- Role-based, attribute-based, & just-in-time access to infrastructure
- Connect any person or service to any infrastructure, anywhere
- Logging like you've never seen
Summary: This article compares two Privileged Access Management (PAM) solutions, BeyondTrust vs. Delinea (formerly Thycotic). It takes a closer look at how these PAM products work and how they fit in with your organization’s access management strategy. We’ll examine product summaries, use cases, and pros and cons. By the time you’re done reading this article, you’ll have a clear understanding of the similarities and differences between these PAM tools and be able to choose the tool that best fits your organization.
Cybercrime is big business. From stolen credit card numbers to intellectual property, cybercriminals have formed their own organizations and even offer cybercrime as a service, resulting in financial and reputational damage to companies. Privileged Access Management (PAM) is one way to protect infrastructure from brute force and SQL injection attacks, as well as mishandled information.
However, not all PAM solutions are created equal. Choosing the right PAM solution means examining BeyondTrust vs. Thycotic carefully to figure out which one will work best for your organization. Here’s how BeyondTrust PAM and Thycotic PAM stack up.
What Is BeyondTrust?
Formerly known as Bomgar, BeyondTrust is a suite of privileged identity management, remote access, vulnerability management, and access management products. BeyondTrust PAM works with Linux, Mac, Unix, and Windows environments.
BeyondTrust product summary
The BeyondTrust suite of products includes Endpoint Privilege Management, Privileged Password Management, Secure Remote Access, and Cloud Security Management.
Each of these products does something different: EndPoint Privilege Management allows organizations to set the least amount of privileges across endpoints, while Privileged Password Management provides a password safe and DevOps secrets safe, as well as the ability to find, manage and audit privileged accounts.
Remote Access lets organizations manage service desks, vendors, and operators and provide privileged access in one location. Cloud Security Management is for multicloud environments and lets organizations automate identities and assets.
BeyondTrust use cases
BeyondTrust has a variety of uses, including:
- Setting least privileged access across Mac, Windows, Linux, and Unix environments
- Monitoring and controlling remote access to systems
- Auditing and securing account credentials for privileged users
- Utilizing PAM for both cloud and network environments
BeyondTrust pros & cons
Some customers like BeyondTrust because they say:
- Deployment and maintenance is simple
- SSH access and RDP are supported
- Permissions can be managed with AD, LDAP, RADIUS, and Kerberos
- Less processing power is needed to protect endpoints because of its lightweight architecture
However, others caution that BeyondTrust has its issues, including:
- Requirement to purchase add-ons
- Single sign-in is poorly integrated
- Licensing costs are high
- User interface is clunky
- Elevating admin privileges for the first time can be difficult
What Is Delinea?
Delinea (also known as ThycoticCentrify after its merger), which bills itself as “seamless privileged access.” The Delinea PAM product manages administrative rights and enforces least privileged access, which helps companies avert ransomware and minimize security threats.
Delinea (fka Thycotic) product summary
The Delinea PAM tool uses a centralized authentication process to manage privileged access to applications, servers, databases, and other infrastructure resources. It uses password rotation and an encrypted secret vault for storing keys and credentials.
Delinea use cases
Organizations often choose Thycotic PAM to:
- Monitor sessions on servers
- Rotate passwords
- Keep secrets and credentials safe, including user names and passwords
- Retain user activity logs
- Administer privileged access to servers, applications, databases, and networks
Delinea pros & cons
Organizations often choose Delinea PAM because of its behavioral analytics and comprehensive audits. They also appreciate how it:
- Manages secrets in a straightforward manner
- Includes effective features to manage sessions
- Offers clear documentation
- Leverages a user-friendly interface
But organizations find that Delinea may not be up to the task in modern computing environments as it:
- Inadequately supports modern databases
- Must be installed on the organization’s server
- Does not support Kubernetes
- Only offers limited integration with third-party tools
What Is StrongDM and Why Is It Better Than BeyondTrust and Delinea?
Often, traditional PAM tools fall short in today’s modern environment. With remote work and distributed workforces now the norm, users from more than just the Dev or Ops teams need access to critical infrastructure from a variety of locations. In the BeyondTrust vs. Thycotic comparison, it is worth looking at a third solution: StrongDM.
StrongDM goes beyond traditional PAM and offers a control plane to monitor and manage access to databases, servers, applications, and even Kubernetes clusters. The Zero Trust model used by StrongDM pulls together user management in your existing SSO, whether that’s Google, Duo, Okta, or OneLogin. It hides credentials so that end users cannot access them.
Organizations no longer need to distribute access across VPNs or use individual database credentials and SSH keys, reducing the complexity of access management and speeding up the time to onboard new users.
Additionally, StrongDM is easy to implement, simplifies workflows, and improves productivity. It offers comprehensive logging of user activity so that every query is monitored, making audit time much easier. And its straightforward pricing model, custom tool integrations, and exemplary customer support make StrongDM ideal for organizations from small businesses to large enterprises.
So Which One Is Better for You?
Here is a quick review of the features for you to decide.
|Best for||Enterprises||Small to medium-sized businesses||Enterprises and start-ups looking to scale|
|Setup||Complex||Simple implementation||Simple, fast implementation|
|Navigation||Clumsy UI||Simple, user-friendly interface||Intuitive, user-friendly design|
|Modern database support||Supports most datasources||Limited||Broad support for legacy, modern, and cloud-based data sources|
|Installation||Does not require installation on your server||Must be installed on your server||No installation required on your server|
|Documentation||Comprehensive documentation||Good documentation||Excellent documentation|
|Customer support||Offers chat, email, knowledge base options||Offers year-round support on premium packages only||Offers 24/7/365 support to all users|
|Pricing||BeyondTrust pricing is available upon request.||Thycotic offers a 30-day free trial.
Requires a custom pricing plan from the sales team.
|StrongDM gives a 14-day free trial.
It has a single, straightforward pricing plan — $70 per user per month.
Are you looking for a streamlined way to manage privileged access? Book your demo of StrongDM today.
About the Author
Andrew Magnusson, Director, Global Customer Engineering, has worked in the information security industry for 20 years on tasks ranging from firewall administration to network security monitoring. His obsession with getting people access to answers led him to publish Practical Vulnerability Management with No Starch Press in 2020. He holds a B.A. in Philosophy from Clark University, an M.A. in Philosophy from the University of Connecticut, and an M.S. in Information Management from the University of Washington. To contact Andy, visit him on LinkedIn.