CyberArk Privileged Access Manager Reviews

I use CyberArk Privileged Access Manager to manage the privileged credentials of our environment.

When I arrived at my company, CyberArk Privileged Access Manager was already deployed, so I didn't set it up myself. However, I've increasingly taken over its management during the past five and a half years. I saw its benefits almost immediately. Much of the value is tied to user adoption; as the end-user base becomes more familiar with CyberArk and embraces it, the benefits increase. Conversely, when we have users who know CyberArk exists but don't trust it, prefer their own methods, and avoid using it, its effectiveness is reduced. Ultimately, the more users embrace CyberArk, the greater the benefits I observe.

The best feature of CyberArk Privileged Access Manager is its core function: automatically managing and securing credentials. The ability to ensure compliance with both our internal and industry standards is invaluable, particularly in the current environment. While managing a couple of thousand accounts may not be a large number within the CyberArk community, it significantly simplifies our work in ensuring compliance and maintaining standards. The PSM feature is also excellent, as I've found it increasingly helpful in establishing connections without exposing passwords. Although a bit clunky when I used it a few years ago, it runs much smoother now. Overall, it's a great product, and I appreciate most of its features.

We use the privileged cloud model. However, transitioning from a traditional on-premises deployment to the privileged cloud has resulted in losing access to many logs and administrative tools typically available on the back end. For instance, we can no longer examine safes directly, delve into the vault to set permissions more granularly, diagnose port issues, or manage license allocation. These functionalities were readily accessible with our on-premises setup, but the cloud environment significantly restricts them. One highly desirable feature, for which I've seen an enhancement request already submitted, would be the implementation of more comprehensive logging around platform and policy changes, including details on the nature of the change when it occurred, and who made it. I recently encountered an instance where one of our platforms was altered without knowing when or by whom. This lack of auditability makes it impossible to understand the rationale behind the change, even though it appears relatively intuitive. Therefore, enhanced logging would be a valuable addition to our current system.

I have been using Privileged Access Manager for five and a half years.

Generally, the performance of CyberArk Privileged Access Manager is quite good, and we've experienced very few issues. Specifically regarding the PSM, the response time is typically excellent. However, some users have reported occasional timeout issues where the PSM session terminates unexpectedly. The source of this problem is unclear, as it could originate from the target server or the PSM server itself. While I encountered more issues with the PSM a couple of years ago, the response time has significantly improved recently. There are inherent challenges due to the multiple network connections involved, mainly when mapping network drives to transfer files within a PSM session. This connection can be slow, especially when enumerating folders during file system traversal, but it's likely an unavoidable consequence of the process.

Scalability is straightforward. While the initial deployment presents some challenges, deploying additional servers afterward is quite simple. The servers are robust in terms of their handling capacity. In discussions with CyberArk engineers, I learned that the expected load for the CPM and PSM was discussed. The CPM, in particular, can reportedly handle up to 50,000 accounts independently without issue. Given that we only have a couple of thousand accounts rotating, deploying an additional CPM would be a relatively easy task, achievable in less than a day. Therefore, scaling up appears to be quite feasible if necessary.

We subscribe to premium support, and it's been excellent, providing us with relatively rapid responses and overall good experiences. Previously, with regular support, the quality was inconsistent and heavily dependent on the technician assigned to our ticket. Some technicians were excellent, diving right in, carefully reading my notes, and offering helpful solutions. Others seemed to overlook the details I provided. For instance, I'd explain that I'd already consulted a specific knowledge base article and implemented the recommended solution without success, only to have the technician suggest I review that very same KB article, which I had just referenced.

Positive

I rate CyberArk Privileged Access Manager eight out of ten.

The connector servers require minimal maintenance. The only constraint is keeping the browser drivers up-to-date for web application connections, which can be more of an annoyance than a hindrance. Overall, there is not much maintenance involved for CyberArk Privileged Access Manager.

My advice for new users is to read the documentation. There's a lot of good information in there. I know it can be a bit of a drag to go through it all, but as you work, especially on the administrative side, you'll find that it contains a lot of information that can save you headaches. It would help you avoid opening tickets just by reading and following the guidelines. The documentation is pretty good, though not perfect; there are actually several errors. However, for most day-to-day activities, it's quite helpful.

My use cases as of right now include configuration, implementation, and developing a PowerShell report.

By implementing CyberArk Privileged Access Manager, we wanted to secure the password data and password accounts. We could see the benefits of CyberArk Privileged Access Manager immediately after we deployed it and started using it.

They could improve CyberArk Privileged Access Manager by providing more reports. If I need to know the 10 most-used accounts for this week, that functionality can be made available in the reports.

I have been using CyberArk Privileged Access Manager for seven years.

It is stable. The environment is stable, with no lagging, crashing, or downtime.

I cannot say much about scalability because we did not have any need for it.

I have contacted their technical support plenty of times. I would rate CyberArk's support a seven out of ten. They are always good.

Neutral

I have not used any alternatives to CyberArk Privileged Access Manager in my career.

The initial deployment was easy because I went to training first. The training was set up by CyberArk. From design to implementation, it took close to six months.

In terms of maintenance, it requires OS upgrades and patches. It doesn't take a long time.

We did not use any help from a third party, such as an integrator or consultant. The number of people required depends on the environment. I don't see how one person can manage it because there is a lot of information to collect before even doing a design.

My company always complains about the cost of CyberArk Privileged Access Manager because it's too high.

For a new user, I would advise them to try to configure CyberArk Privileged Access Manager a couple of times before starting to use it in a production environment.

I would rate CyberArk Privileged Access Manager a nine out of ten.

The primary use case for CyberArk Privileged Access Manager is within the IT security industry. It manages privileged access and generates reports, particularly for clients in sectors like finance. The system facilitates account management, enables the generation of on-demand reports, and helps maintain security protocols for these clients.

CyberArk Privileged Access Manager has enhanced my organizational capabilities by providing important security reporting features.

The most valuable features of CyberArk Privileged Access Manager include its search capabilities. Searching was previously a challenge, especially with Windows servers. When searching, we could only search based on the account name itself, as the system couldn't identify which accounts had access to which systems. This functionality caught my attention. Another standout feature is CyberArk Compass, which is planned for an upcoming release or has potentially already been released for Prisma Cloud. Finally, managing user accounts through the PWA is quite helpful. When a user is suspended, we can activate the account using the PWA instead of the private client.

The ability to manage user accounts and suspend them with ease through Password Vault Web Access rather than a client is a significant feature.

I like the integration with tools like Compass and the ability to search based on account names and systems.

My concern and area for improvement revolves around reporting. I even submitted an enhancement request to CyberArk Software, suggesting that they include a dedicated dashboard page within either Privileged Cloud or their self-hosted PAM solution. This dashboard could feature visual elements like pie charts to display metrics such as account compliance percentages. For example, it could show PTA alerts to visualize security events occurring within a month, quarter, or year. Having such a feature would allow for on-the-spot report generation. Currently, we rely on the REST API to invoke and pull the necessary information. We then have to manually copy the data, convert it from JSON to Excel, and generate the desired report and dashboard. This process is time-consuming and sometimes leads to inconsistencies in the information provided.

I have been using CyberArk Privileged Access Manager for six years.

The stability of CyberArk Privileged Access Manager is generally good. Minor issues may arise, but they are typically manageable and not major. On a scale of one to ten, I would rate the stability an eight out of ten.

My deployment of CyberArk is scalable, although the scalability differs depending on whether it's on-premises or cloud.

Customer support is somewhat lacking. They are often unavailable on Fridays, and the support process, such as raising a call or case, can take too long. On a scale of zero to ten, I would rate their support as six out of ten.

Neutral

Before using CyberArk, I interacted with BeyondTrust. BeyondTrust features, such as their reporting simplicity, made it easier for me to generate reports. The switch was primarily motivated by cost considerations.

The initial setup was detailed and required steps to ensure security measures were aligned with standards. Efficient sequencing, working with redundancy, and cooperation with load-balancing teams were crucial parts of the process.

The deployment took one week to complete because of the redundancy.

The solution is expensive but not excessively so. Discussions with clients have revealed that costs, especially for Privileged Cloud, are a concern. Improved support could enhance the solution's overall value.

I would rate the cost of CyberArk Privileged Access Manager seven out of ten with ten being the most expensive.

I would recommend CyberArk Privileged Access Manager because it is a leading solution for privileged access management. Although it has room for improvement, particularly in areas like reporting and support, it remains a solid option. I rate it an eight out of ten.

We have deployed CyberArk Privileged Access Manager using various configurations. For instance, active components are located in one location, while passive components reside in another. This is determined by the route to the virtual machine, as the components operate as virtual machines. The primary vault is situated in a separate location, and the disaster recovery vault is placed in another distinct location. Currently, we have a PAM license for 800 users, but we are utilizing it for 650 users.

CyberArk Privileged Access Manager maintenance addresses security bulletins and involves several key steps. We ensure the admin utilizes the security bulletin during maintenance, which begins with raising a change request. Before the change is approved and implemented in production, it is thoroughly tested in a test environment to verify its functionality. Deployment to production follows successful testing. Application-specific maintenance for CyberArk follows the product roadmap, ensuring we remain at most one version behind the latest release. We also promptly apply necessary security patches from security bulletins. Furthermore, from an OS perspective, we maintain alignment with the latest Microsoft patches, ensuring all systems are up-to-date and secure.

I use CyberArk Privileged Access Manager for privileged access management for our IT administrative team. It helps in managing access to IT systems.

By implementing this solution, we wanted to monitor and manage access. We wanted to control who can log into which machine.

Our administrators no longer have to save the passwords or credentials in a file or spreadsheet to share with colleagues. Everything is organized in a vault. We have logs on which credentials were used and at what time on a machine.

CyberArk Privileged Access Manager is very powerful and customizable. We are able to customize it as per our needs. 

It has been stable over the last four years, and we have a good overview of the usage of every credential on hosts and endpoints. Our infrastructure consists of many solutions and pieces, and CyberArk Privileged Access Manager is one of the important pieces. 

CyberArk Privileged Access Manager has not helped us reduce the number of privileged accounts, but it certainly helps us manage our privileged accounts. Without it, it would not be possible to manage them.

CyberArk Privileged Access Manager assists us in meeting compliance and regulatory requirements from the government, the European Central Bank, and our customers. It is hard to measure the time saved on satisfying compliance requirements related to financial services by implementing CyberArk Privileged Access Manager, but without it, it would not be possible for us to meet these requirements.

The most valuable features of CyberArk Privileged Access Manager are its robust functionality and reliability. 

It has reduced the mean time to respond, but it is hard to provide any metrics. Its log and audit files are very helpful when we have to investigate an incident.

CyberArk Privileged Access Manager helps ensure data privacy because we now know who is using which credentials and at what time.

CyberArk Privileged Access Manager did not have much effect on our operational efficiency because it is a new tool for us. Any new tool means more work. It has also not saved us costs, but without it, we would not be able to meet the requirements for operating our bank.

We were able to realize its benefits immediately after the deployment.

The graphical user interface could be simplified and harmonized for better usability. It should be consistent. Its GUI is very confusing.

I have been using CyberArk Privileged Access Manager for four years.

Overall, the stability of the solution is high. I would rate it a nine out of ten for stability.

Currently, it meets my organization's capacity requirements. I would rate it a nine out of ten for scalability.

We have about 6,000 employees at different locations. We have different operating systems, database systems, and decentralized infrastructure.

Their technical support is good, but it can be better. Even if we provide everything required along with the ticket, we get a standard response asking for the logs. They do not go into analyzing the issue. They just ask for the log files. I would rate their support a six out of ten.

Neutral

We did not use any solution before CyberArk Privileged Access Manager. This is the first solution we are using for Privileged Access Management.

Its implementation took us a year because we have a complicated infrastructure. It requires support from a consultant or an implementation partner. You cannot install it yourself. The automatic onboarding of the privileged accounts is a lot of work.

It requires maintenance because if your infrastructure changes, you have to take care of all the new credentials. If you also have a cloud setup, you need to figure out how to connect everything. There is a lot of work involved in maintaining it. It is not easy.

We took the help of a third party for deployment and customization.

CyberArk Privileged Access Manager is on the expensive side.

I would recommend CyberArk Privileged Access Manager to other users. It is one of the leaders in Gartner's Quadrant. It is stable. 

My overall rating for the solution is an eight out of ten.

We use CyberArk Privileged Access Manager for privileged access management (PAM) escalation, securing our website, and applications. Our cybersecurity team actively utilizes its features.

The PAM escalation is valued. The access control feature and privilege and role-based assignment are outstanding. Dividing the user admin for security protection is the best feature. Additionally, its remote access allows easy connection for my team, and it efficiently manages identity.

Initially, it was challenging to understand and use all the features incrementally. Having a better user journey with a support team to connect would improve the product and services.

I have been using CyberArk Privileged Access Manager for about eight months in our company.

The solution is quite stable. We have not faced any issues related to stability since using CyberArk Privileged Access Manager for eight months.

CyberArk Privileged Access Manager is scalable. As a startup, it initially handled fewer users, but it scaled well as we grew.

Technical support was fast in its replies and always supportive, helping to resolve any issues efficiently.

Neutral

We used miniOrange, an Indian-based cybersecurity product for access management and PAM escalation. We also used one more product, which I don't remember the name of.

The initial setup was straightforward due to well-documented resources and tutorials.

Our cybersecurity team, comprising two to three people, worked on the deployment and feature implementation.

The pricing is quite well-structured with monthly and weekly plans.

I evaluated miniOrange and one other product.

New users should watch the YouTube channel, read the documentation, check the resource section including CyberArk University, and see if it works well with their product. I rate the overall solution a nine. My overall product rating is 9 out of 10.

We have traditional use cases for Windows, Unix, and Linux-based systems. Additionally, we have use cases involving AWS, Oracle, SQL, and Postgres databases.

We also plan to bring in more use cases for VMware vCenter, VMware VxRail, and iDRAC. We aim for CyberArk Privileged Access Manager to be an integral part of all our infrastructures in accessing and securing credentials, particularly in restricted environments. It is a life science project. There are certain places restricted for the users.

We are still trying to get everything driven through CyberArk. We are trying to restrict direct RDPs to a particular target or doing an SSH outside of CyberArk. The adaptability is about 60% at this time, but we want to make it 100%.

Authentication is the key to protecting sensitive data. Integration with SAML or Okta prevents intrusions to a great extent.

We were able to realize its benefits immediately after the deployment, and we are happy with it.

CyberArk Privileged Access Manager has not helped reduce the number of privileged accounts, but they all are being vaulted now. We do not have any privileged accounts that are not vaulted in CyberArk.

CyberArk Privileged Access Manager’s ability to safeguard credentials is very important. The paradigms are changing. The data is at threat when it is online. Anything digital needs to be secured. CyberArk has been the leader in the PAM product market. Our client made a good decision by taking CyberArk as their PAM tool.

The features that CyberArk Privileged Access Manager provides are good. It helps to meet the compliance and regulatory requirements to a large extent.

CyberArk Privileged Access Manager has helped to improve the incident response mean times. We have notifications configured from CyberArk. We have integrated CyberArk with ServiceNow and Splunk SIEM. We get notified pretty easily. The notification part works very well with CyberArk. There is about 85% improvement.

One of the best features of CyberArk Privileged Access Manager is the capability of Privileged Session Manager (PSM) because it provides visibility into user activities, audit ability, and traceability. 

The integration with most other technologies is also excellent. We expect more plug-ins, but it already includes plug-ins for password management with other technologies, offering a robust mechanism for credential safety and management.

One area for improvement is the plug-in development challenge. Although CyberArk provides a plug-in generator utility, it does not fully meet our needs, particularly for web-based applications. The plug-in generator currently works only for Telnet and SSH connections. We cannot generate a plug-in for web-based applications.

Moreover, integration with ServiceNow ticketing supports change requests or incidents but lacks support for service requests. Introducing service request support could prevent the overhead of raising unnecessary incidents or changes. There have been a lot of votes for this feature, but I am not sure why CyberArk has not yet introduced it. This is one of the features that we have been waiting for.

I have used CyberArk for over six years, and the client I am working with has been using it for over four years.

I would rate its stability an eight out of ten. There are occasional bugs where while installing the product, it behaves differently on different servers, especially during patch upgrades. Such issues have been more noticeable since we moved from version 12.6 to higher versions. This could be because they have done a lot of UI changes and enhancements in these versions.

Scalability is good, and I would rate it around an eight out of ten.

They are fast. In some cases, they typically respond within one to two days. However, the response time can vary depending on the priority and volume of cases they receive.

Neutral

We previously used BeyondTrust but are transitioning everything to CyberArk, as it offers better integration and enhancements.

The initial setup is easy. I was not part of the organization during the initial setup phase. It probably took around six months.

There are other vendors that handle the maintenance for us. CyberArk comes into the picture if issues are not resolved by our vendors.

The pricing for CyberArk is on the higher side compared to other Privileged Access Management products. Something should be done regarding enterprise licensing for long-standing customers.

I would advise trying CyberArk as it offers a wide range of integrations, plug-ins, and enhancements compared to other solutions. However, it is expensive.

Overall, I would rate CyberArk Privileged Access Manager an eight out of ten.

I work in the cybersecurity team. We typically provide access to other end users or IT administrators through this solution. We monitor their activity on servers, provision access, and review all logs.

By implementing this solution, we wanted identity management and access management.

Over these three years, there have been a lot of improvements. User management is more efficient. The interface is user-friendly, and I can create comprehensive reports.

Session recordings and timestamps are valuable features. They allow me to specifically select the time a particular command was executed, so I do not have to review the entire recording. I can click on events to determine where and when they happened. 

We are looking for improvements in user provisioning, such as access provisioning and revoking access. We still have to test these improvements in the latest version. 

Updates have been somewhat difficult, resulting in challenges when moving from one version to another. The current version includes automatic updates for minor patches, which should be easy.

I have been using the solution for more than three years.

It has been stable so far, so I would rate it a nine out of ten.

Its scalability is very good. It is in the cloud, so we can just expand it. I would rate it a nine out of ten for scalability.

We haven't used customer support so far apart from implementation.

Neutral

I have not used any PAM solutions apart from this one.

Its implementation was very complex. It needs different servers and setup parameters involving load balancers, certification, encryption keys. The implementation took more than a month.

It requires maintenance once in six months and has been hard previously.

It was implemented by inhouse staff with oversight from vendor.

When it comes to compliance and audits the ROI on this is very good.

Licensing is little hard as they are perpetual and can't be used from a pool of resources.

I would recommend implementing CyberArk Privileged Access Manager as it is the best so far.

I would rate CyberArk Privileged Access Manager an eight out of ten.

My main use case for CyberArk Privileged Access Manager is installing it to prevent direct access to the users. For the privileged account, we are using the PAM, and all sessions have been monitored, with all logs shared and logged on the vault.

I have more to add about my main use case for CyberArk Privileged Access Manager, specifically our Privileged Threat Analysis, which detects any suspicious event and alarms us.

The best features CyberArk Privileged Access Manager offers are PTA, Privileged Threat Analysis, and Alero, Remote Access Management, and these features are essential for enhancing security.

PTA and Alero have made a difference for my team by providing a predefined rule assigned and implemented on the PAM; for example, it sends us an email if there is any suspicious activity or threat credential loss, offering feedback related to user behavior. For Alero, Remote Access Management, it is a very wonderful Identity and Access Management with biometric MFA, mobile access, location tracking, and a small RBAC role-based matrix access that defines user roles, serving as a replacement for VPN.

CyberArk Privileged Access Manager has positively impacted my organization, showing significant improvement since all sessions are monitored and isolated using isolated RDP sessions, which are created temporarily and expire if not used.

In terms of specific metrics or outcomes, the time savings have been noticeable, and while it is not direct access, the PAM works efficiently between servers and end users, preventing users from running or installing unauthorized applications through the AppLocker application created on the PSM.

CyberArk Privileged Access Manager can be improved because I have experienced one issue where a user connected through RDP to a Linux server and the PAM could not fetch any commands or key store logging from the Linux server, which works fine on Windows servers. If they could combine both into one keylogger solution, it would be great, and increasing the number of CPM plugins for password retention while providing common web portal applications out-of-the-box would also help.

I have been using CyberArk Privileged Access Manager for more than five years.

CyberArk Privileged Access Manager is stable in my experience, with no issues of downtime or reliability due to our disaster recovery (DR) and high availability (HA) servers in place.

CyberArk Privileged Access Manager's scalability is good, as it can handle more users or workloads with our five-year roadmap indicating that the PSM server can manage around 20 sessions per hour, which is sufficient for our organization.

I would rate customer support a nine on a scale.

I previously used BeyondTrust and Delinea, but I did not switch because I noticed many features in CyberArk that are not available in other solutions.

I did not evaluate other options before choosing CyberArk Privileged Access Manager, as I had good experience with another live product.

My advice for others looking to use CyberArk Privileged Access Manager is to pay attention to the vaulting part, which is essential for every organization, as each server has a secured vault that connects over TLS with a lot of encryption details. The product is consistently enhanced, and the latest release is 14.6. I rate this solution 9 out of 10.