CyberArk Privileged Access Manager Reviews

CyberArk Privileged Access Manager is used for identity and privilege access management.

The integrations are the most valuable aspect of CyberArk Privileged Access Manager. The software offers pre-built integrations, and our team can also create custom connectors. This flexibility allows us to integrate with systems that we previously didn't consider integrating with, making it a significant advantage for us.

There is room for improvement in the availability of custom connectors on the marketplace for this solution. Additionally, their services for the CICD pipeline and ease of integration could be improved.

I have been using CyberArk Privileged Access Manager for approximately three years.

Once the implementation is completed and the solution is hardened, I consider it to be stable. 

CyberArk Privileged Access Manager is scalable on-premise but not on the cloud.

I rate the scalability of CyberArk Privileged Access Manager a seven out of ten.

The time it took for the deployment was approximately two years. It was not a simple process for the vendor. It should have been completed in one year, it took too long.

Our process steps for deployment involve specific stages, starting with onboarding Windows and Linux devices, and concluding with the onboarding of application service accounts and related components.

I rate the initial setup of CyberArk Privileged Access Manager an eight out of ten. 

The solution's deployment was completed by the vendor. 

A team of two to three people was required for the deployment of our solution. One of them had a high level of expertise in architecture and a thorough understanding of the solution. The remaining team members were junior-level personnel in charge of activities including connection development, data collection, and deployment. The vendor was also used by the team to help with data collection, planning, and execution.

The license CyberArk Privileged Access Manager is on an annual basis.

A team of five to six people would be sufficient to maintain 24/7 operations.

I would recommend reducing the fee for cancellations, but when it comes to cloud services, there are superior options available in the market.

I rate CyberArk Privileged Access Manager a seven out of ten.

It is a PAM solution, in which we provide privileged access to CyberArk and the users who are using to try to access their devices. They onboard on the CyberArk and then, whenever they need to access the devices, they get access to CyberArk which means they have to log in on CyberArk.

The models as a whole are great. I'm not sure if I can pull out specific features. I like that if we execute the user can't access their devices. If you remove the session manager, the user can't access their devices. It helps ensure we can protect our organization and data. The session manager is the most critical part of CyberArk's PAM solution. 

It works perfectly well. 

The solution is pretty easy to set up. 

The solution is stable.

It's scalable. 

The support services could act faster when people reach out to resolve issues. 

I've been using the solution for the last two years. 

It's a stable product. 

We have deployed CyberArk for two years, and so far, we haven't received any issues regarding any bugs or anything like that. We haven't faced any issues. There are some challenges regarding user access. We have to explain to users who are not familiar with the PAM solution what to do, however, regarding stability, or regarding bugs we haven't faced any issues.

It's a scalable product. For example, in my scenario, the deployment that I have done, if I want to scale it up or if I want to extend it, I can easily add the next module in that. There are no challenges regarding scalability.

I have only one deployment in Pakistan. It is at one of the largest banks in Pakistan here which has thousands of users on CyberArk.

Technical support is good. I haven't faced any issues. If you're looking at the response time, I will say that it's quite a long wait. 

The setup process of CyberArk is quite typical. Once you understand the process, it is very easy for you. That said, for a newbie, it may be a bit difficult. For example, for the PSM module, we have to make changes in the registry of the devices. You have to collaborate with your system team to make a configuration. I can get complex. That said, once you know, it's very easy.

I have been through the process of implementing the solution for clients. 

The licensing can be yearly or over a couple of years. Support needs to be renewed every year. 

We have four models which we are using. 

The first one has a wall that which we have deployed on the particular server. The next one is the CPM which is the Central Policy Manager through which we enforce the password policy and password rotation policies. 

I'd recommend the solution to others. 

We have conducted a POC in Pakistan on multiple sites with different customers. CyberArk is a quite typical product and can be a bit expensive, so it's a good idea to try it out first and make sure it is what you need.

I'd rate the solution seven out of ten. 

The password vault and session monitoring are useful.

We have been using this solution since 2016.

The solution is stable, but some features in BeyondTrust are unavailable in CyberArk Privileged Access Manager. For example, there is a PMUL feature in BeyondTrust where you can do a deeper dive with the keys for login, but it is not available in CyberArk Privileged Access Manager.

The technical support is good, and they fix any issues we have. However, the turnaround time for technical support is lengthy.

We set up huge environments.

Regarding pricing, we have an APAC sheet and a contact person from CyberArk Singapore that provides a pricing sheet when we need one.

I rate this solution an eight out of ten. I would recommend having a proper plan before implementing this solution. It will be a smoother process if you jot down the granular execution level and get senior resources with hands-on experience.

We use CyberArk Privileged Access Manager for our customers who want to monitor and protect the access from the vendor side or the partner side. These customers want to cover external users who want to gain access.

What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users.

In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution.

Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations.

In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows.

I've been working with CyberArk Privileged Access Manager for four years.

CyberArk Privileged Access Manager is a stable solution.

CyberArk Privileged Access Manager is easy to scale. You can divide the solution into different parts and connect them, then you can add a new feature, a new appliance, or a new system. The solution works.

In terms of the technical support for CyberArk Privileged Access Manager, I sometimes contact the service engineer in this region. I also have access to the support portal which I use in some issues, but it's not so often. I found the technical support team very professional and I would rate support for CyberArk Privileged Access Manager five out of five.

The initial setup for CyberArk Privileged Access Manager was complex because, in the beginning, you must get the information from the customer such as how he wants to install it, how he wants to protect privileged accounts, how password rotation would work, etc., before you can install the solution.

The time it takes to deploy CyberArk Privileged Access Manager depends on several factors such as how many admins a customer has, how many devices, and the types of devices, for example, does the customer have servers such as Windows or Linux, some other network solution, or some applications, etc.? It could take between ten, fifteen, or one hundred days. My company needs to analyze at the beginning to define how long the process will take.

On a scale of one to five, with one being complex and five being very easy, I would rate the initial setup for CyberArk Privileged Access Manager four out of five.

I'm a technician so I don't handle the licensing for CyberArk Privileged Access Manager, but I know that the price for the core license is about €140 per year. There's another type of license, the external vendor license, and that's about €600 and you can manage twenty devices. From what I know, the price for one device in a subscription is about €65 per year.

You can buy the CyberArk Endpoint Privilege Manager too, or you can buy some other application or application license with CyberArk Privileged Access Manager, but all other features, such as the Analytics Server is included in the basic CyberArk license. With WALLIX, you need to buy separate licenses for the features.

I've evaluated WALLIX, apart from CyberArk Privileged Access Manager.

CyberArk Privileged Access Manager is a global solution that applies to all customers, from small scale to enterprise businesses, but the solution has a little bit more servers that you need for the installation. WALLIX, on the other hand, is just one appliance that focuses on small-scale customers. Its deployment is much easier because you just install one appliance with all the features inside. Deployment is easier with WALLIX versus CyberArk Privileged Access Manager which has a complex deployment. In the end, CyberArk Privileged Access Manager has more features that you can define or set up, while WALLIX has some limitations.

I'm working for a company that sells privileged access management solutions, including CyberArk Privileged Access Manager.

The version of the solution which I'm dealing with is an old version. Most of the deployment is on-premises, but my company will start cloud deployment for CyberArk Privileged Access Manager as well.

My company resells, implements, and also provides support for CyberArk Privileged Access Manager for the customers.

The solution requires upgrading regularly, and if there's a new system or application, you need to set it up for privileged access management on CyberArk Privileged Access Manager, so maintenance is important. Currently, in my company, five people work with the solution where there are about two hundred devices with fifty administrators. In the beginning, CyberArk Privileged Access Manager was for large-sized businesses. Nowadays, it's also used by medium-sized businesses.

I would recommend CyberArk Privileged Access Manager to others looking into implementing it because it's very important to protect privileged accounts in the company and do password rotation, so the hackers won't have a chance to detect and find the real passwords in the system. You can also use CyberArk Privileged Access Manager to protect external users and the admins from the direct connection to the server and after that, you can see what the users and admins do because the system makes video recordings and session logs. It's important to see what the admins do from time to time.

For me, CyberArk Privileged Access Manager is the best product, and even Gartner says the same, so I would rate it a ten out of ten.

My company is a partner and reseller of CyberArk Privileged Access Manager.

CyberArk Enterprise Password Vault can be used for password vaulting and purpose session management.

The most valuable features of CyberArk Enterprise Password Vault are password vaulting and automatic rotation of passwords after use.

CyberArk Enterprise Password Vault can improve the distributive vault feature. Distributing the vault in multiple areas and multiple data centers should improve.

I have been using CyberArk Enterprise Password Vault for approximately seven years.

The stability of CyberArk Enterprise Password Vault depends on what you use it for. It is very stable when using a single vault. I had the most problems using the distributive vault. They've worked through some of that, so it's more stable now.

The scalability of CyberArk Enterprise Password Vault is okay. The distributive vault is what would affect the scalability and there were some issues with that that I've run into.

We only have a small number of users in the current company I am working at, and the previous company I was working for had hundreds of users using the solution. 

We do not plan to increase the usage of this solution.

The support from CyberArk Enterprise Password Vault is good.

I rate the support from CyberArk Enterprise Password Vault a four out of five.

Positive

I did not use a solution similar to CyberArk Enterprise Password Vault.

The initial setup of CyberArk Enterprise Password Vault was straightforward. The time it took to implement was two months.

We did the implementation of CyberArk Enterprise Password Vault in-house.

We have approximately nine people for the deployment and maintenance of CyberArk Enterprise Password Vault.

We have seen a return on investment from using CyberArk Enterprise Password Vault.

There are no additional costs other than the standard licensing fees.

We evaluated other solutions but we decided to choose CyberArk Enterprise Password Vault because they were a key player in the market who invented the space.

CyberArk Enterprise Password Vault is great. It excels on-premise. If you were looking at the hybrid or other solutions, there are other solutions that were built in that environment. They're probably a little ahead of CyberArk Enterprise Password Vault at this point.

I rate CyberArk Enterprise Password Vault an eight out of ten.

CyberArk Enterprise Password Vault is important to do privileged session management, access a privileged access manager. Additionally, it is important to do segmentation in your core environment with the support team. For example, it is doing access monitoring support in our servers.

The privileged support manager is the most valuable feature of CyberArk Enterprise Password Vault.

The interface could be improved it is not user-friendly, but they have improved but it could still improve. In the policies configuration, it would be a benefit to have more details.

I have been using CyberArk Enterprise Password Vault for approximately five years.

CyberArk Enterprise Password Vault is stable.

I have found CyberArk Enterprise Password Vault not to be scalable. There are hardware limitations.

The technical support is very good and helpful.

The initial installation is difficult because of the configuration. The process involved with the privileged access cycle is not easy to connect the process with the technology from CyberArk Enterprise Password Vault.

I rate CyberArk Enterprise Password Vault an eight out of ten.

Our clients primarily use the CyberArk Password Vault for password rotation and password management.

The feature I find most valuable is the password credential rotation.

With regards to potential improvements for the CyberArk product, I find the product quite expensive and I would like to see the cost reduced. 

I have been using CyberArk Password Vault for 8 years. 

CyberArk Password Vault is super stable once you are on a tried and true platform version. 

The product is also easy to scale. 

I have utilized CyberArk technical support for issues and this was very straightforward to work with. The response time was a little slow. 

I have previously deployed and installed Thycotic as an alternate password vault solution, but I find CyberArk to be much better.

With installation of CyberArk Password Vault, there are some complexities to setting it up, I would say it is not straight forward to setup. 

We have clients that ask us to implement CyberArk PAM. There are two kinds:

1. Greenfield installation and setup. 
2. They already have CyberArk and want to extend their usage to protect different types of accounts and passwords.

CyberArk PAM protects privileged accounts and passwords. Privileged account means that those accounts have particular authorization that can span all the features of the system. For example, usually on network devices, they come out out-of-the-box with administrator accounts. Windows has an administrator account built-in so you need to protect that. Also, Active Directory has some accounts, like domain administrators, who can do whatever on the platform. These accounts are used for administration.

CyberArk stores and rotates the password/credential. They can rotate SSH keys as well. This protects the attack surface. By way of CyberArk, you can allow sessions, isolation, and recording. The main aim is to protect privileged accounts and their credentials.

I started with version 9.7, and now I am working with version 10.10, but the latest version is 12.

The automatic change of the password and Privileged Session Manager (PSM) are the most valuable features. With Privileged Session Manager, you can control the password management in a centralized way. You can activate these features in a session; the session isolation and recording. You apply the full intermediation principle. So, you must pass through CyberArk PAM to get access to the target system. You don't need to know the password, and everything that you do is registered and auditable. In this case, no one gets to touch the password directly. Also, you can implement detection and response behavior in case of a breach.

With CyberArk, you have a centralized store. With Privileged Session Manager, you can just look by the browser, looking through the name of the account, the name of the system, and the host name. In this case, you get the password and can then get through. Therefore, it is easier to get access to the system because it is easier to search the system for what you want using the user interface/browser of CyberArk. You also have an auditable action because the password is unknown to the administrator.

Some aspects of the administration need improvement, though they have recently made improvements to the API. However, the management with the interface and configuration are not so user-friendly. It has not changed much during all the years that CyberArk has been on the market. The management part, like platform management as well as PSM connectors definition and management, could be improved, even if it has already been done with the API.

Onboarding is always a difficult path for every PAM solution. It is not immediate.

We have been using it for six years, usually in delivery projects.

The stability is very good. There are no problems with it.

It has good scalability. Though, because the architecture is modular, you must plan a bit. In terms of performance, it is very scalable, but you need to pay attention to the architecture because it is not like having Kubernetes that moves laterally. While you can deploy it in a second, you need to be careful. 

They have a good response time. 

Sometimes, on the development side, for some components, it does not respond for PSM connectors and CPM plugins. They don't tend to take responsibility for those. While clients tend to develop some PSM connector and CPM plugin, I would like a more flexible response on these types of issues being raised. Because while I am developing those components, I am developing on their product.

Positive

We had clients who had quite a lot of SAP systems, something like 900. At first, their change management practice, i.e., the changing of the administrators' passwords was not so frequent, e.g., once a year instead of once a month or every two months. Their password management was usually done by storing those passwords on an Excel. Therefore, if they needed to connect to a system, they had to access the Excel file to find the machine and accounts to then receive the passwords for access to the system. This was unwieldy since they needed to look through an Excel spreadsheet with more than 900 entries. This is also not very secure since you have an Excel file with a clear password on your workstation. 

It was a bit complex because the architecture is complex. At the same time, this is also an advantage in relation to other competitors in the market because CyberArk's architecture is inherently secure. So, while it is a bit more complex to set up initially, it is necessary for reaching the security that other solutions do not give you.

The installation can easily be done. It is the architecture part that is complex, possibly because you need to size the machines. 

It depends greatly on the project. Usually, the best approach is a modular one. You start with a set of users, then move on to expanding the solution with size in mind. 

CyberArk's architecture is peculiar. It is the most secure on the market because they have a hard-end computer out of the domain that stores passwords with multiple cryptography. Then, there are the default components that dialogue with Password Vaults. Only CyberArk has this. The other solutions usually give you an encrypted database on an appliance, and this is a very different scenario. Therefore, CyberArk has an inherently secure architecture.

Broadcom PAM is not as stable versus CyberArk. 

Plan wisely and you will have a very good product. The approach should be modular and step by step. Start with the UNIX administrators, network device administrator, Windows administrator, and Active Directory administrator, then move onto more complex scenarios, like web server administrators, sub-administrators, etc. 

I would rate CyberArk PAM as nine out of 10. It could be more manageable.