Try our new research platform with insights from 80,000+ expert users
Technical Manager at Tech Mahindra Limited
Real User
It helps our customers in their software requirement imports
Pros and Cons
  • "It helps our customers in their software requirement imports."
  • "The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs."
  • "Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations."

What is our primary use case?

One of our customers is using the 9.5 version of the solution.

We personally use the product. We are implementing it and have a lot of involvement in its usage.

We use it primarily because we need to manage business accounts and reduce our inboxes.

How has it helped my organization?

It has improved the way our company functions on the basis that they're expanding, and the SDDC management solution and the decision to bring on security licenses under the system umbrella, then has passwords and the system management be a requirement in the coming quarters. We are already doing a small PoC with the relevant themes of the natural habits of the security teams. 

What is most valuable?

The password reconciliation and its limitation with respect to access in target servers along with the end users apart from the import, which is already available. This helps our customers in their software requirement imports.

What needs improvement?

The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs.

Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is stable. They have had subsequent releases with patches for bugs. 

What do I think about the scalability of the solution?

With respect to scalability, it depends upon how much scalability you need in the moment. 

How are customer service and support?

There is not seamless stability in the support. Sometimes, we don't have any level of support which is required when something critical happens.

Which solution did I use previously and why did I switch?

We were using the Centrify solution for managing UNIX apart from CyberArk. However, the scope of the Centrify solution is not as wide as the CyberArk solution.

How was the initial setup?

Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations. 

What was our ROI?

Eventually, the licensing cost benefit doesn't happen or maximize the customer's profit.

What's my experience with pricing, setup cost, and licensing?

Network and security licenses are currently being managed by other outsource vendors, so they are facing some type of problems in the digital aspect. 

Recently, there has been some new licensing guidelines which have come up since 2018 related to installation by technicians. However, we had our solution installed in 2015. 

What other advice do I have?

Work off your roadmap for implementation.

We recommend CyberArk solutions.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
ITSecuri170b - PeerSpot reviewer
IT Security Specialist I at a healthcare company with 1,001-5,000 employees
Real User
You can write different types of policies for custom business needs
Pros and Cons
  • "You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily."
  • "The interface on version 9 looks old."

What is our primary use case?

I am a CyberArk admin. I manage everyone's PSA accounts, including EPM and PVWA.

It has been performing very nicely. We are on version 9.10. We are thinking of upgrading to 10.3 soon, hopefully. I don't want go to 10.4 since it just came out.

We are planning on utilizing CyberArk to secure application credentials and endpoints because of PAS. We do have a lot of accounts for developers, and we do manage a lot of passwords in the world.

Our company is not in the cloud yet. We are not that big. We are looking to move to it soon, as it is on our roadmap. By the end of the year or early next year, we are hoping to move CyberArk to the cloud.

How has it helped my organization?

It has removed the local admin rights. It is safe and improving well. 

Also, everyone doesn't have passwords to certain applications because of PAS, which is managing the passwords world-wide. So, it is more secure.

Our overall security posture is pretty good, but there is always more to improve upon.

What is most valuable?

I feel like I love EPM more because it is a pretty sleek tool. I like how it manages everyone's accounts. It removes all the local admin accounts, and I like that part about EPM.

You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily.

What needs improvement?

The interface on version 9 looks old. I am excited for version 10 because of the interface and design are good, and it is easier to use.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is pretty stable because we have not moved to the new version. When it comes out, we don't want to go to the newest version the right away because we do not know if it is stable or not. We do not want to put it in the production yet, so we want to wait until the next one comes out, then we go from there.

We have not had any downtime with the product. No issues yet.

What do I think about the scalability of the solution?

It is pretty scalable. It should meet our needs in the future.

How is customer service and technical support?

They are extremely knowledgeable. Sometimes I asked a question, and their first reply is the answer. Then, I have them close the ticket. I feel like I am getting the right person.

How was the initial setup?

I was not involved in the initial setup.

What other advice do I have?

If you want more security, get CyberArk.

I used the new plugin generator utility here in the lab. Right now, it is manual, and the plugin is very easy to use. It is amazing.

Most important criteria when selecting a vendor: I prefer better tech support, because I love the CyberArk support. I want support like that everywhere with all my vendors.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
Senior Manager, Cyber Security at OPTIV
MSP
Top 5Leaderboard
Comes with automatic password rotation feature but UI and pricing needs improvement
Pros and Cons
  • "Previously, we used to share passwords for service and normal admin accounts among team members. However, since we started managing it through the product, we've transitioned to individual admin accounts or implemented dual control for shared accounts. With dual control, exclusive checking and checkout options are available, and passwords are not stored in clear text anywhere in the credentials."
  • "The tool's UI has bugs and lags. It needs to be improved. The deployment process can be complex due to multiple components for various functionalities, each requiring separate infrastructure management. To simplify this process, consolidating all these components into a single platform could be beneficial. The product's pricing could be cheaper."

What is most valuable?

Previously, we used to share passwords for service and normal admin accounts among team members. However, since we started managing it through the product, we've transitioned to individual admin accounts or implemented dual control for shared accounts. With dual control, exclusive checking and checkout options are available, and passwords are not stored in clear text anywhere in the credentials.

The solution's most valuable features are automatic password rotation, privilege manager, and secret manager. Previously, IT personnel had admin rights on their regular accounts, allowing them to log in to domain controllers. However, this posed a security risk as compromised accounts could grant unauthorized access to domain controllers. To mitigate this risk, we implemented separate DA accounts for IT staff. These DA accounts were restricted from logging in to domain controllers and did not have associated email addresses. They were dedicated AD accounts solely for accessing domain controllers, and the solution handled their management.

Previously, manually rotating admin credentials was a time-consuming task. However, implementing the tool's automatic password management feature has made this process easier. We've configured defined policies within the solution to dictate when these credentials should be changed.

What needs improvement?

The tool's UI has bugs and lags. It needs to be improved. The deployment process can be complex due to multiple components for various functionalities, each requiring separate infrastructure management. To simplify this process, consolidating all these components into a single platform could be beneficial. The product's pricing could be cheaper. 

For how long have I used the solution?

I have been using the product for eight to nine years. 

What do I think about the stability of the solution?

I rate the product's stability a seven out of ten. 

What do I think about the scalability of the solution?

I rate the tool's scalability a seven out of ten. 

How are customer service and support?

The tool's support gets worse each year. Support is outsourced to smaller companies, which doesn't work fine. Its support was good eight to nine years back. Over the years, it hasn't improved but degraded. 

How would you rate customer service and support?

Negative

Which solution did I use previously and why did I switch?

I work with BeyondTrust. BeyondTrust's UI and support are good and never lag. BeyondTrust is also cheaper. 

How was the initial setup?

CyberArk Enterprise Password Vault's implementation timeline largely depends on the size and complexity of the infrastructure. A smaller infrastructure with around a thousand servers can typically be implemented within a week or two. However, the implementation process may extend to four or five months for more extensive infrastructures with tens or hundreds of thousands of workstations and accounts. The tool's transition into a security-focused product necessitates strong integration with security orchestration platforms. Prebuilt packages with ready-made integrations are required instead of developing everything from scratch. It lags in automation. 

What was our ROI?

We have seen 40-50 percent improvements after using the solution. 

What other advice do I have?

I rate the product a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
IEM tower manager at Capgemini
Real User
Useful session monitoring and password vault features
Pros and Cons
  • "The password vault and session monitoring are useful."
  • "The turnaround time for technical support is lengthy."

What is most valuable?

The password vault and session monitoring are useful.

For how long have I used the solution?

We have been using this solution since 2016.

What do I think about the stability of the solution?

The solution is stable, but some features in BeyondTrust are unavailable in CyberArk Privileged Access Manager. For example, there is a PMUL feature in BeyondTrust where you can do a deeper dive with the keys for login, but it is not available in CyberArk Privileged Access Manager.

How are customer service and support?

The technical support is good, and they fix any issues we have. However, the turnaround time for technical support is lengthy.

How was the initial setup?

We set up huge environments.

What's my experience with pricing, setup cost, and licensing?

Regarding pricing, we have an APAC sheet and a contact person from CyberArk Singapore that provides a pricing sheet when we need one.

What other advice do I have?

I rate this solution an eight out of ten. I would recommend having a proper plan before implementing this solution. It will be a smoother process if you jot down the granular execution level and get senior resources with hands-on experience.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Lead Consultant at a tech services company with 10,001+ employees
Real User
I like the PTA (Privileged Threat Analytics) of this solution.
Pros and Cons
  • "I really like the PTA (Privileged Threat Analytics). I find this the best feature."
  • "If we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature."
  • "Tech support staff can be more proactive."

What is our primary use case?

Our primary use case for this solution is privileged threat management and session management.

How has it helped my organization?

I have an affinity towards CyberArk. I find that it works out-of-the-box, as a product.

What is most valuable?

I really like the PTA (Privileged Threat Analytics). I find this the best feature.

What needs improvement?

From what I see, like the out of the box password management features, or you can pay the tax forms, which I will write log, can become extensive. For example, we have right now 45 to 50 platforms to tell that were out of the box, like Cyber Optics 200 out of the box connectors, so if we can just put those also into out of the box so that the pros do not have to retell everything to what they think the comp manager of Cyber Optics representative. Apart from that, if we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I would not say there is a stability issue. There are quite a few bugs, which I have discovered in versions 10.1 and 10.2, but I believe that was rectified out of scalability.

What do I think about the scalability of the solution?

I have no scalability issues at the present time.

How is customer service and technical support?

I believe the tech support staff can be more proactive. Right now, I have booked a ticket with tech support for an issue, and I have labeled the ticket "moderate priority." The response from tech support was at best, an answer within three to four days. I believe that is too much time, and can be shortened.

How was the initial setup?

It's straightforward, I mean probably who for 11 years of experience is quite straightforward, but maybe for a newbie, it could be complex.

What's my experience with pricing, setup cost, and licensing?

I do not have any opinions to add about the pricing.

What other advice do I have?

I think if the industry could work together on TSM connectors, this would be a cutting-age change.

Disclosure: My company has a business relationship with this vendor other than being a customer: I am a reseller.
PeerSpot user
Director051a - PeerSpot reviewer
Director Information Security at a insurance company with 501-1,000 employees
Real User
It has helped from an auditing perspective identify who has access to privileged accounts
Pros and Cons
  • "It has helped from an auditing perspective identify who has access to privileged accounts."
  • "It provides an accountability to the individuals who are using it, knowing that it is audited and tracked."
  • "We utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs."
  • "Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up."

What is our primary use case?

Its performance is excellent. We have had multiple use cases: 

  • It is PSM, so as a jump box to our servers.
  • We use it as a primary mechanism for all our consultants and auditors to access our systems. So, they come in through a Citrix app, then it is used by PVWA to access all the servers.

We are currently using CyberArk to secure applications with credentials and endpoints.

We plan on utilizing CyberArk to secure infrastructure and applications running in the cloud going forward. We are looking into possibly AWS or Azure.

How has it helped my organization?

  • It has helped from an auditing perspective identify who has access to privileged accounts.
  • We are able to now track who is accessing systems. 
  • It provides an accountability to the individuals who are using it, knowing that it is audited and tracked.

It has become one of the primary components that we have. We also utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs.

What is most valuable?

The auditing and recording are incredible. Also, we have started using the AIM product to get rid of embedded passwords.

What needs improvement?

Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It is very stable. We have never had any downtime; no issues. We worked with support on several upgrades, and are looking forward to the 10.x upgrade.

What do I think about the scalability of the solution?

We have no issues with scalability. We are using it in a pretty wide environment. We also use it in our business continuity environment with no issues.

How are customer service and technical support?

I evaluate the technical support very highly. Although, the individuals who we worked with were very technical. If they did not know something, they pulled in somebody right away. 

Also, one of the best attributes is the customer success team. We found great value in working with customer success and their team.

If there are defects or issues, over the years, CyberArk management has listened to them and resolved those issues. Not many organizations respond to their customer feedback as well as CyberArk has.

Which solution did I use previously and why did I switch?

We did not have a previous solution. We have always used CyberArk. 

From a risk landscape, we knew that privilege accounts were where attackers were going, doing lateral movements. These are keys of the kingdom which protect those, and that is why we focused in this area.

How was the initial setup?

The initial setup was very complex. There were a lot of manual process. Over the years, we have seen a significant transition in the installation scripts, the setup, and the custom capabilities. So, CyberArk has come a long way since the beginning.

The upgrade processes have also improved.

What was our ROI?

We now know where our privileged accounts are and how to manage them. So, it is more from an exposure standpoint.

Which other solutions did I evaluate?

No.

What other advice do I have?

Take your time. It is not a quick hit, where I am going to put it in today and be done. It is a process. The cyber hygiene program is a crucial aspect of how to implement this successfully.

I do have experience with the new plugin generator utility. We have been using it for a short period of time. It is not fully in production yet, but it seems to be quite good.

Most important criteria when selecting a vendor: Technical ability, not only in the product, but in the industry as a whole. This helps set CyberArk apart. They are not only experts in their product, but they are experts in the industry, including Red Team capabilities. They are gearing their product towards the defending of what the active exploits are, not something that has been done in the past.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
ITSecuri6676 - PeerSpot reviewer
IT Security Analyst at a mining and metals company with 10,001+ employees
Real User
We are utilizing it to secure applications, credentials, and endpoints
Pros and Cons
  • "We are utilizing CyberArk to secure applications, credentials, and endpoints."
  • "On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need."
  • "It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile."
  • "Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug."

What is our primary use case?

  • Credential faulting
  • Credential management
  • Privilege session management
  • Secure file storage

We are utilizing CyberArk to secure applications, credentials, and endpoints.

The product is performing very well. It is a difficult product to implement into a large organization though. There is a lot of customization and a lot of hands on stuff, which is not just install and be done. This isn't bad, but it does require a lot of time. 

The value is probably the best of all of the other products which are offering the same services.

How has it helped my organization?

Having the keys securely locked helps drive policy. We can say what policy is, then we can point to the solution which provides it. Having that availability is strong in a large enterprise, especially in a global enterprise where there is a lot of different cultures and people do not want to hand off their privilege, rights, or workflows. Having that all set up and making it easier for them takes a lot of the stress off of our job.

We are implementing PSM right now. It is providing a secured workflow substitute where people would go in and check out their passwords. They want to use it instead of having passwords, similar to Guard Check. 

You go in because you need a key. You get the key, and you are accountable for that key while you have it. You open the door, do your work, close it, and return the key. People get that analogy, and it is awesome.

We are in the basics, like Windows, Unix, and databases. We do plan on getting everything eventually managed. It is just a lot of customization and time to get it fully matured.

What is most valuable?

The support is good and quick. This is what we are paying for. We can try to implement something on our own end. However, when we need immediate support, because something is down, we usually get it within acceptable time frames.

What needs improvement?

It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile. There are competitors that have mobile apps which do the same thing. Mobile browsing is just not there with CyberArk. 

This might be out of scope for CyberArk, but LastPass is an example of personal credential management. It would be cool if we could give personalized solutions to people, even if it is stored in the cloud. We have an enterprise solution, but we don't have a personalized one. It would be nice to have it all under one umbrella.

What do I think about the stability of the solution?

Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug. Our management is very upset about it.

CyberArk has been helping out, and it has been okay. However, the stability is definitely a concern, because with PSM, it becomes more critical to have it up. All of a sudden you have to have PSM up to be able to do your work.

The stability issues started when we upgraded from 9.7 to 9.95. Then, we were told during one of our cases that there was a bug in our new version and the only solution was to upgrade.

What do I think about the scalability of the solution?

The scalability is big. We are a large company, and there are only a few companies that can scale so well.

How are customer service and technical support?

We use their technical support all the time. It is a little slow to start a case. Then, once you get through that door (Level 1), it does escalate appropriately.

On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need.

Which solution did I use previously and why did I switch?

Since I started, it has always been CyberArk.

What was our ROI?

I can't say we have an ROI. Our CIO is not about measuring profit from our security stuff. Our risk is definitely significantly lower. Also, our resources are low.

What other advice do I have?

Start small and don't try to overwhelm your scope. Do small steps and get them completed. Take notes, document, then scale out. Go from high risk out instead of trying to get everything in, then fixing it.

One of my homework assignments at CyberArk Impact is to find out more about how to utilize CyberArk to secure infrastructure or applications running in the cloud.

We have a lot of the out-of-the-box plugins with one custom plugin, but we are still new to using them.

Most important criteria when selecting a vendor

Age of the company, because we do not want to be first to market. We want to hear about it from other people. How is the sales rep is communicating. Whether it is more of a sales pitch or if it is a genuine concern for our security.

Then, make sure our vision is lined up with the product. We want to get our bang for the buck

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user585702 - PeerSpot reviewer
Senior Consultant at a tech services company with 5,001-10,000 employees
Consultant
Allows secure, logged access to highly sensitive servers and services
Pros and Cons
  • "Allows secure, logged access to highly sensitive servers and services."
  • "​It's hard to find competent resellers/support."
  • "Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
  • "it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs."

How has it helped my organization?

It has made things more complex, but has eliminated the possibility of Pass The Hash.

What is most valuable?

Allows secure, logged access to highly sensitive servers and services.

What needs improvement?

Perhaps by design, but it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No scalability issues.

What do I think about the scalability of the solution?

Yes. The OU limitations, noted above.

How is customer service and technical support?

It's hard to find competent resellers/support.

How was the initial setup?

Complex. Lots of architecture, lots of planning, and lots of education and training are needed. Technically, roll-out isn’t bad. It’s the support, training, education, philosophy, and integration within existing ways of doing things that are challenging.

What other advice do I have?

I’m a consultant. I help implement and train others on how to use it in a highly secure environment.

I’d give it a nine out of 10. It is very, very secure.

Plan for major culture change, especially in non-progressive shops. This is a necessary evil to endure for the sake of real security.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.