CyberArk Privileged Access Manager Reviews

We use CyberArk Privileged Access Manager for least privilege and accountability purposes, while we also utilize the EPM solution for endpoint protection. Additionally, PTA is one of the most important tools from CyberArk Privileged Access Manager, which we use on a real-time protection basis. CyberArk Privileged Access Manager effectively prevents attacks on the financial service infrastructure, as we protect against lateral movement, credential stuffing, and since no passwords are available because they are rotated through CyberArk Privileged Access Manager, we can isolate every session and record all activity while monitoring in real-time.

The ability of CyberArk Privileged Access Manager to safeguard the financial services infrastructure by protecting credentials is extremely important, as every activity in a financial organization needs to be recorded for accountability in auditing. Therefore, CyberArk Privileged Access Manager is a crucial tool, and we utilize credential rotation as 85% of successful attacks in the last 10 years have been initiated through credential theft. Monitoring, recording, and credential rotating activities are crucial because if CyberArk Privileged Access Manager goes out of service, the total environment would collapse due to the lack of passwords for respective servers.

While I cannot suggest major changes, I did encounter a vulnerability concerning RADIUS blasts, which was recently mitigated by CyberArk Privileged Access Manager in their latest version, indicating an area for improvement in vulnerability assessments. Improvements in vulnerability assessment are essential. A notable request I have regarding CyberArk Privileged Access Manager is to address the issues of database corruption identified in cluster environments experienced by multiple clients.

From 2021 to now, I have been working on CyberArk Privileged Access Manager.

I have not experienced any stability issues with CyberArk Privileged Access Manager.

It is easy to scale.

In terms of technical support, CyberArk Privileged Access Manager has provided excellent support without any doubt. Based on the issue resolution and support quality, I rate the support 10 out of 10.

Before using CyberArk Privileged Access Manager, I did not evaluate any other PAM tools.

Setting up CyberArk Privileged Access Manager is not complex, especially if you properly follow the recommendations from CyberArk.

I handled the deployment myself.

CyberArk Privileged Access Manager has been very effective in helping my company meet compliance and regulatory requirements. Implementing CyberArk Privileged Access Manager saved time on compliance requirements in finance, typically around one hour.

There has been no reduced cost associated with CyberArk Privileged Access Manager, as when it is required, you must pay for their licensing and prepare the full environment. While there are costs for the licensing of CyberArk Privileged Access Manager, it definitely provides value when I need any accountability or session recording.

CyberArk Privileged Access Manager is one of the most important components from CyberArk, along with EPM (Endpoint Privilege Manager) and PTA (Privileged Threat Analytics tool). I recommend anyone considering CyberArk Privileged Access Manager to view it as a friendly environment, as it stands out among the other PAM solutions I have encountered. CyberArk Privileged Access Manager is highly recommended for its user-friendly nature. I rate CyberArk Privileged Access Manager a ten out of ten.

The use cases for CyberArk Privileged Access Manager include access to Windows, Windows servers, Linux servers, firewalls, clouds, GCP, AWS, and Azure, but I do not administer the clouds. I only administer CyberArk.

CyberArk Privileged Access Manager helps us maintain an inventory of our privileged credentials and manage password rotation easily for our organization. It provides a secure way to access and monitor.

CyberArk Privileged Access Manager has positively impacted visibility into the PAM accounts. It has a very good dashboard that provides visibility into our accounts and password information.

CyberArk Privileged Access Manager's abilities to safeguard the infrastructure are important, as protecting credentials provides us with security and visibility.

CyberArk Privileged Access Manager is effective for preventing attacks and threats. It's very effective since it connects to a SIEM, such as Splunk and ArcSight. The functionality called PTA, Privileged Threat Analytics, is very good.

CyberArk Privileged Access Manager integrates well with other products.

CyberArk Privileged Access Manager improves operations because it's all centralized. When you have CyberArk to gain access to the admin console and other applications, it's the easiest way to configure your firewall rule because everything comes from CyberArk.

It's user-friendly and very configurable. We can do many things with it, especially with password management. It's easy to manage, and the controls are straightforward. It's a specialized solution for which it's hard to find professionals to work with, but it's very effective.

It's a very good solution for data privacy.

The reports could be more editable. I want to be able to edit a dashboard to see other information or graphics. Making the reports more editable would be beneficial.

I've been using this solution for at least five years.

I would evaluate the customer service and technical support of CyberArk Privileged Access Manager as very good.

Positive

I worked with Senhasegura, which is a Brazilian application for password security. We switched to CyberArk Privileged Access Manager because it is recommended for larger environments.

The initial setup is easy. I was involved in the setup process and was part of it.

It takes six months for the full implementation in a big company.

The deployment team consisted of approximately 10 people. While I don't know the exact job titles, a manager and at least two engineers on the CyberArk team were required.

CyberArk Privileged Access Manager has helped our organization save on costs. CyberArk Privileged Access Manager is expensive, but it helps protect us from losing money. 

Its benefits are visible immediately after the deployment, but in Brazil, people generally implement CyberArk Privileged Access Manager after an incident.

It's not a cheap application. It's very expensive.

Don't wait to be attacked or lose your data. Protect your credentials, even if you use other security tools. 

I would rate this solution a nine out of ten.

The primary use case for CyberArk Privileged Access Manager in our organization is to ensure we move away from named identity admin access, which lacks protection such as MFA and other features offered by cloud privileged identity management solutions. Our goal was to protect anything on-prem related to Active Directory privileged access, so we chose to go with CyberArk Privileged Access Manager.

I am the cybersecurity lead in my organization. Every single year when we do the audit, one of the things that consistently comes up is how there are hashes floating around the environment. Since switching over from named admin-privileged identities to CyberArk PAM identities, like PAM accounts, there have been almost no breadcrumbs left behind. There are no hashes and that sort of thing. We hardly see any hashes floating around the environment. We have not done the audit yet, which is due next month, but I have been keeping an eye on the hashes and it is looking promising.

The session recording and monitoring capabilities are valuable. We have real-time session management ability to record, audit, and monitor any privileged user activities. That is a big deal.

Automatic credential rotation and granular access control for target resources accessed by admins add to the value. 

Seamless integration with the SIEM, especially Microsoft Sentinel, is valuable.

Lastly, the platform's versatility allows for the use of different types of platforms beyond just RDP and SSH, including SQL and web applications.

There is room for improvement, particularly with Vendor PAM. We were previously using a competitor product that allowed vendors to manage their own teams. CyberArk has brought a feature called Vendor Team Manager, but it does not provide full access. It requires the vendor team leader to be onboarded as a local account instead of using their email address. Improvements could be made to onboard the vendor team leaders using their email, allowing them to manage their own team. That would greatly reduce the overhead in managing vendor team members. We have 50 to 100 vendors. Each vendor has at least 10 to 20 accounts., so we are talking about 500 to 1,000 accounts. It would be easier if we could just manage those 50 vendor team leaders rather than hundreds.

We have been using CyberArk Privileged Access Manager for six months, having started on the first of July.

Stability has been impressive. We have not experienced downtime for any reason. We did encounter one bug, but it was resolved once a patch was applied. The system is very stable and seamless. It requires minimal intervention to maintain high functionality.

When we took over as system owners of CyberArk, I thought every single time there was an update, we would have to stay up the night to do the patches and make sure it worked, but it has been very smooth and seamless. There is no friction. Everything has been taken care of at the back end, and we have not had to do anything out of hours. It has been very good.

I would rate it a ten out of ten for stability.

So far, scalability has been excellent. Initially, we deployed the architecture for 10 to 20 users, but we have onboarded 30 users while still on that mid-tier configuration. We have had no issues.

Being a mining company, we do have operations at various sites. That includes multiple sites in Australia as well as a couple of sites in Northern America. We do have multiple sites with critical infrastructure on every single site. 

At the moment, we have 50 user licenses, and so far, we have onboarded 30 users. We have 20 more users and some more coming on board in the new year.

I would rate it a ten out of ten for scalability.

CyberArk's support is excellent, providing personalized assistance through a dedicated local account manager and sales engineer. Their responsiveness is impressive, even though our location is quite isolated. We receive prompt support, which often exceeds expectations.

The dedicated local account manager has been providing us with personalized assistance tailored to the unique challenges that we have as a mining organization. The sales engineer supported us with his expert technical guidance during the deployment as well. It has been amazing. Both of these guys ensured smooth implementation.

For any issues that are not important, we raise tickets for customer support, and they have been very responsive. They get us back promptly. That is something unheard of because we are a very isolated city in Australia. Ours is the most isolated city in the world. The nearest city to us is 2,400 kilometers away. For someone like us, the support has been amazing. Sometimes, with other vendors, we have to wait a couple of days to hear back from them, but CyberArk has been exceptional in coming back to us with immediate responses. Their support has been perfect. I would rate them a ten out of ten.

Positive

Previously, we used BeyondTrust. We decided to switch to CyberArk due to its superior support, scalability, adaptability, and the local presence of account managers and sales engineers, which facilitated a smooth and effective experience. 

While other products in the market may offer certain features at a competitive price, they often compromise on support, scalability, and adaptability. The main thing for us was the support. CyberArk combines top-notch technical capabilities with the local human touch of the local account managers and sales engineers. That was a big thing for us because that ensured a smooth and effective experience throughout the journey, which other products lacked. 

We are in the West of Australia, and all the competitors are in the East. The only way to communicate is over the phone, and we would only see them once or twice a year. Having local account managers and a sales community was a game changer. Also, considering the reputation and the gold standard for Privileged Access Manager, others cannot compete with CyberArk.

It is a fully SaaS model, but because of the way CyberArk is architected, we do have our jump servers, PSM connector servers, and Secure Infrastructure Access servers in Azure, but it is not self-hosted. It is a cloud solution.

The jump start that was offered as a part of the product licensing was a game changer. When it comes to CyberArk, the complexity is quite high. That comes with security. Security and usability do not go hand in hand, but we have had help throughout our journey. The initial setup was detailed and supported actively by CyberArk's jump-start engineer. Every question was addressed, and the deployment was well-structured.

To realize its benefits, we had to wait until the users were happy using the PAM accounts. The individual privileged identities were still being used, so it took almost three months. That was the time it took for us to onboard the PAM accounts, hand over those accounts to the users, and confirm that it was working as expected.

In terms of maintenance, I thought there was going to be a lot of maintenance because we are the system owners, but so far, it has not skipped a beat. All the updates were very smooth. We did not have to do any work installing the patches, apart from underlying Windows patches, which is the sysadmin's job. If sysadmins are able to patch them, the product is resilient enough to come back up and do its function. Any updates related to the product itself are installed in the background, and it is very transparent for the user. It has been very seamless.

CyberArk's jump-start engineer played a crucial role in our successful deployment. He helped us all the way. Even now, about six months into the journey, he is helping us out with a few bits and pieces. Having that jump-start there was a game changer.

During our quantitative analysis, we estimated potential savings of one to ten million dollars a year by using a PAM solution. A cyber breach relating to admin-privileged access could lead to a financial loss of ten million dollars. If a standard user account is breached or compromised using their credentials, they cannot escalate to our higher privilege ones or cannot move laterally within the network. That was a game-changer.

CyberArk Privileged Access Manager is perceived to be somewhat overpriced compared to similar market products. It is a little bit overvalued. It could come down a little bit for my liking. However, the industry-leading reputation and the quality of service justify the high price point to some extent.

I would highly recommend CyberArk Privileged Access Manager. It is a leader in the privileged access management space, offering robust tools to secure credentials across IT and OT environments. We are very heavy on OT environments. It has been nothing but the best.

I would rate CyberArk Privileged Access Manager a ten out of ten.

We use CyberArk Privileged Access Manager to manage privileged access, so all the privileged accounts are vaulted in CyberArk, and that's our control method to manage privileged access. We also manage access for developers, so we have dual control to give approval to developers.

CyberArk Privileged Access Manager has made our operations more streamlined. There is an approval process, so it helps us keep tabs on who's working on what and for how long. We also have to give a reason when we're using privileged accounts, which helps keep track of whether they're being used correctly. 

It's been good so far in safeguarding the infrastructure, but we've not used additional features of CyberArk Privileged Access Manager. Modern PAM with secure web sessions or secure infrastructure access is something that I learned about at the conference. I am curious about how we can use it.

It has not helped to reduce the number of privileged accounts. Whatever we find privileged in the environment, we want to control that by using CyberArk Privileged Access Manager. That's how we're able to control it. It has helped us identify privileged access better because we discovered users who didn't need privileged access. There have been cases where users with privileged access don't want their accounts in PAM because they need to pick up the password on a daily basis to perform their actions. There have been cases where they've gotten their privileged access off the account because it's not needed.

The user interface needs some training, but with a guide telling the user how to go about it, we have received positive feedback from whoever has used it.

It took us some time to realize its benefits because any new tool needs a proper understanding of how it can be used. A lot of testing was done on the engineering side, and demos were given. It took some time, but it is going smoothly.

Given that this is the only tool that I've worked with for the control process of privileged access, I don't have anything to compare it with. However, it's helped us keep our privileged access in check. We're able to get logs as to when the user checks out an ID and for how long, so it's a good monitoring tool.

They covered a lot at the conference. I don't have visibility into what product we've bought. It would be nice for them to approach us with what we have bought versus the new features being added. We need clarity on whether new features come included in the package that we already have, or if it's something that we need to have over and above.

Occasionally, there are lagging issues. Sometimes users have to re-login. When users copy passwords, there is sometimes a lag, so they have to log out and log in, but these are very rare cases.

I've been using it for about 5 years.

Occasionally lagging occurs. I've not heard about crashing, but there is a lag. Sometimes users will have to re-login and get it right.

The team that I work with is our in-house engineering team. I've had a conversation with CyberArk once last year revolving around efficiently generating the inventory reports. I contacted the technical support, but I didn't get a very straightforward solution that I was expecting.

We were developing a dashboard to find all the privileged accounts that weren't vaulted in CyberArk. We wanted the inventory report to be generated on a daily basis, but were having some trouble. We reached out to their technical support. The solution that they proposed was not straightforward because of the backend processes of CyberArk. We had to approach it in a different way.

Neutral

I would rate CyberArk Privileged Access Manager a seven out of ten.

My use cases for CyberArk Privileged Access Manager are specifically for privileged access management. We are using it along with other products. They have access management, their own certificate manager, and other managers. CyberArk Privileged Access Manager is for privileged access for users who require more than normal access, such as administrators and engineers. We can rely on this tool to manage that access.

You can see the benefits of CyberArk Privileged Access Manager immediately. This is risk management. You are not getting any features from the tool. It's not something that you are installing because you want it, for example, ChatGPT. With CyberArk Privileged Access Manager, you're getting control. You're not getting any additional features for your platform or systems. You are just controlling the risk. Users can't do what you aren’t allowing them. They can't make any change without approval, so it controls risks. Once you see that value, you're controlling what the privileged users in your system are doing.

The most valuable feature I find in CyberArk Privileged Access Manager is that we can record the sessions. It provides flexible workflows. I can change the workflow to specify if it needs one approval or two approvals, and I can approve my peer. We can record sessions for external people who want or require privileged access to our systems. That is very flexible. We can record what people are doing in the platform.

I find it hard to mention a point of improvement because I'm happy with the platform. The only thing I would say is that they can improve their price. 

I have been using CyberArk Privileged Access Manager for three years.

Regarding the stability of CyberArk Privileged Access Manager, I have seen a couple of times that the server was not available. In three years, it has only been a couple of times. It has high availability and low impact. In terms of the platform, it is stable.

The scalability of CyberArk Privileged Access Manager has been good; the only thing is the license. The platform is very scalable, but you need to get more licenses in terms of users.

I don't handle that kind of interaction, but my engineer does. Sometimes it requires escalation, but I have not heard of any complaints from him in terms of the support received. It is good.

Positive

I have used Delinea but not in this company. I prefer CyberArk over Delinea.

It is not that easy. You need to load the users and platforms that you will be using. You need to teach the users how to do it. It requires some change management. It is a bit complicated, but it is expected. It is not just plug-and-play.

Its maintenance depends. You can have an on-premise solution or you can have a cloud solution. We have an on-premise solution, so it requires some maintenance on the infrastructure.

Its implementation requires a team effort

With the current model of licensing, for my use cases, sometimes it's hard to convince the management and get budget approvals for it. It's expensive and you're not getting anything new. It's just a control, but in terms of risk, you are covering a big impact on the company. Improvement in the licensing prices is something I would want to have.

I would rate CyberArk Privileged Access Manager as an eight out of ten.

As an implementation engineer, I have extensive experience with CyberArk Privileged Access Manager and its implementation this year at our customer site. We have been acting as a resident engineer for one of our customers for the past six months.

CyberArk Privileged Access Manager provides a repository and management system for our administrators to have sessions on our systems. For example, we require any administration access to our firewalls to be conducted through the PAM solution first. CyberArk Privileged Access Manager allows our administrators to access the firewalls and record the sessions.

Another use case is user offboarding. If an employee like Muhammad leaves our company, we can simply delete this user from the entire organization. We also have excellent compliance capabilities to review what occurs during administration sessions because we have them already recorded.

CyberArk Privileged Access Manager is very good on stability as a PAM solution. You can consider that if you do not have a stable PAM solution and the PAM solution always has issues with many maintenance windows, your entire organization cannot access the systems. It is very critical to rely on a stable system as a PAM solution.

The most valuable features are integrations with ticketing systems, recording sessions, and running with compliance. We also have another feature from CyberArk Privileged Access Manager, especially SSH key lifecycle management, which performs excellently in this area.

CyberArk Privileged Access Manager does not interrupt the sessions or administration sessions. Our professional services team implemented it, and we deployed full PAM features and the complete CyberArk Privileged Access Manager product in just three weeks across our larger organization. I think this is a strong point for CyberArk Privileged Access Manager.

I believe account discovery and rolling support need to be improved. Account discovery is important when integrating with other systems, as other PAM solutions can perform account discovery and onboarding effectively. Because PAM projects usually fail when teams try to onboard everything manually, CyberArk Privileged Access Manager discovery workflows can reduce this issue. Therefore, I think this area needs improvement.

We have recently relied on CyberArk Privileged Access Manager for only six months, so we have not tested the scalability yet.

We did not face any lagging or crashing during the past six months. The stability is very good, and I would rate it a ten.

We have recently relied on CyberArk Privileged Access Manager for only six months, so we have not tested the scalability yet. However, I can say it appears to be good from my understanding.

CyberArk customer support is professional. We contacted them on only one case and resolved it in time. Based on our experience, we resolved the issue in just five minutes. I can say the support team is very professional and very technical with strong technical capabilities.

Positive

I have implemented Fortinet VM, which is Fortinet's new PAM solution, two weeks ago recently. I think Fortinet has strengths in some areas and CyberArk Privileged Access Manager succeeds in other areas. Overall, I think CyberArk Privileged Access Manager is very good and can be considered a market leader in this space.

The pricing compared to other solutions, particularly Fortinet, is favorable. Fortinet overall has excellent pricing. However, CyberArk Privileged Access Manager has good return on investment. The pricing is affordable compared to the features and the stability of the product.

CyberArk Privileged Access Manager requires upgrading and maintenance. We have scheduled the upgrade, and we have detailed and informative documentation for upgrading. There is an integration matrix, or rather a compatibility matrix, between the newer versions of CyberArk Privileged Access Manager with other systems. Before upgrading, we study the compatibility matrix and the upgrade process is very smooth.

My overall rating for CyberArk Privileged Access Manager is ten.

We are a consulting company, and we provide consulting for solutions like CyberArk, HashiCorp, and similar offerings. I provide consultancy for various industries such as finance and hospitality.

Our clients use this solution for their critical assets and crown jewels. They want good identity and access management or privileged access management for their critical assets. A lot of mid-tier clients would have also implemented CyberArk on their servers if its pricing was better. Usually, they deploy it for their critical assets. They have implemented policies, just-in-time access, etc.

Having an efficient Privileged Access Management solution like CyberArk helps you stop bad actors early in the cyber attack chain process. You have an additional layer of security for your assets.

CyberArk Privileged Access Manager provides a good amount of granularity in giving access.

CyberArk Privileged Access Manager has a policy for blocking out everything as per the Zero Trust model, which can be helpful in a breach situation.

CyberArk Privileged Access Manager ensures data privacy by locking down your assets and recording each and every instance. That helps with the data information protection piece.

Privileged access management solutions like CyberArk Privileged Access Manager make it difficult for malicious entities to gain information or expose sensitive assets. Even if a specific asset not part of the PAM group gets breached, your critical information remains safe as access to specific resources or ports is not allowed. Implementing privileged access management in a way that blocks necessary threats makes it difficult for bad actors to access sensitive information.

The whole concept of Zero Trust and implementing it with CyberArk, which somewhat adheres to the 'never trust, always verify' principle, is very valuable. I really appreciate this aspect. Moreover, the just-in-time access is impressive, allowing access for a specific time.

Apart from CyberArk's PAM solution, I like CyberArk Conjur for secrets rotation. The constant rotation of secrets makes it hard for bad actors to gain access to environments. 

CyberArk provides a good amount of control over access types. However, as a future enhancement, having additional features for cross-platform integration would be beneficial. It would be good to have integrations with other tools and firewalls, such as Zscaler and CrowdStrike. Although I am not fully aware of recent updates, more cross-platform integration would be valuable. A SOC analyst would like to have centralized access in terms of information flowing in even for privileged access management. They would like to have control over everything instead of opening four to five tabs for different sorts of information. Cross-platform integration would help with that.

Customers also want CyberArk's pricing to be better so that they can implement it further and have more licenses.

Implementing a privileged access management solution can be challenging. It would be great if CyberArk could provide recommendations based on the compliance standards of an organization. It would help system admins ensure that all the required ports are closed and the systems are being managed properly. If any system is not being used anymore, any ports opened for that system need to be closed. Having such recommendations would be helpful.

I have been associated with CyberArk since it became popular two to three years ago. I have been working with CyberArk tools on the client side and the consultant or vendor side.

I cannot think of any stability issues.

I cannot think of any scalability issues.

In terms of tech support, I have had a positive experience with ManageEngine support, and I wish that a similar experience was there with other vendors and products. With ManageEngine, I appreciated the chat option. When I was stuck, I did not need to go through a dedicated portal or wait hours for a solution. A chat system providing quick access to a technical engineer, within four to five minutes, is very helpful.

I would rate CyberArk's technical support a seven out of ten.

Neutral

I worked with HashiCorp, specifically HashiCorp Vault, and had collaborations representing CyberArk's perspective. 

CyberArk focuses on privileged access management for enterprise security. They offer CyberArk Conjur, but if customers need secrets management or infrastructure automation, HashiCorp has a better solution with HashiCorp Vault. In terms of PAM, CyberArk excels. For Conjur-type products, HashiCorp is better. CyberArk caters to traditional infrastructures and security or IT admins, while HashiCorp has good cloud-native, DevSecOps, or DevOps services.

About two years ago, people focused on the on-prem side of things, but now the cloud version is gaining popularity.

The solution has so much to offer that it becomes a little bit complex. Every infrastructure is different, and you need a customized solution as per the infrastructure design. CyberArk has a lot to offer. It has a lot of buttons to push in terms of security, so it becomes a little bit complex when you are deploying it for a big organization.

During on-prem deployments, we followed specific steps for the right deployment process. The order of deployment is crucial, such as deploying necessary components first and then setting up CPM policies. This order is essential whenever deploying CyberArk.

Two to three years ago, its integration was difficult. We had to take different routes to integrate those solutions, but now, we see a lot of plug-ins. For example, Microsoft Sentinel does have a CyberArk plug-in.

For deploying a CyberArk solution, you would need at least two security analysts, two to three system admins, and one network administrator. The security admin provides the right infrastructure and access. The network administrator helps with all VLANs or separate segmentation for specific sites or resources. The security admin works on the CPM policies and more.

In terms of maintenance, like any other solution, it requires keeping an eye on it and any updates. You would need someone to support it.

A strong identity and access management solution aids in navigating significant incident responses or breach situations. Omitting important solutions can be highly costly. Implementing a privileged access management solution can help avoid such expenses.

Its value can be seen after one or two months of proper implementation. It makes the life of a security admin easier. 

I focus more on the technical side, but I hear customers say that if CyberArk was more affordable, they might have acquired more licenses. Some clients consider alternative solutions due to pricing concerns. If CyberArk could address this, it would help in offering their solution to additional customers.

With a PAM product, most customers want to block access to critical assets and have a strong policy set. They also look for cost-effectiveness.

For a financial organization, even a compromised password can trigger a domino effect in terms of exposure of sensitive information, leading to a failure to meet specific compliances being followed in a specific region. They might have to let consumers know. Having an effective PAM solution can save a company from such a situation. Generally, it is not that the solution is not efficient. It is usually that the implementation is not done correctly. Every infrastructure is different, so you need to have a proper plan and make sure it is implemented as per your industry requirements.

CyberArk Privileged Access Manager helps with compliance to a certain extent, but it is not a compliance solution. For compliance, we still rely on other solutions.

I tell my clients that having an additional piece of PAM helps protect against threats and provides an extra layer of security. Identity and access management are fundamental in cybersecurity. Done right, it offers peace of mind and safeguards against unauthorized access to sensitive information. In the financial sector, where data is highly sensitive, exposure to bad actors can lead to significant breaches and potential damages. A breach can cost a million of dollars.

I would rate CyberArk Privileged Access Manager an eight out of ten.

The use case of privileged access management is self-explanatory. A large telecommunication company like ours needs to protect our privileged access because every attack cycle has privilege escalation, and we have to stop attackers at this point. 

We have a lot of vendors or third parties working with us. They need to access our resources. The trust level of external third parties is lower than direct employees, so we do not want to share our critical credentials with them. That is our primary use case. 

Another use case is managing internal employees, especially highly privileged administrators. Furthermore, the critical business applications and areas throughout our IT infrastructure involve privileged access, and we aim to protect those. We want the ability to audit and have real-time control.

I appreciate CyberArk's real-time capabilities. I can secure critical sessions, such as SSH or database sessions. As a security professional, I have real-time visibility into ongoing sessions. If anything suspicious occurs, I can terminate or freeze the session, which is part of user behavior analytics. 

We can monitor and have real-time control over our environment with sessions coming from around the world, ensuring security. We have visibility and control through real-time user behavior analytics. That is my favorite feature.

It has a learning curve and is a complex product that requires dedicated training and people. 

Maintaining the product is challenging. Upgrades require a lot of resources, as it impacts the entire organization. For example, upgrading components like the Privileged Session Manager (PSM) and the vault is time-consuming and difficult. In the long term, I would like to see these processes simplified, especially for on-premise installations.

I have been using this solution since 2018, which is a little over six years for me.

The product is solid and works as designed. The product itself is not yet very mature. That is one side. Another side is not putting enough resources into it as a customer. Most of the time, any stability issues are mostly with the customer, not the vendor. Proper fine-tuning and expertise ensure the product performs well.

It is highly scalable. We started small and expanded it to an enterprise level, and are now moving to the cloud for further growth. Its architecture offers scalability. It can grow much bigger than our company. It provides all the flexibility and modules if you have the required expertise.

CyberArk's customer service has improved recently and is now very responsive. However, four to five years ago, they were average. They are now at acceptable levels.

Neutral

We are fully on-prem for the PAM, but we are moving to the cloud.

Its deployment is not easy due to CyberArk's complexity. We started from a small footprint and then moved to a larger deployment. It was a lot of work. This could not be managed without CyberArk-certified engineers. It is very complex.

We can never deploy and manage it fully by ourselves. No company has that expertise, so you always need CyberArk-certified engineers from a third party when it comes to critical things. We have over 30 servers running for the CyberArk solution. All 30 servers have different pieces of this complete solution. We can never upgrade it by ourselves without professional services. We can do some of the things ourselves, such as day-to-day management, troubleshooting, and operations, but for upgrades, installations, migrations, and disaster recovery, we need professional services. We have a separate budget every year for professional services.

We have a team including myself from governance, a project manager, senior leadership, and hands-on team members, among others. It requires four to five people from security and two CyberArk-certified engineers. I need two engineers because if one gets sick in the middle, the other person can take over because there is no going back when we start the upgrades and critical changes. We have four to seven knowledgeable and dedicated people in a critical scenario.

Pricing is a problem. CyberArk is expensive compared to other products I know. It is similar to buying a German car. It comes with all the bells and whistles, but some companies may find it too expensive.

I compared CyberArk with a product called Delinea. I preferred CyberArk because Delinea required additional agents installed on each target for session recording, whereas CyberArk does not. There was a difference between the two products in how they did the session recording. Because Delinea needs an extra agent installed on each target to do the session recording, you have a huge amount of work managing those target agents on probably thousands of servers. You need another team to do that. An extra workforce is needed to manage that. That was the first turn-off for me. CyberArk does not need an agent. It is in real-time. It drops DLLs to the target host during the session so that you do not need to manage the agent.

The most important aspect for us was that Delinea did not have real-time controls. They said they were developing that piece. They could only analyze recordings after the event had already happened, but then you are too late. All the artificial intelligence and machine learning were applied for the post-event activities. That was a big differentiator. CyberArk's real-time controls set it apart as Delinea only analyzed recordings after events.

These were the two main reasons for going with CyberArk. Everything else was fine. For an average-sized company, Delinea is fine, but for a large-scale company, CyberArk is a better choice.

It took us some time to realize its benefits because there was a learning curve for us. It took us about a year to get our heads around this product and start effectively using it. It is a journey. It takes at least five years for any company to make this product very useful and reach maturity. It is not only the product's fault. The company needs to have a vision, and the company culture needs to go with it. Senior leadership needs to support the vision. You need to have lots of ingredients for success. If everything is in place, you will see success after one year. In the first year, it is a struggle for everybody.

My company was bought by a bigger company, and they were very new to privileged access management. Everybody was struggling. The advice I would give is to have a good vision for privileged access management. You need dedicated teams, senior management support, and proper company policies and standards before implementing the solution. Start building knowledge slowly and avoid jumping into the deep end without preparation.

I would rate CyberArk Privileged Access Manager a nine out of ten.