The KuppingerCole Privileged Access Management (PAM) Report
News | 02.05.2023
The KuppingerCole Leadership Compass provides an overview of insights on the leaders in innovation, product features, and market reach for Privileged Access Management (PAM).
These vendors use a variety of software tools to enable organizations to control and monitor privileged access to endpoints, servers, applications, and cloud resources. The report is the most comprehensive of its type covering more vendors than any other and presents a unique guide to the PAM market.
Our vendors of Senhasegura, Ekran System, CyberArk, and MicroFocus were included in the report. Softprom — Cyber Security Distributor of Senhasegura, Ekran System, and CyberArk and 100+ vendors. We provide a full cycle of support at all stages of the IT projects: presale, pilot, implementation, training, and technical support. Always open to collaboration and partnerships.
Highlights of Privilege Access Management (PAM) report
- The emergence of Cloud Infrastructure Entitlement Platforms (CIEM) is disrupting the traditional PAM market; some traditional vendors now offering CIEM-type capabilities.
- Dynamic cloud access demands continue to grow as organizations struggle with unauthorized clouds and personal cloud creation by Lines of Business (LOB), end users, and Developers.
- New market entrants continue to appear but with highly focused PAM apps rather than suites, usually 100% cloud-native.
- A market divide is emerging between centralized, multi-capability PAM platforms and smaller PAM and CIEM apps purchased for small businesses or LOBs
- Vaults vs. password less continues to be a choice but no sign yet of a persistent decline of vaults and password capabilities
- Just in Time (JIT) and Zero Standing Privilege (ZSP) demands are beginning to impact the market with vendors either now offering those capabilities or have in their roadmap.
- The number of PAM and PAM capable vendors (including Vendors to Watch) has increased despite mergers and acquisitions among established vendors.
- More granular and revised scoring by KuppingerCole has resulted in a realignment of vendors to reflect new capability demands and the changing market
- PAM Leadership Compass 2022 has revised Spider Graph categories to reflect changing market demands
Required Capabilities for Privileged Access Management (PAM)
The KuppingerCole PAM Leadership Compass analyses and rates PAM platforms that cover the following key capabilities:
Classic PAM Capabilities
Account management
- Application to Application Password Management (AAPM)
- Password/credential vaulting
- Shared Account Password Management (SAPM)
- Privileged Session Management (PSM)
- Controlled Privilege Escalation and Delegation Management (CPEDM).
- Endpoint Privilege Management (EPM)
Authentication
- Just in Time Provisioning (JIT
- Privilege Single Sign-On (SSO)
- Multi-Factor Authentication
Session management and analytics
- Fine-grained access control
- Privileged Account Discovery and Lifecycle Manager (PADLM)
- Privileged User Behaviour Analytics (PUBA)
- Privileged Remote Access
- Session Recording and Monitoring (SRM)
Extended PAM
Account management
- Application to Application Password Management (AAPM)
- Controlled Privilege Escalation and Delegation Management (CPEDM)
- Privileged Remote Access
- DevOps support
Authentication
- Just in Time Provisioning (JIT)
- Ephemeral credentials
- CIEM
Session management and analytics
- Privilege IT task-based automation
- Privileged Access Governance
The PAM Leadership Compass analyzes software platforms that manage privileged access for User identities, Service identities, Admin identities, Machine identities, API Identities
The PAM Leadership Compass covers software platforms that:
- Control privilege of identities of all kinds by enforcing Least Privilege across multi-hybrid environments
- Provide Privileged Access Management to those identities that have access to specific high-value and critical services, applications, and data in dynamic multi-hybrid environments
- Provide Just in Time access to services, applications, and data in dynamic multi-hybrid environments in line with security policies and business demands
- Manage entitlements of privileged identities with access to resources at the most granular level, enabling compliance with access governance policies.
- Manage multiple entities and all modern identity types including machine and non-machine
Below is short information about our vendors from The KuppingerCole report.
CyberArk Identity Security Platform — more details here
Security: strong positive, Functionality: strong positive, Deployment: strong positive, Interoperability: positive, Usability: strong positive
Strengths
- One of the widest support levels for platforms and deployments
- Has continued to add features in the last year to maintain its leadership
- CyberArk is a public Identity Security company, which breeds trust for customers along with its history
- Intuitive and robust UI design with strong threat analytics capabilities offering real-time threat detection and remediation
- Effective DevOps support and broad support for cloud applications and infrastructure
- A strong and functional technology and channel partner ecosystem
Challenges
- The high modularity of the solution could be unfavorable for certain deployments
- The complete solution may be overkill for some smaller PAM deployments, but PAMaaS is a step forward here
- CyberArk continues to invest heavily in R&D to tackle both PAM use cases while expanding to address needs in the wider identity management spectrum. This may lead it vulnerable to some smaller PAM niche app providers at specific market points
Ekran System Platform — more details here
Security: neutral, Functionality: weak, Deployment: neutral, Interoperability: neutral, Usability: weak
Strengths
- Effective use of AI to detect hackers and unauthorized users in UEBA capability
- API-driven integrations are a good start and foundation for future scalability
- Solid session monitoring tools
- Available to run from AWS
- Ekran System’s experience in IAM should give confidence to potential PAM buyers
Challenges
- Lacks some of the key PAM capabilities such as task management and privilege escalation
- Some, but still limited DevOps capabilities that need development
- Needs more investment and innovation to compete with the best
Micro Focus NetIQ Privileged Account Manager — more details here
Security: neutral, Functionality: neutral, Deployment: neutral, Interoperability: positive, Usability: neutral
Strengths
- Good for organizations that already adopt other NetIQ IAM products, especially with new family integrations
- Real-time session recording is now standard
- Support for SAP and other major database platforms
- Reliable and trusted solution for its basic capabilities
- Retains a good interface with user-friendliness to the fore
- Financially backed by a large enterprise software vendor
Challenges
- The product would now benefit from more comprehensive DevOps and other digital capabilities as a next positive step
- Micro Focus website remains confusing to buyers and dual branding is confusing
- The platform is now being given technical and marketing attention, but a next-level focus is required
Senhasegura PAM — more details here
Security: positive, Functionality: positive, Deployment: positive, Interoperability: neutral, Usability: positive
Strengths
- Ease of deployment
- Easy to use, clean interface
- Can be customized by admins and end users
- Good efforts were made to address previous challenges
- The keystroke analysis tool is unique and bodes well for future development
- Much improved analytics tools including the safety rating status of a company
Challenges
- Needs stronger marketing to be better known in Europe and North America
- Support services currently only available in English and Portuguese
- We look forward to the arrival of new developer-focused capabilities