CyberArk Privileged Access Manager Reviews

The solution's most valuable features are one-time password and exclusive access.

CyberArk is complicated and costly to deploy for Windows servers compared to a few other vendors. It would be helpful if they combined all the components on a single server. Also, they should release a version specific to small businesses with two servers installation architecture.

We have been using the solution for three years.

The solution is highly stable. I rate its stability a ten out of ten.

I rate the solution's scalability a ten. It is the best in the market. It can scale to any infrastructure. We had implemented around 1000 target servers for our previous customers.

The solution's training documentation compensates for efforts to raise the tickets. We can resolve the issues ourselves based on the documents provided by the vendor. If you contact them for any problems, they solve them within a few hours.

I have implemented the solution for small and large enterprises. I haven't come across any bugs or issues. I use the 12.2 version as it is more stable, and I have more experience working with it than the newer version. It is easier to deploy if you know how to use it.

The time taken for deployment depends on specific project requirements. In the case of lesser servers and target machines, it takes about a few weeks. Whereas for a larger number of servers, it takes around two to three months to complete. The process involves setting up servers to host password vault, API access, central policy manager, and SM server. Additionally, for customer-specific requirements, we can set up Distributed Trusted Host (DTH) server for privileged analytics and Privileged Session Manager (PSM) for session management.

Apart from the deployment, it involves configuring policies, setting up additional connection components, etc.

The solution is cost-effective for the features. In comparison, other vendors would charge extra for the same features. Also, its pricing model is based on the number of users rather than the number of servers. Thus, there are no additional costs. I rate its pricing a six or seven.

I recommend the solution to others and rate it a ten out of ten. It is user-friendly once you understand its functionality.

The product is fairly priced. 

It's stable.

The solution is scalable. 

People are quite satisfied with the way it's working and the support we receive. 

The security is good. 

The interface is fine, although I'm not directly using it too much. 

We found the initial setup to be easy.

We would, of course, always prefer it if the pricing was cheaper. 

I've been using the solution for four or five years. 

It's stable. There are no bugs or glitches. It's reliable. It does not crash or freeze. 

We have more than 100 people on the solution right now. 20 to 30 are likely admins. 

The solution is scalable. We can increase licenses as needed. 

Technical support has been helpful and responsive. We are happy with their support. 

I can't speak to what solutions, if any, we used previously. 

The solution is very simple and straightforward. It's not complex at all. 

I know that CyberArk is now changing the pricing model to subscription-based. My understanding is renewals will be done on the subscription-based models. The pricing is reasonable. We pay annually.

The costs depend on if you were talking about the access of internal or external users. There is also an extra external fee for supporting the licensing.

We are end-users and customers. 

This is a stable, reasonably priced product. It has good security features as well. Since we received the renewal request, it's been working very well. 

I'd rate the product eight out of ten. 

The primary use case is for password credential management of privileged accounts. The product has performed very well, and we will continue to invest in this space because the CyberArk tools are working well for us.

We are using it to manage infrastructure and applications in the cloud, rotating credentials which are used for operating system logins and cloud console credentials.

We have a lot of privileged accounts with a lot of administrators. The only way to have a good handle on the inventory of accounts, and have some type of controls around who has access to the accounts, is to have a tool like CyberArk.

The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used). This helps our security posture. We also look at other privileged accounts, which are used by overlooked applications, and this provides a benefit to the company. 

The most valuable features would be:

• Ease of installation
• Support for every use case that we have come across.
• Application credentials: We have been able to manage them in CyberArk, whether they come as a custom plugin or straight out-of-the-box.

Some of the additional features that we are looking at are in the Conjur product. So, CyberArk has some of the features we want covered either by utilizing Conjur's features or by integrating Conjur directing into the CyberArk tool. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines.

Stability is great, especially as the product matures. I have been using CyberArk since version 4. We currently are using version 9 in our production environment, and are looking to deploy version 10. Version 9 is very stable compared to the previous versions. 

Scalability is great. We have no problems. 

We have a very large, diverse, global environment, and we have not run into any scalability issues. 

Technical support is very good. We have had a technical account manager (TAM) in the past, and have worked directly with her as our primary source. However, we also contact other people in the support environment, and they know the product well and are always willing to help out.

I did an initial installation at another company. It was pretty straightforward. 

CyberArk offered to help with designing the architecture. Once we got all those pieces sorted out, the implementation was easy.

I don't know if anyone has done a true number analysis, but we do see the following:

• The amount of time that people used to spend maintaining credentials;
• The amount of time that used to be utilized for audit purposes and who had which accounts at any point in time.

There is ROI on the actions above because the amount of time that it took to do these tasks has been significantly cut.

If you are starting from scratch with the product, you should take a good inventory of your accounts to know what is in the scope. Start off with the password management aspect of it, but also look into things that provide session management, SSH key, and rotation. These are some of the basic things a new company using privileged access should look for.

CyberArk is always willing to take feedback from the customer and are looking for ways to improve. There are all types of programs within CyberArk to take that feedback and incorporate it into their product.

I have experience using quite a few of the plugins, but I am not familiar with the new generator utility plugin.

The most important criteria when selecting a vendor: They need to understand our environment. We have a very complex environment at a very large scale. They need to show that they have a product which can meet the needs of a large organization like ours, and find solutions from old legacy environments to everything through the cloud.

Our primary use case is to control the technical accounts used in our DevOps environnment. The primary goal was to automate to the maximum all privileged accounts used by applications. It was a big issue because al dev guys were always using the same account/password couple. CyberArk is doing this for them transparently. Through time the scope was extended to all interactive users with the target to avoid them knowing the password. The automated password change was implemented to 99% of all accounts inside the company.

Before the CyberArk implementation passwords were never changed and known by everyone. We were also not able to track who is supposed to have access to what and who did what. With the successful CyberArk implementation, we are able now to:

- Guarantee the password is known by no one or for a maximum of eight hours.

- Full visibility about who is doing what.

- Full control about who is supposed to access what.

The risk of lost password and forbidden access to resources has been drastically reduced which increased the security level for the entire company,

In order to reduce the attack surface, the automated password change was pushed to the maximum. This way we know that no password is known or not for more than eight hours. It simplified the life of the operational teams because they do not need to take care of the secrets and keep their attention to maintain the infrastructure.

What also helped is the ability to constantly track who accessed which object. We took the opportunity to change our process in order to comply it. Now the activities can be done faster with better user experience.

CyberArk lacks the following functions for a better IAM like solution:

- Provision accounts for systems and directories.

- Create access to the systems.

- Monitor if any new account has been created into the system.

- Better GUI for the end-user and also for administrators. The learning curve is quite long and requires lots of training for good usage.

- More automated process for account provisioning into CyberArk. For example when a new DB is created.

- Better documentation with more examples for the configuration files and API/REST integration.

I have been using CyberArk PAS for eight years.

The stability is very good. We never had any crash in eight years.

Scalability is good because of the big variety of modules. Except for the redundancy which is quite limited with the not live replication. Also, the speed is quite slow for application accounts.

Very good always reactive. The commercial part was more difficult.

The initial setup is complex because it requires a clear company structure which was not the case. Technically also CyberArk is hard to address at the start because of its technical complexity and abilities.

In house. Very good.

Not calculated. Users and administrators more happy than before which is the best RIO.

CyberArk is quite expensive and they should have a better pricing model.

BeyondTrust, Hitachi ID, CA.

Hard to implement and to get acceptance from the users and management. But when installed the solution is rock solid.

Currently, we use PAS and EPM. Mainly, we did EPM last year to get rid of local admins on about 300 PCs.

We are looking into utilizing CyberArk to secure infrastructure in the cloud.

I have been in admin for two years. The company has probably had it for more than seven years.

• Lessens the risk with privileged access.
• As far as EPM, mitigating the risk of local admins on PCs.

We are able to rotate credentials and have privileged account access.

It is very stable. We have had no downtime.

It is meeting our needs now, and will still meet our needs in the future.

For the most part, technical support is very knowledgeable. Sometimes, you get the one person whom you might have to push back on a little more. With PAS, they escalate our problems in due time, not so much with EPM.

We did not previously use another solution.

I was part of the initial setup with EPM. It was straightforward during the PoC. Once we rolled it out to users, it got a little more complex.

CyberArk helped with the implementation. 

We did not get the EPM training, so we were just flying by the seat of our pants and going with it. For the most part, we were able to figure stuff out, but some stuff gave us a little run for our money.

With reducing the privileged account access, there has been a huge improvement. They are now bringing more accounts on a little at a time.

Do it now. Don't wait.

Any other issues that we may have come up with, they have always been there to help assist and get us back on the right track. They don't just give you the product, then wipe their hands.

We just got an upgrade to version 10.4, as we went from 9.2 to 9.9.5 last year. This was a major improvement for us, going to 10.4 with the different dashboards and PTA built-in and PTA on the credential rotation. They are starting to integrate all the different components.

Most important criteria when selecting a vendor:

• Ease of access.
• They are with you going through any problems that may arise. 
• Good support.

We use it to harden our passwords for privileged users. We also utilize CyberArk to secure application server credentials.

We plan to utilize CyberArk's secure infrastructure and applications running in the cloud. We have AWS now. That is our next avenue: To get in there and have that taken care of.

If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network.

It keeps us from having to fight with passwords or groups which are not getting onboard with the program.

We are able to rotate privileged user passwords to eliminate fraudulent use.

The web access piece needs improvement. We have version 9.5 or 9.9.5, and now we have to upgrade to version 10. 

Stability is rock solid.

Scalability should not be an issue with us. Our implementation team sized it real well when we received it. We are a younger installation, so we have a long way to go. We have not seen the top end yet.

The technical support is great. They are very responsive.

I was not involved in the initial setup.

CyberArk is the best out there. Their product makes our privileged access management so much easier.

For privilege access management, there is really no choice but to implement this or a similar solution. It is the last bastion that companies have. Firewalls used to be the perimeter and the place to be. Nowadays, intruders can walk through the perimeter (the firewall). So, we have to get on the inside and get it tied down. They are not very many people playing in this market. CyberArk is on the top, so there should not be any reason not to go with it.

Most important criteria when selecting a vendor:

• Best of breed
• Top quality support organization.

• Client-less feature
• Flexible architecture support
• High level of customization for maximize utilization
• User friendly and Flexibility of multiple choice
• Adhere to Security Compliance

This tool is in Leader's quadrant in Gartner Quadrant report. Not just because it has more features than other but also it improves the way organization function. CyberArk can be used as many as you can think of. Such Granular ways of utilizing parameters, features and restrict permissions that no other tool can grant you. This tool has always surprise me with its capability and features.

Since this tool major utilizing modules are PAM and PSM, hence AIM and OPM are least considered by client. Client is somehow reluctant to use these features. Yes, i do agree that these Modules are not that friendly but also CyberArk do not providing proper training on these modules. Reports are also one of the major concern, as it gives a very basic kind of reports. CyberArk must provide some graphical reports which can be customized as per client requirement. After all presentation does matter.

I have been working with PIM solutions since Apr 2011 and I was introduced to CyberArk around four years ago. I started with version 7.2 and I’m now working with version 9.6. Other than this CyberArk, I had experience on Dell TPAM, CA PUPM, Arcos PAM, BeyondTrust PIM etc with some more expertise on Imperva SecureSphere, Guardium, Tripwire Enterprise, Novell Access Manager etc.

Ofcourse, which deployment does not encountered any issue, however it depends upon your planning whether you are facing critical issues or just small hiccups. From my point of view, yes you need to plan it well, think from everyone prospective and also but most important it should be give ease of working not make end user frustrate. Understanding this tool and its utilization is more important in order to deploy it. Since the planning is not only limited to installation of CyberArk components but also it go beyond it such as GPO, AD Configuration, OU Setup, User usage, account management and so on. I face many issues during deployment and also after deployment. Plan it well before implementation.

Earlier in 9.0 version I faced some stability issues, yes there are some stability issues with CyberArk such as memory leakage, password unsync etc. These are some common problems but frustrating. In this version of CyberArk, memory leakage is a quite common and frequent issue which lend up access issue to end users.

As I said above, you need to plan wisely before you implement it. You need to consider all prospects of this tool before implementation.

CyberArk support is one of the best support I have ever seen. I worked on multiple tools and had a conversation with their customer support, CyberArk support is one of best one i have encountered with. They are very patient and calm. However sometime they are not much aware about the issue and could not provide the solution until it escalated to L3. It would give 8 out of 10 to CyberArk support.

Refer to customer service. Technical support is 8/10.

I started my career with Quest TPAM (now Dell TPAM) and also worked on BeyondTrust, CA PUPM, ARCOS, etc. BeyondTrust and ARCOS were introduced in market at that time. These tools are good but doesn't seems to be user friendly as CyberArk PAM. These solutions are bit complex to implement, configure and usage. Even if these tools have some good features which keeps them running in market but one feature in which all these tools are beaten up by CyberArk is User Friendly.

Users are more confident in using CyberArk, more convenient in installing and deployment and easier to customize as per client requirement.

Again, it completely depend upon your architecture design of CyberArk and planning. More complex Architecture leading to more complexity in implementation. Understand the Architecture, understand client requirement and only then design and implement. The sure shot guarantee of successful implementation is "Keep It Short and Simple".

Initially, I took some help but have never got a chance to work with Vendor team. I use to implement CyberArk for my client based on their requirement. I still not consider myself as an expertise, as I am still learning this tool and it always surprise me, however I would rate myself on overall - 6 out of 10.

Learning, keep involve yourself in learning. This is best ROI you will get.

Please contact your local CyberArk Sales support, they will better guide you.

In case of CyberArk, No .. Never.

Privileged Access Management is basically used to just keep track and log. We have to provision those accesses. If a newcomer comes, they have to be identified to ensure they are the correct users. So for those, there is a web implementation where there are some products that you can order, then they're approved. Depending on that mechanism, it's been decided, oh, this is a valid user. That's how it's been managed.

Privileged Access Management in CyberArk is one of the very first features that was implemented as part of Privileged Access Management. Then came Endpoint Manage and finally the Password Vault. From the very beginning, once Identity Access Management as a service started, with Dell One Identity Manager as the first service. Then came CyberArk. I don't think there is an additional benefit that it has brought. It's sort of an essential commodity in the entire Identity Access Management infrastructure.

For me, Privileged Access Manager and One Identity sort of merge together. For me, the best part of CyberArk is Password Vault and Endpoint, basically. If you ask me what's there that, it's that everything is pretty straightforward. There is no confusion. It's a pretty straightforward application to work on.

It is a scalable product.

The solution is stable. 

They should allow further customization as it's really hard to do any further customizations over CyberArk. We do have a wrapper of customization. However, it's very difficult, especially their web implementation. That's one thing I would say they can improve. With Angular and everything on the market, they still have their in-house web implementation tool, which is sort of a headache. 

I would love them to improve their UI customizing features. 

You simply cannot install the demo UI in every customer, basically. They would always ask for something to make their UI look a little different -  simple things like their logo or some sort of additional information pertaining to their particular customer. Even doing the smallest of changes takes a lot to do. 

The solution is stable and reliable. 

I haven't been faced with intermittent bugs like I do on One Identity.

With CyberArk, we rarely get those situations. It's a very, very stable software. You rarely need to raise any bug or service request with them.

It's pretty scalable. Although we haven't increased our infrastructure once, we have installed the latest version. Even then, adding other infrastructure items into the portfolio is not a big deal once you have done the initial installation.

Our organization is more than 30,000 to 35,000 people. However, only a handful of them are entitled to Privileged Access Management. There might be only 5,000 users. It is used quite extensively.

It sort of was implemented with One Identity Manager when Identity Access Management came into the picture. In early times when there was simply Excel as an identity access manager, and then there was nothing basically. Once there was the onset of proper identity access management without in-house custom tools or proper streamlining process, this solution was added. Initially, One Identity was sort of used as a Privileged Access Management also. However, soon they realized that it lacked in a lot of places for Privileged Access Management. That's when we went to CyberArk. That was way before my time.

I have been part of the initial implementation. However, the day-to-day operational tasks are being handled by a different team.

I was part of a migrational project. When I joined this organization, they were just migrating from the last stable version to the present stable version. It was pretty straightforward. There was, in my organization at least, documentation that was a bit more thorough to follow. That helped me a lot.

The implementation takes quite some time. Even in production, we have to instantiate the service. We had to take a special weekend, which means downtime since this is a critical application. Therefore, moving this takes some time. It's not that there are glitches and all. It's such a heavy application that requires moving so many things. For us, it took around nine to nine and a half hours roughly to deploy. This is considering if I take off all the in-between stoppages and breaks.

Privileged Access Management is a complex topic. I won't say that any of the tools are straightforward. That said, if you are thorough, then it's pretty straightforward for people who are in this industry.

I'd rate the setup process a four out of five in terms of ease of implementation.

With every security tool, new users learning by themselves is a bit difficult since the material isn't openly released. It's released if you have a partnership or if you pay for the software. That makes learning the tool a bit difficult. If you are interested in learning, the only thing is to get a job in that field. If your company is using it, it's like learning by doing. That's the only way you can learn about this product.

I'd rate the solution eight out of ten.