CyberArk Privileged Access Manager Reviews

We use the solution as a vault for whatever passwords we use for connecting to an API or job services. The admin passwords we store in Password Vault. Via CyberArk, we have made a use case where we can track the session, keep a record, and log it, to whoever is logging into the servers.

CyberArk is basically used for privilege access management. It used to be hard to control security from internal employees. For products, and production servers, tracking used to be very difficult. 

Although One Identity Manager also provides similar services that CyberArk provides, they are no match to CyberArk basically. The amount of details and logging that CyberArk provides is command level. That really streamlines the process of tracking those internal servers. That's one significant advantage, I would say.

CyberArk's best aspect is it lets you store the password, and it allows you to connect to those connected systems' passwords. For example, there is an AD in your organization, and you have stored the AD password. Say you want to change the AD password; you just have to change it in CyberArk. CyberArk itself will change the password in the connected system. That's one nice feature they have introduced in the latest features. 

CyberArk is not friendly in terms of having a Community Edition. It's enterprise software. They could maybe give a Community Edition that you can just play around with and see how the software is. It's a very, very costly app. 

Therefore, they can definitely give a demo version or some sort of a Community Edition with partial features at least to help potential users understand its capabilities. 

The initial setup can get complex. 

I've used the solution for about four and a half years.

In terms of stability, there are no complaints. CyberArk, I would say, is an industry leader in this portfolio, especially in Privileged Access Management. There are so many identity access management tools, and almost all of them say that they are both IAM and PAM service providers. However, CyberArk is the only one that is specifically for Privileged Access Management, and they really do mean it. With CyberArk, the PAM is really too good.

We have 5,000 users at least on the solution. 

For Privileged Access Management, it's been used extensively.

I've never dealt with technical support. I'm more of an end user in this case. We rarely have to literally dig down into the implementation. There is a different team that exclusively works on CyberArk, and that's the team that basically deals with day-to-day CyberArk operations.

In both organizations I have worked, they've used identity access management as Dell One Identity Manager, and for Privileged Access Management, CyberArk.

We basically used to have a separate Password Vault that was KeePass. 

With KeePass, there was a security incident in our organization where a few of the passwords got leaked, and then it was challenging to track how the leak happened. With all that considered, G-PAM or CyberArk Password Vault was considered the next solution to prevent these sorts of things from happening again.

The implementation process is a bit complex. If you know this software or the product very well, then setting it up is not that big a deal. However, if you're a newcomer, then of course, it's not a piece of cake. As a new user, I'd rate it 2.5 out of five in terms of ease of setup.

We started from the development stage, where the maximum amount of time was spent. In a live environment, you can't have that much downtime. Roughly you are allowed for one and half hours, or a maximum of three to four hours for downtime. In a live environment, once we could identify the clicks and hacks of the software in the lower environment, it was pretty easy to do. There, it took roughly one to one and a half hours to do, and that part was pretty smooth.

CyberArk is such a stable product that either they launch a new version, which you have to latch onto very quickly as they censored the support for older versions, and with these security products, you can't really stay along with the older versions. Usually, the products are very stable. They don't need multiple patches or updates. One version itself is self-sufficient. At least in my four and a half years of experience with this product, I have seen fewer intermittent updates. Once they launch a new version, that's a different thing. However, from a maintenance point of view, it's very user-friendly and lightweight. Even usage of the tool is very speedy. It doesn't lag one bit.

We handled the initial setup completely in-house.

This is very costly software. However, I haven't really dug into the licensing. My organization gives all its employees a free license and therefore I don't have to worry about pricing. My organization is a partner with CyberArk also. Even so, we just have one instance as a practice instance. 

I did not choose this solution, and I'm unsure if other options were considered. 

The hired architect chose it. I just had the opportunity to implement it. If he evaluated other options first, I have no knowledge of them. 

My company has various levels of partnership with CyberArk.

I'm typically using the latest version of the solution. CyberArk sunsets their older versions very quickly. They won't let you use the old versions.

CyberArk has many components. Password Vault is one of the components. Then there is the CyberArk for server monitoring and logging. These are the two components that we have used extensively. However, apart from that, there are many more applications for CyberArk also, which I haven't used at the moment.

To those considering the solution, I would say when you do the installation, to get on a call with technical support. Keep them on hold. If you are really doing it for the first time and are not aware of the software, you may run into issues.  The public forum of CyberArk is not that good. Their documentation is not that great, and it's not that well maintained. The problems that you may face are seldom covered. Therefore, when you are paying that much money for high-quality software, you can at least ask for better help from them.

I'd rate the solution nine out of ten. 

Privileged Access Management is basically used to just keep track and log. We have to provision those accesses. If a newcomer comes, they have to be identified to ensure they are the correct users. So for those, there is a web implementation where there are some products that you can order, then they're approved. Depending on that mechanism, it's been decided, oh, this is a valid user. That's how it's been managed.

Privileged Access Management in CyberArk is one of the very first features that was implemented as part of Privileged Access Management. Then came Endpoint Manage and finally the Password Vault. From the very beginning, once Identity Access Management as a service started, with Dell One Identity Manager as the first service. Then came CyberArk. I don't think there is an additional benefit that it has brought. It's sort of an essential commodity in the entire Identity Access Management infrastructure.

For me, Privileged Access Manager and One Identity sort of merge together. For me, the best part of CyberArk is Password Vault and Endpoint, basically. If you ask me what's there that, it's that everything is pretty straightforward. There is no confusion. It's a pretty straightforward application to work on.

It is a scalable product.

The solution is stable. 

They should allow further customization as it's really hard to do any further customizations over CyberArk. We do have a wrapper of customization. However, it's very difficult, especially their web implementation. That's one thing I would say they can improve. With Angular and everything on the market, they still have their in-house web implementation tool, which is sort of a headache. 

I would love them to improve their UI customizing features. 

You simply cannot install the demo UI in every customer, basically. They would always ask for something to make their UI look a little different -  simple things like their logo or some sort of additional information pertaining to their particular customer. Even doing the smallest of changes takes a lot to do. 

The solution is stable and reliable. 

I haven't been faced with intermittent bugs like I do on One Identity.

With CyberArk, we rarely get those situations. It's a very, very stable software. You rarely need to raise any bug or service request with them.

It's pretty scalable. Although we haven't increased our infrastructure once, we have installed the latest version. Even then, adding other infrastructure items into the portfolio is not a big deal once you have done the initial installation.

Our organization is more than 30,000 to 35,000 people. However, only a handful of them are entitled to Privileged Access Management. There might be only 5,000 users. It is used quite extensively.

It sort of was implemented with One Identity Manager when Identity Access Management came into the picture. In early times when there was simply Excel as an identity access manager, and then there was nothing basically. Once there was the onset of proper identity access management without in-house custom tools or proper streamlining process, this solution was added. Initially, One Identity was sort of used as a Privileged Access Management also. However, soon they realized that it lacked in a lot of places for Privileged Access Management. That's when we went to CyberArk. That was way before my time.

I have been part of the initial implementation. However, the day-to-day operational tasks are being handled by a different team.

I was part of a migrational project. When I joined this organization, they were just migrating from the last stable version to the present stable version. It was pretty straightforward. There was, in my organization at least, documentation that was a bit more thorough to follow. That helped me a lot.

The implementation takes quite some time. Even in production, we have to instantiate the service. We had to take a special weekend, which means downtime since this is a critical application. Therefore, moving this takes some time. It's not that there are glitches and all. It's such a heavy application that requires moving so many things. For us, it took around nine to nine and a half hours roughly to deploy. This is considering if I take off all the in-between stoppages and breaks.

Privileged Access Management is a complex topic. I won't say that any of the tools are straightforward. That said, if you are thorough, then it's pretty straightforward for people who are in this industry.

I'd rate the setup process a four out of five in terms of ease of implementation.

With every security tool, new users learning by themselves is a bit difficult since the material isn't openly released. It's released if you have a partnership or if you pay for the software. That makes learning the tool a bit difficult. If you are interested in learning, the only thing is to get a job in that field. If your company is using it, it's like learning by doing. That's the only way you can learn about this product.

I'd rate the solution eight out of ten.

CyberArk is for Privileged Access Management, so we secure our privileged accounts using CyberArk.

The main, most valuable aspect is its capability to secure our environment. That's the main reason why we are using it.

It can be made user-friendly, in the sense of the console is pretty outdated. They could add more enhancements, et cetera.

They could add more built-in connection components to support various other application platforms. The built-in connection components available are mostly not fit for our purpose. We need to do additional customization to make it work.

I’ve used the solution for almost two years.

Stability is fine so far, other than a couple of phishes every once in a while.

25 people are using the solution.

The solution is scalable. It’s on the cloud, which makes it simple.

We have enterprise support from the vendors.

The response time could be a bit better. Some people don’t have the access to be able to jump in right away. Sometimes we need someone from the development team who has access to help.

Neutral

I’ve never had experience with any other vendors.

The initial setup was not that straightforward. However, we had vendor support, and we were able to fix all the issues.

It took us almost a month to deploy the solution.

I’d rate the solution a three out of five in terms of ease of setup.

In terms of maintenance, some of the components are not in the cloud, so we handle these aspects ourselves. We have a dedicated team for it.

We initiated the setup with the help of the vendor.

I don’t deal with the licensing. That said, my understanding is that it is on the higher side.

When we need enhancements, we do have to pay more.

We are CyberArk partners. I’m a consultant.

We’re always using the most up-to-date solution version, as we are utilizing the cloud.

We use it mostly to secure our privileged accounts. We don't actively use any other products of CyberArk.

I’d recommend the solution. It’s ideal for smaller organizations.

I would rate it seven out of ten.

We use this solution for the user ADM account onboarding process within our company. If they need server access, we create ADM accounts, and we onboard to CyberArk.

We use it also for the password protection process with other products. We can use this as a password wallet, and we create the password rotation in CyberArk.

We can grant access, check the system's health, and create policies for users.

Creating policies and the password rotation feature have been valuable. We don't have to memorize our password for the ADM account.

Security wise, it's really safe. The password expires within six to eight hours, so no one can get that password from us. Other users can't log in without our credentials, and also, the ADM account password will automatically rotate.

It's really user-friendly as well.

Report creation could be improved.

The policies could be more customized.

I've been working with this solution for almost nine months. It's deployed on the cloud.

The stability is really good.

We have more than 2000 users, and it's really easy to scale.

I have worked with Thycotic before. It is not user-friendly, although it has changed a lot.

Implementation was really hard, and the reporting was not as good as the users expected. In comparison to CyberArk, Thycotic was not better.

The deployment process is really easy, and I would give it a four out of five.

We got support from the CyberArk team but deployed it ourselves. It was easy to follow the documentation and user guide.

CyberArk is an expensive product.

If you can afford CyberArk Privileged Access Manager or you are looking 5 to 10 years in the future, it's a good investment. You will gain experience handling all these pieces using the one product. You can easily integrate with other products also.

You would have maintenance with other PAM products, and you won't with CyberArk. You can save that money by investing in a high quality product from the beginning itself.

Overall, I would rate CyberArk Privileged Access Manager at eight on a scale from one to ten.

We Enterprise Password Vault to manage privileged credentials as well as some server and activity logging.

Before we implemented CyberArk, we had no password vault, so it was challenging to keep a record of who made changes and had access. With CyberArk, everything is a click away for us. We don't need to worry about reporting and other things. We can on our server to check who had access and the changes they made. 

The logs and reporting features are impressive.

We've been using CyberArk for about five years now.

CyberArk is stable, and the performance is awesome.

CyberArk is highly scalable. You don't need to worry about being dependent on only one server because you can deploy to multiple ones and manage it with all of them. If one fails, you can still use your access, so I think it's scalable.

We aren't using the solution extensively, but we plan to expand, and we'll definitely we'll continue with the same solution.

I rate CyberArk support 10 out of 10. We have contacted tech support a few times for help with some of the cases, and the support was perfect.

Positive

We didn't have a password vault solution before CyberArk. 

The initial setup was straightforward for us, but it depends on how you want to use it. It will become a little complex, and you need to gain some knowledge to customize it how you want. That applies to any product. I'll rate CyberArk 10 out of 10 for ease of setup. 

It took us around five or six months to deploy because we were also testing out some other products at the same time. And after testing for a few months, we decided to go with CyberArk for the final production rollout. Once you complete the setup, you don't need much maintenance, but we have around 40 system administrators managing the CyberArk server. 

We did the deployment with our in-house team.

CyberArk's license is too expensive. I rate it seven out of 10 for affordability.

We tried a couple of solutions before selecting CyberArk. Some of them are highly secure, but the reporting functions were tricky. A few were highly scalable, but they required a lot of resources to manage. We preferred CybeArk because it's easy to use and set up. Once you complete the setup, you have everything at the click of a button.

I rate CyberArk Enterprise Password Vault nine out of 10. If you're worried about privileged ID management, security, and scalability, you should go with CyberArk.

I am using CyberArk Privileged Access Manager to protect our servers. It can be either a Windows or Linux Server. Additionally, we have some network devices, and databases, such as Oracle and MySQL Server being protected.

It's improved our organization a lot. It has fulfilled some guidelines from the Indian government. There is some Indian government guideline for anonymity and access management. Similarly, there are guidelines for GDPR, and where we have vendor's control. CyberArk Privileged Access Manager has helped us to meet all the requirements.

CyberArk Privileged Access Manager's main benefit is it provides secure access to our servers. There are features to capture the user activity, it provides video recording processing. If the users are logged in to the server, we can see what activities they are performing. It's a very nice tool for Privileged Access Management. They have plenty of useful services and the solution has fulfilled our needs.

The solution could improve by adding more connectors. 

I have been using CyberArk Privileged Access Manager for two and a half years.

CyberArk Privileged Access Manager is a stable and reliable solution.

We have approximately 200 people using this solution.

The support team from CyberArk Privileged Access Manager is very good.

I have not used other solutions.

CyberArk Privileged Access Manager's initial setup is straightforward. However, it can depend on many factors, such as architecture.

I used a partner for the implementation of the CyberArk Privileged Access Manager.

The number of people required for the implementation of CyberArk Privileged Access Manager depends on the number of applications. However, for my team, we have two to four people who were involved in the development of our architecture. 

From a technology perspective, CyberArk Privileged Access Manager has helped us to improve our services. It helped us to meet our requirements or guidelines. Whether it's audit perspective, internal, or external, whatever the guideline is, it meets our needs. If there are any independent agencies that need to be involved we meet those requirements.

The price of CyberArk Privileged Access Manager is expensive. There are no other fees other than the standard licensing fees.

As part of our company's policies, we have to evaluate other solutions.

I would advise others that requirements should be discussed properly with all the stakeholders to understand their expectations. Additionally, it is important to explore our tool limitations. We should more focus on solution designing.

I rate CyberArk Privileged Access Manager a nine out of ten.

It is for the lab. We just onboard all the privileged accounts and then try to make them compliant and provide access to end-users. We are CyberArk administrators, and our responsibility is to onboard the accounts and provide access to end-users so that there is no business impact and the users are able to connect to their target services.

I started with version 10.6, and now, the current version of CyberArk is 12.1. It is deployed on-prem, but in my lab, it is my virtual setup.

It is one of the best solutions in the market. Ever since I started using this solution, there has not been any compromise when it comes to our lab.

There is a lot of room for improvement in the report section. I also work on other tools, such as Thycotic, which allows you to create customized reports for your organization's needs. In CyberArk, there are limited reports, whereas in Thycotic or some of the other PAM tools, because the database is different, you can customize the report based on your needs through SQL queries.

The GUI part can be better. Previously, they had a classic one, and then they upgraded to the new one, but it is less user-friendly than other PAM solutions. Its GUI is a little bit complex.

I have been using this solution for almost five years.

It is a stable solution. It is a top PAM solution as per Gartner.

Its scalability is good.

I have contacted them multiple times. They helped me in a good way. Whenever I raised a ticket, depending on the ticket priority, they provided good support. Sometimes, I got a response within two hours.

CyberArk has a distributed architecture. Therefore, as compared to other PAM solutions, it is a little bit complex. You first need to understand the environment and then install the individual components, whereas, in other PAM solutions, you have to build the database and then simply run the application and directly connect to the application. You can then start using the application.

If you are using this solution for the first time, you need to be a little bit aware of Windows, Linux, and AD. Otherwise, it might be complex for you.

I would rate it a nine out of ten. 

Our use case for CyberArk Enterprise Password Vault is managing privileged accounts. These are local accounts, e.g. local desktops, laptops, or servers. They have a built-in administration account, so part of the solution is to ensure that that account's username and password are stored in the vault and managed by CyberArk Enterprise Password Vault.

The most valuable feature of CyberArk Enterprise Password Vault is the auto password recycling feature, which works this way: previous accounts which are managed by this solution get their password reset every time, based on our given parameters, e.g. every two days, every five days, every week, etc. You give CyberArk Enterprise Password Vault the number of days that you want the passwords to be changed, so users won't need to have their passwords written somewhere. They can just log on to the solution and retrieve the password. They may even be able to remotely connect to the devices that they want to connect to via the PSM function of CyberArk Enterprise Password Vault.

What needs to be improved in CyberArk Enterprise Password Vault is their customer support, because as administrative engineers, since we're not experts in the solution, we have to rely on customer support.

Their customer support needs improvement in terms of being responsive and being understanding. They are knowledgeable, but responding and willingness to come and help knowing that it's their tool, rather than relying on the engineers from the customer side, e.g. our side, to do all the technical things.

The initial setup and upgrade process for CyberArk Enterprise Password Vault is complex and can only be done by CyberArk, so this is another area for improvement.

My experience with CyberArk Enterprise Password Vault is almost three years.

CyberArk Enterprise Password Vault stability is good. If it's properly set up, it can just run by itself. It's a very solid tool, but it has to be properly set up because a simple misconfiguration can create a lot of pain. Once set up, it's really good.

Customer support for this product still needs some improvement.

The initial setup for CyberArk Enterprise Password Vault is another pain point, because the setup, including upgrading the solution, can only be done by CyberArk themselves. They have professional services involved to get an initial setup done, and to even do an upgrade, because of the complexity of the product itself.

The SaaS version of CyberArk Enterprise Password Vault is very expensive, but the on-premises version is relative, e.g. depending on the size of the environment, it can be a bit pricey, but it's relatively okay compared to the others. It's their SaaS solution that's expensive.

We're using version 11.1 of CyberArk Enterprise Password Vault.

It's probably not fair to judge CyberArk Enterprise Password Vault based on my overall experience with it, because the tool itself is brilliant, though it's a little bit complex in terms of how it is set up. The customer service could still be improved to meet the standards, but I'm giving CyberArk Enterprise Password Vault a score of seven out of ten.