CyberArk Privileged Access Manager Reviews

The major use case for us is to securely release and manage passwords for non-personal accounts.

CyberArk provides an automated and unified approach for securing access across environments. It's a work in progress but that is the goal, for us, of implementing CyberArk. We want to provide a unified way to access all environments. We are in transition, like most big companies, into cloud solutions. So this is also something that is being discussed and analyzed. But that, overall, is the mission of CyberArk in our organization.

CyberArk has made it possible to work with non-personal accounts. Before, there was a much more focus on having privileges associated with personal accounts, and non-personal accounts were scarcely used because doing so required a lot of manual work. That work has been replaced with automated password management and the controls that come with CyberArk. It allows our organization to control the risks associated with high privileges. Previously, anyone could do whatever they wanted, on their own, but now we can enforce dual control. That is very important from a risk perspective. And the fact that we have it automated means it doesn't require that much effort to maintain things.

Also, when we onboard new employees, the solution saves us time, to a certain extent, when it comes to providing them with secure access to the applications and IT systems they will be working with. Those savings are not directly thanks to CyberArk, but it can be considered part of the bigger solution to make sure that employees have the correct access to the resources they need as soon as possible. That is true after they have been onboarded or when their position has changed and they need to be granted new access.

The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so.

I have been using CyberArk Privileged Access Manager for five years.

My impression of the solution's stability, in general, is very positive. It's quite robust. There are mechanisms in place that allow you to have high availability and that allow you to have proper disaster recovery. Those mechanisms are very solid, as we have tested them extensively within our processes to assess the risk associated with the use of CyberArk. They have performed very well.

The only thing that is lacking with respect to the stability is the scalability issue. The amount of data we need processed is too big for CyberArk to manage properly. That mostly impacts performance, not the stability, but to some extent the stability has suffered due to that. 

But overall, I would rate it very good in terms of stability. We had a minor issue once and, other than that, we have been online the whole time that I have been here. We have tested it thoroughly and have not found any situation where it would become too unstable to perform our tasks.

The major pain point that we have is the capacity of CyberArk due to the sheer volume of NPAs that we are managing. We are a large organization and we have hundreds of thousands of non-personal accounts to manage. We have already found out that there are certain capacity limitations within CyberArk that might introduce performance issues. From my perspective, something that would be valuable would be if the Vault could hold more passwords and be more scalable.

We have used their tech support extensively and there has been a lot of improvement in the way that CyberArk support operates over the last few years, but it still leaves somewhat to be desired. That is particularly true given the pricing. You would expect, for the amount of money that they charge for their support, and for their product in general, that it would be better. 

But I've seen major improvements in the last couple of years. I think they are aware of this issue and that it is an area that they are lacking in and they're working towards improving it.

They need to better recognize who they are dealing with. CyberArk has an extensive training program, the CyberArk University. You put in a lot of effort, resources, and money, to attend the training and become a professional in terms of your knowledge and ability to manage the Vault, and the solution in general. But then, when you require support, you are asked very simple questions, which you have already answered based on the knowledge that you've obtained from CyberArk. It takes a lot of time and effort to convince their support that you indeed have a more complex case to resolve, rather than a very simple fire-and-forget solution. It's generally not the kind of thing where they can give you a link to their knowledge base and look through it to find a solution yourself.

I have been working with CyberArk for five years and have all the possible certificates, and have extensive knowledge about it. Any time that I report a case to support, it seems the general gist of how such services operate is that they're trying to get rid of you. They give you a solution that, maybe, vaguely resembles the issue, or a solution that you specifically stated that you tried already and it does not work, just to get rid of you. They probably have customers who would be happy with that, but because of the importance of that software within our organization and the level of maturity that we have within my team as administrators of CyberArk, we expect, and we've communicated this to them, that they will approach our requests in a more advanced way. 

They should recognize that we have probably already done what the first line of support would suggest be done, and that we require some more involved support, but it seems very difficult to communicate this to them. Even if we get through to further lines of support, we often have the feeling that we still know more than they do about their own tools. I think there has been some sort of knowledge drain from CyberArk. We often have the feeling that they are learning on the job. They don't inspire a lot of confidence when it comes to their support.

Neutral

There is a lot of return on investment in CyberArk. Being a financial institution, we are responsible for managing risks, and CyberArk really helps us to be in control with the usage of NPAs. That, in turn, translates into a proper risk score for the organization, and that directly translates into actual money being saved.

It's expensive, certainly. But CyberArk is the leader in the market with regards to privileged access management. You pay a lot, but you are paying for the value that is being delivered. 

It's not a tool for small companies. You need to be a large company with a lot of resources to implement it. But the price tag can be justified, even though it's always hard to quantify these things. It really brings value, regardless of the level at which you implement it. If you use it at a very basic level, as just a password manager, or you go further with all the other elements of the tool, it's expensive, but it's worth the price.

We only use it on-prem, but for someone who only wants to solve cloud security challenges with a born-in-the-cloud security solution, I would still tell them CyberArk is one of the potential solutions. I would also tell them to do their assessment because it costs a lot. So it depends on the scale of use and the use cases. It certainly has the most capabilities that could be of use, but it depends on whether you only have some small deployments in the cloud and on the size of the risks involved. For certain scenarios, I would say they should immediately go with CyberArk, and that they shouldn't bother with others' solutions. In other scenarios, I would say they should do a very thorough assessment of the market before they decide because there might be cheaper options that will be sufficient for them.

Our primary use of this solution is as a password manager.

The interface is very simple to use.

Security-wise, CyberyberArk is better than the other products.

The pricing is too expensive and should be reduced. This is our only concern. When a small industry wants to invest in these kinds of tools, they don't have the budget to spend a lot of money on security. If the price were more reasonable then many other small businesses would consider using it.

The installation process should be easier and more user-friendly so that you don't need to hire a third party to deploy it. Instead, an in-house administrator could do it.

I have been using this product for the last two years.

Over the past two years, I hardly remember us facing any large problems. We have experienced small bugs, but they release patches to fix those.

This is a scalable product. In our company, we have about 100 users, most of which are part of our DevOps team or are administrators.

We are satisfied with the technical support.

Prior to CyberArk, we were using a Microsoft product, but it didn't fulfill our entire requirement. We adopted this new solution because it met all of our needs.

The initial setup is complex. It took two or three days to complete the deployment.

We implemented this solution with the help of consultants who had experience with it.

This product is very expensive.

I have seen demonstrations of similar products by other vendors and what I found was that the security on this solution is better.

Overall, I feel that this is a good product and I recommend it. The only thing that people have to consider is pricing.

I would rate this solution an eight out of ten.

Primary use case is storing and rotating local domain admin credentials for Windows and Unix network devices.

We're using CyberArk secure application credentials and endpoints on a small scale and we're planning, for the future, to use CyberArk to secure infrastructure applications running in the cloud. We don't have experience using the Plugin Generator Utility.

It is performing pretty well for the most part. We have some issues with RADIUS authentication, some bugs with that. But, generally speaking, it works really well.

The benefit is knowing where your accesses are, who has access to what. Additionally, obviously, it provides improved security around having your credentials locked down and rotated regularly.

Credential rotation. It's tops.

I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine. Then you could go back in through your native clients and connect to that machine. Also, to have that built out to include not just Unix targets but anything you'd want to connect to.

The stability, overall, is really good, outside of some of the RADIUS problems that we're having. Generally, it is very good.

The scalability, sometimes, is lacking. It works really well for more static environments. I've been at places that had a really static environment and it works really well. You've got X number of CPMs and X number of PVWAs in your vault and everything gets up and going and it's smooth sailing. But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up.

Technical support actually works really well. From time to time there can be some issues as far as SLAs go. Sometimes results will be on the back end of an SLA, which is still fair. It seems like you're complaining that it's "one to three days" and it's three as opposed to one, which is an unfair criticism. 

Generally, everybody is pretty knowledgeable. They're pretty upfront when it needs to be passed off to somebody else. That usually happens in a pretty timely manner.

I have been involved in the initial setup elsewhere. It's actually really straightforward, depending on what you're trying to do. If you have a simpler environment, to set up a PVWA and to set up a vault, is straightforward. It's all pretty much there in the guide. Sometimes the documentation gets a little bit out of sync, where things aren't exactly as they should be but it's always really close. Generally, the documentation is good and straightforward.

I'm not the right person to answer questions about ROI for our organization.

Engage with Professional Services, not just for help with, "Here are the buttons to click," because they've been really helpful as far as how we would want to implement things.

Our most important criteria when selecting or working with a vendor, outside of the product being good, are reliability and timeliness of response. Those are the two big things. I think CyberArk does a pretty good job on these.

I rate CyberArk at eight out of 10. I think the solution, as released, is usually very good. When something comes out, it's generally airtight and works as advertised. However, sometimes they are a little bit slow to keep up with what's coming out. In 2017, for example, they released support for Windows Server 2016, which had been out for a year or so. There is probably some tradeoff that is required to keep things so airtight, by holding back a little bit. But that would be my one criticism: It's slow to keep up, sometimes, with updates.

All the high privileged accounts are managed by CyberArk at a regular frequency. This mitigates the big risk that we had for passwords not changing forever.

The combination of CPM and PSM resolves a lot of use cases.

They can do a better job in the PSM space.

It has been pretty stable. No ongoing issues; only one-off, and CyberArk support has been pretty good for support.

I can foresee some issues if we suddenly have to put thousands of passwords into CyberArk Vault. I know they have the password upload utility, but it has its limitations.

Customer Service:

Their support is pretty good and responsive.

Technical Support:

Their support is pretty good and responsive. Their L3 is in Israel, so sometimes it takes more time getting responses for complicated use cases.

I did not previously use a different solution. I have always used CyberArk.

I would rate initial setup as a medium complexity. They have good documentation, as well.

I am from a vendor team that does the implementation.

I was not involved in the pricing and licensing. I have an idea that it's on the higher side of the price scale.

Before choosing this product, we also evaluated Dell and NetIQ.

CyberArk Privileged Access Manager is used for identity and privilege access management.

The integrations are the most valuable aspect of CyberArk Privileged Access Manager. The software offers pre-built integrations, and our team can also create custom connectors. This flexibility allows us to integrate with systems that we previously didn't consider integrating with, making it a significant advantage for us.

There is room for improvement in the availability of custom connectors on the marketplace for this solution. Additionally, their services for the CICD pipeline and ease of integration could be improved.

I have been using CyberArk Privileged Access Manager for approximately three years.

Once the implementation is completed and the solution is hardened, I consider it to be stable. 

CyberArk Privileged Access Manager is scalable on-premise but not on the cloud.

I rate the scalability of CyberArk Privileged Access Manager a seven out of ten.

The time it took for the deployment was approximately two years. It was not a simple process for the vendor. It should have been completed in one year, it took too long.

Our process steps for deployment involve specific stages, starting with onboarding Windows and Linux devices, and concluding with the onboarding of application service accounts and related components.

I rate the initial setup of CyberArk Privileged Access Manager an eight out of ten. 

The solution's deployment was completed by the vendor. 

A team of two to three people was required for the deployment of our solution. One of them had a high level of expertise in architecture and a thorough understanding of the solution. The remaining team members were junior-level personnel in charge of activities including connection development, data collection, and deployment. The vendor was also used by the team to help with data collection, planning, and execution.

The license CyberArk Privileged Access Manager is on an annual basis.

A team of five to six people would be sufficient to maintain 24/7 operations.

I would recommend reducing the fee for cancellations, but when it comes to cloud services, there are superior options available in the market.

I rate CyberArk Privileged Access Manager a seven out of ten.

Our primary use case for the solution is to support privileged identities.

The password management feature is valuable.

The solution can be improved by including more connectors to other third-party systems for integration.

We have been using the solution for approximately five years.

The solution is stable.

The solution is scalable. Approximately 150,000 people are using the solution.

We previously used One Identity.

The initial setup was a bit complex.

We deployed the solution in-house.

We have seen a return on investment. The solution makes our procedures better, making the environment more secure and changing the mindset of people. 

I rate the solution a seven out of ten.

Our clients primarily use the CyberArk Password Vault for password rotation and password management.

The feature I find most valuable is the password credential rotation.

With regards to potential improvements for the CyberArk product, I find the product quite expensive and I would like to see the cost reduced. 

I have been using CyberArk Password Vault for 8 years. 

CyberArk Password Vault is super stable once you are on a tried and true platform version. 

The product is also easy to scale. 

I have utilized CyberArk technical support for issues and this was very straightforward to work with. The response time was a little slow. 

I have previously deployed and installed Thycotic as an alternate password vault solution, but I find CyberArk to be much better.

With installation of CyberArk Password Vault, there are some complexities to setting it up, I would say it is not straight forward to setup. 

We implement this solution for our customers. We are system integrators, not end-users.

The main use case is for secure access, and monitoring the access by IT administrators.

I like the performance of CyberArk Enterprise Password Vault.

Definitely, it's a reliable solution.

It has a wide range of features. They are probably the widest range of features on the market. It is the main reason customers usually select this product.

This solution works very well, and the feedback from our customers is very good.

Integration is one of the strongest capabilities of this solution. There are hundreds of integrations that are ready to use. It is continuously growing, which is one of its strengths.

The interface is really user-friendly.

It's a highly flexible solution that can adapt to each customer's needs.

Another strength, for both performance and the security levels, is the segregation of the different rules of the solution.

The initial setup could be simpler but it may not be as effective.

I've been using CyberArk Enterprise Password Vault for three years, and the company began using it in 2003.

This solution is used mainly on-premises, but the trend is to go with hybrid and cloud deployment for new projects.

CyberArk Enterprise Password Vault is a stable product.

CyberArk Enterprise Password Vault is easy to scale.

I have not contacted technical support. I deal in the presales department. I don't manage the technical aspects of delivery and support.

We needed to build a specific project that is tailored for each customer. It requires a bit of design with the first part of the project, which is a benefit because the solution has high performance and is built on the needs of the customer. 

There is a bit of a setup initially, but it provides them with a good result for the project.

It's an affordable platform.

It is not the cheapest solution available on the market, but if you want a good project, you need to have the value of the solution you are selecting. 

In my opinion, it is a good compromise between the cost and the benefits. I think the price is fair.

I would definitely recommend this solution to others who are interested in using it.

I do not have visibility with other solutions that may be better or more up-to-date.

I would rate CyberArk Enterprise Password Vault a ten out of ten.