CyberArk Privileged Access Manager Reviews

From an industry perspective, you continue to see the headlines in the media about how bad actors have been able to take advantage of weak policies and security controls around access management within companies.  In these cases, the focus has been around employees that can access the most sensitive information, or have access to the very controls that operate and protect the firm.  Products like CyberArk, that provide controls for privileged access, have helped mitigate the threat of taking over those accounts that have the greatest amount of risk to an organization, particularly for those who are system administrators and have the highest powers in being able to access all levels of the technology infrastructure.

When it comes to the product's ability to standardize security and reduce risk across the entire enterprise, standardization is all about simplifying the complexity of IT threats and risks and it's all about the standardization of the controls that you have in place. If you have a product set that enables you to provide security, and it is consistently applied across a specific user base, then you have standardization which drives both enhanced security through the privileged access controls, and efficiency through the standardization of your operating model.

Availability is an interesting challenge, but it is part of an IT Risk Strategy.  When it comes to Cybersecurity, Privileged Access control is the ability to manage IT risk associated with the most powerful access to your infrastructure services.  This IT Risk can manifest itself as compromised information, manipulated data, or disruption of your IT based services. A Privileged Access Security product reduces the threat of stolen credentials and account takeovers of those profiles that would have the power to take down your enterprise.   Therefore, it not only reduces the risk to your firm, but also drastically improves availability. 

The most valuable features are its simplicity and the ease of implementation. When you think about privileged access management and the complexity of solving privileged access for those system administrators in your organization, CyberArk is a product that helps you simplify that problem and implement a standard set of security controls to protect the enterprise.  

In terms of the products ability to manage Privileged Access control requirements at scale; scale is really a function of two influences, which would either be the size of your infrastructure, or the complexity of your organizations operating model for those that have privileged access to your infrastructure services.  CyberArk scales quite readily across a large organization and through proper design and engineering is capable of expanding across a variety of use cases.  Like any technology control implementation however, it is always important to ensure you review and optimize the organizations support operating model, in order to ensure that you have the most optimal design and implementation of CyberArk.  

CyberArk has captured the individual privileged access space well. They've captured the application-to-application and DEVOPS space quite well.. They should continue to invest in optimizing the services, and help companies drive down risk associated with application based passwords, as this is an industry that is being closely watched by external regulators. 

CyberArk continues to stay close to the industry and are always looking for ways to improve  their products and service offerings accordingly.  There are 3 areas that I would call out, that CyberArk should continue to focus on:

1) Continue to help organizations understand how they align their strategies and roadmaps to industry trends and the overall cybersecurity threat landscape. 

2) Continue to help the industry innovate on talent , and position customers to be more successful in supporting their CyberArk implementations. 

3) Continue to help customers understand the Risk reduction capabilities and scorecards associated with their deployments.  Initiatives like the CyberArk Blueprint will help enable enable informed customers. 

The perceived stability of CyberArk is quite dependent on the complexity of the environment it is implemented in, and the overall design of the infrastructure, including both PSM and Vault technologies.  As an infrastructure it is quite stable; however, in complex network infrastructure environments, sporadic network disruptions could create issues accessing the various CyberArk network devices.

Scalability is a function of both technology growth, and integration capability.  CyberArk has not only continued to advance the infrastructure robustness of their software solutions, but through the C3 alliance they have also created integration opportunities with other IT Security and Access Mgmt products that allow companies to provide a full ecosystem of IT controls within their organizations.    This also provides an opportunity for companies to consider best of breed products, like CyberArk, and not have to restrict their decisions to a small set of technology tools that do not provide comprehensive Privileged Access Services.

CyberArk is a growing company and their technical support has continued to grow and mature across the organization. The one thing I'll say that CyberArk has been able to do is to continue to keep in touch with its customers and look into areas where there's opportunity to continue improving their technical support across the organization. CyberArk works with an integrated model: They have integrators within firms that will implement the product. But at some point, you always need to refer back to the software owners of the product to make sure that you're comfortable that what you've designed and implemented is in keeping with what their blueprint would have recommended in the first place. In addition, their technical support has continued to mature and grow to help customers become successful in their deployments.

What is complex is privileged access management. When companies look at implementing a software solution for privileged access management, if they actually haven't looked at the complexities of privileged access within their own organization — and I'm speaking more in terms of the business processes for that type of access across the organization — then any software tool is going to look complex because it's not going to solve the problem.

If a firm focuses on understanding their existing Privileged Access operating model, the inherent business processes, and the risk & pervasiveness of Privileged Access across their enterprise, then they will be better positioned to understand the business problem they need to solve.  CyberArk will then become a capability that enables them to solve their IT Risk issues with privileged access, and capitalize on the efficiencies with their new operating model.  The complexity seldom ever lies in the technology. It always lies in how well it integrates with the business processes that the firm is trying to solve as part of its deployment.

Privileged Access Management is a business transformation program.  It forces business to look at their overall operating model for system administrative and application based access, and develop a strategy that reduces risk overall to the enterprise. Once this strategy is completed, and a new operating model is conceived, CyberArk software and services becomes a very effective series of controls that enable the business to secure the most sensitive access to services, and allows the organization to operate within their risk tolerance. 

Far too often companies will treat the CyberArk product set as a software implementation, that becomes overly complex and evolves into a multi-year program. This is due in part to the legacies of technology programs, where the implementation will force business to rethink their operating model, and therefore delays, scope changes and cost of overall program becomes associated with the software implementation initiative. This is a consequence of positioning a Privileged Access program as a security software implementation, and not a true business transformation initiative. 

While CyberArk continues to adjust its licensing costs and continues to look at the comparisons in the industry and the ability to effectively and affordably help companies and firms solve their privileged access problems, companies also have to look at the overall cost of what a privileged access program means to their firm, and what shareholder value they gain as a result of implementing those types of products or services or business processes. In that context, they should start to look at what the comparison is against the software that they're using to enable those very controls they're trying to implement.

I've spent some time with BeyondTrust. I've spent some time with Centrify. I've had their products in for different instances and different purposes. They play an interesting concentric role in some of the areas that they focus on, but I wouldn't say I have one-to-one experience in other product sets.

CyberArk continues to innovate, as they refine strategies based on industry research and trends in the cyber security landscape, and incorporate the necessary updates to both their roadmaps as well as their product sets. The creation of the customer implementation roadmap, acquisition of Conjur for DEVOPS and the development of  Alero to address 3rd party secured access, are examples of product innovation to address  emerging risks within the  industry.  

I would rate CyberArk 8 our of 10;  although I do remain impressed with their existing set of product offerings, their cyber security roadmap & strategy, and their overall corporate philosophy, I do feel it is necessary for them to ensure they remain vigilant and maintain pace with an evolving cyber industry.  Significant disruption in the technology industry brought on by advancements in Machine Learning / AI, commoditization of cyber attack tools, and rapid deployment of IoT based technologies, summon the need to ensure companies do not become complacent in the agility of their security tools.

I have several passions. One of the passions I've always had is in organizational transformation and leadership. A second is really around the space for identity and access management. CyberArk has allowed me to continue, even after I've retired from the industry after 35 years, to still live that passion through their customers. I've been given the opportunity to provide some keynotes around organizational transformation. It's an exciting industry to be in and CyberArk has allowed me the benefit of still continuing to enjoy that experience.

The main usage of our implementation is to limit the credentials exposure to our third-party teams. They are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials.

Our third-party teams are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials. Besides this, end-points themselves are back in control when the passwords are managed by the CPM.

The two main features are the CPM and the PSM. This is to make sure that the credentials are managed in a controlled manner and the sessions that are launched are set up in an isolated way.

We are aware that in 10.6, the "just in time" access has been created. I would like to see this developed further.

The vault is almost a set-and-forget solution. Once the vault has been installed and configured, not much needs to be done in there apart from the occasional upgrade.

The environment is very easy to scale out. Especially running the CPM and PSM components in a load balanced virtual environment gives you the flexibility to quickly expand the environment.

This has been excellent for me. They always replied quickly, and most of the time the issue was resolved. The only downside — as soon as a ticket goes to the R&D engineers, you will have to wait a bit.

We did not use a PAM product before this.

The initial setup (for a UAT environment) was straightforward. During the planning of the PROD environment, it became a little more tricky with different network segments and method for accessing the environment itself.

We had a combination of in-house (with training), vendor (CyberArk) and third-party vendor. The third-party vendor Computacenter helped us with creating some design and documentation. I would not recommend this third-party to other people as they did not fully work with us and listen to our requirements.

We are still rolling out in our environment which makes the ROI difficult to calculate.

Make sure to use the latest licensing model as that will give you most of the "cool" features to work with.

One of the most important aspects is to ensure that the business is behind the solution. CyberArk suite will only work well if all users adopt the system.

The main focus of using CyberArk was to replace our previous Excel spreadsheets, which contained all of our passwords. The reason that we brought it in was to replace them and meet certain audit requirements.

We are using CyberArk to secure applications for credentials and endpoints.

We are planning on utilizing CyberArk to secure infrastructure and applications running in the cloud. It is on our roadmap for next year.

It allows me to create my custom CPMs more easily and quickly without having to code everything. It helps me build a lot of these codes, so it makes it easier for me to create custom CPMs and PSMs.

It allows us to be able to manage a third-party which is not natively supported by CyberArk. If there are certain legacy applications which are so old that CyberArk does not support them out-of-the-box, it allows me to be able to create custom connections and be able to manage those accounts.

• Ability to do workflow.
• Allows users to self-provision access to the accounts that they need.

There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution.

The new PVWA is great. I actually saw some of the newer functionalities, and the look and feel looks great so far. It is just a matter of getting us there. We need to be able to upgrade the environment. They have been able to get the functionalities I was looking for on some of the latest releases.

Stability is pretty good. I have not had any issues with it.

Scalability is pretty good. I have not had any issues with it. It should meet my company's needs in the future.

For what I was using technical support for, they were really knowledgeable. They were able to resolve the issues that we had. I have not had any problems with them, though it took them a bit of time. A lot of times, they did not escalate it right away, not until three or four tries, then they did escalate it to Level 2, possibly even Level 3 support.

We were previously using Excel spreadsheets. We changed because of audit requirements, but a lot of times it will due to usability. We understand that having our password in a spreadsheet is a huge vulnerability, so it is one of the things that made us look for a solution to manage those credentials, and create automated workflows around it for audit requirements.

The initial setup was pretty straightforward. I think the implementation only took a couple of days.

We had someone from the CyberArk team helping us with the implementation.

One of the processes that we have defined is called a Fire ID process, where to be able to get a Fire ID. It requires a user to call the help desk. The help desk will create a ticket, then contact the employee's managers to get approval, and then provide them with an account. That process, in some cases, can take hours.

With CyberArk, it allows us to streamline and create a workflow which allows them to automatically log into CyberArk, grab the credentials that they want, and it automatically sends their approval to their manager, who can click a couple buttons, approve, and the user is able to get their credentials. That process went from hours to now just minutes.

We looked at Leiberman, and also at Thycotic Secret Server.

One main things that stood out about CyberArk would be the actual user interface. CyberArk's interface was better than the other two, and their price points were fairly similar. The usability and functionality were similar, so we looked at it from a user standpoint (the front-end of the tool), and CyberArk came out on top.

My advice is to have the necessary resources to fully implement this. Don't just bring it in and let it sit. It needs to have the resources with a fully dedicated team to be able to get this functional. Otherwise, it will be sitting there not being fully utilized. There are a lot of functionalities that require a lot of resources to get it up and running.

I have been using the new plugin generator utility for about a year. I took a PSM Connection course this past summer. I have been using it ever since.

Most important criteria when selecting a vendor: 

1. It will be usability of the product. I want to make sure that when we have the product, we can quickly use it and have a full understanding of it without all the hoops that we need to jump through just to be able to understand what that system looks like or how it works. 
2. The next thing will be support. How will they be able to support the system? Do they have a good support staff who will be able to help us get through an implementation? 

Those are the two main things I look for: the usability and supportability of the tools.

The primary use case is, of course, that we do the EPV for password vaulting and security changing, and prior to version 10 we were excited and it functioned perfectly fine. There are a few glitches with version 10 that we are not really happy with, but the functionality itself still exists and it's working like it should.

We actually have our vaults in the cloud. I don't know if we have any applications in the cloud that we're planning on managing, yet. We're not really a big AIM shop just yet, so I don't know if we're planning on utilizing CyberArk to secure infrastructure applications running in the cloud.

We're looking forward to utilizing CyberArk to secure application credentials and endpoints, however right now we have three or four AIM licenses.

It increases the security posture across the entire enterprise because it's not only helping to secure those infrastructure accounts but it's also helping to secure our user accounts as well.

It requires a lot more auditing and monitoring and checks. So if you don't have the right approvals, you can't get the credentials you need to do what you need to do. So if you don't have authorization, of course you can't get them anyway. In total, it's making the environment more secure. The security posture is a lot better.

I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes which can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors. 

And then, of course, the users have the ability to rotate those passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically.

PSM is pretty cool, but my favorite part is I get to secure your passwords that you get to use either with or without PSM.

We had an issue with the Copy feature. Of course when we do the password rotation we restrict users' ability to show a copy of their passwords for some cases, and in other cases they actually need that ability, but we would prefer them to copy to the clipboard and then paste it where it needs to go - as opposed to showing and it typing it somewhere and you have the whole pass the hash situation going. But apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it. 

Then there is the failed authentication now. I don't know if that was a glitch or if that was an update, because I know sometimes you don't really want to tell a person when their account has been suspended because if I'm a hacker, maybe I'm just thinking I have the wrong password. When the account is locked you don't actually want them to know the account is suspended. However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up.

So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended," because normally we would be told that the account is suspended. They would take a screenshot of the error and it would say, 'Hey, user is suspended, station is suspended for user so-and-so." It doesn't say that anymore. So now it just says "Failed authentication." And that could be because they might not be in the right groups in Active Directory, they might not have RSA. It could be so many different things, where before, they would be able to say, "Yeah, I'm suspended." And we could say, "Okay, we can fix that in two minutes." We just log in to PrivateArk and enable your account and you're fine. Now we're saying, "Maybe we should check PrivateArk first, just in case," to make sure you're not suspended. It's going to be a whole rabbit hole that we fall into, simply because we're not given that information upfront.

In terms of future releases, I would love to be a partner again and get a temporary license that I can put back in my home lab because my license expired. I would like to play with 10.4. I want to see it and feel it out and see if I can break it because my rule of thumb is, if I can break it, I can fix it. That is one of the things I like about CyberArk, especially over CA PAM, because with CA PAM you get no view into the back-end on how it's configured and how it's built and how it works. With CyberArk, they literally give you everything you need and say, "Hey, this is your puppy. Raise it how you want." You get to see the programming and you get to configure and everything. I've broken several environments, but I'm pretty good at fixing them now because I know how I broke them.

Prior to version 10, I was gung-ho CyberArk. I wish we would have waited until version 10.7 as opposed to 10.3. But for the most part it's stable, it's just that there are glitches in the matrix right now. We'll have to work those out.

I have worked with both CyberArk and what was formerly Xceedium and is now CA PAM, and in my opinion, I'm gung-ho CyberArk. CA PAM is not scalable like that at all. I love the fact that the different components can be installed in multitude or in singularity on different servers.

I understand the concept of it being an appliance, and technically it is an appliance because of how CyberArk hardens everything. But the fact that I can put my vault here in a central location on one net for example, and I'll have a CPM in California, a CPM in Texas, a CPM in New York, a CPM in Florida, and actually be able to grow with my company and not necessarily have to continue to grow my vault until I get to a certain number accounts - yet I can still manage everything across the country, if not the world - I love that. I love the flexibility and the capability of being able to pull those components out.

I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs."

I would like to say, "Can I get a WebEx please? Can you just look at this because I can tell you exactly what I did and how I did it, and then I just need you to help me fix it, because we've been doing this for about 30 minutes now, and when it gets to an hour it's going to start costing my customers money. So can we fix this today rather than tomorrow?" I'm not the biggest fan of tech support.

I have had experience with CA PAM. That's the only other password vaulting technology that I've used so far. I've used SailPoint IdentityIQ, but that's not really password vaulting. Apparently, there is a partnership growing that allows you to provision CyberArk through SailPoint, which I worked on with the CDM project - and it was a headache last year. So I'm excited about the new CM technology that they have that's allowing for that integration, but other than that, I haven't really done much.

I have done several installations for the CDM contract of CyberArk and I've done several upgrades as well.

The installation is as straightforward as it comes. There are some glitches, but it's not with CyberArk, it's with the environment that I'm installing in. In that environment they don't ever follow directions, so we have to get there and say, "We need you to rebuild your vault because you did it from an image and not from the CD, and it's not supposed to have any GPOs, it's not supposed to be on the domain. CyberArk tells you this in their paperwork. We told you this." But, of course, they don't listen. We get there and they spend a day telling us, "Hey, we have to rebuild our server." And we say, "Okay, well thanks for those eight hours. I appreciate it."

The biggest return on investment would be the security itself. I've seen ethical hackers that attempted to infiltrate a component or a department in the agency and they were stopped at the gate. They tried every which way they could and they just couldn't get the passwords they needed to get to the elevated accounts to get to where they wanted to go. So it was just great to see CyberArk in action.

Do your research. That would be my biggest advice. CyberArk is a great tool. However, it is not the only tool that does what it does and, in some cases, for a lot of people, other passport vaulting tools are more toward what they would need in their environment.

I would give CyberArk an eight out of 10, and the two missing points would probably be mostly because of technical support. I would love to actually get the support that I asked for. I would love to actually get the help that I'm asking you for as opposed to you telling me, "Yes, I can help you. I need you to fill out these papers and jump through that hoop and then cut a cartwheel and rub your belly while you pat your head at the same time." If it wasn't for that, it would be more towards a 10.

My most important criteria when selecting a vendor are

• credibility
• functionality.

The primary use case is for password credential management of privileged accounts. The product has performed very well, and we will continue to invest in this space because the CyberArk tools are working well for us.

We are using it to manage infrastructure and applications in the cloud, rotating credentials which are used for operating system logins and cloud console credentials.

We have a lot of privileged accounts with a lot of administrators. The only way to have a good handle on the inventory of accounts, and have some type of controls around who has access to the accounts, is to have a tool like CyberArk.

The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used). This helps our security posture. We also look at other privileged accounts, which are used by overlooked applications, and this provides a benefit to the company. 

The most valuable features would be:

• Ease of installation
• Support for every use case that we have come across.
• Application credentials: We have been able to manage them in CyberArk, whether they come as a custom plugin or straight out-of-the-box.

Some of the additional features that we are looking at are in the Conjur product. So, CyberArk has some of the features we want covered either by utilizing Conjur's features or by integrating Conjur directing into the CyberArk tool. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines.

Stability is great, especially as the product matures. I have been using CyberArk since version 4. We currently are using version 9 in our production environment, and are looking to deploy version 10. Version 9 is very stable compared to the previous versions. 

Scalability is great. We have no problems. 

We have a very large, diverse, global environment, and we have not run into any scalability issues. 

Technical support is very good. We have had a technical account manager (TAM) in the past, and have worked directly with her as our primary source. However, we also contact other people in the support environment, and they know the product well and are always willing to help out.

I did an initial installation at another company. It was pretty straightforward. 

CyberArk offered to help with designing the architecture. Once we got all those pieces sorted out, the implementation was easy.

I don't know if anyone has done a true number analysis, but we do see the following:

• The amount of time that people used to spend maintaining credentials;
• The amount of time that used to be utilized for audit purposes and who had which accounts at any point in time.

There is ROI on the actions above because the amount of time that it took to do these tasks has been significantly cut.

If you are starting from scratch with the product, you should take a good inventory of your accounts to know what is in the scope. Start off with the password management aspect of it, but also look into things that provide session management, SSH key, and rotation. These are some of the basic things a new company using privileged access should look for.

CyberArk is always willing to take feedback from the customer and are looking for ways to improve. There are all types of programs within CyberArk to take that feedback and incorporate it into their product.

I have experience using quite a few of the plugins, but I am not familiar with the new generator utility plugin.

The most important criteria when selecting a vendor: They need to understand our environment. We have a very complex environment at a very large scale. They need to show that they have a product which can meet the needs of a large organization like ours, and find solutions from old legacy environments to everything through the cloud.

CyberArk is for Privileged Access Management, so we secure our privileged accounts using CyberArk.

The main, most valuable aspect is its capability to secure our environment. That's the main reason why we are using it.

It can be made user-friendly, in the sense of the console is pretty outdated. They could add more enhancements, et cetera.

They could add more built-in connection components to support various other application platforms. The built-in connection components available are mostly not fit for our purpose. We need to do additional customization to make it work.

I’ve used the solution for almost two years.

Stability is fine so far, other than a couple of phishes every once in a while.

25 people are using the solution.

The solution is scalable. It’s on the cloud, which makes it simple.

We have enterprise support from the vendors.

The response time could be a bit better. Some people don’t have the access to be able to jump in right away. Sometimes we need someone from the development team who has access to help.

Neutral

I’ve never had experience with any other vendors.

The initial setup was not that straightforward. However, we had vendor support, and we were able to fix all the issues.

It took us almost a month to deploy the solution.

I’d rate the solution a three out of five in terms of ease of setup.

In terms of maintenance, some of the components are not in the cloud, so we handle these aspects ourselves. We have a dedicated team for it.

We initiated the setup with the help of the vendor.

I don’t deal with the licensing. That said, my understanding is that it is on the higher side.

When we need enhancements, we do have to pay more.

We are CyberArk partners. I’m a consultant.

We’re always using the most up-to-date solution version, as we are utilizing the cloud.

We use it mostly to secure our privileged accounts. We don't actively use any other products of CyberArk.

I’d recommend the solution. It’s ideal for smaller organizations.

I would rate it seven out of ten.

We use this solution for the user ADM account onboarding process within our company. If they need server access, we create ADM accounts, and we onboard to CyberArk.

We use it also for the password protection process with other products. We can use this as a password wallet, and we create the password rotation in CyberArk.

We can grant access, check the system's health, and create policies for users.

Creating policies and the password rotation feature have been valuable. We don't have to memorize our password for the ADM account.

Security wise, it's really safe. The password expires within six to eight hours, so no one can get that password from us. Other users can't log in without our credentials, and also, the ADM account password will automatically rotate.

It's really user-friendly as well.

Report creation could be improved.

The policies could be more customized.

I've been working with this solution for almost nine months. It's deployed on the cloud.

The stability is really good.

We have more than 2000 users, and it's really easy to scale.

I have worked with Thycotic before. It is not user-friendly, although it has changed a lot.

Implementation was really hard, and the reporting was not as good as the users expected. In comparison to CyberArk, Thycotic was not better.

The deployment process is really easy, and I would give it a four out of five.

We got support from the CyberArk team but deployed it ourselves. It was easy to follow the documentation and user guide.

CyberArk is an expensive product.

If you can afford CyberArk Privileged Access Manager or you are looking 5 to 10 years in the future, it's a good investment. You will gain experience handling all these pieces using the one product. You can easily integrate with other products also.

You would have maintenance with other PAM products, and you won't with CyberArk. You can save that money by investing in a high quality product from the beginning itself.

Overall, I would rate CyberArk Privileged Access Manager at eight on a scale from one to ten.

In our company, CyberArk is used to manage passwords for IP use. We use CyberArk for managing and automatically changing passwords in our managed system and environment.

We use it for coding privileged sessions, but we also use another solution for that, and CyberArk is the backup for this.

We are using the latest version.

It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes according to the internal security policies in our bank.

CyberArk PAM gives us a single pane of glass to manage and secure identities across multiple environments. This is quite important for compliance reasons.

CyberArk PAM provides quantitative risk analysis for every human and machine identity in our environment. This has a big impact on reducing risk. 

The PAM feature is the most valuable. It helps us to automate our jobs and administrative tasks. 

It also gives us a lot of features for compliance. Using this type of software is required by Polish law in finance and business in Poland.

We use CyberArk’s Secrets Manager to secure and manage secrets and credentials for mission-critical applications. The newest GUI is much better than the older version. Now, it is quite good.

CyberArk PAM provides an automated and unified approach for securing access to all types of identities that we use. This is very important to us.

I would like advanced RPA in the basic license. CyberArk has RPA, but we would need to buy additional licenses. It is not out-of-the-box.

I would like better support.

I have been using it for five years.

So far, we don't have any problems. We have implemented higher availability in CyberArk. So, maintenance or updates don't have an impact on our environment. We don't have performance problems or anything like that. The stability is very high.

I have had no problem with agility in this solution. Everything works fine and gives us an opportunity to act as we want.

According to the information that I have, we simply add more servers if we need it or have additional business requirements. So, scalability is high.

There are about 155 users. Mostly, they are our IT administrators and developers.

This tool is used daily in our bank. We don't have plans to increase usage right now.

We don't often contact technical support, but when we do it, the response could be faster and better.

Neutral

We didn't previously use another solution.

The initial setup was complex. Our deployment took three months.

We needed to scale our environment and implement the correct number of servers to prepare for a working environment.

Implementation of our CyberArk instance was done by an external company. It covered all our needs and requirements.

We have not seen ROI directly in money. However, we have seen ROI in quality. It increases security in our IT environment and provides the highest SLA for our systems.

CyberArk PAM helps save us time when it comes to onboarding new employees and providing them secure access to SaaS apps and IT systems. It is saving us about two to three days per new employee.

We use an old model for pricing. The new model is a subscription model on the cloud. 

The price of CyberArk support could be a little bit less. Otherwise, pricing is fine.

We did some benchmarking, without the tools, to compare the cost of maintenance and functionality. We compared CyberArk to Password Manager Pro from ManageEngine. CyberArk has more functionality and better stability, in our opinion. The price was very similar between the two solutions. 

CyberArk is a good technology partner. They help us a lot with maintenance and our security process management.

I don't have experience in the cloud using CyberArk. However, for on-premises environments, it works very well. I recommend it. 

I would rate the solution as a nine out of 10.