CyberArk Endpoint Privilege Manager Reviews

CyberArk Endpoint Privilege Manager can be deployed across all platforms, such as AWS, GCP, and Ali Baba. 

The solution is used for management, multi-site failover, satellite vaulting, distributed architecture, custom CPM, PSM deployment, custom CCP, and CCP deployment.

The most valuable features of CyberArk Endpoint Privilege Manager are password management, session management, onboarding rules, platform customization, and safety management.

CyberArk Endpoint Privilege Manager was presently revised, which included a new interface, rebranding, improve documentation, and an excellent user panel that supports multiple integrations.

The price of the solution should improve.

I have been using CyberArk Endpoint Privilege Manager for approximately three years.

The stability of CyberArk Endpoint Privilege Manager is excellent. It has an uptime of 99.99 percent.

My clients have scaled CyberArk Endpoint Privilege Manager. They have a distributed architecture and satellite vaulting, which allows scalability to be flexible.

I rate the scalability of CyberArk Endpoint Privilege Manager five out of five.

We have approximately 30 people using the solution.

The support from CyberArk Endpoint Privilege Manager is excellent. We have good support in our SLAs, it is for five days.

I work with the competitor of CyberArk Endpoint Privilege Manager, Beyond Trust. If I was to change something it wouldn't be CyberArk Endpoint Privilege Manager, it would just be Beyond Trust. There's a reason why there are features in CyberArk Endpoint Privilege Manager, it works in CyberArk Endpoint Privilege Manager. The same goes with Beyond Trust, there are features that only work in Beyond Trust and wouldn't work in CyberArk Endpoint Privilege Manager. For example, the introduction of smart rules, wouldn't make sense because CyberArk Endpoint Privilege Manager,  doesn't work with smart rules.

I rate the initial setup of CyberArk Endpoint Privilege Manager as straightforward. However, I use the solution every day. The process of implementation took approximately one day.

The implementation strategy was reviewing architecture, deploying architecture, installing components, deploying components, configuring components, onboarding accounts, managing accounts, configuring platforms, managing platforms, configuring safes, and onboarding safes. 

We had a company-wide deployment of this solution.

We did the implementation of the solution in-house, but the SaaS-based part of the solution is done by the vendor. We had approximately five people who did the implementation.

The price of CyberArk Endpoint Privilege Manager is expensive. The solution is priced based on the number of accounts onboarded and the number of concurrent sessions. Everyone else is included in the price, such as support.

I rate the price of CyberArk Endpoint Privilege Manager a one out of five.

I rate CyberArk Endpoint Privilege Manager an eight out of ten.

I use the solution in my company since its PAM features are used for privileged accounts.

The most valuable feature of the solution is its performance. I would describe it as a seamless solution.

The price of the product is an area of concern where improvements are required. The product's price should be made more flexible.

The tool's UI could be better and more user-friendly.

I have been using CyberArk Endpoint Privilege Manager for a year. My company has a partnership with CyberArk.

Stability-wise, I rate the solution an eight out of ten.

Scalability is fine since many people can use it even with a minimum number of licenses.

Around five people in my company use the tool.

My company has not contacted the product's technical support since our internal team took care of the deployment process.

The product's initial setup phase is fine. The on-premises architecture is a bit tough.

The product's deployment phase focuses on consolidating everything in a single platform.

Around two people are required to deploy and maintain the product.

The value or the benefits derived from the use of the product revolve around the fact that it is a reliable tool. Though it may come across as a complex product, its customers can rely on its efficiency.

The product's license is easy to procure.

I am aware of CyberArk's PAM part and CyberArk Identity.

I find the solution to be more effective since it is better than its competitors. The brand value offered by the product is very good.

There are no application control capabilities offered by the tool, but I know that enforcing privilege access control is pretty fast.

The product is reliable and stable. The solution's brand value is good. The solution is better than the products offered by its competitors.

My company is aware of the fact that CyberArk offers integration with other security tools in the market, but we have not dealt with such a complex implementation yet.

I rate the tool an eight out of ten.

I'm using it in my company. It helps us manage our endpoints and keep things secure.

The solution is doing what we expect it to do. 

It integrates well with our CI/CD pipeline and Amazon Cloud, which is useful.

We can do both server and endpoint protection. 

It's a stable product. 

The interface has been fine.

It is scalable. 

Technical support is helpful and responsive.

We've sent requests to CyberArk for improvement. We've had issues around migration surrounding legacy to cloud ADs. The implementation process wasn't as straightforward as we had hoped. 

They need much better integration with Azure AD. 

It is expensive; however, it does offer good value compared to the competition. 

I've been using the solution since 2020. 

It is stable. There are no bugs or glitches. I've found the solution to be reliable. It doesn't crash or freeze. 

It's scalable. We can extend the product very easily.

It's great for enterprises.

Technical support is very good. They are helpful. We have no complaints about the level of support we receive.  

We did not use any other solution. 

The initial setup was difficult. We had trouble with legacy migrations and Azure AD. 

The deployment took two years across two phases.

They are not the cheapest. However, what they provide, compared to competitors, it is reasonable. 

We evaluated a different option previously and decided not to go ahead. We went with this solution instead. 

Just make sure all applications and services that need to be migrated can move over. A lot of planning is required.

I'd rate the solution eight out of ten. 

Inside we have a lot of applications, including three or four critical applications. With this application, remote users cannot run another application if you do not grant access to these applications. For example, if you want users to use Word or PowerPoint, you can allow usage of those and block usage of other things. If you want to run one application and you need to get permission, you send a ticket to ask for authorization to use it. That way, the company can control the access of every user.

I like that we have the power to blacklist, whitelist, and greylist applications.

It is really easy to deploy.

The solution is mostly stable. 

Users can scale the solution. 

We'd like the solution to work with AIX operating systems and custom distributions like Linux. 

We would prefer increased stability.

It is hard to deal with technical support if you are not certified. 

I've been using the solution for one year.

More or less, the solution is stable. About three weeks ago, we witnessed latency with the solution. It could be a bit more stable. 

If you want to deploy some agents, you can buy more licenses for the solution. It's a service only. You can add another agent. With ease and scale as you like.

We have about 100 users on the product right now.  

At this time, we will not increase usage. 

If you do not have certification, you cannot send a ticket. This makes dealing with technical support difficult. 

I did not previously use a different solution. 

You can implement this product on-premise. With the next-generation versions, you can just download an agent and deploy it on your machines. It really is easy to deploy.

We have three people on staff that are capable of managing the solution as needed. 

We had a consultant assist us with the implementation process. 

We have seen an ROI of around $10,000 so far.

We pay about $17 per user.

I'm not aware of any other similar solutions and did not evaluate any others. 

This is a SaaS solution. 

If you don't have a solution that you can deploy a massive agent to, it isn't easy to implement individually. 

I'd rate the solution nine out of ten.

What sets CyberArk apart is its continuous innovation, staying ahead of the competition. It not only offers integrated solutions but also expands its capabilities through strategic acquisitions.

In terms of improvement, CyberArk Endpoint Privilege Manager can be better by making its UI more consistent. Right now, there is a mix of a new, user-friendly look and an older interface with some functions. This mix can confuse users and affect how smoothly everything works together. Making the interface more uniform would make things easier and more efficient for everyone.

I have been using CyberArk Endpoint Privilege Manager for almost five years.

I would rate the stability of the solution as a nine out of ten.

The solution is highly scalable. I would rate the scalability as a nine out of ten.

I would give CyberArk's tech support a nine out of ten. They have made it so only certified experts can raise support tickets, ensuring that the person seeking help knows the product. This often leads to quicker problem-solving. While I haven't needed support much, others say CyberArk is responsive, even handling custom requests overnight in some cases. Overall, their support is solid.

Positive

Setting up CyberArk Endpoint Privilege Manager was challenging for me due to the involvement of multiple components. The process required a good understanding of each component and its configuration. It is not a straightforward setup, and familiarity with the system is crucial to ensure everything is correctly configured. I would rate the easiness of the initial setup as a six out of ten. The deployment of CyberArk Endpoint Privilege Manager takes about a day. It is not as quick as some Linux, which can be up and running in just a couple of hours. CyberArk's deployment is more complex due to the various components that need to be set up and validated to ensure they work together seamlessly. Once the deployment is complete, you can then proceed with tasks like account onboarding.

The investment in CyberArk is worthwhile. It significantly elevates security measures, reducing the vulnerability to breaches.

CyberArk is mostly used by big companies, especially in finance and banking. It is not really for small businesses because the investment is quite large. I have seen cases where substantial discounts were given, but that is usually for big enterprises. CyberArk has extra costs for professional services on top of the standard fee. These services are a bit pricey, and unlike some competitors, CyberArk doesn't focus heavily on them. While helpful, be prepared for an additional expense if you opt for these services. I would give it an eight out of ten in terms of costliness.

Overall, I would rate CyberArk Endpoint Privilege Manager as an eight out of ten.

We use the solution for cyber security to block unwanted things and ensure endpoint security. We also use the solution to collect user analytics.

Based on a customer's requirements, the solution allows me to give access and privileges to each user individually. CyberArk also allows granular blocking permissions.

CyberArk has better features than other vendors' products, such as a password vault.

CyberArk has some performance issues. For example, servers could not handle the solution when we first took CyberArk Endpoint Privilege Manager.

But to solve the problem, I first examine why the services take so much time to install. After that, I look at where we start the services. After that, if we need any patches there, I'll contact CyberArk.

It would be good if, based on an analysis of the user behavior from the logs we collect, we can see if a user has been accessing some other things. We need better reporting tools for those use cases.

I have worked with this solution for three years.

CyberArk's technical support is great. They immediately give support to everybody.

Positive

I've used Arcon User Behavior Analytics. And with endpoint security, we have used ManageEngine Endpoint Security. CyberArk's advantage over its competitors is its granular access. You can give specific access.

However, we work with all the solutions and provide one or the other based on what the customer requires. We will make a POC accordingly.

The solution's implementation process is a bit complex compared to other products. But every product has some challenges based on the customer's environment. However, we don't face any challenges because we understand the customer's environment and assess the scope of work.

As for difficulties we face while deploying CyberArk PAM, sometimes the agent won't install on the client's server. But if I report that to CyberArk, they give the required patches, and the solution works fine.

The time we take to deploy CyberArk PAM is based on the number of endpoints. If we have about 200 users, it takes two or three weeks to deploy.

We usually need two or three people to deploy the solution. One will be L2, and the other will be L1.

The solution's pricing is reasonable compared to other vendors' products.

I rate CyberArk Endpoint Privilege Manager an eight out of ten.

Our customers mainly use CyberArk EPM to remove admin privileges from end-user systems, especially for developers and IT people who need admin rights on their desktops. It resolves this issue by only giving admin rights for specific use cases and applications rather than full admin rights for the whole system. This keeps users happy while maintaining security.

Additionally, the tool provides insight into what software users use, has threat detection mechanisms to prevent credential harvesting, and offers proactive monitoring.

The main industries using CyberArk EPM are IT-enabled services and software development companies—mostly technology companies where users typically need full admin rights. The manufacturing and banking industries already tend to have more controlled environments, so they use them less.

The biggest benefit of CyberArk EPM for our customers is control over privileged access for endpoints. Endpoints are often the starting point for attackers to enter and move within a network. CyberArk EPM bridges the gap between security and operations teams. Operations teams are happy because work isn't stopped due to admin rights issues, while security teams are satisfied that full admin rights aren't given to all users.

The threat detection capability impacts security posture. Many web browsers and WinSCP applications can save passwords, but not always securely. Attackers could potentially tamper with and harvest these credentials. CyberArk EPM protects against this by continuously monitoring and blocking access attempts to these stored credentials, such as those in browser caches. This prevents malware or attackers from accessing these vulnerable credential stores.

My recommendation for improvement is to add functionality for when users request access to an application. There's a pop-up UI, but it's not very customizable. I suggest creating a UI where we can write scripts or use SDKs to enhance it. This could automatically create tickets in a system like ServiceNow when users request an application. If a manager approves, we could automatically push policies to those users.

CyberArk EPM is very stable stability-wise. Though the network is unavailable, policies still work from the offline cache. The agent uses a small memory footprint and doesn't crash much. I'd rate stability as eight out of ten.

I'd also rate the solution an eight out of ten for scalability. Because it is cloud-based, customers don't have to worry about capacity.

It's difficult to get support, especially for issues affecting only one or two users. CyberArk support mainly focuses on priority one tickets, which affect all users. Support needs improvement in terms of easier access and quality. Generating and uploading logs takes a lot of time, and the process moves through different levels in the organization.

Neutral

There are challenges during the implementation of CyberArk EPM. It's a phased process. First, we install the agent on all endpoint computers. Then, we monitor what applications users use and which request admin rights. The tool generates reports on this. We work with the security team to create policies based on these reports. These policies define which applications users can have elevated admin rights and which ones to block. We then push these policies to the users. New application requests come in over time. The main challenge isn't the product itself but working with multiple teams. We need to understand different kinds of software and end-user systems to create the right policies. So, the hardest part is coordinating with various teams.

Setting up the solution is very easy. It's cloud-based, so it's already set up in the cloud. Customers need to buy licenses and use them. I'd rate the setup difficulty as eight out of ten, with ten being easy.

The tool's pricing is reasonable for customers.

I advise those who want to use CyberArk EPM to get a good consultant. They need to analyze their environment and generate reports. There should be many whiteboarding sessions and discussions to develop steps for policy creation. A lot of paperwork needs to be done before starting to use it. Overall, I'd rate CyberArk EPM as nine out of ten. It's a very good product.

By securing our endpoints, we are preventing attackers from using the domain accounts we have that are administrative accounts. For example, your credentials are cached when you log into a Windows computer, so attackers look out for those, and if it's an admin account, it will be what they need. Another good thing about this product is that even if you have a local account, you can provision that account so that the password is unique on all computers. So if you have their account credentials on a single computer, it doesn't mean you can use that same account and password to log into another computer or workstation. It also prevents using any accounts to jump from one host to another or move laterally, which is another important one for us.

All of the features are valuable. They control applications for users, like preventing users from elevating applications. You can use it to strip users of their local admin rights and, at the same time, elevate applications for them and give them access to elevated applications. Hence, administrative rights are unavailable for domain accounts which are the juicy ones for attackers because they can use them to move laterally from one host to another. Therefore, attackers can no longer strip a user's near right, but at the same time, they can elevate the user from access to the application and do their jobs without having issues elevating applications.

The solution can be improved by allowing computers or users to be excluded from policies because we currently can't do that. If you roll out an approach, you can target computers and users and can't exclude end users when targeting computers. So, for example, say you want to exclude administrators from a policy it will apply to everybody.

We have been using this solution for approximately one year and are currently using the latest version.

The solution is stable and reliable, depending on the client's use case.

The solution is scalable.

I rate customer service and support seven out of ten.

Neutral

The implementation would be complex for someone who doesn't understand how to implement it overall. Additionally, the use case determines the complexity. I rate the complexity an eight out of ten, with ten being the easiest.

The time involved in deployment depends on the use cases, the size of the organization and the number of workstations and users they have. For smaller organizations, if you have less than a hundred computers, it depends on your use cases. If the use cases are few, they can be deployed in a day or two, and policies can be rolled out to the workstations. On the other hand, organizations could take up to six months or a year to deploy.

I rate the solution seven out of ten. The solution is good but can be improved by allowing computers to be excluded from policies. I advise customers considering this solution to asses their use cases and try to talk to the three leading vendors at Delinea, CyberArk and Beyond Trust and find out if they can meet the requirements of their use cases before deciding.