CyberArk Privileged Access Manager Reviews

The most valuable feature of CyberArk Privileged Access Manager is the vault. I am satisfied with the interface and the documentation.

CyberArk Privileged Access Manager could improve the integration with other third-party secret managers, and vault solutions.

I have been working with CyberArk Privileged Access Manager for approximately three years. Our clients are typically financial institutions.

CyberArk Privileged Access Manager is stable.

The scalability of CyberArk Privileged Access Manager is good.

Most of our clients are enterprise-sized companies.

I am satisfied with the vendor's support.

I have used Balabit and One Identity prior to using CyberArk Privileged Access Manager. I found that CyberArk has more integration out of the box with other solutions and it solves a lot of problems for customers if they have different solutions.

The initial setup CyberArk Privileged Access Manager is easy.

The price of CyberArk Privileged Access Manager could be less expensive.

My advice to others is this solution can solve a lot of problems.

I rate CyberArk Privileged Access Manager a nine out of ten.

We are using CyberArk Privileged Access Manager because we have too many accounts and we need to manage them.

CyberArk Privileged Access Manager has helped our organization by controlling users' access.

CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift.

I have been using CyberArk Privileged Access Manager for approximately two years.

CyberArk Privileged Access Manager is stable.

We have thousands of users using CyberArk Privileged Access Manager in my organization.

The support from CyberArk Privileged Access Manager is good.

The initial setup of CyberArk Privileged Access Manager was straightforward.

We had a local third-party company help us with the implementation of CyberArk Privileged Access Manager. The maintenance is sometimes a challenge for our consulting team that does it.

I would recommend this solution to others.

I rate CyberArk Privileged Access Manager a nine out of ten.

We use this solution for privileged systems access with a high emphasis on security. End users are required to go through a process of being vetted in our NERC environment in order to use the solution. This product has been used by my company for about five years now.

This product has placed a new culture in my company by making employees more aware of IT compliance and cyber security. It has also placed us in a position to meet NERC CIP v6 requirements.

The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task.

Using the PSMP (Privileged Session Manager Proxy) makes it extremely convenient for UNIX Administrators to utilize their favorite SSH client software (i.e. SecureCRT or Putty) to connect to a privileged target without having to go through the PVWA web login.

I would like to see the product enhancement with the Secure Connect feature. Today, there is no functionality to create "Accounts" using Secure Connect to permanently store a user's working tab. It is a tedious manual process of entering host IP information and user credentials into a privileged target system.

Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use. It’s a manual process of entering information all the time. Unless you are working with accounts already stored in “Safes”.

I have been using this solution for seven years.

We have noticed some stability issues with the PSM Servers. We've noticed that there may be a limitation on the number of users that a PSM Server can handle. We have two PSM Servers deployed in our Production environment and have come to a conclusion that we may need to add two more to stabilize the environment.

Upgrading to version 9.9 significantly reduced the stability issues with the PSM Servers and the limitation on the number of users that the PSM can handle.

CyberArk could use some improvement in their level of customer service. Sometimes, it can take more than a day before a Case that I have submitted online gets a response from tech support.

The level of technical support has been great. The challenge has been to get an initial response and sometimes follow-up from CyberArk Support.

If you are going to set up CyberArk for the first time, I highly recommend that you utilize their Professional Services. They are extremely knowledgeable and very helpful and will ensure that your implementation is a success.

We use Texas DIR when evaluation and making purchases of products.

We are currently on version 9.10. We would like to upgrade to the latest version some time this year. There is currently a CyberArk Security Bulleting CA19-09 that addresses potential administrative manipulations within the PVWA and the Digital Vault. CyberArk has released patch 9.10.4 to address the PVWA and they are working on releasing a patch for the Vault Server.

CyberArk Enterprise Password Vault is important to do privileged session management, access a privileged access manager. Additionally, it is important to do segmentation in your core environment with the support team. For example, it is doing access monitoring support in our servers.

The privileged support manager is the most valuable feature of CyberArk Enterprise Password Vault.

The interface could be improved it is not user-friendly, but they have improved but it could still improve. In the policies configuration, it would be a benefit to have more details.

I have been using CyberArk Enterprise Password Vault for approximately five years.

CyberArk Enterprise Password Vault is stable.

I have found CyberArk Enterprise Password Vault not to be scalable. There are hardware limitations.

The technical support is very good and helpful.

The initial installation is difficult because of the configuration. The process involved with the privileged access cycle is not easy to connect the process with the technology from CyberArk Enterprise Password Vault.

I rate CyberArk Enterprise Password Vault an eight out of ten.

The primary use case of CyberArk is controlling privileged access. It is good at providing various privileged access controls. The CyberArk use case can be implemented on various platforms.

Password rotation is another key use case. There are many integrations available on the CyberArk Marketplace, plugins and connectors with different technologies to be integrated with CyberArk to achieve this use case.

I've had an experience of deploying CyberArk in on-premise and in the cloud.

For any use case, session management is a key because it isolates users' machines to the target system. That way then, if an attack happens on a user's machine, the privileged session is still an isolated session. The privileged session is not interrupted.

In general, all CyberArk's features are very useful from a privileged account control point of view, and for session management and password rotation. 

The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution.

There are many other important features of CyberArk: 

• Privileged Session Manager (PSM) connects you to the target platform. 
• Password management (CPM) provides automatic password rotations, including password verification and reconciliation. 
• Auditability, which means CyberArk keeps track of logs and audit trails, including session recording, which is another key feature. 

The password management enables the rotation of passwords per an organization's policy. Passwords can be rotated after N number of hours or based on a particular day. It's a very key feature from a security point of view, because passwords are meant to be rotated very frequently. CyberArk does it very well with different plugins.

More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured. That would make it easier when somebody is implementing it or referencing the documentation.

I have used CyberArk Privileged Access Manager for approximately seven years.

It is a very stable and reliable product.

It is scalable and scaling it is straightforward. It has been designed and planned well, making it easy to scale the environment.

We have frequently worked with CyberArk technical support. In the last year their support has been changed. I would rate it at about seven out of 10. It depends on the person who picks up the support ticket. If that person is fairly proficient in his experience, the response will be quick. Otherwise, it can take time. But, in general, it's good.

Neutral

The complexity of the initial setup depends on the organization's underlying infrastructure, on the environment in which the development is happening. Sometimes the environment on which the product is being installed is more of a challenge than the product. That plays a key role. And, as I mentioned, it's a bit of a challenge because of the documentation at the moment. It needs to be much more user-friendly

The time for deployment also depends on the environment in which the product is being deployed. The technology landscape is very complex. With an end-to-end implementation, it can vary depending on whether the environment is small or medium or complex, and what types of use cases are involved. If it is just a simple environment and minimal features need to be configured, it can be straightforward and take a few days. But if it's a really large-scale, complex environment, where multiple integrations are required, because the underlying requirement to deploy CyberArk with other applications is complex, it will definitely take longer.

Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive.

It's a long journey and it needs to be set out in phases very well, starting with something small and gradually implementing PAM controls across whatever multiple technologies an organization uses. It's a long-term project to fully deploy and benefit from all of CyberArk's features. 

Rather than being about the product, it's more about the overall PAM journey that a company decides to take. It's a very complex world, integrating multiple applications within CyberArk. There are various technical complexities involved, not with CyberArk, but with the other products. 

But it's worthwhile. CyberArk does its job very well. All the components are very useful and the benefits are all evident. CyberArk is the number-one PAM solution.

Companies often have an enormous amount of admin credentials out there. They want to find out how many they have, start cleaning them up, and ensure they're all kept in an encrypted vault. Password Vault is probably the top product in that space, and it's a monster to implement, but CyberArk is great at what they do.

Password Vault's main advantage is its scalability. We constantly see huge enterprises implementing something like this, and the privileged session management is an excellent piece. You can kind of watch videos of whatever an admin has done. So, for example, if an admin doesn't check out their password and fires up a session on a machine, you can see playback. Scalability and those particular features are pretty valuable for monitoring your insider threat.

Our customers haven't complained about any stability issues, and we've set Password Vault up for quite a few customers. However, the stability depends on the equipment unless they do it in the cloud. But if they're setting up on a bunch of VMs, and that VM store goes down, that's not necessarily a CyberArk problem. That's more of a problem with Windows or VMware, etc., or something like that. So I guess the stability's fine.

There are upwards of six components you need to set it up. And you might need anywhere from two to five servers. It takes some work to set that up, especially in a larger environment.

On-prem CyberArk is pretty expensive. It's pricey and you get what you pay for. It's an incredible product for what it does, but it's significantly cheaper to go to the cloud.

I would rate Password Vault seven out of 10. I'd only go that low because of how challenging the installation can be. I advise our customers to consider using CyberArk's cloud option because many people just reflexively lean toward the on-prem solution. The cloud solution is considerably less expensive. It's still complex to set up the different components and make it all work together, so I suggest you make sure you need all those components. Maybe you don't even want to use everything there, but consider the cloud version. It's the same product, but it's more straightforward and cost-effective. You're not losing any functionality.

My primary use case is the digital identity for access management of users and the configuration of passwords, or MSA, or SSO.

Password Vault's policy configuration is very good - when you receive an attack, you can segment the structure of the project in order to isolate parts or users.

Upgrading the product is very difficult, so this could be an area for improvement.

I've been using this solution for six months.

There have been a few lags when connecting with RDP, but otherwise, the stability is good.

Password Vault's scalability is good.

The technical support is very good in general but could provide more help when upgrading.

I would rate this solution eight out of ten.

We use CyberArk Enterprise Password Vault and we provide it to our customers.

We use this solution for password vaulting and session management.

The most valuable feature is privileged session management.

The installation process could be simplified.

I would like to see a simplification of the product.

I have been dealing with CyberArk Enterprise Password Vault for ten years.

Depending on the needs of the client, it can be deployed both on-premises and in the cloud.

CyberArk Enterprise Password Vault is a stable solution.

CyberArk Enterprise Password Vault is scalable.

We use Teams for virtual meetings and storage, with SharePoint serving as the backend.

I've never liked the idea of using Zoom because the security was never great.

The installation is not straightforward. It's complex. You would have to be very knowledgeable about the product to do this.

We need two to three administrators to maintain this solution.

Licensing fees are paid on a yearly basis.

Our laptops are containerized, we don't see what antivirus is on there. Our organization strips out all bloatware. If it is not sanctioned or proprietary, we don't use it.

Try to complete as much of the CyberArk training as possible.

 I would rate CyberArk Enterprise Password Vault a nine out of ten.