CyberArk Privileged Access Manager Reviews

We proactively vault and manage all elevated accounts across multiple platforms. 

For especially sensitive business units, we additionally leverage Privilege Session Manager to provide transparent connection to targeted systems and record activities.

Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials.

You can gradually implement CyberArk, starting with more easily attainable goals, such as basic vaulting and password rotation and build on that with additional modules, such as Privileged Session Manager and Application Identity Manager.

While in the past, administration required several tools and multiple screens/options in those products, v10 is moving towards a single pane of glass with common functions easily found and information regarding privileged accounts given to users in plain, easy to understand terms, now enhanced with graphics.

All features of the CyberArk PAS solution are valuable.

The Digital Vault is one of the key components of the solution along with many other great benefits. The highly secured vault stores the privileged account passwords and data files using encryption. In version v9.7, CyberArk has introduced the Cluster Vault feature, which enhances high availability of the Vault server.

Other important features:

• Automatic password management
• Monitor, record, and control privileged sessions
• Flexible architecture
• Clientless product
• Custom plug-ins for managing privileged accounts and sessions

Unmanaged, highly privileged accounts increase risks that can be exploited by attackers. The security controls defined by the organization require protection of the privileged account passwords. CyberArk helps organizations to identify, store, protect, and monitor the usage of privileged accounts.

An immediate improvement was the implementation of security controls to protect, control and monitor privileged accounts through CyberArk solution.

I have used CyberArk for over two and a half years.

It’s a very stable product. I haven’t encountered any stability issues.

I haven’t encountered any scalability issues. All the components are scalable.

I would give technical support a rating of 4.5/5.

This is the first PAM product that I have used.

The initial installation was straightforward. The configuration or integration can be complex depending on the requirements, design, and infrastructure of the organization.

The pricing and licensing depend on many factors and on the components considered for implementation.

The PAM solution brings cultural change and adds a layer to the way IT administrators access the privileged accounts before implementing the PAM tool. A great, valuable product like CyberArk requires good planning and time to implement all the features.

We currently employ CyberArk Privileged Access Management, which involves extremely complex processes for ensuring the secure management, verification, and guarantee of credentials. Implementing the professional installation tool represents another challenging aspect of this task.

The most valuable feature of CyberArk Privileged Access Manager is privileged threat analytics.

The support could improve for CyberArk Privileged Access Manager.

I have been using CyberArk Privileged Access Manager for approximately three years.

The solution has high availability.

CyberArk Privileged Access Manager is highly scalable. When compared to other solutions it scales well.

I plan to use the solution more in the future.

The issue of technical support is crucial, as there are not many specialized partners available in Brazil to provide this service. While English language support is of good quality, there is a significant shortage of partners capable of meeting the demand locally.

The initial setup of CyberArk Privileged Access Manager is easy.

We have received a high ROI using CyberArk Privileged Access Manager.

The price of the solution is reasonable.

I rate the price CyberArk Privileged Access Manager a seven out of ten.

Individuals who wish to utilize CyberArk should be cautious when selecting a partner to implement the solution, as proper architecture design is essential to ensure a streamlined and effective implementation.

I rate CyberArk Privileged Access Manager a nine out of ten.

We use it for all application IDs to onboard into CyberArk. So far, the performance is good because we have onboarded more than 40,000 accounts, and it's growing every day.

We plan to utilize CyberArk's secure infrastructure application running in the cloud. We are conducting workshops with CyberArk on this. So it is planned but not yet confirmed. We are not using CyberArk's secure application credentials and endpoints.

Previously, we didn't have any password rotation policy for application IDs. Once we implemented CyberArk, we created a policy. It's good to rotate the passwords every two weeks. That is the biggest value for us.

It gives us one place to store the keys to the kingdom, so if there is any breach we know where it is and what to do.

The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization.

CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well.

So far, we haven't seen any major hurdles. We haven't had any downtime because of CyberArk.

I would rate scalability at seven or eight out of 10. There is a need to improve the usage on for the consumer side. I hope in the upcoming product, the version may fulfill this.

Technical support is good but the problem is when we are using the application side. The support people have a security background, so they may not know the application technology, so it's a challenge right now. Once they understand, then they make progress but, until then, we have to educate them.

Before CyberArk we had a number of solutions, CA and IBM products, but CyberArk meets our requirements regarding application password management.

I was involved in the initial setup and I actually used CyberArk's Professional Services. It was straightforward. We didn't have any hurdles during the setup.

It's very hard to quantify because previously we didn't have anything like this. You can imagine, there was a policy not to rotate the passwords, but now after implementing CyberArk, every two weeks we are rotating the password without business impact, so that is the biggest ROI, even though we cannot quantify it.

We evaluated Thycotic and one other.

If you want to use it as an application password management cloud solution, think about it not as a security person but as an application person. If CyberArk does not meet your requirements, it has a way to meet them through customization.

Our most important criteria when selecting a vendor include scalability and stability as well meeting our security requirements for applications

From the application perspective, I would rate it at eight out of 10 because it's very easy to use and stable.

We are using this product for our privileged identities and account management. We have some accounts that we consider privileged, the ones that have access to systems, software, tools, and our database and files and folders, etc. We try to maintain these accounts safely and try to grant access to these systems securely. We try and manage other non-human accounts that are DBAs, DB accounts, etc., through CyberArk.

Another initiative for this was the PCA compliance that we wanted to meet.

We don't have many applications in the cloud, we are getting one or two now. So in the future, we plan to utilize CyberArk's secure infrastructure applications running in the cloud. It's on the roadmap. We are utilizing CyberArk's secure application credentials but not endpoints. I have only just learned about the Plugin Generator Utility, so I don't have experience with it yet. It's pretty cool. We intend to use it now.

One way it has improved the organization is we now have restricted access for all users to go through CyberArk. It has also enforced firewall restrictions across other places so they don't go through other means, they go through CyberArk. That brings in compliance and their account is now two-factored, so that is more compliant with PCI regulations.

The way it manages privileged accounts and managed access to privileged systems such that, right now, we are recording every session through PSM and people are more aware that the session is recorded, and they're more careful with what they do.

We are using the VSM proxy solution. That's what we are mainly using. We will try to use the PTA and AIM in the future.

I think it pretty much covers a lot of the privileged identity space, things that other vendors are not thinking about. I think they are doing a very good job. I don't have any suggestions.

We have not had any stability issues so far. We have not had any serious downtime. We do see performance issues with PSM which gets very busy, and we just keep scaling the number of PSMs. When many people log in at the same time, we have some issues with connecting through PSM. We doubled our PSM software and it's better now.

It's pretty scalable. Like I said, we just doubled our servers. If there are more users logging in, we'll probably go for a greater number of servers again.

Technical support is pretty responsive and knowledgeable. We do get the right person.

Others have spoken a lot about security hygiene and I believe that's where you should start.

l would rate CyberArk at nine out of 10. The way for it to get to a 10 is with a lot of features, the amount of cost involved in buying the product, and the PSM proxy issue that we've been facing.

In terms of important criteria when working with a vendor one thing is, as we said, getting to the right person. We go to support only if there is a critical situation where we are not able to solve it. Getting to the right person at the right time, and getting the issues resolved in a timely fashion is what we are looking for.

Our main use is for CyberArk to hold, maintain, and securely protect our TAP/NUID and "privileged access" accounts within the company.

For audit and risk purposes, CyberArk EPV has helped us meet our standards and requirements to help us comply with industry standards and banking regulations. Reports and other quick audit checks make this possible.

EPV, as a whole, is very valuable to the company. However, the regulation of accounts is by far the most needed and valuable part of the application.

Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product.

CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage.

The CyberArk PAS has greatly increased our insight into how privileged accounts are being used and distributed within our footprint.

• Ease of use
• The auditing capabilities
• The great support of their customer success teams

Areas the product could be improved are in some of the reporting capabilities and how the reports are configured.

• Password management and accountability for Privileged accounts
• Identify, protect and monitor the usage of Privileged accounts
• Record and control privileged sessions on critical systems i.e. Windows, Unix, DBs
• Application credentials including SSH keys and hard-coded embedded passwords can be managed
• Control and monitor the commands super-users can run based on their role
• PTA is a security intelligence system that allows organizations to detect, alert, and respond to cyberattacks on privileged accounts.

Privileged accounts represent the largest security vulnerability an organization faces today. Most organisations are not aware of the total number of privilege accounts.

Compromising privilege accounts leads to various breaches. With this growing threat, organisations need controls put in place to proactively protect, detect and respond to in-progress cyberattacks before they strike vital systems and compromise sensitive data.

On implementing the CyberArk PIM solution, we are able to achieve this goal. Now, we are aware of the total privileged accounts in our enterprise. These are securely stored and managed by the Vault. The end users need not remember passwords for these accounts to use them.

E.g.: A Unix Admin who has to login to a Unix server using the "root" account needs to log in to CyberArk and search for the root account, click Connect and he can perform all of his activities. We can enforce a command list on this account, monitor his activities and also get to know who has used this root account. The access to this account can also be restricted. The user does not have to remember any credentials.

Integration of this tool with SAML is a problem, as there is a bug. We’d like to be able to integrate AWS accounts in CyberArk.

I have been using this solution for the past three years. I have implemented this solution for various clients from banking and pharmaceutical companies.

I have not really encountered any issues with stability.

I have not encountered any scalability issues.

I rate technical support 9/10, very good.

Straightforward, easy-to-install setup.

It is expensive.

Before we chose CyberArk, we evaluated ARCOS.

Go ahead and use CyberArk. Request a demo.