CyberArk Privileged Access Manager Reviews

We are currently using CyberArk Privileged Access Manager for managing and securing privileged accounts. It provides us with an exceptional way to prevent unauthorized access. That is the main purpose we are using it for.

By implementing CyberArk Privileged Access Manager, we wanted to ensure security and compliance. We found it to be the best solution in the market.

CyberArk Privileged Access Manager has improved compliance and risk management in our organization. It has also improved internal operational efficiencies by almost 35% to 40%.

I feel that CyberArk Privileged Access Manager has a very well-stabilized connection, and the user interface is very good. The monitoring and data retrieval services are easy to understand. 

I also appreciate the integrations, including AD, cloud platforms, and third-party integrations. Everything can be done with it as it has robust features. The cost is very good.

I feel that the customization complexity requires training for new users. When we are implementing it, it is quite tricky. It could be less complex for new users. The learning curve could be a little better.

I have used the solution for two and a half years.

After one update back in 2024, CyberArk Privileged Access Manager was not working efficiently. We spoke with the technical support team, and they resolved the issues within a couple of hours. I would rate it an eight out of ten for stability. Due to that incident, I am deducting two points. Apart from that, it has been very good.

It is 100% scalable. We are currently using it only at the Bangalore location. We have 50 to 70 users.

I would rate them a ten out of ten only because the problem I faced at that time was resolved in a couple of hours.

Positive

Before this, we were not using any other vendor.

We have a hybrid deployment. The initial deployment was very easy for us. It took three weeks to learn everything. We had discussions with their service specialist team. Overall, it took six to seven weeks, from what I remember.

It does not require much maintenance from our side. They provide updates regularly.

We have saved a lot of costs on data security, compliance, and risk management. CyberArk Privileged Access Manager has saved us 60% to 70% of our cost.

It has saved a lot of time. It has saved 25% to 30% of time and resources.

Its cost is fair.

While doing the evaluation, we considered other platforms as well, such as Broadcom, BeyondTrust, and Delinea. CyberArk has a very good image in the market. Its cost-effectiveness drove our decision towards it.

I would recommend CyberArk Privileged Access Manager to others because it serves the purpose, and it complies with the policies. Their support system is very good. The cost is very good. The initial integration and configuration are very good. I can definitely recommend it to others due to these features and capabilities.

I would rate CyberArk Privileged Access Manager a nine out of ten.

I use CyberArk Privileged Access Manager for privileged access management for our IT administrative team. It helps in managing access to IT systems.

By implementing this solution, we wanted to monitor and manage access. We wanted to control who can log into which machine.

Our administrators no longer have to save the passwords or credentials in a file or spreadsheet to share with colleagues. Everything is organized in a vault. We have logs on which credentials were used and at what time on a machine.

CyberArk Privileged Access Manager is very powerful and customizable. We are able to customize it as per our needs. 

It has been stable over the last four years, and we have a good overview of the usage of every credential on hosts and endpoints. Our infrastructure consists of many solutions and pieces, and CyberArk Privileged Access Manager is one of the important pieces. 

CyberArk Privileged Access Manager has not helped us reduce the number of privileged accounts, but it certainly helps us manage our privileged accounts. Without it, it would not be possible to manage them.

CyberArk Privileged Access Manager assists us in meeting compliance and regulatory requirements from the government, the European Central Bank, and our customers. It is hard to measure the time saved on satisfying compliance requirements related to financial services by implementing CyberArk Privileged Access Manager, but without it, it would not be possible for us to meet these requirements.

The most valuable features of CyberArk Privileged Access Manager are its robust functionality and reliability. 

It has reduced the mean time to respond, but it is hard to provide any metrics. Its log and audit files are very helpful when we have to investigate an incident.

CyberArk Privileged Access Manager helps ensure data privacy because we now know who is using which credentials and at what time.

CyberArk Privileged Access Manager did not have much effect on our operational efficiency because it is a new tool for us. Any new tool means more work. It has also not saved us costs, but without it, we would not be able to meet the requirements for operating our bank.

We were able to realize its benefits immediately after the deployment.

The graphical user interface could be simplified and harmonized for better usability. It should be consistent. Its GUI is very confusing.

I have been using CyberArk Privileged Access Manager for four years.

Overall, the stability of the solution is high. I would rate it a nine out of ten for stability.

Currently, it meets my organization's capacity requirements. I would rate it a nine out of ten for scalability.

We have about 6,000 employees at different locations. We have different operating systems, database systems, and decentralized infrastructure.

Their technical support is good, but it can be better. Even if we provide everything required along with the ticket, we get a standard response asking for the logs. They do not go into analyzing the issue. They just ask for the log files. I would rate their support a six out of ten.

Neutral

We did not use any solution before CyberArk Privileged Access Manager. This is the first solution we are using for Privileged Access Management.

Its implementation took us a year because we have a complicated infrastructure. It requires support from a consultant or an implementation partner. You cannot install it yourself. The automatic onboarding of the privileged accounts is a lot of work.

It requires maintenance because if your infrastructure changes, you have to take care of all the new credentials. If you also have a cloud setup, you need to figure out how to connect everything. There is a lot of work involved in maintaining it. It is not easy.

We took the help of a third party for deployment and customization.

CyberArk Privileged Access Manager is on the expensive side.

I would recommend CyberArk Privileged Access Manager to other users. It is one of the leaders in Gartner's Quadrant. It is stable. 

My overall rating for the solution is an eight out of ten.

We have traditional use cases for Windows, Unix, and Linux-based systems. Additionally, we have use cases involving AWS, Oracle, SQL, and Postgres databases.

We also plan to bring in more use cases for VMware vCenter, VMware VxRail, and iDRAC. We aim for CyberArk Privileged Access Manager to be an integral part of all our infrastructures in accessing and securing credentials, particularly in restricted environments. It is a life science project. There are certain places restricted for the users.

We are still trying to get everything driven through CyberArk. We are trying to restrict direct RDPs to a particular target or doing an SSH outside of CyberArk. The adaptability is about 60% at this time, but we want to make it 100%.

Authentication is the key to protecting sensitive data. Integration with SAML or Okta prevents intrusions to a great extent.

We were able to realize its benefits immediately after the deployment, and we are happy with it.

CyberArk Privileged Access Manager has not helped reduce the number of privileged accounts, but they all are being vaulted now. We do not have any privileged accounts that are not vaulted in CyberArk.

CyberArk Privileged Access Manager’s ability to safeguard credentials is very important. The paradigms are changing. The data is at threat when it is online. Anything digital needs to be secured. CyberArk has been the leader in the PAM product market. Our client made a good decision by taking CyberArk as their PAM tool.

The features that CyberArk Privileged Access Manager provides are good. It helps to meet the compliance and regulatory requirements to a large extent.

CyberArk Privileged Access Manager has helped to improve the incident response mean times. We have notifications configured from CyberArk. We have integrated CyberArk with ServiceNow and Splunk SIEM. We get notified pretty easily. The notification part works very well with CyberArk. There is about 85% improvement.

One of the best features of CyberArk Privileged Access Manager is the capability of Privileged Session Manager (PSM) because it provides visibility into user activities, audit ability, and traceability. 

The integration with most other technologies is also excellent. We expect more plug-ins, but it already includes plug-ins for password management with other technologies, offering a robust mechanism for credential safety and management.

One area for improvement is the plug-in development challenge. Although CyberArk provides a plug-in generator utility, it does not fully meet our needs, particularly for web-based applications. The plug-in generator currently works only for Telnet and SSH connections. We cannot generate a plug-in for web-based applications.

Moreover, integration with ServiceNow ticketing supports change requests or incidents but lacks support for service requests. Introducing service request support could prevent the overhead of raising unnecessary incidents or changes. There have been a lot of votes for this feature, but I am not sure why CyberArk has not yet introduced it. This is one of the features that we have been waiting for.

I have used CyberArk for over six years, and the client I am working with has been using it for over four years.

I would rate its stability an eight out of ten. There are occasional bugs where while installing the product, it behaves differently on different servers, especially during patch upgrades. Such issues have been more noticeable since we moved from version 12.6 to higher versions. This could be because they have done a lot of UI changes and enhancements in these versions.

Scalability is good, and I would rate it around an eight out of ten.

They are fast. In some cases, they typically respond within one to two days. However, the response time can vary depending on the priority and volume of cases they receive.

Neutral

We previously used BeyondTrust but are transitioning everything to CyberArk, as it offers better integration and enhancements.

The initial setup is easy. I was not part of the organization during the initial setup phase. It probably took around six months.

There are other vendors that handle the maintenance for us. CyberArk comes into the picture if issues are not resolved by our vendors.

The pricing for CyberArk is on the higher side compared to other Privileged Access Management products. Something should be done regarding enterprise licensing for long-standing customers.

I would advise trying CyberArk as it offers a wide range of integrations, plug-ins, and enhancements compared to other solutions. However, it is expensive.

Overall, I would rate CyberArk Privileged Access Manager an eight out of ten.

We use CyberArk Privileged Access Manager for all kinds of privileged accounts, comprising personal accounts, service accounts, and different database accounts. We manage the administrator account for Windows, the root account and reconcile accounts for Unix servers, and system administrator accounts in databases. Personal accounts are also managed along with some shared service accounts.

I work for a cybersecurity reseller company, which is US-based, and we provide managed services to all kinds of industries. Currently, I am working with a natural resource and a healthcare company.

Many things have improved with CyberArk Privileged Access Manager. All privileged accounts are now secured. 

The password management keeps the passwords rotated, and these have different sets of policies, which keep the passwords in compliance. Compliance-wise, it is good to have a PAM solution in the organization. I believe CyberArk Privileged Access Manager is the best one available at this point in time.

The best thing about CyberArk Privileged Access Manager is that they keep on upgrading it. They continually conduct research and development from their end, and we get immediate support from CyberArk whenever OEM support is required for any task. Support-wise, they are the best, and the way they conduct research and analysis and upgrade the tool often is excellent.

They keep on improving regularly. As of now, it does not manage all of the IDM practices. It is only good as a PAM solution. If they could work more on Privileged Threat Analytics, it would be beneficial. It has limitations, so improvements on PTA would be fine.

I first used CyberArk Privileged Access Manager in 2016, and since then, I have worked on different tools as Cloakware, CA PAM, but I am now again working on CyberArk Privileged Access Manager, so it has been approximately seven years.

If implemented properly, the stability for CyberArk Privileged Access Manager is very good.

I would rate the scalability for CyberArk Privileged Access Manager as nine out of ten. It is very scalable, and you can manage more than 100,000 accounts, as I have worked in environments where we managed that volume and more.

We are partners with CyberArk Privileged Access Manager. Our clients are medium and small businesses. The number of accounts we manage in CyberArk Privileged Access Manager is approximately 10,000 in one client and 5,000 in another.

Support-wise, they are the best. I would rate the technical support for CyberArk Privileged Access Manager a nine out of ten.

Positive

I have used a very old tool called Cloakware before CyberArk Privileged Access Manager, created by CA Technologies. It later got upgraded to merge with CA Technologies, and we had a product called CA PAM, which later got improved into what we see in the market today, called BeyondTrust. Cloakware was not that organized. There were many issues with provider IDs, the interface was very old, and hardly any companies use it these days. When I was using it, I was working for a US-based bank. Comparing that with CyberArk Privileged Access Manager is impossible, as they are poles apart.

We have had cloud and on-premises deployments. Its deployment is easy. They have provided all kinds of documents. They are available in the community portal. You can get all kinds of help from the community or people using CyberArk and the OEM.

The duration of the deployment for CyberArk Privileged Access Manager completely depends on the environment. If it is a big environment, it may take up to one or two months sometimes. It depends on the collaboration of the teams. If the infra teams, the network side, and the OS side do not collaborate properly with the CyberArk team, it can take longer. However, if everything is in place and the environment is not huge, it takes less than a month, around 20 days.

The solution requires regular maintenance. You need to keep upgrading when updates are released by CyberArk Privileged Access Manager, and they do it quite often. Server patching is very important, and you need to be aware of the services running all the time. They have provided a system health feature to check if there are any component services that stop. All maintenance is required regularly, not daily but perhaps weekly, depending on the size of the environment. A good thing is that all of these can be automated. It saves a lot of time there.

We have eight specialists in one team working with CyberArk Privileged Access Manager in my MSS team. There are other teams as well that have many CyberArk specialists, though I do not have an actual count.

It saves financially, though I cannot provide specific numbers. It is vital to have a PAM tool in your organization because it protects you from all kinds of malicious attacks, both insider and outside threats.

Regarding time-saving, many things are automated on CyberArk Privileged Access Manager, which helps us save considerable time work-wise and is very efficient for users. The end users have the authority to reconcile the password or verify it before using session isolation, which is one of the unique features that can be enabled through Privileged Session Manager, preventing any attacks from happening within the organization when connected with sessions through CyberArk Privileged Access Manager.

The pricing for CyberArk Privileged Access Manager is quite expensive, and the pricing varies from region to region. In APAC, CyberArk Privileged Access Manager can be obtained for less than in North America, according to my understanding. Pricing-wise, they could improve by trying to sell their product in bulk licenses. You need to have a service provider or a reseller as the mediator company building the CyberArk Privileged Access Manager. Pricing-wise, they could definitely do a little better.

I would recommend CyberArk Privileged Access Manager to other users for all the reasons discussed. It has been number one on Gartner's quadrant for several years. Considering all those factors and being the best tool in the market for Privileged Access Management, it is recommended.

I would rate CyberArk Privileged Access Manager a nine out of ten.

The use cases include end-to-end privileged access and session management and complete password rotations. All the privileged accounts are secured within the vault, monitored, and rotated from there.

It helps manage non-human or application accounts used in scripting or containers. All can be managed in CyberArk. They have Secrets Manager as well.

Session monitoring includes recordings of all activities performed. For instance, if I connect to a server, whether it is Windows or Linux, and perform some activities, all actions are recorded. It is a video recording.

It can integrate with Splunk, SNMP, and other solutions and technologies. We have integrated it with Splunk for the audit logs.

Its price might be high for some people, but the quality is top-notch.

Their support can be better. Their SLA timings are higher than others. If Delinea has an SLA time of three days, CyberArk is going to have an SLA time of five days. They do not breach the SLA. 

I have been working with this solution for around eight years.

Support is available through different models, depending on the license agreement. Dedicated customer support personnel can be assigned to specific clients. Additionally, professional service hours are available for purchase.

Typical case resolution can take between a week and two weeks, although priority cases may be resolved in a day. There are different levels of support. Initially, a case goes to a level one engineer. If unresolved, it escalates to level two and then to R&D if needed.

CyberArk has a large number of customers. If you compare it to other vendors, they are doing better than CyberArk because their numbers are less, so they are able to support in a better way. With CyberArk, we have a longer waiting time.

Neutral

There are two models: on-premises and cloud. For on-premises, we have virtual machines hosted on Hyper-V, but physical servers are recommended by CyberArk. Installation requires technical expertise.

SaaS deployment is faster than on-premises because most of the components are handled by CyberArk. The deployment is faster in SaaS, but the cost of SaaS is a bit high. They have different licensing costs.

From my perspective, the capabilities the tool provides match the investment. For small businesses, the price is fair compared to other tools. While the cost may be higher, I believe it is a top-tier solution.

It is a leading solution and one of the best SaaS solutions in the market. CyberArk is good at what they do, and the price reflects that. You have to pay the price for the same.

The price can vary based on the capabilities you need. We are paying a fair price for our environment. Compared to other solutions, its price can be high, but you are getting the best solution available in the market.

For 1,000 SaaS licenses, 100K euros might be required.

I would rate the solution a nine out of ten.

We use CyberArk Privileged Access Manager to provide a protective layer for our infrastructure, as well as for our customers. 

Additionally, the audit functionality that it provides is used as protection for our employees. It offers evidence, so if there's any question about wrongdoing, there's proof that the job was done correctly.

It's predominantly addressing challenges around reducing open access to critical infrastructure and providing a mechanism to control who can get to what and with what credentials.

It's improved the organization by making it easier to access privileged accounts. There are so many accounts needed by most people now and to have a a tool that can not only store those credentials for you, but manage them and give you easy access to them, has made life a lot easier. The removal of the need to manage and maintain those credentials and cycling passwords regularly is a pain for anybody. The tool manages all of that for you whilst giving you a simple means to use them.

The most beneficial feature in CyberArk Privileged Access Manager is its simple user interface. It is definitely advantageous. I also appreciate the enhancements that come along with the continual updates that are provided. 

It has improved the organization by making it simpler to gain access to privileged credentials. There are so many accounts needed by most people now, and having a tool that can not only store those credentials for you but also manage them and give you easy access has made life a lot easier. The tool manages credential cycling, which is typically a pain for anybody, while providing a simple means to use them.

The solution is very good for protecting full levels of data privacy. We silo out different parts of the solution for access to to different types of infrastructure in the same way we would to our customers so that we can restrict who can get to something. In combination with our IM processes, we can be quite granular about who has access to what.

We can stay updated on regulations. The updates that are coming through help to keep the product secure and also add in updates and enhancements that give greater functionality and keep it relevant in terms of requirements.

The controls are fairly granular. We can control who can administrate it and who can use it and what they can use when they're using it. It has positively impacted visibility. As we leverage the product for administration of the product, we're able to be much more granular in how we provide the access. The audit controls allow us to see who is doing what, and when, it should be required.

It safeguards credentials. This is very important. The ability to have the product manage and maintain credentials and only provide them to authorized individuals, whilst not actually allowing them to retrieve those credentials, has become more paramount as we look to increase the security based on sort of ongoing real-world threats. 

It's helping with compliance, specifically around securing and hardening of infrastructure. It allows us to harden while still maintaining usability. 

In terms of operational efficiency, it depends on where you're coming from. Some things are more efficient, some things are a little less efficient yet more secure. It's that ongoing balancing act between operation efficiency and security that we must deal with.

We've been able to reduce the number of privileged accounts in the organization with the ability to have shared accounts. Since the credentials are not specific to a user and they're made available to a user for the duration of their session, we can reduce the number of privileged accounts we have within the organization. We've reduced the accounts by a half to a third between ourselves and our customers. 

I would like to see an easier way to define delegated roles within the administration of the core product. There is granularity within the tool, however, it is not simple to define those specific delegated roles.

I have used the solution for about nine years; it's been quite a while.

We have had some performance and stability issues. We have had instances where things weren't as they should be, however, we worked closely with the development support teams once the issues were escalated and managed to find either a resolution or a workaround to stabilize the solution. Typically, it is fairly stable.

Initially, we found some issues with scalability, however, over time, the guidelines and recommendations from the vendor have changed. By working closely with the available guidelines, the scalability is absolutely fine.

The customer service is generally quite good, although if it's more complicated, you have to wait for it to be passed back to their dev support, which can take more time. For simpler issues, the turnaround is relatively quick. If more complicated, it can take longer to get the right level of support. 

However, the support they provide is usually good, particularly their dev guys, who certainly know what they're talking about.

Neutral

Before CyberArk Privileged Access Manager, we didn't have a PAM product itself. We were using Citrix to provide remote access, but the need to move into the PAM space arose to provide extra security and audit control. 

Although I wasn't involved with the process, there was a competition to define which product would be used, and the CyberArk Privileged Access Manager product came out on top.

The initial setup is relatively straightforward once you've done it. It is certainly a lot easier to repeat. We have multiple instances of the on-prem deployed, so we've done it a few times now.

The deployment involved approximately four or five people, based on role separation. In a smaller organization, it could likely be done with one or two people. However, due to the need to separate functions for design, implementation of the service, product implementation, network and firewall requirements, and IAM processes for all accounts, several people are required to ensure these functions are covered.

From a security perspective, we started seeing value right away because we didn't have a PAM solution at the time. Over the next sort of months and years, we settled into the product and started to look at how we could make it work for us. This has been an ongoing process over the years, particularly with product enhancements and new features, which provide additional benefits against the incurred costs.

I'm not involved in the pricing. 

About a year ago, we started looking at potential alternatives. There were two others that were considered and were ruled out for various reasons before looking at additional proof of concepts to see what other features could be leveraged from CyberArk Privileged Access Manager that we weren't using. It managed to pass all of the requirements.

We have customers for various industries and use the product internally ourselves. We are in the IT sector and provide services to organizations in a variety of sectors. 

It's definitely worth looking at as a PAM tool. I would steer towards the SaaS version since everything suggests that it is potentially a better way to go than on-prem. However, on-prem would still be suitable for those who must control and own their data. 

It's still worthwhile implementing, and overall, I'd probably give it an eight out of ten.

My company partners with CyberArk. I come from a service provider standpoint, so I don't use CyberArk within my company, however, I implement and support it for customers. 

Through the CyberArk partnership, I am certified in CyberArk. I perform activities such as demonstrations, presentations, deployments on-premises, and cloud solutions. 

CyberArk is now a comprehensive identity security solution. My interaction with CyberArk is mostly on the implementation side for our customers, focusing on design and integrating it into customer environments.

It's used in industries such as banking and finance. 

I find the discovery feature, which includes credential management, session management, monitoring, and remediation within a session, to be very valuable. It can remediate bad activities occurring in sessions. It offers good management and monitoring as well as good remediating within a session to help users remediate within managed sessions. There's good auditing and activity monitoring.

The session monitoring helps enhance security protocols. With it, users can have more control over what's happening within the session. You have more visibility and can restrict certain activities from happening, such as someone running a malicious command or someone trying to open or edit some sort of platform configurations. You can also send notifications and remediate or terminate sessions. Monitoring helps you build in polices around how to build polices around what's happening within a session.

The implementation of CyberArk impacted our customers' compliance with the regulatory standards in a positive way. Now customers are very happy since they can ensure credentials are compliant. In terms of password management complexity, since they're managing everything through CyberArk, they're able to create complex passwords. The user doesn't really need to remember passwords since the session is entirely being launched through CyberArk. That means that they're able to have much more compliant account management within an organization. They're also able to run reports as well as activity and compliance reports in terms of data related to accounts. It is much easier when you have a tool that manages that. Before CyberArk, having reporting and visibility around usage of accounts was really tricky. In terms of compliance, it's able to cover that by giving just a whole overview of accounts within the organization. 

CyberArk incorporates AI to improve Privileged Access Management. It's consistently improved as well. They do have a previous threat analysis analytics engine, which also can ingest logs from a SIEM solution if it's in place at the customer site. It's able to ingest this information and then give much more correlated security events. This module, the privileged analytics, is able to utilize behavior analytics and AI-related capabilities to be able to give security alerts to the teams. They can action alerts, or even automate to be able to have things blocked or terminated. For example, if someone changes their location. It has a geolocation that's able to then trigger maybe a password or QR code or email with a verification code to check it's that person. It utilizes AI capabilities or behavior analytics capabilities to have capabilities like that enforced.

It has the most plug-ins. Maybe thousands. So in terms of integration within different customer environments, it's much easier compared the competition. CyberArk a pioneer for PAM. They've always been the leader in terms of research and development and bringing new capabilities to the PAM. It will be able to cover 99.9% of most use cases.

In terms of improvement, since I am familiar with the product, there are no major issues. 

However, customer feedback suggests that unless it's on-premises, complaints about resources are justified as it enhances security with multiple functionalities. The managed cloud deployment option by CyberArk is easier to manage. Resource issues could be mitigated by choosing this option. 

I suggest adding more plugins and systems, which are often introduced later. Essentially, as long as capable personnel manage it, the solution works well. 

They should continue refining it and adding more dashboards and reporting features. Improved user-friendliness, granularity, and functionality would enhance the product further.

I have been using the solution for maybe four or five years. I would say it's closer to four years.

At the moment, I work with CyberArk mostly. I haven’t interacted much with other solutions like Imperva, as other engineers have taken over those responsibilities.

We are resellers, working ideally with partners, and I am certified with CyberArk. I am a certified delivery engineer for CyberArk PAM, and my experience is vast with the projects and teams I've been involved with.

When looking at Privileged Access Monitoring, many IT administrators have access to numerous privileged accounts, which increases the attack surface. CyberArk's PAM solution manages these credentials, providing value by reducing risks like data breaches or financial losses. The return on investment lies in improved security infrastructure, addressing over-privileged access, and reducing the risk of credential compromise, which is a major source of data breaches.

We're a service provider and offer services to customers that acquire CyberArk. I come from a design perspective for those implementing CyberArk. 

The company is open and shares information with partners. They inform us about new versions and allow enhancement requests through a portal. Many enhancements have come through this channel. If they keep going this way, everything will be good with CyberArk. 

I'd recommend the solution to others. 

Overall, I would rate the product nine out of ten. They've been the leader in PAM for maybe six years.

Our main use cases are to monitor all privileged accesses. It can be HTTPS, LDAP, SSH, or SQL management, so anywhere we have privileged access, we want to monitor it and place it under CyberArk.

Its monitoring capabilities are good. Whenever the end users start their session, it quickly allows you to monitor. However, if there are no firewall rules, it creates a video, but it does not take all the audit logs. For audit logs, you need firewall rules. It is very well described in their documentation. At the start, they communicate this to clients. The documentation is well-defined.

The features that are most effective, like every PAM solution, include monitoring and password rotations. 

The best thing about this solution, especially on-premises, is that we can interact with it directly. If we need to develop something, we are allowed or can do it by ourselves, which is most effective for us as administrators. It is not a black box. We have the ability to customize, especially the connection components.

There are some options in the web portal where they can improve the user experience. For example, in remote, there is a parameter called 'access to remote machine.' When we put host names in that field, we are not able to search it. It would be useful if a search feature was there to check if a machine is already onboarded. When we onboard a few machines in the same domain using just one account, we put the domain name in the address field and host machine names in the remote access parameter. However, we are not able to search within that field, which makes it difficult for us as admins to know if a machine has already been onboarded.

Other than that, I do not have any areas for improvement. Whenever we find any bugs or have a need for a feature, we open a ticket with them. They usually work on that if the same request has also come from other people. They are already good at doing that.

I have been working with CyberArk for almost six to seven years.

The solution is very stable. If you install the solution with CyberArk's guidelines, it remains stable. I also offer 24/7 services, and in three years, I have received two or three calls from clients indicating the solution was not working. It means the solution is very stable.

It is scalable. If a client has 100 users and wants to add 100 more users, it is possible. They can make it bigger and smaller, depending on their needs.

Our clients are medium enterprises.

Their technical support is good. They provide solutions and also the documentation if you ask. If you cannot find something, they point you to the right documentation. With support, I have never found any problems.

Positive

There is a lot of complexity if we are installing the solution on-premises. On the cloud, there is no such complexity, but on-premises, it is complex because there are different components like Vault, PVWA, PSM, and CPM. There are many components, and we need to follow a sequence to install these products. One needs a good knowledge of these components to install because we cannot just follow the documentation and install it. The documentation is vast. First, we need to read all of it. For first-time users, it is a bit difficult, but with experience, it is not a big deal. In terms of ease of use, I would rate it a six out of ten for on-premises and a nine out of ten for the cloud.

The deployment model depends on the clients. Our clients from banks usually use it on-premises. Clients in other fields do not want to install the machines on-premises because that is resource-consuming, so they go for the cloud deployment.

With the cloud deployment model, the clients need to deploy fewer components in their infrastructure. Vault and PVWA are already in the cloud, but other components like PSM, CPM, and PSMP are on-premises. It is not that all the infrastructure is on the cloud. There are a few components that are on-premises. However, in the case of on-premises, all the components are on-premises inside the infrastructure of the client, and they are responsible for maintaining that.

Our clients have seen an ROI.

If you want a Ferrari, it will cost you. The solution is really nice, so it costs the client, but in the long run, it is very good. If you buy a solution that costs a lot to maintain because it is not stable, and you are frequently asking for consultant support, it costs more. It is better if the client spends a little more money initially. In the long run, it is very good.

My recommendation depends on your needs and what you want to achieve. If you just want SSH, LDAP, and basic monitoring, you can consider other solutions like Wallix or One Identity, which cost less. If you need a lot of customization, such as you want to put in a lot of HTTPS ports and change the passwords of internal applications, this solution is much better than others. 

I would rate it a nine out of ten.