CyberArk Privileged Access Manager Reviews

The most valuable feature of this product is the Central Policy Manager. From the Operation and Security point of view a robot that can connect to destination machines, change passwords at fixed times, and put them in the vault, like a person, and therefore, is the best that you can ask for.

It combines more functionality in a single product and solve a lot of problem, from security to compliance.

It has improved many parts of the organization. From the security and audit perspective, we're now fully aware of who accessed data and from where they accessed it. This helped us with regulatory compliance. We've improved our level of security in many typically-unsafe environments, such as domains.

I think that this product can be improved in all the areas. The details usually are important as the funcionallity. So I think that understanding the request from the customer CyberArk, as is already doing, can improve day by day his product.

I have used Cyber-Ark PAS since 2008, so thid is the seventh year that I will be working with it.

Usually not. The biggest problem was the incompatibility or non-default installation of an OS to be managed by the Central Policy Manager.

Never encountered any problems with stability.

Never encountered any problems with scalability. The Vault, Central Policy Manager, Password Vault Web Access, Privileged Session Manager and Application Identity Management architecture are designed to support scalability.

It's improved over the years and now is very fast and efficient. We've got a very good Italian customer service.

Very high level of technical support. Fast and organized.

Never used a different solution.

The initial setup is really fast, simple and straightforward. It consist of a simple Windows installation (next-next type) for any component. The only requirement is to do the installation step by step following a list of components to do beforehand.

I work in a vendor team, and we installed the product in a large company.

We are a system integrator. We are selling its latest version to customers who are new to PAM or are coming from an older PAM. 

The respected partnership and portfolio with CyberArk are highly valuable to our organisation, as it helps to open doors with Enterprises and Financial organisations, on serious discussions on Identity and PAM projects. CyberArk PAS solutions bring good services revenue and long terms relationships with customers.

Their legacy of more than 20 years is very valuable. It brings a lot of stability to the product and a wide variety of integration with the ecosystem. Because of these factors, it has also been very successful in deployment. So, the legacy and integration with other technologies make the PAM platform very stable and strong.

In terms of features, most of the other vendors are still focusing just on the privileged access management or session recording, but CyberArk has incorporated artificial intelligence to make PAM a more proactive system. They have implemented threat analytics into this, and there is also a lot of focus on domain controller production, Windows, LINUX Server, DOMAIN CONTROLLER protection etc. They have also further advanced it with the security on the cloud and DevOps environment.

They have a bundle licensing model, which really helps, unlike competitions complex licensing. Even though in our market, few customers have the perception that CyberArk is expensive as compared to some of the other new PAM providers, but in terms of overall value and as a bundling solution, it is affordable and also CyberArk is highly scalable platform.

Their post-sale support area requires a little more attention to our region ( ME/UAE. The current support model does not allow the end customers to open a ticket directly with CyberArk. Customers have to inform the distributor or bring in partners who have access to the support portal to open support cases. The support teams liability is limited to product issues and they usually do not get into configurations and integrations, unless estimated and paid for PS services.  This indirectly helps Service providers like us to make extra revenue. The default 24/7 support to our region, is effective when there is an emergency like a serious software issue, or if password vault is down etc, for such cases they provide immediate attention. For the rest of the low priority like migrations, upgradations, backups etc ( in some site it shall be considered high ), they take more time to respond.

Looking forward to new features line API security 

I have been engaged with CyberArk solutions for about five years.

A very stable platform for small to extremely large and complex organisations and distributed networks.

In one of the projects for global MNC, we had successfully executed projects with distributed Vault in 16 countries spread across 5 continents. This is done with a centralized primary vault( on HA )- HQ Datacenter, which connected distributed local vault and PSM, along with DR in the cloud. 

All these years in none of our projects haven't come across product stability or system crash isuses due to cyberark software

For customer and service provides (like us ), PAM is a journey with continues improvement and hygiene practices to protect the critical system. CyberArk offers many solutions for endpoint privilege management, Domain Controller protection, DevOps security which helps in upselling and expanding the security measures. Also, the solution is capable of handling a distributed and heterogeneous environment 

CyberArk PAS setup needs expertise and experience. Based on my experience, a small deployment of 10 or 20 PAM users takes one week to set up the PAM infrastructure and another one week to go live with basic modules and standard out of box integrations. The rest of the rollout has customer dependencies.  Ideally, the PAM system needs 3-6 months to get mature in an organisation.

We do inhouse.

Overall, bundle pricing and sales team support are really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules required in PAS, except the add-on advance technologies like agent-based endpoint, Win/Linus server protection, domain controller protection etc. When it comes to agent-based advanced technologies the overall cost is not cheap. However, the values it brings is highly critical to customers who are paranoid about targeted attacks.

Vendor PS BOQ are expensive like usual OEMs rates, but they do the Scope effectively within less time, which help the large customers ( like banks ) to run without any downtime 

I would recommend CyberArk solution even for small customers, who have critical application and internet presence in their business. The licensing model support to start with even 5 privilege users, this really helps. We haven't experience Idaptive ( Identity Saas ) solution yet, however, it looks promising

I would rate CyberArk PAS a ten out of ten. They are sharp focused on privilege access security for more than 21 years. This highly remarkable.

We use it for storing and rotating passwords.

Within our organization, a lot of people are using this solution for a lot of projects. We have already implemented CyberArk as a SaaS solution. We are not using the core parts, but we are using the software as a service for a project.

At my previous job, there was a team of seven people who were in charge of maintenance. Mostly analysts, senior analysts, and a technical lead used this solution. 

It completely depends on the requirement. For some of the RPA robotic types of user identity, we prefer for it to happen in an automatic way, but some of them are highly critical, so we don't do it automatically. As for the end-user experience or expectation, if they want to change it at their end, they can do it.

I don't see any problems because it's highly secure and very flexible. It gives us all types of storage options and it gives us a high level of security. From my experience, overall, I don't see many problems that need to be rectified.

The only problem involves granting access to people who are authorized to view it. This user management area is the most critical. We have to constantly check on that area and we have to review and give proper access. Nobody should have more access than they are authorized for.

I have been using CyberArk Enterprise Password Vault for eight years.

It's scalable at the component level. If you want to add some of the latest components, or if you want to implement biometrics or MFA, this solution can handle that — it's very easy to implement.

The tech support is amazing. If you have any issues that you need help with, the CyberArk support team reaches out very quickly, depending on the criticality of the issue. If it's critical, they will reach out to you within hours.

The vendor support is really good.

The initial setup is quite straightforward. These days they have an automatic script — It is much less time-consuming.

We used to do it manually which would take almost two to three hours in total.

We did it in-house. I'm certified in CyberArk; I've also installed it for clients as well.

The licensing plan is either six months or one year — it's not on a monthly basis.

Every company will have a different license fee, but ultimately, it comes down to how many users you want to manage and how many companies you want to support. If you want three CPMs, then you'll need licensing for three. It's per-company, license-based.

I am currently evaluating other solutions. A few of them do not support PTA. Some of them don't have DevOps properly managed. Others don't give you the DNE facility, which is free of charge with CyberArk.

I would definitely recommend CyberArk Enterprise Password Vault.

On a scale from one to ten, I would give this solution a rating of eight.

Our primary use of this solution is as a password manager.

The interface is very simple to use.

Security-wise, CyberyberArk is better than the other products.

The pricing is too expensive and should be reduced. This is our only concern. When a small industry wants to invest in these kinds of tools, they don't have the budget to spend a lot of money on security. If the price were more reasonable then many other small businesses would consider using it.

The installation process should be easier and more user-friendly so that you don't need to hire a third party to deploy it. Instead, an in-house administrator could do it.

I have been using this product for the last two years.

Over the past two years, I hardly remember us facing any large problems. We have experienced small bugs, but they release patches to fix those.

This is a scalable product. In our company, we have about 100 users, most of which are part of our DevOps team or are administrators.

We are satisfied with the technical support.

Prior to CyberArk, we were using a Microsoft product, but it didn't fulfill our entire requirement. We adopted this new solution because it met all of our needs.

The initial setup is complex. It took two or three days to complete the deployment.

We implemented this solution with the help of consultants who had experience with it.

This product is very expensive.

I have seen demonstrations of similar products by other vendors and what I found was that the security on this solution is better.

Overall, I feel that this is a good product and I recommend it. The only thing that people have to consider is pricing.

I would rate this solution an eight out of ten.

Our primary use of CyberArk Privileged Access Manager is to bring control on to the privileged access. For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks.

There are two main ways CyberArk Privileged Access Manager Server Control has been helpful to us.

1. Any administrator using his own or her own ID and password to connect to the server or the domain that has been removed and the credentials for accessing the domain or the servers has been locked down into the password wallet, the access to it is controlled now through that group. Now we know who has access and what kind of access. Also, we control access through tickets. Unless there is an approved ticket, an administrator cannot just log onto a server and make changes. In this way, we are ensuring that an attack cannot just steal somebody's ADID and get into the server and create problems.
2. Through the application and team managers, we have removed the hardcoded user ID and password in our applications. Those are now in a password vault that is not known to anyone. The vault knows and changes the password, then connects the applications to the database.

The features that we find most valuable are:

• Enterprise Password Vault
• Privilege Session Manager
• Application Manager
• Team Manager

These modules help us in locking down the credentials, rotating passwords automatically without us having to worry about it, isolation of servers from the user machine and availability of privileged session recordings for us to check on demand.

I think that the connectors, the integration pieces, the integration to ticketing system. This is something which is not meeting our requirements via out-of-the-box solutions, so we have to look for a customized solution, that could be improved.

Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server.

Additional features: We are looking at the connectors. The connectors to be more robust and provide more flexibility for out-of-the-box implication.

It's quite stable so we've not faced any problems so far and it's been working smoothly for us. Initially, there were some technical issues, disconnections happening, and the slowness was there, but we've been able to overcome those challenges. Now for the past 15, 20 days, it's been running smoothly.

The software is scalable enough, so if we want to add more domains, we can just go ahead and do it. I don't see a challenge with that. There are a couple of other parts of the solution that we are not rolling out, but we'll be doing that.

The support has been good. Turnaround times have been okay. They have not been immediate, but they do respond in a few hours, or in a day.

We didn't have a previous solution at the time.

AIM was a complex piece, but the install was straightforward. It took us around five months.

We went with an implementation partner for the deployment which included a number of admins. Currently, there are around 60 users but they are going to be 150 plus in a month or so.

We want the implementation partner for supporting it for the next three months, and then we will make the call whether we want to continue with them or maybe our resources should be good enough internally to support it.

The cost and licensing fees of the software are fairly reasonable.

There were a few competitors we evaluated like CA Technologies, Arcos, Oracle, and Microsoft.

My advice would be to plan ahead of time. Put up the plan for all the modules that you are going to implement. Look at what the dependencies of those are and plan for those dependencies in advance, then start the project.

Especially where it is the application identity manager, the AIM part, which is not only dependent upon the implementation partner but also the customer dev team to make the changes.

That's what makes it critical to plan ahead, ensure all stakeholders' commitment of their time and support, then start the implementation.

I would rate it nine out of ten.

We use CyberArk to manage anything privileged including our admin IDs, AWS root credentials, service accounts, etc.

It's been a big win for us as we're now able to start managing service accounts with AIM. This is a big win, especially with our web hosting team.

There are several features we've found valuable. We're auto-discovering our new Windows servers, we're managing root in our Unix environment, and now we're pushing for SA password rotation this year.

As we have not yet moved to the core licensing model, we don't have the benefit of PSM and a few other things that were not previously included.

Our primary use case for this solution is privileged threat management and session management.

I have an affinity towards CyberArk. I find that it works out-of-the-box, as a product.

I really like the PTA (Privileged Threat Analytics). I find this the best feature.

From what I see, like the out of the box password management features, or you can pay the tax forms, which I will write log, can become extensive. For example, we have right now 45 to 50 platforms to tell that were out of the box, like Cyber Optics 200 out of the box connectors, so if we can just put those also into out of the box so that the pros do not have to retell everything to what they think the comp manager of Cyber Optics representative. Apart from that, if we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature.

I would not say there is a stability issue. There are quite a few bugs, which I have discovered in versions 10.1 and 10.2, but I believe that was rectified out of scalability.

I have no scalability issues at the present time.

I believe the tech support staff can be more proactive. Right now, I have booked a ticket with tech support for an issue, and I have labeled the ticket "moderate priority." The response from tech support was at best, an answer within three to four days. I believe that is too much time, and can be shortened.

It's straightforward, I mean probably who for 11 years of experience is quite straightforward, but maybe for a newbie, it could be complex.

I do not have any opinions to add about the pricing.

I think if the industry could work together on TSM connectors, this would be a cutting-age change.

The primary use case is password management. 

I find the threat analytics is an important feature. CyberArk can look at the log details, and analyze who is using the applications, which are their locations, and which are the IP locations from which they are accessing. This enables the solution to find the exact location the threat is emanating from. We really value this feature.

The usual workload on the system is sometimes delayed by CyberArk. So, any major work is getting delayed, and may take twice the amount of time that it usually does. For instance, if there's a password change of an account it will take time because you have to log in, then  authenticate, and this is followed by delays. It becomes cumbersome and frustrating.

It is a stable product. 

The scalability of the solution is good. We expanded, and we found the biggest part was a bit unfomfortable in terms of product. They are designing, leveraging the features so greater different markets are joined. On the ground it was difficult initially.

I found techincal support is adequate. The Indian team is not so good. They are OK with helping, but not all of the engineers are entirely experienced. 

The initial setup was OK. If I set up one box, one automation, one machine, within one program, it is O. But, if I have multiple locations in Japan, China, Asia, Singapore, and the like, I will have some trouble. I have faced this problem in the past. 

It is quite costly. The license is a concern for some of the clients. 

I have previous experience with Oracle in the past. There is an ease of use with Oracle, because it is small and not very complex. You can wrap your work in a single day with Oracle. In comparison, the API is quite small with CyberArk. But, the product itself is so robust.