Try our new research platform with insights from 80,000+ expert users
Mammad BNB - PeerSpot reviewer
Director Of Technical Operations at BNB Security Alliance
Reseller
Beneficial integration, helpful support, and scales well
Pros and Cons
  • "The most valuable feature of CyberArk Privileged Access Manager is the vault. I am satisfied with the interface and the documentation."
  • "CyberArk Privileged Access Manager could improve the integration with other solutions and ease of use. Additionally, there should be a feature to have remote connections without a VPN."

What is most valuable?

The most valuable feature of CyberArk Privileged Access Manager is the vault. I am satisfied with the interface and the documentation.

What needs improvement?

CyberArk Privileged Access Manager could improve the integration with other third-party secret managers, and vault solutions.

For how long have I used the solution?

I have been working with CyberArk Privileged Access Manager for approximately three years. Our clients are typically financial institutions.

What do I think about the stability of the solution?

CyberArk Privileged Access Manager is stable.

Buyer's Guide
CyberArk Privileged Access Manager
April 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.

What do I think about the scalability of the solution?

The scalability of CyberArk Privileged Access Manager is good.

Most of our clients are enterprise-sized companies.

How are customer service and support?

I am satisfied with the vendor's support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used Balabit and One Identity prior to using CyberArk Privileged Access Manager. I found that CyberArk has more integration out of the box with other solutions and it solves a lot of problems for customers if they have different solutions.

How was the initial setup?

The initial setup CyberArk Privileged Access Manager is easy.

What's my experience with pricing, setup cost, and licensing?

The price of CyberArk Privileged Access Manager could be less expensive.

What other advice do I have?

My advice to others is this solution can solve a lot of problems.

I rate CyberArk Privileged Access Manager a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: B&B Security Alliance has been established in 2019 and only deals with cyber security. B&B Security Alliance provides cyber security solutions to customers wanting to be resilient against new and existing threats. We offer professional services, advisory and through our vendor network we will help you select a suite of best in class products that enhances your reputation and company value.
PeerSpot user
Identity and Access Management Analyst at Security Finance Corporation
Real User
Stable feature functionality and usage has been reliable
Pros and Cons
  • "The solution is stable and reliable."
  • "The solution is too complicated to use and should be simplified. It took me a long time to understand how to use it. There is a lot that the solution can improve for the future."

What needs improvement?

The solution is too complicated to use and should be simplified. It took me a long time to understand how to use it. There is a lot that the solution can improve for the future.

For how long have I used the solution?

I used CyberArk Enterprise Password within the last 12 months.

What do I think about the stability of the solution?

The solution is stable and reliable.

What do I think about the scalability of the solution?

We have approximately eight people in my organization that use this solution.

What other advice do I have?

I did not like the solution at all and I was happy when we stopped using it.

I rate CyberArk Enterprise Password an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
April 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
Director / Engineer at Provincia
Real User
Enables users to connect to a target machine without the need to know the privileged accounts' password
Pros and Cons
  • "Our most valuable features would probably be key rotation, the SKM or SSH key manager, and account discovery."
  • "I think they can improve account onboarding. For instance, you have to use the Password Vault utility, whereas in Thycotic I think there is a feature in the user interface that allows you to upload your account with an Excel file. So I'd like to have a similar thing in CyberArk."

What is our primary use case?

I have worked as a CyberArk SME, team leader, project manager in the financial industry. I've managed both the implementation and configuration of enterprise CyberArk infrastructures.

How has it helped my organization?

As an end-user within the organization, I can't and I don't need to know the passwords of privileged accounts as CyberArk is taking care of the password/SSH Keys management on the target machines. The solution provides this security without changing the end-user experience because they are able to use the end-user tool like putty or remote desktop connection even without passing through the CyberArk interface

What is most valuable?

Our most valuable features would probably be password/key rotation, the SSH key manager, account discovery and quality of video recordings.

What needs improvement?

I think they can add a new feature for the account onboarding like I've seen for another PAM tool: for instance they should give to the CyberArk administrator the chance to upload the accounts via the PVWA using a txt or an xls file.

For how long have I used the solution?

We've been using this solution for five years.

How was the initial setup?

If you don't know the product well, it might not be easy to set up, because CyberArk has several modules. You need to study it before to start to implement this solution. It's not like other PAM tools e.g.Thycotic, which is easy to set up, as it's just a web server with a database.

The deployment itself can take between one and two work weeks. The project, or configuration documents, however, must take more time. You cannot think about the infrastructure in one week. You have to prepare all the documents, understand the infrastructure you want, etc. It's the project management that takes more time.

What other advice do I have?

You have to analyze the target hosts that you have in your organization and understand what is the scope of your project. You have to make a very clear plan for the project and CyberArk infrastructure sizing. Then you have to do a very good job with the project management and collaborate with the privileged accounts stakeholders. With all that in mind, you can go ahead with CyberArk.

Be careful with the configuration. When you make changes and so on, be very careful to understand what you are doing. Plan and test what you are doing in a test environment before switching to production.

I would rate CyberArk as nine out of ten. Ten means that it's the best solution on the market and no one else compares to it.  However, before giving them a ten, they should do something related to the Password Vault utility. Maybe they should add some other features too. For me, it is one of the best tools on the market, so nine is enough for now.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer990873 - PeerSpot reviewer
Information Security Engineer at a international affairs institute with 1,001-5,000 employees
User
Helps control use of shared passwords and the practice of sharing passwords disappeared completely

What is our primary use case?

The main purpose of getting CyberArk was to control the use of the shared passwords. 

Secondly, we needed to take out the secrets from the applications' source code (database connection strings). 

Thirdly, we wanted to improve the network segmentation and reduce the number of firewall exceptions. We're doing that by assigning a PSM per network zone and limiting the exceptions to its connections.

How has it helped my organization?

The practice of sharing passwords disappeared completely and the most sensitive application is using the AIM to retrieve database passwords for all its users.

We're still struggling with the use of RDP through PSMs.

What is most valuable?

The most valuable features for us are the AIM and PSM because they helped us by reducing the number of secrets floating around.

What needs improvement?

The AIM providers registration process could be easier and could allow re-registration. Also, some sort of policies for assigning access rights and safe ownership would be useful for deployment automation. We're seeing difficulties with hosts requiring 2FA, and we need to better cover them with PSM and PSMP.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I am very impressed with the stability, but I still need to convince some colleagues.

What do I think about the scalability of the solution?

Scalability is rather good, we haven't reached any technical limitations yet.

How are customer service and technical support?

The support is always very responsive, accurate, and complete in their solutions. I've always had a personal contact that would know our setup and was able to concentrate on our specifics instead of pointing to a generic document on the support site.

Which solution did I use previously and why did I switch?

No, we haven't used any other solution.

How was the initial setup?

The initial setup was straightforward because its entire complexity was hidden by the CyberArk expert who guided the whole process.

What about the implementation team?

Our vendor's implementation team was stellar.

What was our ROI?

We haven't yet calculated the ROI.

What's my experience with pricing, setup cost, and licensing?

Attempt to minimize the AIM deployments as the license is expensive. Take a license for a test instance even if it might cost extra.

Which other solutions did I evaluate?

I cannot tell what other options were evaluated.

What other advice do I have?

Keep an eye on the cloud integrations and be ready for Conjur.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SAP CRM /C4C /SAP Hybris at ATOS
Consultant
PSM enables after-hours monitoring, and CPM helps keep the password policy up to date
Pros and Cons
  • "The ability to monitor privileged accounts throughout the enterprises."
  • "PSM enables after-hours monitoring."
  • "CPM helps keep the password policy up to date."
  • "We should be able to join small components."

What is our primary use case?

This solution is used for managing all unmanaged and forgotten privileged accounts. DNA tool is amazing, far better than imaginable in previous years.

How has it helped my organization?

We are able to keep an eye on every move made by privileged accounts throughout the enterprises, and with PSM we have monitoring after hours.

What is most valuable?

CPM, which helps keep the password policy up to date. which eventually helps to maintain the GDPR data security requirements for almost every client in Europe and elsewhere. 

What needs improvement?

It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user789450 - PeerSpot reviewer
Works at a energy/utilities company with 1,001-5,000 employees
User
The ability to write your own connectors and plugins is invaluable as far as flexibility goes
Pros and Cons
  • "Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened."
  • "The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes."
  • "Enhanced PSM support for Java based applications."

What is our primary use case?

  • Vaulting of privileged credentials. 
  • Used as a jump host solution. 
  • We wanted to keep passwords from being exposed to end users and connect them seamlessly to their target devices.

How has it helped my organization?

Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened.

What is most valuable?

The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.

What needs improvement?

  • Enhanced PSM support for Java based applications.
  • Easier to use bulk uploader tools (which are already being worked on).

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Security Expert at SecurIT
Consultant
I see a lot of security issues are addressed by the solution. For example, audit issues for privileged accounts.

What is most valuable?

As a security engineer, I mostly implement the Enterprise Password Vault Suite (Vault Server, Central Policy Manager, Password Vault Web Access) as this is the base upon which every additional component is built. I am using and implementing the additional components, such as the Privileged Session Manager and Application Identity Manager, more and more.

How has it helped my organization?

When implementing CyberArk, I see that a lot of security issues are addressed by the solution. For example, audit issues for privileged (non-personal) accounts, which have a sufficient amount of impact on the organization when being compromised or misused.

A major benefit next to the auditing capabilities is the secure storage of the accounts in questions. CyberArk has the most extensive hardening and encryption techniques I have seen in a product, with equal intentions.

Additionally, CyberArk can reduce the attack surface of these accounts by retaining the privileged accounts (protecting the credentials) within a secure environment only to be accessed through a secured proxy server (Privileged Session Manager). What I have also seen is that the Privileged Session Manager can aid in the adoption of CyberArk within an organization as it allows the end user to keep using his personal way of working (e.g., Remote Desktop Manager, Customized Putty).

Another burden that organizations have is the need to manage hard-coded credentials. CyberArk also has a solution for this, allowing the credentials to be stored in the vault, where they can be retrieved by a script or applications through the execution of a command instead of hard-coding the credentials. There is also a solution available for accounts used in Windows scheduled tasks, services and more.

The last generic, relatively new improvement for customers is the ability to monitor and identify the usage of the accounts managed by the suite. By using Privileged Threat Analytics, you can match the usage of CyberArk against the actual (logon) events retrieved from the corporate SIEM. Next to this, PTA profiles privileged account usage to discover malicious patterns such as different IP addresses or usage of an account on an unusual day. This is a very useful practice to gain an enhanced view on these privileged accounts and can eventually limit the impact of any malicious usage because of early detection.

What needs improvement?

In every product, there is room for improvement. Within CyberArk, I would like to see more support for personal accounts. It can be done right now, but I can imagine changing a few aspects would make this easier and more foolproof.

Next to that, the REST API is not as capable as I would like. CyberArk is getting close, though.

Lastly, I would love to see a password filler that can provide raw input (like a keyboard). There are scenarios where administrators do not have the ability to copy and paste a password from the clipboard. As typing over a long random password is a tricky job, a raw password filler would be a solution that could overcome this issue.

For how long have I used the solution?

I have been involved with CyberArk for three years now. During this period, I have designed, implemented and supported multiple CyberArk environments.

What do I think about the stability of the solution?

During the time that I have worked with CyberArk, I was able to conclude - based on experience and colleague stories - that this is one of the most stable products I have ever encountered. I have never seen any stability issue that was not related to a human error or a configuration issue.

What do I think about the scalability of the solution?

As far as I’m aware, we have not encountered any scalability issues. I have heard of some issues with the database of CyberArk when scaling to excessive amounts of entries, a long time ago. These issues have been fixed, as far as I know.

In addition, it is possible to have issues with the Central Policy Manager when you configure it wrong.

How are customer service and technical support?

The technical support for our customers is primarily handled by ourselves, with CyberArk technical support to fall back to. I have seen great improvements in the quality of support over the years and they continue to do so. The response is fast and the quality is good.

There is room for improvement in bug tracking. When a bug is confirmed, it is hard to track when or if it will be released in one of the future releases. As CyberArk is building an entire new support portal, I hope that this will be improved someday.

Which solution did I use previously and why did I switch?

My company did not previously use a different solution. My company has had CyberArk in their portfolio for more than 10 years now.

How was the initial setup?

Our company has set up a ‘generic’ and fast implementation plan based on our experiences and best practices. This plan provides a straightforward approach, which can be customized into a complex solution to suit every customer's needs.

In general, the installation is quick, but the actual work is found in the process of onboarding new account(type)s as this requires a significant amount of communication and coordination.

What's my experience with pricing, setup cost, and licensing?

Try to create a good design with a CyberArk partner before you start thinking about licensing. Then, you will have a good view on the components needed to suit your environment from the start towards a fully mature environment.

What other advice do I have?

Do not think too big at the start.

Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a certified CyberArk partner.
PeerSpot user
it_user506925 - PeerSpot reviewer
Senior Consultant (CyberArk) at a financial services firm with 10,001+ employees
Real User
The Enterprise Password Vault protects privileged IDs within a secure digital vault.

What is most valuable?

EPV (Enterprise Password Vault) is the most valuable feature of the product to me. It is the core of the product, where it stores the passwords it needs to protect. It protects privileged IDs within a secure digital vault.

What needs improvement?

User friendliness and reporting: While the PVWA (Password Vault Web Access) provides a web console for the end user and administrator to access the solution, there is room for improvement. (E.g.: show tips when the mouse hovers over.) Reportingprovides very detailed information; however, it requires customization before it is presentable.

For how long have I used the solution?

I first got introduced to CyberArk around 2012.

What do I think about the stability of the solution?

No issue with stability. The solution provides an HA option.

What do I think about the scalability of the solution?

I would say there are scalability issues. After the solution is deployed, resizing it is difficult. Therefore, proper sizing at the planning stage is important.

How are customer service and technical support?

Technical support is excellent; one of the most knowledgeable and well-trained support staff.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was complex. A typical deployment will require at least two months of full-time planning. In a large deployment, it can be over six months.

Which other solutions did I evaluate?

Before choosing this product, I did not evaluate other options.

What other advice do I have?

A well-trained and experienced deployment team is critical. Sizing, safe design, and access management need to be discussed beforehand.

reason for not being a 10 is, there is always rooms for improvements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.