CyberArk Privileged Access Manager Reviews

Implementing CyberArk is not only "rolling out" a tool. It also will force the company to have a good look at the access management strategy, improve security processes and clean data. Implementation of CyberArk will increase the insight the company has in their access management implementation.

The password management component (CPM) is the most valuable. This enables companies to automate password management on target systems gaining a more secure access management approach.

Another major component is the PSM, which enables session recording and provides additional possibilities to securely connect to target devices.

Allthough it's highly configurable, the user interface could use a do-over. The current interface doesn't scale that well, has some screens still in the old layout, while others are in the new ones and consistency in layout between pages sometimes is an issue. As I understand, this is scheduled for version 10.

If there are stability issues, most of the time this relates to the companies infrastructure.

CyberArk is highly scalable. Depending on the companies infrastructure, the size of the CyberArk implementation can become quite large.

I rate support 7/10. Technical knowledge of the support staff is good. Sometimes it is a lengthy process to get to the actual answer you require. One the one hand, that is because lots of information is required (logs, settings, reports, etc.). On the other hand, the support crew sometimes answers on questions that we did not ask.

We did not have a previous solution.

The installation manual is quite straightforward and extensive. There also is an implementation manual to support the function implementation. The installation requires specific hardware which sometimes might not fit the standards within an organisation. Over the last few years the documentation has improved hugely. Of course, there is always room for improvement, but I guess this is one of the better ones in the IT field.

I do not have anything to do with pricing.

I was not involved in the acquisition process, but I know that sometimes a Hitachi solution is considered.

Do a detailed assessment of your requirements before you invest. Map the requirements to the functionality and go just that step deeper in the assessment of whether the tool fits your needs. Keep in mind that, although CyberArk is highly configurable and provides lots of functionality, it still is an out-of-the-box solution and customization is limited in some ways.

So far, CyberArk has done everything that we've needed it to. We are growing and moving into the cloud. We have a pretty complex environment. Everything that we've needed it to do in terms of managing our privileged accounts, it has done.

We have been able to really transform how all of our sysadmins manage all our infrastructure. Before, it was like the Wild West. Everybody was way over privileged and had access to everything all the time. Now, we finally have everybody into least privileged and auditing through PSM, which has been fantastic. We also have implemented dual control and just-in-time. So, it's moved the ability to manage a lot of our privileged users to where we need them to be.

CyberArk has been easy for us to implement and the adoption has been good. We've been able to standardize a bunch of things. We've been able to standardize relatively easily with the use of the platforms and managing the policies.

I like how thorough and complex it is. We have a solution, and it meets the needs that we need.

The most recent improvement with the user interface upgrade was really nice. It makes the end users very happy. It is way more intuitive. The information that they need to have is now available to them. So, I appreciate that as an update.

The user interface was a previous problem that has been overcome. 

We have implemented our own redundancy into the product. That has worked for us very well.

We have been able to find a nice process for implementing CyberArk in terms of user adoption and onboarding. It's been pretty slick, and it works very well for us.

We were lucky to have a board of directors who really embraced security. With their support, we were able to establish the need for a PAM solution. 

When we originally implemented CyberArk, we did so incorrectly. With the help of CyberArk Professional Services, we were able to reorganize, reinstall, and upgrade within a week, then apply best practices to the implementation of CyberArk. So, I would say that it took us about a week to get setup correctly.

At first, the integration of CyberArk into our IT environment was a bit rough. People didn't want to give up the rights and privileges that they had. But, we were able to show them how easy it was for them. We even layered in multi-factor authentication to access the accounts that they needed, which were privileges for appropriate functions. Once we were able to show them how they could quickly and smoothly get the access that they needed, it was not a bad thing, as they found out.

The return of investment for the CyberArk implementation within our organization has come from the reduction of risk. That is a little tricky to quantify, but it's definitely there. 

We have improved our processes in terms of efficiency when it comes to creating accounts, managing the privileged ones and providing the correct access at the right time.

After evaluating several vendors, we found that CyberArk met our needs.

I would rate CyberArk an eight point five on a scale of one to 10 because it has done everything that we have asked of it. There is a bit of a learning curve, but it's a pretty complex solution. They do have ways to make it easier, but it's easy to fall down the rabbit hole when you're going into a deep dive. However, if you follow the trail, you will find some pretty cool stuff.

• This product provides accountability and audit trails for privileged account access. 
• Automatic password rotation every 24 hours to adhere to our internal compliance guidelines.

• It helped us in SOX, PCI, PII and HIPAA compliance. 
• Accountability, as far as knowing who has access to what.

• Reporting and PSM I feel are the two biggest points for us. We provide our audit team with failed password reporting, safe membership, and privileged account inventory reporting.
• The DNA scan is very helpful and provides a security baseline for your environment. I highly recommend running a DNA scan on your environment.

• Implementation documentation could use some improvement in a few areas. LDAP integration would be one area.

• Providing a way to group accounts by application would be nice.

CyberArk vouches for access to domain controllers in Unix and Windows Server. 

CyberArk makes our environment more secure and prevents possible attacks by compromised accounts.

The price is high compared to Azure Key Vault. It's the most expensive solution. 

I have used CyberArk for about three months.

We have 98 percent uptime. 

CyberArk is scalable. We have around 4,000 users. 

We previously used Telos. We switched to CyberArk because it has features to deal with a large company that has a complex structure and many partners. 

Deploying CyberArk was moderately difficult. It isn't too hard, but it isn't easy. One person is enough to install it. It took about one month to select the product and deploy it.

CyberArk is more expensive than other solutions, but it's necessary when the company has contacts with other branches and partners. 

I rate CyberArk Enterprise Password Vault eight out of 10. It's more expensive than Azure Key Vault, but Key Vault doesn't have CyberArk's analytics and user tracking. I recommend CyberArk if you need those features. However, it's costly in the Brazilian market because of the conversion fro reals to dollars. 

It was originally just a glorified KeePass. We scaled it up to an enterprise-wide solution for all our IT support teams. In that way, it improves our ability to control, secure, and manage access across the enterprise for different support teams, whether it be IAM, Exchange, or server admin. It's been a really fantastic growth opportunity for me and for the company.

Service count rotation is probably one of my favorite features. Even though we're not using it right now, we're going to be using it in the future. The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now.

The solution's ability to manage all our access requirements at scale is interesting, actually. It does everything we need it to, and it's not a tool that I expected we would be using at this scale, as an enterprise-wide client. A little bit of history on that being that when we first started using it, it was a glorified password vault. It was a store. It was KeePass. So we really scaled it up and it's been a really interesting journey.

I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access.

Lately, due to an upgrade, it hasn't been as stable as we need it to be, but I don't think that's any fault of the product. I think it's the fault of just infrastructure as a whole.

However, in the past, the product has never been down. It's been incredibly stable. And in terms of interface and usage, it's actually been really stable. There haven't been any bugs or glitches or anything of the sort to impede me from doing my job.

I didn't think we'd be here. However, it's incredibly scalable. We are able to use it in two different environments: one is IT and one is OT. And the scalability, as a whole, has been able to translate to an enterprise-wide process, so it's been really great to see. We're hoping that, should we acquire anything or divest something, it would be that easy to actually deal with it in terms of scalability.

Technical support has been good, even great. They have come in and assisted us whenever we had issues. If there was ever an outage, they were already on the phone by the time we needed them. They've been doing a great job helping us out so far.

We did not have a previous solution.

We have seen ROI. Our adoption rate is way up. More teams are involved in using it. That alone stands as a return on investment when we have more adopters, more people using the tool, more people logging into the tool and utilizing its capabilities.

Use the tool, but communicate with your user base. If you're not going to communicate with your user base, then you're dead in the water already. Don't force this on someone. Work with them in order to use it.

The product has delivered innovation with each update. When I first started, we weren't able to run scans and pull service-account information and reset those service accounts at any endpoint. That, as a whole, as I mentioned earlier, was my favorite feature of the product. That innovation alone is probably one of my favorites, and definitely something that deserves praise.

I would rate the product a nine because nobody gets a 10. It's been a fantastic product and it's been easy to use. The training courses involved have been great, so I would rate it a nine.

I wouldn't say CyberArk has been a huge impact on my career, but it's definitely played a role in helping me advance, in terms of being able to communicate with clients, utilizing my skill sets, both the technical and soft-skill use. It's allowed me to really branch out and see my growth through business liaison.

My primary use case for this solution is to prevent privileged access, privilege accounts, and to mark all of those for future ordering proposals. It is to limit their access.

The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out. It also provides flexibility and a comprehensive reporting. In terms of reporting, it can pull up to three types of reports and you can do some Excel work on those. Then, you will be able to find information that you were looking for. It is is the reporting by-laws, as well. Apart from this, it also has a lot of advanced components. It can extend the picture at the end of the productive scope.

There was a functionality of the solution that was missing. I had noticed it in BeyondTrust, but not in this solution. But, recently they have incorporated something similar.

It is a stable solution for our needs.

The scalability provided by this solution is a lot better than some of the other available products on the market.

The technical support has been tremendous. They try to resolve the issue as soon as possible, but sometimes I would expect them to engage an L3 level of support at the very first moment, as for priority, but they take a bit longer. 

Sometimes, when we install their product, the BFN (Bridge to Future Networks) to the component manager, we have issues. When we install this component in high ability mode, and the load balancer, then sometimes that creates different problems. Sometimes, to find the issue we actually, even if one of the component goes down, get notifications easily. That is not an issue, but to rectify the issue, sometimes it takes longer than I would like, you know. When it goes for a higher ability mode for the component then it makes our work a little a cumbersome.

This solution is considered to be more expensive than others out there on the market today.

I have previous experience with BeyondTrust. And, there are other products, such as Lieberman and Arcos, which are being used in the Indian market because of its cost effectiveness.

CyberArk has vast trust across the globe. People who've used CyberArk usually don't go back and change the product, unless it is a cost issue. If it is a cost issue, I must suggest BeyondTrust as a cost-effective solution for similar services.

The primary use case is for privileged account management. It is performing well.

We are currently using CyberArk for applications running in the cloud. We are also using them for DevOps. We have some new things that we are implementing, and are working non-stop to leverage these features.

In addition, we are using CyberArk to secure applications and endpoints. 

We know when passwords will be expiring so we can force users to change their passwords, as well as requiring specific password requirements for length, complexity, etc.

Our security goal would be to keep people from putting the passwords in text files, do online shares, etc. This gives us more granular control.

The most valuable feature is the ability to manage many accounts and broker connections between devices without needing to know passwords.

It is a customizable product.

I like that they have continued with the RESTful API and the ability to leverage automation. I would like to see that continue. 

I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool.

The stability has been very good.

The scalability has been good, and will meet our needs in five year's time.

Technical support has been very responsive in navigating challenges. It is very easy to open a ticket.

We were previously using HPM.

It was complex. Because at that point. I had only recently joined the security team. I was told, "Here's a share with the files. Go install this."

I don't know that we are able to measure that at this point, other than no data breaches.

Make sure you have a development or QA environment.

I did training today on the new plugin generator utility.

I would rate it about a nine for ease of use and deployment. They are continuously improving the product. It works great, and there is a lot of documentation available.

Most important criteria when selecting a vendor: Longevity and length of time in the business. Not that there is anything wrong with startups, but these folks have been out there with a proven track record. We talk to other people, look at the reports, etc.

Managing and securing the access to the environment.

I have worked with CyberArk solutions/applications for more than three years.

I have completed several implementations, proofs of concept, operational, and development activities. I have also worked with or checked most CyberArk releases since version 8.7.

Much stricter rotation of credentials.

Unmanaged and highly privileged accounts increase risks that can be exploited. The security controls defined by the organization require protection of the privileged account passwords. CyberArk has helped us to identify, store, protect, and monitor the usage of privileged accounts.

• Controlled access and rotation of credentials.
• The Vault offers great capabilities for structuring and accessing data. 
• Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices.
• Privileged Session Manager is for provisioning, securing, and recording sessions.

• The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots. 
• New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.
• Online help also needs to be looked into with live agent support.