CyberArk Endpoint Privilege Manager Reviews

I use the solution in my company since some users need a certain level of activity in EXE files. The tool is used to block certain issues that we don't want in our environment.

The most valuable feature of the solution stems from its ability to delegate admin access instead of giving complete admin access to a single user. It is possible to elevate the product to a single process.

The product is very flexible. I don't feel any difficulties while using the product. Recently, my company moved to the tool's SaaS model from the on-prem version. With the tool's on-prem version, the database used to have some issues. After moving to the tool's SaaS version, we are not facing any issues. The on-prem version of the tool requires improvement.

The turnaround time of the support team is an area of concern where improvements are required.

I have been using CyberArk Endpoint Privilege Manager for four years. I am a user of the tool.

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a ten out of ten.

More than 3,500 to 4,000 people in my company use the product.

I have contacted the technical support for the solution. I rate the technical support a nine out of ten.

Positive

The product's deployment part is very easy because only the agent you need to distribute to either via Intune. With Intune, you need to install the tool via automation.

I feel that the price of the product is nominal. It must be around 10 to 15 USD per installation. I rate the product price an eight to nine out of ten, where one is high price, and ten is low price.

CyberArk integrates with WebLogic. There are no issues with integration wise when it comes to CyberArk Endpoint Privilege Manager.

I rate the overall tool a ten out of ten.

The primary use case for CyberArk Endpoint Privilege Manager (EPM) is to control applications on work sessions, particularly in environments where users are not supposed to have open rights. It can be utilized to remove local admin rights from work sessions and protect the local admin group from unauthorized modifications. By deploying policies on these work sessions, organizations can restrict users' privileges and prevent them from adding users to the local admin group, reducing administrative privilege risks on endpoints.

Furthermore, it enables the deployment of policies that allow users to elevate application permissions without granting additional user rights. These application policies benefit specific applications without affecting users' overall rights. For instance, developers may require elevated permissions for certain software applications without needing broader administrative rights. However, EPM does not directly improve an organization's response to endpoint threats. Instead, it depends on other policies, such as those designed to prevent ransomware attacks. These policies focus on different aspects of endpoint security, while application policies specifically address the elevation of application permissions for user tasks, such as development activities.

CyberArk Endpoint Privilege Manager (EPM) 's most valuable feature is its ability to manage user application privileges and protect against ransomware attacks by controlling access to specific files and applications. Additionally, EPM effectively oversees the local admin group, preventing unauthorized users from adding themselves to it and ensuring tighter security. Moreover, the capability to remove users from the local admin group and rotate passwords for built-in admin groups enhances security measures significantly.

The product's threat protection and defense capabilities need enhancement. While there have been significant improvements in recent months, there's still a need for better identification and handling of real threats versus false alarms. It would be beneficial if the product could accurately detect and respond to genuine threats without generating false positives. This would allow organizations to rely more confidently on the product as a complete tool for application control and endpoint protection.

We have been using CyberArk Endpoint Privilege Manager for four years.

The technical support services are good. Despite occasional delays, the team has consistently provided effective assistance and support.

Positive

The initial setup of CyberArk APM was relatively straightforward, and the platform offers flexibility in deployment methods. Depending on the organization's preference, deployment could be done through various means, including deployment tools or the APM console. The platform provides administrators options for choosing the most suitable approach for their environment, contributing to ease of deployment.

However, there are areas for improvement. One aspect that could be enhanced is moving endpoints between sets within the EPM console. While the capability exists, there can be delays in endpoint movement, which could be addressed to streamline the process and improve efficiency.

Additionally, I recall considering adjustments in the advanced settings of the APM console. Specifically, there's a feature for creating custom advanced settings and targeting specific computers or endpoints. However, it's currently limited to targeting only one computer at a time, which can be cumbersome when dealing with multiple endpoints. The process could be easier.

EPM is not specifically designed for threat protection. While it does a decent job in this area, it generates many false positives. As a result, the primary function of EPM in terms of threat detection is to send events to the security team for further investigation.

As a consultant working with organizations, I've deployed application control features like those offered by CyberArk Endpoint Privilege Manager (EPM) across various environments. Without such controls, organizations would face increased vulnerability to attacks, as granting local admin rights exposes systems to potential security breaches.

I rate it an eight. However, there are areas where improvements could be made. For example, addressing the issue of false positives in events, especially concerning ransomware events, would enhance the platform's usability. Additionally, it requires EPM and PAM solutions to reset passwords for local accounts on workstations. Other products allow this with just the EPM component, whereas CyberArk requires integrating two separate products.

The solution is used for:

Rotating local administrator passwords: EPM can be used to rotate the passwords of local administrator accounts on endpoints, which helps to prevent attackers from gaining unauthorized access to these accounts.

Revoking access to privileged accounts: EPM can be used to revoke access to privileged accounts when users no longer need it, which helps to reduce the risk of unauthorized access.

Monitoring privileged activity: EPM can be used to monitor all privileged activity on endpoints, which helps to identify and investigate suspicious activity.

Auditing privileged access: EPM can be used to audit all privileged access to sensitive systems and data, which helps to comply with security regulations.

We were able to reduce the number of privileged accounts by 50%, which helped to simplify our privileged access management environment. 

We were able to automate the process of rotating privileged passwords, which saved us 100 hours of manual work each year. 

We were able to detect and block a number of unauthorized access attempts, which helped to prevent data breaches. 

We were able to meet the requirements of the PCI DSS, which helped to protect our customers' data.

With the solution, we met regulatory requirements. CyberArk has helped us to meet specific regulatory requirements for privileged access management. For example, CyberArk has helped us audit all privileged access to sensitive systems and data,

The least privilege enforcement has helped us to reduce the number of privileged accounts by 50%, which has simplified our privileged access management environment and reduced the risk of unauthorized access.

The privileged session management has helped us to prevent unauthorized access to sensitive systems and data. For example, we were able to detect and block a number of unauthorized attempts to access our financial systems.

Auditing and reporting have helped us to comply with security regulations such as the Payment Card Industry Data Security Standard (PCI DSS).

Threat protection has helped us to detect and block malicious applications and scripts, which has helped to protect our endpoints from attacks.

Centralized management has simplified administration and reduced the risk of errors. For example, we were able to easily deploy CyberArk EPM to all of our endpoints without any major problems.

The solution could improve:

User experience and ease of use: The product needs a streamlined user interface; improvements to the user interface can enhance user experience and make the solution more intuitive to navigate.

Simplified policy configuration: Making the process of creating and managing policies more user-friendly can lead to better adoption and utilization.

Integration and compatibility: Enhanced Integrations, Improving compatibility with a wider range of operating systems, applications, and devices can broaden the solution's scope and effectiveness.

API and automation: Expanding API capabilities allows for more seamless integration into existing security workflows and automation processes.

Threat intelligence and analytics and advanced threat detection: Incorporating more advanced threat detection mechanisms can help in identifying and mitigating potential security breaches.

Analytics and reporting: Robust reporting and analytics features can provide insights into privilege usage, potential vulnerabilities, and overall security posture.

Performance and scalability: Enhancements in performance, such as reduced latency and faster policy enforcement, can contribute to a more efficient endpoint management process. Ensuring the solution can handle a large number of endpoints without sacrificing performance is crucial for enterprises of varying sizes.

I've used the solution for ten years.

Scalability can be an issue when the solution struggles to efficiently manage a large number of endpoints. 

As an organization grows, the number of endpoints (devices) that need privilege management increases, which can strain the solution's capacity to effectively manage and enforce policies across all these endpoints.

We did not use a different solution.

The initial setup was straightforward.

We did not evaluate other options. 

I use the solution in my company since its PAM features are used for privileged accounts.

The most valuable feature of the solution is its performance. I would describe it as a seamless solution.

The price of the product is an area of concern where improvements are required. The product's price should be made more flexible.

The tool's UI could be better and more user-friendly.

I have been using CyberArk Endpoint Privilege Manager for a year. My company has a partnership with CyberArk.

Stability-wise, I rate the solution an eight out of ten.

Scalability is fine since many people can use it even with a minimum number of licenses.

Around five people in my company use the tool.

My company has not contacted the product's technical support since our internal team took care of the deployment process.

The product's initial setup phase is fine. The on-premises architecture is a bit tough.

The product's deployment phase focuses on consolidating everything in a single platform.

Around two people are required to deploy and maintain the product.

The value or the benefits derived from the use of the product revolve around the fact that it is a reliable tool. Though it may come across as a complex product, its customers can rely on its efficiency.

The product's license is easy to procure.

I am aware of CyberArk's PAM part and CyberArk Identity.

I find the solution to be more effective since it is better than its competitors. The brand value offered by the product is very good.

There are no application control capabilities offered by the tool, but I know that enforcing privilege access control is pretty fast.

The product is reliable and stable. The solution's brand value is good. The solution is better than the products offered by its competitors.

My company is aware of the fact that CyberArk offers integration with other security tools in the market, but we have not dealt with such a complex implementation yet.

I rate the tool an eight out of ten.

I work with CyberArk Endpoint Privilege Manager for my partners. It is mainly for compliance, managing credentials securely, and monitoring what's going on with those credentials. Also, there's this thing about limiting privileges for certain users in production environments. But it seems like it's not just for big setups, it's also used across all kinds of workplaces.

The feature called PTA, which stands for Privileged Threat Analytics keeps track of what admins are doing and works with Centimeters. If something fishy is going on with a user's credentials, it alerts the security team so they can act fast. Plus, it automates stuff like resetting credentials or blocking users. So, if there's a potential hack, CyberArk can change passwords and lock out users in a snap. It also gives you a heads-up if anything unusual is going on with server activities, like someone creating new users with uncontrolled credentials. 

CyberArk meets clients' need very spot-on. It covers everything customers ask for.

As for improvements, honestly, the feedback's been really positive. I haven't heard any specific areas that need work.

It's designed to be highly available and resilient, so you can always access your targets no matter what.

As for scalability, it's totally on point. With the SaaS option, it's fully scalable. And if you're running components on-premise, you can easily add more to boost performance as your user base grows. They're usually virtual, so it's a breeze to scale up by adding more virtual machines.

I don’t deal directly with customer support, but I've heard good things from my colleagues who do. They usually handle it through certified partners, and the feedback is pretty positive.

Positive

There are two choices, one is the software service option, which is super easy to install and get running. The other is a self-hosted route, which has a more structured setup for better security and performance, though it's a bit more complex.As for deployment time, it varies depending on the project, but on average, you can get it up and running in just a day.

Maintenance is not a headache. We usually offer manager services to keep everything updated and running smoothly. It's a simple process that keeps things effective.

It's not at the lower end of the market. I think the price is reasonable considering the quality it delivers. It is a top-notch solution at a fair price point.

Once you start integrating this solution with your existing technologies and implementing new processes for accessing targets by administrators, you can see significant progress within two to three months, covering around eighty to ninety percent of your technology integration. With strong engagement, you can expect a substantial return on investment in that timeframe.As for rating the solution, I would give a solid ten.

I'm using it in my company. It helps us manage our endpoints and keep things secure.

The solution is doing what we expect it to do. 

It integrates well with our CI/CD pipeline and Amazon Cloud, which is useful.

We can do both server and endpoint protection. 

It's a stable product. 

The interface has been fine.

It is scalable. 

Technical support is helpful and responsive.

We've sent requests to CyberArk for improvement. We've had issues around migration surrounding legacy to cloud ADs. The implementation process wasn't as straightforward as we had hoped. 

They need much better integration with Azure AD. 

It is expensive; however, it does offer good value compared to the competition. 

I've been using the solution since 2020. 

It is stable. There are no bugs or glitches. I've found the solution to be reliable. It doesn't crash or freeze. 

It's scalable. We can extend the product very easily.

It's great for enterprises.

Technical support is very good. They are helpful. We have no complaints about the level of support we receive.  

We did not use any other solution. 

The initial setup was difficult. We had trouble with legacy migrations and Azure AD. 

The deployment took two years across two phases.

They are not the cheapest. However, what they provide, compared to competitors, it is reasonable. 

We evaluated a different option previously and decided not to go ahead. We went with this solution instead. 

Just make sure all applications and services that need to be migrated can move over. A lot of planning is required.

I'd rate the solution eight out of ten. 

We primarily use the solution on our endpoints. 

We are using pretty much everything there. Basically, what we are trying to do, is when the end user connects to machines, the actual Window servers, Linux servers, et cetera, everything is run through CyberArk. We haven't got into the Application Identity Management part yet, using CyberArk APIs. 

That said, we are using CyberArk whenever somebody wants to access a remote server or any server, for that matter. Our infrastructure is basically set up so that access is given through CyberArk.

The solution is good for controlling access. 

I have always found that CyberArk is a very tight, foolproof product compared to most other products available.

It is quite stable. 

CyberArk is a pretty heavy solution. There are a lot of moving components and a lot of things involved. The architecture itself is pretty heavy. When you look at products like BeyondTrust, it's not as heavy as CyberArk. That's the only thing. 

The setup can be somewhat complex. 

Most of it runs on Windows servers. Maintenance of those Windows servers and all that stuff is what is a little bit challenging.

Technical support could be better.

I've been working with the solution for about five or six years already with CyberArk. 

I have implemented CyberArk for quite a few UK clients before. I've been in London and I've worked with some customers there. 

I've been part of the Identity Access Management domain for almost 12 years already and Privilege Access Management for maybe four or five years.

The solution is stable and reliable. I'd rate the stability at a nine out of ten. There are no bugs or glitches, and it doesn't crash or freeze. 

That said, it depends on the architecture. We have high availability and we have a disaster recovery site. We have a pretty big implementation of CyberArk here. It's foolproof in that way. It's designed to be as stable as possible.

While my understanding is there are opportunities for scaling, I've never really attempted to scale anything. 

We have 5,000 to 10,000 users using the solution at this time. 

We do get a lot of support from them. We have taken professional services also in my previous engagement, where we had to deploy specific complex solutions. Technical support is always available, and they are helpful. 

That said, not everyone has the same level of expertise. There are people who are very knowledgeable and there are people who are not as good as well.

Neutral

I've worked in BeyondTrust, also. They have Asian-based solutions, and it's not as heavy as CyberArk.

Since I have been working with CyberArk for some time, I feel a little bit more comfortable with CyberArk. BeyondTrust is also not that bad. However, they did not have all the capabilities that CyberArk was offering at that time. That said, this was maybe four or five years ago. I haven't explored anything after that. I'm sure a lot of things have changed.

There used to be IBM Privilege Identity Manager as well, but it's not there anymore. 

Saviynt has its own solution as well.

Basically, there are multiple solutions there, however, CyberArk was definitely been our choice for Privilege Identity Manager.

Every product has its own way of working. With CyberArk, the only challenge is there are a lot of components. That's the only thing. 

When you have CyberArk architecture and if you have a hybrid environment specifically or you have multiple data centers that you want to use CyberArk in, the thing is there are a lot of components that need to be deployed. They have a lot of architectural components out there.

We do require quite a few people to cover maintenance tasks. 

The solution is expensive. 

I'm an end-user. I have worked for companies that have had partnerships with this solution in the past.

The solution is pretty mature and can accommodate our use cases quite well. 

I'd rate the solution seven out of ten.

I would recommend the solution to others. We have in the past recommended it to our customers as well. 

Inside we have a lot of applications, including three or four critical applications. With this application, remote users cannot run another application if you do not grant access to these applications. For example, if you want users to use Word or PowerPoint, you can allow usage of those and block usage of other things. If you want to run one application and you need to get permission, you send a ticket to ask for authorization to use it. That way, the company can control the access of every user.

I like that we have the power to blacklist, whitelist, and greylist applications.

It is really easy to deploy.

The solution is mostly stable. 

Users can scale the solution. 

We'd like the solution to work with AIX operating systems and custom distributions like Linux. 

We would prefer increased stability.

It is hard to deal with technical support if you are not certified. 

I've been using the solution for one year.

More or less, the solution is stable. About three weeks ago, we witnessed latency with the solution. It could be a bit more stable. 

If you want to deploy some agents, you can buy more licenses for the solution. It's a service only. You can add another agent. With ease and scale as you like.

We have about 100 users on the product right now.  

At this time, we will not increase usage. 

If you do not have certification, you cannot send a ticket. This makes dealing with technical support difficult. 

I did not previously use a different solution. 

You can implement this product on-premise. With the next-generation versions, you can just download an agent and deploy it on your machines. It really is easy to deploy.

We have three people on staff that are capable of managing the solution as needed. 

We had a consultant assist us with the implementation process. 

We have seen an ROI of around $10,000 so far.

We pay about $17 per user.

I'm not aware of any other similar solutions and did not evaluate any others. 

This is a SaaS solution. 

If you don't have a solution that you can deploy a massive agent to, it isn't easy to implement individually. 

I'd rate the solution nine out of ten.