Try our new research platform with insights from 80,000+ expert users
Senior Security Engineer at a financial services firm with 1,001-5,000 employees
Real User
Allows users to self-provision access to the accounts that they need
Pros and Cons
  • "It allows users to self-provision access to the accounts that they need."
  • "There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution."

What is our primary use case?

The main focus of using CyberArk was to replace our previous Excel spreadsheets, which contained all of our passwords. The reason that we brought it in was to replace them and meet certain audit requirements.

We are using CyberArk to secure applications for credentials and endpoints.

We are planning on utilizing CyberArk to secure infrastructure and applications running in the cloud. It is on our roadmap for next year.

How has it helped my organization?

It allows me to create my custom CPMs more easily and quickly without having to code everything. It helps me build a lot of these codes, so it makes it easier for me to create custom CPMs and PSMs.

It allows us to be able to manage a third-party which is not natively supported by CyberArk. If there are certain legacy applications which are so old that CyberArk does not support them out-of-the-box, it allows me to be able to create custom connections and be able to manage those accounts.

What is most valuable?

  • Ability to do workflow.
  • Allows users to self-provision access to the accounts that they need.

What needs improvement?

There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution.

The new PVWA is great. I actually saw some of the newer functionalities, and the look and feel looks great so far. It is just a matter of getting us there. We need to be able to upgrade the environment. They have been able to get the functionalities I was looking for on some of the latest releases.

Buyer's Guide
CyberArk Privileged Access Manager
April 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Stability is pretty good. I have not had any issues with it.

What do I think about the scalability of the solution?

Scalability is pretty good. I have not had any issues with it. It should meet my company's needs in the future.

How are customer service and support?

For what I was using technical support for, they were really knowledgeable. They were able to resolve the issues that we had. I have not had any problems with them, though it took them a bit of time. A lot of times, they did not escalate it right away, not until three or four tries, then they did escalate it to Level 2, possibly even Level 3 support.

Which solution did I use previously and why did I switch?

We were previously using Excel spreadsheets. We changed because of audit requirements, but a lot of times it will due to usability. We understand that having our password in a spreadsheet is a huge vulnerability, so it is one of the things that made us look for a solution to manage those credentials, and create automated workflows around it for audit requirements.

How was the initial setup?

The initial setup was pretty straightforward. I think the implementation only took a couple of days.

What about the implementation team?

We had someone from the CyberArk team helping us with the implementation.

What was our ROI?

One of the processes that we have defined is called a Fire ID process, where to be able to get a Fire ID. It requires a user to call the help desk. The help desk will create a ticket, then contact the employee's managers to get approval, and then provide them with an account. That process, in some cases, can take hours.

With CyberArk, it allows us to streamline and create a workflow which allows them to automatically log into CyberArk, grab the credentials that they want, and it automatically sends their approval to their manager, who can click a couple buttons, approve, and the user is able to get their credentials. That process went from hours to now just minutes.

Which other solutions did I evaluate?

We looked at Leiberman, and also at Thycotic Secret Server.

One main things that stood out about CyberArk would be the actual user interface. CyberArk's interface was better than the other two, and their price points were fairly similar. The usability and functionality were similar, so we looked at it from a user standpoint (the front-end of the tool), and CyberArk came out on top.

What other advice do I have?

My advice is to have the necessary resources to fully implement this. Don't just bring it in and let it sit. It needs to have the resources with a fully dedicated team to be able to get this functional. Otherwise, it will be sitting there not being fully utilized. There are a lot of functionalities that require a lot of resources to get it up and running.

I have been using the new plugin generator utility for about a year. I took a PSM Connection course this past summer. I have been using it ever since.

Most important criteria when selecting a vendor: 

  1. It will be usability of the product. I want to make sure that when we have the product, we can quickly use it and have a full understanding of it without all the hoops that we need to jump through just to be able to understand what that system looks like or how it works. 
  2. The next thing will be support. How will they be able to support the system? Do they have a good support staff who will be able to help us get through an implementation? 

Those are the two main things I look for: the usability and supportability of the tools.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Oluwajuwon Olorunlona - PeerSpot reviewer
Cyber Security Engineer at eprocessconsulting
Real User
Highly stable and efficiently automates application authorization
Pros and Cons
  • "It's secure and reliable. I especially appreciate that it's locked down and only allows access to authorized components."
  • "One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible."

What is our primary use case?

We use it for other use cases, such as automating application authorization, managing files, and securing monetary accounts. We use it for managing privileged accounts.

What is most valuable?

I like everything about it. It's secure and reliable. I especially appreciate that it's locked down and only allows access to authorized components.

What needs improvement?

The issue is that in many environments, what I purchase via text is different. We have some policies that are specific to Microsoft environments. For example, my actual manager may not be able to connect to a Microsoft product due to a policy on it. The issue that comes to mind now is how six credentials are managed.

Currently, if you try to log in to any server within the environment, you would need to log in every time, regardless of whether you have already received the credential or if the connecting device is present or not. It is a problem with CyberArk. If CyberArk could find a way to solve this, it would greatly improve the experience.

I'm not sure if it is possible to fix this. It's not a point of entry, but it may require a longer string than the user might want to know, or maybe cheaper right now. If CyberArk can find a solution that improves the experience, it would be beneficial to customers.

Another thing is that there are some time needs that could be improved in the future. One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible.

For how long have I used the solution?

I've been working with it for three years. I'm currently working with version 12 of the solution, and I've also worked with version 10 and partition 11.

What do I think about the stability of the solution?

The number of users is about 3,305, and it is stable. We don't have any small clients, mainly medium and enterprise businesses.

I would rate stability a ten out of ten, and it's very stable.

What do I think about the scalability of the solution?

I would rate scalability an eight out of ten. It's not perfect, but it's fairly scalable.

How are customer service and support?

Some things need improvement. The solution doesn't provide sufficient support. I contacted them at one point, but it took several months to get a response. Additionally, we had an issue with account balances that took a while to resolve. That was four or five years ago, though. Other than that, it's a decent solution.

How would you rate customer service and support?

Positive

How was the initial setup?

Regarding the initial setup, I would say it's pretty straightforward on a scale from one to ten, where one is difficult and ten is easy. I'd give it a nine. Deployment took less than a week.

What about the implementation team?

I deployed the solution.

What's my experience with pricing, setup cost, and licensing?

It is pretty pricey. I would rate it a seven on a scale of one to ten, where one is cheap, and ten is very expensive.

What other advice do I have?

Overall, I would rate the solution a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
April 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
Hrushikesh Karambelkar - PeerSpot reviewer
Sri Privileged Access Management Architect at Edgile
Reseller
Extremely stable, scalable, and has great technical support
Pros and Cons
  • "CyberArk has the ability to change the credentials on every platform."
  • "The initial setup has room for improvement to be more straightforward."

What is our primary use case?

The primary use case of the solution is mining the credentials on our Windows unique network.

What is most valuable?

The solution is able to rotate the credentials and session recording. CyberArk has the ability to change the credentials on every platform.

What needs improvement?

The initial setup has room for improvement to be more straightforward.

For how long have I used the solution?

I have been using the solution for three months.

What do I think about the stability of the solution?

The solution is extremely stable.

What do I think about the scalability of the solution?

The solution is extremely scalable.

How are customer service and support?

The technical support is fantastic and quick to respond. 

How was the initial setup?

I give the initial setup a five out of ten.

The initial deployment requires a couple of weeks and for the on-premises portion an additional two to four weeks. The deployment required one full-time architect and one full-time senior consultant. 

What's my experience with pricing, setup cost, and licensing?

The solution is costly but we get what we pay for.

What other advice do I have?

I give the solution a ten out of ten.

For maintenance, we require one part-time architect and two operations people.

I recommend the solution to others.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Muamer Riza Gani - PeerSpot reviewer
Assistant Vice President for Cyber Security Project at a financial services firm with 1,001-5,000 employees
Real User
Plenty of features, scalable, and responsive support
Pros and Cons
  • "All of the features of CyberArk Privileged Access Manager are valuable."
  • "The initial setup of CyberArk Privileged Access Manager difficulty depends on the environment that you are implementing it into. However, it typically is simple."

What is our primary use case?

We are using CyberArk Privileged Access Manager for securing access to the host or the server. The solution has the capability to record activity on the server, rotate the passwords, kick out an active user, and complete an action if suspicious activity is triggered on the server. We typically only use the solution for accessing the target server and for password rotations.

How has it helped my organization?

One of the benefits of using CyberArk Privileged Access Manager is we have an audit trail that fits the requirements of our organization and we are more secure using the features of the solution, such as investigating and tracking.

What is most valuable?

All of the features of CyberArk Privileged Access Manager are valuable.

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for approximately six months.

What do I think about the stability of the solution?

CyberArk Privileged Access Manager is stable.

What do I think about the scalability of the solution?

The scalability of CyberArk Privileged Access Manager is very good.

We have approximately 300 users using the solution.

How are customer service and support?

The partner support we have in Indonesia is fast and responsive to our needs. They are available if we are facing a problem. However, there is still room for improvement.

I rate the support from CyberArk Privileged Access Manager an eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I was previously using MEGA HOPEX.

How was the initial setup?

The initial setup of CyberArk Privileged Access Manager difficulty depends on the environment that you are implementing it into. However, it typically is simple.

I rate the initial setup of CyberArk Privileged Access Manager a five out of ten.

What about the implementation team?

We use a third party to do the implementation of the solution. We purchased preventive and corrective maintenance from our partner.

What's my experience with pricing, setup cost, and licensing?

There are additional features added to our CyberArk Privileged Access Manager license. For example, features that allow us to integrate into various kinds of platforms.

What other advice do I have?

I would recommend this solution to others. It has great value and it ensures your environment is secure and it is most important in production. If your company is a financial institution it is a lot of times mandatory to have a solution similar to this in operation because of cyber security concerns. We need to have preventive or professional action and one of those elements is to have a secure platform.

I rate CyberArk Privileged Access Manager an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Jan Strnad - PeerSpot reviewer
Security Architect at AutoCont CZ a. s.
Reseller
Protects accounts and has a password rotation feature that thwarts hackers; technical support was good
Pros and Cons
  • "What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users."
  • "In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution. Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations. In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows."

What is our primary use case?

We use CyberArk Privileged Access Manager for our customers who want to monitor and protect the access from the vendor side or the partner side. These customers want to cover external users who want to gain access.

What is most valuable?

What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users.

What needs improvement?

In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution.

Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations.

In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows.

For how long have I used the solution?

I've been working with CyberArk Privileged Access Manager for four years.

What do I think about the stability of the solution?

CyberArk Privileged Access Manager is a stable solution.

What do I think about the scalability of the solution?

CyberArk Privileged Access Manager is easy to scale. You can divide the solution into different parts and connect them, then you can add a new feature, a new appliance, or a new system. The solution works.

How are customer service and support?

In terms of the technical support for CyberArk Privileged Access Manager, I sometimes contact the service engineer in this region. I also have access to the support portal which I use in some issues, but it's not so often. I found the technical support team very professional and I would rate support for CyberArk Privileged Access Manager five out of five.

How was the initial setup?

The initial setup for CyberArk Privileged Access Manager was complex because, in the beginning, you must get the information from the customer such as how he wants to install it, how he wants to protect privileged accounts, how password rotation would work, etc., before you can install the solution.

The time it takes to deploy CyberArk Privileged Access Manager depends on several factors such as how many admins a customer has, how many devices, and the types of devices, for example, does the customer have servers such as Windows or Linux, some other network solution, or some applications, etc.? It could take between ten, fifteen, or one hundred days. My company needs to analyze at the beginning to define how long the process will take.

On a scale of one to five, with one being complex and five being very easy, I would rate the initial setup for CyberArk Privileged Access Manager four out of five.

What's my experience with pricing, setup cost, and licensing?

I'm a technician so I don't handle the licensing for CyberArk Privileged Access Manager, but I know that the price for the core license is about €140 per year. There's another type of license, the external vendor license, and that's about €600 and you can manage twenty devices. From what I know, the price for one device in a subscription is about €65 per year.

You can buy the CyberArk Endpoint Privilege Manager too, or you can buy some other application or application license with CyberArk Privileged Access Manager, but all other features, such as the Analytics Server is included in the basic CyberArk license. With WALLIX, you need to buy separate licenses for the features.

Which other solutions did I evaluate?

I've evaluated WALLIX, apart from CyberArk Privileged Access Manager.

CyberArk Privileged Access Manager is a global solution that applies to all customers, from small scale to enterprise businesses, but the solution has a little bit more servers that you need for the installation. WALLIX, on the other hand, is just one appliance that focuses on small-scale customers. Its deployment is much easier because you just install one appliance with all the features inside. Deployment is easier with WALLIX versus CyberArk Privileged Access Manager which has a complex deployment. In the end, CyberArk Privileged Access Manager has more features that you can define or set up, while WALLIX has some limitations.

What other advice do I have?

I'm working for a company that sells privileged access management solutions, including CyberArk Privileged Access Manager.

The version of the solution which I'm dealing with is an old version. Most of the deployment is on-premises, but my company will start cloud deployment for CyberArk Privileged Access Manager as well.

My company resells, implements, and also provides support for CyberArk Privileged Access Manager for the customers.

The solution requires upgrading regularly, and if there's a new system or application, you need to set it up for privileged access management on CyberArk Privileged Access Manager, so maintenance is important. Currently, in my company, five people work with the solution where there are about two hundred devices with fifty administrators. In the beginning, CyberArk Privileged Access Manager was for large-sized businesses. Nowadays, it's also used by medium-sized businesses.

I would recommend CyberArk Privileged Access Manager to others looking into implementing it because it's very important to protect privileged accounts in the company and do password rotation, so the hackers won't have a chance to detect and find the real passwords in the system. You can also use CyberArk Privileged Access Manager to protect external users and the admins from the direct connection to the server and after that, you can see what the users and admins do because the system makes video recordings and session logs. It's important to see what the admins do from time to time.

For me, CyberArk Privileged Access Manager is the best product, and even Gartner says the same, so I would rate it a ten out of ten.

My company is a partner and reseller of CyberArk Privileged Access Manager.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
ChaminiEllawala - PeerSpot reviewer
Identity and Access Management Engineer at Wiley Global Technology Pvt. Ltd.
Real User
Is user-friendly and easy to deploy, and integrates well with other products
Pros and Cons
  • "Creating policies and the password rotation feature have been valuable. We don't have to memorize our password for the ADM account."
  • "Report creation could be improved. The policies could be more customized."

What is our primary use case?

We use this solution for the user ADM account onboarding process within our company. If they need server access, we create ADM accounts, and we onboard to CyberArk.

We use it also for the password protection process with other products. We can use this as a password wallet, and we create the password rotation in CyberArk.

We can grant access, check the system's health, and create policies for users.

What is most valuable?

Creating policies and the password rotation feature have been valuable. We don't have to memorize our password for the ADM account.

Security wise, it's really safe. The password expires within six to eight hours, so no one can get that password from us. Other users can't log in without our credentials, and also, the ADM account password will automatically rotate.

It's really user-friendly as well.

What needs improvement?

Report creation could be improved.

The policies could be more customized.

For how long have I used the solution?

I've been working with this solution for almost nine months. It's deployed on the cloud.

What do I think about the stability of the solution?

The stability is really good.

What do I think about the scalability of the solution?

We have more than 2000 users, and it's really easy to scale.

Which solution did I use previously and why did I switch?

I have worked with Thycotic before. It is not user-friendly, although it has changed a lot.

Implementation was really hard, and the reporting was not as good as the users expected. In comparison to CyberArk, Thycotic was not better.

How was the initial setup?

The deployment process is really easy, and I would give it a four out of five.

What about the implementation team?

We got support from the CyberArk team but deployed it ourselves. It was easy to follow the documentation and user guide.

What's my experience with pricing, setup cost, and licensing?

CyberArk is an expensive product.

What other advice do I have?

If you can afford CyberArk Privileged Access Manager or you are looking 5 to 10 years in the future, it's a good investment. You will gain experience handling all these pieces using the one product. You can easily integrate with other products also.

You would have maintenance with other PAM products, and you won't with CyberArk. You can save that money by investing in a high quality product from the beginning itself.

Overall, I would rate CyberArk Privileged Access Manager at eight on a scale from one to ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Manager Cybersecurity at LTI - Larsen & Toubro Infotech
Real User
Top 20
Beneficial secure server assess, useful user log access, and good support
Pros and Cons
  • "CyberArk Privileged Access Manager's main benefit is it provides secure access to our servers. There are features to capture the user activity, it provides video recording processing. If the users are logged in to the server, we can see what activities they are performing. It's a very nice tool for Privileged Access Management. They have plenty of useful services and the solution has fulfilled our needs."
  • "The solution could improve by adding more connectors."

What is our primary use case?

I am using CyberArk Privileged Access Manager to protect our servers. It can be either a Windows or Linux Server. Additionally, we have some network devices, and databases, such as Oracle and MySQL Server being protected.

How has it helped my organization?

It's improved our organization a lot. It has fulfilled some guidelines from the Indian government. There is some Indian government guideline for anonymity and access management. Similarly, there are guidelines for GDPR, and where we have vendor's control. CyberArk Privileged Access Manager has helped us to meet all the requirements.

What is most valuable?

CyberArk Privileged Access Manager's main benefit is it provides secure access to our servers. There are features to capture the user activity, it provides video recording processing. If the users are logged in to the server, we can see what activities they are performing. It's a very nice tool for Privileged Access Management. They have plenty of useful services and the solution has fulfilled our needs.

What needs improvement?

The solution could improve by adding more connectors. 

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for two and a half years.

What do I think about the stability of the solution?

CyberArk Privileged Access Manager is a stable and reliable solution.

What do I think about the scalability of the solution?

We have approximately 200 people using this solution.

How are customer service and support?

The support team from CyberArk Privileged Access Manager is very good.

Which solution did I use previously and why did I switch?

I have not used other solutions.

How was the initial setup?

CyberArk Privileged Access Manager's initial setup is straightforward. However, it can depend on many factors, such as architecture.

What about the implementation team?

I used a partner for the implementation of the CyberArk Privileged Access Manager.

The number of people required for the implementation of CyberArk Privileged Access Manager depends on the number of applications. However, for my team, we have two to four people who were involved in the development of our architecture. 

What was our ROI?

From a technology perspective, CyberArk Privileged Access Manager has helped us to improve our services. It helped us to meet our requirements or guidelines. Whether it's audit perspective, internal, or external, whatever the guideline is, it meets our needs. If there are any independent agencies that need to be involved we meet those requirements.

What's my experience with pricing, setup cost, and licensing?

The price of CyberArk Privileged Access Manager is expensive. There are no other fees other than the standard licensing fees.

Which other solutions did I evaluate?

As part of our company's policies, we have to evaluate other solutions.

What other advice do I have?

I would advise others that requirements should be discussed properly with all the stakeholders to understand their expectations. Additionally, it is important to explore our tool limitations. We should more focus on solution designing.

I rate CyberArk Privileged Access Manager a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1759485 - PeerSpot reviewer
Security Architect at a tech services company with 1,001-5,000 employees
Real User
With Privileged Session Manager, you can control the password management in a centralized way
Pros and Cons
  • "The automatic change of the password and Privileged Session Manager (PSM) are the most valuable features. With Privileged Session Manager, you can control the password management in a centralized way. You can activate these features in a session; the session isolation and recording. You apply the full intermediation principle. So, you must pass through CyberArk PAM to get access to the target system. You don't need to know the password, and everything that you do is registered and auditable. In this case, no one gets to touch the password directly. Also, you can implement detection and response behavior in case of a breach."
  • "Some aspects of the administration need improvement, though they have recently made improvements to the API. However, the management with the interface and configuration are not so user-friendly. It has not changed much during all the years that CyberArk has been on the market. The management part, like platform management as well as PSM connectors definition and management, could be improved, even if it has already been done with the API."

What is our primary use case?

We have clients that ask us to implement CyberArk PAM. There are two kinds:

  1. Greenfield installation and setup. 
  2. They already have CyberArk and want to extend their usage to protect different types of accounts and passwords.

CyberArk PAM protects privileged accounts and passwords. Privileged account means that those accounts have particular authorization that can span all the features of the system. For example, usually on network devices, they come out out-of-the-box with administrator accounts. Windows has an administrator account built-in so you need to protect that. Also, Active Directory has some accounts, like domain administrators, who can do whatever on the platform. These accounts are used for administration.

CyberArk stores and rotates the password/credential. They can rotate SSH keys as well. This protects the attack surface. By way of CyberArk, you can allow sessions, isolation, and recording. The main aim is to protect privileged accounts and their credentials.

I started with version 9.7, and now I am working with version 10.10, but the latest version is 12.

What is most valuable?

The automatic change of the password and Privileged Session Manager (PSM) are the most valuable features. With Privileged Session Manager, you can control the password management in a centralized way. You can activate these features in a session; the session isolation and recording. You apply the full intermediation principle. So, you must pass through CyberArk PAM to get access to the target system. You don't need to know the password, and everything that you do is registered and auditable. In this case, no one gets to touch the password directly. Also, you can implement detection and response behavior in case of a breach.

With CyberArk, you have a centralized store. With Privileged Session Manager, you can just look by the browser, looking through the name of the account, the name of the system, and the host name. In this case, you get the password and can then get through. Therefore, it is easier to get access to the system because it is easier to search the system for what you want using the user interface/browser of CyberArk. You also have an auditable action because the password is unknown to the administrator.

What needs improvement?

Some aspects of the administration need improvement, though they have recently made improvements to the API. However, the management with the interface and configuration are not so user-friendly. It has not changed much during all the years that CyberArk has been on the market. The management part, like platform management as well as PSM connectors definition and management, could be improved, even if it has already been done with the API.

Onboarding is always a difficult path for every PAM solution. It is not immediate.

For how long have I used the solution?

We have been using it for six years, usually in delivery projects.

What do I think about the stability of the solution?

The stability is very good. There are no problems with it.

What do I think about the scalability of the solution?

It has good scalability. Though, because the architecture is modular, you must plan a bit. In terms of performance, it is very scalable, but you need to pay attention to the architecture because it is not like having Kubernetes that moves laterally. While you can deploy it in a second, you need to be careful. 

How are customer service and support?

They have a good response time. 

Sometimes, on the development side, for some components, it does not respond for PSM connectors and CPM plugins. They don't tend to take responsibility for those. While clients tend to develop some PSM connector and CPM plugin, I would like a more flexible response on these types of issues being raised. Because while I am developing those components, I am developing on their product.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We had clients who had quite a lot of SAP systems, something like 900. At first, their change management practice, i.e., the changing of the administrators' passwords was not so frequent, e.g., once a year instead of once a month or every two months. Their password management was usually done by storing those passwords on an Excel. Therefore, if they needed to connect to a system, they had to access the Excel file to find the machine and accounts to then receive the passwords for access to the system. This was unwieldy since they needed to look through an Excel spreadsheet with more than 900 entries. This is also not very secure since you have an Excel file with a clear password on your workstation. 

How was the initial setup?

It was a bit complex because the architecture is complex. At the same time, this is also an advantage in relation to other competitors in the market because CyberArk's architecture is inherently secure. So, while it is a bit more complex to set up initially, it is necessary for reaching the security that other solutions do not give you.

The installation can easily be done. It is the architecture part that is complex, possibly because you need to size the machines. 

It depends greatly on the project. Usually, the best approach is a modular one. You start with a set of users, then move on to expanding the solution with size in mind. 

Which other solutions did I evaluate?

CyberArk's architecture is peculiar. It is the most secure on the market because they have a hard-end computer out of the domain that stores passwords with multiple cryptography. Then, there are the default components that dialogue with Password Vaults. Only CyberArk has this. The other solutions usually give you an encrypted database on an appliance, and this is a very different scenario. Therefore, CyberArk has an inherently secure architecture.

Broadcom PAM is not as stable versus CyberArk. 

What other advice do I have?

Plan wisely and you will have a very good product. The approach should be modular and step by step. Start with the UNIX administrators, network device administrator, Windows administrator, and Active Directory administrator, then move onto more complex scenarios, like web server administrators, sub-administrators, etc. 

I would rate CyberArk PAM as nine out of 10. It could be more manageable.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.