CyberArk Privileged Access Manager Reviews

Our primary use case for his solution is privileged identity and application identity management, and we deploy the solution on-premises.

We have found the core features of the product most valuable, such as password management, session recording and vaulting.

The architecture needs to be improved. For example, the whole solution can come within a single software bundle instead of the distributed components we have for the on-premise deployments. I think there's room for improvements in that area because the competitors within that space have appliances and software that are just a single software. You don't have to split functionality across several servers like the current deployment.

We have been using this solution for approximately five years.

The solution is scalable. At the point of implementation, 300 users in our organization were using it, but that number may have increased.

The initial setup is not very complex because of my experience and skills. Still, the end users are only in charge of the administrative aspects, but I think the set up is a bit complex for those who are not very savvy with the solution. Implementation took approximately two weeks.

I rate the solution nine out of ten. The solution is good, but the main feature to be improved is having the product in a consolidated software bundle. So the moment we have PSM, it's a dedicated server. We can also have a PVWA in another server, so having a singular bundle is just like the cloud offering. The infrastructure is abstracted from the end user. So if we can have something like that for on-premises, that would simplify implementation. Regardless it's a good solution, it works, and the bank is happy with it. My recommendation to people considering implementing this product is to get the scoping appropriately done. It comes down to scoping the initial deployment, so it doesn't take forever. Still, if you're not scoping correctly, you could have a situation where people keep adding new accounts continuously, and your project never ends. Hence, scoping is kind of important.

We use CyberArk Privileged Access Manager for our customers who want to monitor and protect the access from the vendor side or the partner side. These customers want to cover external users who want to gain access.

What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users.

In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution.

Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations.

In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows.

I've been working with CyberArk Privileged Access Manager for four years.

CyberArk Privileged Access Manager is a stable solution.

CyberArk Privileged Access Manager is easy to scale. You can divide the solution into different parts and connect them, then you can add a new feature, a new appliance, or a new system. The solution works.

In terms of the technical support for CyberArk Privileged Access Manager, I sometimes contact the service engineer in this region. I also have access to the support portal which I use in some issues, but it's not so often. I found the technical support team very professional and I would rate support for CyberArk Privileged Access Manager five out of five.

The initial setup for CyberArk Privileged Access Manager was complex because, in the beginning, you must get the information from the customer such as how he wants to install it, how he wants to protect privileged accounts, how password rotation would work, etc., before you can install the solution.

The time it takes to deploy CyberArk Privileged Access Manager depends on several factors such as how many admins a customer has, how many devices, and the types of devices, for example, does the customer have servers such as Windows or Linux, some other network solution, or some applications, etc.? It could take between ten, fifteen, or one hundred days. My company needs to analyze at the beginning to define how long the process will take.

On a scale of one to five, with one being complex and five being very easy, I would rate the initial setup for CyberArk Privileged Access Manager four out of five.

I'm a technician so I don't handle the licensing for CyberArk Privileged Access Manager, but I know that the price for the core license is about €140 per year. There's another type of license, the external vendor license, and that's about €600 and you can manage twenty devices. From what I know, the price for one device in a subscription is about €65 per year.

You can buy the CyberArk Endpoint Privilege Manager too, or you can buy some other application or application license with CyberArk Privileged Access Manager, but all other features, such as the Analytics Server is included in the basic CyberArk license. With WALLIX, you need to buy separate licenses for the features.

I've evaluated WALLIX, apart from CyberArk Privileged Access Manager.

CyberArk Privileged Access Manager is a global solution that applies to all customers, from small scale to enterprise businesses, but the solution has a little bit more servers that you need for the installation. WALLIX, on the other hand, is just one appliance that focuses on small-scale customers. Its deployment is much easier because you just install one appliance with all the features inside. Deployment is easier with WALLIX versus CyberArk Privileged Access Manager which has a complex deployment. In the end, CyberArk Privileged Access Manager has more features that you can define or set up, while WALLIX has some limitations.

I'm working for a company that sells privileged access management solutions, including CyberArk Privileged Access Manager.

The version of the solution which I'm dealing with is an old version. Most of the deployment is on-premises, but my company will start cloud deployment for CyberArk Privileged Access Manager as well.

My company resells, implements, and also provides support for CyberArk Privileged Access Manager for the customers.

The solution requires upgrading regularly, and if there's a new system or application, you need to set it up for privileged access management on CyberArk Privileged Access Manager, so maintenance is important. Currently, in my company, five people work with the solution where there are about two hundred devices with fifty administrators. In the beginning, CyberArk Privileged Access Manager was for large-sized businesses. Nowadays, it's also used by medium-sized businesses.

I would recommend CyberArk Privileged Access Manager to others looking into implementing it because it's very important to protect privileged accounts in the company and do password rotation, so the hackers won't have a chance to detect and find the real passwords in the system. You can also use CyberArk Privileged Access Manager to protect external users and the admins from the direct connection to the server and after that, you can see what the users and admins do because the system makes video recordings and session logs. It's important to see what the admins do from time to time.

For me, CyberArk Privileged Access Manager is the best product, and even Gartner says the same, so I would rate it a ten out of ten.

My company is a partner and reseller of CyberArk Privileged Access Manager.

CyberArk Enterprise Password Vault can be used for password vaulting and purpose session management.

The most valuable features of CyberArk Enterprise Password Vault are password vaulting and automatic rotation of passwords after use.

CyberArk Enterprise Password Vault can improve the distributive vault feature. Distributing the vault in multiple areas and multiple data centers should improve.

I have been using CyberArk Enterprise Password Vault for approximately seven years.

The stability of CyberArk Enterprise Password Vault depends on what you use it for. It is very stable when using a single vault. I had the most problems using the distributive vault. They've worked through some of that, so it's more stable now.

The scalability of CyberArk Enterprise Password Vault is okay. The distributive vault is what would affect the scalability and there were some issues with that that I've run into.

We only have a small number of users in the current company I am working at, and the previous company I was working for had hundreds of users using the solution. 

We do not plan to increase the usage of this solution.

The support from CyberArk Enterprise Password Vault is good.

I rate the support from CyberArk Enterprise Password Vault a four out of five.

Positive

I did not use a solution similar to CyberArk Enterprise Password Vault.

The initial setup of CyberArk Enterprise Password Vault was straightforward. The time it took to implement was two months.

We did the implementation of CyberArk Enterprise Password Vault in-house.

We have approximately nine people for the deployment and maintenance of CyberArk Enterprise Password Vault.

We have seen a return on investment from using CyberArk Enterprise Password Vault.

There are no additional costs other than the standard licensing fees.

We evaluated other solutions but we decided to choose CyberArk Enterprise Password Vault because they were a key player in the market who invented the space.

CyberArk Enterprise Password Vault is great. It excels on-premise. If you were looking at the hybrid or other solutions, there are other solutions that were built in that environment. They're probably a little ahead of CyberArk Enterprise Password Vault at this point.

I rate CyberArk Enterprise Password Vault an eight out of ten.

CyberArk Enterprise Password Vault is important to do privileged session management, access a privileged access manager. Additionally, it is important to do segmentation in your core environment with the support team. For example, it is doing access monitoring support in our servers.

The privileged support manager is the most valuable feature of CyberArk Enterprise Password Vault.

The interface could be improved it is not user-friendly, but they have improved but it could still improve. In the policies configuration, it would be a benefit to have more details.

I have been using CyberArk Enterprise Password Vault for approximately five years.

CyberArk Enterprise Password Vault is stable.

I have found CyberArk Enterprise Password Vault not to be scalable. There are hardware limitations.

The technical support is very good and helpful.

The initial installation is difficult because of the configuration. The process involved with the privileged access cycle is not easy to connect the process with the technology from CyberArk Enterprise Password Vault.

I rate CyberArk Enterprise Password Vault an eight out of ten.

Our clients primarily use the CyberArk Password Vault for password rotation and password management.

The feature I find most valuable is the password credential rotation.

With regards to potential improvements for the CyberArk product, I find the product quite expensive and I would like to see the cost reduced. 

I have been using CyberArk Password Vault for 8 years. 

CyberArk Password Vault is super stable once you are on a tried and true platform version. 

The product is also easy to scale. 

I have utilized CyberArk technical support for issues and this was very straightforward to work with. The response time was a little slow. 

I have previously deployed and installed Thycotic as an alternate password vault solution, but I find CyberArk to be much better.

With installation of CyberArk Password Vault, there are some complexities to setting it up, I would say it is not straight forward to setup. 

The major use case for us is to securely release and manage passwords for non-personal accounts.

CyberArk provides an automated and unified approach for securing access across environments. It's a work in progress but that is the goal, for us, of implementing CyberArk. We want to provide a unified way to access all environments. We are in transition, like most big companies, into cloud solutions. So this is also something that is being discussed and analyzed. But that, overall, is the mission of CyberArk in our organization.

CyberArk has made it possible to work with non-personal accounts. Before, there was a much more focus on having privileges associated with personal accounts, and non-personal accounts were scarcely used because doing so required a lot of manual work. That work has been replaced with automated password management and the controls that come with CyberArk. It allows our organization to control the risks associated with high privileges. Previously, anyone could do whatever they wanted, on their own, but now we can enforce dual control. That is very important from a risk perspective. And the fact that we have it automated means it doesn't require that much effort to maintain things.

Also, when we onboard new employees, the solution saves us time, to a certain extent, when it comes to providing them with secure access to the applications and IT systems they will be working with. Those savings are not directly thanks to CyberArk, but it can be considered part of the bigger solution to make sure that employees have the correct access to the resources they need as soon as possible. That is true after they have been onboarded or when their position has changed and they need to be granted new access.

The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so.

I have been using CyberArk Privileged Access Manager for five years.

My impression of the solution's stability, in general, is very positive. It's quite robust. There are mechanisms in place that allow you to have high availability and that allow you to have proper disaster recovery. Those mechanisms are very solid, as we have tested them extensively within our processes to assess the risk associated with the use of CyberArk. They have performed very well.

The only thing that is lacking with respect to the stability is the scalability issue. The amount of data we need processed is too big for CyberArk to manage properly. That mostly impacts performance, not the stability, but to some extent the stability has suffered due to that. 

But overall, I would rate it very good in terms of stability. We had a minor issue once and, other than that, we have been online the whole time that I have been here. We have tested it thoroughly and have not found any situation where it would become too unstable to perform our tasks.

The major pain point that we have is the capacity of CyberArk due to the sheer volume of NPAs that we are managing. We are a large organization and we have hundreds of thousands of non-personal accounts to manage. We have already found out that there are certain capacity limitations within CyberArk that might introduce performance issues. From my perspective, something that would be valuable would be if the Vault could hold more passwords and be more scalable.

We have used their tech support extensively and there has been a lot of improvement in the way that CyberArk support operates over the last few years, but it still leaves somewhat to be desired. That is particularly true given the pricing. You would expect, for the amount of money that they charge for their support, and for their product in general, that it would be better. 

But I've seen major improvements in the last couple of years. I think they are aware of this issue and that it is an area that they are lacking in and they're working towards improving it.

They need to better recognize who they are dealing with. CyberArk has an extensive training program, the CyberArk University. You put in a lot of effort, resources, and money, to attend the training and become a professional in terms of your knowledge and ability to manage the Vault, and the solution in general. But then, when you require support, you are asked very simple questions, which you have already answered based on the knowledge that you've obtained from CyberArk. It takes a lot of time and effort to convince their support that you indeed have a more complex case to resolve, rather than a very simple fire-and-forget solution. It's generally not the kind of thing where they can give you a link to their knowledge base and look through it to find a solution yourself.

I have been working with CyberArk for five years and have all the possible certificates, and have extensive knowledge about it. Any time that I report a case to support, it seems the general gist of how such services operate is that they're trying to get rid of you. They give you a solution that, maybe, vaguely resembles the issue, or a solution that you specifically stated that you tried already and it does not work, just to get rid of you. They probably have customers who would be happy with that, but because of the importance of that software within our organization and the level of maturity that we have within my team as administrators of CyberArk, we expect, and we've communicated this to them, that they will approach our requests in a more advanced way. 

They should recognize that we have probably already done what the first line of support would suggest be done, and that we require some more involved support, but it seems very difficult to communicate this to them. Even if we get through to further lines of support, we often have the feeling that we still know more than they do about their own tools. I think there has been some sort of knowledge drain from CyberArk. We often have the feeling that they are learning on the job. They don't inspire a lot of confidence when it comes to their support.

Neutral

There is a lot of return on investment in CyberArk. Being a financial institution, we are responsible for managing risks, and CyberArk really helps us to be in control with the usage of NPAs. That, in turn, translates into a proper risk score for the organization, and that directly translates into actual money being saved.

It's expensive, certainly. But CyberArk is the leader in the market with regards to privileged access management. You pay a lot, but you are paying for the value that is being delivered. 

It's not a tool for small companies. You need to be a large company with a lot of resources to implement it. But the price tag can be justified, even though it's always hard to quantify these things. It really brings value, regardless of the level at which you implement it. If you use it at a very basic level, as just a password manager, or you go further with all the other elements of the tool, it's expensive, but it's worth the price.

We only use it on-prem, but for someone who only wants to solve cloud security challenges with a born-in-the-cloud security solution, I would still tell them CyberArk is one of the potential solutions. I would also tell them to do their assessment because it costs a lot. So it depends on the scale of use and the use cases. It certainly has the most capabilities that could be of use, but it depends on whether you only have some small deployments in the cloud and on the size of the risks involved. For certain scenarios, I would say they should immediately go with CyberArk, and that they shouldn't bother with others' solutions. In other scenarios, I would say they should do a very thorough assessment of the market before they decide because there might be cheaper options that will be sufficient for them.

We use CyberArk Enterprise Password Vault and we provide it to our customers.

We use this solution for password vaulting and session management.

The most valuable feature is privileged session management.

The installation process could be simplified.

I would like to see a simplification of the product.

I have been dealing with CyberArk Enterprise Password Vault for ten years.

Depending on the needs of the client, it can be deployed both on-premises and in the cloud.

CyberArk Enterprise Password Vault is a stable solution.

CyberArk Enterprise Password Vault is scalable.

We use Teams for virtual meetings and storage, with SharePoint serving as the backend.

I've never liked the idea of using Zoom because the security was never great.

The installation is not straightforward. It's complex. You would have to be very knowledgeable about the product to do this.

We need two to three administrators to maintain this solution.

Licensing fees are paid on a yearly basis.

Our laptops are containerized, we don't see what antivirus is on there. Our organization strips out all bloatware. If it is not sanctioned or proprietary, we don't use it.

Try to complete as much of the CyberArk training as possible.

 I would rate CyberArk Enterprise Password Vault a nine out of ten.

We implement this solution for our customers. We are system integrators, not end-users.

The main use case is for secure access, and monitoring the access by IT administrators.

I like the performance of CyberArk Enterprise Password Vault.

Definitely, it's a reliable solution.

It has a wide range of features. They are probably the widest range of features on the market. It is the main reason customers usually select this product.

This solution works very well, and the feedback from our customers is very good.

Integration is one of the strongest capabilities of this solution. There are hundreds of integrations that are ready to use. It is continuously growing, which is one of its strengths.

The interface is really user-friendly.

It's a highly flexible solution that can adapt to each customer's needs.

Another strength, for both performance and the security levels, is the segregation of the different rules of the solution.

The initial setup could be simpler but it may not be as effective.

I've been using CyberArk Enterprise Password Vault for three years, and the company began using it in 2003.

This solution is used mainly on-premises, but the trend is to go with hybrid and cloud deployment for new projects.

CyberArk Enterprise Password Vault is a stable product.

CyberArk Enterprise Password Vault is easy to scale.

I have not contacted technical support. I deal in the presales department. I don't manage the technical aspects of delivery and support.

We needed to build a specific project that is tailored for each customer. It requires a bit of design with the first part of the project, which is a benefit because the solution has high performance and is built on the needs of the customer. 

There is a bit of a setup initially, but it provides them with a good result for the project.

It's an affordable platform.

It is not the cheapest solution available on the market, but if you want a good project, you need to have the value of the solution you are selecting. 

In my opinion, it is a good compromise between the cost and the benefits. I think the price is fair.

I would definitely recommend this solution to others who are interested in using it.

I do not have visibility with other solutions that may be better or more up-to-date.

I would rate CyberArk Enterprise Password Vault a ten out of ten.