Competitive Analysis

WALLIX PAM VS IBM PAM

Comprehensive Analysis
Differentiators
Platform (OS, DB) &
Certification
Solution Security
AAPM capabilities (Application
2 application password
management capabilities)
Solution Installation, User
Experience, Simple
configuration tasks
Session Management
Capabilities
Wallix IBM PAM
Wallix is powered by custom built hardened Debian OS with IBM PAM is powered by Windows OS & Microsoft SQL
MYSQL Commercial edition DB which is included in license cost DB which is an additional cost other then the software
cost.By Default, they try to setup SQL express edition
WALLIX has CSPN & FSTEK certification which not at all recommended in Production
environments
1. Inbuilt DDOS protection, Basic Hardening like access approval by email,
2. GRSecurity patches, maximum logon failures, Force password masking etc
3. FileSystem Hardening which is very basic
4. GCC plugins
5. Memory corruption Defenses
6. TLS 1.2 compliant
Present, infact as per GARTNER we perform it the most secured Yes, Present
way using device based fingerprinting mechanism
Rapid Installation with OVF (10 mins) EXE based installation(no appliance) with pre-
Simple & Easy to manage GUI with simple direct options for requirement of SQL,SQL pre-requisites(dotnet)
configurations Complex GUI with too many options
Extremely Quick to configure basic tasks It takes some time to get used to performing simple
User Friendly software configuration tasks
Not User Friendly
Present, Present,
Agentless session recording on PAM server Agentless session recording however on end user side
Ability to blacklist apps, processes with inbuilt OCR Does not has OCR feature
Extensively Rich textual, transcription information about video Textual information about session is very limited
logs called as METADATA
Comprehensive Analysis
Differentiators Wallix IBM PAM

Passphrase Encryption WALLIX has inbuilt passphrase key encryption which protects the No such protection inbuilt
VM to be copied and used for illegimate access

Protection for Target servers WALLIX stores a x509 certificate when it interacts with any target No Such protection
device for the first time and ensures verification of this certificate
every time user wishes to connect to target devices. This is useful
in case if some malware tries to modify identity of the servers ,
BASTION will identify and block access
TCO Very low, High,
can be deployed with 4GB RAM & 2 core processor at minimum Comparatively requires more resources & TCO is higher
with just 1 server

High Availability Solution has inbuilt ACTIVE-ACTIVE high availability with inbuilt Needs additional expensive SQL enterprise license for
hardening of the PAM appliance ACTIVE-ACTIVE High availability

Agentless Secured VPN-less Present with WALLIX ACCESS MANAGER, with no separate Present, however opens servers in different windows
HTML5 remote access gateway license included in the license cost. Opens servers in tabs separately
for external access(vendor access
over the inetrner)
Comprehensive Analysis
Differentiators Wallix IBM PAM

Session Sharing Available Not Available

User account lock on violation of Yes, user ill be locked and session will be terminated as well Not present, IBM PAM is limited to simply terminating
PAM policies like critical the session
command execution etc

Risk analysis based on user Wallix marks risky sessions as red and normal sessions as green Not available
activity on audit screen

Agentless Access to targets Present in true sense Not available, it also needs an installation of agent \ app
purely based on native RDP & on end user machine
SSH putty

Web App Integration Well integrated, Seamless, Easy process \ approach to onboard Fairly complicated in terms of onboarding web
web-based applications using New App Driver approach where applications. Each web app requires different
in same config works for numerous web applications configurations to be done