CyberArk Privileged Access Manager Reviews

So far, CyberArk has done everything that we've needed it to. We are growing and moving into the cloud. We have a pretty complex environment. Everything that we've needed it to do in terms of managing our privileged accounts, it has done.

We have been able to really transform how all of our sysadmins manage all our infrastructure. Before, it was like the Wild West. Everybody was way over privileged and had access to everything all the time. Now, we finally have everybody into least privileged and auditing through PSM, which has been fantastic. We also have implemented dual control and just-in-time. So, it's moved the ability to manage a lot of our privileged users to where we need them to be.

CyberArk has been easy for us to implement and the adoption has been good. We've been able to standardize a bunch of things. We've been able to standardize relatively easily with the use of the platforms and managing the policies.

I like how thorough and complex it is. We have a solution, and it meets the needs that we need.

The most recent improvement with the user interface upgrade was really nice. It makes the end users very happy. It is way more intuitive. The information that they need to have is now available to them. So, I appreciate that as an update.

The user interface was a previous problem that has been overcome. 

We have implemented our own redundancy into the product. That has worked for us very well.

We have been able to find a nice process for implementing CyberArk in terms of user adoption and onboarding. It's been pretty slick, and it works very well for us.

We were lucky to have a board of directors who really embraced security. With their support, we were able to establish the need for a PAM solution. 

When we originally implemented CyberArk, we did so incorrectly. With the help of CyberArk Professional Services, we were able to reorganize, reinstall, and upgrade within a week, then apply best practices to the implementation of CyberArk. So, I would say that it took us about a week to get setup correctly.

At first, the integration of CyberArk into our IT environment was a bit rough. People didn't want to give up the rights and privileges that they had. But, we were able to show them how easy it was for them. We even layered in multi-factor authentication to access the accounts that they needed, which were privileges for appropriate functions. Once we were able to show them how they could quickly and smoothly get the access that they needed, it was not a bad thing, as they found out.

The return of investment for the CyberArk implementation within our organization has come from the reduction of risk. That is a little tricky to quantify, but it's definitely there. 

We have improved our processes in terms of efficiency when it comes to creating accounts, managing the privileged ones and providing the correct access at the right time.

After evaluating several vendors, we found that CyberArk met our needs.

I would rate CyberArk an eight point five on a scale of one to 10 because it has done everything that we have asked of it. There is a bit of a learning curve, but it's a pretty complex solution. They do have ways to make it easier, but it's easy to fall down the rabbit hole when you're going into a deep dive. However, if you follow the trail, you will find some pretty cool stuff.

We use it for all application IDs to onboard into CyberArk. So far, the performance is good because we have onboarded more than 40,000 accounts, and it's growing every day.

We plan to utilize CyberArk's secure infrastructure application running in the cloud. We are conducting workshops with CyberArk on this. So it is planned but not yet confirmed. We are not using CyberArk's secure application credentials and endpoints.

Previously, we didn't have any password rotation policy for application IDs. Once we implemented CyberArk, we created a policy. It's good to rotate the passwords every two weeks. That is the biggest value for us.

It gives us one place to store the keys to the kingdom, so if there is any breach we know where it is and what to do.

The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization.

CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well.

So far, we haven't seen any major hurdles. We haven't had any downtime because of CyberArk.

I would rate scalability at seven or eight out of 10. There is a need to improve the usage on for the consumer side. I hope in the upcoming product, the version may fulfill this.

Technical support is good but the problem is when we are using the application side. The support people have a security background, so they may not know the application technology, so it's a challenge right now. Once they understand, then they make progress but, until then, we have to educate them.

Before CyberArk we had a number of solutions, CA and IBM products, but CyberArk meets our requirements regarding application password management.

I was involved in the initial setup and I actually used CyberArk's Professional Services. It was straightforward. We didn't have any hurdles during the setup.

It's very hard to quantify because previously we didn't have anything like this. You can imagine, there was a policy not to rotate the passwords, but now after implementing CyberArk, every two weeks we are rotating the password without business impact, so that is the biggest ROI, even though we cannot quantify it.

We evaluated Thycotic and one other.

If you want to use it as an application password management cloud solution, think about it not as a security person but as an application person. If CyberArk does not meet your requirements, it has a way to meet them through customization.

Our most important criteria when selecting a vendor include scalability and stability as well meeting our security requirements for applications

From the application perspective, I would rate it at eight out of 10 because it's very easy to use and stable.

Managing and securing the access to the environment.

I have worked with CyberArk solutions/applications for more than three years.

I have completed several implementations, proofs of concept, operational, and development activities. I have also worked with or checked most CyberArk releases since version 8.7.

Much stricter rotation of credentials.

Unmanaged and highly privileged accounts increase risks that can be exploited. The security controls defined by the organization require protection of the privileged account passwords. CyberArk has helped us to identify, store, protect, and monitor the usage of privileged accounts.

• Controlled access and rotation of credentials.
• The Vault offers great capabilities for structuring and accessing data. 
• Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices.
• Privileged Session Manager is for provisioning, securing, and recording sessions.

• The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots. 
• New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.
• Online help also needs to be looked into with live agent support.

CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage.

The CyberArk PAS has greatly increased our insight into how privileged accounts are being used and distributed within our footprint.

• Ease of use
• The auditing capabilities
• The great support of their customer success teams

Areas the product could be improved are in some of the reporting capabilities and how the reports are configured.

All features of the CyberArk PAS solution are valuable.

The Digital Vault is one of the key components of the solution along with many other great benefits. The highly secured vault stores the privileged account passwords and data files using encryption. In version v9.7, CyberArk has introduced the Cluster Vault feature, which enhances high availability of the Vault server.

Other important features:

• Automatic password management
• Monitor, record, and control privileged sessions
• Flexible architecture
• Clientless product
• Custom plug-ins for managing privileged accounts and sessions

Unmanaged, highly privileged accounts increase risks that can be exploited by attackers. The security controls defined by the organization require protection of the privileged account passwords. CyberArk helps organizations to identify, store, protect, and monitor the usage of privileged accounts.

An immediate improvement was the implementation of security controls to protect, control and monitor privileged accounts through CyberArk solution.

I have used CyberArk for over two and a half years.

It’s a very stable product. I haven’t encountered any stability issues.

I haven’t encountered any scalability issues. All the components are scalable.

I would give technical support a rating of 4.5/5.

This is the first PAM product that I have used.

The initial installation was straightforward. The configuration or integration can be complex depending on the requirements, design, and infrastructure of the organization.

The pricing and licensing depend on many factors and on the components considered for implementation.

The PAM solution brings cultural change and adds a layer to the way IT administrators access the privileged accounts before implementing the PAM tool. A great, valuable product like CyberArk requires good planning and time to implement all the features.

With the ability to better control access to systems and privileged accounts, we no longer need to manage privilege accounts per user. We are able to manage privilege accounts for the service, which is automatically managed by the CPM as part of the solution. Allowing access to systems by group membership, via safe access, makes controlling actual access much simpler than traditional mapping via the Active Directory.

• The ability to isolate sessions to protect the target system.
• Automates password management to remove the human chain weakness.
• Creates a full audit chain to ensure privilege management is responsibly done
• Creates an environment in which privilege accounts are used, without exposing the password, on target systems.
• Performs privilege functions, without undue exposure, whilst maintaining the ability to audit, where anything suspicious, or unfortunate, may have occurred.

The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA.

Whilst the client is completely functional, it's been around for a long time and is reminiscent of XP, or even Windows 95. It could use an aesthetic update, with some of the wording and functions needing to be updated to be more representative of what is found in similar configuration from within the PVWA.

To go into more detail- The old PrivateArk client is simply that, old. Looking at the recently released Cluster Manager quickly reminds us of that. Also, the way in which objects are handled within the old client is similar to how objects were handled in older versions of Windows. The PrivateArk client could do with easier to follow links to configuration items and the ability to perform searches and data relevant tasks in an easier to follow process, there may even be room for inclusion of the server management component (lightweight even) and cluster manager components to be made available via the same client, should permissions permit such. As much as the client remains stable and functional, I believe it is time for an update, even if only aesthetically.

Some improvements could be made to the PSM service. However, this could also be a problem with how Microsoft RDS functions, rather than the PSM services.

This product scales amazingly well.

Technical support works with customers and partners to resolve issues in a timely way.

No previous solutions were used.

The manual reads like a step-by-step guide. The installation, although complex, can be achieved by following the installation guide.

I don’t work with pricing, but licensing is dependent on the needs and requirements of each customer.

We evaluated alternatives, but nothing compares.

Make sure you understand your business objects and your technical objects. Plan to scale out to the entire organization, but start small, and grow organically.

Our primary use case for his solution is privileged identity and application identity management, and we deploy the solution on-premises.

We have found the core features of the product most valuable, such as password management, session recording and vaulting.

The architecture needs to be improved. For example, the whole solution can come within a single software bundle instead of the distributed components we have for the on-premise deployments. I think there's room for improvements in that area because the competitors within that space have appliances and software that are just a single software. You don't have to split functionality across several servers like the current deployment.

We have been using this solution for approximately five years.

The solution is scalable. At the point of implementation, 300 users in our organization were using it, but that number may have increased.

The initial setup is not very complex because of my experience and skills. Still, the end users are only in charge of the administrative aspects, but I think the set up is a bit complex for those who are not very savvy with the solution. Implementation took approximately two weeks.

I rate the solution nine out of ten. The solution is good, but the main feature to be improved is having the product in a consolidated software bundle. So the moment we have PSM, it's a dedicated server. We can also have a PVWA in another server, so having a singular bundle is just like the cloud offering. The infrastructure is abstracted from the end user. So if we can have something like that for on-premises, that would simplify implementation. Regardless it's a good solution, it works, and the bank is happy with it. My recommendation to people considering implementing this product is to get the scoping appropriately done. It comes down to scoping the initial deployment, so it doesn't take forever. Still, if you're not scoping correctly, you could have a situation where people keep adding new accounts continuously, and your project never ends. Hence, scoping is kind of important.

CyberArk Enterprise Password Vault is important to do privileged session management, access a privileged access manager. Additionally, it is important to do segmentation in your core environment with the support team. For example, it is doing access monitoring support in our servers.

The privileged support manager is the most valuable feature of CyberArk Enterprise Password Vault.

The interface could be improved it is not user-friendly, but they have improved but it could still improve. In the policies configuration, it would be a benefit to have more details.

I have been using CyberArk Enterprise Password Vault for approximately five years.

CyberArk Enterprise Password Vault is stable.

I have found CyberArk Enterprise Password Vault not to be scalable. There are hardware limitations.

The technical support is very good and helpful.

The initial installation is difficult because of the configuration. The process involved with the privileged access cycle is not easy to connect the process with the technology from CyberArk Enterprise Password Vault.

I rate CyberArk Enterprise Password Vault an eight out of ten.