CyberArk Privileged Access Management vs. Forefront Identity Manager (Discontinued)

The system is great for enterprise or larger IT departments or teams where temporary or full access may be given using privileged IDs. Requirements for needing local admin access is also eliminated which can help with specific Windows workstation related tasks. It can be very useful when working with remote teams or contractors who may need temporary access to a system when required.

Incentivized

I think that MIM is great for compliance since it reduces the number of logins that are required by users. Most offices have post-it notes with logins floating around because there are so many to remember or there are "shared" logins. This reduces the number of logins to 1 and you can easily revoke access in one fell swoop. This prevents gaps and holes with terminations and updates to select groups are super simple.

Incentivized

• Automatically discover new servers on the network and take control of the local admin password by vaulting it and ensuring nobody knows the password. A different password on every server.
• Automatically roll the password in a configurable manner - after each use, after a certain period of time, etc.
• Track and govern sensitive account usage by ensuring only properly authorized users can access the vault and obtain the credentials and then monitor usage.

Incentivized

• Authentication
• Security
• Identity Management

Incentivized

• GUI - right now everything is on one page/dashboard. Some level of folder/Safe type view would be great
• More options when storing passwords - especially for network based passwords
• Better integrations with vendors like Cisco so that admins dont need to really get the password from the vault (think Last Pass type add on)

Incentivized

• For Windows Server 2008 R2 Servers is a great tool to set a codeless provisioning over new objects.
• Can easily integrate with Active Directory and Exchange Servers, improving the identity sync between the final user and the lifecycle management.
• Improvements in the areas of performance, simplified deployment easing the troubleshooting tasks, better documentation knowledge base, and more language support.
• The codeless provisioning provided in FIM can sustain a variety from high demand to mid-size scenarios for account lifecycle management.

Incentivized

Customer support and technical support have always been great when we require assistance. Especially when we come across issues that we're not familiar with.

Incentivized

It is known as one of the safest products in the market. It has good support and is also available as on-premise. You can run it virtually on VMWare (and probably on other hypervisors as well). You can have a second instance on bare metal and that makes it a very safe system.

Incentivized

It is Microsoft. We are a Microsoft shop, primarily. It integrates deeply with Active Directory making it good for Microsoft Active Directory shops.

Incentivized

• Decreased the probability of an external cyber attack to privileged accounts..
• Management can control privileged account life cycle management more effectively
• Recording privileged sessions allows our organization to play back exactly the point of a breach or malicious behavior
• Automated system to manage and verify passwords, as privileged accounts are constantly created and deleted
• Automatic PWD change functionality will substantially decrease probability of PWD theft or misuse.

Incentivized

• We see a positive impact simply in the time savings alone. Chasing accounts around is time-consuming and prone to error.
• The cost to us is negligible to the value it provides.

Incentivized