CyberArk Identity Reviews

If I have a core banking application platform with users or privileged users accessing that particular environment, I have to ensure that the right people are accessing what they're supposed to access. I need to have proper monitoring on them, ensuring that privileged accounts are not being shared and that generic accounts are not in use. For instance, if someone accesses the core banking application and performs changes or transactions, this solution enables me to track who did what in that session and even monitor or replay the session of that person's actions.

CyberArk provides identity governance. It gives you control of who, how, and what is accessing your environments. It provides simplicity for privileged users to access the environment. 

I work with Direct Identity. I was studying CyberArk, and I have used it a few times. Then I switched to a new project. I have some experience with CyberArk Identity.

What I like most about CyberArk Identity is the model that is in place. It is very good. It is the most powerful access management system. There is a lot of security - especially when you have to onboard and allow access for new users for the corporate and new applications. It's wonderful.

We saw results very quickly. I saw the power of identity management almost right away. It's one of the best in the industry. It competes very well against other solutions and Active Directory. It's very low cost in comparison to Microsoft solutions. 

We are using CyberArk Identity primarily for managing and handling privileged accounts, which provides us with secure access to resources. 

It secures privileged credentials and helps us centrally administer the security of accounts. Additionally, it records and helps view all sessions in one place for my Linux machines.

My role involved installing agents on Linux servers, specifically utilizing a single sign-on. This implementation streamlined access for Linux and Unix administrators, allowing them to log in to any server using a single password.

The solution helps with auditing, and monitoring, and integrates with Splunk for log analysis. User activity logs are captured in CyberArk Identity and sent to external tools like Splunk for analysis and monitoring.

It is integrated with tools like Splunk and Dynatrace for the analysis of risk behavior and user activity. The pushing teams receive automated reports to assess factors such as login times and server activity in the last 60 days. 

The licensing for IAM and PAM tools is based on headcount and usage. Users who are not actively utilizing the resources may have their access revoked. This approach helps manage budgeting and reduces the risk impact on the organization by implementing protocols to mitigate threats.

For CyberArk Identity, a typical scenario involves using it with a federation, like Active Directory or Azure AD, to manage user identities. Since CyberArk Identity is a SaaS offering (not installable on-premise), identity connectors bridge the gap between the customer's directory (Azure AD or Active Directory) and CyberArk Identity.

These connectors essentially synchronize the two systems. For example, disabling an account in the customer's directory (either Azure AD or Active Directory) automatically disables the corresponding account in CyberArk Identity if the identity connector is present.

However, if you manage accounts manually within CyberArk Identity, you don't necessarily need a connector. This specific connector is called the CyberArk Identity Connector.

We can manage user access and permissions through CyberArk Identity. To fully manage it, we need a connector and whatever changes we want to make to user access or entitlements, if we do it in the CyberArk Identity end, the same will reflect in the customer's AD (Active Directory) also if you have the Identity Connector.

We use CyberArk Identity for multiple applications, like, for a single sign-on across multiple applications.

Some customers use it for managing server privileges through the SaaS version. In this case, CyberArk Identity facilitates the connection by federating the customer's Active Directory or Azure AD with the CyberArk SaaS environment. However, they only utilize a few features of CyberArk Identity, not its full potential.

I like the RBAC (Role-Based Access Control). This feature is quite common in other identity tools as well. It basically involves defining various roles, and then simply assigning those roles to users.

That's the RBAC feature that I find most valuable for security.

Moreover, CyberArk Identity offers multi-factor authentication, but I haven't configured this feature yet. 

For instance, if the customer wants multi-factor authentication (MFA) or single sign-on (SSO), they usually prefer their own Azure MFA or Azure AD as a base or anything that is already integrated with their environment, so they don't have to subscribe to CyberArk SSO. But it's possible.

We use it to protect our login credentials within the computers and tablets that we provide to our team for field tasks.

Being able to integrate CyberArk Identity with Microsoft Defender is valuable. This integration feature is integral to maximizing the security benefits we get from the system.

I use the solution in my company for its vaults.

The features that I personally find most effective in terms of security stem from the fact that it is easy to integrate and also the adoption is faster.

CyberArk offers multiple products, including PAN, LRO for vendor remote access, and Identity. Some clients in the entertainment and tourism industry prefer using CyberArk Identity on the cloud as a Software as a Service (SaaS) solution. Their teams are typically small and prefer not to manage the infrastructure. They opt for this approach because they want to avoid investing significant time and money in larger products like SailPoint. However, it's important to note that such clients are relatively rare, with perhaps just one or two out of every hundred.

Regarding identity management, it's worth noting that onboarding users from various sources is a straightforward process with CyberArk SaaS. The user identification is simplified, and managing user privileges, whether adding or revoking them, is also quite straightforward when utilizing CyberArk SaaS.

On the PAM side, one of their notable strengths lies in safeguarding the keys and users for privileged accounts. They've implemented a robust security approach that is superior to many other solutions in terms of protecting privileged users and their keys.