CyberArk Privileged Access Manager Reviews

We use CyberArk Enterprise Password Vault and we provide it to our customers.

We use this solution for password vaulting and session management.

The most valuable feature is privileged session management.

The installation process could be simplified.

I would like to see a simplification of the product.

I have been dealing with CyberArk Enterprise Password Vault for ten years.

Depending on the needs of the client, it can be deployed both on-premises and in the cloud.

CyberArk Enterprise Password Vault is a stable solution.

CyberArk Enterprise Password Vault is scalable.

We use Teams for virtual meetings and storage, with SharePoint serving as the backend.

I've never liked the idea of using Zoom because the security was never great.

The installation is not straightforward. It's complex. You would have to be very knowledgeable about the product to do this.

We need two to three administrators to maintain this solution.

Licensing fees are paid on a yearly basis.

Our laptops are containerized, we don't see what antivirus is on there. Our organization strips out all bloatware. If it is not sanctioned or proprietary, we don't use it.

Try to complete as much of the CyberArk training as possible.

 I would rate CyberArk Enterprise Password Vault a nine out of ten.

• PAM interface for staff to support customers which may include CyberArk solutions of their own.
• Managing large environments with varied and diverse environments.

Improved our user access and tracking, thereby safeguarding the organization and its customers. Being a user makes us a better reseller.

Shared-service accounts reducing the number of potential entry points as well as the ability to standardise our PAM across a diverse estate.

Multi-tenancy vaults should really have the same release cycle as single tenancy vaults; this will enable us to meet even more customer demand. We are striving to be at least on the latest release minus 1 (n-1) and for us to run both Single and Multi-Tenant core systems the difference in release cycles will result in a wide gap. Considering the considerable changes including user interface we have seen recently, the one concern is that we may end up with users having different interfaces to deal with different customers. 

Very stable with no own goals in three years.

Scalability is very good.

We get excellent feedback from customer service, irrespective of the level of issues raised.

Yes, we decided to change to CyberArk in line with our strategic intent to provide as safe a central and customer environment as possible.

Initial setup was complex and time-consuming but the later versions are a lot faster to implement.

We implemented through in-house specialists.

Standardised offerings that allow for customer-specific flexibility.

We are using this product for our privileged identities and account management. We have some accounts that we consider privileged, the ones that have access to systems, software, tools, and our database and files and folders, etc. We try to maintain these accounts safely and try to grant access to these systems securely. We try and manage other non-human accounts that are DBAs, DB accounts, etc., through CyberArk.

Another initiative for this was the PCA compliance that we wanted to meet.

We don't have many applications in the cloud, we are getting one or two now. So in the future, we plan to utilize CyberArk's secure infrastructure applications running in the cloud. It's on the roadmap. We are utilizing CyberArk's secure application credentials but not endpoints. I have only just learned about the Plugin Generator Utility, so I don't have experience with it yet. It's pretty cool. We intend to use it now.

One way it has improved the organization is we now have restricted access for all users to go through CyberArk. It has also enforced firewall restrictions across other places so they don't go through other means, they go through CyberArk. That brings in compliance and their account is now two-factored, so that is more compliant with PCI regulations.

The way it manages privileged accounts and managed access to privileged systems such that, right now, we are recording every session through PSM and people are more aware that the session is recorded, and they're more careful with what they do.

We are using the VSM proxy solution. That's what we are mainly using. We will try to use the PTA and AIM in the future.

I think it pretty much covers a lot of the privileged identity space, things that other vendors are not thinking about. I think they are doing a very good job. I don't have any suggestions.

We have not had any stability issues so far. We have not had any serious downtime. We do see performance issues with PSM which gets very busy, and we just keep scaling the number of PSMs. When many people log in at the same time, we have some issues with connecting through PSM. We doubled our PSM software and it's better now.

It's pretty scalable. Like I said, we just doubled our servers. If there are more users logging in, we'll probably go for a greater number of servers again.

Technical support is pretty responsive and knowledgeable. We do get the right person.

Others have spoken a lot about security hygiene and I believe that's where you should start.

l would rate CyberArk at nine out of 10. The way for it to get to a 10 is with a lot of features, the amount of cost involved in buying the product, and the PSM proxy issue that we've been facing.

In terms of important criteria when working with a vendor one thing is, as we said, getting to the right person. We go to support only if there is a critical situation where we are not able to solve it. Getting to the right person at the right time, and getting the issues resolved in a timely fashion is what we are looking for.

We use CyberArk to assist with implementing security solutions that our auditors require. It also assists us in giving secure, monitored, audited access to non-technical people who, because of their jobs, or because of the application, require direct access to servers.

We are utilizing CyberArk's secure application credentials and endpoints.

It is performing very well.

We're not planning to utilize CyberArk's secure infrastructure or applications running in the cloud because our industry is, for the present, barred from using cloud resources. We don't yet have experience using the Plugin Generator Utility and we are not using any of the other integrations available through CyberArk marketplace.

Because we now have the ability to grant access to management utilities like DNS Manager, Sequel Studio, and MMC, in a secure fashion, without system admins being required to continually reenter various passwords that are stored who knows where, it has really made the system admin's job much easier. It has made the PSM's job much easier. It has made the auditor's job and the security team's job and the access manager's job significantly easier, because we're able to move much more quickly toward a role-based access management system, and that is really streamlining the whole onboarding/offboarding management process.

CyberArk is the key technology around which we have built our security management solution. We chose it four years ago to assist with password management, and it has grown to where it is managing the entire security posture of the company at this point.

Number one would be the company, CyberArk, itself. The support, the ongoing assistance that is there, the ongoing ideas that are out there from champions, and from the other community forums that are out there, is just phenomenal.

My list of enhancement requests on the portal is quite extensive.

My goal as a system administrator is to enable people to do their jobs more easily, more efficiently. So, I'm looking for ways to enable people to leverage the security posture in CyberArk, and still be able to do their jobs. Better yet, to be able to do their jobs more easily, and that's exactly what I've been finding. There are a lot of ways that CyberArk is able to be used to give people access to things that they normally wouldn't be able to access, in a secure fashion, but there are still some roadblocks in the way there. I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides.

It is very stable. We started off on version 7, moved to 8, to 9, and now we're moving to 10, and each revision has brought about an increase in confidence and stability.

It is very scalable for an organization of our size, and I have talked with other CyberArk administrators running worldwide enterprises with CyberArk.

The tech support for CyberArk is definitely one of the best I've used, and I've been in IT for 35 years.

I wasn't involved in the initial setup but I am involved in upgrade processing. Now, it is very straightforward. When we did the first major upgrade, it was very complex and required Professional Services for two weeks. Since we made it to version 9, the upgrades have been as simple as you could possibly hope for.

The amount of time that the security team spends mitigating risk has gone down. The amount of time that the server team spends managing security issues, mitigating security issues, has gone down tremendously.

My advice to a colleague would be: First, don't allow the security team to be the driving force. It has to be the server team that implements it, that is the driving force behind it, and the for that reason is there is always animosity between the people who are there to enforce security and the people who are there to get a job done.

When you are on the enforcement team, you are dictating to the people who are trying to get a job done, "Here is something that I'm going to put in your way to make it harder for you to get your job done." Regardless of what happens, that's the way it comes across. Going to the server team saying, 'I've got a solution that's going to make our lives easier, and oh, by the way, it's also going to be more secure," you have a much easier time selling it, much lower push-back, because you're one of them.

Second, you've got to have buy-in before you pull the trigger. You can't just force it on them: "Oh, we just took away all your admin rights." You have to give them a new solution, let them prove to themselves that this solution works, that it does exactly what they need, and that it really is easier. Now, when you revoke the rights that they've had for probably decades, there is much less push-back.

In terms of selecting or working with a vendor, our most important criterion is the ability to connect with a vendor that not only gives us the solution we need but can also work with us to customize exactly what we need.

I would rate CyberArk a nine out of 10 for two reasons: 

1. there is always room for growth
2. there are still gaps in what the solution provides.

It's not complete across the board. If it were, it would be a 10. But I do see its potential to eventually reach that.

Our main use is for CyberArk to hold, maintain, and securely protect our TAP/NUID and "privileged access" accounts within the company.

For audit and risk purposes, CyberArk EPV has helped us meet our standards and requirements to help us comply with industry standards and banking regulations. Reports and other quick audit checks make this possible.

EPV, as a whole, is very valuable to the company. However, the regulation of accounts is by far the most needed and valuable part of the application.

Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product.

We are leveraging CyberArk to provide Windows server access management across our enterprise. All our staff is looking for access to a server and needs to use CyberArk.

CyberArk has resulted in a massive increase in our security footprint. All access to our servers, by both staff and vendors, is monitored and recorded.

Session recording and key logging. We can track down not only who made a change, but exactly what they changed or did.

The current user interface is a little dated. However, I hear there are changes coming in the next version. 

There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself.

The features that I value most are the PSM connect option, where an authorized user doesn't even require a password to open a session to perform their role. Another feature that I think is really valuable is being able to monitor a user's activity; there is always a log recording activities performed by the privileged accounts in CyberArk.

This tool has definitely helped us manage all the privilege accounts, which mostly have access to the organization's crown-jewel data. Additionally, having a monitoring system puts extra visibility on these account's activities, so any irregular activity is highlighted and quickly escalated.

I think there can be improvement in providing information on how to develop connectors for various applications’ APIs.

Additionally, I think the user experience needs to improve. It's not very intuitive at the moment. An account could be more descriptive, and could have more attributes based on its functionality.

I have used the product for almost a year. I have been part of the implementation project and post-release, supported account onboarding.

For the most part, there weren't many stability issue. Usually the issue persisted with system/application accounts, with the API and the object ref ID not being in sync.

I didn't feel there were any scalability issues.

Although I was part of business side of the team, and I only had interaction with internal engineering team, I found the internal engineering team very helpful and knowledgeable about the product and how it worked.

We previously used a different solution, and then we updated it; we did not switch.

I am unable to comment on this, as I was not part of product evaluation team.

My advice is that this tool does what it advertises. If your business/organization has crown-jewel data, this is the tool to use.

From a security standpoint, I find the tool very reliable and innovative. However, it could improve the user experience and become more intuitive. When the user experience becomes more intuitive, then I am willing to rate the product even higher.

The main purpose of getting CyberArk was to control the use of the shared passwords. 

Secondly, we needed to take out the secrets from the applications' source code (database connection strings). 

Thirdly, we wanted to improve the network segmentation and reduce the number of firewall exceptions. We're doing that by assigning a PSM per network zone and limiting the exceptions to its connections.

The practice of sharing passwords disappeared completely and the most sensitive application is using the AIM to retrieve database passwords for all its users.

We're still struggling with the use of RDP through PSMs.

The most valuable features for us are the AIM and PSM because they helped us by reducing the number of secrets floating around.

The AIM providers registration process could be easier and could allow re-registration. Also, some sort of policies for assigning access rights and safe ownership would be useful for deployment automation. We're seeing difficulties with hosts requiring 2FA, and we need to better cover them with PSM and PSMP.

I am very impressed with the stability, but I still need to convince some colleagues.

Scalability is rather good, we haven't reached any technical limitations yet.

The support is always very responsive, accurate, and complete in their solutions. I've always had a personal contact that would know our setup and was able to concentrate on our specifics instead of pointing to a generic document on the support site.

No, we haven't used any other solution.

The initial setup was straightforward because its entire complexity was hidden by the CyberArk expert who guided the whole process.

Our vendor's implementation team was stellar.

We haven't yet calculated the ROI.

Attempt to minimize the AIM deployments as the license is expensive. Take a license for a test instance even if it might cost extra.

I cannot tell what other options were evaluated.

Keep an eye on the cloud integrations and be ready for Conjur.