CyberArk Privileged Access Manager Reviews

The main purpose of getting CyberArk was to control the use of the shared passwords. 

Secondly, we needed to take out the secrets from the applications' source code (database connection strings). 

Thirdly, we wanted to improve the network segmentation and reduce the number of firewall exceptions. We're doing that by assigning a PSM per network zone and limiting the exceptions to its connections.

The practice of sharing passwords disappeared completely and the most sensitive application is using the AIM to retrieve database passwords for all its users.

We're still struggling with the use of RDP through PSMs.

The most valuable features for us are the AIM and PSM because they helped us by reducing the number of secrets floating around.

The AIM providers registration process could be easier and could allow re-registration. Also, some sort of policies for assigning access rights and safe ownership would be useful for deployment automation. We're seeing difficulties with hosts requiring 2FA, and we need to better cover them with PSM and PSMP.

I am very impressed with the stability, but I still need to convince some colleagues.

Scalability is rather good, we haven't reached any technical limitations yet.

The support is always very responsive, accurate, and complete in their solutions. I've always had a personal contact that would know our setup and was able to concentrate on our specifics instead of pointing to a generic document on the support site.

No, we haven't used any other solution.

The initial setup was straightforward because its entire complexity was hidden by the CyberArk expert who guided the whole process.

Our vendor's implementation team was stellar.

We haven't yet calculated the ROI.

Attempt to minimize the AIM deployments as the license is expensive. Take a license for a test instance even if it might cost extra.

I cannot tell what other options were evaluated.

Keep an eye on the cloud integrations and be ready for Conjur.

We use CyberArk to manage anything privileged including our admin IDs, AWS root credentials, service accounts, etc.

It's been a big win for us as we're now able to start managing service accounts with AIM. This is a big win, especially with our web hosting team.

There are several features we've found valuable. We're auto-discovering our new Windows servers, we're managing root in our Unix environment, and now we're pushing for SA password rotation this year.

As we have not yet moved to the core licensing model, we don't have the benefit of PSM and a few other things that were not previously included.

Used to allow the removal of local administrators from 12,000 endpoints and yet still allows users to have the applications they need with the proper permissions required.

Users were removed from local administrators group on all desktop endpoints providing a more secure computing environment, allowing only those programs approved to run securely.

• The visibility of what is being run and control of those applications.
• Limiting the unnecessary application users think they need, and producing security vulnerabilities.

Better search functionality in the EPM console. It becomes difficult to search lengthy policies for specific items. Additionally, some of the windows sizes cannot be manipulated to allow a better user experience.

The product is relatively stable, but as with most software, it has room for improvement.

This solution is very scalable from what we have seen.

Our experience with tech support has been positive with slight delays due to the location of some of the deep-level resources.

No, we used no other services/software previous to EPM.

Straightforward setup with a substantial learning curve to implement.

We implemented in-house with the direction of a third-party.

Our ROI is currently being looked at.

Setup, costs, and licensing are fairly straightforward and easy to navigate. Questions to the account manager typically resulted in the answers needed.

We looked at several different vendors and conducted detailed POCs on each to ensure we were getting what we needed.

We are using CyberArk to store credentials of privileged assets in a secure way. In addition, CyberArk helps us to meet our security policy effortlessly, defining the complexity of the passwords, rotation period, etc.

We are also using the Privileged Session Manager to provide remote access to servers with security controls in place (session isolated and recorded).

With CyberArk, we can meet our compliance requirements reducing security risks without introducing additional operational complexity. This is very valuable for our company because we have regular audits where we have to provide evidence about the use of our privileged accounts (password use, password rotation, etc.)

In addition, we have several third parties that need access to our infrastructure. CyberArk PAS helps us to provide this access in a quick and secure way.

• Master policy: allows us to establish a security baseline for our privileged accounts.
• CPM: allows us to rotate passwords following the policy defined.
• PSM: allows us to provide isolated sessions to the customer with additional controls (real-time monitoring, session isolation, and session recording).

• We would like to have more flexibility in the RBAC model and have more options to define who should have access to what, not only based on safe membership. 
• In addition, the user interface could be improved. When a team manages thousands of accounts, advanced filters are very valuable to search the accounts.

We have different privileged accounts in our enterprise. All of the application owners and the stakeholders want to store those accounts CyberArk privileged security, so they can connect to the target systems. It also allows for session recordings at the time of auditing.

We can be connected to the target system and the PSM component comes into play. In addition, a true asset is the recordings the solution keeps.

We have found with the recent upgrade a lot of issues we had with the connection have been resolved.

It is stable.

There are no issues with scalability. Our clients are very happy to use the product.

Tech support is very quick to answer our request tickets. 

It is necessary to use professional service for the setup of the solution. It is a challenge if you are not well-versed in CyberArk.

In comparison to other products on the market, CyberArk is a more costly product.

Primary use case is for compliance, SOX, PCI, HIPAA, and securing privileged access accounts. It seems to be performing well. We have had pretty good success with it.

We plan to utilize CyberArk to secure infrastructure and applications running in the cloud with AWS Management Console. We are testing it right now, so we hopefully it will be ready in about two months.

We are maintaining compliance in PCI, SOX and HIPPA, which is a big thing. Auditors really like it, and it has made us stay compliant.

There is at least one place to go to for getting privileged accounts. Now, users have to go through the portal or go through CyberArk front-end, the PVWA, or we could use the OPM or PSMP. It has helped out quite a bit.

We are able to know who is accessing what and when; having accountability. That is the big thing.

Make it easier to deploy. In 10.4, we did it with the cloud and could actually script the installs.

It has been pretty stable. We had some issues before, but customer support has been helping us out quite a bit. 

We think we had some PSM issues, and that was the big problem we had. Basically, it had to be rebuilt.

Scalability is impressive because you can set up clusters, so you can grow as your needs grow.

Technical support has been excellent. They have been really good and knowledgeable. They come out and help us out. They have also helped us do our roadmapping.

We feel like we get the right person the right time that we call.

The upgrading process was pretty straightforward. We had some issues with the platforms when we upgraded. That was probably on our part, maybe we missed something.

The vendor was retained to implement our Cyberark rollout initially.

It keeps us from getting dinged by the compliance officers. Keeps us in compliance.

Understand your needs prior to purchasing. Cyberark team will advise as well which is a plus.

It does what it promised. It secures our platforms, haves the scalability, and it is just a solid product.

Know what you are getting into upfront. Work with IT to ensure you have buy-in from upper management, and work with them to get a roadmap to deploy. 

Most important criteria when selecting a vendor:

• Reliability
• Having good customer support.

We primarily use this product for privileged identity management, restricting privileged IDs, and governance. This is the primary function of the program, and what we expect from it within the broad business level.

One limitation is that we are not able to put this into a decentralized mode.

This solution is quite stable.

We have no issues with scalability.

The tech support is decent. 

It takes a while to adapt to the product.

I do not have experience with the pricing or licensing of this product.

I think having a distributed architecture would certainly help this solution.

• This product provides accountability and audit trails for privileged account access. 
• Automatic password rotation every 24 hours to adhere to our internal compliance guidelines.

• It helped us in SOX, PCI, PII and HIPAA compliance. 
• Accountability, as far as knowing who has access to what.

• Reporting and PSM I feel are the two biggest points for us. We provide our audit team with failed password reporting, safe membership, and privileged account inventory reporting.
• The DNA scan is very helpful and provides a security baseline for your environment. I highly recommend running a DNA scan on your environment.

• Implementation documentation could use some improvement in a few areas. LDAP integration would be one area.

• Providing a way to group accounts by application would be nice.