Try our new research platform with insights from 80,000+ expert users

CyberArk Privileged Access Manager vs Microsoft Enterprise Mobility + Security comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

CyberArk Privileged Access ...
Average Rating
8.6
Number of Reviews
193
Ranking in other categories
User Activity Monitoring (1st), Enterprise Password Managers (2nd), Privileged Access Management (PAM) (1st), Mainframe Security (3rd), Operational Technology (OT) Security (3rd)
Microsoft Enterprise Mobili...
Average Rating
8.4
Number of Reviews
10
Ranking in other categories
Enterprise Mobility Management (EMM) (15th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. CyberArk Privileged Access Manager is designed for Privileged Access Management (PAM) and holds a mindshare of 21.2%, down 24.0% compared to last year.
Microsoft Enterprise Mobility + Security, on the other hand, focuses on Enterprise Mobility Management (EMM), holds 0.7% mindshare, down 0.9% since last year.
Privileged Access Management (PAM)
Enterprise Mobility Management (EMM)
 

Featured Reviews

SatishIyer - PeerSpot reviewer
Jun 21, 2022
Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK
When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time. PTA is essentially the monitoring interface of the broker (e.g. Privileged Access Management, the Vault, CPM, PSM, etc.), and it's where you can capture your broker bypass and perform related actions. For this reason, we thought that this kind of mapping would be required, but CyberArk informed us that they did not have the capability we had in mind with regard to MITRE ATT&CK. I am not sure what the situation is now, but it would definitely help to have that kind of alignment with one of the more well-known frameworks like MITRE. For CyberArk as a vendor, it would also help them to clearly spell out in which areas they have full functionality and in which ares they have partial or none. Of course, it also greatly benefits the customers when they're evaluating the product.
Dheen Jaabir - PeerSpot reviewer
May 29, 2023
Seamless integration and easy implementation
Microsoft licensing has always been tricky. There have been several changes in the last quarter, such as the addition of a new SKU on top of the existing ones. The licensing can be messy at times. Apart from that, it's fine. One area where Microsoft lacks is network-level protection. Currently, it focuses on endpoint protection. However, with the shift to remote work, network-level protection has become less relevant since users take their devices home, and there is no physical boundary after COVID. So, investing in network equipment might not be as useful as protecting endpoints with features like EDR (Endpoint Detection and Response) and behavioral monitoring. That would probably be helpful.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes."
"CyberArk PAM can be easily automated."
"We have been able to manage application credentials in CyberArk, whether they come as a custom plugin or straight out-of-the-box."
"Provides improved security around having your credentials locked down and rotated regularly."
"The most valuable feature is that it is flexible. It has many connectors. that have done well, the EPV and SSH sessions are all being recorded and everything works fine."
"I found it valuable that CyberArk Privileged Access Manager can be integrated with PTA (privileged threat analytics), and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature. Another good feature is the CPM (central password manager) because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain."
"The established sessions on the target systems are fully isolated and the privileged account credentials are never exposed to the end-users or their client applications and devices."
"It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."
"A good feature that is present is MAM or Mobile Application Management. We can deploy this feature on the device, which is not managed by the organization. If I apply some security configuration on a personal device, the user would be really disappointed. What we do instead is that we give all access to the applications related to corporate and ask the users to use the application. We secure the application by putting the security features on the applications and not on the users' devices. This way, the users are happy, and we also meet our company's compliance standards. Then, everyone is happy."
"Microsoft Mobility and EMS include Intune for Mobility, which provides mobile device management and mobile application management. With mobile device management, you can control the entire device in an organization."
"The product is a unified solution and you don't require to purchase tools from different vendors. The system analyzes behavior and activity and takes steps for protection."
"The product is centralized and we can use it for security purposes."
"You can scale the solution up or down by department."
"It is a stable solution...It is a scalable solution."
"The solution is very good at securing files. For example, if I forward a secure document, it's blocked from others, as I can send it with restrictions in relation to who can open it."
"Integration between our departments has been the most valuable."
 

Cons

"New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections."
"The tool’s pricing and scalability can be better."
"This product needs professional consulting services to onboard accounts effectively based user profiles."
"I think they can improve account onboarding. For instance, you have to use the Password Vault utility, whereas in Thycotic I think there is a feature in the user interface that allows you to upload your account with an Excel file. So I'd like to have a similar thing in CyberArk."
"CyberArk's license is too expensive. I rate it seven out of 10 for affordability."
"it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs."
"It should be easy to use for non-technical people. Its interface can be a bit difficult. Some parts of its interface are not very intuitive. Some of the controls are hidden, and instead of having a screen with all the controls for that account on it, you have to use menus and other similar things."
"Sometimes the infrastructure team is hesitant to provide more resources."
"The MDM part of the engine could be better."
"Microsoft Enterprise Mobility + Security is expensive."
"The licensing can be messy at times."
"The auditing and reporting could be updated and upgraded. I would like to see light applications because they consume a lot of the device's memory at present."
"The licensing is quite expensive."
"Technical support could be improved. Sometimes they use a third party that's not so knowledgeable in the product and that can slow down things a bit."
"We did the deployment with the help of Microsoft's consultants. But sometimes, we found it difficult to educate the application developers to integrate."
"There are certain shortcomings in the licensing model of the product where improvements are required."
 

Pricing and Cost Advice

"CyberArk Enterprise Password Vault is a very expensive product."
"It's per-company, license-based."
"The price of CyberArk Privileged Access Manager could be less expensive."
"In comparison to other products on the market, CyberArk is a more costly product."
"The price of this solution is quite reasonable."
"CyberArk DNA is free if you purchase the CyberArk solution. There is no additional charge for CyberArk DNA, which is great."
"I haven't seen the numbers. I know it is not cheap, but I don't know what it is. I would rate it a six out of ten in terms of pricing. It is definitely more expensive than the other product, but it also provides more functionality, and it is modular too. So, we pay for the functionality we're actually going to use, and that's nice."
"It is not a cheap solution. It is expensive as compared with other solutions. However, it is one of the best solutions in their domain."
"I would rate pricing at eight out of ten. It is a bit higher because of the security features that Microsoft provides."
"We have to pay 10 dollars per user. I would rate the tool's pricing a six out of ten."
"The increase in the prices of the product might not be the actual problem, but things become complex with some new plans that were introduced by Microsoft recently."
"The solution is cost-effective."
report
Use our free recommendation engine to learn which Privileged Access Management (PAM) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
30%
Financial Services Firm
13%
Computer Software Company
11%
Manufacturing Company
6%
Computer Software Company
20%
Financial Services Firm
11%
Manufacturing Company
8%
Pharma/Biotech Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Sailpoint IdentityIQ compare with CyberArk PAM?
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...
What do you like most about CyberArk Privileged Access Manager?
The most valuable features of the solution are control and analytics.
What is your experience regarding pricing and costs for CyberArk Privileged Access Manager?
CyberArk Privileged Access Manager comes at a high cost. But the solution is worth its price.
What is your experience regarding pricing and costs for Microsoft Enterprise Mobility + Security?
The increase in the prices of the product might not be the actual problem, but things become complex with some new plans that were introduced by Microsoft recently. Initially, my company used to ha...
What needs improvement with Microsoft Enterprise Mobility + Security?
Since Microsoft Enterprise Mobility + Security needs to deal with the competition from VMware and Ivanti, I visited PeerSpot's website to see how Microsoft can compete with its competitors. Microso...
 

Also Known As

CyberArk Privileged Access Security, CyberArk Enterprise Password Vault
Enterprise Mobility + Security E3, Enterprise Mobility + Security E5, MS Enterprise Mobility + Security
 

Overview

 

Sample Customers

Rockwell Automation
Mars, Whole Foods, Land O'Lakes, Dow
Find out what your peers are saying about CyberArk, Delinea, One Identity and others in Privileged Access Management (PAM). Updated: November 2024.
814,649 professionals have used our research since 2012.