Automation and operational efficiency

One solution for all three use cases, saves significant amount of costs

Over 30% more cost ¹⁾

Auto scaling and performance, speed

PrivX offers robust auto-scaling features and high performance.

Have been designed for static, on-premises environments,

Mostly designed to be both auto-scalable and flexible.

Performant but auto scaling etc. is not in focus.

Ephemeral access

  Passwordless and keyless

Full capability. Creates connection-specific short-lived certificates, eliminating the need for static credentials and password rotation.

Still, focusing on vaulting and password rotation.

Trying to move to ephemeral authentication.

Full capability.

Integrate with existing IAMs and supports MFA, which can include passwordless obfuscation.

SSH Key management, Machine identities

Offers comprehensive SSH key management capabilities through its Key Manager, designed to automate and govern SSH keys in alignment with compliance and security standards. Automatic migration to ephemeral access.

Limited capabilities.

However, CyberArks’s Venafi acquisition distinguishes CyberArk from other traditional vendors.²⁾

Not available

Not available

Complete identity lifecycle management integration with IDM, IGA

PrivX PAM solution Integrates with various IAM and Identity Governance and Administration (IGA) tools to facilitate comprehensive identity lifecycle management. The best bolt-on for Microsoft Entra.

Support for identity lifecycle management and integration with IDM and IGA systems.

Support for identity lifecycle management and integration with IDM and IGA systems.

Offer secure access solutions with elements of IAM, but with limited capabilities in identity lifecycle management and integration with IDM and IGA.

Ticketing workflows and approval process

Built-in workflows for approval processes – also for mobile - integration with IGA, and a REST API to develop custom workflows or to integrate with ticketing systems. ³⁾

Offer comprehensive ticketing workflows and approval processes within their PAM solutions.

Allow customizations and custom approval workflows or integrations with ticketing systems.

Access request and approval workflows included, with varying degrees of integration with ticketing systems.

Auto discovery (assets)

PrivX's automated discovery capabilities encompass virtualization platforms and computes resources in cloud environments as well as assets in OT.

Each platform offers asset discovery tools.

Have cloud discovery.

OT Asset discovery capabilities.

Auto discovery (Cloud user accounts, local accounts… )

PrivX automatically discovers privileged accounts in hybrid and multi-cloud environments, including cloud instances and configurations.

Each platform offers valuable account discovery tools.

Lack built-in capabilities for the automatic discovery of privileged accounts.

GitHub/GitLab (Ephemeral access based authentication)

Facilitates secure, passwordless access to code repositories like GitHub and GitLab through ephemeral certificate-based authentication.

A mix of certificate-based authentication, integrations to GitHub, and certificate-based authentication, as with Azure DevOps.

Teleport provides certificate-based authentication and integrates seamlessly with platforms like GitHub and GitLab.

No support for certificate-based authentication to DevOps platforms like GitHub or GitLab.

High Availability: Zero downtime upgrades

PrivX's architecture facilitates high availability and zero-downtime upgrades, allowing organizations to maintain continuous access to critical systems during updates.

Offer high availability to ensure service resilience, the support for zero-downtime upgrades not explicitly detailed.

Teleport's architecture supports high availability and can facilitate zero-downtime upgrades.

High availability but no zero downtime upgrade.

Simplicity and ease of use

PrivX PAM solution has an easy user interface. Its agentless architecture and emphasis on passwordless authentication reduce complexity and administrative overhead.

Offer extensive capabilities but present a steeper learning curve due to its complexity.

Offer a streamlined and user-friendly experience.

Deploying Claroty might need careful planning.

Completeness of offering

Comprehensive IT/OT access management

Offers a comprehensive access management for converged IT/OT environments with support for diverse protocols, and on-site/off-site access.

Lacking capabilities compared to vendors specializing in OT environments.

Limited OT capabilities.

Provide OT security solutions, but limited in IT.

Non-intrusive machine to machine connection

Non-intrusive approach to PAM characterized by ephemeral certificates and an agentless architecture, boosts security, operational efficiency, and scalability.

Integrating vaulting mechanisms may require changes to existing workflows and systems, introducing complexity.

Agentless architecture, ephemeral certificates, and a unified access plane.

Session recording, Live monitoring

Provides robust monitoring and live session oversight without the complexities associated with agent-based solutions.

Offer monitoring and live session monitoring capabilities.

Live session monitoring and recording capabilities provide real-time visibility and control over user activities.

Offer monitoring and live session oversight tailored to OT environments.

Secrets management, vault, password rotation

Hybrid: vaults (Secrets Vault, REST API), manages and rotates secrets but supports efficient passwordless and keyless authentication.

Offer robust credential vaulting capabilities within their PAM solutions.

Do not offer traditional vaulting capabilities. Can integrate with e.g. HashiCorp Vault.

Include vault features designed to securely store and manage privileged credentials.

Database access

PrivX PAM offers a comprehensive solution for database access control.

Offer robust features for managing and securing database access.

Offers a robust solution for secure database access management.

Not available.

Browser isolation, SSE

Ensures that web sessions are isolated and controlled, providing a layer of security between the user's environment and the target web service. Agentless, containerized browser isolation.

Only CyberArk offers a dedicated browser solution aimed at enhancing security and privacy.

Not offering traditional browser isolation but secure, browser-based access to infrastructure resources.

Not available
However, they provide secure, browser-based access to critical systems in OT environments.

Secure file transfers with file scanning

PAM solution supports secure file transfers between the user's computer and target devices. File type, virus, malware checks, and audit trails for protecting data integrity and preventing unauthorized access.

Offer secure file transfers.

Offer secure file transfers.

Provide secure file transfers.

Endpoint device trust

PrivX PAM solution enhances device trust through its PrivX Authorizer component, which provides phishing-resistant multi-factor authentication (MFA).

Offer endpoint security solutions.

Comprehensive approach to device trust and identity governance.

Lack comprehensive, in-depth verification mechanisms like device security posture assessments.

Support for proprietary industrial protocols

PrivX OT offers a protocol-agnostic approach to secure access management in OT, supporting various industrial protocols (Ethernet/IP, Profinet, Modbus TCP, OPC UA…) without the need for multiple point solutions.

PAM solutions do not natively support or manage these industrial protocols, with Wallix being a notable exception.

Not available.

Limited support outside Claroty.

Modernity

Modern microservice architecture

Built using microservices architecture, offering superior flexibility, scalability, and resilience.

Built using monolithic architectures or modular designs that focused on centralized management, secure vaulting, and session monitoring.

Implements a modular architecture.

Do not use a microservices-based architecture.

Multiple deployment options (Kubernetes, cloud(s), VM, on-premise, SaaS)

PrivX PAM solution offers versatile deployment options, including on-premises, SaaS, cloud, and Kubernetes environments.

No Kubernetes support.

Can be deployed in Kubernetes, on-premises, and in cloud environments.

Versatile deployment options, including on-premises, cloud, and hybrid models

No Kubernetes.