Try our new research platform with insights from 80,000+ expert users

AWS CloudTrail vs CyberArk Privileged Access Manager comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

AWS CloudTrail
Ranking in User Activity Monitoring
2nd
Average Rating
8.8
Number of Reviews
11
Ranking in other categories
No ranking in other categories
CyberArk Privileged Access ...
Ranking in User Activity Monitoring
1st
Average Rating
8.6
Reviews Sentiment
6.9
Number of Reviews
202
Ranking in other categories
Enterprise Password Managers (3rd), Privileged Access Management (PAM) (1st), Mainframe Security (2nd), Operational Technology (OT) Security (3rd)
 

Mindshare comparison

As of December 2024, in the User Activity Monitoring category, the mindshare of AWS CloudTrail is 16.0%, down from 25.3% compared to the previous year. The mindshare of CyberArk Privileged Access Manager is 30.9%, up from 31.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
User Activity Monitoring
 

Featured Reviews

Priyam Vaidya - PeerSpot reviewer
Provides a comprehensive approach to monitoring and security
One of the most valuable features of AWS CloudTrail is its ability to track and monitor API calls detailedly. Whenever somebody logs in, I receive a notification via CloudWatch. It integrates easily with other AWS services, providing a comprehensive approach to monitoring and security. This straightforward solution by AWS greatly enhances our workflow.
SatishIyer - PeerSpot reviewer
Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK
When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time. PTA is essentially the monitoring interface of the broker (e.g. Privileged Access Management, the Vault, CPM, PSM, etc.), and it's where you can capture your broker bypass and perform related actions. For this reason, we thought that this kind of mapping would be required, but CyberArk informed us that they did not have the capability we had in mind with regard to MITRE ATT&CK. I am not sure what the situation is now, but it would definitely help to have that kind of alignment with one of the more well-known frameworks like MITRE. For CyberArk as a vendor, it would also help them to clearly spell out in which areas they have full functionality and in which ares they have partial or none. Of course, it also greatly benefits the customers when they're evaluating the product.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"From a scalability point of view, the tool has no issue, and it is completely fine."
"The product’s most valuable feature is monitoring. It helps us audit the changes in AWS account at the application and resource level."
"The management events and CloudTrail Insights are valuable."
"One of the most valuable features of AWS CloudTrail is its ability to track and monitor API calls detailedly."
"It is a stable solution. AWS handles it well."
"AWS CloudTrail integrates with AWS Config and provides custom event, security, and compliance auditing."
"AWS CloudTrail helps in accelerating incident investigation and response. It increases it because I pull out the logs to CloudTrail, and from CloudTrail watch, I'll send it to the Security Hub and do a visualization with Prometheus and Grafana."
"The solution is good as a central logging platform for showing all cloud events."
"Service count rotation is probably one of my favorite features... The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now."
"It provides an accountability to the individuals who are using it, knowing that it is audited and tracked."
"There are no issues with scalability. Our clients are very happy to use the product."
"The most valuable features of CyberArk Enterprise Password Vault are password vaulting and automatic rotation of passwords after use."
"With PAM in place, we've experienced a significant reduction in potential security breaches."
"The product is for hardening access and making the organization more secure, therefore reducing chances of a breach."
"The users have the ability to rotate passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically."
"If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network."
 

Cons

"More controls should be introduced in CloudTrail, especially to see the logs in CloudTrail itself without saving them in S3, as S3 starts to incur charges."
"The product's initial setup phase is not pretty straightforward."
"The solution should incorporate visibility for CloudWatch events."
"The solution's operation visibility could be improved."
"Filtering multiple values within the console is a feature that has yet to exist in AWS CloudTrail. You can look up a user identity, service, or action, but you can't search for multiple dimensions."
"I have not experienced any challenges while using it."
"The platform’s reporting log sheet feature could be more user-friendly."
"Once the organization defines its policies, it must immediately enable AWS CloudTrail and integrate it with auto-remediation procedures using Lambda functions. This ensures that the main administrator can receive information quickly and on time without delay."
"If we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature."
"Its GUI is very confusing."
"Some aspects of the administration need improvement, though they have recently made improvements to the API. However, the management with the interface and configuration are not so user-friendly. It has not changed much during all the years that CyberArk has been on the market. The management part, like platform management as well as PSM connectors definition and management, could be improved, even if it has already been done with the API."
"One area for improvement is the plug-in development challenge. Although CyberArk provides a plug-in generator utility, it does not fully meet our needs, particularly for web-based applications."
"There is a bit of a learning curve, but it's a pretty complex solution."
"The challenge with the product is pricing since it's expensive. It also needs to improve the customization. We encountered some stability issues as well."
"I think having a distributed architecture would certainly help this solution."
"The initial setup could be simpler but it may not be as effective."
 

Pricing and Cost Advice

"The solution is free if you don't need customizations but is not expensive otherwise."
"It is a very cheap service because management is a SaaS offering from AWS."
"AWS CloudTrail is a cheap solution."
"CloudTrail itself is free of cost."
"AWS CloudTrail is pretty affordable, and I have to double-check, but the service is free to use. I can add logs on the console, but if I want to store logs long-term, then I have to pay a storage fee, but it's relatively inexpensive."
"AWS CloudTrail is free."
"The SaaS version of CyberArk Enterprise Password Vault is very expensive, but the on-premises version is relative, e.g. depending on the size of the environment, it can be a bit pricey, but it's relatively okay compared to the others."
"The product's licensing is yearly. I would rate the solution's pricing a six out of ten."
"CyberArk Enterprise Password Vault is a very expensive product."
"Pricing and licensing depend on the environment."
"It costs us around $200 per user."
"Its price is high. I have also worked with Delinea. CyberArk is comparatively expensive compared to other PAM solutions, such as Delinea, especially during renewal."
"The product’s pricing is feasible for enterprise customers. The pricing is expensive for smaller businesses. You need to pay additional costs for service implementation and local support."
"CyberArk Enterprise Password Vault's pricing is reasonable."
report
Use our free recommendation engine to learn which User Activity Monitoring solutions are best for your needs.
824,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
No data available
Educational Organization
32%
Financial Services Firm
12%
Computer Software Company
11%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about AWS CloudTrail?
In one specific scenario, we encountered a situation where a terminated employee still had access to our environment without our knowledge. With AWS CloudTrail, we could track and monitor the emplo...
What is your experience regarding pricing and costs for AWS CloudTrail?
The cost depends on the volume of logs generated from various services. So, depending on how many logs are gathered, it could vary from being cheap to expensive.
What needs improvement with AWS CloudTrail?
Right now, AWS CloudTrail is perfect. I have not experienced any challenges while using it.
How does Sailpoint IdentityIQ compare with CyberArk PAM?
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...
What do you like most about CyberArk Privileged Access Manager?
The most valuable features of the solution are control and analytics.
What is your experience regarding pricing and costs for CyberArk Privileged Access Manager?
CyberArk Privileged Access Manager comes at a high cost. But the solution is worth its price.
 

Also Known As

CloudTrail
CyberArk Privileged Access Security, CyberArk Enterprise Password Vault
 

Overview

 

Sample Customers

HTC, British Gas, Solinor, 2C2P
Rockwell Automation
Find out what your peers are saying about AWS CloudTrail vs. CyberArk Privileged Access Manager and other solutions. Updated: December 2024.
824,168 professionals have used our research since 2012.