CyberArk Privileged Access Manager Reviews

It is used to manage the policies on our endpoint because we want to takeaway admin rights to protect our computers.

We have had our implementation issues. However, the software is light years ahead of its competitors. We have seen massive progress with the updates of the software. We have been doing pretty well with it in the time that we have been implementing it.

We are trying to manage the endpoints, but our company has been a long-time customer. We want to integrate the other products because EPM is not the only one. We do have PAS and AIM, but now it looks like CyberArk is moving towards integrating all of them into one thing, so they can all work together in one console. We would like to get there eventually. I can't wait to upgrade.

We are stripping administrative rights, and we have implemented a special ID to help folks that lose administrative rights. Maybe it broke something, so while we design policies and try to get them where they need to be, they will have this ID in the meantime. CyberArk is able to protect both of these things while we move forward in this.

The software is insanely robust. You can do whatever you want. If you want to put your own logo on the pop-up, then you can do it. You want to change the color to pink, yellow or brown, then you can do it. You can do whatever you want with this thing. This leads to people getting lost on what they want to do, but for those who have a great plan with a clear, concise idea of where their organization is going and what they want to accomplish, it is there to help you.

Where a lot of people might struggle is with the actual environment, and where to begin. The software builds on top of that. You have to have a solid foundation. You will learn that as you work through the product, but you will also see how great and powerful the product is.

With computer security, administrative rights is probably the number one thing that comes to mind. This is a software that will allow people to still use their Google Chrome, Adobe, and Facebook. They can do what they need to do, but it still keeps them protected. That is what is so great about the product, we can sell it to people as, "We are not trying to stop you. We want to enable you, but we want to be safe too. It's there to do that." 

• I love the interface because it is colorful, easy to read, easy to see, and how easy it is to make policies. 
• I love how we can make a policy that affects everybody instantly, which is great. 
• I love the reporting features, so it is easy to see what we did.

I love the product overall, because it is great.

I want some of the things which are glitching out there for me to be fixed. I have heard that there is something in the works, that they will be putting a feature in the help desk where they will have a message board now. So, I could communicate with other people who are having the same problems and pull their issues, this way I don't have to bother support all the time. Also, people can vote. They can vote on the most important issues, and CyberArk will prioritize them next, really listening to the customer. That is pretty cool.

One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening. However, they are coming close to a solution. It has been an issue for a while. I heard that this is one of the top priorities that they're working on.

This is where we have had some woes with this software. Part of it is in our environment, and what we built it in as far as our database server. We met the requirements and it had some issues. The software is still growing and getting better. It is not 100 percent there yet, but even so, there is nothing in comparison to the product. It is too robust. It offers too many features that nothing else does. You might as well deal with it. You are going to deal with implementation and memory issues regardless that we had on the SQL Server, etc.

Part of this will come from your personal environment, but CyberArk has done a great job with it. However, they still have a ways to go. One thing I really like with every upgrade, they listen to the people. If you are saying this needs to be fixed, they listen. They usually put it in the upgrade, so that is cool.

There are growing pains from integrating a software which allows you to do anything, and you could do anything but it is based on your environment. The software can do whatever it wants, but it is going to be reactive to your environment. Everyone will have a different experience. 

If this was a perfect world, you had a clean active directory environment, your SCCM solution was fantastic, and there were no firewall issues, the product would deploy. No problem. Read everything, and you are good to go.

I could definitely understand. It is like designing the program for how it should work, then dealing with real life scenarios. You talk to any company here, and everyone's active directory is a mess. That is where you are trying to get your data from. That is where you struggle sometimes. However, the software is great. The Dev guys are on it as far as upgrades, etc.

If they keep upgrading the software, they are going to be around for a long-time. We are a long-time customer. We have multiple products, and they are going towards the right direction because if we own three or four of their products, then we can meld them all into one and they all work together, which is great.

In the beginning (early 2017), we had some issues. We would have a discrepancy in what user support was telling us. From mid-last year until now, it has been absolutely spectacular. They have key people who are very good, and I speak extremely highly of them. They are excellent, very professional with a lot of knowledge.

We did not have a previous solution, because we have always had admin rights. In fact, we did a proof of concept in CyberArk, version 1.

We needed something to manage the endpoint and to be able to empower the user. By far from not only a user's perspective on what they would be able to accomplish, but from the person who has to design the policies, it was the best. It was like working in MS-DOS compared to Windows 10. 

We had an educational and technical guide for the entire setup process. I also had CyberArk with me on the phone.

I designed the solution. Because they knew that this is a solution that no one had really seen before, they made sure they had somebody onsite throughout the entire implementation.

We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us. That is pretty important. We are protecting ourselves the right way.

Avecto was the competitor. They integrated with McAfee ePO, which was our endpoint solution at the time. Unfortunately, it was not as robust as I thought it would be. I didn't like it. I felt like the product relied too much on McAfee to do what it needed to do. Whereas, CyberArk was a standalone client which was way more robust.

The competition was utilizing a product that we are getting rid of in two weeks.

Get on implementing it today. Be patient. Test a lot. Deploy slowly.

It has places to go. I see the potential. It is getting there, but it has room to grow. If you compare this product with anything else as far as an endpoint solution, there is nothing which even compares.

We have implemented the new plugin generator utility already. I trained the help desk. It is really easy. Instead of having to fix it myself, the service desk will receive a one-time code to help the customer immediately, so they do not have to wait. I will receive a ticket to make a long-term policy. It is a perfect system.

Most important criteria when selecting a vendor: communication.

We use it for all application IDs to onboard into CyberArk. So far, the performance is good because we have onboarded more than 40,000 accounts, and it's growing every day.

We plan to utilize CyberArk's secure infrastructure application running in the cloud. We are conducting workshops with CyberArk on this. So it is planned but not yet confirmed. We are not using CyberArk's secure application credentials and endpoints.

Previously, we didn't have any password rotation policy for application IDs. Once we implemented CyberArk, we created a policy. It's good to rotate the passwords every two weeks. That is the biggest value for us.

It gives us one place to store the keys to the kingdom, so if there is any breach we know where it is and what to do.

The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization.

CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well.

So far, we haven't seen any major hurdles. We haven't had any downtime because of CyberArk.

I would rate scalability at seven or eight out of 10. There is a need to improve the usage on for the consumer side. I hope in the upcoming product, the version may fulfill this.

Technical support is good but the problem is when we are using the application side. The support people have a security background, so they may not know the application technology, so it's a challenge right now. Once they understand, then they make progress but, until then, we have to educate them.

Before CyberArk we had a number of solutions, CA and IBM products, but CyberArk meets our requirements regarding application password management.

I was involved in the initial setup and I actually used CyberArk's Professional Services. It was straightforward. We didn't have any hurdles during the setup.

It's very hard to quantify because previously we didn't have anything like this. You can imagine, there was a policy not to rotate the passwords, but now after implementing CyberArk, every two weeks we are rotating the password without business impact, so that is the biggest ROI, even though we cannot quantify it.

We evaluated Thycotic and one other.

If you want to use it as an application password management cloud solution, think about it not as a security person but as an application person. If CyberArk does not meet your requirements, it has a way to meet them through customization.

Our most important criteria when selecting a vendor include scalability and stability as well meeting our security requirements for applications

From the application perspective, I would rate it at eight out of 10 because it's very easy to use and stable.

Currently, we use PAS and EPM. Mainly, we did EPM last year to get rid of local admins on about 300 PCs.

We are looking into utilizing CyberArk to secure infrastructure in the cloud.

I have been in admin for two years. The company has probably had it for more than seven years.

• Lessens the risk with privileged access.
• As far as EPM, mitigating the risk of local admins on PCs.

We are able to rotate credentials and have privileged account access.

It is very stable. We have had no downtime.

It is meeting our needs now, and will still meet our needs in the future.

For the most part, technical support is very knowledgeable. Sometimes, you get the one person whom you might have to push back on a little more. With PAS, they escalate our problems in due time, not so much with EPM.

We did not previously use another solution.

I was part of the initial setup with EPM. It was straightforward during the PoC. Once we rolled it out to users, it got a little more complex.

CyberArk helped with the implementation. 

We did not get the EPM training, so we were just flying by the seat of our pants and going with it. For the most part, we were able to figure stuff out, but some stuff gave us a little run for our money.

With reducing the privileged account access, there has been a huge improvement. They are now bringing more accounts on a little at a time.

Do it now. Don't wait.

Any other issues that we may have come up with, they have always been there to help assist and get us back on the right track. They don't just give you the product, then wipe their hands.

We just got an upgrade to version 10.4, as we went from 9.2 to 9.9.5 last year. This was a major improvement for us, going to 10.4 with the different dashboards and PTA built-in and PTA on the credential rotation. They are starting to integrate all the different components.

Most important criteria when selecting a vendor:

• Ease of access.
• They are with you going through any problems that may arise. 
• Good support.

The main focus of using CyberArk was to replace our previous Excel spreadsheets, which contained all of our passwords. The reason that we brought it in was to replace them and meet certain audit requirements.

We are using CyberArk to secure applications for credentials and endpoints.

We are planning on utilizing CyberArk to secure infrastructure and applications running in the cloud. It is on our roadmap for next year.

It allows me to create my custom CPMs more easily and quickly without having to code everything. It helps me build a lot of these codes, so it makes it easier for me to create custom CPMs and PSMs.

It allows us to be able to manage a third-party which is not natively supported by CyberArk. If there are certain legacy applications which are so old that CyberArk does not support them out-of-the-box, it allows me to be able to create custom connections and be able to manage those accounts.

• Ability to do workflow.
• Allows users to self-provision access to the accounts that they need.

There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution.

The new PVWA is great. I actually saw some of the newer functionalities, and the look and feel looks great so far. It is just a matter of getting us there. We need to be able to upgrade the environment. They have been able to get the functionalities I was looking for on some of the latest releases.

Stability is pretty good. I have not had any issues with it.

Scalability is pretty good. I have not had any issues with it. It should meet my company's needs in the future.

For what I was using technical support for, they were really knowledgeable. They were able to resolve the issues that we had. I have not had any problems with them, though it took them a bit of time. A lot of times, they did not escalate it right away, not until three or four tries, then they did escalate it to Level 2, possibly even Level 3 support.

We were previously using Excel spreadsheets. We changed because of audit requirements, but a lot of times it will due to usability. We understand that having our password in a spreadsheet is a huge vulnerability, so it is one of the things that made us look for a solution to manage those credentials, and create automated workflows around it for audit requirements.

The initial setup was pretty straightforward. I think the implementation only took a couple of days.

We had someone from the CyberArk team helping us with the implementation.

One of the processes that we have defined is called a Fire ID process, where to be able to get a Fire ID. It requires a user to call the help desk. The help desk will create a ticket, then contact the employee's managers to get approval, and then provide them with an account. That process, in some cases, can take hours.

With CyberArk, it allows us to streamline and create a workflow which allows them to automatically log into CyberArk, grab the credentials that they want, and it automatically sends their approval to their manager, who can click a couple buttons, approve, and the user is able to get their credentials. That process went from hours to now just minutes.

We looked at Leiberman, and also at Thycotic Secret Server.

One main things that stood out about CyberArk would be the actual user interface. CyberArk's interface was better than the other two, and their price points were fairly similar. The usability and functionality were similar, so we looked at it from a user standpoint (the front-end of the tool), and CyberArk came out on top.

My advice is to have the necessary resources to fully implement this. Don't just bring it in and let it sit. It needs to have the resources with a fully dedicated team to be able to get this functional. Otherwise, it will be sitting there not being fully utilized. There are a lot of functionalities that require a lot of resources to get it up and running.

I have been using the new plugin generator utility for about a year. I took a PSM Connection course this past summer. I have been using it ever since.

Most important criteria when selecting a vendor: 

1. It will be usability of the product. I want to make sure that when we have the product, we can quickly use it and have a full understanding of it without all the hoops that we need to jump through just to be able to understand what that system looks like or how it works. 
2. The next thing will be support. How will they be able to support the system? Do they have a good support staff who will be able to help us get through an implementation? 

Those are the two main things I look for: the usability and supportability of the tools.

We are using this product for our privileged identities and account management. We have some accounts that we consider privileged, the ones that have access to systems, software, tools, and our database and files and folders, etc. We try to maintain these accounts safely and try to grant access to these systems securely. We try and manage other non-human accounts that are DBAs, DB accounts, etc., through CyberArk.

Another initiative for this was the PCA compliance that we wanted to meet.

We don't have many applications in the cloud, we are getting one or two now. So in the future, we plan to utilize CyberArk's secure infrastructure applications running in the cloud. It's on the roadmap. We are utilizing CyberArk's secure application credentials but not endpoints. I have only just learned about the Plugin Generator Utility, so I don't have experience with it yet. It's pretty cool. We intend to use it now.

One way it has improved the organization is we now have restricted access for all users to go through CyberArk. It has also enforced firewall restrictions across other places so they don't go through other means, they go through CyberArk. That brings in compliance and their account is now two-factored, so that is more compliant with PCI regulations.

The way it manages privileged accounts and managed access to privileged systems such that, right now, we are recording every session through PSM and people are more aware that the session is recorded, and they're more careful with what they do.

We are using the VSM proxy solution. That's what we are mainly using. We will try to use the PTA and AIM in the future.

I think it pretty much covers a lot of the privileged identity space, things that other vendors are not thinking about. I think they are doing a very good job. I don't have any suggestions.

We have not had any stability issues so far. We have not had any serious downtime. We do see performance issues with PSM which gets very busy, and we just keep scaling the number of PSMs. When many people log in at the same time, we have some issues with connecting through PSM. We doubled our PSM software and it's better now.

It's pretty scalable. Like I said, we just doubled our servers. If there are more users logging in, we'll probably go for a greater number of servers again.

Technical support is pretty responsive and knowledgeable. We do get the right person.

Others have spoken a lot about security hygiene and I believe that's where you should start.

l would rate CyberArk at nine out of 10. The way for it to get to a 10 is with a lot of features, the amount of cost involved in buying the product, and the PSM proxy issue that we've been facing.

In terms of important criteria when working with a vendor one thing is, as we said, getting to the right person. We go to support only if there is a critical situation where we are not able to solve it. Getting to the right person at the right time, and getting the issues resolved in a timely fashion is what we are looking for.

The primary use case is, of course, that we do the EPV for password vaulting and security changing, and prior to version 10 we were excited and it functioned perfectly fine. There are a few glitches with version 10 that we are not really happy with, but the functionality itself still exists and it's working like it should.

We actually have our vaults in the cloud. I don't know if we have any applications in the cloud that we're planning on managing, yet. We're not really a big AIM shop just yet, so I don't know if we're planning on utilizing CyberArk to secure infrastructure applications running in the cloud.

We're looking forward to utilizing CyberArk to secure application credentials and endpoints, however right now we have three or four AIM licenses.

It increases the security posture across the entire enterprise because it's not only helping to secure those infrastructure accounts but it's also helping to secure our user accounts as well.

It requires a lot more auditing and monitoring and checks. So if you don't have the right approvals, you can't get the credentials you need to do what you need to do. So if you don't have authorization, of course you can't get them anyway. In total, it's making the environment more secure. The security posture is a lot better.

I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes which can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors. 

And then, of course, the users have the ability to rotate those passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically.

PSM is pretty cool, but my favorite part is I get to secure your passwords that you get to use either with or without PSM.

We had an issue with the Copy feature. Of course when we do the password rotation we restrict users' ability to show a copy of their passwords for some cases, and in other cases they actually need that ability, but we would prefer them to copy to the clipboard and then paste it where it needs to go - as opposed to showing and it typing it somewhere and you have the whole pass the hash situation going. But apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it. 

Then there is the failed authentication now. I don't know if that was a glitch or if that was an update, because I know sometimes you don't really want to tell a person when their account has been suspended because if I'm a hacker, maybe I'm just thinking I have the wrong password. When the account is locked you don't actually want them to know the account is suspended. However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up.

So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended," because normally we would be told that the account is suspended. They would take a screenshot of the error and it would say, 'Hey, user is suspended, station is suspended for user so-and-so." It doesn't say that anymore. So now it just says "Failed authentication." And that could be because they might not be in the right groups in Active Directory, they might not have RSA. It could be so many different things, where before, they would be able to say, "Yeah, I'm suspended." And we could say, "Okay, we can fix that in two minutes." We just log in to PrivateArk and enable your account and you're fine. Now we're saying, "Maybe we should check PrivateArk first, just in case," to make sure you're not suspended. It's going to be a whole rabbit hole that we fall into, simply because we're not given that information upfront.

In terms of future releases, I would love to be a partner again and get a temporary license that I can put back in my home lab because my license expired. I would like to play with 10.4. I want to see it and feel it out and see if I can break it because my rule of thumb is, if I can break it, I can fix it. That is one of the things I like about CyberArk, especially over CA PAM, because with CA PAM you get no view into the back-end on how it's configured and how it's built and how it works. With CyberArk, they literally give you everything you need and say, "Hey, this is your puppy. Raise it how you want." You get to see the programming and you get to configure and everything. I've broken several environments, but I'm pretty good at fixing them now because I know how I broke them.

Prior to version 10, I was gung-ho CyberArk. I wish we would have waited until version 10.7 as opposed to 10.3. But for the most part it's stable, it's just that there are glitches in the matrix right now. We'll have to work those out.

I have worked with both CyberArk and what was formerly Xceedium and is now CA PAM, and in my opinion, I'm gung-ho CyberArk. CA PAM is not scalable like that at all. I love the fact that the different components can be installed in multitude or in singularity on different servers.

I understand the concept of it being an appliance, and technically it is an appliance because of how CyberArk hardens everything. But the fact that I can put my vault here in a central location on one net for example, and I'll have a CPM in California, a CPM in Texas, a CPM in New York, a CPM in Florida, and actually be able to grow with my company and not necessarily have to continue to grow my vault until I get to a certain number accounts - yet I can still manage everything across the country, if not the world - I love that. I love the flexibility and the capability of being able to pull those components out.

I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs."

I would like to say, "Can I get a WebEx please? Can you just look at this because I can tell you exactly what I did and how I did it, and then I just need you to help me fix it, because we've been doing this for about 30 minutes now, and when it gets to an hour it's going to start costing my customers money. So can we fix this today rather than tomorrow?" I'm not the biggest fan of tech support.

I have had experience with CA PAM. That's the only other password vaulting technology that I've used so far. I've used SailPoint IdentityIQ, but that's not really password vaulting. Apparently, there is a partnership growing that allows you to provision CyberArk through SailPoint, which I worked on with the CDM project - and it was a headache last year. So I'm excited about the new CM technology that they have that's allowing for that integration, but other than that, I haven't really done much.

I have done several installations for the CDM contract of CyberArk and I've done several upgrades as well.

The installation is as straightforward as it comes. There are some glitches, but it's not with CyberArk, it's with the environment that I'm installing in. In that environment they don't ever follow directions, so we have to get there and say, "We need you to rebuild your vault because you did it from an image and not from the CD, and it's not supposed to have any GPOs, it's not supposed to be on the domain. CyberArk tells you this in their paperwork. We told you this." But, of course, they don't listen. We get there and they spend a day telling us, "Hey, we have to rebuild our server." And we say, "Okay, well thanks for those eight hours. I appreciate it."

The biggest return on investment would be the security itself. I've seen ethical hackers that attempted to infiltrate a component or a department in the agency and they were stopped at the gate. They tried every which way they could and they just couldn't get the passwords they needed to get to the elevated accounts to get to where they wanted to go. So it was just great to see CyberArk in action.

Do your research. That would be my biggest advice. CyberArk is a great tool. However, it is not the only tool that does what it does and, in some cases, for a lot of people, other passport vaulting tools are more toward what they would need in their environment.

I would give CyberArk an eight out of 10, and the two missing points would probably be mostly because of technical support. I would love to actually get the support that I asked for. I would love to actually get the help that I'm asking you for as opposed to you telling me, "Yes, I can help you. I need you to fill out these papers and jump through that hoop and then cut a cartwheel and rub your belly while you pat your head at the same time." If it wasn't for that, it would be more towards a 10.

My most important criteria when selecting a vendor are

• credibility
• functionality.

We use it for service accounts and local accounts for the machine. We are basically using it to rotate passwords or reconciling passwords, as needed. We do have a number which get changed on a yearly basis (most do). Some get changed on a more frequent basis. Users go into the safes that they have access to or whatever account they need, and they pull it. That is our use case.

It is performing well. However, we need a bit more education for our user community because they are not using it to its capabilities.

We are interested in utilizing the CyberArk secure infrastructure or running applications in the cloud. We are actively implementing Conjur right now just on a test basis to see how it goes.

It gives us the capability to rotate passwords. That is the biggest thing. We do not want them being stagnant so every service account that we have needs to be rotated at least once a year.

Being able to automatically change usages, whenever the password is reconciled. However, we still have to educate the user community, because not all our users enter the usages.

PSM: I am going to go back to my company and push for it a little bit more within our groups, because I know that my counterpart has brought it up a number of times in the past. It has been getting blocked, but I have a couple of other paths that we can pursue so we can try to get it, at least, in our infrastructure and tested.

It has been stable. We have not had too many issues with it or any downtime.

It should be able to meet our needs going forward. I don't foresee us leveraging thousands more accounts than we already do. I think it will be fine.

I have done many upgrades on many different systems and applications. It was more of a difficult upgrade path only because there were a lot of small things which could have been done if it were prepackaged into scripts inside the executable during the installation. For example, it automatically stops services so it can do the upgrade. 

There were a lot of manual steps which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5.

The ROI on this is just being able to rotate on a 365 day schedule the passwords.

Educate the user community once you get it actively deployed and set up a strict policy on it.

Most important criteria when selecting a vendor:

• Good reputation for technical support
• Product that does what it is supposed to do.

Its performance is excellent. We have had multiple use cases: 

• It is PSM, so as a jump box to our servers.
• We use it as a primary mechanism for all our consultants and auditors to access our systems. So, they come in through a Citrix app, then it is used by PVWA to access all the servers.

We are currently using CyberArk to secure applications with credentials and endpoints.

We plan on utilizing CyberArk to secure infrastructure and applications running in the cloud going forward. We are looking into possibly AWS or Azure.

• It has helped from an auditing perspective identify who has access to privileged accounts.
• We are able to now track who is accessing systems. 
• It provides an accountability to the individuals who are using it, knowing that it is audited and tracked.

It has become one of the primary components that we have. We also utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs.

The auditing and recording are incredible. Also, we have started using the AIM product to get rid of embedded passwords.

Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up.

It is very stable. We have never had any downtime; no issues. We worked with support on several upgrades, and are looking forward to the 10.x upgrade.

We have no issues with scalability. We are using it in a pretty wide environment. We also use it in our business continuity environment with no issues.

I evaluate the technical support very highly. Although, the individuals who we worked with were very technical. If they did not know something, they pulled in somebody right away. 

Also, one of the best attributes is the customer success team. We found great value in working with customer success and their team.

If there are defects or issues, over the years, CyberArk management has listened to them and resolved those issues. Not many organizations respond to their customer feedback as well as CyberArk has.

We did not have a previous solution. We have always used CyberArk. 

From a risk landscape, we knew that privilege accounts were where attackers were going, doing lateral movements. These are keys of the kingdom which protect those, and that is why we focused in this area.

The initial setup was very complex. There were a lot of manual process. Over the years, we have seen a significant transition in the installation scripts, the setup, and the custom capabilities. So, CyberArk has come a long way since the beginning.

The upgrade processes have also improved.

We now know where our privileged accounts are and how to manage them. So, it is more from an exposure standpoint.

No.

Take your time. It is not a quick hit, where I am going to put it in today and be done. It is a process. The cyber hygiene program is a crucial aspect of how to implement this successfully.

I do have experience with the new plugin generator utility. We have been using it for a short period of time. It is not fully in production yet, but it seems to be quite good.

Most important criteria when selecting a vendor: Technical ability, not only in the product, but in the industry as a whole. This helps set CyberArk apart. They are not only experts in their product, but they are experts in the industry, including Red Team capabilities. They are gearing their product towards the defending of what the active exploits are, not something that has been done in the past.