CyberArk Privileged Access Manager Reviews

The ability to create custom connector components is the most valuable feature of the product. Once the organisation matures in their privileged access strategy, CyberArk’s customisation capability allows you to target application-level access (e.g., web-based management consoles) as opposed to just the underlying operating system. The API allows operational efficiency improvements, through being able to programmatically provision accounts into the Vault.

It has improved our organization by being able to consolidate several privileged access technologies into a unified tool. Session recording and auditing capability, and approval workflows allow a high degree of control over the organisation’s privileged access requirements for compliance purposes.

• Authentication to the solution: Authentication to the PVWA utilises integration to IIS. Therefore, it is not as strong as desired.
• Reporting capability and customisation: Reporting utilises predefined templates with limited customisation capability.

I have used it for 15 months; approximately nine months in a large enterprise.

I have not encountered any stability issues.

I have not encountered any scalability issues. The solution is fairly scalable. All presentation-level components are operable in highly available configurations.

Technical support is 8/10; level of engagement depends on severity of problem.

I did not previously use a different solution.

Initial configuration is quite complex and takes a considerable amount of time. However, this depends on the management requirements of the organisation. An example of this is connectors to mainframes, which might require a degree of customisation and knowledge of how the password manager functions (and relevant training). Setup regarding installation is straightforward, as the provided guides are quite expansive and include several installation possibilities (e.g., standalone, HA, DR, etc.)

Appropriately scope the organisation’s requirements to ensure licenses are not over-provisioned.

I was not part of the selection process.

If an organisation has not utilised a PAM tool before, it is a large cultural change fundamentally in how a user works, and should be taken into consideration accordingly. The solution is complex depending on the requirements; therefore, the implementation should not be rushed and it should be tested appropriately.

With the Privileged Session Manager, we can monitor sessions in real time and terminate the session if there's any unnecessary activity found. For example: We give access to user to access the server only to update patches, but if we find any activity not related to patch updates, we can terminate the session.

Actually my company/previous company does not use this product, but we sold it to our customer. This product helped our customer manage their privileged accounts. It’s easier to them to manage and control the privileged accounts.

It needs more plugin connectors for all devices. CyberArk currently can manage or make it easier to manage about 80% of our total devices. The rest still need R&D to develop the plugin. If CyberArk had more plugin connectors, the customer would not need to raise plugin development requests for several devices and CyberArk could easily connect to these devices.

What I mean with CyberArk needing to improve plugin connector is that currently CyberArk is able to manage almost all devices (server, network devices, security devices etc.) which are more than 80% of all devices. In my experience device such as IBM OS/390 and Cisco TACACS still need custom plugin connectors developed by CyberArk R&D.

If CyberArk IS able manage more than 95% from total devices it would help the customer to using it without raising a support ticket to create a plugin connector. CyberArk will more easier to manage all devices with no compromise

I used this solution from mid-2013 until mid-2015.

So far, it is stable.

This product is scales easily.

Technical support is good. They have good technical teams around the world including southeast Asia.

Most customers using a different solution switch to CyberArk because CyberArk is more user-friendly than its competitors and have more plugins compared to the others.

Initial setup was actually easier.

Start small.

Yes, we evaluate other options. The issue was about price, stability, scalability and the development of this product to ensure support.

Contact the local distributor for help.

CyberArk vouches for access to domain controllers in Unix and Windows Server. 

CyberArk makes our environment more secure and prevents possible attacks by compromised accounts.

The price is high compared to Azure Key Vault. It's the most expensive solution. 

I have used CyberArk for about three months.

We have 98 percent uptime. 

CyberArk is scalable. We have around 4,000 users. 

We previously used Telos. We switched to CyberArk because it has features to deal with a large company that has a complex structure and many partners. 

Deploying CyberArk was moderately difficult. It isn't too hard, but it isn't easy. One person is enough to install it. It took about one month to select the product and deploy it.

CyberArk is more expensive than other solutions, but it's necessary when the company has contacts with other branches and partners. 

I rate CyberArk Enterprise Password Vault eight out of 10. It's more expensive than Azure Key Vault, but Key Vault doesn't have CyberArk's analytics and user tracking. I recommend CyberArk if you need those features. However, it's costly in the Brazilian market because of the conversion fro reals to dollars. 

We are using the solution for privileged account management. (Rotation, session isolation, checkout, etc.)

Accounts are managed, passwords change frequently, and we have better audit logs! When something happens, there is a better chance you can determine the who/what/where/when/why of the situation.

The vaulting technology as well as the privileged session management: Having the vaulting tech ensures that the credentials are secure, and PSM ensures that the end user can perform needed tasks without knowing or needing the credentials.

A greater number of out-of-the-box integrations with other vendors: They are working on it, but more is better!

Rock solid! I would say it is, set it and forget it, but the vendor keeps on top of upgrades and enhancements.

It seems to work well for any size of organization, or any size of deployment in my experience.  

Pretty straightforward, a lot of time will be spent on the initial engineering phase where you determine how you want to use the solution, naming requirements, admin accounts, etc.

As with everything, try before you buy. Get a trial licence, set up a demo environment and see if it meets the use case for your enterprise.  

• Vaulting of privileged credentials. 
• Used as a jump host solution. 
• We wanted to keep passwords from being exposed to end users and connect them seamlessly to their target devices.

Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened.

The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.

• Enhanced PSM support for Java based applications.
• Easier to use bulk uploader tools (which are already being worked on).

• EPV: Enterprise Password Vault
• PSM: Privileged Session Manager
• AIM: Application Identity Manager
• The latest version of the product is mature and there is more functionality than we need.

• Improved security
• Reduced the overhead to protect enterprise data from delays
• Receives logs about all activities
• Compliance with several standards

I’m not the end-user. As a solutions architect (consultant), I designed and planned the solution in a very complex network environment.

We have not encountered any stability issues. After more than six years with my first CyberArk client, everything works great.

We have not encountered any scalability issues. The solution was scaled right at the beginning of the project.

We called technical support a few times and they came back to us very quickly. They fixed our problems very quickly. The problems were caused mainly by changes in the network.

We did not use any previous solution.

We were assisted for the initial setup by a CyberArk consultant for one week.

A good architecture will help to gather the business requirements. You can then come up with the right sizing and licenses. If it is a large installation, implement in phases to become familiar with the products, and then purchase the licenses at the right time.

All other top solutions in the Gartner Magic Quadrant were evaluated and CyberArk came up as the best and most mature choice. I compared all solutions using my client business requirements and what the solutions offered to them on the top of the business requirements. The scope of the project became wider.

I would recommend being well prepared. Do not improvise. Understand what you are doing. Take the time to read the technical documentation, and not just the marketing material, to understand CyberArk. It will not be a waste of time.

Take the time to prepare, clean, and document all your privileged, services, and application accounts. Use the product for its intended design.

The features that I value most are the PSM connect option, where an authorized user doesn't even require a password to open a session to perform their role. Another feature that I think is really valuable is being able to monitor a user's activity; there is always a log recording activities performed by the privileged accounts in CyberArk.

This tool has definitely helped us manage all the privilege accounts, which mostly have access to the organization's crown-jewel data. Additionally, having a monitoring system puts extra visibility on these account's activities, so any irregular activity is highlighted and quickly escalated.

I think there can be improvement in providing information on how to develop connectors for various applications’ APIs.

Additionally, I think the user experience needs to improve. It's not very intuitive at the moment. An account could be more descriptive, and could have more attributes based on its functionality.

I have used the product for almost a year. I have been part of the implementation project and post-release, supported account onboarding.

For the most part, there weren't many stability issue. Usually the issue persisted with system/application accounts, with the API and the object ref ID not being in sync.

I didn't feel there were any scalability issues.

Although I was part of business side of the team, and I only had interaction with internal engineering team, I found the internal engineering team very helpful and knowledgeable about the product and how it worked.

We previously used a different solution, and then we updated it; we did not switch.

I am unable to comment on this, as I was not part of product evaluation team.

My advice is that this tool does what it advertises. If your business/organization has crown-jewel data, this is the tool to use.

From a security standpoint, I find the tool very reliable and innovative. However, it could improve the user experience and become more intuitive. When the user experience becomes more intuitive, then I am willing to rate the product even higher.

We are using CyberArk Privileged Access Manager because we have too many accounts and we need to manage them.

CyberArk Privileged Access Manager has helped our organization by controlling users' access.

CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift.

I have been using CyberArk Privileged Access Manager for approximately two years.

CyberArk Privileged Access Manager is stable.

We have thousands of users using CyberArk Privileged Access Manager in my organization.

The support from CyberArk Privileged Access Manager is good.

The initial setup of CyberArk Privileged Access Manager was straightforward.

We had a local third-party company help us with the implementation of CyberArk Privileged Access Manager. The maintenance is sometimes a challenge for our consulting team that does it.

I would recommend this solution to others.

I rate CyberArk Privileged Access Manager a nine out of ten.