Previously, the enterprise EPM was on-premises. Now, it has gone to the SaaS model. So, we have used CyberArk professional services, wherein CyberArk deployed all the agents into our different Unix machines. This deployment is currently underway. The policy changes and the reconfigurations part are pending. In the coming quarter, or by the end of it, the overall EPM deployment will be completed with this customer.
Technical Manager at Tech Mahindra Limited
Reliable with good testing and helpful notifications
Pros and Cons
- "The solution is scalable."
- "The installation process is pretty difficult."
What is our primary use case?
What is most valuable?
The kind of services they provide in the vaulting of both the password as well as the SSH keys in their Password Vault is great. The alert mechanism that they have is also provided by their different tools, called PTA, Privileged Threat Analytics. It's a key feature of CyberArk that they have provided.
Now they have also ventured into identity services, where they are also moving ahead from their legacy privileged access management to identity and access management. Therefore, apart from the core component, like the vault, you get privileged access management using the PSM and the password rotation through the CPMs.
There are other core features that they are working at. For example, they have introduced a new feature with a new core overall functionality using the DAP. DAP is a combination of AIM as well as Conjur. And then, you have got an HTML5 gateway with the flexibility to onboard some external partners for a limited period of time, depending upon their usage and availability. When they no longer need it, those aspects can be automatically removed, depending on the policies and approvals.
The solution is scalable.
It's stable and reliable.
What needs improvement?
A major factor for improvement would be the PAS, although they are improving on that part. Basically, the ease of installation and the configurations could be improved upon and are being adjusted. First of all, with a Windows machine, we have to follow very strict procedures for the installation of different components, specifically for Vault. And then you must just keep in mind all the policies that need to be there. In case there is any kind of limitation with respect to any kind of GPO policy being applied, then you have got different issues that you have to deal with it. You have to be very careful and intelligent. Otherwise, the whole platform might come down. They need to add more automation when it comes to onboarding and configurations so that the process is more practical.
The installation process is pretty difficult.
It's an expensive product.
For how long have I used the solution?
I'm well versed in the solution. I've used it for four years or so.
Buyer's Guide
CyberArk Endpoint Privilege Manager
November 2024
Learn what your peers think about CyberArk Endpoint Privilege Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable. I'd rate it eight out of ten in terms of reliability. It doesn't crash or freeze and there are no bugs or glitches.
What do I think about the scalability of the solution?
I'd rate the scalability from eight to nine out of ten. It can expand easily.
In our company, we have around 500 resources trained on the solution. It's deployed with various customers.
How are customer service and support?
We usually have support along with the licenses that we purchase. That way, whenever there is any kind of an issue that our technical team is not able to resolve the problem, we raise a ticket, and we have a call with the relevant support.
How would you rate customer service and support?
Neutral
How was the initial setup?
It's a bit difficult to install the solution. I'd rate it three out of ten in terms of ease of installation. I'd rate it just below really difficult. Prior to version 11, it was very difficult. The process has gotten better.
After the 9.6 version, they introduced their own CyberArk Cluster Manager, which eased out the cluster deployment, where we have to install the Microsoft Server Cluster. That was a difficult scenario beforehand, apart from the standalone one. So it has gotten easier.
How long the deployment takes depends on the environment you are working in. If you're doing a bare, fresh installation, which has the installation of the basic core component, it should not take more than two to a maximum of four hours.
What about the implementation team?
We have trained resources in-house and were able to deploy everything on our own without outside assistance.
What's my experience with pricing, setup cost, and licensing?
While the solution is excellent and highly rated on both Forrester and Gartner, it comes at a cost.
I can't speak to the cost of the exact license. However, the professional services for one eight-hour day would be $1,800.
What other advice do I have?
I'm on the Partner Portal. I'm Defender-certified and using CyberArk's various services for the installation as well as the managed services. I work with a system integrator.
I have not used the C3M Cloud Control, Enterprise Password Vault yet.
We have deployed to multiple customers.
With CyberArk, there are different certifications, including, Trustee, Defender, Sentry, CCD, and Guardian. Right now, we have around two hundred who are Guardian-certified and around 150 resources who are CCD-certified, CyberArk Certified Delivery Managers. The rest are the operational resources who are certified on Defender.
For those considering the solution, I'd advise them first to consider what their use case will be. However, CyberArk is a great deployment option and the first I'd recommend, depending on the budget.
Holistically, if you have a big enterprise, such as a financial enterprise or healthcare system, where you have got a vast amount of host machines with a combination of Windows, Unix, and your firewall, CyberArk would be the best-suited product that you should deploy in your enterprise to secure your endpoints.
I'd rate the solution nine out of ten. The core testing they perform is great. They also regularly release patches to help enhance security. The ease of communication with the customer is great, and the alerts and notifications they have on offer are very helpful.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Cyber Security Engineer at eprocessconsulting
Easy to manage, has an application whitelisting feature and a dashboard that shows you which software is suspicious, but there's no way to check credential theft from a text file
Pros and Cons
- "CyberArk Endpoint Privilege Manager is very easy to manage, which I like. The solution also has a dashboard where you can see which software is suspicious, which I find valuable."
- "CyberArk Endpoint Privilege Manager is a perfect solution, but CyberArk Endpoint Privilege Manager for Linux has many issues. Another area for improvement in CyberArk Endpoint Privilege Manager, specifically for Windows, is that there's no way for you to check credential theft from a text file, such as a notepad file."
What is our primary use case?
My primary use case for CyberArk Endpoint Privilege Manager is malware prevention. The solution enables malware detonation, which helps you solve ransomware problems. For example, suppose an unknown application comes into your environment, and you have installed a CyberArk Endpoint Privilege Manager agent. In that case, the solution will filter the unknown traffic from an unknown publisher and stop it from infiltrating. The solution dashboard also lets you know that specific software is suspicious. Still, it depends on the category, but malware prevention is one use case of CyberArk Endpoint Privilege Manager.
Classifying a trusted or whitelisted application is also a use case of the solution.
Another use case of CyberArk Endpoint Privilege Manager is stopping credential theft. For example, you have credential stores all around, whether you know it or not. You have credential stores in web browsers like Chrome and Microsoft Edge. The solution protects you against an attacker that has already gained access to your environment, an internal person that leverages your system and wants to go to your web browser, or probably there's a browser path attack where the person has access to your browser. He can check your credential store, but if CyberArk Endpoint Privilege Manager is in place, that situation will be prevented.
Just-In-Time Access is another use case of the solution. For example, there's no administrator privilege on the system, but let's say a database administrator or application administrator wants to use the credential. You can provide that person with Just-In-Time Access so he can use the credential for thirty minutes, then that credential expires once the time is up.
CyberArk Endpoint Privilege Manager also separates the privileges. For example, a team of application managers receives access to specific software that the network team can't access.
What is most valuable?
CyberArk Endpoint Privilege Manager is very easy to manage, which I like.
I also found credential detection the most valuable feature of the solution. For example, if I put a credential on my desktop and name the file administrator credential, and a person has access to my system and clicks the file under the history section of the system to steal the credential, CyberArk Endpoint Privilege Manager will flag that activity.
The solution also has a dashboard where you can see which software is suspicious, which I find valuable.
Other valuable features of CyberArk Endpoint Privilege Manager include application whitelisting and Just-In-Time Access.
What needs improvement?
CyberArk Endpoint Privilege Manager is a perfect solution, but CyberArk Endpoint Privilege Manager for Linux has many issues. One issue I observed while using it is that it needs to synchronize from an agent to a cloud because the agent does not update configurations or settings from the cloud. When I change some settings on the cloud, the changes don't synchronize into the system, and the policies won't come back unless I reinstall all the services. This is an area for improvement in CyberArk Endpoint Privilege Manager.
Another area for improvement in CyberArk Endpoint Privilege Manager, specifically for Windows, is that there's no way for you to check credential theft from a text file, such as a notepad file. Suppose I have a text file that contains passwords, for instance. In that case, I'm doing an application configuration that needs a password. CyberArk Endpoint Privilege Manager won't be able to help you locate that file, which means there's still an opportunity for an attacker to look into that text file and steal the passwords.
You can leverage the CyberArk Application Access Manager with CyberArk Endpoint Privilege Manager, but that aspect also needs improvement.
An additional feature I want to see in CyberArk Endpoint Privilege Manager is XDR, where you can trace how an attack can happen on an endpoint, how traffic was initiated, or if a person tried to access your computer and whether he was denied or allowed. CyberArk Endpoint Privilege Manager should be able to track such activities. The solution should allow you to see a specific event ID and use it to correlate whatever activity the malicious person was trying to do.
For how long have I used the solution?
I've been familiar with CyberArk Endpoint Privilege Manager for nearly two years, but I haven't been steadily working on it. For example, I've not worked with the solution for three months, then I'll work on it for two months, then I'll stop working with it again, but I'm very familiar with CyberArk Endpoint Privilege Manager.
I last worked with CyberArk Endpoint Privilege Manager three months ago.
What do I think about the stability of the solution?
CyberArk Endpoint Privilege Manager is stable, particularly for the Windows version, not the Linux version. The solution is an eight out of ten for me, stability-wise.
How are customer service and support?
I've contacted CyberArk Endpoint Privilege Manager technical support, and I'd rate support as seven out of ten.
Response time is three out of five.
Regarding how knowledgeable the level one support of CyberArk Endpoint Privilege Manager is, it always seems like the support person doesn't know what he's doing. I've already done what he was asking me to do. I'm not a CyberArk Endpoint Privilege Manager novice, so support is frustrating and a waste of time. Though the issue will be resolved eventually, CyberArk Endpoint Privilege Manager has already wasted my time, and that's uncool.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
CyberArk Endpoint Privilege Manager is the best solution. However, One Identity Safeguard is trying as a solution, and it has special features which make it almost equal to CyberArk Endpoint Privilege Manager. Still, CyberArk Endpoint Privilege Manager is the best.
CyberArk has been in the market for a long time and keeps improving. CyberArk Endpoint Privilege Manager has a hundred percent effectiveness against ransomware, which you can't get anywhere. The CyberArk team researched and knows the angle, the flaws, and the central point of attack. An attacker usually infiltrates or compromises your system by elevating the credentials or permissions and then leveraging that elevation to compromise the system. CyberArk Endpoint Privilege Manager removes User Access Control on the endpoint, so it takes away the attacker's means to elevate permissions, so CyberArk Endpoint Privilege Manager is simply the best.
How was the initial setup?
Setting up CyberArk Endpoint Privilege Manager was pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
CyberArk Endpoint Privilege Manager has a very high price, so it's a one out of ten for me in terms of pricing.
What other advice do I have?
I've used CyberArk Privileged Access Manager and One Identity Safeguard. I also have experience with CyberArk Endpoint Privilege Manager, One Identity Safeguard for Privileged Passwords, and One Identity Safeguard for Privileged Sessions.
CyberArk Endpoint Privilege Manager is cloud-based, but its agent is on-premises. The on-premise version is no longer supported, but it will still be supported if you're an old customer with an on-premise version. However, by 2024, CyberArk will no longer support the on-premises version of CyberArk Endpoint Privilege Manager.
Right now, there's no CyberArk Endpoint Privilege Manager within my company. I created quotes for customers to try the solution, but it's expensive. I just gathered my colleagues to simulate my use cases, and that's it.
What I'd tell others about CyberArk Endpoint Privilege Manager is that if you have the budget, you definitely should get it. The solution is excellent, and it's as if you're insured because CyberArk Endpoint Privilege Manager provides security. This is the advice I'd give anyone trying to implement CyberArk Endpoint Privilege Manager.
I'm rating the solution as seven out of ten because there's room for improvement in the Linux version, and the pricing needs to be more flexible.
My company is a CyberArk partner.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
CyberArk Endpoint Privilege Manager
November 2024
Learn what your peers think about CyberArk Endpoint Privilege Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Cybersecurity Architecture Manager at Data Warden
Easy to deploy and great for blacklisting and whitelisting
Pros and Cons
- "Users can scale the solution."
- "It is hard to deal with technical support if you are not certified."
What is our primary use case?
Inside we have a lot of applications, including three or four critical applications. With this application, remote users cannot run another application if you do not grant access to these applications. For example, if you want users to use Word or PowerPoint, you can allow usage of those and block usage of other things. If you want to run one application and you need to get permission, you send a ticket to ask for authorization to use it. That way, the company can control the access of every user.
What is most valuable?
I like that we have the power to blacklist, whitelist, and greylist applications.
It is really easy to deploy.
The solution is mostly stable.
Users can scale the solution.
What needs improvement?
We'd like the solution to work with AIX operating systems and custom distributions like Linux.
We would prefer increased stability.
It is hard to deal with technical support if you are not certified.
For how long have I used the solution?
I've been using the solution for one year.
What do I think about the stability of the solution?
More or less, the solution is stable. About three weeks ago, we witnessed latency with the solution. It could be a bit more stable.
What do I think about the scalability of the solution?
If you want to deploy some agents, you can buy more licenses for the solution. It's a service only. You can add another agent. With ease and scale as you like.
We have about 100 users on the product right now.
At this time, we will not increase usage.
How are customer service and support?
If you do not have certification, you cannot send a ticket. This makes dealing with technical support difficult.
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
How was the initial setup?
You can implement this product on-premise. With the next-generation versions, you can just download an agent and deploy it on your machines. It really is easy to deploy.
We have three people on staff that are capable of managing the solution as needed.
What about the implementation team?
We had a consultant assist us with the implementation process.
What was our ROI?
We have seen an ROI of around $10,000 so far.
What's my experience with pricing, setup cost, and licensing?
We pay about $17 per user.
Which other solutions did I evaluate?
I'm not aware of any other similar solutions and did not evaluate any others.
What other advice do I have?
This is a SaaS solution.
If you don't have a solution that you can deploy a massive agent to, it isn't easy to implement individually.
I'd rate the solution nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Consultant at a consultancy with 51-200 employees
Highly scalable, excellent interface, and helpful documentation
Pros and Cons
- "The most valuable features of CyberArk Endpoint Privilege Manager are password management, session management, onboarding rules, platform customization, and safety management."
- "The price of the solution should improve."
What is our primary use case?
CyberArk Endpoint Privilege Manager can be deployed across all platforms, such as AWS, GCP, and Ali Baba.
The solution is used for management, multi-site failover, satellite vaulting, distributed architecture, custom CPM, PSM deployment, custom CCP, and CCP deployment.
What is most valuable?
The most valuable features of CyberArk Endpoint Privilege Manager are password management, session management, onboarding rules, platform customization, and safety management.
CyberArk Endpoint Privilege Manager was presently revised, which included a new interface, rebranding, improve documentation, and an excellent user panel that supports multiple integrations.
What needs improvement?
The price of the solution should improve.
For how long have I used the solution?
I have been using CyberArk Endpoint Privilege Manager for approximately three years.
What do I think about the stability of the solution?
The stability of CyberArk Endpoint Privilege Manager is excellent. It has an uptime of 99.99 percent.
What do I think about the scalability of the solution?
My clients have scaled CyberArk Endpoint Privilege Manager. They have a distributed architecture and satellite vaulting, which allows scalability to be flexible.
I rate the scalability of CyberArk Endpoint Privilege Manager five out of five.
We have approximately 30 people using the solution.
How are customer service and support?
The support from CyberArk Endpoint Privilege Manager is excellent. We have good support in our SLAs, it is for five days.
Which solution did I use previously and why did I switch?
I work with the competitor of CyberArk Endpoint Privilege Manager, Beyond Trust. If I was to change something it wouldn't be CyberArk Endpoint Privilege Manager, it would just be Beyond Trust. There's a reason why there are features in CyberArk Endpoint Privilege Manager, it works in CyberArk Endpoint Privilege Manager. The same goes with Beyond Trust, there are features that only work in Beyond Trust and wouldn't work in CyberArk Endpoint Privilege Manager. For example, the introduction of smart rules, wouldn't make sense because CyberArk Endpoint Privilege Manager, doesn't work with smart rules.
How was the initial setup?
I rate the initial setup of CyberArk Endpoint Privilege Manager as straightforward. However, I use the solution every day. The process of implementation took approximately one day.
The implementation strategy was reviewing architecture, deploying architecture, installing components, deploying components, configuring components, onboarding accounts, managing accounts, configuring platforms, managing platforms, configuring safes, and onboarding safes.
We had a company-wide deployment of this solution.
What about the implementation team?
We did the implementation of the solution in-house, but the SaaS-based part of the solution is done by the vendor. We had approximately five people who did the implementation.
What's my experience with pricing, setup cost, and licensing?
The price of CyberArk Endpoint Privilege Manager is expensive. The solution is priced based on the number of accounts onboarded and the number of concurrent sessions. Everyone else is included in the price, such as support.
I rate the price of CyberArk Endpoint Privilege Manager a one out of five.
What other advice do I have?
I rate CyberArk Endpoint Privilege Manager an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Enterprise Architect at a tech services company with 11-50 employees
Supports dynamically-generated keys, it's stable, and has automatic lifecylce management
Pros and Cons
- "The most valuable feature is that it does lifecycle management and that it will change to whatever the end target is."
- "It's an old product and has many areas that can be improved."
What is our primary use case?
Because we are dealing with personal health information, we have had to setup up a security broker for admin access in and out of the accounts.
They wanted to have a break-glass solution in case there was a problem with the multi-factor authentication or any other issues.
We chose to use CyberArk for their failover abilities. If the Multi-factor authentication fails then you can still log in and it has a second factor that authenticates.
It gives them the break glass option that they needed.
What is most valuable?
The most valuable feature is that it does lifecycle management and that it will change to whatever the end target is. For example, you can go into Azure AD, a backup directory, or a set of Google cloud platforms.
It will do lifecycle management on the keys. It makes it so that you won't have to ever have a standard key.
It's generating dynamically keys and you can enforce policy easier.
As you start adjusting your key lengths and everything further, you can adjust them all in a single day.
What needs improvement?
It's an old product and has many areas that can be improved.
They are having to purchase Centrify to get a Linux client session that is authenticated against Active Directory.
If you wanted to log in and use your ID credentials into Linux boxes, the solution that worked was not CyberArk, it was Centrify. They had to purchase two different products to do the same thing.
The interface is not great, but good.
In the next release, I would like to see a Linux Client added.
For how long have I used the solution?
I have been using CyberArk Endpoint Privilege Manager, since the early 2000s.
We are using the latest version.
What do I think about the stability of the solution?
It's a stable solution.
What do I think about the scalability of the solution?
CyberArk Endpoint Privilege Management is scalable.
We have 1200 users in our organization.
How are customer service and technical support?
Technical support is fine, they are better than what they used to be.
How was the initial setup?
The initial setup is complex because you are dealing with federated credentials across multiple authentication protocols.
What about the implementation team?
We did not use a vendor or reseller. I am there as a consultant.
What's my experience with pricing, setup cost, and licensing?
I think that it was in the range of $200,000 that had to get approved. That may have been for the whole three to five years for the project length.
What other advice do I have?
I basically am trying to drive their digital transformation and do the overall build a mass data network for their data strategy. Building out different APIs and different things.
Building out a blockchain security framework to allow HIPAA compliance where you can go in at the portability of their data to pull in and out without creating an issue with the payers.
I would recommend this solution depending on what the business needs are. I'm a big proponent for keeping things simple and trying to avoid unneeded complexity.
The company demanded certain things and only wanted to do it one way, and the way they wanted to do is what we got stuck with.
The API mobilities are there, they exist and they are okay, but as a framework and in total is worrisome because it's not a stateless application.
It doesn't appear to be moving forward. It's still a type of software-oriented architecture instead of moving to microservices, where it could be stateless. If it were stateless, and it failed during a password change, you would see it as a failure and go back to the original password.
I think that they have a lot of work to do to get there.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at SNSIN
Along with good efficiency and reliability, it also offers great performance
Pros and Cons
- "The most valuable feature of the solution is its performance."
- "The price of the product is an area of concern where improvements are required. The product's price should be made more flexible."
What is our primary use case?
I use the solution in my company since its PAM features are used for privileged accounts.
What is most valuable?
The most valuable feature of the solution is its performance. I would describe it as a seamless solution.
What needs improvement?
The price of the product is an area of concern where improvements are required. The product's price should be made more flexible.
The tool's UI could be better and more user-friendly.
For how long have I used the solution?
I have been using CyberArk Endpoint Privilege Manager for a year. My company has a partnership with CyberArk.
What do I think about the stability of the solution?
Stability-wise, I rate the solution an eight out of ten.
What do I think about the scalability of the solution?
Scalability is fine since many people can use it even with a minimum number of licenses.
Around five people in my company use the tool.
How are customer service and support?
My company has not contacted the product's technical support since our internal team took care of the deployment process.
How was the initial setup?
The product's initial setup phase is fine. The on-premises architecture is a bit tough.
The product's deployment phase focuses on consolidating everything in a single platform.
Around two people are required to deploy and maintain the product.
What was our ROI?
The value or the benefits derived from the use of the product revolve around the fact that it is a reliable tool. Though it may come across as a complex product, its customers can rely on its efficiency.
What's my experience with pricing, setup cost, and licensing?
The product's license is easy to procure.
What other advice do I have?
I am aware of CyberArk's PAM part and CyberArk Identity.
I find the solution to be more effective since it is better than its competitors. The brand value offered by the product is very good.
There are no application control capabilities offered by the tool, but I know that enforcing privilege access control is pretty fast.
The product is reliable and stable. The solution's brand value is good. The solution is better than the products offered by its competitors.
My company is aware of the fact that CyberArk offers integration with other security tools in the market, but we have not dealt with such a complex implementation yet.
I rate the tool an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Apr 30, 2024
Flag as inappropriateSecurity Engineer at DIL
A strong part of our zero-trust architecture that makes it easy to manage privileged access
Pros and Cons
- "The password rotation and the session recording are the most valuable features."
- "One area that has room for improvement is in managing the credentials for network devices."
How has it helped my organization?
The solution reduces the stress of managing privileged accounts that log into servers and network devices. We're also looking to onboard service accounts, and the solution takes care of the rotation while meeting the password policy and auditing and recording user sessions. The solution manages privilege sessions. The solution is also part of a zero-trust architecture where we see what admin users do on the servers.
What is most valuable?
The password rotation and the session recording are the most valuable features. Likewise, password management for service accounts is a very nice feature.
What needs improvement?
One area that has room for improvement is in managing the credentials for network devices. The solution works fine for servers running Windows 10, but it's not very functional or smooth in operation for servers running Linux and Unix operating systems. There could also be some improvement in integrating with a number of solutions. Though CyberArk keeps developing, improving, or increasing its integrations with other solutions, it could do better.
I would also like the initial setup to be easier because we have to engage the services of a partner when setting up the solution. Moreover, the documentation for setup is restricted to partners only. You can get training on the administration of the solution, but the setup and getting some support documents are reserved for partners only. If there were a better way to get this information out there or to make it more accessible, that would reduce the complexity of setting up the solution.
For how long have I used the solution?
We've worked with this solution for three years.
What do I think about the stability of the solution?
I rate the solution's stability an eight out of ten.
What do I think about the scalability of the solution?
The solution is highly valuable, but it depends on the license. To scale the architecture, you can just increase your resources. I rate the solution's scalability an eight out of ten. I have about 50 users for this solution, using it 24/7.
How are customer service and support?
CyberArk's technical support can be very prompt, and I am satisfied with their services.
How would you rate customer service and support?
Positive
How was the initial setup?
I rate the initial setup a five out of ten. The solution was not so easy to set up. It has several components with communication between them and server hardening, so the setup is not exactly easy. But there is straightforward documentation, so we can work with that. However, that is reserved for partners.
All conditions being equal, it takes three weeks to deploy the solution. But it took longer for us because there were some constraints within the environment, so it took three weeks to one month.
When deploying the solution, we had to evaluate our environment, get all our privileged accounts, and decide on the architecture we wanted to go with. Since we deployed the solution on-premises, we had to provision servers for different components of the solution before installing each component on the servers and then installing the vault.
What about the implementation team?
Right now, as an individual, I can't just say I'm getting CyberArk and setting it up myself. I need to get the services of a partner. A lot of the documentation is reserved for partners.
We needed two people to deploy the solution, and we currently just need one admin for maintenance. We would need two for a larger business.
What's my experience with pricing, setup cost, and licensing?
I rate the solution's pricing an eight out of ten since the price can be too high for smaller businesses. There is an annual support license that needs to be purchased additionally.
What other advice do I have?
It's a great solution and is really functional. It's not a solution that covers a lot of needs. It has a niche area, and they do excellently with that. I recommend CyberArk Endpoint Privilege Manager and rate it a nine out of ten.
I'm still trying to maximize and explore the solution's capabilities. It does quite a lot, but I have not been able to utilize the solution that well. It takes time for users to accept changes and get used to the solution.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr. PAM Consultant at a tech vendor with 11-50 employees
Helps us secure our endpoints and prevent attacks, but it can be improved by allowing computers to be excluded from policies.
Pros and Cons
- "You can use it to strip users of their local admin rights and, at the same time, elevate applications for them."
- "Can be improved by allowing computers to be excluded from policies."
How has it helped my organization?
By securing our endpoints, we are preventing attackers from using the domain accounts we have that are administrative accounts. For example, your credentials are cached when you log into a Windows computer, so attackers look out for those, and if it's an admin account, it will be what they need. Another good thing about this product is that even if you have a local account, you can provision that account so that the password is unique on all computers. So if you have their account credentials on a single computer, it doesn't mean you can use that same account and password to log into another computer or workstation. It also prevents using any accounts to jump from one host to another or move laterally, which is another important one for us.
What is most valuable?
All of the features are valuable. They control applications for users, like preventing users from elevating applications. You can use it to strip users of their local admin rights and, at the same time, elevate applications for them and give them access to elevated applications. Hence, administrative rights are unavailable for domain accounts which are the juicy ones for attackers because they can use them to move laterally from one host to another. Therefore, attackers can no longer strip a user's near right, but at the same time, they can elevate the user from access to the application and do their jobs without having issues elevating applications.
What needs improvement?
The solution can be improved by allowing computers or users to be excluded from policies because we currently can't do that. If you roll out an approach, you can target computers and users and can't exclude end users when targeting computers. So, for example, say you want to exclude administrators from a policy it will apply to everybody.
For how long have I used the solution?
We have been using this solution for approximately one year and are currently using the latest version.
What do I think about the stability of the solution?
The solution is stable and reliable, depending on the client's use case.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
I rate customer service and support seven out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
The implementation would be complex for someone who doesn't understand how to implement it overall. Additionally, the use case determines the complexity. I rate the complexity an eight out of ten, with ten being the easiest.
The time involved in deployment depends on the use cases, the size of the organization and the number of workstations and users they have. For smaller organizations, if you have less than a hundred computers, it depends on your use cases. If the use cases are few, they can be deployed in a day or two, and policies can be rolled out to the workstations. On the other hand, organizations could take up to six months or a year to deploy.
What other advice do I have?
I rate the solution seven out of ten. The solution is good but can be improved by allowing computers to be excluded from policies. I advise customers considering this solution to asses their use cases and try to talk to the three leading vendors at Delinea, CyberArk and Beyond Trust and find out if they can meet the requirements of their use cases before deciding.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free CyberArk Endpoint Privilege Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Privileged Access Management (PAM) Endpoint Compliance Anti-Malware Tools Application Control Ransomware ProtectionPopular Comparisons
CyberArk Privileged Access Manager
Delinea Secret Server
BeyondTrust Endpoint Privilege Management
WALLIX Bastion
One Identity Safeguard
ManageEngine PAM360
ThreatLocker Elevation Control
Buyer's Guide
Download our free CyberArk Endpoint Privilege Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Privileged Identity Management, what aspect do you think is the most important to look for?
- Which is the best Privileged Account Management solution?
- What are the top 5 PAM solutions that can be implemented which cover both hybrid and cloud?
- What are the top 5 PAM solutions?
- How will AI and ML help or work with PIM/PAM?
- Is BeyondTrust Endpoint Privilege Management really expensive compared to other tools or software?
- What is the difference between PAM and PAS?
- What is the difference between IDAM , PIM and PAM?
- Which PAM tool do you prefer: CyberArk Privileged Access Manager, One Identity Safeguard, Delinea Secret Server, or BeyondTrust Privileged Remote A
- What is the best approach to limiting privileges for administrators?