What is our primary use case?
The primary use case of CyberArk is controlling privileged access. It is good at providing various privileged access controls. The CyberArk use case can be implemented on various platforms.
Password rotation is another key use case. There are many integrations available on the CyberArk Marketplace, plugins and connectors with different technologies to be integrated with CyberArk to achieve this use case.
I've had an experience of deploying CyberArk in on-premise and in the cloud.
How has it helped my organization?
For any use case, session management is a key because it isolates users' machines to the target system. That way then, if an attack happens on a user's machine, the privileged session is still an isolated session. The privileged session is not interrupted.
What is most valuable?
In general, all CyberArk's features are very useful from a privileged account control point of view, and for session management and password rotation.
The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution.
There are many other important features of CyberArk:
- Privileged Session Manager (PSM) connects you to the target platform.
- Password management (CPM) provides automatic password rotations, including password verification and reconciliation.
- Auditability, which means CyberArk keeps track of logs and audit trails, including session recording, which is another key feature.
The password management enables the rotation of passwords per an organization's policy. Passwords can be rotated after N number of hours or based on a particular day. It's a very key feature from a security point of view, because passwords are meant to be rotated very frequently. CyberArk does it very well with different plugins.
What needs improvement?
More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured. That would make it easier when somebody is implementing it or referencing the documentation.
For how long have I used the solution?
I have used CyberArk Privileged Access Manager for approximately seven years.
What do I think about the stability of the solution?
It is a very stable and reliable product.
What do I think about the scalability of the solution?
It is scalable and scaling it is straightforward. It has been designed and planned well, making it easy to scale the environment.
How are customer service and support?
We have frequently worked with CyberArk technical support. In the last year their support has been changed. I would rate it at about seven out of 10. It depends on the person who picks up the support ticket. If that person is fairly proficient in his experience, the response will be quick. Otherwise, it can take time. But, in general, it's good.
How would you rate customer service and support?
How was the initial setup?
The complexity of the initial setup depends on the organization's underlying infrastructure, on the environment in which the development is happening. Sometimes the environment on which the product is being installed is more of a challenge than the product. That plays a key role. And, as I mentioned, it's a bit of a challenge because of the documentation at the moment. It needs to be much more user-friendly
The time for deployment also depends on the environment in which the product is being deployed. The technology landscape is very complex. With an end-to-end implementation, it can vary depending on whether the environment is small or medium or complex, and what types of use cases are involved. If it is just a simple environment and minimal features need to be configured, it can be straightforward and take a few days. But if it's a really large-scale, complex environment, where multiple integrations are required, because the underlying requirement to deploy CyberArk with other applications is complex, it will definitely take longer.
What's my experience with pricing, setup cost, and licensing?
Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive.
What other advice do I have?
It's a long journey and it needs to be set out in phases very well, starting with something small and gradually implementing PAM controls across whatever multiple technologies an organization uses. It's a long-term project to fully deploy and benefit from all of CyberArk's features.
Rather than being about the product, it's more about the overall PAM journey that a company decides to take. It's a very complex world, integrating multiple applications within CyberArk. There are various technical complexities involved, not with CyberArk, but with the other products.
But it's worthwhile. CyberArk does its job very well. All the components are very useful and the benefits are all evident. CyberArk is the number-one PAM solution.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Implementer