CyberArk Endpoint Privilege Manager Reviews

CyberArk Endpoint Privilege Manager can be deployed across all platforms, such as AWS, GCP, and Ali Baba. 

The solution is used for management, multi-site failover, satellite vaulting, distributed architecture, custom CPM, PSM deployment, custom CCP, and CCP deployment.

The most valuable features of CyberArk Endpoint Privilege Manager are password management, session management, onboarding rules, platform customization, and safety management.

CyberArk Endpoint Privilege Manager was presently revised, which included a new interface, rebranding, improve documentation, and an excellent user panel that supports multiple integrations.

The price of the solution should improve.

I have been using CyberArk Endpoint Privilege Manager for approximately three years.

The stability of CyberArk Endpoint Privilege Manager is excellent. It has an uptime of 99.99 percent.

My clients have scaled CyberArk Endpoint Privilege Manager. They have a distributed architecture and satellite vaulting, which allows scalability to be flexible.

I rate the scalability of CyberArk Endpoint Privilege Manager five out of five.

We have approximately 30 people using the solution.

The support from CyberArk Endpoint Privilege Manager is excellent. We have good support in our SLAs, it is for five days.

I work with the competitor of CyberArk Endpoint Privilege Manager, Beyond Trust. If I was to change something it wouldn't be CyberArk Endpoint Privilege Manager, it would just be Beyond Trust. There's a reason why there are features in CyberArk Endpoint Privilege Manager, it works in CyberArk Endpoint Privilege Manager. The same goes with Beyond Trust, there are features that only work in Beyond Trust and wouldn't work in CyberArk Endpoint Privilege Manager. For example, the introduction of smart rules, wouldn't make sense because CyberArk Endpoint Privilege Manager,  doesn't work with smart rules.

I rate the initial setup of CyberArk Endpoint Privilege Manager as straightforward. However, I use the solution every day. The process of implementation took approximately one day.

The implementation strategy was reviewing architecture, deploying architecture, installing components, deploying components, configuring components, onboarding accounts, managing accounts, configuring platforms, managing platforms, configuring safes, and onboarding safes. 

We had a company-wide deployment of this solution.

We did the implementation of the solution in-house, but the SaaS-based part of the solution is done by the vendor. We had approximately five people who did the implementation.

The price of CyberArk Endpoint Privilege Manager is expensive. The solution is priced based on the number of accounts onboarded and the number of concurrent sessions. Everyone else is included in the price, such as support.

I rate the price of CyberArk Endpoint Privilege Manager a one out of five.

I rate CyberArk Endpoint Privilege Manager an eight out of ten.

We use the solution for cyber security to block unwanted things and ensure endpoint security. We also use the solution to collect user analytics.

Based on a customer's requirements, the solution allows me to give access and privileges to each user individually. CyberArk also allows granular blocking permissions.

CyberArk has better features than other vendors' products, such as a password vault.

CyberArk has some performance issues. For example, servers could not handle the solution when we first took CyberArk Endpoint Privilege Manager.

But to solve the problem, I first examine why the services take so much time to install. After that, I look at where we start the services. After that, if we need any patches there, I'll contact CyberArk.

It would be good if, based on an analysis of the user behavior from the logs we collect, we can see if a user has been accessing some other things. We need better reporting tools for those use cases.

I have worked with this solution for three years.

CyberArk's technical support is great. They immediately give support to everybody.

Positive

I've used Arcon User Behavior Analytics. And with endpoint security, we have used ManageEngine Endpoint Security. CyberArk's advantage over its competitors is its granular access. You can give specific access.

However, we work with all the solutions and provide one or the other based on what the customer requires. We will make a POC accordingly.

The solution's implementation process is a bit complex compared to other products. But every product has some challenges based on the customer's environment. However, we don't face any challenges because we understand the customer's environment and assess the scope of work.

As for difficulties we face while deploying CyberArk PAM, sometimes the agent won't install on the client's server. But if I report that to CyberArk, they give the required patches, and the solution works fine.

The time we take to deploy CyberArk PAM is based on the number of endpoints. If we have about 200 users, it takes two or three weeks to deploy.

We usually need two or three people to deploy the solution. One will be L2, and the other will be L1.

The solution's pricing is reasonable compared to other vendors' products.

I rate CyberArk Endpoint Privilege Manager an eight out of ten.

The solution reduces the stress of managing privileged accounts that log into servers and network devices. We're also looking to onboard service accounts, and the solution takes care of the rotation while meeting the password policy and auditing and recording user sessions. The solution manages privilege sessions. The solution is also part of a zero-trust architecture where we see what admin users do on the servers.

The password rotation and the session recording are the most valuable features. Likewise, password management for service accounts is a very nice feature.

One area that has room for improvement is in managing the credentials for network devices. The solution works fine for servers running Windows 10, but it's not very functional or smooth in operation for servers running Linux and Unix operating systems. There could also be some improvement in integrating with a number of solutions. Though CyberArk keeps developing, improving, or increasing its integrations with other solutions, it could do better.

I would also like the initial setup to be easier because we have to engage the services of a partner when setting up the solution. Moreover, the documentation for setup is restricted to partners only. You can get training on the administration of the solution, but the setup and getting some support documents are reserved for partners only. If there were a better way to get this information out there or to make it more accessible, that would reduce the complexity of setting up the solution.

We've worked with this solution for three years.

I rate the solution's stability an eight out of ten.

The solution is highly valuable, but it depends on the license. To scale the architecture, you can just increase your resources. I rate the solution's scalability an eight out of ten. I have about 50 users for this solution, using it 24/7.

CyberArk's technical support can be very prompt, and I am satisfied with their services.

Positive

I rate the initial setup a five out of ten. The solution was not so easy to set up. It has several components with communication between them and server hardening, so the setup is not exactly easy. But there is straightforward documentation, so we can work with that. However, that is reserved for partners.

All conditions being equal, it takes three weeks to deploy the solution. But it took longer for us because there were some constraints within the environment, so it took three weeks to one month.

When deploying the solution, we had to evaluate our environment, get all our privileged accounts, and decide on the architecture we wanted to go with. Since we deployed the solution on-premises, we had to provision servers for different components of the solution before installing each component on the servers and then installing the vault.

Right now, as an individual, I can't just say I'm getting CyberArk and setting it up myself. I need to get the services of a partner. A lot of the documentation is reserved for partners.

We needed two people to deploy the solution, and we currently just need one admin for maintenance. We would need two for a larger business.

I rate the solution's pricing an eight out of ten since the price can be too high for smaller businesses. There is an annual support license that needs to be purchased additionally.

It's a great solution and is really functional. It's not a solution that covers a lot of needs. It has a niche area, and they do excellently with that. I recommend CyberArk Endpoint Privilege Manager and rate it a nine out of ten.

I'm still trying to maximize and explore the solution's capabilities. It does quite a lot, but I have not been able to utilize the solution that well. It takes time for users to accept changes and get used to the solution.

I have been working with the product for five years. 

The tool is an endpoint management system. It monitors everything a standard user does and helps elevate privileges when necessary for advanced users. It keeps an auditable trail of all activities. Practically, it stops and blocks potentially hazardous user behavior, whether intentional or unintentional. Certain companies must use endpoint management software because of national or international rules or ISO norms.

The product is expensive.

One of the product's strengths is the large international user community. Often, you don't need to speak directly to the vendor because you can find solutions on the community site, where there are discussions or officially closed cases with solutions provided by the vendor. You can usually solve most issues on your own this way. However, if you can't find a solution, you can open a case through their ticketing system. If the issue is relevant, tech support will connect with you to solve it, especially if you are the first to encounter a specific bug. Once resolved, they anonymize the case and make it available to others so that the same question doesn't have to be answered repeatedly.

I'm quite happy with the support. The documentation and guides are generally okay, although you might find some minor mistakes. Still, you can accomplish a lot on your own. Compared to smaller competitors, they have a quite extensive e-learning platform with self-paced courses, which is very helpful. They also offer paid live courses and labs. 

There have been some issues, like delayed responses or the time it takes for your case to be considered important enough for direct tech support. Additionally, to speak with high-level tech experts, you often need specific certifications, which can be frustrating for those with extensive hands-on experience but without the required certifications. This might mean they get support later than someone like me, who has taken the exams and can access support more quickly.

Positive

Regarding return on investment, it's hard to put a number on it since it's in security. You might be able to calculate if a company has been successfully attacked a couple of times, then installs EPM and stops being attacked. But you don't know if there would have been attacks without it. It's hard to estimate, and I'm not calculating these things.

The tool is a bit pricey compared to its competitors. My company does work with competitors, but I don't have hands-on experience with other software. I've just done some comparisons.

Overall, I'm very satisfied with the product. It's almost perfect. It's a heavy solution but has all the functionalities you need practically or administratively. It might be a bit more expensive than its competitors, but function-wise, it's the best you can get from what we've seen.

It is the best option on the market, especially for companies already using other CyberArk products. You can have identity, privileged access, and endpoint management from one vendor, which can be more cost-effective and allow the products to communicate.

CyberArk Endpoint Privilege Manager integrates well with third-party solutions. Its marketplace offers plugins, connectors, and documentation for connecting to various third-party solutions, operating systems, servers, platforms, and network devices.

CyberArk is quite popular in our region. One competitor, BeyondTrust, is similar in size and functionality. But in this region, and I'd say mainly in all of Europe, CyberArk beats BeyondTrust. There's no technical reason for this; BeyondTrust has no history here. CyberArk is quite dominant in this area.

I rate the overall solution an eight out of ten. Technically and functionally, it has everything, but it's very heavy on hardware and virtual machines. I think it could be lighter on deployment and hardware requirements.

I'm satisfied with the security part and detection capabilities. The functionality is great, although it can be heavy to deploy.

Day-to-day, normally when administrative access is required for a user, they have a UAC prompt that comes up and they have to click yes or no. When we whitelist an application, it automatically elevates, so it's one less click for the user. It's improving efficiency and it's making it easier for them, at the end of the day.

The tool has great functionality in reducing risk in the environment, especially if an endpoint is compromised. It reduces pass-the-hash and same-account harvesting. And if something were to happen, we would be able to report on that right away and let the SOC know.

In terms of removing local admin credentials on the endpoint and the effect on the size of the attack surface in our organization, it has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know.

We have also been able to reduce the number of local admins. We originally scoped out to only have a certain number of licenses for the software and we have reduced it significantly from what we thought we would need, purely based on a policy perspective and who actually really needs some administrative access.

With conventional local administrative access, you have no insight into how users are using that access. With Endpoint Privilege Manager, we have the ability to see how they're using that and then lock down things that aren't appropriate or are not allowed in our company.

At scale, in an enterprise environment, it's very easy to start installing agents on multiple workstations. So if we need to deploy to several thousand more workstations, we will have the ability to do that.

So far, there are a lot of integrations we are using. We are sending logs to a SIEM. We are working with AD to make sure that we are provisioning roles properly at that point. That's where we've left it.

If we look at the Privilege Management Inbox, we get a lot of information on what's happening right then and now. But if we would able to filter it down based on a role group or an AD group to say, "Give me all the actions run by this specific AD group," it would be very easy to scope out access for different roles.

Overall, the ability on the endpoint is very good for the user. It can be used online and offline. As for the administrative console, there's room for improvement and that is something we've already escalated. We've worked with the R&D teams to address those issues.

Scaling is easy. If you want to put it out on more endpoints, if you need thousands of more workstations, it's very easy to do. CyberArk has easy guidelines on how you should be sizing your infrastructure.  

Overall, I would rate technical support at seven out of 10. We have had some major issues with the tool, but we have worked with the R&D teams and we have worked with support. There is room for improvement, especially on response times. But they're working on it and they're doing the best they can.

We did not have a previous solution. However, we knew that there is a large attack surface in the event that we were to be compromised or fished. We knew that there was a vulnerability and we said, "Okay, we want to get it in front of this so we're not Equifax or CapitalOne or something like that."

It was a pretty straightforward setup. CyberArk does support the documentation for it. We did customize it a little bit more for high-availability. If a server were to go down, we can automatically switch. So overall, it's quite easy to set up, but you can always customize a little bit more.

I don't think I could quantify ROI, to be honest. Reducing risk is always something that is going to cost you. But when it comes to share price, stock price, etc., if a breach were to occur that would have huge implications.

If you're going to implement Endpoint Privilege Manager, don't just give everybody EPM and think you're done with it. Spend the time, engineer it, think about it from a project perspective, and deploy it with the concept of least privilege. Really spend the time to make sure it's deployed correctly and all the processes are established so it's smooth sailing from there on in.

Overall, I would rate this product at 8.5 out of 10. The product does exactly what we need it to do. However, we do need a little bit more action and response time with regards to support.

In terms of the effect working with CyberArk has had on my career, it has really put my name on the map with regards to the whole CSO world and IT security, as well as from our company-wide, holistic perspective. People come to me; they know me as the person who will solve problems. Usually, things are very difficult, but at the end of the day, we'll find a solution and implement it. From that perspective, it's giving me a lot more opportunities.

We primarily use the solution on our endpoints. 

We have found the solution quite impressive.

Performance-wise, it's on par with BeyondTrust.

We like that you can distribute the applications and decide how you want to run those applications based on their criticality. You can distribute them and decide which one needs any extra approval and which can run independently. That division was really, really helpful. It has actually reduced almost 30% of calls to the IT help desk.

It cannot be on-prem. It is only cloud-based. Sometimes, that's a restriction in terms of usage.

I want to have the EPM platform on the same platform as PAM. I'd like not to have two different dashboards or two different consoles to manage the endpoint systems. Having a single platform for PAM and for EPM would actually help a lot.

We've only been testing the solution. We haven't used it for that long. 

The solution is stable. It offers great performance. There are no bugs or glitches and it doesn't crash or freeze. 

EPM is mostly for the endpoint end users. We have more than 500.

We've also used BeyondTrust EPM. They are very similar. 

Anyone who's trying to get the EPM implemented before purchasing the solution should have their internal policy sorted out. Make sure you have the right application groups and user groups defined and the policies for them defined. You cannot acquire the solution, purchase it, and then start building it. You will lose the license period, and sometimes not being ready means the implementation will fail.

I'd rate the solution eight out of ten. It still leverages a lot of group policy manager features of Windows infrastructure, and the group policy manager is a little complicated. It's still a good solution, however.

We use CyberArk Endpoint Privilege Manager mainly for privilege management.

It's helped us manage our security processes. Our main goal is to have more specified permissions for the users and to take back control of the environment. Because local admins are used globally, there isn't much control in the environment. But with this, we can know what's going on and report it properly.

I like that you can remove the admin rights from the user's computer and have control over the environment. That means you can delete the local admins and grant them proper privileges with the console. So, they will get proper permissions for applications they need, but we don't have to do it. In the domain where we don't have control, the user can only do specified actions, but not all of them.

Performance could be better. We have a couple of problems with CyberArk right now. One of the problems is performance in our environment. Support also takes a long time to respond.

If the user already has local admin rights, then I can't collect any events in the console from this device. There are also some options in CyberArk that are not working properly, and are not helpful in this case. 

I can't collect any information to create a proper policy for the device. I have to investigate everything manually, or even disable the local admin from the device. I can collect the events only after this, and it's very time consuming. In my case, it's a waste of resources.

I have been dealing CyberArk Endpoint Privilege Manager for about one year.

It's not a stable solution because you have to restart the server once a week. However, we didn't experience any problems on the end-user computers, only with the servers. 

The solution is scalable, but it requires a lot of work. We have tens of thousands of devices. Overall, it's nearly applied on every device. But when we're talking about something like 30,000 devices, it's hard to manage. 

When it comes to the global configuration, we are right now in the deployment stage, and it will take a lot of time. It also takes a lot of work from our side to implement it appropriately. It's not as easy as just installing it, and it works. It has to be done step by step.

I'm not satisfied with technical support. In my previous experience, we were waiting a couple of days for their response. We're having this problem for a couple of months now, and the problem is still not solved. You also need some training to create a support ticket, and I have to pay for this. From my perspective, this is like stealing.

The initial setup depends on the configuration you want. CyberArk is pretty flexible, so you can do it around multiple configurations. If you want to get your environment in a pretty simple setup, then it's quite easy. If you want to do much more, then there's a lot to work on. But overall, it's pretty easy to manage.

Pricing depends on how many devices you use. Right now, on-premise, it costs us a little, but it's worth it. It seems like the cloud solution is much more expensive. We got this solution one year ago, and it's like we bought the solution, and now they are not going to support it on-premise anymore. We are in the implementation phase, and we missed this, and we already paid for the licenses. This is wasted time from my perspective, and CyberArk should be more customer-friendly.

I would advise poential users to instantly look for a solution in the cloud if they want to go with CyberArk. Don't get the on-premise version.

I'm not satisfied with the EPM, and I'm just looking to see if there's any other solution that we can get. This is also because CyberArk is ending support for on-premise solutions in 2023. So, in our case, we will have to move to the cloud, and the cloud is much more expensive than just using the solution we have right now.

On a scale from one to ten, I would give CyberArk Endpoint Privilege Manager a six.

We are implementing this product to control the Privilege account. For example, from a Cyber Privilege account, we just want to know what the user is doing and how to control it. We use it for security and monitoring.

The department management aspect of the solution is the most valuable aspect. 

The screen the color options are very good. 

The solution does a good job of assisting with the monitoring of users. 

Basic integrations of users are very straightforward. It's easy to assign them the rules, et cetera.

Technical support is slow to respond when we run into issues.

We haven't really faced too many issues so far. There are some small issues here and there, however, it hasn't been anything major.

We've faced some delays in tax reporting.

When you're trying to integrate the other products, there are some workarounds which we have to do. We'd like the integration of security to be easier. 

We expected it to be very easy for the people who are deploying and managing the product, however, that isn't necessarily the case.

We've only been dealing with the solution for about a year or so. It's a somewhat recent addition to the company.

The product has a very stable history. I've not heard of any issues. There doesn't seem to be problems with bugs or glitches. It doesn't crash or freeze. Any issue we've had has been extremely minor. It's reliable.

The solution is scalable, even though we have had some difficulties here and there. We had a client who purchased an extra 50 licenses and we faced some complications around that, however, it did end up working out just fine in the end. 

Technical support does not cause us issues. They are supporting us just fine. Presently, they are very good. 

That said, reaching them is a bit of a problem. It's complicated. It can take a lot of time. I don't know where the delay is happening, or why, yet, often, when we reach out, we have trouble. 

Otherwise, they are very good and very capable. We are mostly satisfied with their level of support.

I did not handle the installation myself. I have done one recently, however, I did it with the assistance of our distributor. As I've only ever done one implementation personally, it's hard to comment on the process. I'm still quite new to it. 

We can implement the solution for our clients. I myself have recently handled my first implementation, and I did that with the help of our distributor.

I'm more on the technical side. I don't typically deal with the pricing of products. I can't speak to the licensing, how it works, or how much it costs. That's handled by a different team. 

We have tried other products. We have tried, for example, BeyondTrust, and the MicroFocus Time Solution. However, neither was what we expected and therefore we need up coming back to CyberArk. 

We are resellers and an implementor of the solution.

I'd rate the solution at a nine out of ten.

Product-wise we don't face that many issues, and basic integration of users and assigning them the rules and other stuff like that is, compared to other options, very straightforward.