CyberArk Privileged Access Manager Reviews

All the high privileged accounts are managed by CyberArk at a regular frequency. This mitigates the big risk that we had for passwords not changing forever.

The combination of CPM and PSM resolves a lot of use cases.

They can do a better job in the PSM space.

It has been pretty stable. No ongoing issues; only one-off, and CyberArk support has been pretty good for support.

I can foresee some issues if we suddenly have to put thousands of passwords into CyberArk Vault. I know they have the password upload utility, but it has its limitations.

Customer Service:

Their support is pretty good and responsive.

Technical Support:

Their support is pretty good and responsive. Their L3 is in Israel, so sometimes it takes more time getting responses for complicated use cases.

I did not previously use a different solution. I have always used CyberArk.

I would rate initial setup as a medium complexity. They have good documentation, as well.

I am from a vendor team that does the implementation.

I was not involved in the pricing and licensing. I have an idea that it's on the higher side of the price scale.

Before choosing this product, we also evaluated Dell and NetIQ.

Auditing and control are the most valuable. You can control password management almost to the max, giving you, your users and your auditors great flexibility without compromising security.

The auditing and control is more valuable to the enterprise than to myself. Apparently one of the overseas offices was able to track and identify misuse of a privileged account. In addition, it is heavily used during the periodic user/account recertification process.

Recertification of accounts and users, whereas previously 100s of accounts reside on devices, targets, applications, etc., now, due to using the vault and recertification, owners are in total control of their accounts and usage. Dual control forces owners to approve access to their safes and usage of passwords. The number of audit points regarding rogue accounts is falling dramatically.

Small things such as resizing pop-ups but mainly the reporting possibilities: These are quite poor in my honest opinion. If you really want custom reports you actually need to export data to an Access database and create your own queries and reports. The default reports are just that.

The reporting functionality is currently limited to default reports, listings and overviews. For more detailed and in-depth reports, you need to export the data to an external app such as Access or MS SQL. For example, if you need a report listing all safes, owners, members and accounts (like we do), you need to create a bespoke report. Ideally, in 2016, perhaps a graphic drag & drop reporting interface would be ideal.

I have been using the product now for a little over four years from the support side.

No stability issues at all; we have a 24/7 standby and have yet to be called out on issues other than locked accounts. These are almost always user-related. We have had no downtime other than planned DR tests.

I have not encountered any scalability issues; we have actually scaled down since the new releases. Where previously we had CPMs & PVWAs throughout the world, we now have load-balanced CPMs and PVWAs in just two locations.

It can take time before you get a solution. Frequently, we have already solved it ourselves. CyberArk is re-arranging its support teams to improve communication with clients and to resolve cases quicker. As there is a release every six months, this might prove to be a challenge.

I did not previously use a different solution.

The vaults are installed on dedicated servers and subsequently hardened in their own dedicated workgroup. In our organization, there was a heavy battle with Server Support, who refused the workgroup setup and demanded that the servers join a/the domain. Do not agree! The servers have to be separate from the general server population and have nothing installed except the vault. Nothing has access, so no MS updates, AV software, etc. It took a while to convince them.

Before choosing this product, I did not evaluate other options.

Do not take it lightly. It takes a lot of hard work to analyse and implement. Involve the entire organization from the start. As you will be working with security teams, you might encounter a certain level of distrust (you are in their domain right?). Involve them, liaise frequently and get everyone onboard.

I see the Auto IT integration as the most valuable feature.

I have seen improvements compared to the older versions and the integration of Auto IT provided the flexibility to add thick clients and websites.

Session recording search capability has to be improved. It should include more platforms for password management. It should include more thick client integrations.

I used it for almost six years.

There is dependency on Windows tasks and if any AD GPO changes are pushed, it affects the system and stops working.

I have not encountered any scalability issues. The product scales as the organisation grows.

Technical support from the vendor is the worst and that is one reason I stopped using CyberArk.

The initial setup is not so complex, but CyberArk does require more servers for a full-fledged installation.

The solution is costly and the licensing is very complex.

I was using CyberArk for more than six years and I have now switched to ARCOS. I was impressed with ARCOS because of the following reasons:

• Cost-effective solution
• Fewer servers required
• Flexibility, performance
• More features
• Simple licensing
• Good support

I evaluated other solutions such as Leiberman, ManageEngine, TPAM, and Xceedium.

ARCOS seems to be very promising and cost effective. Also, ARCOS doesn’t have a traditional jump server concept, which saves the customer from spending more on hardware. The licensing is very simple (number of admins & target IPs), where most of the features are available by default with the basic license.

CyberArk architecture is good and more secure, but I see the solution as expensive. Support is the worst; CyberArkstaff is not supportive, their professional service team charges for each and every thing.

CyberArk vouches for access to domain controllers in Unix and Windows Server. 

CyberArk makes our environment more secure and prevents possible attacks by compromised accounts.

The price is high compared to Azure Key Vault. It's the most expensive solution. 

I have used CyberArk for about three months.

We have 98 percent uptime. 

CyberArk is scalable. We have around 4,000 users. 

We previously used Telos. We switched to CyberArk because it has features to deal with a large company that has a complex structure and many partners. 

Deploying CyberArk was moderately difficult. It isn't too hard, but it isn't easy. One person is enough to install it. It took about one month to select the product and deploy it.

CyberArk is more expensive than other solutions, but it's necessary when the company has contacts with other branches and partners. 

I rate CyberArk Enterprise Password Vault eight out of 10. It's more expensive than Azure Key Vault, but Key Vault doesn't have CyberArk's analytics and user tracking. I recommend CyberArk if you need those features. However, it's costly in the Brazilian market because of the conversion fro reals to dollars. 

We implement this solution for our customers. We are system integrators, not end-users.

The main use case is for secure access, and monitoring the access by IT administrators.

I like the performance of CyberArk Enterprise Password Vault.

Definitely, it's a reliable solution.

It has a wide range of features. They are probably the widest range of features on the market. It is the main reason customers usually select this product.

This solution works very well, and the feedback from our customers is very good.

Integration is one of the strongest capabilities of this solution. There are hundreds of integrations that are ready to use. It is continuously growing, which is one of its strengths.

The interface is really user-friendly.

It's a highly flexible solution that can adapt to each customer's needs.

Another strength, for both performance and the security levels, is the segregation of the different rules of the solution.

The initial setup could be simpler but it may not be as effective.

I've been using CyberArk Enterprise Password Vault for three years, and the company began using it in 2003.

This solution is used mainly on-premises, but the trend is to go with hybrid and cloud deployment for new projects.

CyberArk Enterprise Password Vault is a stable product.

CyberArk Enterprise Password Vault is easy to scale.

I have not contacted technical support. I deal in the presales department. I don't manage the technical aspects of delivery and support.

We needed to build a specific project that is tailored for each customer. It requires a bit of design with the first part of the project, which is a benefit because the solution has high performance and is built on the needs of the customer. 

There is a bit of a setup initially, but it provides them with a good result for the project.

It's an affordable platform.

It is not the cheapest solution available on the market, but if you want a good project, you need to have the value of the solution you are selecting. 

In my opinion, it is a good compromise between the cost and the benefits. I think the price is fair.

I would definitely recommend this solution to others who are interested in using it.

I do not have visibility with other solutions that may be better or more up-to-date.

I would rate CyberArk Enterprise Password Vault a ten out of ten.

• Credential faulting
• Credential management
• Privilege session management
• Secure file storage

We are utilizing CyberArk to secure applications, credentials, and endpoints.

The product is performing very well. It is a difficult product to implement into a large organization though. There is a lot of customization and a lot of hands on stuff, which is not just install and be done. This isn't bad, but it does require a lot of time. 

The value is probably the best of all of the other products which are offering the same services.

Having the keys securely locked helps drive policy. We can say what policy is, then we can point to the solution which provides it. Having that availability is strong in a large enterprise, especially in a global enterprise where there is a lot of different cultures and people do not want to hand off their privilege, rights, or workflows. Having that all set up and making it easier for them takes a lot of the stress off of our job.

We are implementing PSM right now. It is providing a secured workflow substitute where people would go in and check out their passwords. They want to use it instead of having passwords, similar to Guard Check. 

You go in because you need a key. You get the key, and you are accountable for that key while you have it. You open the door, do your work, close it, and return the key. People get that analogy, and it is awesome.

We are in the basics, like Windows, Unix, and databases. We do plan on getting everything eventually managed. It is just a lot of customization and time to get it fully matured.

The support is good and quick. This is what we are paying for. We can try to implement something on our own end. However, when we need immediate support, because something is down, we usually get it within acceptable time frames.

It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile. There are competitors that have mobile apps which do the same thing. Mobile browsing is just not there with CyberArk. 

This might be out of scope for CyberArk, but LastPass is an example of personal credential management. It would be cool if we could give personalized solutions to people, even if it is stored in the cloud. We have an enterprise solution, but we don't have a personalized one. It would be nice to have it all under one umbrella.

Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug. Our management is very upset about it.

CyberArk has been helping out, and it has been okay. However, the stability is definitely a concern, because with PSM, it becomes more critical to have it up. All of a sudden you have to have PSM up to be able to do your work.

The stability issues started when we upgraded from 9.7 to 9.95. Then, we were told during one of our cases that there was a bug in our new version and the only solution was to upgrade.

The scalability is big. We are a large company, and there are only a few companies that can scale so well.

We use their technical support all the time. It is a little slow to start a case. Then, once you get through that door (Level 1), it does escalate appropriately.

On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need.

Since I started, it has always been CyberArk.

I can't say we have an ROI. Our CIO is not about measuring profit from our security stuff. Our risk is definitely significantly lower. Also, our resources are low.

Start small and don't try to overwhelm your scope. Do small steps and get them completed. Take notes, document, then scale out. Go from high risk out instead of trying to get everything in, then fixing it.

One of my homework assignments at CyberArk Impact is to find out more about how to utilize CyberArk to secure infrastructure or applications running in the cloud.

We have a lot of the out-of-the-box plugins with one custom plugin, but we are still new to using them.

Most important criteria when selecting a vendor

Age of the company, because we do not want to be first to market. We want to hear about it from other people. How is the sales rep is communicating. Whether it is more of a sales pitch or if it is a genuine concern for our security.

Then, make sure our vision is lined up with the product. We want to get our bang for the buck

As a security engineer, I mostly implement the Enterprise Password Vault Suite (Vault Server, Central Policy Manager, Password Vault Web Access) as this is the base upon which every additional component is built. I am using and implementing the additional components, such as the Privileged Session Manager and Application Identity Manager, more and more.

When implementing CyberArk, I see that a lot of security issues are addressed by the solution. For example, audit issues for privileged (non-personal) accounts, which have a sufficient amount of impact on the organization when being compromised or misused.

A major benefit next to the auditing capabilities is the secure storage of the accounts in questions. CyberArk has the most extensive hardening and encryption techniques I have seen in a product, with equal intentions.

Additionally, CyberArk can reduce the attack surface of these accounts by retaining the privileged accounts (protecting the credentials) within a secure environment only to be accessed through a secured proxy server (Privileged Session Manager). What I have also seen is that the Privileged Session Manager can aid in the adoption of CyberArk within an organization as it allows the end user to keep using his personal way of working (e.g., Remote Desktop Manager, Customized Putty).

Another burden that organizations have is the need to manage hard-coded credentials. CyberArk also has a solution for this, allowing the credentials to be stored in the vault, where they can be retrieved by a script or applications through the execution of a command instead of hard-coding the credentials. There is also a solution available for accounts used in Windows scheduled tasks, services and more.

The last generic, relatively new improvement for customers is the ability to monitor and identify the usage of the accounts managed by the suite. By using Privileged Threat Analytics, you can match the usage of CyberArk against the actual (logon) events retrieved from the corporate SIEM. Next to this, PTA profiles privileged account usage to discover malicious patterns such as different IP addresses or usage of an account on an unusual day. This is a very useful practice to gain an enhanced view on these privileged accounts and can eventually limit the impact of any malicious usage because of early detection.

In every product, there is room for improvement. Within CyberArk, I would like to see more support for personal accounts. It can be done right now, but I can imagine changing a few aspects would make this easier and more foolproof.

Next to that, the REST API is not as capable as I would like. CyberArk is getting close, though.

Lastly, I would love to see a password filler that can provide raw input (like a keyboard). There are scenarios where administrators do not have the ability to copy and paste a password from the clipboard. As typing over a long random password is a tricky job, a raw password filler would be a solution that could overcome this issue.

I have been involved with CyberArk for three years now. During this period, I have designed, implemented and supported multiple CyberArk environments.

During the time that I have worked with CyberArk, I was able to conclude - based on experience and colleague stories - that this is one of the most stable products I have ever encountered. I have never seen any stability issue that was not related to a human error or a configuration issue.

As far as I’m aware, we have not encountered any scalability issues. I have heard of some issues with the database of CyberArk when scaling to excessive amounts of entries, a long time ago. These issues have been fixed, as far as I know.

In addition, it is possible to have issues with the Central Policy Manager when you configure it wrong.

The technical support for our customers is primarily handled by ourselves, with CyberArk technical support to fall back to. I have seen great improvements in the quality of support over the years and they continue to do so. The response is fast and the quality is good.

There is room for improvement in bug tracking. When a bug is confirmed, it is hard to track when or if it will be released in one of the future releases. As CyberArk is building an entire new support portal, I hope that this will be improved someday.

My company did not previously use a different solution. My company has had CyberArk in their portfolio for more than 10 years now.

Our company has set up a ‘generic’ and fast implementation plan based on our experiences and best practices. This plan provides a straightforward approach, which can be customized into a complex solution to suit every customer's needs.

In general, the installation is quick, but the actual work is found in the process of onboarding new account(type)s as this requires a significant amount of communication and coordination.

Try to create a good design with a CyberArk partner before you start thinking about licensing. Then, you will have a good view on the components needed to suit your environment from the start towards a fully mature environment.

Do not think too big at the start.

The most valuable feature of this product is the Central Policy Manager. From the Operation and Security point of view a robot that can connect to destination machines, change passwords at fixed times, and put them in the vault, like a person, and therefore, is the best that you can ask for.

It combines more functionality in a single product and solve a lot of problem, from security to compliance.

It has improved many parts of the organization. From the security and audit perspective, we're now fully aware of who accessed data and from where they accessed it. This helped us with regulatory compliance. We've improved our level of security in many typically-unsafe environments, such as domains.

I think that this product can be improved in all the areas. The details usually are important as the funcionallity. So I think that understanding the request from the customer CyberArk, as is already doing, can improve day by day his product.

I have used Cyber-Ark PAS since 2008, so thid is the seventh year that I will be working with it.

Usually not. The biggest problem was the incompatibility or non-default installation of an OS to be managed by the Central Policy Manager.

Never encountered any problems with stability.

Never encountered any problems with scalability. The Vault, Central Policy Manager, Password Vault Web Access, Privileged Session Manager and Application Identity Management architecture are designed to support scalability.

It's improved over the years and now is very fast and efficient. We've got a very good Italian customer service.

Very high level of technical support. Fast and organized.

Never used a different solution.

The initial setup is really fast, simple and straightforward. It consist of a simple Windows installation (next-next type) for any component. The only requirement is to do the installation step by step following a list of components to do beforehand.

I work in a vendor team, and we installed the product in a large company.