Try our new research platform with insights from 80,000+ expert users
MasterSo7490 - PeerSpot reviewer
Master software engineer at a financial services firm with 10,001+ employees
Real User
Improves security by having credentials locked down and rotated regularly
Pros and Cons
  • "Provides improved security around having your credentials locked down and rotated regularly."
  • "I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine."
  • "When something comes out, it's generally airtight and works as advertised. However, sometimes they are a little bit slow to keep up with what's coming out. In 2017, for example, they released support for Windows Server 2016, which had been out for a year or so."
  • "The scalability, sometimes, is lacking. It works really well for more static environments... But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up."

What is our primary use case?

Primary use case is storing and rotating local domain admin credentials for Windows and Unix network devices.

We're using CyberArk secure application credentials and endpoints on a small scale and we're planning, for the future, to use CyberArk to secure infrastructure applications running in the cloud. We don't have experience using the Plugin Generator Utility.

It is performing pretty well for the most part. We have some issues with RADIUS authentication, some bugs with that. But, generally speaking, it works really well.

How has it helped my organization?

The benefit is knowing where your accesses are, who has access to what. Additionally, obviously, it provides improved security around having your credentials locked down and rotated regularly.

What is most valuable?

Credential rotation. It's tops.

What needs improvement?

I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine. Then you could go back in through your native clients and connect to that machine. Also, to have that built out to include not just Unix targets but anything you'd want to connect to.

Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.

What do I think about the stability of the solution?

The stability, overall, is really good, outside of some of the RADIUS problems that we're having. Generally, it is very good.

What do I think about the scalability of the solution?

The scalability, sometimes, is lacking. It works really well for more static environments. I've been at places that had a really static environment and it works really well. You've got X number of CPMs and X number of PVWAs in your vault and everything gets up and going and it's smooth sailing. But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up.

How are customer service and support?

Technical support actually works really well. From time to time there can be some issues as far as SLAs go. Sometimes results will be on the back end of an SLA, which is still fair. It seems like you're complaining that it's "one to three days" and it's three as opposed to one, which is an unfair criticism. 

Generally, everybody is pretty knowledgeable. They're pretty upfront when it needs to be passed off to somebody else. That usually happens in a pretty timely manner.

How was the initial setup?

I have been involved in the initial setup elsewhere. It's actually really straightforward, depending on what you're trying to do. If you have a simpler environment, to set up a PVWA and to set up a vault, is straightforward. It's all pretty much there in the guide. Sometimes the documentation gets a little bit out of sync, where things aren't exactly as they should be but it's always really close. Generally, the documentation is good and straightforward.

What was our ROI?

I'm not the right person to answer questions about ROI for our organization.

What other advice do I have?

Engage with Professional Services, not just for help with, "Here are the buttons to click," because they've been really helpful as far as how we would want to implement things.

Our most important criteria when selecting or working with a vendor, outside of the product being good, are reliability and timeliness of response. Those are the two big things. I think CyberArk does a pretty good job on these.

I rate CyberArk at eight out of 10. I think the solution, as released, is usually very good. When something comes out, it's generally airtight and works as advertised. However, sometimes they are a little bit slow to keep up with what's coming out. In 2017, for example, they released support for Windows Server 2016, which had been out for a year or so. There is probably some tradeoff that is required to keep things so airtight, by holding back a little bit. But that would be my one criticism: It's slow to keep up, sometimes, with updates.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
PeerSpot user
Senior Consultant at a consultancy with 10,001+ employees
Consultant
The combination of CPM and PSM resolves a lot of use cases.
Pros and Cons
  • "The combination of CPM and PSM resolves a lot of use cases."
  • "They can do a better job in the PSM space."

How has it helped my organization?

All the high privileged accounts are managed by CyberArk at a regular frequency. This mitigates the big risk that we had for passwords not changing forever.

What is most valuable?

The combination of CPM and PSM resolves a lot of use cases.

What needs improvement?

They can do a better job in the PSM space.

What do I think about the stability of the solution?

It has been pretty stable. No ongoing issues; only one-off, and CyberArk support has been pretty good for support.

What do I think about the scalability of the solution?

I can foresee some issues if we suddenly have to put thousands of passwords into CyberArk Vault. I know they have the password upload utility, but it has its limitations.

How are customer service and technical support?

Customer Service:

Their support is pretty good and responsive.

Technical Support:

Their support is pretty good and responsive. Their L3 is in Israel, so sometimes it takes more time getting responses for complicated use cases.

Which solution did I use previously and why did I switch?

I did not previously use a different solution. I have always used CyberArk.

How was the initial setup?

I would rate initial setup as a medium complexity. They have good documentation, as well.

What about the implementation team?

I am from a vendor team that does the implementation.

What's my experience with pricing, setup cost, and licensing?

I was not involved in the pricing and licensing. I have an idea that it's on the higher side of the price scale.

Which other solutions did I evaluate?

Before choosing this product, we also evaluated Dell and NetIQ.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
ProbalThakurta - PeerSpot reviewer
Senior Partner at a tech consulting company with 51-200 employees
Real User
Top 10
Integrates well, flexible, but custom connectors
Pros and Cons
  • "The integrations are the most valuable aspect of CyberArk Privileged Access Manager. The software offers pre-built integrations, and our team can also create custom connectors. This flexibility allows us to integrate with systems that we previously didn't consider integrating with, making it a significant advantage for us."
  • "There is room for improvement in the availability of custom connectors on the marketplace for this solution. Additionally, their services for the CICD pipeline and ease of integration could be improved."

What is our primary use case?

CyberArk Privileged Access Manager is used for identity and privilege access management.

What is most valuable?

The integrations are the most valuable aspect of CyberArk Privileged Access Manager. The software offers pre-built integrations, and our team can also create custom connectors. This flexibility allows us to integrate with systems that we previously didn't consider integrating with, making it a significant advantage for us.

What needs improvement?

There is room for improvement in the availability of custom connectors on the marketplace for this solution. Additionally, their services for the CICD pipeline and ease of integration could be improved.

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for approximately three years.

What do I think about the stability of the solution?

Once the implementation is completed and the solution is hardened, I consider it to be stable. 

What do I think about the scalability of the solution?

CyberArk Privileged Access Manager is scalable on-premise but not on the cloud.

I rate the scalability of CyberArk Privileged Access Manager a seven out of ten.

How was the initial setup?

The time it took for the deployment was approximately two years. It was not a simple process for the vendor. It should have been completed in one year, it took too long.

Our process steps for deployment involve specific stages, starting with onboarding Windows and Linux devices, and concluding with the onboarding of application service accounts and related components.

I rate the initial setup of CyberArk Privileged Access Manager an eight out of ten. 

What about the implementation team?

The solution's deployment was completed by the vendor. 

A team of two to three people was required for the deployment of our solution. One of them had a high level of expertise in architecture and a thorough understanding of the solution. The remaining team members were junior-level personnel in charge of activities including connection development, data collection, and deployment. The vendor was also used by the team to help with data collection, planning, and execution.

What's my experience with pricing, setup cost, and licensing?

The license CyberArk Privileged Access Manager is on an annual basis.

What other advice do I have?

A team of five to six people would be sufficient to maintain 24/7 operations.

I would recommend reducing the fee for cancellations, but when it comes to cloud services, there are superior options available in the market.

I rate CyberArk Privileged Access Manager a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1786770 - PeerSpot reviewer
Principal Information Security Engineer/Lead Active Directory Architect at a healthcare company with 10,001+ employees
Real User
Helps our organization in supporting privileged identities but requires more connectors to other third-party systems
Pros and Cons
  • "The password management feature is valuable."
  • "The initial setup was a bit complex."

What is our primary use case?

Our primary use case for the solution is to support privileged identities.

What is most valuable?

The password management feature is valuable.

What needs improvement?

The solution can be improved by including more connectors to other third-party systems for integration.

For how long have I used the solution?

We have been using the solution for approximately five years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable. Approximately 150,000 people are using the solution.

Which solution did I use previously and why did I switch?

We previously used One Identity.

How was the initial setup?

The initial setup was a bit complex.

What about the implementation team?

We deployed the solution in-house.

What was our ROI?

We have seen a return on investment. The solution makes our procedures better, making the environment more secure and changing the mindset of people. 

What other advice do I have?

I rate the solution a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1737573 - PeerSpot reviewer
Manager at a financial services firm with 5,001-10,000 employees
Real User
Super stable and easy to scale
Pros and Cons
  • "Super stable and easy to scale"

    What is our primary use case?

    Our clients primarily use the CyberArk Password Vault for password rotation and password management.

    What is most valuable?

    The feature I find most valuable is the password credential rotation.

    What needs improvement?

    With regards to potential improvements for the CyberArk product, I find the product quite expensive and I would like to see the cost reduced. 

    For how long have I used the solution?

    I have been using CyberArk Password Vault for 8 years. 

    What do I think about the stability of the solution?

    CyberArk Password Vault is super stable once you are on a tried and true platform version. 

    What do I think about the scalability of the solution?

    The product is also easy to scale. 

    How are customer service and support?

    I have utilized CyberArk technical support for issues and this was very straightforward to work with. The response time was a little slow. 

    Which solution did I use previously and why did I switch?

    I have previously deployed and installed Thycotic as an alternate password vault solution, but I find CyberArk to be much better.

    How was the initial setup?

    With installation of CyberArk Password Vault, there are some complexities to setting it up, I would say it is not straight forward to setup. 

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer1584756 - PeerSpot reviewer
    Senior Presale - BU Information Security at a tech services company with 51-200 employees
    Real User
    Feature-rich, good performance, scalable, and has a user-friendly interface
    Pros and Cons
    • "It's a highly flexible solution that can adapt to each customer's needs."
    • "The initial setup could be simpler but it may not be as effective."

    What is our primary use case?

    We implement this solution for our customers. We are system integrators, not end-users.

    The main use case is for secure access, and monitoring the access by IT administrators.

    What is most valuable?

    I like the performance of CyberArk Enterprise Password Vault.

    Definitely, it's a reliable solution.

    It has a wide range of features. They are probably the widest range of features on the market. It is the main reason customers usually select this product.

    This solution works very well, and the feedback from our customers is very good.

    Integration is one of the strongest capabilities of this solution. There are hundreds of integrations that are ready to use. It is continuously growing, which is one of its strengths.

    The interface is really user-friendly.

    It's a highly flexible solution that can adapt to each customer's needs.

    Another strength, for both performance and the security levels, is the segregation of the different rules of the solution.

    What needs improvement?

    The initial setup could be simpler but it may not be as effective.

    For how long have I used the solution?

    I've been using CyberArk Enterprise Password Vault for three years, and the company began using it in 2003.

    This solution is used mainly on-premises, but the trend is to go with hybrid and cloud deployment for new projects.

    What do I think about the stability of the solution?

    CyberArk Enterprise Password Vault is a stable product.

    What do I think about the scalability of the solution?

    CyberArk Enterprise Password Vault is easy to scale.

    How are customer service and support?

    I have not contacted technical support. I deal in the presales department. I don't manage the technical aspects of delivery and support.

    How was the initial setup?

    We needed to build a specific project that is tailored for each customer. It requires a bit of design with the first part of the project, which is a benefit because the solution has high performance and is built on the needs of the customer. 

    There is a bit of a setup initially, but it provides them with a good result for the project.

    What's my experience with pricing, setup cost, and licensing?

    It's an affordable platform.

    It is not the cheapest solution available on the market, but if you want a good project, you need to have the value of the solution you are selecting. 

    In my opinion, it is a good compromise between the cost and the benefits. I think the price is fair.

    What other advice do I have?

    I would definitely recommend this solution to others who are interested in using it.

    I do not have visibility with other solutions that may be better or more up-to-date.

    I would rate CyberArk Enterprise Password Vault a ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    reviewer1455795 - PeerSpot reviewer
    Technical Lead IMSS at a computer software company with 1,001-5,000 employees
    Real User
    Create, request, access and manage privileged passwords
    Pros and Cons
    • "It's highly secure and very flexible. It gives us all types of storage options and it gives us a high level of security."
    • "The only problem involves granting access to people who are authorized to view it."

    What is our primary use case?

    We use it for storing and rotating passwords.

    Within our organization, a lot of people are using this solution for a lot of projects. We have already implemented CyberArk as a SaaS solution. We are not using the core parts, but we are using the software as a service for a project.

    At my previous job, there was a team of seven people who were in charge of maintenance. Mostly analysts, senior analysts, and a technical lead used this solution. 

    What is most valuable?

    It completely depends on the requirement. For some of the RPA robotic types of user identity, we prefer for it to happen in an automatic way, but some of them are highly critical, so we don't do it automatically. As for the end-user experience or expectation, if they want to change it at their end, they can do it.

    What needs improvement?

    I don't see any problems because it's highly secure and very flexible. It gives us all types of storage options and it gives us a high level of security. From my experience, overall, I don't see many problems that need to be rectified.

    The only problem involves granting access to people who are authorized to view it. This user management area is the most critical. We have to constantly check on that area and we have to review and give proper access. Nobody should have more access than they are authorized for.

    For how long have I used the solution?

    I have been using CyberArk Enterprise Password Vault for eight years.

    What do I think about the scalability of the solution?

    It's scalable at the component level. If you want to add some of the latest components, or if you want to implement biometrics or MFA, this solution can handle that — it's very easy to implement.

    How are customer service and technical support?

    The tech support is amazing. If you have any issues that you need help with, the CyberArk support team reaches out very quickly, depending on the criticality of the issue. If it's critical, they will reach out to you within hours.

    The vendor support is really good.

    How was the initial setup?

    The initial setup is quite straightforward. These days they have an automatic script — It is much less time-consuming.

    We used to do it manually which would take almost two to three hours in total.

    What about the implementation team?

    We did it in-house. I'm certified in CyberArk; I've also installed it for clients as well.

    What's my experience with pricing, setup cost, and licensing?

    The licensing plan is either six months or one year — it's not on a monthly basis.

    Every company will have a different license fee, but ultimately, it comes down to how many users you want to manage and how many companies you want to support. If you want three CPMs, then you'll need licensing for three. It's per-company, license-based.

    Which other solutions did I evaluate?

    I am currently evaluating other solutions. A few of them do not support PTA. Some of them don't have DevOps properly managed. Others don't give you the DNE facility, which is free of charge with CyberArk.

    What other advice do I have?

    I would definitely recommend CyberArk Enterprise Password Vault.

    On a scale from one to ten, I would give this solution a rating of eight.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    reviewer990912 - PeerSpot reviewer
    Senior Manager - Privileged Access Management at a tech services company with 10,001+ employees
    Real User
    Has the ability to standardize our PAM across a diverse estate

    What is our primary use case?

    • PAM interface for staff to support customers which may include CyberArk solutions of their own.
    • Managing large environments with varied and diverse environments.

    How has it helped my organization?

    Improved our user access and tracking, thereby safeguarding the organization and its customers. Being a user makes us a better reseller.

    What is most valuable?

    Shared-service accounts reducing the number of potential entry points as well as the ability to standardise our PAM across a diverse estate.

    What needs improvement?

    Multi-tenancy vaults should really have the same release cycle as single tenancy vaults; this will enable us to meet even more customer demand. We are striving to be at least on the latest release minus 1 (n-1) and for us to run both Single and Multi-Tenant core systems the difference in release cycles will result in a wide gap. Considering the considerable changes including user interface we have seen recently, the one concern is that we may end up with users having different interfaces to deal with different customers. 

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    Very stable with no own goals in three years.

    What do I think about the scalability of the solution?

    Scalability is very good.

    How are customer service and technical support?

    We get excellent feedback from customer service, irrespective of the level of issues raised.

    Which solution did I use previously and why did I switch?

    Yes, we decided to change to CyberArk in line with our strategic intent to provide as safe a central and customer environment as possible.

    How was the initial setup?

    Initial setup was complex and time-consuming but the later versions are a lot faster to implement.

    What about the implementation team?

    We implemented through in-house specialists.

    What's my experience with pricing, setup cost, and licensing?

    Standardised offerings that allow for customer-specific flexibility.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Buyer's Guide
    Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.