Try our new research platform with insights from 80,000+ expert users
S Azeem - PeerSpot reviewer
Technology Manager at a computer software company with 201-500 employees
Real User
Top 5Leaderboard
A scalable and easy-to-deploy solution that provides password rotation and password encryption features
Pros and Cons
  • "The most valuable features of CyberArk Enterprise Password Vault are password rotations and password encryptions."
  • "We require IAM (identify and access management) capability at the administrator level because we need more identification."

What is most valuable?

The most valuable features of CyberArk Enterprise Password Vault are password rotations and password encryptions.

CyberArk Enterprise Password Vault has a lot of enterprise-level features compared to other PAM products. It's a well-known product, and its implementation is very easy. The solution has good documentation compared to other products. CyberArk Enterprise Password Vault is legitimate software that releases patches as per vulnerability.

What needs improvement?

We require IAM (identify and access management) capability at the administrator level because we need more identification.

For how long have I used the solution?

I have been working with CyberArk Enterprise Password Vault for the past six months.

What do I think about the stability of the solution?

CyberArk Enterprise Password Vault is a stable solution.

Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.

What do I think about the scalability of the solution?

CyberArk Enterprise Password Vault is a scalable solution. We have more than 1000 people using the solution.

How are customer service and support?

CyberArk Enterprise Password Vault's technical support team is good. Whenever we require any help, they assist us based on the SLA. The technical support team's response speed and competence are very good.

How would you rate customer service and support?

Positive

How was the initial setup?

The solution was easy to deploy.

What about the implementation team?

We need a basic understanding of the tools needed and customer requirements to deploy the solution. If the customer is looking only for a password deployment, we deploy only the password.


The deployment will require two or three people and a minimum of one week.

What's my experience with pricing, setup cost, and licensing?

CyberArk Enterprise Password Vault's pricing is reasonable. Since CyberArk Enterprise Password Vault is an enterprise-level solution, its cost is higher than other solutions in the market. The solution comes with maintenance for the first year. However, after that, we need to pay for maintenance.

CyberArk Enterprise Password Vault's licensing model is comparatively very easy. It has a single license. We can deploy the solution based on the particular solutions we need.

What other advice do I have?

One or two administrators are more than enough to operate the solution.

A backup strategy and DR setup are more than enough to implement CyberArk Enterprise Password Vault.

Overall, I rate CyberArk Enterprise Password Vault an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Technical Manager at Gulf IT
Reseller
Lots of features with a great performance and the ability to expand
Pros and Cons
  • "Performance-wise, it is excellent."
  • "Sometimes the infrastructure team is hesitant to provide more resources."

What is our primary use case?

The concern on our end was separating the components, including the password storage component, and having everything completely separated. 

What is most valuable?

The scalability is very easy.

The most valuable aspect was being to be able to manage it through multiple mediums. We can manage it through its command line interface, web view, and directly logging into the digital environment with permission. You have multiple mediums. You don't have to give direct access to the world every time you want to limit what admins should do and what they should not do.

CyberArk has the biggest number of features available when you compare it to other PAN solutions like BeyondTrust, Thycotic, and Delinea. They tend to have a lot of separate components.

Performance-wise, it is excellent. 

What needs improvement?

The components of their web view, policy manager, and session manager, most of them are separated. We need something which can unify those components into a single appliance. Sometimes the infrastructure team is hesitant to provide more resources. 

They have a lot of out-of-the-box integrations with a lot of other products. However, I would want them to bring on some kind of similar platform. If they can bring up the SSO on-prem, that would be ideal, as they don't have those things on-premises. They only provide that for the cloud. If they can do that, it would actually help a lot of us and keep us from trying to acquire multiple technologies for solutions.

For how long have I used the solution?

I've used the solution for six or seven years at this point. 

What do I think about the stability of the solution?

We are very stringent on the performance metrics and would rate the solution very high. It's stable. 

What do I think about the scalability of the solution?

We found that scalability was much easier in CyberArk. In BeyondTrust, scalability required purchasing extra virtual machines every time we wanted to scale it up. However, in CyberArk, we don't need to purchase extra components. It comes along with the line.

Currently, we have around 78 to 80 admins, and there are around 200 underlying accounts. 

Which solution did I use previously and why did I switch?

We previously used BeyondTrust.

Which other solutions did I evaluate?

I haven't compared it to Thycotic yet, however, from what I have read, it looks like CyberArk is better. I've also looked into Delinea.

What other advice do I have?

We are reselling the solution to customers.

I'd rate the solution nine out of ten. It's quite a good product.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
Aakash Chakraborty - PeerSpot reviewer
IEM Consultant at iC Consult GmbH
MSP
Great password storage, very reliable, and pretty much issue-free
Pros and Cons
  • "In terms of stability, there are no complaints."
  • "The initial setup can get complex."

What is our primary use case?

We use the solution as a vault for whatever passwords we use for connecting to an API or job services. The admin passwords we store in Password Vault. Via CyberArk, we have made a use case where we can track the session, keep a record, and log it, to whoever is logging into the servers.

How has it helped my organization?

CyberArk is basically used for privilege access management. It used to be hard to control security from internal employees. For products, and production servers, tracking used to be very difficult. 

Although One Identity Manager also provides similar services that CyberArk provides, they are no match to CyberArk basically. The amount of details and logging that CyberArk provides is command level. That really streamlines the process of tracking those internal servers. That's one significant advantage, I would say.

What is most valuable?

CyberArk's best aspect is it lets you store the password, and it allows you to connect to those connected systems' passwords. For example, there is an AD in your organization, and you have stored the AD password. Say you want to change the AD password; you just have to change it in CyberArk. CyberArk itself will change the password in the connected system. That's one nice feature they have introduced in the latest features. 

What needs improvement?

CyberArk is not friendly in terms of having a Community Edition. It's enterprise software. They could maybe give a Community Edition that you can just play around with and see how the software is. It's a very, very costly app. 

Therefore, they can definitely give a demo version or some sort of a Community Edition with partial features at least to help potential users understand its capabilities. 

The initial setup can get complex. 

For how long have I used the solution?

I've used the solution for about four and a half years.

What do I think about the stability of the solution?

In terms of stability, there are no complaints. CyberArk, I would say, is an industry leader in this portfolio, especially in Privileged Access Management. There are so many identity access management tools, and almost all of them say that they are both IAM and PAM service providers. However, CyberArk is the only one that is specifically for Privileged Access Management, and they really do mean it. With CyberArk, the PAM is really too good.

What do I think about the scalability of the solution?

We have 5,000 users at least on the solution. 

For Privileged Access Management, it's been used extensively.

How are customer service and support?

I've never dealt with technical support. I'm more of an end user in this case. We rarely have to literally dig down into the implementation. There is a different team that exclusively works on CyberArk, and that's the team that basically deals with day-to-day CyberArk operations.

Which solution did I use previously and why did I switch?

In both organizations I have worked, they've used identity access management as Dell One Identity Manager, and for Privileged Access Management, CyberArk.

We basically used to have a separate Password Vault that was KeePass. 

With KeePass, there was a security incident in our organization where a few of the passwords got leaked, and then it was challenging to track how the leak happened. With all that considered, G-PAM or CyberArk Password Vault was considered the next solution to prevent these sorts of things from happening again.

How was the initial setup?

The implementation process is a bit complex. If you know this software or the product very well, then setting it up is not that big a deal. However, if you're a newcomer, then of course, it's not a piece of cake. As a new user, I'd rate it 2.5 out of five in terms of ease of setup.

We started from the development stage, where the maximum amount of time was spent. In a live environment, you can't have that much downtime. Roughly you are allowed for one and half hours, or a maximum of three to four hours for downtime. In a live environment, once we could identify the clicks and hacks of the software in the lower environment, it was pretty easy to do. There, it took roughly one to one and a half hours to do, and that part was pretty smooth.

CyberArk is such a stable product that either they launch a new version, which you have to latch onto very quickly as they censored the support for older versions, and with these security products, you can't really stay along with the older versions. Usually, the products are very stable. They don't need multiple patches or updates. One version itself is self-sufficient. At least in my four and a half years of experience with this product, I have seen fewer intermittent updates. Once they launch a new version, that's a different thing. However, from a maintenance point of view, it's very user-friendly and lightweight. Even usage of the tool is very speedy. It doesn't lag one bit.

What about the implementation team?

We handled the initial setup completely in-house.

What's my experience with pricing, setup cost, and licensing?

This is very costly software. However, I haven't really dug into the licensing. My organization gives all its employees a free license and therefore I don't have to worry about pricing. My organization is a partner with CyberArk also. Even so, we just have one instance as a practice instance. 

Which other solutions did I evaluate?

I did not choose this solution, and I'm unsure if other options were considered. 

The hired architect chose it. I just had the opportunity to implement it. If he evaluated other options first, I have no knowledge of them. 

What other advice do I have?

My company has various levels of partnership with CyberArk.

I'm typically using the latest version of the solution. CyberArk sunsets their older versions very quickly. They won't let you use the old versions.

CyberArk has many components. Password Vault is one of the components. Then there is the CyberArk for server monitoring and logging. These are the two components that we have used extensively. However, apart from that, there are many more applications for CyberArk also, which I haven't used at the moment.

To those considering the solution, I would say when you do the installation, to get on a call with technical support. Keep them on hold. If you are really doing it for the first time and are not aware of the software, you may run into issues.  The public forum of CyberArk is not that good. Their documentation is not that great, and it's not that well maintained. The problems that you may face are seldom covered. Therefore, when you are paying that much money for high-quality software, you can at least ask for better help from them.

I'd rate the solution nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
ITSecurif9a7 - PeerSpot reviewer
IT Security at a manufacturing company with 10,001+ employees
Real User
It gives us the capability to rotate passwords
Pros and Cons
  • "It gives us the capability to rotate passwords."
  • "There were a lot of manual steps in the initial setup which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5."
  • "We need a bit more education for our user community because they are not using it to its capabilities."

What is our primary use case?

We use it for service accounts and local accounts for the machine. We are basically using it to rotate passwords or reconciling passwords, as needed. We do have a number which get changed on a yearly basis (most do). Some get changed on a more frequent basis. Users go into the safes that they have access to or whatever account they need, and they pull it. That is our use case.

It is performing well. However, we need a bit more education for our user community because they are not using it to its capabilities.

We are interested in utilizing the CyberArk secure infrastructure or running applications in the cloud. We are actively implementing Conjur right now just on a test basis to see how it goes.

How has it helped my organization?

It gives us the capability to rotate passwords. That is the biggest thing. We do not want them being stagnant so every service account that we have needs to be rotated at least once a year.

What is most valuable?

Being able to automatically change usages, whenever the password is reconciled. However, we still have to educate the user community, because not all our users enter the usages.

What needs improvement?

PSM: I am going to go back to my company and push for it a little bit more within our groups, because I know that my counterpart has brought it up a number of times in the past. It has been getting blocked, but I have a couple of other paths that we can pursue so we can try to get it, at least, in our infrastructure and tested.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It has been stable. We have not had too many issues with it or any downtime.

What do I think about the scalability of the solution?

It should be able to meet our needs going forward. I don't foresee us leveraging thousands more accounts than we already do. I think it will be fine.

How was the initial setup?

I have done many upgrades on many different systems and applications. It was more of a difficult upgrade path only because there were a lot of small things which could have been done if it were prepackaged into scripts inside the executable during the installation. For example, it automatically stops services so it can do the upgrade. 

There were a lot of manual steps which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5.

What was our ROI?

The ROI on this is just being able to rotate on a 365 day schedule the passwords.

What other advice do I have?

Educate the user community once you get it actively deployed and set up a strict policy on it.

Most important criteria when selecting a vendor:

  • Good reputation for technical support
  • Product that does what it is supposed to do.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Senior System Engineer at a transportation company with 10,001+ employees
Real User
We were able to secure all the server root passwords and admin for Windows
Pros and Cons
  • "CyberArk has allowed us to get the credentials and passwords out of hard-coded property files."
  • "On the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us."
  • "I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy."

What is our primary use case?

Our primary case is for AIM. We are a huge AIM customer, and we also do the shared account management.

We are looking into utilizing CyberArk's secure infrastructure and running application in the cloud for future usage.

How has it helped my organization?

CyberArk has allowed us to get the credentials and passwords out of hard-coded property files. This is why we went with AIM in the beginning. Then, on the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us.

It helps us with our SOX's controls and meeting new client directives.

What is most valuable?

  • AIM
  • CPM

What needs improvement?

I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy. Even with exporting and importing, this will help.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

So far, so good. We have not had any downtime. We do not want to jinx it.

What do I think about the scalability of the solution?

We think it is good. That is why we moved to it.

How is customer service and technical support?

We open the cases. We have made phone calls. We have engaged the professional services and the consulting services to help us move on.

They are mostly up to par. Sometimes, they are a hindrance, when you know you have been through the issue again, and they want to gather the same log files, start from the basics, and we already know we are past that. 

Sometimes, we just need a Level 2 person instead of starting with a Level 1 person, or we need a higher level of support on an issue right away.

We are a long-time customers, so we know what we are doing. The turnover might be an issue, because the support people are not local, or something. Therefore, it takes overnight to receive an answer back. We are hoping we can get local support. Though, recently it is getting better.

We did have one serious case, where our support person and everybody needed a vacation, then took a vacation day, but our leadership needed us to stay on top of the case. It was a day or two where we didn't get any feedback. It would have been nice to know that they were going to be off. They had to hurry and quickly to get somebody assigned to the case. That was probably our only experience there.

What about the implementation team?

Our solution architects, and some of the people on that side, did the PoC and the initially implementation. Then, they handed it off to us.

What was our ROI?

There is a lot of return of our investment related to SOX compliance.

What other advice do I have?

I would recommend the product. 

We have done a lot of customer referrals for CyberArk. It is good. It fits our needs, and there is not anything else out in the market that can match it.

Most important criteria when selecting a vendor: 

  • Good support.
  • Meeting the each of the requirements.
  • Usability of the product.
  • Ease of implementation.
  • Not a lot of customization; you can get it right out-of-the-box and run with it.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Lead Automation Developer at COUNTRY Financial
Real User
It enables us to secure accounts and make sure they are compliant
Pros and Cons
  • "It enables us to secure accounts and make sure they are compliant."
  • "They just released Marketplace, and they are constantly releasing updates to the components and adding new components, like Conjur. This is something that we ran into with Secret Server and DevOps, so it is already scalable, but becoming more so in the future."
  • "More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet."

What is our primary use case?

My primary use case for the product is essentially to secure our privileged accounts, and it's performing amazingly.

What it allows us to do is to rotate the credentials for privileged accounts. It ensures we understand where the accounts are being used and that they are staying compliant with our EISB Policy, which is a policy to change passwords. Thus, attackers find it harder to get in and steal an old password which is just sitting out on a system.

We utilize CyberArk secure infrastructure. We are moving towards applications in the cloud, but we do not currently have that. We are also utilizing CyberArk secure application credentials and endpoints.

How has it helped my organization?

The benefits are the way it allows us to secure accounts, but also be agile with providing privileged usage to our users. It is performing quite well, because it allows us to basically do what the user wants us to do, but in a secure manner. So, everyone is happy. Most of all, we don't have any breaches.

It enables us to secure accounts and make sure they are compliant. Then, when the accounts are not compliant, it gives us the data so we can reach out to account owners, and say, "Your accounts aren't within our ESP policy. We need you to become compliant." This allows us to not only secure them, but keep track of what accounts are moving out of that secure boundary.

What is most valuable?

The most valuable would be the REST API on top of PTA, which we do not have installed yet, but we are looking to install it moving forward in the future. What it enables us to do is if someone takes a privileged account and logs into a machine that we do not know about, it will alert us and log that they have logged in. It allows us to take that identify back and rotate the credentials, so we now own it instead of the intruder going out and using a rogue account.

What needs improvement?

More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet. I would like to see that to be more of a one-on-one transition, and be fully built.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is very stable. We are going to upgrade by the end of this year, if not early next year, to the most recent version 10.12.

What do I think about the scalability of the solution?

The scalability is incredible. They just released Marketplace, and they are constantly releasing updates to the components and adding new components, like Conjur. This is something that we ran into with Secret Server and DevOps, so it is already scalable, but becoming more so in the future.

How is customer service and technical support?

The technical support is wonderful. We get the right person. They answer very quickly, giving us solutions which actually work. If we can't get a solution from them right away, we can tap into the community with the tools that they have given us, and work with people from other companies who have already solved the same issue.

How was the initial setup?

I was involved in the upgrading processes, but not the initial setup. Upgrading is lengthy, because we have quite a few components, but it is definitely straightforward.

What was our ROI?

It has started new projects at our organization. So, we can see where our current landscape is for our privileged accounts, then we try to make them more secure.

What other advice do I have?

Try a demo, if you can. Make it a hands-on with some of the components and see what they offer you.

I have used other privileged account management tools in the past. This, by far, outranks them as far as features and usability. The integrations on top of that as well. 

Each new product that our company buys, we turn to CyberArk, and they are say, "Yes, we integrate with that."

I have used the new generator utility plugin once, so not extensive experience, but I have used it. It does work.

Most important criteria when selecting a vendor: They integrate with CyberArk.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Sales Engineer at Softprom by ERC
Reseller
Scalable solution with an efficient exclusive access feature
Pros and Cons
  • "The solution is highly stable."
  • "It is complicated to deploy for Windows servers compared to other vendors."

What is most valuable?

The solution's most valuable features are one-time password and exclusive access.

What needs improvement?

CyberArk is complicated and costly to deploy for Windows servers compared to a few other vendors. It would be helpful if they combined all the components on a single server. Also, they should release a version specific to small businesses with two servers installation architecture.

For how long have I used the solution?

We have been using the solution for three years.

What do I think about the stability of the solution?

The solution is highly stable. I rate its stability a ten out of ten.

What do I think about the scalability of the solution?

I rate the solution's scalability a ten. It is the best in the market. It can scale to any infrastructure. We had implemented around 1000 target servers for our previous customers.

How are customer service and support?

The solution's training documentation compensates for efforts to raise the tickets. We can resolve the issues ourselves based on the documents provided by the vendor. If you contact them for any problems, they solve them within a few hours.

How was the initial setup?

I have implemented the solution for small and large enterprises. I haven't come across any bugs or issues. I use the 12.2 version as it is more stable, and I have more experience working with it than the newer version. It is easier to deploy if you know how to use it.

The time taken for deployment depends on specific project requirements. In the case of lesser servers and target machines, it takes about a few weeks. Whereas for a larger number of servers, it takes around two to three months to complete. The process involves setting up servers to host password vault, API access, central policy manager, and SM server. Additionally, for customer-specific requirements, we can set up Distributed Trusted Host (DTH) server for privileged analytics and Privileged Session Manager (PSM) for session management.

Apart from the deployment, it involves configuring policies, setting up additional connection components, etc.

What's my experience with pricing, setup cost, and licensing?

The solution is cost-effective for the features. In comparison, other vendors would charge extra for the same features. Also, its pricing model is based on the number of users rather than the number of servers. Thus, there are no additional costs. I rate its pricing a six or seven.

What other advice do I have?

I recommend the solution to others and rate it a ten out of ten. It is user-friendly once you understand its functionality.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
Iordanidis Iordanis - PeerSpot reviewer
Procurement Manager at OTE Group
Reseller
Top 20
Easy to set up and fairly priced with helpful support
Pros and Cons
  • "We found the initial setup to be easy."
  • "We would, of course, always prefer it if the pricing was cheaper."

What is most valuable?

The product is fairly priced. 

It's stable.

The solution is scalable. 

People are quite satisfied with the way it's working and the support we receive. 

The security is good. 

The interface is fine, although I'm not directly using it too much. 

We found the initial setup to be easy.

What needs improvement?

We would, of course, always prefer it if the pricing was cheaper. 

For how long have I used the solution?

I've been using the solution for four or five years. 

What do I think about the stability of the solution?

It's stable. There are no bugs or glitches. It's reliable. It does not crash or freeze. 

What do I think about the scalability of the solution?

We have more than 100 people on the solution right now. 20 to 30 are likely admins. 

The solution is scalable. We can increase licenses as needed. 

How are customer service and support?

Technical support has been helpful and responsive. We are happy with their support. 

Which solution did I use previously and why did I switch?

I can't speak to what solutions, if any, we used previously. 

How was the initial setup?

The solution is very simple and straightforward. It's not complex at all. 

What's my experience with pricing, setup cost, and licensing?

I know that CyberArk is now changing the pricing model to subscription-based. My understanding is renewals will be done on the subscription-based models. The pricing is reasonable. We pay annually.

The costs depend on if you were talking about the access of internal or external users. There is also an extra external fee for supporting the licensing.

What other advice do I have?

We are end-users and customers. 

This is a stable, reasonably priced product. It has good security features as well. Since we received the renewal request, it's been working very well. 

I'd rate the product eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.