It has made things more complex, but has eliminated the possibility of Pass The Hash.
Senior Consultant at a tech services company with 5,001-10,000 employees
Allows secure, logged access to highly sensitive servers and services
Pros and Cons
- "Allows secure, logged access to highly sensitive servers and services."
- "It's hard to find competent resellers/support."
- "Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
- "it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs."
How has it helped my organization?
What is most valuable?
Allows secure, logged access to highly sensitive servers and services.
What needs improvement?
Perhaps by design, but it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs.
For how long have I used the solution?
Three to five years.
Buyer's Guide
CyberArk Privileged Access Manager
April 2025

Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
What do I think about the stability of the solution?
No scalability issues.
What do I think about the scalability of the solution?
Yes. The OU limitations, noted above.
How are customer service and support?
It's hard to find competent resellers/support.
How was the initial setup?
Complex. Lots of architecture, lots of planning, and lots of education and training are needed. Technically, roll-out isn’t bad. It’s the support, training, education, philosophy, and integration within existing ways of doing things that are challenging.
What other advice do I have?
I’m a consultant. I help implement and train others on how to use it in a highly secure environment.
I’d give it a nine out of 10. It is very, very secure.
Plan for major culture change, especially in non-progressive shops. This is a necessary evil to endure for the sake of real security.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

CyberArk Consultant at a comms service provider with 10,001+ employees
The password management component (CPM) is the most valuable. The installation manual is quite straightforward and extensive.
Pros and Cons
- "It enables companies to automate password management on target systems gaining a more secure access management approach."
- "The current interface doesn't scale that well, and has some screens still in the old layout."
How has it helped my organization?
Implementing CyberArk is not only "rolling out" a tool. It also will force the company to have a good look at the access management strategy, improve security processes and clean data. Implementation of CyberArk will increase the insight the company has in their access management implementation.
What is most valuable?
The password management component (CPM) is the most valuable. This enables companies to automate password management on target systems gaining a more secure access management approach.
Another major component is the PSM, which enables session recording and provides additional possibilities to securely connect to target devices.
What needs improvement?
Allthough it's highly configurable, the user interface could use a do-over. The current interface doesn't scale that well, has some screens still in the old layout, while others are in the new ones and consistency in layout between pages sometimes is an issue. As I understand, this is scheduled for version 10.
What do I think about the stability of the solution?
If there are stability issues, most of the time this relates to the companies infrastructure.
What do I think about the scalability of the solution?
CyberArk is highly scalable. Depending on the companies infrastructure, the size of the CyberArk implementation can become quite large.
How are customer service and technical support?
I rate support 7/10. Technical knowledge of the support staff is good. Sometimes it is a lengthy process to get to the actual answer you require. One the one hand, that is because lots of information is required (logs, settings, reports, etc.). On the other hand, the support crew sometimes answers on questions that we did not ask.
Which solution did I use previously and why did I switch?
We did not have a previous solution.
How was the initial setup?
The installation manual is quite straightforward and extensive. There also is an implementation manual to support the function implementation. The installation requires specific hardware which sometimes might not fit the standards within an organisation. Over the last few years the documentation has improved hugely. Of course, there is always room for improvement, but I guess this is one of the better ones in the IT field.
What's my experience with pricing, setup cost, and licensing?
I do not have anything to do with pricing.
Which other solutions did I evaluate?
I was not involved in the acquisition process, but I know that sometimes a Hitachi solution is considered.
What other advice do I have?
Do a detailed assessment of your requirements before you invest. Map the requirements to the functionality and go just that step deeper in the assessment of whether the tool fits your needs. Keep in mind that, although CyberArk is highly configurable and provides lots of functionality, it still is an out-of-the-box solution and customization is limited in some ways.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
CyberArk Privileged Access Manager
April 2025

Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
Information Security Engineer II at a healthcare company with 1,001-5,000 employees
Stable and solid solution for managing passwords, and comes with auto password recycling and PSM features
Pros and Cons
- "If properly set up, CyberArk Enterprise Password Vault has good stability, and is a very solid tool. It can run by itself. Its most valuable features are auto password recycling and PSM."
- "What needs to be improved in CyberArk Enterprise Password Vault is their customer support, particularly in terms of responsiveness, willingness to help, and being more understanding. The initial setup and upgrade process for the solution is complex and can only be done by CyberArk, so this is another area for improvement."
What is our primary use case?
Our use case for CyberArk Enterprise Password Vault is managing privileged accounts. These are local accounts, e.g. local desktops, laptops, or servers. They have a built-in administration account, so part of the solution is to ensure that that account's username and password are stored in the vault and managed by CyberArk Enterprise Password Vault.
What is most valuable?
The most valuable feature of CyberArk Enterprise Password Vault is the auto password recycling feature, which works this way: previous accounts which are managed by this solution get their password reset every time, based on our given parameters, e.g. every two days, every five days, every week, etc. You give CyberArk Enterprise Password Vault the number of days that you want the passwords to be changed, so users won't need to have their passwords written somewhere. They can just log on to the solution and retrieve the password. They may even be able to remotely connect to the devices that they want to connect to via the PSM function of CyberArk Enterprise Password Vault.
What needs improvement?
What needs to be improved in CyberArk Enterprise Password Vault is their customer support, because as administrative engineers, since we're not experts in the solution, we have to rely on customer support.
Their customer support needs improvement in terms of being responsive and being understanding. They are knowledgeable, but responding and willingness to come and help knowing that it's their tool, rather than relying on the engineers from the customer side, e.g. our side, to do all the technical things.
The initial setup and upgrade process for CyberArk Enterprise Password Vault is complex and can only be done by CyberArk, so this is another area for improvement.
For how long have I used the solution?
My experience with CyberArk Enterprise Password Vault is almost three years.
What do I think about the stability of the solution?
CyberArk Enterprise Password Vault stability is good. If it's properly set up, it can just run by itself. It's a very solid tool, but it has to be properly set up because a simple misconfiguration can create a lot of pain. Once set up, it's really good.
How are customer service and support?
Customer support for this product still needs some improvement.
How was the initial setup?
The initial setup for CyberArk Enterprise Password Vault is another pain point, because the setup, including upgrading the solution, can only be done by CyberArk themselves. They have professional services involved to get an initial setup done, and to even do an upgrade, because of the complexity of the product itself.
What's my experience with pricing, setup cost, and licensing?
The SaaS version of CyberArk Enterprise Password Vault is very expensive, but the on-premises version is relative, e.g. depending on the size of the environment, it can be a bit pricey, but it's relatively okay compared to the others. It's their SaaS solution that's expensive.
What other advice do I have?
We're using version 11.1 of CyberArk Enterprise Password Vault.
It's probably not fair to judge CyberArk Enterprise Password Vault based on my overall experience with it, because the tool itself is brilliant, though it's a little bit complex in terms of how it is set up. The customer service could still be improved to meet the standards, but I'm giving CyberArk Enterprise Password Vault a score of seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Manager at a hospitality company with 10,001+ employees
Improved our processes in terms of efficiency when it comes to creating accounts
Pros and Cons
- "CyberArk has been easy for us to implement and the adoption has been good. We've been able to standardize a bunch of things. We've been able to standardize relatively easily with the use of the platforms and managing the policies."
- "There is a bit of a learning curve, but it's a pretty complex solution."
What is our primary use case?
So far, CyberArk has done everything that we've needed it to. We are growing and moving into the cloud. We have a pretty complex environment. Everything that we've needed it to do in terms of managing our privileged accounts, it has done.
How has it helped my organization?
We have been able to really transform how all of our sysadmins manage all our infrastructure. Before, it was like the Wild West. Everybody was way over privileged and had access to everything all the time. Now, we finally have everybody into least privileged and auditing through PSM, which has been fantastic. We also have implemented dual control and just-in-time. So, it's moved the ability to manage a lot of our privileged users to where we need them to be.
CyberArk has been easy for us to implement and the adoption has been good. We've been able to standardize a bunch of things. We've been able to standardize relatively easily with the use of the platforms and managing the policies.
What is most valuable?
I like how thorough and complex it is. We have a solution, and it meets the needs that we need.
The most recent improvement with the user interface upgrade was really nice. It makes the end users very happy. It is way more intuitive. The information that they need to have is now available to them. So, I appreciate that as an update.
What needs improvement?
The user interface was a previous problem that has been overcome.
What do I think about the stability of the solution?
We have implemented our own redundancy into the product. That has worked for us very well.
What do I think about the scalability of the solution?
We have been able to find a nice process for implementing CyberArk in terms of user adoption and onboarding. It's been pretty slick, and it works very well for us.
Which solution did I use previously and why did I switch?
We were lucky to have a board of directors who really embraced security. With their support, we were able to establish the need for a PAM solution.
How was the initial setup?
When we originally implemented CyberArk, we did so incorrectly. With the help of CyberArk Professional Services, we were able to reorganize, reinstall, and upgrade within a week, then apply best practices to the implementation of CyberArk. So, I would say that it took us about a week to get setup correctly.
At first, the integration of CyberArk into our IT environment was a bit rough. People didn't want to give up the rights and privileges that they had. But, we were able to show them how easy it was for them. We even layered in multi-factor authentication to access the accounts that they needed, which were privileges for appropriate functions. Once we were able to show them how they could quickly and smoothly get the access that they needed, it was not a bad thing, as they found out.
What was our ROI?
The return of investment for the CyberArk implementation within our organization has come from the reduction of risk. That is a little tricky to quantify, but it's definitely there.
We have improved our processes in terms of efficiency when it comes to creating accounts, managing the privileged ones and providing the correct access at the right time.
Which other solutions did I evaluate?
After evaluating several vendors, we found that CyberArk met our needs.
What other advice do I have?
I would rate CyberArk an eight point five on a scale of one to 10 because it has done everything that we have asked of it. There is a bit of a learning curve, but it's a pretty complex solution. They do have ways to make it easier, but it's easy to fall down the rabbit hole when you're going into a deep dive. However, if you follow the trail, you will find some pretty cool stuff.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Technologist - Specialty in Identity and Access Management at Sears Technology Services Incorporated
The DNA scan is very helpful and provides a security baseline for your environment
What is our primary use case?
- This product provides accountability and audit trails for privileged account access.
- Automatic password rotation every 24 hours to adhere to our internal compliance guidelines.
How has it helped my organization?
- It helped us in SOX, PCI, PII and HIPAA compliance.
- Accountability, as far as knowing who has access to what.
What is most valuable?
- Reporting and PSM I feel are the two biggest points for us. We provide our audit team with failed password reporting, safe membership, and privileged account inventory reporting.
- The DNA scan is very helpful and provides a security baseline for your environment. I highly recommend running a DNA scan on your environment.
What needs improvement?
- Implementation documentation could use some improvement in a few areas. LDAP integration would be one area.
- Providing a way to group accounts by application would be nice.
For how long have I used the solution?
Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Node.js Backend Developer at a tech services company with 1,001-5,000 employees
It has features to deal with a large company that has a complex structure and many partners
Pros and Cons
- "CyberArk makes our environment more secure and prevents possible attacks by compromised accounts."
- "The price is high compared to Azure Key Vault. It's the most expensive solution."
What is our primary use case?
CyberArk vouches for access to domain controllers in Unix and Windows Server.
How has it helped my organization?
CyberArk makes our environment more secure and prevents possible attacks by compromised accounts.
What needs improvement?
The price is high compared to Azure Key Vault. It's the most expensive solution.
For how long have I used the solution?
I have used CyberArk for about three months.
What do I think about the stability of the solution?
We have 98 percent uptime.
What do I think about the scalability of the solution?
CyberArk is scalable. We have around 4,000 users.
Which solution did I use previously and why did I switch?
We previously used Telos. We switched to CyberArk because it has features to deal with a large company that has a complex structure and many partners.
How was the initial setup?
Deploying CyberArk was moderately difficult. It isn't too hard, but it isn't easy. One person is enough to install it. It took about one month to select the product and deploy it.
What's my experience with pricing, setup cost, and licensing?
CyberArk is more expensive than other solutions, but it's necessary when the company has contacts with other branches and partners.
What other advice do I have?
I rate CyberArk Enterprise Password Vault eight out of 10. It's more expensive than Azure Key Vault, but Key Vault doesn't have CyberArk's analytics and user tracking. I recommend CyberArk if you need those features. However, it's costly in the Brazilian market because of the conversion fro reals to dollars.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Identity and Access Management Advisor at a energy/utilities company with 5,001-10,000 employees
Improves our ability to control, secure, and manage access across the enterprise
Pros and Cons
- "Service count rotation is probably one of my favorite features... The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now."
- "I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access."
How has it helped my organization?
It was originally just a glorified KeePass. We scaled it up to an enterprise-wide solution for all our IT support teams. In that way, it improves our ability to control, secure, and manage access across the enterprise for different support teams, whether it be IAM, Exchange, or server admin. It's been a really fantastic growth opportunity for me and for the company.
What is most valuable?
Service count rotation is probably one of my favorite features. Even though we're not using it right now, we're going to be using it in the future. The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now.
The solution's ability to manage all our access requirements at scale is interesting, actually. It does everything we need it to, and it's not a tool that I expected we would be using at this scale, as an enterprise-wide client. A little bit of history on that being that when we first started using it, it was a glorified password vault. It was a store. It was KeePass. So we really scaled it up and it's been a really interesting journey.
What needs improvement?
I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access.
What do I think about the stability of the solution?
Lately, due to an upgrade, it hasn't been as stable as we need it to be, but I don't think that's any fault of the product. I think it's the fault of just infrastructure as a whole.
However, in the past, the product has never been down. It's been incredibly stable. And in terms of interface and usage, it's actually been really stable. There haven't been any bugs or glitches or anything of the sort to impede me from doing my job.
What do I think about the scalability of the solution?
I didn't think we'd be here. However, it's incredibly scalable. We are able to use it in two different environments: one is IT and one is OT. And the scalability, as a whole, has been able to translate to an enterprise-wide process, so it's been really great to see. We're hoping that, should we acquire anything or divest something, it would be that easy to actually deal with it in terms of scalability.
How are customer service and technical support?
Technical support has been good, even great. They have come in and assisted us whenever we had issues. If there was ever an outage, they were already on the phone by the time we needed them. They've been doing a great job helping us out so far.
Which solution did I use previously and why did I switch?
We did not have a previous solution.
What was our ROI?
We have seen ROI. Our adoption rate is way up. More teams are involved in using it. That alone stands as a return on investment when we have more adopters, more people using the tool, more people logging into the tool and utilizing its capabilities.
What other advice do I have?
Use the tool, but communicate with your user base. If you're not going to communicate with your user base, then you're dead in the water already. Don't force this on someone. Work with them in order to use it.
The product has delivered innovation with each update. When I first started, we weren't able to run scans and pull service-account information and reset those service accounts at any endpoint. That, as a whole, as I mentioned earlier, was my favorite feature of the product. That innovation alone is probably one of my favorites, and definitely something that deserves praise.
I would rate the product a nine because nobody gets a 10. It's been a fantastic product and it's been easy to use. The training courses involved have been great, so I would rate it a nine.
I wouldn't say CyberArk has been a huge impact on my career, but it's definitely played a role in helping me advance, in terms of being able to communicate with clients, utilizing my skill sets, both the technical and soft-skill use. It's allowed me to really branch out and see my growth through business liaison.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Associate at a consultancy with 10,001+ employees
The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out.
Pros and Cons
- "The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out."
- "There was a functionality of the solution that was missing. I had noticed it in Beyond Trust, but not in this solution. But, recently they have incorporated something similar."
What is our primary use case?
My primary use case for this solution is to prevent privileged access, privilege accounts, and to mark all of those for future ordering proposals. It is to limit their access.
What is most valuable?
The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out. It also provides flexibility and a comprehensive reporting. In terms of reporting, it can pull up to three types of reports and you can do some Excel work on those. Then, you will be able to find information that you were looking for. It is is the reporting by-laws, as well. Apart from this, it also has a lot of advanced components. It can extend the picture at the end of the productive scope.
What needs improvement?
There was a functionality of the solution that was missing. I had noticed it in BeyondTrust, but not in this solution. But, recently they have incorporated something similar.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It is a stable solution for our needs.
What do I think about the scalability of the solution?
The scalability provided by this solution is a lot better than some of the other available products on the market.
How is customer service and technical support?
The technical support has been tremendous. They try to resolve the issue as soon as possible, but sometimes I would expect them to engage an L3 level of support at the very first moment, as for priority, but they take a bit longer.
How was the initial setup?
Sometimes, when we install their product, the BFN (Bridge to Future Networks) to the component manager, we have issues. When we install this component in high ability mode, and the load balancer, then sometimes that creates different problems. Sometimes, to find the issue we actually, even if one of the component goes down, get notifications easily. That is not an issue, but to rectify the issue, sometimes it takes longer than I would like, you know. When it goes for a higher ability mode for the component then it makes our work a little a cumbersome.
What's my experience with pricing, setup cost, and licensing?
This solution is considered to be more expensive than others out there on the market today.
Which other solutions did I evaluate?
I have previous experience with BeyondTrust. And, there are other products, such as Lieberman and Arcos, which are being used in the Indian market because of its cost effectiveness.
What other advice do I have?
CyberArk has vast trust across the globe. People who've used CyberArk usually don't go back and change the product, unless it is a cost issue. If it is a cost issue, I must suggest BeyondTrust as a cost-effective solution for similar services.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Product Categories
Privileged Access Management (PAM) User Activity Monitoring Enterprise Password Managers Mainframe Security Operational Technology (OT) SecurityPopular Comparisons
Okta Workforce Identity
Delinea Secret Server
CyberArk Endpoint Privilege Manager
BeyondTrust Endpoint Privilege Management
WALLIX Bastion
One Identity Safeguard
BeyondTrust Privileged Remote Access
BeyondTrust Password Safe
ARCON Privileged Access Management
ManageEngine PAM360
Delinea Privileged Access Service
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- CyberArk vs. ManageEngine Password Manager Pro
- How does Sailpoint IdentityIQ compare with CyberArk PAM?
- Which PAM tool do you prefer: CyberArk Privileged Access Manager, One Identity Safeguard, Delinea Secret Server, or BeyondTrust Privileged Remote A
- What is the difference between Privileged Users and Privileged Accounts
- When evaluating Privileged Identity Management, what aspect do you think is the most important to look for?
- How was the 2020 Twitter Hack carried out? How could it have been prevented?
- Which is the best Privileged Account Management solution?
- What are the top 5 PAM solutions that can be implemented which cover both hybrid and cloud?
- What are the top 5 PAM solutions?
- How will AI and ML help or work with PIM/PAM?