CyberArk Privileged Access Manager Reviews

Our main use cases are to monitor all privileged accesses. It can be HTTPS, LDAP, SSH, or SQL management, so anywhere we have privileged access, we want to monitor it and place it under CyberArk.

Its monitoring capabilities are good. Whenever the end users start their session, it quickly allows you to monitor. However, if there are no firewall rules, it creates a video, but it does not take all the audit logs. For audit logs, you need firewall rules. It is very well described in their documentation. At the start, they communicate this to clients. The documentation is well-defined.

The features that are most effective, like every PAM solution, include monitoring and password rotations. 

The best thing about this solution, especially on-premises, is that we can interact with it directly. If we need to develop something, we are allowed or can do it by ourselves, which is most effective for us as administrators. It is not a black box. We have the ability to customize, especially the connection components.

There are some options in the web portal where they can improve the user experience. For example, in remote, there is a parameter called 'access to remote machine.' When we put host names in that field, we are not able to search it. It would be useful if a search feature was there to check if a machine is already onboarded. When we onboard a few machines in the same domain using just one account, we put the domain name in the address field and host machine names in the remote access parameter. However, we are not able to search within that field, which makes it difficult for us as admins to know if a machine has already been onboarded.

Other than that, I do not have any areas for improvement. Whenever we find any bugs or have a need for a feature, we open a ticket with them. They usually work on that if the same request has also come from other people. They are already good at doing that.

I have been working with CyberArk for almost six to seven years.

The solution is very stable. If you install the solution with CyberArk's guidelines, it remains stable. I also offer 24/7 services, and in three years, I have received two or three calls from clients indicating the solution was not working. It means the solution is very stable.

It is scalable. If a client has 100 users and wants to add 100 more users, it is possible. They can make it bigger and smaller, depending on their needs.

Our clients are medium enterprises.

Their technical support is good. They provide solutions and also the documentation if you ask. If you cannot find something, they point you to the right documentation. With support, I have never found any problems.

Positive

There is a lot of complexity if we are installing the solution on-premises. On the cloud, there is no such complexity, but on-premises, it is complex because there are different components like Vault, PVWA, PSM, and CPM. There are many components, and we need to follow a sequence to install these products. One needs a good knowledge of these components to install because we cannot just follow the documentation and install it. The documentation is vast. First, we need to read all of it. For first-time users, it is a bit difficult, but with experience, it is not a big deal. In terms of ease of use, I would rate it a six out of ten for on-premises and a nine out of ten for the cloud.

The deployment model depends on the clients. Our clients from banks usually use it on-premises. Clients in other fields do not want to install the machines on-premises because that is resource-consuming, so they go for the cloud deployment.

With the cloud deployment model, the clients need to deploy fewer components in their infrastructure. Vault and PVWA are already in the cloud, but other components like PSM, CPM, and PSMP are on-premises. It is not that all the infrastructure is on the cloud. There are a few components that are on-premises. However, in the case of on-premises, all the components are on-premises inside the infrastructure of the client, and they are responsible for maintaining that.

Our clients have seen an ROI.

If you want a Ferrari, it will cost you. The solution is really nice, so it costs the client, but in the long run, it is very good. If you buy a solution that costs a lot to maintain because it is not stable, and you are frequently asking for consultant support, it costs more. It is better if the client spends a little more money initially. In the long run, it is very good.

My recommendation depends on your needs and what you want to achieve. If you just want SSH, LDAP, and basic monitoring, you can consider other solutions like Wallix or One Identity, which cost less. If you need a lot of customization, such as you want to put in a lot of HTTPS ports and change the passwords of internal applications, this solution is much better than others. 

I would rate it a nine out of ten.

We use CyberArk Privileged Access Manager for least privilege and accountability purposes, while we also utilize the EPM solution for endpoint protection. Additionally, PTA is one of the most important tools from CyberArk Privileged Access Manager, which we use on a real-time protection basis. CyberArk Privileged Access Manager effectively prevents attacks on the financial service infrastructure, as we protect against lateral movement, credential stuffing, and since no passwords are available because they are rotated through CyberArk Privileged Access Manager, we can isolate every session and record all activity while monitoring in real-time.

The ability of CyberArk Privileged Access Manager to safeguard the financial services infrastructure by protecting credentials is extremely important, as every activity in a financial organization needs to be recorded for accountability in auditing. Therefore, CyberArk Privileged Access Manager is a crucial tool, and we utilize credential rotation as 85% of successful attacks in the last 10 years have been initiated through credential theft. Monitoring, recording, and credential rotating activities are crucial because if CyberArk Privileged Access Manager goes out of service, the total environment would collapse due to the lack of passwords for respective servers.

While I cannot suggest major changes, I did encounter a vulnerability concerning RADIUS blasts, which was recently mitigated by CyberArk Privileged Access Manager in their latest version, indicating an area for improvement in vulnerability assessments. Improvements in vulnerability assessment are essential. A notable request I have regarding CyberArk Privileged Access Manager is to address the issues of database corruption identified in cluster environments experienced by multiple clients.

From 2021 to now, I have been working on CyberArk Privileged Access Manager.

I have not experienced any stability issues with CyberArk Privileged Access Manager.

It is easy to scale.

In terms of technical support, CyberArk Privileged Access Manager has provided excellent support without any doubt. Based on the issue resolution and support quality, I rate the support 10 out of 10.

Before using CyberArk Privileged Access Manager, I did not evaluate any other PAM tools.

Setting up CyberArk Privileged Access Manager is not complex, especially if you properly follow the recommendations from CyberArk.

I handled the deployment myself.

CyberArk Privileged Access Manager has been very effective in helping my company meet compliance and regulatory requirements. Implementing CyberArk Privileged Access Manager saved time on compliance requirements in finance, typically around one hour.

There has been no reduced cost associated with CyberArk Privileged Access Manager, as when it is required, you must pay for their licensing and prepare the full environment. While there are costs for the licensing of CyberArk Privileged Access Manager, it definitely provides value when I need any accountability or session recording.

CyberArk Privileged Access Manager is one of the most important components from CyberArk, along with EPM (Endpoint Privilege Manager) and PTA (Privileged Threat Analytics tool). I recommend anyone considering CyberArk Privileged Access Manager to view it as a friendly environment, as it stands out among the other PAM solutions I have encountered. CyberArk Privileged Access Manager is highly recommended for its user-friendly nature. I rate CyberArk Privileged Access Manager a ten out of ten.

The use cases for CyberArk Privileged Access Manager include access to Windows, Windows servers, Linux servers, firewalls, clouds, GCP, AWS, and Azure, but I do not administer the clouds. I only administer CyberArk.

CyberArk Privileged Access Manager helps us maintain an inventory of our privileged credentials and manage password rotation easily for our organization. It provides a secure way to access and monitor.

CyberArk Privileged Access Manager has positively impacted visibility into the PAM accounts. It has a very good dashboard that provides visibility into our accounts and password information.

CyberArk Privileged Access Manager's abilities to safeguard the infrastructure are important, as protecting credentials provides us with security and visibility.

CyberArk Privileged Access Manager is effective for preventing attacks and threats. It's very effective since it connects to a SIEM, such as Splunk and ArcSight. The functionality called PTA, Privileged Threat Analytics, is very good.

CyberArk Privileged Access Manager integrates well with other products.

CyberArk Privileged Access Manager improves operations because it's all centralized. When you have CyberArk to gain access to the admin console and other applications, it's the easiest way to configure your firewall rule because everything comes from CyberArk.

It's user-friendly and very configurable. We can do many things with it, especially with password management. It's easy to manage, and the controls are straightforward. It's a specialized solution for which it's hard to find professionals to work with, but it's very effective.

It's a very good solution for data privacy.

The reports could be more editable. I want to be able to edit a dashboard to see other information or graphics. Making the reports more editable would be beneficial.

I've been using this solution for at least five years.

I would evaluate the customer service and technical support of CyberArk Privileged Access Manager as very good.

Positive

I worked with Senhasegura, which is a Brazilian application for password security. We switched to CyberArk Privileged Access Manager because it is recommended for larger environments.

The initial setup is easy. I was involved in the setup process and was part of it.

It takes six months for the full implementation in a big company.

The deployment team consisted of approximately 10 people. While I don't know the exact job titles, a manager and at least two engineers on the CyberArk team were required.

CyberArk Privileged Access Manager has helped our organization save on costs. CyberArk Privileged Access Manager is expensive, but it helps protect us from losing money. 

Its benefits are visible immediately after the deployment, but in Brazil, people generally implement CyberArk Privileged Access Manager after an incident.

It's not a cheap application. It's very expensive.

Don't wait to be attacked or lose your data. Protect your credentials, even if you use other security tools. 

I would rate this solution a nine out of ten.

I am a senior manager, and we have multiple clients for whom we deploy CyberArk Privileged Access Manager. We also manage or upgrade their instances. We handle migrations and new implementations. We take care of anything related to CyberArk.

The feature that I like the most is the Privileged Session Manager. It offers session recordings, logging, and tracking of user workstreams. It keeps a record of activities, allowing me to easily fetch screen recordings to detect any misuse and see who did what and what happened. Its benefits can be seen immediately after the deployment.

Based on the user experience that I see on a day-to-day basis, some changes could be made to the Privileged Session Manager tool to make it more user-friendly. The user interface of that tool could be more advanced and understandable to laymen, rather than being more of a developer tool. I would recommend more user-friendliness there.

CyberArk is more focused on the cloud solution. They are not going towards on-prem, but a lot of clients still like the on-prem solution. With the cloud implementation, you have a lot of dependencies on expert services. When you get into some issues, you have to wait for expert services. They usually reply in two to three days. That is something CyberArk needs to make better. If they want clients to move to the cloud, they need to support them in real-time. The client should not be waiting for two days to get a response for the issue. If CyberArk wants people to pay for cloud services, they need to make the cloud services much more real-time.

I have been using CyberArk Privileged Access Manager for approximately six years.

CyberArk Privileged Access Manager is a stable solution. I have never faced any issues with stability.

CyberArk Privileged Access Manager is a scalable solution.

I have contacted their support a lot of times. The quality of support is okay, but the time frame for replies should be much faster than it is currently.

Neutral

I have not used any similar solution for PAM. However, for managing the accounts, we have used some password management solutions such as 1Password, but they do not give you the accessibility and different components that PAM provides. They are just for password storage and keeping the passwords safe. A PAM solution from CyberArk or BeyondTrust solution provides a lot more than that, so we cannot compare them. There is no comparison.

I have deployed it both on the cloud and on-prem. My one client is on-prem, and another one is on the cloud.

The initial deployment depends on how extensive it is. For one client, it was quite easy, but after the deployment, it was tricky to deploy the components for AEM, EP, and CCP. On-prem implementation is much easier than the cloud. Cloud solutions require better and more immediate support. Cloud deployment is challenging due to dependencies on expert services.

It requires a bit of maintenance but not that much. Once you deploy the solution, it works, but there are always new upgrades. For example, if you deploy a web connector for web applications and Chrome releases an upgrade, you have to see whether CyberArk is supporting that upgrade or not. Accordingly, you have to update the drivers and other things for the web applications. The same goes with PSMP and SMP. If there are any version upgrades or any vulnerability patch fixes, you have to perform maintenance.

We help customers deploy it.

The duration depends on how big the instance is. To deploy all the components, the duration can range from three to six months.

It can be deployed by one person, but it also depends on how many instances of servers you are deploying, what is the concurrent usage, how many users are being onboarded, and what components you have. There is PSM. There is EPM and PSMP. It depends on what exactly the client requires. These are some factors that determine the time frame and number of people required.

From a client perspective, CyberArk's pricing is fair but there is a significant increase each year. They should limit the price increase because this could potentially drive customers to other partners. Price changes should be at defined intervals. There should not be sudden jumps.

I would rate CyberArk Privileged Access Manager an eight out of ten.

We use CyberArk Privileged Access Manager to manage privileged access, so all the privileged accounts are vaulted in CyberArk, and that's our control method to manage privileged access. We also manage access for developers, so we have dual control to give approval to developers.

CyberArk Privileged Access Manager has made our operations more streamlined. There is an approval process, so it helps us keep tabs on who's working on what and for how long. We also have to give a reason when we're using privileged accounts, which helps keep track of whether they're being used correctly. 

It's been good so far in safeguarding the infrastructure, but we've not used additional features of CyberArk Privileged Access Manager. Modern PAM with secure web sessions or secure infrastructure access is something that I learned about at the conference. I am curious about how we can use it.

It has not helped to reduce the number of privileged accounts. Whatever we find privileged in the environment, we want to control that by using CyberArk Privileged Access Manager. That's how we're able to control it. It has helped us identify privileged access better because we discovered users who didn't need privileged access. There have been cases where users with privileged access don't want their accounts in PAM because they need to pick up the password on a daily basis to perform their actions. There have been cases where they've gotten their privileged access off the account because it's not needed.

The user interface needs some training, but with a guide telling the user how to go about it, we have received positive feedback from whoever has used it.

It took us some time to realize its benefits because any new tool needs a proper understanding of how it can be used. A lot of testing was done on the engineering side, and demos were given. It took some time, but it is going smoothly.

Given that this is the only tool that I've worked with for the control process of privileged access, I don't have anything to compare it with. However, it's helped us keep our privileged access in check. We're able to get logs as to when the user checks out an ID and for how long, so it's a good monitoring tool.

They covered a lot at the conference. I don't have visibility into what product we've bought. It would be nice for them to approach us with what we have bought versus the new features being added. We need clarity on whether new features come included in the package that we already have, or if it's something that we need to have over and above.

Occasionally, there are lagging issues. Sometimes users have to re-login. When users copy passwords, there is sometimes a lag, so they have to log out and log in, but these are very rare cases.

I've been using it for about 5 years.

Occasionally lagging occurs. I've not heard about crashing, but there is a lag. Sometimes users will have to re-login and get it right.

The team that I work with is our in-house engineering team. I've had a conversation with CyberArk once last year revolving around efficiently generating the inventory reports. I contacted the technical support, but I didn't get a very straightforward solution that I was expecting.

We were developing a dashboard to find all the privileged accounts that weren't vaulted in CyberArk. We wanted the inventory report to be generated on a daily basis, but were having some trouble. We reached out to their technical support. The solution that they proposed was not straightforward because of the backend processes of CyberArk. We had to approach it in a different way.

Neutral

I would rate CyberArk Privileged Access Manager a seven out of ten.

My use cases for CyberArk Privileged Access Manager are specifically for privileged access management. We are using it along with other products. They have access management, their own certificate manager, and other managers. CyberArk Privileged Access Manager is for privileged access for users who require more than normal access, such as administrators and engineers. We can rely on this tool to manage that access.

You can see the benefits of CyberArk Privileged Access Manager immediately. This is risk management. You are not getting any features from the tool. It's not something that you are installing because you want it, for example, ChatGPT. With CyberArk Privileged Access Manager, you're getting control. You're not getting any additional features for your platform or systems. You are just controlling the risk. Users can't do what you aren’t allowing them. They can't make any change without approval, so it controls risks. Once you see that value, you're controlling what the privileged users in your system are doing.

The most valuable feature I find in CyberArk Privileged Access Manager is that we can record the sessions. It provides flexible workflows. I can change the workflow to specify if it needs one approval or two approvals, and I can approve my peer. We can record sessions for external people who want or require privileged access to our systems. That is very flexible. We can record what people are doing in the platform.

I find it hard to mention a point of improvement because I'm happy with the platform. The only thing I would say is that they can improve their price. 

I have been using CyberArk Privileged Access Manager for three years.

Regarding the stability of CyberArk Privileged Access Manager, I have seen a couple of times that the server was not available. In three years, it has only been a couple of times. It has high availability and low impact. In terms of the platform, it is stable.

The scalability of CyberArk Privileged Access Manager has been good; the only thing is the license. The platform is very scalable, but you need to get more licenses in terms of users.

I don't handle that kind of interaction, but my engineer does. Sometimes it requires escalation, but I have not heard of any complaints from him in terms of the support received. It is good.

Positive

I have used Delinea but not in this company. I prefer CyberArk over Delinea.

It is not that easy. You need to load the users and platforms that you will be using. You need to teach the users how to do it. It requires some change management. It is a bit complicated, but it is expected. It is not just plug-and-play.

Its maintenance depends. You can have an on-premise solution or you can have a cloud solution. We have an on-premise solution, so it requires some maintenance on the infrastructure.

Its implementation requires a team effort

With the current model of licensing, for my use cases, sometimes it's hard to convince the management and get budget approvals for it. It's expensive and you're not getting anything new. It's just a control, but in terms of risk, you are covering a big impact on the company. Improvement in the licensing prices is something I would want to have.

I would rate CyberArk Privileged Access Manager as an eight out of ten.

The use case of privileged access management is self-explanatory. A large telecommunication company like ours needs to protect our privileged access because every attack cycle has privilege escalation, and we have to stop attackers at this point. 

We have a lot of vendors or third parties working with us. They need to access our resources. The trust level of external third parties is lower than direct employees, so we do not want to share our critical credentials with them. That is our primary use case. 

Another use case is managing internal employees, especially highly privileged administrators. Furthermore, the critical business applications and areas throughout our IT infrastructure involve privileged access, and we aim to protect those. We want the ability to audit and have real-time control.

I appreciate CyberArk's real-time capabilities. I can secure critical sessions, such as SSH or database sessions. As a security professional, I have real-time visibility into ongoing sessions. If anything suspicious occurs, I can terminate or freeze the session, which is part of user behavior analytics. 

We can monitor and have real-time control over our environment with sessions coming from around the world, ensuring security. We have visibility and control through real-time user behavior analytics. That is my favorite feature.

It has a learning curve and is a complex product that requires dedicated training and people. 

Maintaining the product is challenging. Upgrades require a lot of resources, as it impacts the entire organization. For example, upgrading components like the Privileged Session Manager (PSM) and the vault is time-consuming and difficult. In the long term, I would like to see these processes simplified, especially for on-premise installations.

I have been using this solution since 2018, which is a little over six years for me.

The product is solid and works as designed. The product itself is not yet very mature. That is one side. Another side is not putting enough resources into it as a customer. Most of the time, any stability issues are mostly with the customer, not the vendor. Proper fine-tuning and expertise ensure the product performs well.

It is highly scalable. We started small and expanded it to an enterprise level, and are now moving to the cloud for further growth. Its architecture offers scalability. It can grow much bigger than our company. It provides all the flexibility and modules if you have the required expertise.

CyberArk's customer service has improved recently and is now very responsive. However, four to five years ago, they were average. They are now at acceptable levels.

Neutral

We are fully on-prem for the PAM, but we are moving to the cloud.

Its deployment is not easy due to CyberArk's complexity. We started from a small footprint and then moved to a larger deployment. It was a lot of work. This could not be managed without CyberArk-certified engineers. It is very complex.

We can never deploy and manage it fully by ourselves. No company has that expertise, so you always need CyberArk-certified engineers from a third party when it comes to critical things. We have over 30 servers running for the CyberArk solution. All 30 servers have different pieces of this complete solution. We can never upgrade it by ourselves without professional services. We can do some of the things ourselves, such as day-to-day management, troubleshooting, and operations, but for upgrades, installations, migrations, and disaster recovery, we need professional services. We have a separate budget every year for professional services.

We have a team including myself from governance, a project manager, senior leadership, and hands-on team members, among others. It requires four to five people from security and two CyberArk-certified engineers. I need two engineers because if one gets sick in the middle, the other person can take over because there is no going back when we start the upgrades and critical changes. We have four to seven knowledgeable and dedicated people in a critical scenario.

Pricing is a problem. CyberArk is expensive compared to other products I know. It is similar to buying a German car. It comes with all the bells and whistles, but some companies may find it too expensive.

I compared CyberArk with a product called Delinea. I preferred CyberArk because Delinea required additional agents installed on each target for session recording, whereas CyberArk does not. There was a difference between the two products in how they did the session recording. Because Delinea needs an extra agent installed on each target to do the session recording, you have a huge amount of work managing those target agents on probably thousands of servers. You need another team to do that. An extra workforce is needed to manage that. That was the first turn-off for me. CyberArk does not need an agent. It is in real-time. It drops DLLs to the target host during the session so that you do not need to manage the agent.

The most important aspect for us was that Delinea did not have real-time controls. They said they were developing that piece. They could only analyze recordings after the event had already happened, but then you are too late. All the artificial intelligence and machine learning were applied for the post-event activities. That was a big differentiator. CyberArk's real-time controls set it apart as Delinea only analyzed recordings after events.

These were the two main reasons for going with CyberArk. Everything else was fine. For an average-sized company, Delinea is fine, but for a large-scale company, CyberArk is a better choice.

It took us some time to realize its benefits because there was a learning curve for us. It took us about a year to get our heads around this product and start effectively using it. It is a journey. It takes at least five years for any company to make this product very useful and reach maturity. It is not only the product's fault. The company needs to have a vision, and the company culture needs to go with it. Senior leadership needs to support the vision. You need to have lots of ingredients for success. If everything is in place, you will see success after one year. In the first year, it is a struggle for everybody.

My company was bought by a bigger company, and they were very new to privileged access management. Everybody was struggling. The advice I would give is to have a good vision for privileged access management. You need dedicated teams, senior management support, and proper company policies and standards before implementing the solution. Start building knowledge slowly and avoid jumping into the deep end without preparation.

I would rate CyberArk Privileged Access Manager a nine out of ten.

We're using CyberArk Privileged Access Manager to manage our service accounts, privileged service accounts, and password rotation. We also use Conjur.

CyberArk Privileged Access Manager has helped our organization remain compliant in the privileged access management space. It is very helpful for meeting compliance and regulatory requirements such as SOC, SWIFT, and PCI DSS.

CyberArk Privileged Access Manager has helped us become more efficient in managing these service accounts.

CyberArk Privileged Access Manager feels quite secure in ensuring data privacy.

CyberArk Privileged Access Manager has a very strong potential for preventing attacks and lateral movements, but it has not had an impact one way or the other on the number of privileged accounts in our organization. They are just managed differently.

CyberArk Privileged Access Manager makes it easy for users to retrieve and manage their passwords.

I have been using CyberArk Privileged Access Manager for a few months. I am still learning, and I appreciate all the networking and education at the CyberArk Impact in Boston, which is going to set me up for success as I take on my role.

In CyberArk Privileged Access Manager, the UI has room for improvement, as does the dashboard reporting, which could be made better or easier to use. The interface needs to be more intuitive in CyberArk Privileged Access Manager. There should be dashboards in CyberArk Privileged Access Manager with more data and reporting capability for the non-compliant scenarios.

My company has been using it for a long time; I have been using it only for a few months.

I have not had any support experience with CyberArk at this point in my journey. 

I found the CyberArk Impact event to be much more effective as an educational experience.

Positive

The time-to-value for CyberArk Privileged Access Manager was recognized pretty quickly after implementing it.

I hope to learn how the pricing works so that I can understand it better, but I am certain it is not inexpensive.

It is absolutely necessary to have a PAM tool like CyberArk Privileged Access Manager, even if someone is using other security tools.

Based on my experience thus far, I would recommend CyberArk Privileged Access Manager to other users.

I would rate CyberArk Privileged Access Manager as an eight out of ten. It is early in my journey with this solution.