Try our new research platform with insights from 80,000+ expert users
Director / Engineer at Provincia
Real User
Enables users to connect to a target machine without the need to know the privileged accounts' password
Pros and Cons
  • "Our most valuable features would probably be key rotation, the SKM or SSH key manager, and account discovery."
  • "I think they can improve account onboarding. For instance, you have to use the Password Vault utility, whereas in Thycotic I think there is a feature in the user interface that allows you to upload your account with an Excel file. So I'd like to have a similar thing in CyberArk."

What is our primary use case?

I have worked as a CyberArk SME, team leader, project manager in the financial industry. I've managed both the implementation and configuration of enterprise CyberArk infrastructures.

How has it helped my organization?

As an end-user within the organization, I can't and I don't need to know the passwords of privileged accounts as CyberArk is taking care of the password/SSH Keys management on the target machines. The solution provides this security without changing the end-user experience because they are able to use the end-user tool like putty or remote desktop connection even without passing through the CyberArk interface

What is most valuable?

Our most valuable features would probably be password/key rotation, the SSH key manager, account discovery and quality of video recordings.

What needs improvement?

I think they can add a new feature for the account onboarding like I've seen for another PAM tool: for instance they should give to the CyberArk administrator the chance to upload the accounts via the PVWA using a txt or an xls file.

Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.

For how long have I used the solution?

We've been using this solution for five years.

How was the initial setup?

If you don't know the product well, it might not be easy to set up, because CyberArk has several modules. You need to study it before to start to implement this solution. It's not like other PAM tools e.g.Thycotic, which is easy to set up, as it's just a web server with a database.

The deployment itself can take between one and two work weeks. The project, or configuration documents, however, must take more time. You cannot think about the infrastructure in one week. You have to prepare all the documents, understand the infrastructure you want, etc. It's the project management that takes more time.

What other advice do I have?

You have to analyze the target hosts that you have in your organization and understand what is the scope of your project. You have to make a very clear plan for the project and CyberArk infrastructure sizing. Then you have to do a very good job with the project management and collaborate with the privileged accounts stakeholders. With all that in mind, you can go ahead with CyberArk.

Be careful with the configuration. When you make changes and so on, be very careful to understand what you are doing. Plan and test what you are doing in a test environment before switching to production.

I would rate CyberArk as nine out of ten. Ten means that it's the best solution on the market and no one else compares to it.  However, before giving them a ten, they should do something related to the Password Vault utility. Maybe they should add some other features too. For me, it is one of the best tools on the market, so nine is enough for now.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer990873 - PeerSpot reviewer
Information Security Engineer at a international affairs institute with 1,001-5,000 employees
User
Helps control use of shared passwords and the practice of sharing passwords disappeared completely

What is our primary use case?

The main purpose of getting CyberArk was to control the use of the shared passwords. 

Secondly, we needed to take out the secrets from the applications' source code (database connection strings). 

Thirdly, we wanted to improve the network segmentation and reduce the number of firewall exceptions. We're doing that by assigning a PSM per network zone and limiting the exceptions to its connections.

How has it helped my organization?

The practice of sharing passwords disappeared completely and the most sensitive application is using the AIM to retrieve database passwords for all its users.

We're still struggling with the use of RDP through PSMs.

What is most valuable?

The most valuable features for us are the AIM and PSM because they helped us by reducing the number of secrets floating around.

What needs improvement?

The AIM providers registration process could be easier and could allow re-registration. Also, some sort of policies for assigning access rights and safe ownership would be useful for deployment automation. We're seeing difficulties with hosts requiring 2FA, and we need to better cover them with PSM and PSMP.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I am very impressed with the stability, but I still need to convince some colleagues.

What do I think about the scalability of the solution?

Scalability is rather good, we haven't reached any technical limitations yet.

How are customer service and technical support?

The support is always very responsive, accurate, and complete in their solutions. I've always had a personal contact that would know our setup and was able to concentrate on our specifics instead of pointing to a generic document on the support site.

Which solution did I use previously and why did I switch?

No, we haven't used any other solution.

How was the initial setup?

The initial setup was straightforward because its entire complexity was hidden by the CyberArk expert who guided the whole process.

What about the implementation team?

Our vendor's implementation team was stellar.

What was our ROI?

We haven't yet calculated the ROI.

What's my experience with pricing, setup cost, and licensing?

Attempt to minimize the AIM deployments as the license is expensive. Take a license for a test instance even if it might cost extra.

Which other solutions did I evaluate?

I cannot tell what other options were evaluated.

What other advice do I have?

Keep an eye on the cloud integrations and be ready for Conjur.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
SAP CRM /C4C /SAP Hybris at ATOS
Consultant
PSM enables after-hours monitoring, and CPM helps keep the password policy up to date
Pros and Cons
  • "The ability to monitor privileged accounts throughout the enterprises."
  • "PSM enables after-hours monitoring."
  • "CPM helps keep the password policy up to date."
  • "We should be able to join small components."

What is our primary use case?

This solution is used for managing all unmanaged and forgotten privileged accounts. DNA tool is amazing, far better than imaginable in previous years.

How has it helped my organization?

We are able to keep an eye on every move made by privileged accounts throughout the enterprises, and with PSM we have monitoring after hours.

What is most valuable?

CPM, which helps keep the password policy up to date. which eventually helps to maintain the GDPR data security requirements for almost every client in Europe and elsewhere. 

What needs improvement?

It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user789450 - PeerSpot reviewer
Works at a energy/utilities company with 1,001-5,000 employees
User
The ability to write your own connectors and plugins is invaluable as far as flexibility goes
Pros and Cons
  • "Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened."
  • "The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes."
  • "Enhanced PSM support for Java based applications."

What is our primary use case?

  • Vaulting of privileged credentials. 
  • Used as a jump host solution. 
  • We wanted to keep passwords from being exposed to end users and connect them seamlessly to their target devices.

How has it helped my organization?

Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened.

What is most valuable?

The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.

What needs improvement?

  • Enhanced PSM support for Java based applications.
  • Easier to use bulk uploader tools (which are already being worked on).

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Security Expert at SecurIT
Consultant
I see a lot of security issues are addressed by the solution. For example, audit issues for privileged accounts.

What is most valuable?

As a security engineer, I mostly implement the Enterprise Password Vault Suite (Vault Server, Central Policy Manager, Password Vault Web Access) as this is the base upon which every additional component is built. I am using and implementing the additional components, such as the Privileged Session Manager and Application Identity Manager, more and more.

How has it helped my organization?

When implementing CyberArk, I see that a lot of security issues are addressed by the solution. For example, audit issues for privileged (non-personal) accounts, which have a sufficient amount of impact on the organization when being compromised or misused.

A major benefit next to the auditing capabilities is the secure storage of the accounts in questions. CyberArk has the most extensive hardening and encryption techniques I have seen in a product, with equal intentions.

Additionally, CyberArk can reduce the attack surface of these accounts by retaining the privileged accounts (protecting the credentials) within a secure environment only to be accessed through a secured proxy server (Privileged Session Manager). What I have also seen is that the Privileged Session Manager can aid in the adoption of CyberArk within an organization as it allows the end user to keep using his personal way of working (e.g., Remote Desktop Manager, Customized Putty).

Another burden that organizations have is the need to manage hard-coded credentials. CyberArk also has a solution for this, allowing the credentials to be stored in the vault, where they can be retrieved by a script or applications through the execution of a command instead of hard-coding the credentials. There is also a solution available for accounts used in Windows scheduled tasks, services and more.

The last generic, relatively new improvement for customers is the ability to monitor and identify the usage of the accounts managed by the suite. By using Privileged Threat Analytics, you can match the usage of CyberArk against the actual (logon) events retrieved from the corporate SIEM. Next to this, PTA profiles privileged account usage to discover malicious patterns such as different IP addresses or usage of an account on an unusual day. This is a very useful practice to gain an enhanced view on these privileged accounts and can eventually limit the impact of any malicious usage because of early detection.

What needs improvement?

In every product, there is room for improvement. Within CyberArk, I would like to see more support for personal accounts. It can be done right now, but I can imagine changing a few aspects would make this easier and more foolproof.

Next to that, the REST API is not as capable as I would like. CyberArk is getting close, though.

Lastly, I would love to see a password filler that can provide raw input (like a keyboard). There are scenarios where administrators do not have the ability to copy and paste a password from the clipboard. As typing over a long random password is a tricky job, a raw password filler would be a solution that could overcome this issue.

For how long have I used the solution?

I have been involved with CyberArk for three years now. During this period, I have designed, implemented and supported multiple CyberArk environments.

What do I think about the stability of the solution?

During the time that I have worked with CyberArk, I was able to conclude - based on experience and colleague stories - that this is one of the most stable products I have ever encountered. I have never seen any stability issue that was not related to a human error or a configuration issue.

What do I think about the scalability of the solution?

As far as I’m aware, we have not encountered any scalability issues. I have heard of some issues with the database of CyberArk when scaling to excessive amounts of entries, a long time ago. These issues have been fixed, as far as I know.

In addition, it is possible to have issues with the Central Policy Manager when you configure it wrong.

How are customer service and technical support?

The technical support for our customers is primarily handled by ourselves, with CyberArk technical support to fall back to. I have seen great improvements in the quality of support over the years and they continue to do so. The response is fast and the quality is good.

There is room for improvement in bug tracking. When a bug is confirmed, it is hard to track when or if it will be released in one of the future releases. As CyberArk is building an entire new support portal, I hope that this will be improved someday.

Which solution did I use previously and why did I switch?

My company did not previously use a different solution. My company has had CyberArk in their portfolio for more than 10 years now.

How was the initial setup?

Our company has set up a ‘generic’ and fast implementation plan based on our experiences and best practices. This plan provides a straightforward approach, which can be customized into a complex solution to suit every customer's needs.

In general, the installation is quick, but the actual work is found in the process of onboarding new account(type)s as this requires a significant amount of communication and coordination.

What's my experience with pricing, setup cost, and licensing?

Try to create a good design with a CyberArk partner before you start thinking about licensing. Then, you will have a good view on the components needed to suit your environment from the start towards a fully mature environment.

What other advice do I have?

Do not think too big at the start.

Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a certified CyberArk partner.
PeerSpot user
it_user506925 - PeerSpot reviewer
Senior Consultant (CyberArk) at a financial services firm with 10,001+ employees
Real User
The Enterprise Password Vault protects privileged IDs within a secure digital vault.

What is most valuable?

EPV (Enterprise Password Vault) is the most valuable feature of the product to me. It is the core of the product, where it stores the passwords it needs to protect. It protects privileged IDs within a secure digital vault.

What needs improvement?

User friendliness and reporting: While the PVWA (Password Vault Web Access) provides a web console for the end user and administrator to access the solution, there is room for improvement. (E.g.: show tips when the mouse hovers over.) Reportingprovides very detailed information; however, it requires customization before it is presentable.

For how long have I used the solution?

I first got introduced to CyberArk around 2012.

What do I think about the stability of the solution?

No issue with stability. The solution provides an HA option.

What do I think about the scalability of the solution?

I would say there are scalability issues. After the solution is deployed, resizing it is difficult. Therefore, proper sizing at the planning stage is important.

How are customer service and technical support?

Technical support is excellent; one of the most knowledgeable and well-trained support staff.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was complex. A typical deployment will require at least two months of full-time planning. In a large deployment, it can be over six months.

Which other solutions did I evaluate?

Before choosing this product, I did not evaluate other options.

What other advice do I have?

A well-trained and experienced deployment team is critical. Sizing, safe design, and access management need to be discussed beforehand.

reason for not being a 10 is, there is always rooms for improvements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Volodymir Kolisnyk - PeerSpot reviewer
Security specialist at Kavitech
Real User
Top 10
A stable and profitable solution for privileged access

What is our primary use case?

CyberArk is a good, profitable, and most valuable solution.

What is most valuable?

While testing the functionality of PAM, we weren't merely conducting a standard PAM evaluation. We aimed to establish a connection and successfully received a response from the target PAM component.

What needs improvement?

The product’s pricing could be improved.

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager as a partner and implementor.

What do I think about the stability of the solution?

The product is stable. If you make some changes or something, it's stable.

What do I think about the scalability of the solution?

The solution is scalable. We cater it to enterprise businesses.

How are customer service and support?

Customer support takes too much time to provide some response. When you open some cases, sometimes it takes one or two weeks to get some people to know the problem and how they will help us.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup takes a few days to complete.

I rate the initial setup a six out of ten, where one is difficult and ten is easy.

What's my experience with pricing, setup cost, and licensing?

The product is expensive.

I rate the product’s pricing a seven out of ten, where one is cheap and ten is expensive.

What other advice do I have?

Overall, I rate the solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1248522 - PeerSpot reviewer
Team Lead Information Security Control at a financial services firm with 5,001-10,000 employees
Real User
Good support, reliable, and straightforward implementation
Pros and Cons
  • "CyberArk Privileged Access Manager is stable."
  • "CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift."

What is our primary use case?

We are using CyberArk Privileged Access Manager because we have too many accounts and we need to manage them.

How has it helped my organization?

CyberArk Privileged Access Manager has helped our organization by controlling users' access.

What needs improvement?

CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift.

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for approximately two years.

What do I think about the stability of the solution?

CyberArk Privileged Access Manager is stable.

What do I think about the scalability of the solution?

We have thousands of users using CyberArk Privileged Access Manager in my organization.

How are customer service and support?

The support from CyberArk Privileged Access Manager is good.

How was the initial setup?

The initial setup of CyberArk Privileged Access Manager was straightforward.

What about the implementation team?

We had a local third-party company help us with the implementation of CyberArk Privileged Access Manager. The maintenance is sometimes a challenge for our consulting team that does it.

What other advice do I have?

I would recommend this solution to others.

I rate CyberArk Privileged Access Manager a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.