Symantec Privileged Access Manager Reviews

The password vault and access to the systems are the most valuable features. It meets with the objective of password vault with controlled access to systems.

There are no improvements as it never went live.

It lacks good logging capabilities and the reports are not customized. Also, there are security issues with the 'super' account.

I have tried to implement it for almost two years.

There were no stability issues experienced, but we never went live.

There were no scalability issues experienced, but we never went live.

Technical support is average. They took a long time to provide good answers, only recommended to upgrade SW version which in some environments is not an option and they don’t even know if that will fix the problem.

We were not using any other product before, although now we have changed to another cheaper solution.

The setup was not simple, design took a lot of time, and we had a consultant from CA.

It’s not a cheap solution. The increasing number of licenses are also expensive.

There are other cheaper solutions available in the market.

Gives us the ability to rotate passwords automatically in the vault, on in any interval, via a scheduled job or password view. This takes out the management of passwords from the user and CA PAM can control the password maintenance.

Without getting too specific, we are able to manage root account passwords on 1600+ Linux servers. Our users can transparently login with those credentials when needed.

The OOTB reporting functionality is lacking. The ability to view a simple breakdown of the various data. They offer an all or nothing solution that does work for my organization. We need to be able to distribute reports to various groups that have users working in CA PAM without showing them all the activity. However, there are APIs that can be utilized to make custom reports. The product is good and enhancements are coming to improve the product. Reporting is what is lacking in this version of the product.

We have used the product since September 2016.

At this point, there were no issues with stability.

At this point, there were no issues with scalability.

The technical support has be an essential part of our deployment. They are very responsive and work diligently to resolve the issues.

We didn’t have a previous solution.

We have ten appliances and the setup was straightforward. We had no issues setting up our infrastructure.

I was not involved in the negotiations of the product.

We started out with eight different products and wound up doing an RFP with four finalists, and CA PAM was one of them. The other three were BeyondTrust, CyberArk, and Hitachi ID.

My only advice is to make sure you perform a through PoC in your environment to make sure all aspects of the system work for you.

Some of the valuable features are safe access to company resources, quick, comprehensible, and intuitive management interface, and good integration capabilities. Control on targets could be extended through CA PAM Server Control component. It now includes an optional risk evaluation engine (CA Threat Analytics for Privileged Access Manager).

• Quick setup
• Support for different types of existing user stores
• Management automation through REST interface
• Integration with Identity Management solutions easily for automatic user provisioning.

I would like it to support more types of integration.

We have used this solution since CA acquired Xceedium.

There were no stability issues.

There were no scalability issues.

I would give technical support a rating of an eight out of 10.

Many customers switched to CA PAM, because the list of useful features quickly expands.

The deployment was very fast, as it is commonly deployed as a virtual appliance.

Contact the sales department.

We evaluated Hitachi ID PAM and IBM PIM.

Proceed!

Access control and Password Management, because almost every customer wants to protect and audit their server(s), as well as their credentials.

When a customer uses CA PAM, they can control who can access their server and what they do. So they feel more comfortable when using outsourced engineers to manage their assets.

Reporting, Logging, and support recording for Web App using Java.

Now, the reporting feature on CA PAM only shows the basic information in white-black table format. If I’m a customer, I like to see the reports with colorful charts and pictures.

About the Web App using Java:

Currently, CA PAM only can record and work with a Web Console that doesn't use Java. If a Web Console uses Java and has a pop-up, CA PAM can’t do a recording.

Over three years. I used it before CA acquired Xceedium.

The CA PAM appliance works stably. I didn’t see many errors related to stability.

Not yet.

I appreciate CA technical support. They respond quickly.

No, I didn’t.

Simple for me.

No, I didn’t.

The CA PAM product can help companies/organizations who looking are for Privilege Access Management. CA PAM is an industry leader; a powerful, easy to use solution.

One of the most valuable items is the load balancing feature.

The live session recording is still not in the features.

We have used this solution for over a year.

There were no issues with stability.

There were no issues with scalability.

I would give technical support a rating of 7/10.

This is the first solution.

The setup is one of the advantages of CA PAM, as compared with the other solutions.

We evaluated CyberArk, BeyondTrust, and Dell.

The implementation of this product is not a problem and is simple.

The solution has the capability to address hybrid eco-systems, both on-premises and cloud services. Most of the high privileges now include tenant administrator credentials.

Integration with the AD RBAC model is also a great feature, as we can tie it to the central repository.

The FIPS-140-2 certification is really a nice option with every governmental response.

The solution allows us to ease the risks and headaches with administrators turning to our IT team.

I would like the ability to provision through a real REST API. Perhaps this could be SCIM-PAM, once it is certified.

We have used this solution for more than a year for training, PoC, and laboratory use cases.

Some rollover credentials often do not work or you need a more complex configuration.

There were no issues with scalability.

Technical support has yet to be included completely in the CA Support.

Some rollover scenarios can complex to achieve.

We evaluated Sudo-AD and CyberArk.

Have a good view of their role model and critical assets.

It offers access control of privileged accounts.

It has simplified and unified the access of the users to a single point of access. It grants access identity to privileged accounts.

I would like to see improvements in branding customization and multi-tenancy.

We have been using this solution for six months

The solution is not implemented for end users, so we haven't had any problems so far.

There were no issues with scalability.

Technical support is very good.

We did not use a different solution before.

The initial was setup straightforward and simple. The solution does not need any complex customization to deploy and start using it.

Just measure all the necessities before starting and all will be okay.

Keep in mind that the product can be implemented quickly, but it depends on how fast you can provide information.

The most valuable element is the keystroke tracking feature.

We use the tool in our FedRAMP data centers. Whenever an employee does some work at the command line in the servers, app servers or database servers, we need to track what they do.

We use the tool to do just that. We bought it for that purpose. That is why this is the most important feature for us.

The product has not improved our organization. It is an intentionally limiting product. That’s why we have it.

It limits the number of CIs. Why not have unlimited CIs?

As I understand the licensing, we purchase the PAM product and pay for it based on the number of CIs. (A “CI” is a “configuration item”. It’s an ITIL term.)

That means the number of servers, routers, switches, etc. for which PAM controls access and tracks activity. Why not charge us a flat fee and give us unlimited CIs?

We have been using the solution for around four years.

We did not encounter any issues with stability.

We had scalability issues, particularly in regards to the limit of CIs.

The technical support is very good. They are very helpful. They are knowledgeable and follow-up when we have issues.

We did not use a previous solution.

I don’t know about the initial setup. I was not involved in the initial setup.

I am not involved in pricing and licensing.

I don’t know about the evaluation of other products. I was not involved in that part of the process.

Make sure you can track enough CIs and have room for growth.

Manager user/admin’s password, so it’s more secure and password will be changed on time.

When there’s new patches or upgrades, please test the new release well, so it won’t break the functional parts.

It’s very stable, unless we do some patches or upgrade, then it’ll break some functional parts.

So far, no.

So far, it's fair. Because sometimes, it takes me a few days/weeks to get attention.

No.

I didn’t get involved in the initial setup.

I don’t handle that.

I didn't get involved in that evaluation, either.

Have a test environment for testing any upgrades/patches first, before pushing it to production.

• Password management (Linux/Windows) and session recording.
• Platform to access any (RDP, Telnet, SSH device in Datacenter).

• Centralized
• Secure
• Monitored access to any (RDP, Telnet, and SSH device in Datacenter).

Still Exploring.

The product is matured now after new patches and versions.

Easy to scale with clusters.

10 out of 10.

No.

Straightforward. We recently migrated from Physical to Virtual Appliance.

Based on features e.g., access management and password management, the price is suitable.

I don't remember now, but we did a PoC for a few, but chose CA PPM (formally known as Xceedium).

It is the best product for monitoring the recorded session of your IT admins and external consultants. RDP is best for Telnet and SSH devices password management.