CyberArk Privileged Access Manager Reviews

The product enables us manage passwords of highly privileged (service) accounts. These are not tied to a person, and they include a full audit trail and approval workflow functionality.

Management of these accounts is typically required to prevent abuse and gain control of this.

Perhaps improve the user registry integration. It is already fine, but a bit atypical.

My experience with the product was with older versions, so this may not represent the actual case anymore. In essence, user registry integration is atypical in the sense that the product creates a copy of the user inside the product itself (to accommodate for license seat counting, I guess).

Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt the vendor considers this an issue, though.

I have used this for three years, including the implementation of the product

There were no issues with stability.

There were no issues with scalability.

Technical support is OK. The product is not very difficult to install, but there are some considerations that need to be taken into account. Tech support is very well aware of this.

The initial setup was simple. It is windows based and leverages installation wizards to perform installation. Also, sufficient documentation exists to guide the setup procedure.

Look well at the user base and frequency of use. A lot of licensing models exist, but having this clear will immediately indicate what fits best.

As for pricing, I cannot comment.

We did not evaluate other solutions.

Make sure that the organization is ready and willing to adopt this, as the typical business cases cannot be addressed by the product alone.

All features of the CyberArk PAS solution are valuable.

The Digital Vault is one of the key components of the solution along with many other great benefits. The highly secured vault stores the privileged account passwords and data files using encryption. In version v9.7, CyberArk has introduced the Cluster Vault feature, which enhances high availability of the Vault server.

Other important features:

• Automatic password management
• Monitor, record, and control privileged sessions
• Flexible architecture
• Clientless product
• Custom plug-ins for managing privileged accounts and sessions

Unmanaged, highly privileged accounts increase risks that can be exploited by attackers. The security controls defined by the organization require protection of the privileged account passwords. CyberArk helps organizations to identify, store, protect, and monitor the usage of privileged accounts.

An immediate improvement was the implementation of security controls to protect, control and monitor privileged accounts through CyberArk solution.

I have used CyberArk for over two and a half years.

It’s a very stable product. I haven’t encountered any stability issues.

I haven’t encountered any scalability issues. All the components are scalable.

I would give technical support a rating of 4.5/5.

This is the first PAM product that I have used.

The initial installation was straightforward. The configuration or integration can be complex depending on the requirements, design, and infrastructure of the organization.

The pricing and licensing depend on many factors and on the components considered for implementation.

The PAM solution brings cultural change and adds a layer to the way IT administrators access the privileged accounts before implementing the PAM tool. A great, valuable product like CyberArk requires good planning and time to implement all the features.

Password rotation, session recording & isolation and on-demand privileges.

For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products.

No

No

Very good.

Basic setup is pretty straightforward, but to fully utilise the product it can get complicated as it ties in with a lot of other products. Suggest a phased installation so staff can adjust to new processes.

It can be an expensive product. I Suggest only licensing basics to begin with and as need arises, start to license extensions (AIM, etc.) during next phase of implementation.

Centrify and Lieberman ERPM.

CyberArk offers extensive training, utilise it. Also their support staff are very good and can assist with everything.

Its features like detailed audit and reporting, automated workflows, granulated privileged access controls, automated password rotation, and centralized and secure storage have helped us in developing a secure environment for customers, along with audit and compliance coverage.

Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment.

Performance of PIM could be better and intended for usability as well as security. Another point is that the free trials should be in place for all components so that PoC could be made easy.

No.

No.

Technical support is quite efficient and they always provide a timely response.

Haven’t use any solution prior to CyberArk.

As this was new product, there were some small challenges in understanding but the setup was straightforward.

As our deployment was not so large, our client was happy with the pricing and licensing.

Yes, we did a research and chose CyberArk above all due to its components that were suitable to our environment.

Proper implementation and prior study of product will give you efficient results. Organizations looking for a product that can provide proper paper trail for risk and compliance audits should certainly give it a try because the product's auditing and reporting capabilities are really bliss.

Implementing CyberArk is not only "rolling out" a tool. It also will force the company to have a good look at the access management strategy, improve security processes and clean data. Implementation of CyberArk will increase the insight the company has in their access management implementation.

The password management component (CPM) is the most valuable. This enables companies to automate password management on target systems gaining a more secure access management approach.

Another major component is the PSM, which enables session recording and provides additional possibilities to securely connect to target devices.

Allthough it's highly configurable, the user interface could use a do-over. The current interface doesn't scale that well, has some screens still in the old layout, while others are in the new ones and consistency in layout between pages sometimes is an issue. As I understand, this is scheduled for version 10.

If there are stability issues, most of the time this relates to the companies infrastructure.

CyberArk is highly scalable. Depending on the companies infrastructure, the size of the CyberArk implementation can become quite large.

I rate support 7/10. Technical knowledge of the support staff is good. Sometimes it is a lengthy process to get to the actual answer you require. One the one hand, that is because lots of information is required (logs, settings, reports, etc.). On the other hand, the support crew sometimes answers on questions that we did not ask.

We did not have a previous solution.

The installation manual is quite straightforward and extensive. There also is an implementation manual to support the function implementation. The installation requires specific hardware which sometimes might not fit the standards within an organisation. Over the last few years the documentation has improved hugely. Of course, there is always room for improvement, but I guess this is one of the better ones in the IT field.

I do not have anything to do with pricing.

I was not involved in the acquisition process, but I know that sometimes a Hitachi solution is considered.

Do a detailed assessment of your requirements before you invest. Map the requirements to the functionality and go just that step deeper in the assessment of whether the tool fits your needs. Keep in mind that, although CyberArk is highly configurable and provides lots of functionality, it still is an out-of-the-box solution and customization is limited in some ways.

This product helps to improve the privilege account security in the organization. Privilege accounts were involved in all the breaches.

PSM (Privilege Session Manager)

I would like to see improvement in the custom connector for integration with different devices. Currently, it needs professional services and lots of time for out-of-the-box custom connectors.

There were no issues with stability. However, there were a few times when there were stability issues because the solution was deployed on a Windows platform.

There were no issues with scalability.

Technical support is average. They are not so great, because the first level support partner or distributor has to provide the support and customers cannot contact CyberArk support directly.

We moved from version 8 to Version 9.

The initial setup is a bit complex because it has lots of prerequisites and dependencies on Windows' features.

It is not a cheap solution. It is expensive as compared with other solutions. However, it is one of the best solutions in their domain.

I worked in the CyberArk distribution company. However, I have seen that other products do not provide all the features that CyberArk can provide.

For implementation, you will need professional services or other experts.

With the ability to better control access to systems and privileged accounts, we no longer need to manage privilege accounts per user. We are able to manage privilege accounts for the service, which is automatically managed by the CPM as part of the solution. Allowing access to systems by group membership, via safe access, makes controlling actual access much simpler than traditional mapping via the Active Directory.

• The ability to isolate sessions to protect the target system.
• Automates password management to remove the human chain weakness.
• Creates a full audit chain to ensure privilege management is responsibly done
• Creates an environment in which privilege accounts are used, without exposing the password, on target systems.
• Performs privilege functions, without undue exposure, whilst maintaining the ability to audit, where anything suspicious, or unfortunate, may have occurred.

The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA.

Whilst the client is completely functional, it's been around for a long time and is reminiscent of XP, or even Windows 95. It could use an aesthetic update, with some of the wording and functions needing to be updated to be more representative of what is found in similar configuration from within the PVWA.

To go into more detail- The old PrivateArk client is simply that, old. Looking at the recently released Cluster Manager quickly reminds us of that. Also, the way in which objects are handled within the old client is similar to how objects were handled in older versions of Windows. The PrivateArk client could do with easier to follow links to configuration items and the ability to perform searches and data relevant tasks in an easier to follow process, there may even be room for inclusion of the server management component (lightweight even) and cluster manager components to be made available via the same client, should permissions permit such. As much as the client remains stable and functional, I believe it is time for an update, even if only aesthetically.

Some improvements could be made to the PSM service. However, this could also be a problem with how Microsoft RDS functions, rather than the PSM services.

This product scales amazingly well.

Technical support works with customers and partners to resolve issues in a timely way.

No previous solutions were used.

The manual reads like a step-by-step guide. The installation, although complex, can be achieved by following the installation guide.

I don’t work with pricing, but licensing is dependent on the needs and requirements of each customer.

We evaluated alternatives, but nothing compares.

Make sure you understand your business objects and your technical objects. Plan to scale out to the entire organization, but start small, and grow organically.

The fact that there are more and more plugins developed make it easier for implementation.

It is difficult to say what the valuable features are. I use all the different parts together to get the full power of CyberArk.

I would like to see better usability for non-technical people. If you use the PVWA interface, I noticed that the end user would need some extra training. The portal doesn't navigate so easily, if you don't know it.

With Facebook, for example, people find their way around easily. In PVWA, it takes some time to know how it works from an end-user point of view.

I did not encounter any issues with stability.

There have been no issues with scalability. You can easily manage more than 4000 accounts with one PSM.

I haven't needed any support yet, as it is well documented.

We did not use a previous solution. Basically, we helped a telecom to migrate from a standard .XLS with accounts to CyberArk.

The most difficult part was convincing the technical teams to use it.

Pricing and licensing depend on the environment. First, make a good plan.

Basically, build it up step-by-step, starting with the EPV of course :-).