CyberArk Privileged Access Manager Reviews

My company uses CyberArk Enterprise Password Vault for our servers and when our IT partners try to access our mission critical systems. We have also integrated the product with software tools used for authentication purposes. Our company's IT uses LDAP credentials to log in to the PVWA application while also being able to use granted privileges on one or more servers.

The most valuable feature of the solution is session recording.

There is a little bit of confusion in the implementation part, especially when one tries to understand the actual working of the product. The ones involved in the implementation of the product did not show the people in our company how they work on the product. The aforementioned area can be considered for improvement.

I have been using CyberArk Enterprise Password Vault for a year and six months. The product is used in my company. I use CyberArk Enterprise Password Vault Version 12.0. I am a customer of the product.

It is a scalable solution.

We upgraded the solution even though we had subscribed to the product for ten years in our company. In our company, we wanted around 50 employees to be able to operate the solution.

From my end, I have not used technical support. I don't know if my colleagues have faced any problems because of which they had to contact technical support.

The implementation took place over a period of three months.

The solution is deployed on-premises.

CyberArk Enterprise Password Vault is a very expensive product.

I believe that the charges for maintenance and support are already included in CyberArk Enterprise Password Vault's pricing policy.

I will tell those planning to use the solution that it is a very expensive solution. Due to the cyber security constraints of the product, most of the companies are forced to update by paying money to CyberArk, which I feel is one of the problematic areas in the product. Feature-wise, it is a very good product.

I rate the overall product a nine out of ten.

In a large financial institution, CyberArk Privileged Access Management (PAM) plays a pivotal role in ensuring the security and integrity of sensitive financial data. With numerous systems, applications, and databases holding critical client information and transaction data, the institution faced the challenge of managing and protecting privileged accounts effectively.

The PAM solution was seamlessly integrated into the existing IT infrastructure. It introduced granular access controls, requiring all employees to log in with standard user accounts, regardless of their role. When a privileged action is required, the PAM system enables the temporary elevation of privileges through just-in-time (JIT) access, granting access only for the necessary time frame. This reduces the window of opportunity for potential cyber threats.

CyberArk Privileged Access Management (PAM) has been a game-changer for our organization's security landscape. With PAM in place, we've experienced a significant reduction in potential security breaches. The meticulous control it offers over access rights ensures that only authorized personnel can access critical systems and sensitive information. The implementation of just-in-time access has effectively minimized our attack surface, making it incredibly challenging for unauthorized users to exploit vulnerabilities.

The most valuable features of CyberArk Privileged Access Management (PAM) are its granular access controls and just-in-time (JIT) access provisioning. These features ensure that only authorized users have elevated privileges and access to critical systems. JIT access reduces the attack surface by granting privileges only when needed, minimizing exposure to potential threats. 

Additionally, robust auditing and real-time monitoring capabilities enhance security by tracking privileged activities, aiding in threat detection and compliance. PAM's ability to seamlessly integrate into existing infrastructures and streamline workflows further adds operational efficiency, making it an indispensable tool for modern cybersecurity.

CyberArk PAM could greatly benefit from an under-the-hood update; integrating machine learning algorithms could provide predictive insights.

The user interface lacks intuitiveness; revamping the UX of the web access panel through intuitive navigation, customization, contextual assistance, visual coherence, and accessibility considerations will undoubtedly result in higher user satisfaction, increased engagement, and ultimately, a more competitive offering in the market.

In addition, several tools seem to be outdated, however, you can see that CyberArk is constantly working on them.

I've used the solution since 2017.

We use the solution for privileged access to internal systems and multiple customer environments.

We have distributed PSM and CPM components throughout multiple sites and customer domains access over the VPN, with PSM load balancing handled via third-party hardware load balancers. 

Environment segregation and security are high on the criteria for the implemented solution, however, not at the overall expense of performance. 

We tend towards providing access to privileged admin applications direct from the PSM servers wherever suitable, yet offload additional workloads to siloed RDS collections if the need arises. 

I appreciate the ease of use for support analysts. We provide a single pane of glass access to our analysts where segregated admin access is provided via safe access groups. The overall goal is to provide the analysts with just enough access to function without being totally impaired by security constraints. With the piece of mind that the auditing and recording capabilities allow. We provide access to fully managed systems via distributed PSMs, or where the need arises we can provide access to online third-party access points via a central pool of web-enabled PSMs.

The most important feature is the password rotation and recording to align with customer security requirements.

The reporting and auditing functions allow us to provide evidence-based accounting to customers or security personnel when or if required. Being able to prove that "it does what it says on the tin" is a very key selling point or point scorer in project and planning sessions.

The marketplace default connectors are constantly evolving and simplifying administration. In the case of one not being available then the majority of additional requests can be catered for with some clever AutoIT scripting.

Remediation of some of the platform settings in the master policies section would be handy.

Overall what I would really love to see is the third-party PAS reporter tool pulled more into the overall solution, ideally as its own deployable component service installation package, that could be installed/branded alongside the PVWA service, and build out API integration so that third party calls could draw valuable data directly out of the management backend with very little amount of additional admin overhead.

I've used the solution for eight years. 

The solution is very stable; if instability is ever experienced it is likely to be as a result or symptom of a problem elsewhere, such as external factors (updates, network etc.).

The solution is fairly scalable, although depending on how far and wide you stretch your footprint, you may be better suited to multiple smaller vaults and component environments, than one large pot.

Initial call logging can be tedious at times. If you clearly articulate an issue yet are then required to collate entirely irrelevant logging information or jump through a default set of "have you tried this" questions it can cause frustration. Call escalation via account management has improved and when needed we have then progressed with support at a faster pace.

Positive

I have not worked with a solution with a focus explicitly for PAM.

The initial setup was both straightforward and complex in equal measure.

The majority of the setup was in-house. On occasion, we have engaged the vendor team and always had a positive outcome.

I'm not in the loop to be able to answer to ROI.

Engage with Cyberark account management and professional services to fully understand your current, expected, and future requirements. 

Some default settings applied early on may be very time-consuming to amend at a later date (for example, set a default attribute in a platform, extrapolate that platform out to 300 other platforms and a single change may then have to be retrofitted 300 times). So the more scope you can define at deployment the better.

I believe other vendors were evaluated prior to selecting CyberArk.

I'd advise other users to take their time, measure twice, and cut once.

The most valuable features of CyberArk Enterprise Password Vault are password rotations and password encryptions.

CyberArk Enterprise Password Vault has a lot of enterprise-level features compared to other PAM products. It's a well-known product, and its implementation is very easy. The solution has good documentation compared to other products. CyberArk Enterprise Password Vault is legitimate software that releases patches as per vulnerability.

We require IAM (identify and access management) capability at the administrator level because we need more identification.

I have been working with CyberArk Enterprise Password Vault for the past six months.

CyberArk Enterprise Password Vault is a stable solution.

CyberArk Enterprise Password Vault is a scalable solution. We have more than 1000 people using the solution.

CyberArk Enterprise Password Vault's technical support team is good. Whenever we require any help, they assist us based on the SLA. The technical support team's response speed and competence are very good.

Positive

The solution was easy to deploy.

We need a basic understanding of the tools needed and customer requirements to deploy the solution. If the customer is looking only for a password deployment, we deploy only the password.

The deployment will require two or three people and a minimum of one week.

CyberArk Enterprise Password Vault's pricing is reasonable. Since CyberArk Enterprise Password Vault is an enterprise-level solution, its cost is higher than other solutions in the market. The solution comes with maintenance for the first year. However, after that, we need to pay for maintenance.

CyberArk Enterprise Password Vault's licensing model is comparatively very easy. It has a single license. We can deploy the solution based on the particular solutions we need.

One or two administrators are more than enough to operate the solution.

A backup strategy and DR setup are more than enough to implement CyberArk Enterprise Password Vault.

Overall, I rate CyberArk Enterprise Password Vault an eight out of ten.

The main use case is the protection of privileged accounts. We also use it for multi-factor authentication and single sign-on.

Now we feel assured that all our privileged accounts are well protected. Our admins don't know passwords and don't enter them manually. This eliminates the risk of interception and account hijacking.

First of all, CyberArk offers great flexibility. Throughout our years of experience, we haven't found any system that we couldn't connect with CyberArk. We have many web management consoles, and it's no problem to connect to them using custom connectors.

Moreover, it's a highly customizable solution. If you know how to do it, you can customize it as you want.

There is room for improvement in the pricing model. From a technical point of view, there are no issues. Support could be faster, though. We have mentioned that better support from CyberArk would be beneficial.

So, support could be faster, and pricing can be improved.

We have been using it for our needs and sharing it for over ten years. Currently, we use version 12.

It is a very stable solution. I would rate the stability a ten out of ten. If you can read the manual and avoid making mistakes, it's very stable.

It is an extremely scalable solution. I would rate the scalability a ten out of ten. In our organization, there are ten CyberArk users; they all are system administrators. 

The customer service and support could be better. The response time could be better. 

Neutral

I would rate my experience with the initial setup a four out of ten, one being difficult and ten being easy. It's a modular system. To run CyberArk, you need to deploy several different services, set them up, and configure the interactions. It's not a solution in one box.

The initial setup is not very complex, but I would say it's not very simple, either.

We have deployed CyberArk in both environments. We have several working calls in the cloud and some parts on-premises. The initial deployment takes about two days. 

Our main technical task was to reduce security risks, which we accomplished with CyberArk.

I would rate CyberArk's pricing a nine out of ten, with one being cheap and ten being expensive. It's one of the most expensive solutions in the market, but it's worth it.

I would suggest finding a qualified partner. Don't try to install and configure it on your own. Instead, seek a certified CyberArk partner. It will save a lot of time and stress.

Overall, I would rate the solution a nine out of ten. It's very good, but there are still areas for improvement, like any other product. 

We use it for other use cases, such as automating application authorization, managing files, and securing monetary accounts. We use it for managing privileged accounts.

I like everything about it. It's secure and reliable. I especially appreciate that it's locked down and only allows access to authorized components.

The issue is that in many environments, what I purchase via text is different. We have some policies that are specific to Microsoft environments. For example, my actual manager may not be able to connect to a Microsoft product due to a policy on it. The issue that comes to mind now is how six credentials are managed.

Currently, if you try to log in to any server within the environment, you would need to log in every time, regardless of whether you have already received the credential or if the connecting device is present or not. It is a problem with CyberArk. If CyberArk could find a way to solve this, it would greatly improve the experience.

I'm not sure if it is possible to fix this. It's not a point of entry, but it may require a longer string than the user might want to know, or maybe cheaper right now. If CyberArk can find a solution that improves the experience, it would be beneficial to customers.

Another thing is that there are some time needs that could be improved in the future. One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible.

I've been working with it for three years. I'm currently working with version 12 of the solution, and I've also worked with version 10 and partition 11.

The number of users is about 3,305, and it is stable. We don't have any small clients, mainly medium and enterprise businesses.

I would rate stability a ten out of ten, and it's very stable.

I would rate scalability an eight out of ten. It's not perfect, but it's fairly scalable.

Some things need improvement. The solution doesn't provide sufficient support. I contacted them at one point, but it took several months to get a response. Additionally, we had an issue with account balances that took a while to resolve. That was four or five years ago, though. Other than that, it's a decent solution.

Positive

Regarding the initial setup, I would say it's pretty straightforward on a scale from one to ten, where one is difficult and ten is easy. I'd give it a nine. Deployment took less than a week.

I deployed the solution.

It is pretty pricey. I would rate it a seven on a scale of one to ten, where one is cheap, and ten is very expensive.

Overall, I would rate the solution a ten out of ten.

The primary use case of the solution is mining the credentials on our Windows unique network.

The solution is able to rotate the credentials and session recording. CyberArk has the ability to change the credentials on every platform.

The initial setup has room for improvement to be more straightforward.

I have been using the solution for three months.

The solution is extremely stable.

The solution is extremely scalable.

The technical support is fantastic and quick to respond. 

I give the initial setup a five out of ten.

The initial deployment requires a couple of weeks and for the on-premises portion an additional two to four weeks. The deployment required one full-time architect and one full-time senior consultant. 

The solution is costly but we get what we pay for.

I give the solution a ten out of ten.

For maintenance, we require one part-time architect and two operations people.

I recommend the solution to others.

It is a PAM solution, in which we provide privileged access to CyberArk and the users who are using to try to access their devices. They onboard on the CyberArk and then, whenever they need to access the devices, they get access to CyberArk which means they have to log in on CyberArk.

The models as a whole are great. I'm not sure if I can pull out specific features. I like that if we execute the user can't access their devices. If you remove the session manager, the user can't access their devices. It helps ensure we can protect our organization and data. The session manager is the most critical part of CyberArk's PAM solution. 

It works perfectly well. 

The solution is pretty easy to set up. 

The solution is stable.

It's scalable. 

The support services could act faster when people reach out to resolve issues. 

I've been using the solution for the last two years. 

It's a stable product. 

We have deployed CyberArk for two years, and so far, we haven't received any issues regarding any bugs or anything like that. We haven't faced any issues. There are some challenges regarding user access. We have to explain to users who are not familiar with the PAM solution what to do, however, regarding stability, or regarding bugs we haven't faced any issues.

It's a scalable product. For example, in my scenario, the deployment that I have done, if I want to scale it up or if I want to extend it, I can easily add the next module in that. There are no challenges regarding scalability.

I have only one deployment in Pakistan. It is at one of the largest banks in Pakistan here which has thousands of users on CyberArk.

Technical support is good. I haven't faced any issues. If you're looking at the response time, I will say that it's quite a long wait. 

The setup process of CyberArk is quite typical. Once you understand the process, it is very easy for you. That said, for a newbie, it may be a bit difficult. For example, for the PSM module, we have to make changes in the registry of the devices. You have to collaborate with your system team to make a configuration. I can get complex. That said, once you know, it's very easy.

I have been through the process of implementing the solution for clients. 

The licensing can be yearly or over a couple of years. Support needs to be renewed every year. 

We have four models which we are using. 

The first one has a wall that which we have deployed on the particular server. The next one is the CPM which is the Central Policy Manager through which we enforce the password policy and password rotation policies. 

I'd recommend the solution to others. 

We have conducted a POC in Pakistan on multiple sites with different customers. CyberArk is a quite typical product and can be a bit expensive, so it's a good idea to try it out first and make sure it is what you need.

I'd rate the solution seven out of ten.