CyberArk Privileged Access Manager Reviews

• This product provides accountability and audit trails for privileged account access. 
• Automatic password rotation every 24 hours to adhere to our internal compliance guidelines.

• It helped us in SOX, PCI, PII and HIPAA compliance. 
• Accountability, as far as knowing who has access to what.

• Reporting and PSM I feel are the two biggest points for us. We provide our audit team with failed password reporting, safe membership, and privileged account inventory reporting.
• The DNA scan is very helpful and provides a security baseline for your environment. I highly recommend running a DNA scan on your environment.

• Implementation documentation could use some improvement in a few areas. LDAP integration would be one area.

• Providing a way to group accounts by application would be nice.

We use it for all application IDs to onboard into CyberArk. So far, the performance is good because we have onboarded more than 40,000 accounts, and it's growing every day.

We plan to utilize CyberArk's secure infrastructure application running in the cloud. We are conducting workshops with CyberArk on this. So it is planned but not yet confirmed. We are not using CyberArk's secure application credentials and endpoints.

Previously, we didn't have any password rotation policy for application IDs. Once we implemented CyberArk, we created a policy. It's good to rotate the passwords every two weeks. That is the biggest value for us.

It gives us one place to store the keys to the kingdom, so if there is any breach we know where it is and what to do.

The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization.

CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well.

So far, we haven't seen any major hurdles. We haven't had any downtime because of CyberArk.

I would rate scalability at seven or eight out of 10. There is a need to improve the usage on for the consumer side. I hope in the upcoming product, the version may fulfill this.

Technical support is good but the problem is when we are using the application side. The support people have a security background, so they may not know the application technology, so it's a challenge right now. Once they understand, then they make progress but, until then, we have to educate them.

Before CyberArk we had a number of solutions, CA and IBM products, but CyberArk meets our requirements regarding application password management.

I was involved in the initial setup and I actually used CyberArk's Professional Services. It was straightforward. We didn't have any hurdles during the setup.

It's very hard to quantify because previously we didn't have anything like this. You can imagine, there was a policy not to rotate the passwords, but now after implementing CyberArk, every two weeks we are rotating the password without business impact, so that is the biggest ROI, even though we cannot quantify it.

We evaluated Thycotic and one other.

If you want to use it as an application password management cloud solution, think about it not as a security person but as an application person. If CyberArk does not meet your requirements, it has a way to meet them through customization.

Our most important criteria when selecting a vendor include scalability and stability as well meeting our security requirements for applications

From the application perspective, I would rate it at eight out of 10 because it's very easy to use and stable.

Its performance is excellent. We have had multiple use cases: 

• It is PSM, so as a jump box to our servers.
• We use it as a primary mechanism for all our consultants and auditors to access our systems. So, they come in through a Citrix app, then it is used by PVWA to access all the servers.

We are currently using CyberArk to secure applications with credentials and endpoints.

We plan on utilizing CyberArk to secure infrastructure and applications running in the cloud going forward. We are looking into possibly AWS or Azure.

• It has helped from an auditing perspective identify who has access to privileged accounts.
• We are able to now track who is accessing systems. 
• It provides an accountability to the individuals who are using it, knowing that it is audited and tracked.

It has become one of the primary components that we have. We also utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs.

The auditing and recording are incredible. Also, we have started using the AIM product to get rid of embedded passwords.

Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up.

It is very stable. We have never had any downtime; no issues. We worked with support on several upgrades, and are looking forward to the 10.x upgrade.

We have no issues with scalability. We are using it in a pretty wide environment. We also use it in our business continuity environment with no issues.

I evaluate the technical support very highly. Although, the individuals who we worked with were very technical. If they did not know something, they pulled in somebody right away. 

Also, one of the best attributes is the customer success team. We found great value in working with customer success and their team.

If there are defects or issues, over the years, CyberArk management has listened to them and resolved those issues. Not many organizations respond to their customer feedback as well as CyberArk has.

We did not have a previous solution. We have always used CyberArk. 

From a risk landscape, we knew that privilege accounts were where attackers were going, doing lateral movements. These are keys of the kingdom which protect those, and that is why we focused in this area.

The initial setup was very complex. There were a lot of manual process. Over the years, we have seen a significant transition in the installation scripts, the setup, and the custom capabilities. So, CyberArk has come a long way since the beginning.

The upgrade processes have also improved.

We now know where our privileged accounts are and how to manage them. So, it is more from an exposure standpoint.

No.

Take your time. It is not a quick hit, where I am going to put it in today and be done. It is a process. The cyber hygiene program is a crucial aspect of how to implement this successfully.

I do have experience with the new plugin generator utility. We have been using it for a short period of time. It is not fully in production yet, but it seems to be quite good.

Most important criteria when selecting a vendor: Technical ability, not only in the product, but in the industry as a whole. This helps set CyberArk apart. They are not only experts in their product, but they are experts in the industry, including Red Team capabilities. They are gearing their product towards the defending of what the active exploits are, not something that has been done in the past.

Our main use is for CyberArk to hold, maintain, and securely protect our TAP/NUID and "privileged access" accounts within the company.

For audit and risk purposes, CyberArk EPV has helped us meet our standards and requirements to help us comply with industry standards and banking regulations. Reports and other quick audit checks make this possible.

EPV, as a whole, is very valuable to the company. However, the regulation of accounts is by far the most needed and valuable part of the application.

Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product.

• Password management and accountability for Privileged accounts
• Identify, protect and monitor the usage of Privileged accounts
• Record and control privileged sessions on critical systems i.e. Windows, Unix, DBs
• Application credentials including SSH keys and hard-coded embedded passwords can be managed
• Control and monitor the commands super-users can run based on their role
• PTA is a security intelligence system that allows organizations to detect, alert, and respond to cyberattacks on privileged accounts.

Privileged accounts represent the largest security vulnerability an organization faces today. Most organisations are not aware of the total number of privilege accounts.

Compromising privilege accounts leads to various breaches. With this growing threat, organisations need controls put in place to proactively protect, detect and respond to in-progress cyberattacks before they strike vital systems and compromise sensitive data.

On implementing the CyberArk PIM solution, we are able to achieve this goal. Now, we are aware of the total privileged accounts in our enterprise. These are securely stored and managed by the Vault. The end users need not remember passwords for these accounts to use them.

E.g.: A Unix Admin who has to login to a Unix server using the "root" account needs to log in to CyberArk and search for the root account, click Connect and he can perform all of his activities. We can enforce a command list on this account, monitor his activities and also get to know who has used this root account. The access to this account can also be restricted. The user does not have to remember any credentials.

Integration of this tool with SAML is a problem, as there is a bug. We’d like to be able to integrate AWS accounts in CyberArk.

I have been using this solution for the past three years. I have implemented this solution for various clients from banking and pharmaceutical companies.

I have not really encountered any issues with stability.

I have not encountered any scalability issues.

I rate technical support 9/10, very good.

Straightforward, easy-to-install setup.

It is expensive.

Before we chose CyberArk, we evaluated ARCOS.

Go ahead and use CyberArk. Request a demo.

CyberArk Enterprise Password Vault can be used for password vaulting and purpose session management.

The most valuable features of CyberArk Enterprise Password Vault are password vaulting and automatic rotation of passwords after use.

CyberArk Enterprise Password Vault can improve the distributive vault feature. Distributing the vault in multiple areas and multiple data centers should improve.

I have been using CyberArk Enterprise Password Vault for approximately seven years.

The stability of CyberArk Enterprise Password Vault depends on what you use it for. It is very stable when using a single vault. I had the most problems using the distributive vault. They've worked through some of that, so it's more stable now.

The scalability of CyberArk Enterprise Password Vault is okay. The distributive vault is what would affect the scalability and there were some issues with that that I've run into.

We only have a small number of users in the current company I am working at, and the previous company I was working for had hundreds of users using the solution. 

We do not plan to increase the usage of this solution.

The support from CyberArk Enterprise Password Vault is good.

I rate the support from CyberArk Enterprise Password Vault a four out of five.

Positive

I did not use a solution similar to CyberArk Enterprise Password Vault.

The initial setup of CyberArk Enterprise Password Vault was straightforward. The time it took to implement was two months.

We did the implementation of CyberArk Enterprise Password Vault in-house.

We have approximately nine people for the deployment and maintenance of CyberArk Enterprise Password Vault.

We have seen a return on investment from using CyberArk Enterprise Password Vault.

There are no additional costs other than the standard licensing fees.

We evaluated other solutions but we decided to choose CyberArk Enterprise Password Vault because they were a key player in the market who invented the space.

CyberArk Enterprise Password Vault is great. It excels on-premise. If you were looking at the hybrid or other solutions, there are other solutions that were built in that environment. They're probably a little ahead of CyberArk Enterprise Password Vault at this point.

I rate CyberArk Enterprise Password Vault an eight out of ten.

It was originally just a glorified KeePass. We scaled it up to an enterprise-wide solution for all our IT support teams. In that way, it improves our ability to control, secure, and manage access across the enterprise for different support teams, whether it be IAM, Exchange, or server admin. It's been a really fantastic growth opportunity for me and for the company.

Service count rotation is probably one of my favorite features. Even though we're not using it right now, we're going to be using it in the future. The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now.

The solution's ability to manage all our access requirements at scale is interesting, actually. It does everything we need it to, and it's not a tool that I expected we would be using at this scale, as an enterprise-wide client. A little bit of history on that being that when we first started using it, it was a glorified password vault. It was a store. It was KeePass. So we really scaled it up and it's been a really interesting journey.

I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access.

Lately, due to an upgrade, it hasn't been as stable as we need it to be, but I don't think that's any fault of the product. I think it's the fault of just infrastructure as a whole.

However, in the past, the product has never been down. It's been incredibly stable. And in terms of interface and usage, it's actually been really stable. There haven't been any bugs or glitches or anything of the sort to impede me from doing my job.

I didn't think we'd be here. However, it's incredibly scalable. We are able to use it in two different environments: one is IT and one is OT. And the scalability, as a whole, has been able to translate to an enterprise-wide process, so it's been really great to see. We're hoping that, should we acquire anything or divest something, it would be that easy to actually deal with it in terms of scalability.

Technical support has been good, even great. They have come in and assisted us whenever we had issues. If there was ever an outage, they were already on the phone by the time we needed them. They've been doing a great job helping us out so far.

We did not have a previous solution.

We have seen ROI. Our adoption rate is way up. More teams are involved in using it. That alone stands as a return on investment when we have more adopters, more people using the tool, more people logging into the tool and utilizing its capabilities.

Use the tool, but communicate with your user base. If you're not going to communicate with your user base, then you're dead in the water already. Don't force this on someone. Work with them in order to use it.

The product has delivered innovation with each update. When I first started, we weren't able to run scans and pull service-account information and reset those service accounts at any endpoint. That, as a whole, as I mentioned earlier, was my favorite feature of the product. That innovation alone is probably one of my favorites, and definitely something that deserves praise.

I would rate the product a nine because nobody gets a 10. It's been a fantastic product and it's been easy to use. The training courses involved have been great, so I would rate it a nine.

I wouldn't say CyberArk has been a huge impact on my career, but it's definitely played a role in helping me advance, in terms of being able to communicate with clients, utilizing my skill sets, both the technical and soft-skill use. It's allowed me to really branch out and see my growth through business liaison.

The primary use case is for privileged account management. It is performing well.

We are currently using CyberArk for applications running in the cloud. We are also using them for DevOps. We have some new things that we are implementing, and are working non-stop to leverage these features.

In addition, we are using CyberArk to secure applications and endpoints. 

We know when passwords will be expiring so we can force users to change their passwords, as well as requiring specific password requirements for length, complexity, etc.

Our security goal would be to keep people from putting the passwords in text files, do online shares, etc. This gives us more granular control.

The most valuable feature is the ability to manage many accounts and broker connections between devices without needing to know passwords.

It is a customizable product.

I like that they have continued with the RESTful API and the ability to leverage automation. I would like to see that continue. 

I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool.

The stability has been very good.

The scalability has been good, and will meet our needs in five year's time.

Technical support has been very responsive in navigating challenges. It is very easy to open a ticket.

We were previously using HPM.

It was complex. Because at that point. I had only recently joined the security team. I was told, "Here's a share with the files. Go install this."

I don't know that we are able to measure that at this point, other than no data breaches.

Make sure you have a development or QA environment.

I did training today on the new plugin generator utility.

I would rate it about a nine for ease of use and deployment. They are continuously improving the product. It works great, and there is a lot of documentation available.

Most important criteria when selecting a vendor: Longevity and length of time in the business. Not that there is anything wrong with startups, but these folks have been out there with a proven track record. We talk to other people, look at the reports, etc.