Try our new research platform with insights from 80,000+ expert users
CyberArk Privileged Access Manager Logo

CyberArk Privileged Access Manager pros and cons

Vendor: CyberArk
4.3 out of 5
Badge Ranked 1
4,111 followers
Post review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

CyberArk Privileged Access Manager enhances security by automating password management, which removes human chain weaknesses and ensures compliance with corporate policies.
The integration with PTA provides real-time monitoring and threat analytics, enabling proactive detection of unusual user behavior to enhance security measures.
It streamlines management processes by enabling centralized control and rotation of privileged account credentials, reducing risks such as lateral movement within networks.
Automatic password rotation, session recording, and isolation features are critical for maintaining adherence to industry standards, thereby satisfying regulatory compliance such as PCI, SOX, and HIPAA.
CyberArk Privileged Access Manager is scalable and flexible, supporting integrations with various systems and applications, which enhances its ability to adapt to evolving business needs.

CONS

Initial setup and upgrading processes are complex, requiring significant resources and planning.
Technical support and post-sale support responsiveness and willingness to assist are inadequate, causing frustration.
The licensing model is inflexible and expensive, posing challenges for varying user needs.
Integration capabilities with third-party tools and internal applications are limited and often require complex custom solutions.
CyberArk Privileged Access Manager struggles with scalability and performance issues, especially in large environments managing numerous accounts.
 

CyberArk Privileged Access Manager Pros review quotes

CoreAnalee82 - PeerSpot reviewer
Jul 19, 2018
CyberArk is not just an IT security or cybersecurity tool. It's also an administrator tool. I had a fair number of systems where the passwords were not fully managed by CyberArk yet, and they were expiring every 30 or 45 days. I was able to get management turned on for those accounts. From an administrator perspective, I didn't have to go back into those systems and manually change those passwords anymore. CyberArk... lightened the load on our administrative work.
SatishIyer - PeerSpot reviewer
Jun 21, 2022
I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault.
reviewer1706796 - PeerSpot reviewer
Oct 29, 2021
We've written over a hundred custom connectors ourselves that allow us to do all types of privileged session management for various applications. On top of that, the rest of the API-based central credential providers allow us to get away from credentials that may be hard-coded in the script or some application.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
Securitye790 - PeerSpot reviewer
Jul 18, 2018
It has helped us with our adoption with other teams, and it has also helped us to integrate it at the ground level.
NM
Dec 19, 2021
We also use CyberArk’s Secrets Manager. Because AWS is the biggest area for us, we have accounts in AWS that are being rotated by CyberArk. We also have a manual process for the most sensitive of our AWS accounts, like root accounts. We've used Secrets Manager on those and that has resulted in a significant risk reduction, as well.
Informatf452 - PeerSpot reviewer
Jul 19, 2018
I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors.
GO
Dec 30, 2019
CyberArk is a very stable product and it's a stable product because it has a simple design and a simple architecture that allows you to leverage the economies of scale across the base of your infrastructure that you already have implemented. It doesn't really introduce any new complex pieces of infrastructure that would make it that much more difficult to scale.
MM
Dec 23, 2021
It is a single tool that isolates possible kinds of malware. You get lateral movement blocking and auditing information, e.g., you know who is doing what. You are getting protections from the service as well as a useful environment. All your admins can easily go in and out of your company while accessing your servers in a secure way, even if they are working abroad.
KC
Dec 15, 2019
When we started with RPA, there was a requirement that every credential and the bots themselves be protected through the PAM system. From the get-go, we've had CyberArk in the middle... We've got a pretty robust RPA implementation with our PAM platform. Users, bots, the credentials — everything is managed via our PAM solution.
RK
Jul 18, 2018
We can make a policy that affects everybody instantly.
 

CyberArk Privileged Access Manager Cons review quotes

CoreAnalee82 - PeerSpot reviewer
Jul 19, 2018
This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be better if they were a little more give-and-take upfront: "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful.
SatishIyer - PeerSpot reviewer
Jun 21, 2022
When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time.
reviewer1706796 - PeerSpot reviewer
Oct 29, 2021
Many of the infrastructure folks who use the product dislike it because it complicates their workflow. They get a little less control, and they have to go through a specific solution. It proactively logs in for them, which obfuscates some of the issues that they may be troubleshooting.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
Securitye790 - PeerSpot reviewer
Jul 18, 2018
Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together.
NM
Dec 19, 2021
If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone.
Informatf452 - PeerSpot reviewer
Jul 19, 2018
We had an issue with the Copy feature... Apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it.
GO
Dec 30, 2019
CyberArk has to continue to evolve with that threat landscape to make sure that they're still protecting those credentials that are owned by those that have privileged accounts in the firms.
MM
Dec 23, 2021
They are sometimes not flexible with things. For instance, from one day to another, there might be something that had been done years ago by CyberArk, then they say, "We do not support that." You then have to initiate a complaint and start working with them. Things might become complicated and months pass while you are working with them. Usually, they are good and fast, but sometimes they seem to be blocked with problems, e.g., you will suddenly be working with another team instead of the team that you were working with the day before.
KC
Dec 15, 2019
The one place where we found that this product really needs to improve is the cloud. Simple integrations don't exist, even today. We don't have anything specific on CyberArk for managing, SaaS products, SaaS vendors, SaaS credentials. I understand it's a vendor-based thing and that they have to coordinate with the other vendors to be able to do that, and there are integrations coming. But these are the major places where CyberArk definitely needs to invest some more time.
RK
Jul 18, 2018
One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening.