CyberArk Endpoint Privilege Manager Reviews

By securing our endpoints, we are preventing attackers from using the domain accounts we have that are administrative accounts. For example, your credentials are cached when you log into a Windows computer, so attackers look out for those, and if it's an admin account, it will be what they need. Another good thing about this product is that even if you have a local account, you can provision that account so that the password is unique on all computers. So if you have their account credentials on a single computer, it doesn't mean you can use that same account and password to log into another computer or workstation. It also prevents using any accounts to jump from one host to another or move laterally, which is another important one for us.

All of the features are valuable. They control applications for users, like preventing users from elevating applications. You can use it to strip users of their local admin rights and, at the same time, elevate applications for them and give them access to elevated applications. Hence, administrative rights are unavailable for domain accounts which are the juicy ones for attackers because they can use them to move laterally from one host to another. Therefore, attackers can no longer strip a user's near right, but at the same time, they can elevate the user from access to the application and do their jobs without having issues elevating applications.

The solution can be improved by allowing computers or users to be excluded from policies because we currently can't do that. If you roll out an approach, you can target computers and users and can't exclude end users when targeting computers. So, for example, say you want to exclude administrators from a policy it will apply to everybody.

We have been using this solution for approximately one year and are currently using the latest version.

The solution is stable and reliable, depending on the client's use case.

The solution is scalable.

I rate customer service and support seven out of ten.

Neutral

The implementation would be complex for someone who doesn't understand how to implement it overall. Additionally, the use case determines the complexity. I rate the complexity an eight out of ten, with ten being the easiest.

The time involved in deployment depends on the use cases, the size of the organization and the number of workstations and users they have. For smaller organizations, if you have less than a hundred computers, it depends on your use cases. If the use cases are few, they can be deployed in a day or two, and policies can be rolled out to the workstations. On the other hand, organizations could take up to six months or a year to deploy.

I rate the solution seven out of ten. The solution is good but can be improved by allowing computers to be excluded from policies. I advise customers considering this solution to asses their use cases and try to talk to the three leading vendors at Delinea, CyberArk and Beyond Trust and find out if they can meet the requirements of their use cases before deciding.

I have been working with the product for five years. 

The tool is an endpoint management system. It monitors everything a standard user does and helps elevate privileges when necessary for advanced users. It keeps an auditable trail of all activities. Practically, it stops and blocks potentially hazardous user behavior, whether intentional or unintentional. Certain companies must use endpoint management software because of national or international rules or ISO norms.

The product is expensive.

One of the product's strengths is the large international user community. Often, you don't need to speak directly to the vendor because you can find solutions on the community site, where there are discussions or officially closed cases with solutions provided by the vendor. You can usually solve most issues on your own this way. However, if you can't find a solution, you can open a case through their ticketing system. If the issue is relevant, tech support will connect with you to solve it, especially if you are the first to encounter a specific bug. Once resolved, they anonymize the case and make it available to others so that the same question doesn't have to be answered repeatedly.

I'm quite happy with the support. The documentation and guides are generally okay, although you might find some minor mistakes. Still, you can accomplish a lot on your own. Compared to smaller competitors, they have a quite extensive e-learning platform with self-paced courses, which is very helpful. They also offer paid live courses and labs. 

There have been some issues, like delayed responses or the time it takes for your case to be considered important enough for direct tech support. Additionally, to speak with high-level tech experts, you often need specific certifications, which can be frustrating for those with extensive hands-on experience but without the required certifications. This might mean they get support later than someone like me, who has taken the exams and can access support more quickly.

Positive

Regarding return on investment, it's hard to put a number on it since it's in security. You might be able to calculate if a company has been successfully attacked a couple of times, then installs EPM and stops being attacked. But you don't know if there would have been attacks without it. It's hard to estimate, and I'm not calculating these things.

The tool is a bit pricey compared to its competitors. My company does work with competitors, but I don't have hands-on experience with other software. I've just done some comparisons.

Overall, I'm very satisfied with the product. It's almost perfect. It's a heavy solution but has all the functionalities you need practically or administratively. It might be a bit more expensive than its competitors, but function-wise, it's the best you can get from what we've seen.

It is the best option on the market, especially for companies already using other CyberArk products. You can have identity, privileged access, and endpoint management from one vendor, which can be more cost-effective and allow the products to communicate.

CyberArk Endpoint Privilege Manager integrates well with third-party solutions. Its marketplace offers plugins, connectors, and documentation for connecting to various third-party solutions, operating systems, servers, platforms, and network devices.

CyberArk is quite popular in our region. One competitor, BeyondTrust, is similar in size and functionality. But in this region, and I'd say mainly in all of Europe, CyberArk beats BeyondTrust. There's no technical reason for this; BeyondTrust has no history here. CyberArk is quite dominant in this area.

I rate the overall solution an eight out of ten. Technically and functionally, it has everything, but it's very heavy on hardware and virtual machines. I think it could be lighter on deployment and hardware requirements.

I'm satisfied with the security part and detection capabilities. The functionality is great, although it can be heavy to deploy.

We use CyberArk Endpoint Privilege Manager mainly for privilege management.

It's helped us manage our security processes. Our main goal is to have more specified permissions for the users and to take back control of the environment. Because local admins are used globally, there isn't much control in the environment. But with this, we can know what's going on and report it properly.

I like that you can remove the admin rights from the user's computer and have control over the environment. That means you can delete the local admins and grant them proper privileges with the console. So, they will get proper permissions for applications they need, but we don't have to do it. In the domain where we don't have control, the user can only do specified actions, but not all of them.

Performance could be better. We have a couple of problems with CyberArk right now. One of the problems is performance in our environment. Support also takes a long time to respond.

If the user already has local admin rights, then I can't collect any events in the console from this device. There are also some options in CyberArk that are not working properly, and are not helpful in this case. 

I can't collect any information to create a proper policy for the device. I have to investigate everything manually, or even disable the local admin from the device. I can collect the events only after this, and it's very time consuming. In my case, it's a waste of resources.

I have been dealing CyberArk Endpoint Privilege Manager for about one year.

It's not a stable solution because you have to restart the server once a week. However, we didn't experience any problems on the end-user computers, only with the servers. 

The solution is scalable, but it requires a lot of work. We have tens of thousands of devices. Overall, it's nearly applied on every device. But when we're talking about something like 30,000 devices, it's hard to manage. 

When it comes to the global configuration, we are right now in the deployment stage, and it will take a lot of time. It also takes a lot of work from our side to implement it appropriately. It's not as easy as just installing it, and it works. It has to be done step by step.

I'm not satisfied with technical support. In my previous experience, we were waiting a couple of days for their response. We're having this problem for a couple of months now, and the problem is still not solved. You also need some training to create a support ticket, and I have to pay for this. From my perspective, this is like stealing.

The initial setup depends on the configuration you want. CyberArk is pretty flexible, so you can do it around multiple configurations. If you want to get your environment in a pretty simple setup, then it's quite easy. If you want to do much more, then there's a lot to work on. But overall, it's pretty easy to manage.

Pricing depends on how many devices you use. Right now, on-premise, it costs us a little, but it's worth it. It seems like the cloud solution is much more expensive. We got this solution one year ago, and it's like we bought the solution, and now they are not going to support it on-premise anymore. We are in the implementation phase, and we missed this, and we already paid for the licenses. This is wasted time from my perspective, and CyberArk should be more customer-friendly.

I would advise poential users to instantly look for a solution in the cloud if they want to go with CyberArk. Don't get the on-premise version.

I'm not satisfied with the EPM, and I'm just looking to see if there's any other solution that we can get. This is also because CyberArk is ending support for on-premise solutions in 2023. So, in our case, we will have to move to the cloud, and the cloud is much more expensive than just using the solution we have right now.

On a scale from one to ten, I would give CyberArk Endpoint Privilege Manager a six.

We primarily use the solution on our endpoints. 

We have found the solution quite impressive.

Performance-wise, it's on par with BeyondTrust.

We like that you can distribute the applications and decide how you want to run those applications based on their criticality. You can distribute them and decide which one needs any extra approval and which can run independently. That division was really, really helpful. It has actually reduced almost 30% of calls to the IT help desk.

It cannot be on-prem. It is only cloud-based. Sometimes, that's a restriction in terms of usage.

I want to have the EPM platform on the same platform as PAM. I'd like not to have two different dashboards or two different consoles to manage the endpoint systems. Having a single platform for PAM and for EPM would actually help a lot.

We've only been testing the solution. We haven't used it for that long. 

The solution is stable. It offers great performance. There are no bugs or glitches and it doesn't crash or freeze. 

EPM is mostly for the endpoint end users. We have more than 500.

We've also used BeyondTrust EPM. They are very similar. 

Anyone who's trying to get the EPM implemented before purchasing the solution should have their internal policy sorted out. Make sure you have the right application groups and user groups defined and the policies for them defined. You cannot acquire the solution, purchase it, and then start building it. You will lose the license period, and sometimes not being ready means the implementation will fail.

I'd rate the solution eight out of ten. It still leverages a lot of group policy manager features of Windows infrastructure, and the group policy manager is a little complicated. It's still a good solution, however.

We are implementing this product to control the Privilege account. For example, from a Cyber Privilege account, we just want to know what the user is doing and how to control it. We use it for security and monitoring.

The department management aspect of the solution is the most valuable aspect. 

The screen the color options are very good. 

The solution does a good job of assisting with the monitoring of users. 

Basic integrations of users are very straightforward. It's easy to assign them the rules, et cetera.

Technical support is slow to respond when we run into issues.

We haven't really faced too many issues so far. There are some small issues here and there, however, it hasn't been anything major.

We've faced some delays in tax reporting.

When you're trying to integrate the other products, there are some workarounds which we have to do. We'd like the integration of security to be easier. 

We expected it to be very easy for the people who are deploying and managing the product, however, that isn't necessarily the case.

We've only been dealing with the solution for about a year or so. It's a somewhat recent addition to the company.

The product has a very stable history. I've not heard of any issues. There doesn't seem to be problems with bugs or glitches. It doesn't crash or freeze. Any issue we've had has been extremely minor. It's reliable.

The solution is scalable, even though we have had some difficulties here and there. We had a client who purchased an extra 50 licenses and we faced some complications around that, however, it did end up working out just fine in the end. 

Technical support does not cause us issues. They are supporting us just fine. Presently, they are very good. 

That said, reaching them is a bit of a problem. It's complicated. It can take a lot of time. I don't know where the delay is happening, or why, yet, often, when we reach out, we have trouble. 

Otherwise, they are very good and very capable. We are mostly satisfied with their level of support.

I did not handle the installation myself. I have done one recently, however, I did it with the assistance of our distributor. As I've only ever done one implementation personally, it's hard to comment on the process. I'm still quite new to it. 

We can implement the solution for our clients. I myself have recently handled my first implementation, and I did that with the help of our distributor.

I'm more on the technical side. I don't typically deal with the pricing of products. I can't speak to the licensing, how it works, or how much it costs. That's handled by a different team. 

We have tried other products. We have tried, for example, BeyondTrust, and the MicroFocus Time Solution. However, neither was what we expected and therefore we need up coming back to CyberArk. 

We are resellers and an implementor of the solution.

I'd rate the solution at a nine out of ten.

Product-wise we don't face that many issues, and basic integration of users and assigning them the rules and other stuff like that is, compared to other options, very straightforward. 

The most valuable feature is that their database is completely encrypted and protected with multiple layers.

Compared to other tools like Linux, this solution isn't as user-friendly. In the next release, CyberArk should add integration with PAM tools, blacklisting and whitelisting for applications, and adaptive MFA.

I've been working with this solution for five years.

CyberArk is stable, but upgrading or patching requires a lot of downtime.

CyberArk is scalable - we can fit it to different environments from small to large because it has been designed in a distributed way.

The technical support is quite good, but we have had issues with logs filling up and not always getting accurate resolutions.

This initial setup is complex even for small organizations and requires at least five to six days to complete, more for bigger organizations.

The cost for CyberArk is very high.

I would give this solution a rating of eight out of ten.

CyberArk Endpoint Privilege Manager is used for compliance with password policies.

The most valuable feature of CyberArk Endpoint Privilege Manager is its ability to reset passwords every time that it is needed or periodically.

CyberArk Endpoint Privilege Manager is not suitable for the current situation because when you compare it to OTP, OTP is the strongest password solution. You can use it as a one-time password, but you have to log into the password manager itself and if you don't change your password, it will be the weakest link in the security. In OTP, you don't have that weakest link.

I have been using CyberArk Endpoint Privilege Manager for approximately five years.

CyberArk Endpoint Privilege Manager is stable.

The scalability of CyberArk Endpoint Privilege Manager is good. The capacity is not in high demand in the resources. When you set up a new server, you can use it for approximately 5,000 users of devices. When you buy the largest system, then you don't have to scale it anymore.

Best suited for medium to large enterprises.

I have not used the support from CyberArk Endpoint Privilege Manager.

The initial setup of CyberArk Endpoint Privilege Manager is straightforward.

The price of CyberArk Endpoint Privilege Manager is expensive.

My advice to others is that CyberArk Endpoint Privilege Manager is not for small to medium enterprises. It is best suited for medium to large enterprises because it is not cheap. When you want to implement the password manager and your CyberArk Endpoint Privilege Manager, you have to know what you are doing and what kind of a policy you want to implement in detail, otherwise, you will have no leverage in using the solution.

I rate CyberArk Endpoint Privilege Manager a nine out of ten.

We use the solution as a Privilege Access Manager to manage user's passwords. 

I am impressed with the product's seamless integration. The PAM wallet and enterprise password wallet are good also good. 

The tool should be more user-friendly. 

I have been using the product for one year. 

The solution is stable.I would rate it an eight out of ten.

The product is scalable. I would rate it an eight out of ten. There are about 35 users for the solution in my company. The users are mostly sales managers. 

The product's technical support is only average. They need to improve their response time. 

Neutral

I have used ARCON before. It is not as user-friendly compared to CyberArk. CyberArk has got more visibility compared to ARCON. 

The product's setup was complex. I would rate its setup a seven out of ten. The tool's architecture is difficult. The product's deployment takes one to two months to complete. 

The tool is priced high. I would rate its pricing an eight out of ten. 

I would rate the product an eight out of ten. The tool's performance is good. It is an enterprise product.