- Session Management (Session Control and Recording)
- Very good in reliability
- Deployment Model: Available in both hardware and software appliance with one step installation only
IT Security Consultant at a tech services company with 51-200 employees
Some of the valuable features include session management and one step installation
What is most valuable?
How has it helped my organization?
Not applicable. I’m distributor of this product, not an end user.
What needs improvement?
Live session
GUI command keystroke and filtering
Session limitation
Live Session is a common feature now on PAM technology. By having this feature, an Administrator can monitor on live session about a privileged user activity, same like what we saw in CCTV. CA should add this feature on their PAM product, then they can compete with competitors.
Command keystroke and filtering on GUI session is needed to record and filter which commands allowed or not allowed privileged user work on GUI sessions, i.e., RDP Windows. By having this feature an Administrator can prevent dangerous commands when a privileged user on an RDP Session and open PowerShell or Windows Command or Database Engine CLI (MySQL, Oracle, etc.)
Session limitation is a very critical feature that cannot be addressed by CA PAM. By having this feature, only one username can allowed to login to the PAM dashboard at the same time and prevent another person to login using the same username (sharing password/username).
For how long have I used the solution?
I have used this solution for two years.
Buyer's Guide
Symantec Privileged Access Manager
October 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
There were no issues with stability.
What do I think about the scalability of the solution?
There were no issues with scalability.
How are customer service and support?
I would give technical support a rating of four out of five.
Which solution did I use previously and why did I switch?
We did not use a solution before this one.
How was the initial setup?
The initial setup was straightforward and very easy to setup.
What's my experience with pricing, setup cost, and licensing?
There is a combination of user and target devices pricing/licensing. There is no point to charge on target device pricing for 1000+ target devices. I would suggest charging for user percentages.
What other advice do I have?
I’m very satisfied with the product.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are distributor of this product.
IT Infrastructure Director at a construction company with 1,001-5,000 employees
Session recording enhances the ability to regulate and control privileged access accounts.
What is most valuable?
CA PAM has session recording, which is a very valuable feature. Overall, it is generally easy to use. It's a relatively simple product to setup and configure. You're not looking at tons of Professional Services hours to get it running.
How has it helped my organization?
Its primary benefits are the ability to regulate and control privileged access accounts, and their usage. Say for instance, that you have an administrator account for your Oracle EBS system: you obviously don't want your system administrators all sharing a single account. If you do find yourself in a situation where you only have one administrator account, you can setup Privileged Access Manager to track which administrators are using that single administrator account. That is very useful.
What needs improvement?
They actually just announced adding features that I would have liked included in the release that we're using. These new features all revolve around reporting and analytics. The basic reporting that comes with it is basic. They are not broad enough or deep enough. Apparently, with the latest release that was announced yesterday, there's a new analytics piece to it that really expands on its reporting capabilities.
Some of the key analytics that I would like to see are consolidated dashboard views with information about any privileged access usage that is out of the norm from a security perspective. That is now included in this new module; but I don’t think that this module is part of the Base Privileged Access Manager
Also, the licensing model, with cost as you scale with the number of users and recordable sessions. If it was cheaper, I would give it a perfect ranking.
What do I think about the stability of the solution?
I have had no stability issues whatsoever with it.
What do I think about the scalability of the solution?
We have a relatively small implementation, but from what we've seen so far, it would scale pretty well.
How are customer service and technical support?
We’ve used a little bit of technical support. It was really just a couple of questions here and there, and the support has been very good so far.
Which solution did I use previously and why did I switch?
We did not have a solution in place.
How was the initial setup?
Initial setup is pretty straightforward.
Which other solutions did I evaluate?
My organization had a push to increase our security posture this year. One of the areas we're looking at concentrating on is the use and control of privileged accounts. We obviously looked at the feature functionality set; then cost, then ease of use with a proof of concept demo.
We considered Thycotic Secret Server and we looked at a ManageEngine product. Ultimately, it came down to a choice between the Thycotic product and CA's PAM.
What other advice do I have?
The only advice that I would give is to also consider some of the new pure Cloud-based offerings that are out. They weren't necessarily strong enough for us to consider when we were looking.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Symantec Privileged Access Manager
October 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Co Founder & Chief Operating Officer at a tech services company with 51-200 employees
Passwords don't float around unchanged anymore. We can scale by just dropping in another appliance.
What is most valuable?
The most valuable feature is the general concept of securing privileged passwords. Having worked in IT for a long time, I know how privileged passwords can float around. They pass from person to person and don’t get changed when they should be changed, such as when someone key who knows them leaves the organization. So, I appreciate the value of locking all that down.
How has it helped my organization?
Being able to have a centralized place to store the most critical username/password combinations that you have. These are the ones that access your key systems. PAM prevents some of the breaches that we've seen recently where one of those privileged accounts can lead to access to confidential information or financials can really paralyze an entire organization. Breaches can potentially smear organizations in the media when their names get out there in that light. So the whole concept of locking that down is very important.
What needs improvement?
The product itself is solid. I haven't really seen any deficiencies. It’s more just getting the message out about why it's so important. That's what our organization is trying to do. We're also a reseller. We are trying to convince companies that they need this type of technology. Publishing more use cases would be helpful just to help to convince companies why they need a product like this.
For how long have I used the solution?
We don't actually use this solution ourselves. We implement the solution for people who buy it. I’ve been doing it for about a year. I haven't used it personally, but I know how it works.
What do I think about the stability of the solution?
It's very self-contained as a product. Being appliance-based, it's easy to implement. It's stable. No complaints there.
What do I think about the scalability of the solution?
It is very scalable. I know it's used in large organizations like banks and healthcare organizations. It's just a matter of swapping in. I recall on one of the enablement calls that I attended, they had a very defined set of parameters where if you reached a certain threshold, you would then swap in another PAM appliance.
How is customer service and technical support?
I've actually never called in to their technical support, so I really can't say.
What's my experience with pricing, setup cost, and licensing?
I don't really know much on the pricing side. I'm more on the technical side. We do have an instructor that teaches the PAM enablement classes, and he's a big fan of the course materials. He thinks that they're very valuable and well worth the cost of attending a class. So attend the public CA courses on PAM, because they're very good.
What other advice do I have?
I would say definitely get professionals that can help out. My company is in this space, and this is what we do for a living, so I don't think that it's a product that you want to go and try to implement on your own. Getting professional experience on your side for two or three weeks, or whatever it takes, to deploy the solution is well worth the investment.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: We are a reseller.
Information Security at ITG
The interface is very friendly, colorful, and bold
Pros and Cons
- "Whoever built it from the ground up, they understand how an organization is laid out."
- "The interface is very friendly, colorful, and bold."
- "Instead of just giving passwords to the user based on job function, from auditing perspective, turn that cycle around. That would really help from an auditing standpoint."
What is our primary use case?
I see it performing really well. It has a really good scalability attribute, where you can continuously keep dumping on new users and giving them only the access they need on the projects that they would view. It is very controlling and I really like that.
What is most valuable?
Whoever built it from the ground up, they understand how an organization is laid out. You can tell. When a user comes in, it automatically picks up their information. It is very easy to use. The interface is very friendly, colorful, and bold. I really like that. It is friendly to the users.
What needs improvement?
What PAM does is when a user signs in, or when a user gets prompted to an organization, they are classified based on what teams, job titles, and roles that they have.
One feature I would like to see is instead of just giving passwords to the user based on job function, from auditing perspective, turn that cycle around. Let us have a reporting feature that will say, "Can you please show me all the users who have access to the DB admin account essay." That would really help from an auditing standpoint.
There is already a feature for that. It is not too great to use. Instead of being Splunk, maybe have a feature built into the application.
How is customer service and technical support?
There have been no issues with CA technical support.
Which other solutions did I evaluate?
After doing a little bit of research in the PAM market, there are not too many PAM players out there. Obviously, there is CyberArk but the other big player is CA PAM. I took a look at CA PAM. CA's rep gave me every reason to pick CA PAM over CyberArk.
CyberArk is harder to set up. You need a stand up infrastructure to back up CyberArk. PAM, on the other hand, is much more simple to use, and you do not need as many Windows servers to back it up as far as I know.
- According to the users who have actually used CyberArk and CA PAM, they have said that CA PAM is ten times easier to use and manage.
- Also, according to the users, CyberArk is only in the Windows area. They only control passwords in the Windows area. I am not sure how true that is, but that is a huge thing.
What other advice do I have?
If your company has Windows, Unix, and Linux, and has accounts all over the place and you need to management it, look into CA now.
I feel like I have to learn more about CA PAM, because there are a lot of questions I still have for the product and I do not know them yet.
Most important criteria when selecting a vendor: technical support. Always having someone there who knows a lot about the product, but at the same time, they will be straight up with you about the difficulties. I really do like when people tell me, this is not working, and tell you straight off the bat. I really like that straightforwardness.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Director, Managed Services - Analytics & Data Solutions at a tech services company with 51-200 employees
We set a rule once, and it can be applied when we add new clients into our cloud environment.
What is most valuable?
- Consolidates access to all the systems
- Easy to deploy/virtual
- Records access for troubleshooting issues
How has it helped my organization?
One example of how it has improved the way my organization functions is that before, we had to deal with the firewall rules between domains to control access. With CA PAM, we simply set the rule once, which can be applied when we add new clients into our cloud environment.
What needs improvement?
They need to improve how it scales. We end up adding new “appliances” to scale for large or complex environments.
I run a multi-tenant cloud environment so I cover multiple domains and environments. So, as we grow our customer base by adding more systems, new customers or have different security zones for new applications/systems for customers, we end up having to add more appliances….we can only scale the virtual resources so much before we start hitting the performance thresholds on the appliance and the thresholds we have set with a customer.
By segregating and/or adding new appliances we even out the load and still maintain the performance we want with our customers. Obviously, I am talking about customers that have a higher access than some other companies.
For how long have I used the solution?
I have used this solution for roughly a year.
What do I think about the stability of the solution?
At the beginning, we did have some stability issues, i.e., until we understood the product, and then the process was better.
What do I think about the scalability of the solution?
There were scalability issues. The architecture forces us to add systems - similar to a Cisco model.
How are customer service and technical support?
The technical support is above average.
Which solution did I use previously and why did I switch?
I have used different systems in the past with other companies that I worked for, so I have been able to compare several of these. CA PAM is the least expensive option than most and is easy to deploy.
How was the initial setup?
The initial setup/configuration was easy. It was more troublesome in finessing the rule sets/processes that needs to be used, which isn’t a product issue but an internal walkthrough of how we wanted the access to be controlled and in what manner.
What's my experience with pricing, setup cost, and licensing?
Negotiate well but more importantly, design your architecture and understand what you will need as you scale (build building blocks).
Which other solutions did I evaluate?
We also evaluated One Identity, Centrify and Microsoft PIM.
What other advice do I have?
Make sure you fully vet out what is needed for the complete process, and understand what you need up front for the initial set and what will be added at what trigger points.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CA MSP Partner.
Director Of Information Security at a insurance company with 1,001-5,000 employees
We can separate the management of accounts with and without elevated privileges. It integrates with our identity management system.
What is most valuable?
So far the best value is the centralized management of all administrative accounts. Before PAM, domain administrators, Unix administrators with root access, end-users with elevated desktop privileges, and so on, were managed by those individual groups themselves. Now we have a way to separate the management of accounts with and without elevated privileges. This provides better control over who can see what information, and who can perform which actions.
So all the different roles (such as database admin, Unix admin, network administrator), are now centralized into one system. Users are authenticated with a single sign-on to access only what is appropriate for their role. It also enables us to take a generic role, like an administrator, and grant certain access rights to that role. Then you can apply the generic role, but go inside and make it granular. That isn't available in the product off the shelf, like in Microsoft or Red Hat.
It also integrates with our identity management system in which the roles and responsibilities are defined. Syncing the two systems is very helpful as well.
How has it helped my organization?
It is very helpful with passing audits. It’s one thing to say you have a control; it’s another to show your control. This is very easy to show. It also simplifies the security team's role in that we aren't chasing as many accounts with elevated privileges. We have a central place to go look for them.
A secondary feature is that it tracks normal behavior, and then sends notifications about anything out of the norm. An example of that is: a network administrator would add accounts on a regular basis at a rate of 10 a day; if 50 were to show up in one day, it would automatically flag it and say, "Something's not right, take a look."
What needs improvement?
I would like to see better integration with Security Incident Management solutions, a SIM, like a Splunk.
The integration with IBM’s Guardian is useful, but it is not a specific plug-in or API. It is just log information; so a little more detail would be useful there.
What do I think about the stability of the solution?
So far, so good. It is new. We haven’t had any issues yet.
What do I think about the scalability of the solution?
So far, so good. It is new. We haven’t had any issues yet.
How are customer service and technical support?
Technical support been good too. We had professional services onsite with us, so that made things easy. We have transitioned away from that, but so far things have been fine. We haven't had any major issues.
Which solution did I use previously and why did I switch?
We were not using anything else previously.
How was the initial setup?
It was a little bit of both. There's some internal politics, and the internal infrastructures, as well as bringing in a new product,; but overall it was fine.
There was lack of knowledge from my team; and then learning from the other team, as well as the professional services team learning our infrastructure and its intricacies.
How do you get a change control approved so we could do something quickly?
Which other solutions did I evaluate?
We went with it because of internal customer needs, the regulatory and audit requirements, ease of installation, and auditor funding.
What other advice do I have?
I would say do your research. We did, and that's why I said there weren't any real competitors. There always; but in this space, I don't think so – not today.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Director at a tech services company with 51-200 employees
It adds another layer of security from the basic OS security of Linux and Windows, although the rule management portion and reporting is very weak on its own.
Valuable Features:
It consists of three components that work well together: access controls, SIEM, and password recording capabilities.
Improvements to My Organization:
The access control component is solid. It adds another layer of security from the basic OS security of Linux and Windows. A lot of customers use it. The segregation is difficult to achieve as different OS's require different skill sets, but in terms of admin, it’s the same cost, and that’s a key benefit.
Room for Improvement:
The rule management portion and reporting is very weak on its own. Also, the login part and visibility are not user friendly, as is management of the policies. Moreover, I can't easily generate the metrics. Once the rules increase, if you can’t cross-reference it becomes a challenge.
Deployment Issues:
With any deployment, you may have overkill, so it’s up to the business to get balance with rules.
Stability Issues:
It’s been in the market a long time, so thankfully it is stable.
Scalability Issues:
Scalability is not an issue because of the architecture. The management piece just manages policies, so you can still go the system and are not handicapped.
Initial Setup:
The initial set up is very straightforward. The complexity is not so much of a problem, but that’s up to the organization.
Other Solutions Considered:
There are not many players in this arena so there aren't many choices. IBM has a solution, but I don’t think they push it.
Other Advice:
Definitely you have to go for a tested solution. This solution doesn’t have bugs, but you should follow CA’s messaging that it’s always good to deploy in small chunks. Applications have problems, and sometimes it’s a process. You just have to expand over time.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Solution Architect at a tech consulting company with 501-1,000 employees
The DB clustering is a really good benefit of this solution.
Pros and Cons
- "CA PAM is working well for us."
- "The DB clustering is a really good benefit of using CA PAM."
- "An improvement for this solution is that it should not be constantly based on user name and password. There should be a condition to edit and update your username."
What is our primary use case?
My primary use case for this solution is for work in data center components. We use it with our data center devices.
What is most valuable?
The DB clustering is a really good benefit of using CA PAM.
What needs improvement?
An improvement for this solution is that it should not be constantly based on user name and password. There should be a condition to edit and update your username. Also, it would be nice to have a single sign-on, but that particular portal doesn't allow any copy/paste.
In addition, I have an additional suggestion. I will give you a scenario. In regards to the licensing, I have some concerns. The NAS team, they want to have 24/7 support. The NAS team is the one actually using this CA PAM. So, the total count is some hundred members. But at other times, the login is 23 members. So it's like a batch. Every 7 hours there is a batch change, so every 7 hours 23 members will change. But when I ask for a licensing part, they are saying we have to take 100 license, not 23 license. Each time I have to ask for 100 licenses, even though I have only 23 members at a time using the solution. If there were any options for concurrent usage of a license, that would be a better option.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
I find it is a stable product for our organization. But, we have had to do some debugging sessions occasionally.
Which solution did I use previously and why did I switch?
We have previous experience with CyberArk.
How was the initial setup?
The initial setup was easy and straightforward.
What's my experience with pricing, setup cost, and licensing?
I would prefer better licensing options for the 20-100 users we have at a given time.
Which other solutions did I evaluate?
We also considered CyberArk.
What other advice do I have?
So when we are trying develop some particular portal, when you are looking with loop-back IP, connecting the backend by a loop-back IP, the response is coming by an actual IP - that's the portal design. Because it is redirecting multiple URLs, the portal designed like in such a way like it will take your input and redirect your many multiple URLs with the connection and respond back to your browser, but the browser always it comes back with the actual IP, not the loop-back IP. In this case, the CA PAM is working well for us.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Symantec Privileged Access Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Privileged Access Management (PAM)Popular Comparisons
CyberArk Privileged Access Manager
Delinea Secret Server
BeyondTrust Endpoint Privilege Management
WALLIX Bastion
One Identity Safeguard
ARCON Privileged Access Management
MasterSAM PMS
Buyer's Guide
Download our free Symantec Privileged Access Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Privileged Identity Management, what aspect do you think is the most important to look for?
- Which is the best Privileged Account Management solution?
- What are the top 5 PAM solutions that can be implemented which cover both hybrid and cloud?
- What are the top 5 PAM solutions?
- How will AI and ML help or work with PIM/PAM?
- Is BeyondTrust Endpoint Privilege Management really expensive compared to other tools or software?
- What is the difference between PAM and PAS?
- What is the difference between IDAM , PIM and PAM?
- Which PAM tool do you prefer: CyberArk Privileged Access Manager, One Identity Safeguard, Delinea Secret Server, or BeyondTrust Privileged Remote A
- What is the best approach to limiting privileges for administrators?