Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Identity and Access Management System Administrator Sr. at a financial services firm with 1,001-5,000 employees
Real User
Increased our insight into how privileged accounts are being used and distributed within our footprint
Pros and Cons
  • "Our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage."
  • "Increased our insight into how privileged accounts are being used and distributed within our footprint."
  • "Areas the product could be improved are in some of the reporting capabilities and how the reports are configured."

What is our primary use case?

CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage.

How has it helped my organization?

The CyberArk PAS has greatly increased our insight into how privileged accounts are being used and distributed within our footprint.

What is most valuable?

  • Ease of use
  • The auditing capabilities
  • The great support of their customer success teams

What needs improvement?

Areas the product could be improved are in some of the reporting capabilities and how the reports are configured.

Buyer's Guide
CyberArk Privileged Access Manager
April 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user497118 - PeerSpot reviewer
Senior Executive Information Security at a manufacturing company with 10,001+ employees
Vendor
It helps us proactively protect, detect and respond to in-progress cyberattacks before they strike vital systems and compromise sensitive data.

Valuable Features

  • Password management and accountability for Privileged accounts
  • Identify, protect and monitor the usage of Privileged accounts
  • Record and control privileged sessions on critical systems i.e. Windows, Unix, DBs
  • Application credentials including SSH keys and hard-coded embedded passwords can be managed
  • Control and monitor the commands super-users can run based on their role
  • PTA is a security intelligence system that allows organizations to detect, alert, and respond to cyberattacks on privileged accounts.

Improvements to My Organization

Privileged accounts represent the largest security vulnerability an organization faces today. Most organisations are not aware of the total number of privilege accounts.

Compromising privilege accounts leads to various breaches. With this growing threat, organisations need controls put in place to proactively protect, detect and respond to in-progress cyberattacks before they strike vital systems and compromise sensitive data.

On implementing the CyberArk PIM solution, we are able to achieve this goal. Now, we are aware of the total privileged accounts in our enterprise. These are securely stored and managed by the Vault. The end users need not remember passwords for these accounts to use them.

E.g.: A Unix Admin who has to login to a Unix server using the "root" account needs to log in to CyberArk and search for the root account, click Connect and he can perform all of his activities. We can enforce a command list on this account, monitor his activities and also get to know who has used this root account. The access to this account can also be restricted. The user does not have to remember any credentials.

Room for Improvement

Integration of this tool with SAML is a problem, as there is a bug. We’d like to be able to integrate AWS accounts in CyberArk.

Use of Solution

I have been using this solution for the past three years. I have implemented this solution for various clients from banking and pharmaceutical companies.

Stability Issues

I have not really encountered any issues with stability.

Scalability Issues

I have not encountered any scalability issues.

Customer Service and Technical Support

I rate technical support 9/10, very good.

Initial Setup

Straightforward, easy-to-install setup.

Pricing, Setup Cost and Licensing

It is expensive.

Other Solutions Considered

Before we chose CyberArk, we evaluated ARCOS.

Other Advice

Go ahead and use CyberArk. Request a demo.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
April 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
reviewer1702128 - PeerSpot reviewer
Senior Leader at a financial services firm with 5,001-10,000 employees
Real User
Useful password vaulting, reliable, and simple deployment
Pros and Cons
  • "The most valuable features of CyberArk Enterprise Password Vault are password vaulting and automatic rotation of passwords after use."
  • "CyberArk Enterprise Password Vault can improve the distributive vault feature. Distributing the vault in multiple areas and multiple data centers should improve."

What is our primary use case?

CyberArk Enterprise Password Vault can be used for password vaulting and purpose session management.

What is most valuable?

The most valuable features of CyberArk Enterprise Password Vault are password vaulting and automatic rotation of passwords after use.

What needs improvement?

CyberArk Enterprise Password Vault can improve the distributive vault feature. Distributing the vault in multiple areas and multiple data centers should improve.

For how long have I used the solution?

I have been using CyberArk Enterprise Password Vault for approximately seven years.

What do I think about the stability of the solution?

The stability of CyberArk Enterprise Password Vault depends on what you use it for. It is very stable when using a single vault. I had the most problems using the distributive vault. They've worked through some of that, so it's more stable now.

What do I think about the scalability of the solution?

The scalability of CyberArk Enterprise Password Vault is okay. The distributive vault is what would affect the scalability and there were some issues with that that I've run into.

We only have a small number of users in the current company I am working at, and the previous company I was working for had hundreds of users using the solution. 

We do not plan to increase the usage of this solution.

How are customer service and support?

The support from CyberArk Enterprise Password Vault is good.

I rate the support from CyberArk Enterprise Password Vault a four out of five.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did not use a solution similar to CyberArk Enterprise Password Vault.

How was the initial setup?

The initial setup of CyberArk Enterprise Password Vault was straightforward. The time it took to implement was two months.

What about the implementation team?

We did the implementation of CyberArk Enterprise Password Vault in-house.

We have approximately nine people for the deployment and maintenance of CyberArk Enterprise Password Vault.

What was our ROI?

We have seen a return on investment from using CyberArk Enterprise Password Vault.

What's my experience with pricing, setup cost, and licensing?

There are no additional costs other than the standard licensing fees.

Which other solutions did I evaluate?

We evaluated other solutions but we decided to choose CyberArk Enterprise Password Vault because they were a key player in the market who invented the space.

What other advice do I have?

CyberArk Enterprise Password Vault is great. It excels on-premise. If you were looking at the hybrid or other solutions, there are other solutions that were built in that environment. They're probably a little ahead of CyberArk Enterprise Password Vault at this point.

I rate CyberArk Enterprise Password Vault an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1643352 - PeerSpot reviewer
Manager at a consultancy with 10,001+ employees
Real User
Good session management capabilities, and training available
Pros and Cons
  • "The most valuable feature is privileged session management."
  • "I would like to see a simplification of the product."

What is our primary use case?

We use CyberArk Enterprise Password Vault and we provide it to our customers.

We use this solution for password vaulting and session management.

What is most valuable?

The most valuable feature is privileged session management.

What needs improvement?

The installation process could be simplified.

I would like to see a simplification of the product.

For how long have I used the solution?

I have been dealing with CyberArk Enterprise Password Vault for ten years.

Depending on the needs of the client, it can be deployed both on-premises and in the cloud.

What do I think about the stability of the solution?

CyberArk Enterprise Password Vault is a stable solution.

What do I think about the scalability of the solution?

CyberArk Enterprise Password Vault is scalable.

Which solution did I use previously and why did I switch?

We use Teams for virtual meetings and storage, with SharePoint serving as the backend.

I've never liked the idea of using Zoom because the security was never great.

How was the initial setup?

The installation is not straightforward. It's complex. You would have to be very knowledgeable about the product to do this.

We need two to three administrators to maintain this solution.

What's my experience with pricing, setup cost, and licensing?

Licensing fees are paid on a yearly basis.

What other advice do I have?

Our laptops are containerized, we don't see what antivirus is on there. Our organization strips out all bloatware. If it is not sanctioned or proprietary, we don't use it.

Try to complete as much of the CyberArk training as possible.

 I would rate CyberArk Enterprise Password Vault a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
it_user834369 - PeerSpot reviewer
Associate Vice President & Head of Apps Support at a tech services company with 10,001+ employees
Consultant
Excellent product for privileged access management and easy to implement
Pros and Cons
  • "For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks."
  • "Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server."

What is our primary use case?

Our primary use of CyberArk Privileged Access Manager is to bring control on to the privileged access. For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks.

How has it helped my organization?

There are two main ways CyberArk Privileged Access Manager Server Control has been helpful to us.

  1. Any administrator using his own or her own ID and password to connect to the server or the domain that has been removed and the credentials for accessing the domain or the servers has been locked down into the password wallet, the access to it is controlled now through that group. Now we know who has access and what kind of access. Also, we control access through tickets. Unless there is an approved ticket, an administrator cannot just log onto a server and make changes. In this way, we are ensuring that an attack cannot just steal somebody's ADID and get into the server and create problems.
  2. Through the application and team managers, we have removed the hardcoded user ID and password in our applications. Those are now in a password vault that is not known to anyone. The vault knows and changes the password, then connects the applications to the database.

What is most valuable?

The features that we find most valuable are:

  • Enterprise Password Vault
  • Privilege Session Manager
  • Application Manager
  • Team Manager

These modules help us in locking down the credentials, rotating passwords automatically without us having to worry about it, isolation of servers from the user machine and availability of privileged session recordings for us to check on demand.

What needs improvement?

I think that the connectors, the integration pieces, the integration to ticketing system. This is something which is not meeting our requirements via out-of-the-box solutions, so we have to look for a customized solution, that could be improved.

Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server.

Additional features: We are looking at the connectors. The connectors to be more robust and provide more flexibility for out-of-the-box implication.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It's quite stable so we've not faced any problems so far and it's been working smoothly for us. Initially, there were some technical issues, disconnections happening, and the slowness was there, but we've been able to overcome those challenges. Now for the past 15, 20 days, it's been running smoothly.

What do I think about the scalability of the solution?

The software is scalable enough, so if we want to add more domains, we can just go ahead and do it. I don't see a challenge with that. There are a couple of other parts of the solution that we are not rolling out, but we'll be doing that.

How are customer service and technical support?

The support has been good. Turnaround times have been okay. They have not been immediate, but they do respond in a few hours, or in a day.

Which solution did I use previously and why did I switch?

We didn't have a previous solution at the time.

How was the initial setup?

AIM was a complex piece, but the install was straightforward. It took us around five months.

What about the implementation team?

We went with an implementation partner for the deployment which included a number of admins. Currently, there are around 60 users but they are going to be 150 plus in a month or so.

We want the implementation partner for supporting it for the next three months, and then we will make the call whether we want to continue with them or maybe our resources should be good enough internally to support it.

What's my experience with pricing, setup cost, and licensing?

The cost and licensing fees of the software are fairly reasonable.

Which other solutions did I evaluate?

There were a few competitors we evaluated like CA Technologies, Arcos, Oracle, and Microsoft.

What other advice do I have?

My advice would be to plan ahead of time. Put up the plan for all the modules that you are going to implement. Look at what the dependencies of those are and plan for those dependencies in advance, then start the project.

Especially where it is the application identity manager, the AIM part, which is not only dependent upon the implementation partner but also the customer dev team to make the changes.

That's what makes it critical to plan ahead, ensure all stakeholders' commitment of their time and support, then start the implementation.

I would rate it nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user674049 - PeerSpot reviewer
Head of Technical Services at a tech services company with 51-200 employees
Consultant
Gives us the ability to isolate sessions to protect the target system.
Pros and Cons
  • "Automates password management to remove the human chain weakness."
  • "The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA."

How has it helped my organization?

With the ability to better control access to systems and privileged accounts, we no longer need to manage privilege accounts per user. We are able to manage privilege accounts for the service, which is automatically managed by the CPM as part of the solution. Allowing access to systems by group membership, via safe access, makes controlling actual access much simpler than traditional mapping via the Active Directory.

What is most valuable?

  • The ability to isolate sessions to protect the target system.
  • Automates password management to remove the human chain weakness.
  • Creates a full audit chain to ensure privilege management is responsibly done
  • Creates an environment in which privilege accounts are used, without exposing the password, on target systems.
  • Performs privilege functions, without undue exposure, whilst maintaining the ability to audit, where anything suspicious, or unfortunate, may have occurred.

What needs improvement?

The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA.

Whilst the client is completely functional, it's been around for a long time and is reminiscent of XP, or even Windows 95. It could use an aesthetic update, with some of the wording and functions needing to be updated to be more representative of what is found in similar configuration from within the PVWA.

To go into more detail- The old PrivateArk client is simply that, old. Looking at the recently released Cluster Manager quickly reminds us of that. Also, the way in which objects are handled within the old client is similar to how objects were handled in older versions of Windows. The PrivateArk client could do with easier to follow links to configuration items and the ability to perform searches and data relevant tasks in an easier to follow process, there may even be room for inclusion of the server management component (lightweight even) and cluster manager components to be made available via the same client, should permissions permit such. As much as the client remains stable and functional, I believe it is time for an update, even if only aesthetically.

What do I think about the stability of the solution?

Some improvements could be made to the PSM service. However, this could also be a problem with how Microsoft RDS functions, rather than the PSM services.

What do I think about the scalability of the solution?

This product scales amazingly well.

How are customer service and technical support?

Technical support works with customers and partners to resolve issues in a timely way.

Which solution did I use previously and why did I switch?

No previous solutions were used.

How was the initial setup?

The manual reads like a step-by-step guide. The installation, although complex, can be achieved by following the installation guide.

What's my experience with pricing, setup cost, and licensing?

I don’t work with pricing, but licensing is dependent on the needs and requirements of each customer.

Which other solutions did I evaluate?

We evaluated alternatives, but nothing compares.

What other advice do I have?

Make sure you understand your business objects and your technical objects. Plan to scale out to the entire organization, but start small, and grow organically.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Platinum Partner.Performanta, the global purple tribe, delivering the bedrock of quality managed cyber security services and consulting to our customers, enabling them to do business safely. With a consultative approach to people, process and technology, Performanta focuses on cyber security projects in line with adversarial, accidental and environmental business risk. We measure Governance, Risk and Compliance with a kill chain resilience and technology mapping service, Cyber Security Operations Centre (CSOC) technical support and products to deliver intelligence and customer value to ensure control over the threat landscape. Securing Your World, Together. 16 May, 2017: At the CyberArk Impact EMEA 2017 conference, Performanta received the winning award for ‘Best Solution Partner of the Year’ for UK/Ireland, which they describe as: “The Solution Partner of the Year award recognises Performanta, in region, as having made a significant contribution to the CyberArk business; they understand our offering, can articulate that well into the prospect and customer community and have proven themselves technically capable on a regular basis during the last 12 months.”
PeerSpot user
it_user528927 - PeerSpot reviewer
Owner at a tech consulting company with 51-200 employees
Consultant
You can control password management. It provides flexibility and security.

What is most valuable?

Auditing and control are the most valuable. You can control password management almost to the max, giving you, your users and your auditors great flexibility without compromising security.

The auditing and control is more valuable to the enterprise than to myself. Apparently one of the overseas offices was able to track and identify misuse of a privileged account. In addition, it is heavily used during the periodic user/account recertification process.

How has it helped my organization?

Recertification of accounts and users, whereas previously 100s of accounts reside on devices, targets, applications, etc., now, due to using the vault and recertification, owners are in total control of their accounts and usage. Dual control forces owners to approve access to their safes and usage of passwords. The number of audit points regarding rogue accounts is falling dramatically.

What needs improvement?

Small things such as resizing pop-ups but mainly the reporting possibilities: These are quite poor in my honest opinion. If you really want custom reports you actually need to export data to an Access database and create your own queries and reports. The default reports are just that.

The reporting functionality is currently limited to default reports, listings and overviews. For more detailed and in-depth reports, you need to export the data to an external app such as Access or MS SQL. For example, if you need a report listing all safes, owners, members and accounts (like we do), you need to create a bespoke report. Ideally, in 2016, perhaps a graphic drag & drop reporting interface would be ideal.

For how long have I used the solution?

I have been using the product now for a little over four years from the support side.

What do I think about the stability of the solution?

No stability issues at all; we have a 24/7 standby and have yet to be called out on issues other than locked accounts. These are almost always user-related. We have had no downtime other than planned DR tests.

What do I think about the scalability of the solution?

I have not encountered any scalability issues; we have actually scaled down since the new releases. Where previously we had CPMs & PVWAs throughout the world, we now have load-balanced CPMs and PVWAs in just two locations.

How are customer service and technical support?

It can take time before you get a solution. Frequently, we have already solved it ourselves. CyberArk is re-arranging its support teams to improve communication with clients and to resolve cases quicker. As there is a release every six months, this might prove to be a challenge.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

The vaults are installed on dedicated servers and subsequently hardened in their own dedicated workgroup. In our organization, there was a heavy battle with Server Support, who refused the workgroup setup and demanded that the servers join a/the domain. Do not agree! The servers have to be separate from the general server population and have nothing installed except the vault. Nothing has access, so no MS updates, AV software, etc. It took a while to convince them.

Which other solutions did I evaluate?

Before choosing this product, I did not evaluate other options.

What other advice do I have?

Do not take it lightly. It takes a lot of hard work to analyse and implement. Involve the entire organization from the start. As you will be working with security teams, you might encounter a certain level of distrust (you are in their domain right?). Involve them, liaise frequently and get everyone onboard.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user326337 - PeerSpot reviewer
it_user326337Customer Success Manager at PeerSpot
Real User

Are there other SaaS solutions with reporting capabilities that you would hope CyberArk could learn from as an example of a successful model?

IkedeEbhole - PeerSpot reviewer
Pre sales Engineer (West Africa) at StarLink - Trusted Security Advisor
Real User
A useful solution for privileged identity and application identity management
Pros and Cons
  • "It's a good solution, it works, and the bank is happy with it."
  • "The architecture needs to be improved."

What is our primary use case?

Our primary use case for his solution is privileged identity and application identity management, and we deploy the solution on-premises.

What is most valuable?

We have found the core features of the product most valuable, such as password management, session recording and vaulting.

What needs improvement?

The architecture needs to be improved. For example, the whole solution can come within a single software bundle instead of the distributed components we have for the on-premise deployments. I think there's room for improvements in that area because the competitors within that space have appliances and software that are just a single software. You don't have to split functionality across several servers like the current deployment.

For how long have I used the solution?

We have been using this solution for approximately five years.

What do I think about the scalability of the solution?

The solution is scalable. At the point of implementation, 300 users in our organization were using it, but that number may have increased.

How was the initial setup?

The initial setup is not very complex because of my experience and skills. Still, the end users are only in charge of the administrative aspects, but I think the set up is a bit complex for those who are not very savvy with the solution. Implementation took approximately two weeks.

What other advice do I have?

I rate the solution nine out of ten. The solution is good, but the main feature to be improved is having the product in a consolidated software bundle. So the moment we have PSM, it's a dedicated server. We can also have a PVWA in another server, so having a singular bundle is just like the cloud offering. The infrastructure is abstracted from the end user. So if we can have something like that for on-premises, that would simplify implementation. Regardless it's a good solution, it works, and the bank is happy with it. My recommendation to people considering implementing this product is to get the scoping appropriately done. It comes down to scoping the initial deployment, so it doesn't take forever. Still, if you're not scoping correctly, you could have a situation where people keep adding new accounts continuously, and your project never ends. Hence, scoping is kind of important.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.