • Real-time session recording is now standard
  • Support for SAP and other major database platforms
  • Reliable and trusted solution for its basic capabilities
  • Retains a good interface with user-friendliness to the fore
  • Financially backed by a large enterprise software vendor 


  • The product would now benefit from more comprehensive DevOps and other digital capabilities as a next positive step
  • Micro Focus website remains confusing to buyers and dual branding is confusing
  • The platform is now being given technical and marketing attention, but a next-level focus is required

Micro Focus NetIQ Privileged Account Manager | The KuppingerCole Privileged Access Management (PAM) Report

Senhasegura PAM — more details here

Security: positive, Functionality: positive, Deployment: positive, Interoperability: neutral, Usability: positive


  • Ease of deployment
  • Easy to use, clean interface
  • Can be customized by admins and end users
  • Good efforts were made to address previous challenges
  • The keystroke analysis tool is unique and bodes well for future development
  • Much improved analytics tools including the safety rating status of a company 


  • Needs stronger marketing to be better known in Europe and North America
  • Support services currently only available in English and Portuguese
  • We look forward to the arrival of new developer-focused capabilities

Senhasegura PAM | The KuppingerCole Privileged Access Management (PAM) Report