PAM Suite Features comparison

Overview

ManageEngine Password Manager Pro was built in 2007 as an enterprise password vault. Over
the years, we expanded its feature set to make it serve as an enterprise privileged account
management solution. Further down the line, we built two more products—Key Manager Plus
and Access Manager Plus—to focus more on specific business needs and serve different
target audiences. Apart from the three different point products serving their independent
purposes, we came up with ManageEngine PAM360. PAM360 serves its own higher purpose
and helps you design and build a complete privileged access management (PAM) strategy for
your enterprise. Click here to learn more about the differentiation between the products.

The point products in the ManageEngine PAM suite

Password Manager Pro: A privileged account management solution that helps IT teams
completely manage privileged accounts, as well as control and monitor access to critical
information systems. It helps mitigate security risks related to privileged access and prevent
security breaches without disrupting business. Password Manager Pro makes it easy to meet
security audits and compliance requirements stated in various regulations such as HIPAA, PCI,
NERC-CIP, and GDPR.

Password Manager Pro serves as a secure, encrypted vault to store, rotate, and manage all your
enterprise passwords, keys, certificates, and other sensitive data. It automatically discovers all
privileged accounts in your enterprise, supports periodic password reset for over 70 resource
types, provides robust user management capabilities along with strong authentication and
SAML SSO support, and also enables one-click access to remote systems.

Password Manager Pro also helps in application-to-application and application-to-database

password management, and DevOps automations through integration with CI/CD tools like
Jenkins and Ansible. Additionally, it also supports native integrations with SIEM tools and
ticketing systems. Password Manager Pro integrates with ManageEngine Key Manager Plus,
offering basic key and certificate management capabilities. It also enables administrators to
monitor and record privileged sessions, and provides comprehensive auditing and reporting
of every activity. Learn more.
Key Manager Plus: A web-based encryption key management solution that helps IT
administrators track and manage the entire lifecycle of SSH (Secure Shell) keys and SSL/TLS
(Transport layer security) certificates. It provides visibility and central control over an
enterprise’s SSH and SSL landscapes, ensuring total security of the cryptographic assets,
thus minimizing the possibilities of potential data breaches and compliance issues.

Key Manager Plus currently facilitates lifecycle management of SSH keys deployed within the
network—right from discovery and vaulting to generation of fresh key pairs, bulk deployment,
periodic rotation, and secure SSH remote connections.

Key Manager Plus also facilitates SSL/TLS certificate life cycle management which includes
discovery and vaulting of all types of X.509 certificates deployed within the network. Using the
built-in certificate request workflow, users can request admins to create and deploy
self-signed certificates for internal usage or leverage integrations with third-party CAs to
obtain public certificates. Key Manager Plus also supports certificate deployment in bulk,
SSL/TLS vulnerability scanning, and operates with log monitoring systems to trigger timely
certificate expiration alerts. Learn more.

Access Manager Plus: A secure remote access and privileged session management solution
that enables IT administrators and other privileged users to effortlessly access an account
belonging to a critical system, like a database, network device, application, or a server, without
the need for supplying its password. The enterprise-grade remote access management
functionalities help enterprises to minimize deliberate and unintentional access misuse risks,
while also letting them choose and design a utilitarian remote access strategy.

Access Manager Plus supports robust user authentication through various 2FA services,
employs granular access controls, and automatically discovers remote assets in your IT
environment that can be accessed with a single click. It supports jump servers to connect to
Windows and Linux systems located in dissimilar security zones, RemoteApps to whitelist
specific Windows applications during RDP sessions, bidirectional file transfer, and various
configuration settings to enhance the user experience during remote sessions.

Access Manager Plus also provides advanced privileged session management capabilities.
It helps administrators record and playback all privileged sessions, supporting forensic and
internal audits. It also enables administrators to monitor and shadow user sessions in real-time
with provisions to terminate suspicious sessions, along with comprehensive audits for all
activities. Learn more.
PAM360: Unified privileged access management software for enterprise IT

PAM360 is a web-based PAM solution that regulates access to sensitive enterprise data
through powerful privileged access governance, smoother workflow automation, advanced
analytics, and contextual integrations with various IT services.

Apart from advanced PAM features that come bundled with the product, PAM360 directly
integrates with all the above point products and various third-party services, like vulnerability
scanners, SIEM solutions, and robotic process automation (RPA) tools. It also offers advanced
HSM integration (to manage the entire encryption/decryption), just-in-time privilege elevation,
ML-based privileged user behavior analytics (PUBA), and smart workflow automation.

PAM360’s upcoming versions will cover integration with third-party IAM and IGA providers,
PAM360 cloud edition, support for more vulnerability scanners and CI/CD DevOps platforms,
SSH command controls, and much more.

While the three point products will continue to develop in their own space and cover features
specific to their respective market trends, PAM360 will serve as the advanced PAM solution
for medium and large scale enterprises.

Adopting PAM360 in your enterprise: The bigger picture

Achieving complete privileged access security is crucial to develop a strong security strategy
against cyberthreats, irrespective of your industry or organization size. Unless you track
privileged activities, there’s a significant risk of data compromise through rogue users,
non-human accounts, services, and bots that are managed by insecure automation and
DevOps tools. Today, the concept of privileged access expands to a broader spectrum of use
cases that require faster and wider access to sensitive corporate information, spawning
several security risks.

PAM360’s all-inclusive approach helps modern enterprises to gain holistic insights into their
privileged access activities across the entire infrastructure and stay compliant with various
regulations like the GDPR, HIPAA, SOX, PCI-DSS, and CCPA.

Our vision is to enable you to shape up your overall security strategy with PAM. In a few years
from now, we aim to achieve the agility that lets you completely adapt to the way you work,
integrate with all the IT security tools you employ, and help you uncover emerging PAM use
cases outside your conventional security realm.
 Features comparison table
Feature/capability PAM360 Password Key Manager Access Manager
Manager Pro Plus Plus

Privileged account Yes. Windows, Partial. Partial. Partial. Only

discovery Linux, network Windows, Only SSH Windows and Linux
devices, Linux, VMware, resources
VMware, AWS and network
EC2, Amazon devices
workspaces
Privileged account Yes Yes No No
management

Customized user roles Yes Yes No Yes

SSH key management Yes Yes, available Yes No

with the Key
Manager Pus
add-on
SSL/TLS certificate Yes Yes, available Yes No
management with the Key
Manager Pus
add-on
DevOps and cloud security Yes Partial No No

Just-in-time privilege Yes No No No

elevation*

Granular access controls Yes Yes Yes Partial

Secure remote access Yes Partial No Yes

provisioning

Jump server support to Yes, for RDP and Partial. Only for No Yes, for RDP and
access remote resources in SSH SSH SSH

DMZs
Application control in RDP Yes No No Yes
sessions through
RemoteApps

Advanced settings for RDP, Yes No No Yes

SSH, and VNC sessions
Privileged session Yes Partial Partial. Yes
monitoring and recording Recording
available for
SSH sessions
Privileged user behavior Yes No No No
analytics*
Bidirectional file transfer Yes Partial. Only for No Yes
RDP sessions

ML-based user and entity Yes No No No

behavior analytics*
Endpoint log correlation for Yes No No No
privileged session audits*

Integration with Yes No No No

vulnerability scanners

Integration with Ser- Yes Yes, available Yes No

viceDesk Plus’ CMDB with the Key
Manager Pus
add-on
Integration with RPA tools Yes No No No

Integration with SIEM tools Yes Partial No No

High availability Yes Yes No No

Comprehensive auditing Yes Partial Yes, on key and Yes, on remote

certificate sessions, access,
activities, and and other user
SSH sessions activities
Compliance reporting Yes Yes No No

Canned, custom, and query Yes Yes Partial. Canned No

reports on passwords, key, reports avail-
able on SSH
and user activities
keys, SSL/TLS
certificate
activities,
vulnerability,
SHA-1, etc.

*Capability requires licensed subscription of other ManageEngine products. Learn more.