CyberArk Privileged Access Manager Reviews

I work in the cybersecurity team. We typically provide access to other end users or IT administrators through this solution. We monitor their activity on servers, provision access, and review all logs.

By implementing this solution, we wanted identity management and access management.

Over these three years, there have been a lot of improvements. User management is more efficient. The interface is user-friendly, and I can create comprehensive reports.

Session recordings and timestamps are valuable features. They allow me to specifically select the time a particular command was executed, so I do not have to review the entire recording. I can click on events to determine where and when they happened. 

We are looking for improvements in user provisioning, such as access provisioning and revoking access. We still have to test these improvements in the latest version. 

Updates have been somewhat difficult, resulting in challenges when moving from one version to another. The current version includes automatic updates for minor patches, which should be easy.

I have been using the solution for more than three years.

It has been stable so far, so I would rate it a nine out of ten.

Its scalability is very good. It is in the cloud, so we can just expand it. I would rate it a nine out of ten for scalability.

We haven't used customer support so far apart from implementation.

Neutral

I have not used any PAM solutions apart from this one.

Its implementation was very complex. It needs different servers and setup parameters involving load balancers, certification, encryption keys. The implementation took more than a month.

It requires maintenance once in six months and has been hard previously.

It was implemented by inhouse staff with oversight from vendor.

When it comes to compliance and audits the ROI on this is very good.

Licensing is little hard as they are perpetual and can't be used from a pool of resources.

I would recommend implementing CyberArk Privileged Access Manager as it is the best so far.

I would rate CyberArk Privileged Access Manager an eight out of ten.

My main use case for CyberArk Privileged Access Manager is installing it to prevent direct access to the users. For the privileged account, we are using the PAM, and all sessions have been monitored, with all logs shared and logged on the vault.

I have more to add about my main use case for CyberArk Privileged Access Manager, specifically our Privileged Threat Analysis, which detects any suspicious event and alarms us.

The best features CyberArk Privileged Access Manager offers are PTA, Privileged Threat Analysis, and Alero, Remote Access Management, and these features are essential for enhancing security.

PTA and Alero have made a difference for my team by providing a predefined rule assigned and implemented on the PAM; for example, it sends us an email if there is any suspicious activity or threat credential loss, offering feedback related to user behavior. For Alero, Remote Access Management, it is a very wonderful Identity and Access Management with biometric MFA, mobile access, location tracking, and a small RBAC role-based matrix access that defines user roles, serving as a replacement for VPN.

CyberArk Privileged Access Manager has positively impacted my organization, showing significant improvement since all sessions are monitored and isolated using isolated RDP sessions, which are created temporarily and expire if not used.

In terms of specific metrics or outcomes, the time savings have been noticeable, and while it is not direct access, the PAM works efficiently between servers and end users, preventing users from running or installing unauthorized applications through the AppLocker application created on the PSM.

CyberArk Privileged Access Manager can be improved because I have experienced one issue where a user connected through RDP to a Linux server and the PAM could not fetch any commands or key store logging from the Linux server, which works fine on Windows servers. If they could combine both into one keylogger solution, it would be great, and increasing the number of CPM plugins for password retention while providing common web portal applications out-of-the-box would also help.

I have been using CyberArk Privileged Access Manager for more than five years.

CyberArk Privileged Access Manager is stable in my experience, with no issues of downtime or reliability due to our disaster recovery (DR) and high availability (HA) servers in place.

CyberArk Privileged Access Manager's scalability is good, as it can handle more users or workloads with our five-year roadmap indicating that the PSM server can manage around 20 sessions per hour, which is sufficient for our organization.

I would rate customer support a nine on a scale.

I previously used BeyondTrust and Delinea, but I did not switch because I noticed many features in CyberArk that are not available in other solutions.

I did not evaluate other options before choosing CyberArk Privileged Access Manager, as I had good experience with another live product.

My advice for others looking to use CyberArk Privileged Access Manager is to pay attention to the vaulting part, which is essential for every organization, as each server has a secured vault that connects over TLS with a lot of encryption details. The product is consistently enhanced, and the latest release is 14.6. I rate this solution 9 out of 10.

For CyberArk Privileged Access Manager, use cases are providing just-in-time privileged access. The most simple use case is hosting all privileged credentials in a secure manner and managing and controlling access to those credentials. Therefore, controlling access to privileged endpoints is the usual thing that will be done with PAM.

CyberArk Privileged Access Manager has several valuable features. The basic feature is privileged access management with all the processes and procedures that are needed. It has all the relevant features required to provide a PAM project or PAM program. It does everything that is needed. A tangible benefit is that we already have full control of privileged access. We have just started and have onboarded all privileged accounts into the system.

I have noticed areas of CyberArk Privileged Access Manager that could be improved or enhanced in integration with automation tools. It's not quite the same in the cloud, the Privilege Cloud version. The on-premises version allows users to do absolutely everything. When they took it to the cloud, they started cutting things out. The other issue with CyberArk is that they are marketing their new product, SIA, which is based on Privilege Cloud. Users still need to have Privilege Cloud to achieve the same level of functionality as the on-premises version.

We are still early in the roadmap and haven't progressed far enough to identify additional needs. When organizations reach the end of their maturity roadmap, they can better identify specific tool requirements that aren't currently available.

We have been deploying CyberArk Privileged Access Manager for two years now and counting.

The evaluation of customer service and technical support for CyberArk Privileged Access Manager depends on several factors. When receiving support directly from CyberArk, they are the most knowledgeable, though they don't always have immediate solutions as they might need to create them, which can take considerable time. For instance, the Ansible integration for the cloud version has been requested for years.

When working with CyberArk partners for support, it's crucial to ensure they have actual knowledge and aren't just acting as middlemen. There have been instances where third parties are hired to provide first and second line support, but they simply forward requests to CyberArk without adding value to the process.

We used a deployment partner recommended by CyberArk for the deployment and maintenance process. One crucial step that should be done first is creating an inventory of how privileged access is currently handled and where it is needed. Without this inventory, you might deploy CyberArk and realize it doesn't work with your existing architecture or infrastructure.

Our implementation team consisted of approximately 15 people, including architects, engineers, application owners, network specialists, Windows and Linux administrators, database administrators, and cloud specialists. While maintenance requires fewer people, input from all these stakeholders is crucial for successful implementation as they each have different requirements.

Most importantly, this needs to be a management-driven initiative with a top-down approach. Management must establish new working methods, as the biggest barrier to acceptance is typically resistance to changes in working procedures.

For ongoing operations, the staffing requirements depend on the company's operations. Typically, 24/7 coverage requires at least three people per shift in a follow-the-sun model. This accounts for first and second line support only, with additional staff needed for server maintenance, totaling around nine people.

The primary problem addressed by implementing CyberArk Privileged Access Manager is the lack of control over privileged access - where it happens, how it occurs, and what is done with that access. When attempting to attack an enterprise, attackers target the highest-privilege credentials available. Therefore, protecting the most critical credentials within your organization is essential.

For those planning to deploy CyberArk Privileged Access Manager, it's crucial to understand that it's a multi-year program. It's not just about deploying the tool; it needs policies and governance around it. Additionally, infrastructure modifications are necessary to ensure PAM is the only way to provide privileged access to endpoints.

It's a great product that does everything required from a PAM tool. I would rate CyberArk Privileged Access Manager as a nine out of ten.

We use CyberArk Privileged Access Manager to manage our privileged accounts because it protects against cyberattacks and prevents unnecessary or illegal access. 

It provides a centralized management system, making it easier for us to enforce policies and monitor access across our organization. Additionally, we can monitor sessions and record and detect suspicious activities that are harmful to our systems and organization.

The AI capabilities, including advanced threat detection features, are very helpful for us. They reduce human effort and errors, allowing us to quickly identify and respond to threats. This solution scales up our IT environment and resolves almost every issue that poses a threat to our organization.

Pricing is a concern for me because it is not very user-friendly for startups, new users, or very small organizations. It might be better if the price was reduced. Sometimes, the maintenance cost can also be high.

I have been using CyberArk Privileged Access Manager for the last one and a half to two years.

Every application has downtime. However, it remains stable overall. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

Sometimes, when I face issues or want to understand some features, or it is difficult to identify activities in our system, I contact the support team. They are very helpful, always available, and try to resolve our issues as soon as possible.

Positive

This is the first PAM solution that I implemented in our organization.

The initial setup is not very easy, nor very difficult. It is moderate to deploy.

It does not require any maintenance from our side.

We have a team of three to five members, and they deployed it in a minimum of one week.

Its price can be reduced.

I researched some solutions and found CyberArk Privileged Access Manager to be one of the good solutions. I am very happy with the product.

I am happy with this product. If someone is looking for a PAM solution, I recommend it because it has a large developer community and good customer support. It is more stable than the others, and I am very happy with it. 

Overall, I would rate it a ten out of ten.

I use the solution mainly for credential tasks. For instance, if the company I work for has recent data stored in a privileged report and needs security from cyber attackers, CyberArk Privileged Access Manager is used. The solution helps provide access only to authorized users and rotate passwords every sixty or ninety days. CyberArk Privileged Access Manager also allows the configuration of the password either manually or automatically. 

In our organization, Privileged Session Managers (PSM) assist in recording sessions of a particular server using the solution. The product allows users to utilize different permissions, such as end-user, auditor, and administrator permissions. For CyberArk Privileged Access Manager, administrators have the major access to implement tasks like creating, changing, rotating the password and adding new users. 

The most valuable feature of this tool is the password rotation feature. Another vital feature of the solution is the Safe feature, which acts as a container. Only accounts included within the Safe can access a particular server. 

The solution allows the distinguished use of PSM and PSMP for a Windows and Linux server, respectively. The tool makes all session recordings compulsory and cannot be tampered with. It also eliminates hard-coded credentials and supports demand-based applications.  

CyberArk is very popular and provides a lot of features compared to competitors' PAM tools, which is why many customers are migrating to CyberArk's Privileged Access Manager. 

The solution should be able to completely mitigate internal threats. For instance, if an employee of a company saves the CyberArk passwords in a system, then another employee might be able to use it and log in, so there remains an internal threat when using the solution.  

The feature of giving user access through a Safe should be modified. The solution should allow users access directly through an account, and the Safe concept needs to be improved. 

I have been using CyberArk Privileged Access Manager for the past two years. 

In my organization, about ninety to one hundred people are using CyberArk Privileged Access Manager. 

It's easy to setup and install CyberArk Privileged Access Manager. Multiple components need to be installed for the solution. Often, the PVWA, PSM, and CPM need to be installed. If an organization has a Linux account, then PSMP needs to be installed for using the solution. While installing the solution, the Vaults need to be defined, if it's a standalone Vault or a cluster Vault. A cluster Vault is mostly implemented for disaster recovery to replicate data when something happens to the main Vault. 

CyberArk Privileged Access Manager comes at a high cost. But the solution is worth its price. 

I would recommend the solution to others depending on their goals. If the aim is to protect an organization's data and use PAM, then one should use CyberArk Privileged Access Manager. If the goals include detecting malicious activity, onboarding privileged accounts, and maintaining data accounts, then an organization should adopt the solution.   

I have used the solution's session monitoring capabilities to monitor user activities. The solution's session monitoring feature can be useful for monitoring a user while the person logs in or performs other molecular activities.  

CyberArk Privileged Access Manager is difficult and time-consuming to learn in comparison to other IAM tools. There are multiple components, like the vault, that need to be understood before using the solution. But basic administrator tasks like onboarding accounts and rotating passwords will be easy for a beginner user of CyberArk Privileged Access Manager. A beginner-level user of the solution may face challenges with secret rotating, management and AIM handling.  

I would rate CyberArk Privileged Access Manager an eight out of ten. 

We use CyberArk to secure the last resort accounts by introducing dual control approval, ticket validation, temporary access, and regular password rotation.

It also allows us to introduce location-aware access controls with multiple sites having access to specific location-protected content.

Finally, the session management capabilities allowed us to introduce delegated accounts to secure access to all sorts of devices in an easy way, but without losing the individual traceability. 

It allows us to comply with the regulator requirements allowing us to operate in the different countries and to fulfil the security and compliance requirements.

In the end, it secures all the highly privileged accounts and protects the company from internal and external threat actors.

The solution is multifaceted and includes session management, password management, temporary access, ticketing validation, API access, single sign-on integration, load balancing, and high availability principles.

The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis.

The session isolation reduces the risk of exposure of the credentials and applying simpler network controls.

Web access allows the introduction of location-aware controlled access so that different locations can only access the data that is allowed to be retrieved from their sites allowing centralisation but fulfilling the regional requirements.

The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials.

The upgrade options are good but could be further simplified.

The high availability options could be improved, and the load distribution as well for both the vaults and the credentials managers.

The web interface should allow having multiple sites for location-aware access control within the same web server.

I've used the solution for more than ten years.

We have the identity provider for all the authentication processes. However, sometimes, we need access to different applications for customers or clients that are not integrated into the identity provider. For these, we need to store a password to gain access. For example, we use the CyberArk Password Vault for third-party services. This vault needs to be shared with many people in our company. 

This allows us to store passwords and create privileged access for some users without them needing to know the password. The system inputs the password into the endpoint URLs they use for authentication, but the users never see the password. This is crucial because people may leave the company, posing a high risk. If we had integrated it into the identity provider, we would have policies for active directory users but not for users outside the company.

For example, our development teams need to connect to databases, systems, and cloud services during development. The developers don’t get access to third-party services. We use the solution to manage this access. The application being developed and deployed integrates with CyberArk Password Vault services.

The main challenge was integrating with in-house IT and business applications, which are not standard. We needed to create special updates for that kind of integration.

I have been working with the product for three to four years. 

The solution is 99 percent scalable. 

Sometimes, support is not easy because you need to share the company's architecture. Maybe they are on time, but they don't understand the specifics we're talking about. Communication can be an issue, especially when speaking with people whose first language isn't English. There can be difficulties with understanding and making sense of conversations. So, outsourcing support can sometimes be challenging.

Neutral

CyberArk Enterprise Password Vault's deployment is complex. 

I have been working with the new services and don't see any additional issues at this hour. The key requirement is to have people who understand not only the tool but also the concepts and how to view it from an architectural perspective. 

One problem is that people may not know how to work with the tool, and another is that they don't understand the concepts. So, I think focusing on proof of concepts is good. For example, what I do at first is request information for identity providers and key management services.

I rate the overall solution a nine out of ten. 

Primarily, I import accounts from our critical systems.  

Knowing that our passwords are stored securely within the vault has been a big improvement. It eliminates the need for users to store passwords in less secure locations.

We want to integrate it with our IT service management platform and our SOC solution, but that's a future project.

The password protection itself is the most important feature. It's something we didn't have before.

Moreover, the interface is intuitive. It is clear and user-friendly. 

The session monitoring and recording feature is also a good feature feature, but we're currently experiencing an issue with session monitoring not working correctly. We're working with CyberArk to resolve it.

We aren't able to view active sessions or historical recordings of sessions.

It is complex, which is something I know CyberArk is working on. They're trying to simplify certain administration tasks because a common critique is the level of complexity. But overall, we can do everything we need with it.

So, CyberArk could still focus on making it more user-friendly.

I have been using it for a year. 

So far, we haven't had any scalability problems.

We have around 50 licensed users – primarily administrators. We currently manage about 5,000 accounts with CyberArk.

Sometimes, the initial response time is a bit slow, but once the customer service and support take on a case, they resolve issues quickly.

Positive

CyberArk handled the primary setup tasks. We worked with a partner to implement additional components and now have the knowledge to manage the solution ourselves.

The implementation process took around eight months. 

There has been an ROI. 

We expect to see a full return on investment within the next three years. This was part of our long-term security plan.

It is expensive, but the cost is justified considering the security it provides. Compared to other solutions, it is costly. We have not tried other solutions, but the price is high. 

We only license Password Vault.

My company evaluated another solution like Delinea but preferred CyberArk due to its robustness and flexibility.

I like its flexibility, while adding some complexity, allows us to fully customize the solution to our needs.

One of the main advantages is the way we can connect from outside. We use a portal that provides secure access to our systems without needing a VPN. We just scan a QR code, and we're connected. We do not need to use a password and we are in through the QR code scan. 

I would recommend using it. Overall, I would rate the solution a nine out of ten.

It's a very complete solution for what we need.