<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

Alternatives to Delinea (fka ThycoticCentrify)

Delinea Competitors

In April 2021, Thycotic and Centrify merged to create ThycoticCentrify and in January 2022, later rebranded as Delinea. Delinea’s Privilege Manager is a tool that allows organizations to secure access for privileged administrators (typically systems and database administrators) to Windows Servers, Linux servers, and some database management systems through a centralized authentication method.  It does not secure access to modern and cloud-native databases, Kubernetes clusters, the cloud CLIs, switches, routers, or internal web applications.

Delinea

Brief product summary

Delinea uses a least-privilege policy to manage access to resources. The Secret Server enables system administrators to manage privileged account access and protect credentials for a wide range of platforms and services. Delinea provides a single dashboard from which users can discover and search for accounts, manage, provision, and delegate access to all accounts. System Admins can manage passwords, automate password changes for network accounts, and integrate with multiple CRM systems.

Use cases

  • Discover and manage privileged accounts and store passwords in a Secret Server.
  • Ensure that sensitive information is not exposed.
  • Configure two-factor authentication for all users.
  • Automate password rotation and management.
  • Receive notifications when credentials are used out of the norm.
  • Delinea provides centralized access to Linux and Windows servers and some legacy databases.

Pluses

  • Easy installation.
  • Password Account Management is available in both the on-premise and cloud versions.
  • Affordable and competitive pricing.
  • SSH access is available.
  • RDP access is available.
  • Authenticates users through LDAP and Active Directory (AD).
  • Integrates with some machine groups.
  • Cloud and on-premise deployable.

Minuses

  • Delinea is designed for legacy systems and highly privileged administrators.
  • It is designed for Windows-based environments and does best with legacy databases and authentication methods (AD, LDAP).
  • It is not designed for any cloud-native environments, newer database management systems, nor does it handle modern infrastructure toolings like Kubernetes, Dockers, and ephemeral environments.
  • It does not cover all users within a company, most of whom require access to systems that contain privileged information (for example, financial analysts who might need access to transactional information).
  • Delinea does not secure access to modern and cloud-native databases, Kubernetes clusters, cloud CLIs, switches, routers, or internal web applications.
  • The pricing model is complex.

StrongDM

Brief product summary

StrongDM is a control plane to manage and monitor access to databases, servers, and Kubernetes. StrongDM's zero trust model means instead of distributing access across a combination of VPN, individual database credentials, and SSH keys, StrongDM unifies user management in your existing SSO (Google, Onelogin, Duo, Okta, etc...) and keeps the underlying credentials hidden. Neither credentials nor keys are accessible by end users. Because StrongDM deconstructs every protocol, it also logs all database queries, complete SSH and RDP sessions, and kubectl activity.

Use cases

Pluses

  • Easy deployment - self-healing mesh network of proxies.
  • No change to workflow- use any SQL client, CLI, or desktop BI tool.
  • Standardize logs across any database type, Linux or Windows server, and Kubernetes.
  • Graphical client for Windows and MacOS.
  • See and replay all activity with session recordings.
  • Manage via a user-friendly web browser interface.
  • Simple, straightforward pricing.

Minuses

  • Requires continual access to StrongDM API for access to managed resources.

CyberArk

Brief product summary

CyberArk’s Privileged Access Manager tool was designed originally to run on Windows workstations and integrate with LDAP and Active Directory (AD). It allows privileged administrators (typically systems and database administrators) to restrict access to Windows Servers, Linux servers, and some database management systems using a centralized authentication method. Add-on features can also provide a credential vault and password rotation. Access is typically through a web interface or locally installed utility. Components of the system include a password vault, central policy manager, and privileged session manager. In most cases, CyberArk can provide an audit trail of queries and session replays. However, if you need to secure access to modern and cloud-native databases, Kubernetes clusters, the cloud CLIs, switches, routers, or internal web applications, there are other options to consider.

Use cases

  • Centralized access to Linux and Windows servers, and some legacy databases.

Pluses

  • SSH access available.
  • RDP access available.
  • Authenticates users using LDAP and Active Directory (AD).
  • Integrates with some machine groups.

Minuses

CyberArk is not designed for any cloud-native environments, newer database management systems such as Kafka and Redis, modern infrastructure tooling (like Kubernetes, Dockers, and ephemeral environments), and often requires the end user to acquire additional CyberArk-specific software to accomplish tasks.

Finally, it does not cover all users within a company, most of whom require access to systems that contain privileged information (for example, financial analysts who might need access to transactional information). Furthermore, CyberArk has a complex pricing model, and it has been reported to be “shelfware” at many companies that have purchased it.


HashiCorp Boundary

Brief product summary

HashiCorp Boundary is an open-source identity access management (IAM) tool that facilitates secure user access to dynamic hosts and critical infrastructure across environments. However, if you need a simple and secure way to manage access to databases, Kubernetes clusters, cloud CLIs, switches, routers, or internal web applications, there are other services to consider. In this blog post, we’ll take a look at a few alternatives and discuss the strengths and weaknesses of each. First, a quick side-by-side comparison of the features you may want to consider.

Use cases

  • Hashicorp Boundary is open-source and free identity-based security.
  • Role-based and logical service authorization.
  • Use SSO to manage, onboard, and offboard users.
  • Integrate with existing tools and APIs.

Pluses

  • Dynamic resource catalogs.
  • Dynamic credentials.
  • Integration with Vault and others for end-to-end dynamic credentials.
  • Authenticate with identity provider already in use.

Minuses

  • Tools are confusing.
  • Complex setup with lots of "moving parts". Users have trouble figuring out what to run together and how to integrate.
  • Requires a third tool, Consul, to manage services and machine-to-machine access.

About the Author

, Director, Global Customer Engineering, has worked in the information security industry for 20 years on tasks ranging from firewall administration to network security monitoring. His obsession with getting people access to answers led him to publish Practical Vulnerability Management with No Starch Press in 2020. He holds a B.A. in Philosophy from Clark University, an M.A. in Philosophy from the University of Connecticut, and an M.S. in Information Management from the University of Washington. To contact Andy, visit him on LinkedIn.

logo
💙 this post?
Then get all that strongDM goodness, right in your inbox.

You May Also Like

Competitors & Alternatives to Saviynt
Competitors & Alternatives to Saviynt
Saviynt is a popular identity and access management solution (IAM), but it may not be the best choice for every organization. In this article, we’ll explore powerful alternatives to Saviynt for companies with cloud-first IT infrastructure. By the end of this article, you’ll know whether Saviynt or one of these Saviynt competitors is the right fit for you.
CyberArk Pricing: How Much Does It Cost and Is It Worth It?
CyberArk Pricing: How Much Does It Cost and Is It Worth It?
Examining the CyberArk pricing model to discover how it fits with your organization’s budget will help you make the case for a PAM solution. Here’s how CyberArk PAM pricing breaks down.
BeyondTrust vs. Thycotic (Delinea): Which Solution Is Better?
BeyondTrust vs. Thycotic (Delinea): Which Solution Is Better?
This article compares two Privileged Access Management (PAM) solutions, BeyondTrust vs. Thycotic (Delinea). It takes a closer look at how these PAM products work and how they fit in with your organization’s access management strategy. We’ll examine product summaries, use cases, and pros and cons. By the time you’re done reading this article, you’ll have a clear understanding of the similarities and differences between these PAM tools and be able to choose the tool that best fits your organization.
CyberArk vs. BeyondTrust: Which PAM Solution is Better?
CyberArk vs. BeyondTrust: Which PAM Solution is Better?
This article compares two Privileged Access Management (PAM) solutions, CyberArk vs. BeyondTrust. It takes a closer look at what these two PAM products are, how they work, and what may make them fit well with your organization. We’ll explore product summaries, use cases, pros and cons, PAM features, and pricing. By the time you’re done reading this article, you’ll have a clear understanding of how these PAM tools operate and be able to choose the one that will work best for you.
Competitors & Alternatives to ManageEngine PAM360
Alternatives to ManageEngine PAM360
ManageEngine’s PAM360 gives system administrators a centralized way to manage and audit user and privileged accounts within network resources. However, teams that need to manage secure access to Kubernetes environments or enforce password policies within their privileged access management (PAM) system may want to consider other options. This blog post will cover ManageEngine PAM 360 and some solid alternatives, along with the pros and cons of each.