CyberArk Privileged Access Manager Reviews

With CyberArk Privileged Access Manager, the main idea is to control third parties of the organizations. A lot of banks usually work with integrators abroad, and they want to control those connections from the third party to their infrastructure, including the ability for the CISO or security officer to watch online the session of technical support provided by the integrator. That was the most common use case. 

Another use case is to control IT personnel, where the information security team manages what actions they perform at higher privilege levels in the infrastructure. So, those two use cases are the most common.

The most valuable features in CyberArk Privileged Access Manager are session recording, role management, and access control division. Different groups can use all the abilities of the administrative role, and customers can divide their teams into auditors, administrators, and CISOs. 

The storage of passwords is also brilliant. Everything is stored in a highly protected area, allowing customers to use a single sign-on approach to connect to infrastructure servers necessary for their daily activities.

The impact of CyberArk Privileged Access Manager on customer operational efficiency is quite positive. While we cannot provide exact figures, the effectiveness is apparent, though we lack specific data.

Assessing CyberArk Privileged Access Manager's ability to prevent attacks on financial services infrastructure is quite complicated, as customers usually do not share information about attacks or prevention. During POCs, before selling the solution, we run common attack simulations that typically occur in the financial sector, such as lateral movement. We have tested various attack scenarios in testing mode where CyberArk is installed, and we have shown to our customers that CyberArk successfully mitigates those attempts.

CyberArk Privileged Access Manager has helped reduce the number of privileged accounts to a minimum over the years. When we start working with CyberArk in customer infrastructure, the first thing we do is run the Discovery feature, which shows all the administrative accounts in different information systems. The next step involves addressing accounts that are unnecessary or could be used for malicious activities, so reducing administrative accounts is typically the second or third step after integrating the system.

CyberArk Privileged Access Manager indeed helps meet compliance and regulatory requirements for customers, especially in the financial sector, by aligning with PCI DSS standards. Consequently, customers are very satisfied when auditors evaluate their compliance. When assessing CyberArk Privileged Access Manager for ensuring data privacy, the focus mainly lies on password management. I have not encountered customers using the storage solutions for anything other than passwords, making it challenging to discuss broader data privacy. The primary data customers prefer to store consists solely of passwords.

Areas of CyberArk Privileged Access Manager that can be improved include offering clearer configuration options. Due to its advanced and complex nature, sometimes it is not obvious where to find specific parameters for configuration. Enhancements, such as video tutorials within the product, would be beneficial, as the text documentation is often insufficient.

It would be very useful to have predefined configuration wizards. For instance, if templates are available for third-party support teams, it would allow users to click through the configuration process with checkboxes, significantly simplifying the setup.

I have been working with CyberArk Privileged Access Manager for eight years, with technical hands-on experience for three years. 

I became a project manager of the projects for implementation, education, and technical support of CyberArk. In terms of technical experience, it was three years, and for the management of CyberArk projects in general, it has been about five years.

CyberArk Privileged Access Manager is easy to scale and accommodates various infrastructure models. Any component, including licenses, can be duplicated and scaled across hybrid infrastructures, such as when a customer uses both on-prem and cloud solutions.

My impression of their technical support team is that it is very bad. The support team's response time is quick, however, the resolution process takes too long. 

This inefficiency leads us to maintain a highly trained and experienced internal team, which is costly yet necessary since the vendor support response time is often inadequate.

Positive

The typical deployment process for CyberArk Privileged Access Manager starts with ensuring organizational prerequisites are met. We begin by sending prerequisites required for the environment, and the customer provides feedback that the environment is ready. 

After we establish remote connection capabilities, we initiate the installation process following the agreed scope of work. This process includes integrating with Active Directories, second-factor authorization services, and email systems. 

Next, we configure role-based access control, set up reporting, and automate email notifications for predefined activities. 

Finally, we utilize a Threat Intelligence system to establish a baseline of regular behavior for administrative users.

Regarding measurable benefits after deploying CyberArk Privileged Access Manager, customers often ask about return on investment. One measurable benefit is the reduction of engineering resources in the IT staff since they do not need as many administrators to manage numerous services. 

Additionally, they reduce the number of personnel in the information security team, as fewer controllers or auditors are needed to oversee the activities of IT staff. These benefits can certainly be measured.

CyberArk Privileged Access Manager has helped customers save on costs primarily by reducing the number of engineering and information security personnel. This includes salaries and bonuses; although they do not fire these individuals, they reallocate them to other activities.

If a colleague believes they do not need a Privileged Access Management tool since they are already using other security tools, I might explain the core idea of PAM solutions. The main purpose of a PAM solution is to prevent malicious activities involving administrative accounts. Hackers need to exploit these accounts to cause harm, and according to a recent Gartner report, approximately 80% of all attacks are directed through administrative accounts. This is why PAM solutions, including CyberArk, must be implemented to effectively manage and monitor those administrative accounts.

On a scale of one to ten, I rate CyberArk Privileged Access Manager an eight out of ten.

The main use of CyberArk Privileged Access Manager is to manage identities and access for our clients. We mainly focus on use cases like managing shared accounts, automatic password rotation, and recording sessions.

Its quite difficult to track for client who has access and at what time, which activity was done with that account, especially for built-in administrator accounts and Shared accounts. 

Automatic password rotation is another use case. CyberArk Privileged Access Manager has the capability to rotate automatic passwords in the defined period of time. CyberArk Privileged Access Manager is also used for recording and session monitoring .

With CyberArk DNA, we can discover the accounts and their associated dependencies and usage.

Data is secure. The passwords are stored in an encrypted format. The data privacy is very high, and it is quite challenging for someone to retrieve credentials from CyberArk Privileged Access Manager.

With Privileged Threat Analytics (PTA), which is a different component in CyberArk, you can put some additional control. For example, you have an account onboarded on CyberArk. If someone wants to access the system without using CyberArk and copying a password, which they might have stored in the notepad or their system, an alert gets triggered. There is also an additional control for ad hoc admin access if someone wants to access an admin privilege or and want to access some critical application after business hours. PTA provides more control.

It improves the overall security posture and provides more control. We have better governance. Credentials are stored in the safe vault.

It reduces the need for IT and help desk resources. There is a streamlined change process without relying on the L1 team to reset the admin account credentials. There is also better compliance and segregation of duties. We can meet the compliance requirement for retention of logs, password rotations, etc. It helps client to meet different compliance requirement / standards, such as HIPAA, SOX, ISO 27001, etc.

With no manual intervention, there is also a reduction in human errors. Based on the number of available accounts for the organization and the user entitlement, that is 300 to 400 hours.

It improves operational efficiency. With the control that we have with CyberArk Privileged Access Manager, there is a reduction in the manual effort for validation of the admin accounts. Without it, a person has to extract the accounts from the servers and revalidate them with the owners or approvers. That is quite tricky.

It can help to reduce the number of privileged accounts. For example, if the Windows team has 10 or 15 members with individual accounts. It is better to create one shared account based on their role such as L1, L2, or L3, reducing it to 2 accounts. It will reduce the number of privileged accounts in the organization as well as threats.

The main feature of CyberArk Privileged Access Manager is the ability to manage who has access to what and when, especially with shared accounts. With individual accounts, that is easy, but with shared accounts, it is quite challenging for clients.

The sessions are being monitored based on the Safe design and the ownership of a respective Safe. And its maintain individual accountability, Also check-in and check-out the passwords.

The reporting should be improved.  There should be more customization. The report should show how we are going to mitigate the risk because we cannot show the system environment to each and every auditor. Some kind of custom report should be there so that we can give a clear output about the risk.

There should be improvements in the dashboard visibility within CyberArk Privileged Access Manager. It should give more visibility in a single go rather than having to compare different reports.

Furthermore, having out-of-the-box dependency discovery for accounts, such as scheduled tasks , services and application pools, would be beneficial to improve overall functionality.

I have a total of 16 years of experience, and I have been working with CyberArk for about twelve to thirteen years. 

There have been no stability or performance issues as long as the design meets the requirements. It is essential to adhere to the recommendations for concurrent session capacities.

The solution is quite stable and scalable. It does not seem to have any gaps.

The technical support from CyberArk is quite impressive. They are responsive and provide detailed information when needed. I would rate them a nine out of ten because sometimes there are delays due to different reasons or misunderstandings.

Positive

I have worked in CyberArk, Delinea, CA PAM, ARCON, and BeyondTrust. I am parallelly working on other PAM tools along with CyberArk. I started to work in CyberArk PAM since version 7.1.

For on-premises, there is complexity due to the need for physical servers and cluster configuration, which might require going to data centers. However, after several deployments, it becomes less challenging. A cloud deployment would be easier.

Its integration capabilities are quite good. We are using CyberArk identity as a multifactor authentication with RADIUS. That is quite impressive because, with one dashboard, we can manage the users' identities.

In terms of the deployment strategy, we first identify the scale and then design the solution. If the number of admins is high, there will be more concurrent sessions and recordings.

It is not tough to maintain. We once had an issue because of human error, but overall, it is easy. For 8X5 support, five members should be there.

For a large-scale deployment, two to three people are sufficient.

The cost savings vary based on the organization. A larger organization will definitely have more cost savings with the reduction in the manual effort in managing the accounts in the system.

The pricing is slightly higher compared to other solutions, but it is reasonable because there are better security features. Initially, it was based on endpoints, now it is based on the number of users, which offers cost savings based on administrative accounts.

I would recommend CyberArk Privileged Access Manager. My recommendation would be to ensure that the benefits of the solution are highlighted by presales, such as risk mitigation and meeting compliance posture.

The overall rating for CyberArk Privileged Access Manager is ten out of ten.

We use CyberArk Privileged Access Manager to provide a protective layer for our infrastructure, as well as for our customers. 

Additionally, the audit functionality that it provides is used as protection for our employees. It offers evidence, so if there's any question about wrongdoing, there's proof that the job was done correctly.

It's predominantly addressing challenges around reducing open access to critical infrastructure and providing a mechanism to control who can get to what and with what credentials.

It's improved the organization by making it easier to access privileged accounts. There are so many accounts needed by most people now and to have a a tool that can not only store those credentials for you, but manage them and give you easy access to them, has made life a lot easier. The removal of the need to manage and maintain those credentials and cycling passwords regularly is a pain for anybody. The tool manages all of that for you whilst giving you a simple means to use them.

The most beneficial feature in CyberArk Privileged Access Manager is its simple user interface. It is definitely advantageous. I also appreciate the enhancements that come along with the continual updates that are provided. 

It has improved the organization by making it simpler to gain access to privileged credentials. There are so many accounts needed by most people now, and having a tool that can not only store those credentials for you but also manage them and give you easy access has made life a lot easier. The tool manages credential cycling, which is typically a pain for anybody, while providing a simple means to use them.

The solution is very good for protecting full levels of data privacy. We silo out different parts of the solution for access to to different types of infrastructure in the same way we would to our customers so that we can restrict who can get to something. In combination with our IM processes, we can be quite granular about who has access to what.

We can stay updated on regulations. The updates that are coming through help to keep the product secure and also add in updates and enhancements that give greater functionality and keep it relevant in terms of requirements.

The controls are fairly granular. We can control who can administrate it and who can use it and what they can use when they're using it. It has positively impacted visibility. As we leverage the product for administration of the product, we're able to be much more granular in how we provide the access. The audit controls allow us to see who is doing what, and when, it should be required.

It safeguards credentials. This is very important. The ability to have the product manage and maintain credentials and only provide them to authorized individuals, whilst not actually allowing them to retrieve those credentials, has become more paramount as we look to increase the security based on sort of ongoing real-world threats. 

It's helping with compliance, specifically around securing and hardening of infrastructure. It allows us to harden while still maintaining usability. 

In terms of operational efficiency, it depends on where you're coming from. Some things are more efficient, some things are a little less efficient yet more secure. It's that ongoing balancing act between operation efficiency and security that we must deal with.

We've been able to reduce the number of privileged accounts in the organization with the ability to have shared accounts. Since the credentials are not specific to a user and they're made available to a user for the duration of their session, we can reduce the number of privileged accounts we have within the organization. We've reduced the accounts by a half to a third between ourselves and our customers. 

I would like to see an easier way to define delegated roles within the administration of the core product. There is granularity within the tool, however, it is not simple to define those specific delegated roles.

I have used the solution for about nine years; it's been quite a while.

We have had some performance and stability issues. We have had instances where things weren't as they should be, however, we worked closely with the development support teams once the issues were escalated and managed to find either a resolution or a workaround to stabilize the solution. Typically, it is fairly stable.

Initially, we found some issues with scalability, however, over time, the guidelines and recommendations from the vendor have changed. By working closely with the available guidelines, the scalability is absolutely fine.

The customer service is generally quite good, although if it's more complicated, you have to wait for it to be passed back to their dev support, which can take more time. For simpler issues, the turnaround is relatively quick. If more complicated, it can take longer to get the right level of support. 

However, the support they provide is usually good, particularly their dev guys, who certainly know what they're talking about.

Neutral

Before CyberArk Privileged Access Manager, we didn't have a PAM product itself. We were using Citrix to provide remote access, but the need to move into the PAM space arose to provide extra security and audit control. 

Although I wasn't involved with the process, there was a competition to define which product would be used, and the CyberArk Privileged Access Manager product came out on top.

The initial setup is relatively straightforward once you've done it. It is certainly a lot easier to repeat. We have multiple instances of the on-prem deployed, so we've done it a few times now.

The deployment involved approximately four or five people, based on role separation. In a smaller organization, it could likely be done with one or two people. However, due to the need to separate functions for design, implementation of the service, product implementation, network and firewall requirements, and IAM processes for all accounts, several people are required to ensure these functions are covered.

From a security perspective, we started seeing value right away because we didn't have a PAM solution at the time. Over the next sort of months and years, we settled into the product and started to look at how we could make it work for us. This has been an ongoing process over the years, particularly with product enhancements and new features, which provide additional benefits against the incurred costs.

I'm not involved in the pricing. 

About a year ago, we started looking at potential alternatives. There were two others that were considered and were ruled out for various reasons before looking at additional proof of concepts to see what other features could be leveraged from CyberArk Privileged Access Manager that we weren't using. It managed to pass all of the requirements.

We have customers for various industries and use the product internally ourselves. We are in the IT sector and provide services to organizations in a variety of sectors. 

It's definitely worth looking at as a PAM tool. I would steer towards the SaaS version since everything suggests that it is potentially a better way to go than on-prem. However, on-prem would still be suitable for those who must control and own their data. 

It's still worthwhile implementing, and overall, I'd probably give it an eight out of ten.

We use CyberArk Privileged Access Manager for all kinds of privileged accounts, comprising personal accounts, service accounts, and different database accounts. We manage the administrator account for Windows, the root account and reconcile accounts for Unix servers, and system administrator accounts in databases. Personal accounts are also managed along with some shared service accounts.

I work for a cybersecurity reseller company, which is US-based, and we provide managed services to all kinds of industries. Currently, I am working with a natural resource and a healthcare company.

Many things have improved with CyberArk Privileged Access Manager. All privileged accounts are now secured. 

The password management keeps the passwords rotated, and these have different sets of policies, which keep the passwords in compliance. Compliance-wise, it is good to have a PAM solution in the organization. I believe CyberArk Privileged Access Manager is the best one available at this point in time.

The best thing about CyberArk Privileged Access Manager is that they keep on upgrading it. They continually conduct research and development from their end, and we get immediate support from CyberArk whenever OEM support is required for any task. Support-wise, they are the best, and the way they conduct research and analysis and upgrade the tool often is excellent.

They keep on improving regularly. As of now, it does not manage all of the IDM practices. It is only good as a PAM solution. If they could work more on Privileged Threat Analytics, it would be beneficial. It has limitations, so improvements on PTA would be fine.

I first used CyberArk Privileged Access Manager in 2016, and since then, I have worked on different tools as Cloakware, CA PAM, but I am now again working on CyberArk Privileged Access Manager, so it has been approximately seven years.

If implemented properly, the stability for CyberArk Privileged Access Manager is very good.

I would rate the scalability for CyberArk Privileged Access Manager as nine out of ten. It is very scalable, and you can manage more than 100,000 accounts, as I have worked in environments where we managed that volume and more.

We are partners with CyberArk Privileged Access Manager. Our clients are medium and small businesses. The number of accounts we manage in CyberArk Privileged Access Manager is approximately 10,000 in one client and 5,000 in another.

Support-wise, they are the best. I would rate the technical support for CyberArk Privileged Access Manager a nine out of ten.

Positive

I have used a very old tool called Cloakware before CyberArk Privileged Access Manager, created by CA Technologies. It later got upgraded to merge with CA Technologies, and we had a product called CA PAM, which later got improved into what we see in the market today, called BeyondTrust. Cloakware was not that organized. There were many issues with provider IDs, the interface was very old, and hardly any companies use it these days. When I was using it, I was working for a US-based bank. Comparing that with CyberArk Privileged Access Manager is impossible, as they are poles apart.

We have had cloud and on-premises deployments. Its deployment is easy. They have provided all kinds of documents. They are available in the community portal. You can get all kinds of help from the community or people using CyberArk and the OEM.

The duration of the deployment for CyberArk Privileged Access Manager completely depends on the environment. If it is a big environment, it may take up to one or two months sometimes. It depends on the collaboration of the teams. If the infra teams, the network side, and the OS side do not collaborate properly with the CyberArk team, it can take longer. However, if everything is in place and the environment is not huge, it takes less than a month, around 20 days.

The solution requires regular maintenance. You need to keep upgrading when updates are released by CyberArk Privileged Access Manager, and they do it quite often. Server patching is very important, and you need to be aware of the services running all the time. They have provided a system health feature to check if there are any component services that stop. All maintenance is required regularly, not daily but perhaps weekly, depending on the size of the environment. A good thing is that all of these can be automated. It saves a lot of time there.

We have eight specialists in one team working with CyberArk Privileged Access Manager in my MSS team. There are other teams as well that have many CyberArk specialists, though I do not have an actual count.

It saves financially, though I cannot provide specific numbers. It is vital to have a PAM tool in your organization because it protects you from all kinds of malicious attacks, both insider and outside threats.

Regarding time-saving, many things are automated on CyberArk Privileged Access Manager, which helps us save considerable time work-wise and is very efficient for users. The end users have the authority to reconcile the password or verify it before using session isolation, which is one of the unique features that can be enabled through Privileged Session Manager, preventing any attacks from happening within the organization when connected with sessions through CyberArk Privileged Access Manager.

The pricing for CyberArk Privileged Access Manager is quite expensive, and the pricing varies from region to region. In APAC, CyberArk Privileged Access Manager can be obtained for less than in North America, according to my understanding. Pricing-wise, they could improve by trying to sell their product in bulk licenses. You need to have a service provider or a reseller as the mediator company building the CyberArk Privileged Access Manager. Pricing-wise, they could definitely do a little better.

I would recommend CyberArk Privileged Access Manager to other users for all the reasons discussed. It has been number one on Gartner's quadrant for several years. Considering all those factors and being the best tool in the market for Privileged Access Management, it is recommended.

I would rate CyberArk Privileged Access Manager a nine out of ten.

The use cases include end-to-end privileged access and session management and complete password rotations. All the privileged accounts are secured within the vault, monitored, and rotated from there.

It helps manage non-human or application accounts used in scripting or containers. All can be managed in CyberArk. They have Secrets Manager as well.

Session monitoring includes recordings of all activities performed. For instance, if I connect to a server, whether it is Windows or Linux, and perform some activities, all actions are recorded. It is a video recording.

It can integrate with Splunk, SNMP, and other solutions and technologies. We have integrated it with Splunk for the audit logs.

Its price might be high for some people, but the quality is top-notch.

Their support can be better. Their SLA timings are higher than others. If Delinea has an SLA time of three days, CyberArk is going to have an SLA time of five days. They do not breach the SLA. 

I have been working with this solution for around eight years.

Support is available through different models, depending on the license agreement. Dedicated customer support personnel can be assigned to specific clients. Additionally, professional service hours are available for purchase.

Typical case resolution can take between a week and two weeks, although priority cases may be resolved in a day. There are different levels of support. Initially, a case goes to a level one engineer. If unresolved, it escalates to level two and then to R&D if needed.

CyberArk has a large number of customers. If you compare it to other vendors, they are doing better than CyberArk because their numbers are less, so they are able to support in a better way. With CyberArk, we have a longer waiting time.

Neutral

There are two models: on-premises and cloud. For on-premises, we have virtual machines hosted on Hyper-V, but physical servers are recommended by CyberArk. Installation requires technical expertise.

SaaS deployment is faster than on-premises because most of the components are handled by CyberArk. The deployment is faster in SaaS, but the cost of SaaS is a bit high. They have different licensing costs.

From my perspective, the capabilities the tool provides match the investment. For small businesses, the price is fair compared to other tools. While the cost may be higher, I believe it is a top-tier solution.

It is a leading solution and one of the best SaaS solutions in the market. CyberArk is good at what they do, and the price reflects that. You have to pay the price for the same.

The price can vary based on the capabilities you need. We are paying a fair price for our environment. Compared to other solutions, its price can be high, but you are getting the best solution available in the market.

For 1,000 SaaS licenses, 100K euros might be required.

I would rate the solution a nine out of ten.

My company partners with CyberArk. I come from a service provider standpoint, so I don't use CyberArk within my company, however, I implement and support it for customers. 

Through the CyberArk partnership, I am certified in CyberArk. I perform activities such as demonstrations, presentations, deployments on-premises, and cloud solutions. 

CyberArk is now a comprehensive identity security solution. My interaction with CyberArk is mostly on the implementation side for our customers, focusing on design and integrating it into customer environments.

It's used in industries such as banking and finance. 

I find the discovery feature, which includes credential management, session management, monitoring, and remediation within a session, to be very valuable. It can remediate bad activities occurring in sessions. It offers good management and monitoring as well as good remediating within a session to help users remediate within managed sessions. There's good auditing and activity monitoring.

The session monitoring helps enhance security protocols. With it, users can have more control over what's happening within the session. You have more visibility and can restrict certain activities from happening, such as someone running a malicious command or someone trying to open or edit some sort of platform configurations. You can also send notifications and remediate or terminate sessions. Monitoring helps you build in polices around how to build polices around what's happening within a session.

The implementation of CyberArk impacted our customers' compliance with the regulatory standards in a positive way. Now customers are very happy since they can ensure credentials are compliant. In terms of password management complexity, since they're managing everything through CyberArk, they're able to create complex passwords. The user doesn't really need to remember passwords since the session is entirely being launched through CyberArk. That means that they're able to have much more compliant account management within an organization. They're also able to run reports as well as activity and compliance reports in terms of data related to accounts. It is much easier when you have a tool that manages that. Before CyberArk, having reporting and visibility around usage of accounts was really tricky. In terms of compliance, it's able to cover that by giving just a whole overview of accounts within the organization. 

CyberArk incorporates AI to improve Privileged Access Management. It's consistently improved as well. They do have a previous threat analysis analytics engine, which also can ingest logs from a SIEM solution if it's in place at the customer site. It's able to ingest this information and then give much more correlated security events. This module, the privileged analytics, is able to utilize behavior analytics and AI-related capabilities to be able to give security alerts to the teams. They can action alerts, or even automate to be able to have things blocked or terminated. For example, if someone changes their location. It has a geolocation that's able to then trigger maybe a password or QR code or email with a verification code to check it's that person. It utilizes AI capabilities or behavior analytics capabilities to have capabilities like that enforced.

It has the most plug-ins. Maybe thousands. So in terms of integration within different customer environments, it's much easier compared the competition. CyberArk a pioneer for PAM. They've always been the leader in terms of research and development and bringing new capabilities to the PAM. It will be able to cover 99.9% of most use cases.

In terms of improvement, since I am familiar with the product, there are no major issues. 

However, customer feedback suggests that unless it's on-premises, complaints about resources are justified as it enhances security with multiple functionalities. The managed cloud deployment option by CyberArk is easier to manage. Resource issues could be mitigated by choosing this option. 

I suggest adding more plugins and systems, which are often introduced later. Essentially, as long as capable personnel manage it, the solution works well. 

They should continue refining it and adding more dashboards and reporting features. Improved user-friendliness, granularity, and functionality would enhance the product further.

I have been using the solution for maybe four or five years. I would say it's closer to four years.

At the moment, I work with CyberArk mostly. I haven’t interacted much with other solutions like Imperva, as other engineers have taken over those responsibilities.

We are resellers, working ideally with partners, and I am certified with CyberArk. I am a certified delivery engineer for CyberArk PAM, and my experience is vast with the projects and teams I've been involved with.

When looking at Privileged Access Monitoring, many IT administrators have access to numerous privileged accounts, which increases the attack surface. CyberArk's PAM solution manages these credentials, providing value by reducing risks like data breaches or financial losses. The return on investment lies in improved security infrastructure, addressing over-privileged access, and reducing the risk of credential compromise, which is a major source of data breaches.

We're a service provider and offer services to customers that acquire CyberArk. I come from a design perspective for those implementing CyberArk. 

The company is open and shares information with partners. They inform us about new versions and allow enhancement requests through a portal. Many enhancements have come through this channel. If they keep going this way, everything will be good with CyberArk. 

I'd recommend the solution to others. 

Overall, I would rate the product nine out of ten. They've been the leader in PAM for maybe six years.

I'm using CyberArk Privileged Access Manager in the telecom industry, specifically for one of the clients. The main use case for CyberArk Privileged Access Manager is the Endpoint Privilege Management part, where privileged access needs to be managed, monitored, and recorded as part of SOX compliance. Other major use cases involve event management, trigger management, and notifications for break glass scenarios for various customers.

CyberArk Privileged Access Manager offers various exposed REST APIs, allowing for quick onboarding and reporting from the SOX compliance perspective, which wasn't available before. The exposed APIs give us the flexibility to perform scripting using Python and other languages to develop native tools.

CyberArk Privileged Access Manager integrates with various incident management tools, enabling automated actions through triggers for generated events. The integration with Ignimission provides operations teams with a dashboard for compliance management more efficiently. 

CyberArk Privileged Access Manager offers customers good visibility of accounts to onboard. The DNA tool provides an overview of their network entity, thereby helping them streamline their network from a privilege management perspective. They can see how many assets there are, how many assets have different accounts, and which accounts are currently active or not. From the dashboard, the customer has clear visibility.

Its integration is seamless with out-of-the-box connectors. You just need to provide the input in a configuration file. It can be integrated very easily.

The most valuable features of CyberArk Privileged Access Manager include quick access, ease of use, and a variety of connection methods beyond the web portal. The Just-in-Time functionality within CyberArk is very important, and recent features such as the MFA gateway allow external customers to perform their work while being monitored seamlessly. Any events not adhering to SOP trigger notifications to admins for prompt action.

Improvements in CyberArk Privileged Access Manager should focus on simplifying installation and upgrade times, and also consider making professional services training more accessible to implementers and partners. Free training for implementers should be offered, and the installation and upgrade process should take less time. 

In addition to that, CyberArk should communicate their Impact events to customers and SI partners, and consider making them free, as these events showcase their roadmap and new features.

I have been working with CyberArk Privileged Access Manager for more than eight years.

I find CyberArk Privileged Access Manager to be a stable solution and would rate its stability a nine out of ten.

I would rate the scalability of CyberArk Privileged Access Manager an eight out of ten.

I would rate CyberArk's customer support as a seven out of ten. The rating stems from the fact that sometimes critical issues require follow-ups, as the support team doesn't always recognize the urgency of a critical ticket immediately. There is a need for more dedicated support for some customers moving forward.

Neutral

The previous versions were a bit difficult, but the newer versions have improved. They have done some scripting for the installation part, which has improved the overall installation very much. There is still some scope for improvement. I'm looking for an automated script where all the entities or inputs can be provided. Once that script runs on a particular server, CyberArk gets installed without any user interruptions. Currently, we have to be very specific with prerequisites and everything else. If the prerequisites are not met, there are some issues, and you have to sometimes rebuild that particular server. To avoid such things, an automated script should be there to check the overall prerequisites. After installation, there should be a global script that checks all the functionalities to see whether every entity and every component has been installed correctly or not.

I am the implementer for CyberArk. As an implementer, my customers are from various industries, currently managing customers from the healthcare, telecom, and semiconductor industries.

Since CyberArk is at the top of the Gartner list, the cost is indeed on the higher side, but customers must discern which entities are essential to purchase. They should weigh the cost against the quality received.

The setup cost for CyberArk depends upon the customer's infrastructure, and while it may be on the expensive side, the quality and support provided justify the investment, along with documentation and training that add value.

CyberArk Privileged Access Manager is the best solution for safeguarding sensitive patient data in healthcare, providing visibility and traceability that enhance compliance. Its strong design offers security and visibility for events across all industries, showcasing its robust capabilities. CyberArk Privileged Access Manager is crucial for safeguarding credentials in healthcare organizations. 

I would recommend CyberArk Privileged Access Manager to those looking to use it. The biggest benefit is its versatility, providing comprehensive flexibility across various operational needs, while also offering expert support to resolve any issues encountered.

It stands out as the best tool on the market. It deserves a nine out of ten overall. 

I am an admin, and I use this solution for all our users. We have 80 users in our environment.

By implementing CyberArk Privileged Access Manager, we wanted to secure our environment and track everything.

We were able to realize its benefits within four to five months of its deployment after we had onboarded everything.

CyberArk Privileged Access Manager is cool. It has a lot of good tools, including everything we need. 

It could be more user-friendly. Sometimes I encounter issues, and I do not know what the issue is. It takes a lot of time to find the error and fix it. Sometimes it gives an error, but I do not know what the error is. I have to find the documents, but it does not provide all the details needed to fix the error. This is one of the day-to-day issues with CyberArk. 

When I contact support, it takes a long time to get help. They request all these logs, but they are not always relevant to my case. It is not always a definite help because I sometimes need help with issues that do not require any logs or device details. I am not sure if they read the case or not.

I have been using CyberArk Privileged Access Manager for four years.

It is good. We had a ten-minute outage last month. That is all. We do not know the reason. 

It is reliable.

CyberArk's support quality has to improve because we are totally dependent on them. I would rate their support a five out of ten.

Neutral

I used to use Okta. CyberArk Privileged Access Manager has more features.

We had a third-party professional service that helped us to install it. It took about four or five months. To deploy, we worked with three people.

It does not require any maintenance. We just have to do the day-to-day operations work.

New users should have training before they sign up for CyberArk. CyberArk should provide mandatory training so that everyone implements it properly. Sometimes, new users do not know what is going on, and they open a ticket, which might be an issue from their end. CyberArk should have a new user training service so that everyone is familiar with it.

I would rate CyberArk Privileged Access Manager a seven out of ten.