CyberArk Privileged Access Manager Reviews

Used to allow the removal of local administrators from 12,000 endpoints and yet still allows users to have the applications they need with the proper permissions required.

Users were removed from local administrators group on all desktop endpoints providing a more secure computing environment, allowing only those programs approved to run securely.

• The visibility of what is being run and control of those applications.
• Limiting the unnecessary application users think they need, and producing security vulnerabilities.

Better search functionality in the EPM console. It becomes difficult to search lengthy policies for specific items. Additionally, some of the windows sizes cannot be manipulated to allow a better user experience.

The product is relatively stable, but as with most software, it has room for improvement.

This solution is very scalable from what we have seen.

Our experience with tech support has been positive with slight delays due to the location of some of the deep-level resources.

No, we used no other services/software previous to EPM.

Straightforward setup with a substantial learning curve to implement.

We implemented in-house with the direction of a third-party.

Our ROI is currently being looked at.

Setup, costs, and licensing are fairly straightforward and easy to navigate. Questions to the account manager typically resulted in the answers needed.

We looked at several different vendors and conducted detailed POCs on each to ensure we were getting what we needed.

CyberArk is managing our privileged accounts: most of the service accounts, admin accounts, and all other privileged accounts on different platforms including Windows and Linux. A lot of databases have already been onboarded. At the moment we are working towards integrating, or implementing, the AIM product to make sure those hard-coded credentials are being managed by CyberArk, instead of being directly coded in.

The plan is to utilize CyberArk secure infrastructure applications running in the cloud, but we will definitely have to upgrade our knowledge. Conjur is one of the very important things we are currently considering, in addition to, of course, AWS and Azure. We have to get ourselves up to speed. So at the moment, we are setting up the platform, but eventually, that is what the goal is.

Currently, we are not using CyberArk secure application credentials and endpoints.

It helps us in identifying and detecting the major threats and vulnerabilities and to make sure those vulnerabilities are addressed before something bad happens. It is more of a preemptive solution, to take care of our weaknesses and overcome them.

We have been continuously monitoring, reporting, and observing where we were a few years ago, or a few months ago, and where we are now. There is continuous improvement in our security posture and that is where the satisfaction is. The solution is really doing what it is supposed to be doing, helping us to improve our security.

The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself.

As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel.

So far it has been absolutely wonderful. Of course, the initial glitches, the initial testing, the adjustments in implementation are there. It takes a lot of effort but, once it was all set and it started doing its processes, I haven't seen any concerns or issues.

We haven't had any post-implementation downtime at all, because we have our infrastructure set up in a way that we have active-passive standby on the CPMs. We have PVWAs in a load-balanced environment, we have multiple PSMs in a load-balanced environment as well. They compliment each other, so even if there is work or maintenance happening on one of the components, the other component is there to provide support, and ongoing access to all the users, without having any downtime.

The scalability is definitely very powerful. We did upgrade it, migrate it, a couple of times in the past. Previously I was involved in migrations and, of course, adding more resources, or more accounts - onboarding. It has been amazing.

Occasionally when we are doing a new integration, or run into issues we are not able to fix by ourselves, we use technical support. Escalations have been done, and the support has been absolutely outstanding.

For the initial setup, where there are out-of-the-box plugins, it is pretty straightforward. But when we start going into a more advanced level, where a new plugin has to be developed, or the connection component has to be developed, there is a bit of a complexity. But again, nothing too complex, nothing which cannot be achieved.

Technically, just managing all those privileged accounts and securing our environment, we feel it is much more secure than it was before. So the ROI it is definitely working out.

Take this solution over any other solution. In fact, I have personally brought a couple of my old colleagues with a technical background into this product line so that most of them are now certified on CyberArk and working in the same environment as well. 

Without doubt CyberArk is a 10 out of 10. From my experience, the kind of work I have done with this solution, it's absolutely amazing. It has the capabilities to secure the environment, which is the most important part. Anytime we hear any news of breaches elsewhere, that's when we say, "Hey, they should have done something, implemented the solution before they were hit." Once they are hit, they run around and try to fix the problems. But CyberArk, it's an amazing solution.

When it comes to selecting or working with a vendor, our most important criteria are access to support, what level of support is available, how fast the turnaround can be. The executives or the account team have to be very accessible to us, so if we need to implement a new product or new integration we should at least be able to get hold of the people who can guide us in the right direction.

• Credential faulting
• Credential management
• Privilege session management
• Secure file storage

We are utilizing CyberArk to secure applications, credentials, and endpoints.

The product is performing very well. It is a difficult product to implement into a large organization though. There is a lot of customization and a lot of hands on stuff, which is not just install and be done. This isn't bad, but it does require a lot of time. 

The value is probably the best of all of the other products which are offering the same services.

Having the keys securely locked helps drive policy. We can say what policy is, then we can point to the solution which provides it. Having that availability is strong in a large enterprise, especially in a global enterprise where there is a lot of different cultures and people do not want to hand off their privilege, rights, or workflows. Having that all set up and making it easier for them takes a lot of the stress off of our job.

We are implementing PSM right now. It is providing a secured workflow substitute where people would go in and check out their passwords. They want to use it instead of having passwords, similar to Guard Check. 

You go in because you need a key. You get the key, and you are accountable for that key while you have it. You open the door, do your work, close it, and return the key. People get that analogy, and it is awesome.

We are in the basics, like Windows, Unix, and databases. We do plan on getting everything eventually managed. It is just a lot of customization and time to get it fully matured.

The support is good and quick. This is what we are paying for. We can try to implement something on our own end. However, when we need immediate support, because something is down, we usually get it within acceptable time frames.

It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile. There are competitors that have mobile apps which do the same thing. Mobile browsing is just not there with CyberArk. 

This might be out of scope for CyberArk, but LastPass is an example of personal credential management. It would be cool if we could give personalized solutions to people, even if it is stored in the cloud. We have an enterprise solution, but we don't have a personalized one. It would be nice to have it all under one umbrella.

Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug. Our management is very upset about it.

CyberArk has been helping out, and it has been okay. However, the stability is definitely a concern, because with PSM, it becomes more critical to have it up. All of a sudden you have to have PSM up to be able to do your work.

The stability issues started when we upgraded from 9.7 to 9.95. Then, we were told during one of our cases that there was a bug in our new version and the only solution was to upgrade.

The scalability is big. We are a large company, and there are only a few companies that can scale so well.

We use their technical support all the time. It is a little slow to start a case. Then, once you get through that door (Level 1), it does escalate appropriately.

On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need.

Since I started, it has always been CyberArk.

I can't say we have an ROI. Our CIO is not about measuring profit from our security stuff. Our risk is definitely significantly lower. Also, our resources are low.

Start small and don't try to overwhelm your scope. Do small steps and get them completed. Take notes, document, then scale out. Go from high risk out instead of trying to get everything in, then fixing it.

One of my homework assignments at CyberArk Impact is to find out more about how to utilize CyberArk to secure infrastructure or applications running in the cloud.

We have a lot of the out-of-the-box plugins with one custom plugin, but we are still new to using them.

Most important criteria when selecting a vendor

Age of the company, because we do not want to be first to market. We want to hear about it from other people. How is the sales rep is communicating. Whether it is more of a sales pitch or if it is a genuine concern for our security.

Then, make sure our vision is lined up with the product. We want to get our bang for the buck

We are a system integrator. We are selling its latest version to customers who are new to PAM or are coming from an older PAM. 

The respected partnership and portfolio with CyberArk are highly valuable to our organisation, as it helps to open doors with Enterprises and Financial organisations, on serious discussions on Identity and PAM projects. CyberArk PAS solutions bring good services revenue and long terms relationships with customers.

Their legacy of more than 20 years is very valuable. It brings a lot of stability to the product and a wide variety of integration with the ecosystem. Because of these factors, it has also been very successful in deployment. So, the legacy and integration with other technologies make the PAM platform very stable and strong.

In terms of features, most of the other vendors are still focusing just on the privileged access management or session recording, but CyberArk has incorporated artificial intelligence to make PAM a more proactive system. They have implemented threat analytics into this, and there is also a lot of focus on domain controller production, Windows, LINUX Server, DOMAIN CONTROLLER protection etc. They have also further advanced it with the security on the cloud and DevOps environment.

They have a bundle licensing model, which really helps, unlike competitions complex licensing. Even though in our market, few customers have the perception that CyberArk is expensive as compared to some of the other new PAM providers, but in terms of overall value and as a bundling solution, it is affordable and also CyberArk is highly scalable platform.

Their post-sale support area requires a little more attention to our region ( ME/UAE. The current support model does not allow the end customers to open a ticket directly with CyberArk. Customers have to inform the distributor or bring in partners who have access to the support portal to open support cases. The support teams liability is limited to product issues and they usually do not get into configurations and integrations, unless estimated and paid for PS services.  This indirectly helps Service providers like us to make extra revenue. The default 24/7 support to our region, is effective when there is an emergency like a serious software issue, or if password vault is down etc, for such cases they provide immediate attention. For the rest of the low priority like migrations, upgradations, backups etc ( in some site it shall be considered high ), they take more time to respond.

Looking forward to new features line API security 

I have been engaged with CyberArk solutions for about five years.

A very stable platform for small to extremely large and complex organisations and distributed networks.

In one of the projects for global MNC, we had successfully executed projects with distributed Vault in 16 countries spread across 5 continents. This is done with a centralized primary vault( on HA )- HQ Datacenter, which connected distributed local vault and PSM, along with DR in the cloud. 

All these years in none of our projects haven't come across product stability or system crash isuses due to cyberark software

For customer and service provides (like us ), PAM is a journey with continues improvement and hygiene practices to protect the critical system. CyberArk offers many solutions for endpoint privilege management, Domain Controller protection, DevOps security which helps in upselling and expanding the security measures. Also, the solution is capable of handling a distributed and heterogeneous environment 

CyberArk PAS setup needs expertise and experience. Based on my experience, a small deployment of 10 or 20 PAM users takes one week to set up the PAM infrastructure and another one week to go live with basic modules and standard out of box integrations. The rest of the rollout has customer dependencies.  Ideally, the PAM system needs 3-6 months to get mature in an organisation.

We do inhouse.

Overall, bundle pricing and sales team support are really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules required in PAS, except the add-on advance technologies like agent-based endpoint, Win/Linus server protection, domain controller protection etc. When it comes to agent-based advanced technologies the overall cost is not cheap. However, the values it brings is highly critical to customers who are paranoid about targeted attacks.

Vendor PS BOQ are expensive like usual OEMs rates, but they do the Scope effectively within less time, which help the large customers ( like banks ) to run without any downtime 

I would recommend CyberArk solution even for small customers, who have critical application and internet presence in their business. The licensing model support to start with even 5 privilege users, this really helps. We haven't experience Idaptive ( Identity Saas ) solution yet, however, it looks promising

I would rate CyberArk PAS a ten out of ten. They are sharp focused on privilege access security for more than 21 years. This highly remarkable.

One of our customers is using the 9.5 version of the solution.

We personally use the product. We are implementing it and have a lot of involvement in its usage.

We use it primarily because we need to manage business accounts and reduce our inboxes.

It has improved the way our company functions on the basis that they're expanding, and the SDDC management solution and the decision to bring on security licenses under the system umbrella, then has passwords and the system management be a requirement in the coming quarters. We are already doing a small PoC with the relevant themes of the natural habits of the security teams. 

The password reconciliation and its limitation with respect to access in target servers along with the end users apart from the import, which is already available. This helps our customers in their software requirement imports.

The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs.

It is stable. They have had subsequent releases with patches for bugs. 

With respect to scalability, it depends upon how much scalability you need in the moment. 

There is not seamless stability in the support. Sometimes, we don't have any level of support which is required when something critical happens.

We were using the Centrify solution for managing UNIX apart from CyberArk. However, the scope of the Centrify solution is not as wide as the CyberArk solution.

Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations. 

Eventually, the licensing cost benefit doesn't happen or maximize the customer's profit.

Network and security licenses are currently being managed by other outsource vendors, so they are facing some type of problems in the digital aspect. 

Recently, there has been some new licensing guidelines which have come up since 2018 related to installation by technicians. However, we had our solution installed in 2015. 

Work off your roadmap for implementation.

We recommend CyberArk solutions.

Implementing CyberArk is not only "rolling out" a tool. It also will force the company to have a good look at the access management strategy, improve security processes and clean data. Implementation of CyberArk will increase the insight the company has in their access management implementation.

The password management component (CPM) is the most valuable. This enables companies to automate password management on target systems gaining a more secure access management approach.

Another major component is the PSM, which enables session recording and provides additional possibilities to securely connect to target devices.

Allthough it's highly configurable, the user interface could use a do-over. The current interface doesn't scale that well, has some screens still in the old layout, while others are in the new ones and consistency in layout between pages sometimes is an issue. As I understand, this is scheduled for version 10.

If there are stability issues, most of the time this relates to the companies infrastructure.

CyberArk is highly scalable. Depending on the companies infrastructure, the size of the CyberArk implementation can become quite large.

I rate support 7/10. Technical knowledge of the support staff is good. Sometimes it is a lengthy process to get to the actual answer you require. One the one hand, that is because lots of information is required (logs, settings, reports, etc.). On the other hand, the support crew sometimes answers on questions that we did not ask.

We did not have a previous solution.

The installation manual is quite straightforward and extensive. There also is an implementation manual to support the function implementation. The installation requires specific hardware which sometimes might not fit the standards within an organisation. Over the last few years the documentation has improved hugely. Of course, there is always room for improvement, but I guess this is one of the better ones in the IT field.

I do not have anything to do with pricing.

I was not involved in the acquisition process, but I know that sometimes a Hitachi solution is considered.

Do a detailed assessment of your requirements before you invest. Map the requirements to the functionality and go just that step deeper in the assessment of whether the tool fits your needs. Keep in mind that, although CyberArk is highly configurable and provides lots of functionality, it still is an out-of-the-box solution and customization is limited in some ways.

To securely manage privileged accounts within the enterprise and automate password compliance where possible. Bringing multiple account types all into a single central repository with an intuitive user interface has greatly improved our security standing. Instead of managing each account in its disparate location like Database, Active Directory, LDAP, and Mainframe, we can now do it from a single solution. This has enabled great strides in standardizations across account types for password and access management.

CyberArk has enabled my organization to monitor and manage privileged accounts in a secure manner while also giving the ability to adhere to password compliance automatically. CyberArk has helped us to remove hard-coded credentials in applications and scripts. Traditional password policies often fall short of providing adequate protection, but CyberArk's PAM has allowed my organization to set robust password policies that require a combination of uppercase and lowercase letters, numbers, and special characters.

AIM has been a great help in automating password retrieval which removes the need for hard-coded credentials. Hard-coded credentials are a risk to organizations as they are easy for attackers to target. Therefore less hard-coded credentials increase the security stance of the enterprise. We have greatly utilized the out-of-the-box usage automation like Windows Scheduled tasks and password config files. The reconcile feature is another must-have to give users the ability to not only change their password but to unlock it as well where needed. 

CyberArk's Privileged Access Management (PAM) stands out as an industry leader, and it is often considered at the top of its class. This comprehensive solution has consistently delivered robust features and innovative security measures that make it an essential component of any organization's cybersecurity strategy. While no system is without room for advancement, CyberArk has continuously demonstrated its commitment to innovation and improvement, and many of the potential areas of improvement are already being actively addressed.

I have been using this solution for 13 years.

This solution is very stable with the ability of satellite vaults and HA.

CyberArk is incredibly scalable. Make sure to check out the unlimited option.

Excellent service and quick responses with engineers who understand the product.

Positive

We started out with CyberArk. When we started to look into using a PAM solution they were the leader in the space (and still are).

For the time saved and security added, the benefit far outweighs the cost.

Check out the unlimited model as it can save money and make for a more scalable solution depending on the size and needs of your organization.

My company evaluated other options, but I was not with the company when this occurred.

Contact the professional help for a demo, and you will not be disappointed. Even if you do not choose CyberArk, they can help identify current security gaps.

Our use case for CyberArk Enterprise Password Vault is managing privileged accounts. These are local accounts, e.g. local desktops, laptops, or servers. They have a built-in administration account, so part of the solution is to ensure that that account's username and password are stored in the vault and managed by CyberArk Enterprise Password Vault.

The most valuable feature of CyberArk Enterprise Password Vault is the auto password recycling feature, which works this way: previous accounts which are managed by this solution get their password reset every time, based on our given parameters, e.g. every two days, every five days, every week, etc. You give CyberArk Enterprise Password Vault the number of days that you want the passwords to be changed, so users won't need to have their passwords written somewhere. They can just log on to the solution and retrieve the password. They may even be able to remotely connect to the devices that they want to connect to via the PSM function of CyberArk Enterprise Password Vault.

What needs to be improved in CyberArk Enterprise Password Vault is their customer support, because as administrative engineers, since we're not experts in the solution, we have to rely on customer support.

Their customer support needs improvement in terms of being responsive and being understanding. They are knowledgeable, but responding and willingness to come and help knowing that it's their tool, rather than relying on the engineers from the customer side, e.g. our side, to do all the technical things.

The initial setup and upgrade process for CyberArk Enterprise Password Vault is complex and can only be done by CyberArk, so this is another area for improvement.

My experience with CyberArk Enterprise Password Vault is almost three years.

CyberArk Enterprise Password Vault stability is good. If it's properly set up, it can just run by itself. It's a very solid tool, but it has to be properly set up because a simple misconfiguration can create a lot of pain. Once set up, it's really good.

Customer support for this product still needs some improvement.

The initial setup for CyberArk Enterprise Password Vault is another pain point, because the setup, including upgrading the solution, can only be done by CyberArk themselves. They have professional services involved to get an initial setup done, and to even do an upgrade, because of the complexity of the product itself.

The SaaS version of CyberArk Enterprise Password Vault is very expensive, but the on-premises version is relative, e.g. depending on the size of the environment, it can be a bit pricey, but it's relatively okay compared to the others. It's their SaaS solution that's expensive.

We're using version 11.1 of CyberArk Enterprise Password Vault.

It's probably not fair to judge CyberArk Enterprise Password Vault based on my overall experience with it, because the tool itself is brilliant, though it's a little bit complex in terms of how it is set up. The customer service could still be improved to meet the standards, but I'm giving CyberArk Enterprise Password Vault a score of seven out of ten.