CyberArk Endpoint Privilege Manager Reviews

We use the solution to secure direct access to servers. Users could open their browsers and access resources. This applies to different teams, such as DevOps, IT services, and development teams. They can no longer use RDP connections directly to the server for their day-to-day tasks. Instead, they must log in to CyberArk with their account and then use a shared account to access the server. Another advantage is using (Privilege Access Management) PAM accounts, which have high permissions but are limited in their access.

CyberArk's infrastructure is extensive. A cloud version has been introduced, when it was fully on-premises. You had to set up a separate environment for CyberArk, which incurred significant costs for the customer. Additionally, maintaining the infrastructure required dedicated resources, including on-call support outside of regular hours. If infrastructure went down, it left everyone in a difficult situation.

I have been using CyberArk Endpoint Privilege Manager as a consultant for three and a half years.

The product is stable.

I rate the solution’s stability an eight out of ten.

The solution is not easy to scale because it needs a separate team to do the capacity management all the time. We cater the solution to enterprises and small businesses.

I rate the solution’s scalability an eight out of ten.

The initial setup is very difficult, but If you follow the correct sequence, then it's fine. The only complex thing is to build the infrastructure and maintain it.
It depends on the whole component and takes a couple of weeks to deploy.

The solution is very expensive. The licensing costs a lot. There is a separate cost for support.

We opted for BeyondTrust.

Three people are required for the solution’s maintenance.

Overall, I rate the solution a nine out of ten.

I work with CyberArk Endpoint Privilege Manager for my partners. It is mainly for compliance, managing credentials securely, and monitoring what's going on with those credentials. Also, there's this thing about limiting privileges for certain users in production environments. But it seems like it's not just for big setups, it's also used across all kinds of workplaces.

The feature called PTA, which stands for Privileged Threat Analytics keeps track of what admins are doing and works with Centimeters. If something fishy is going on with a user's credentials, it alerts the security team so they can act fast. Plus, it automates stuff like resetting credentials or blocking users. So, if there's a potential hack, CyberArk can change passwords and lock out users in a snap. It also gives you a heads-up if anything unusual is going on with server activities, like someone creating new users with uncontrolled credentials. 

CyberArk meets clients' need very spot-on. It covers everything customers ask for.

As for improvements, honestly, the feedback's been really positive. I haven't heard any specific areas that need work.

It's designed to be highly available and resilient, so you can always access your targets no matter what.

As for scalability, it's totally on point. With the SaaS option, it's fully scalable. And if you're running components on-premise, you can easily add more to boost performance as your user base grows. They're usually virtual, so it's a breeze to scale up by adding more virtual machines.

I don’t deal directly with customer support, but I've heard good things from my colleagues who do. They usually handle it through certified partners, and the feedback is pretty positive.

Positive

There are two choices, one is the software service option, which is super easy to install and get running. The other is a self-hosted route, which has a more structured setup for better security and performance, though it's a bit more complex.As for deployment time, it varies depending on the project, but on average, you can get it up and running in just a day.

Maintenance is not a headache. We usually offer manager services to keep everything updated and running smoothly. It's a simple process that keeps things effective.

It's not at the lower end of the market. I think the price is reasonable considering the quality it delivers. It is a top-notch solution at a fair price point.

Once you start integrating this solution with your existing technologies and implementing new processes for accessing targets by administrators, you can see significant progress within two to three months, covering around eighty to ninety percent of your technology integration. With strong engagement, you can expect a substantial return on investment in that timeframe.As for rating the solution, I would give a solid ten.

We primarily use the solution on our endpoints. 

We have found the solution quite impressive.

Performance-wise, it's on par with BeyondTrust.

We like that you can distribute the applications and decide how you want to run those applications based on their criticality. You can distribute them and decide which one needs any extra approval and which can run independently. That division was really, really helpful. It has actually reduced almost 30% of calls to the IT help desk.

It cannot be on-prem. It is only cloud-based. Sometimes, that's a restriction in terms of usage.

I want to have the EPM platform on the same platform as PAM. I'd like not to have two different dashboards or two different consoles to manage the endpoint systems. Having a single platform for PAM and for EPM would actually help a lot.

We've only been testing the solution. We haven't used it for that long. 

The solution is stable. It offers great performance. There are no bugs or glitches and it doesn't crash or freeze. 

EPM is mostly for the endpoint end users. We have more than 500.

We've also used BeyondTrust EPM. They are very similar. 

Anyone who's trying to get the EPM implemented before purchasing the solution should have their internal policy sorted out. Make sure you have the right application groups and user groups defined and the policies for them defined. You cannot acquire the solution, purchase it, and then start building it. You will lose the license period, and sometimes not being ready means the implementation will fail.

I'd rate the solution eight out of ten. It still leverages a lot of group policy manager features of Windows infrastructure, and the group policy manager is a little complicated. It's still a good solution, however.

CyberArk Endpoint Privilege Manager is used for compliance with password policies.

The most valuable feature of CyberArk Endpoint Privilege Manager is its ability to reset passwords every time that it is needed or periodically.

CyberArk Endpoint Privilege Manager is not suitable for the current situation because when you compare it to OTP, OTP is the strongest password solution. You can use it as a one-time password, but you have to log into the password manager itself and if you don't change your password, it will be the weakest link in the security. In OTP, you don't have that weakest link.

I have been using CyberArk Endpoint Privilege Manager for approximately five years.

CyberArk Endpoint Privilege Manager is stable.

The scalability of CyberArk Endpoint Privilege Manager is good. The capacity is not in high demand in the resources. When you set up a new server, you can use it for approximately 5,000 users of devices. When you buy the largest system, then you don't have to scale it anymore.

Best suited for medium to large enterprises.

I have not used the support from CyberArk Endpoint Privilege Manager.

The initial setup of CyberArk Endpoint Privilege Manager is straightforward.

The price of CyberArk Endpoint Privilege Manager is expensive.

My advice to others is that CyberArk Endpoint Privilege Manager is not for small to medium enterprises. It is best suited for medium to large enterprises because it is not cheap. When you want to implement the password manager and your CyberArk Endpoint Privilege Manager, you have to know what you are doing and what kind of a policy you want to implement in detail, otherwise, you will have no leverage in using the solution.

I rate CyberArk Endpoint Privilege Manager a nine out of ten.

We use CyberArk Endpoint Privilege Manager mainly for privilege management.

It's helped us manage our security processes. Our main goal is to have more specified permissions for the users and to take back control of the environment. Because local admins are used globally, there isn't much control in the environment. But with this, we can know what's going on and report it properly.

I like that you can remove the admin rights from the user's computer and have control over the environment. That means you can delete the local admins and grant them proper privileges with the console. So, they will get proper permissions for applications they need, but we don't have to do it. In the domain where we don't have control, the user can only do specified actions, but not all of them.

Performance could be better. We have a couple of problems with CyberArk right now. One of the problems is performance in our environment. Support also takes a long time to respond.

If the user already has local admin rights, then I can't collect any events in the console from this device. There are also some options in CyberArk that are not working properly, and are not helpful in this case. 

I can't collect any information to create a proper policy for the device. I have to investigate everything manually, or even disable the local admin from the device. I can collect the events only after this, and it's very time consuming. In my case, it's a waste of resources.

I have been dealing CyberArk Endpoint Privilege Manager for about one year.

It's not a stable solution because you have to restart the server once a week. However, we didn't experience any problems on the end-user computers, only with the servers. 

The solution is scalable, but it requires a lot of work. We have tens of thousands of devices. Overall, it's nearly applied on every device. But when we're talking about something like 30,000 devices, it's hard to manage. 

When it comes to the global configuration, we are right now in the deployment stage, and it will take a lot of time. It also takes a lot of work from our side to implement it appropriately. It's not as easy as just installing it, and it works. It has to be done step by step.

I'm not satisfied with technical support. In my previous experience, we were waiting a couple of days for their response. We're having this problem for a couple of months now, and the problem is still not solved. You also need some training to create a support ticket, and I have to pay for this. From my perspective, this is like stealing.

The initial setup depends on the configuration you want. CyberArk is pretty flexible, so you can do it around multiple configurations. If you want to get your environment in a pretty simple setup, then it's quite easy. If you want to do much more, then there's a lot to work on. But overall, it's pretty easy to manage.

Pricing depends on how many devices you use. Right now, on-premise, it costs us a little, but it's worth it. It seems like the cloud solution is much more expensive. We got this solution one year ago, and it's like we bought the solution, and now they are not going to support it on-premise anymore. We are in the implementation phase, and we missed this, and we already paid for the licenses. This is wasted time from my perspective, and CyberArk should be more customer-friendly.

I would advise poential users to instantly look for a solution in the cloud if they want to go with CyberArk. Don't get the on-premise version.

I'm not satisfied with the EPM, and I'm just looking to see if there's any other solution that we can get. This is also because CyberArk is ending support for on-premise solutions in 2023. So, in our case, we will have to move to the cloud, and the cloud is much more expensive than just using the solution we have right now.

On a scale from one to ten, I would give CyberArk Endpoint Privilege Manager a six.

Because we are dealing with personal health information, we have had to setup up a security broker for admin access in and out of the accounts.

They wanted to have a break-glass solution in case there was a problem with the multi-factor authentication or any other issues.

We chose to use CyberArk for their failover abilities. If the Multi-factor authentication fails then you can still log in and it has a second factor that authenticates.  

It gives them the break glass option that they needed.

The most valuable feature is that it does lifecycle management and that it will change to whatever the end target is. For example, you can go into Azure AD, a backup directory, or a set of Google cloud platforms.

It will do lifecycle management on the keys. It makes it so that you won't have to ever have a standard key. 

It's generating dynamically keys and you can enforce policy easier.

As you start adjusting your key lengths and everything further, you can adjust them all in a single day.

It's an old product and has many areas that can be improved.

They are having to purchase Centrify to get a Linux client session that is authenticated against Active Directory. 

If you wanted to log in and use your ID credentials into Linux boxes, the solution that worked was not CyberArk, it was Centrify. They had to purchase two different products to do the same thing.

The interface is not great, but good.

In the next release, I would like to see a Linux Client added.

I have been using CyberArk Endpoint Privilege Manager, since the early 2000s.

We are using the latest version.

It's a stable solution.

CyberArk Endpoint Privilege Management is scalable.

We have 1200 users in our organization.

Technical support is fine, they are better than what they used to be.

The initial setup is complex because you are dealing with federated credentials across multiple authentication protocols.

We did not use a vendor or reseller. I am there as a consultant.

I think that it was in the range of $200,000  that had to get approved. That may have been for the whole three to five years for the project length.

I basically am trying to drive their digital transformation and do the overall build a mass data network for their data strategy. Building out different APIs and different things. 

Building out a blockchain security framework to allow HIPAA compliance where you can go in at the portability of their data to pull in and out without creating an issue with the payers.

I would recommend this solution depending on what the business needs are. I'm a big proponent for keeping things simple and trying to avoid unneeded complexity.

The company demanded certain things and only wanted to do it one way, and the way they wanted to do is what we got stuck with.

The API mobilities are there, they exist and they are okay, but as a framework and in total is worrisome because it's not a stateless application.

It doesn't appear to be moving forward. It's still a type of software-oriented architecture instead of moving to microservices, where it could be stateless. If it were stateless, and it failed during a password change, you would see it as a failure and go back to the original password.

I think that they have a lot of work to do to get there.

I would rate this solution an eight out of ten.

We use the solution as a Privilege Access Manager to manage user's passwords. 

I am impressed with the product's seamless integration. The PAM wallet and enterprise password wallet are good also good. 

The tool should be more user-friendly. 

I have been using the product for one year. 

The solution is stable.I would rate it an eight out of ten.

The product is scalable. I would rate it an eight out of ten. There are about 35 users for the solution in my company. The users are mostly sales managers. 

The product's technical support is only average. They need to improve their response time. 

Neutral

I have used ARCON before. It is not as user-friendly compared to CyberArk. CyberArk has got more visibility compared to ARCON. 

The product's setup was complex. I would rate its setup a seven out of ten. The tool's architecture is difficult. The product's deployment takes one to two months to complete. 

The tool is priced high. I would rate its pricing an eight out of ten. 

I would rate the product an eight out of ten. The tool's performance is good. It is an enterprise product. 

The most valuable feature is that their database is completely encrypted and protected with multiple layers.

Compared to other tools like Linux, this solution isn't as user-friendly. In the next release, CyberArk should add integration with PAM tools, blacklisting and whitelisting for applications, and adaptive MFA.

I've been working with this solution for five years.

CyberArk is stable, but upgrading or patching requires a lot of downtime.

CyberArk is scalable - we can fit it to different environments from small to large because it has been designed in a distributed way.

The technical support is quite good, but we have had issues with logs filling up and not always getting accurate resolutions.

This initial setup is complex even for small organizations and requires at least five to six days to complete, more for bigger organizations.

The cost for CyberArk is very high.

I would give this solution a rating of eight out of ten.