Thycotic Software’s Secret Server (“TSS”) is a competitor to ManageEngine’s Password Manager Pro. We have learned of a document circulated by Thycotic purporting to compare TSS and PMP. Although it is not uncommon for prospective customers to ask for a feature comparison of competing products, unfortunately the Thycotic comparison document is false and misleading on numerous key points. Until now, we have chosen to refrain from responding publicly and instead focused on continuing to build and improve our industry leading solution. Because we have continued to receive comments from customers who have received the Thycotic comparison document, however, we have decided to respond here, and set the record straight.
The Thycotic comparison is inaccurate in numerous respects. For example:
- Thycotic falsely claims that PMP uses only AES 128 bit encryption. In fact, since 2011, PMP has used AES 256 bit encryption
- Thycotic falsely claims that PMP uses only MySQL as backend database. In fact, PMP supports both MySQL and MS SQL Server databases
- Thycotic provides misleading information about platform support of PMP. Actually PMP can be run in both Windows and Linux platforms, in physical or virtual environments
- Thycotic falsely claims that PMP does not support FIPS, the Federal Information Processing Standards. In fact, PMP can run in FIPS compliant mode
- Thycotic purports to compare pricing by stating that PMP is more expensive when licensed on an annual license over a 5 year period, but in doing so Thycotic ignores the facts that PMP is available in multiple editions and also on a perpetual license model, which would be far lower priced over the same five year period
Thycotic’s comparison document also suggests that PMP lacks adequate support because our staff are located in India. Such assumptions, based on cultural stereotypes, are unhelpful.
In addition, as a matter of business practice we believe that a responsible information security company, upon learning of what it perceives to be a security vulnerability in a third party product, should first advise that company so that—if confirmed—it can fix it and disclose it proactively. Here, Thycotic made no such outreach to us. Had they done so, we could have pointed out where their information was simply incorrect.
We have also prepared our own comparison document, which we produced as objectively as possible from information publicly available in Thycotic’s website as on 22nd March 2012. We hope you find our comparison helpful and informative.
Our intention has always been to help prospects choose the best product for their needs. ManageEngine’s approach and attitude has always been to fight hard and fight fair, and be open about it. We will continue doing that and leave it to the market to decide. Let the better product win!
The original article/video can be found at Public Response to Thycotic’s Claims Against Password Manager Pro