CyberArk Privileged Access Manager Reviews

We provide privilege account security and consulting to our customers. Organisations that we work with use CyberArk Privileged Account Security to secure their privilege accounts, which are shared between users in the organisation. It provides automatic password management and provides the single sign-on experience to users for all privilege accounts (Windows - administrator, Linux - root, MS SQL - SA, Oracle - SYS, SSH keys, etc.).

It also provides DVR like recording for all privilege access and text-based recording to easily audit all privilege activities.

The new Privilege Threat Analytics platform provides proactive protection by suspending the user session when it detects an anomaly based on past user login and session activity details. In addition, we can configure the solution to detect scoring on all privilege sessions for easier audits.

The Application Identity Manager module helps to eliminate hard-coded passwords in the application and enables us to easily change database passwords.

1. Automatic password management, which will automatically change passwords based on compliance requirements.
2. DVR like video recording and text-based recording for easier audits.
3. Easily scan the network for all privilege accounts and has an easier onboarding process.
4. SSH key management
5. Command level restriction for all SSH-based devices.
6. Anomaly detection and prevention for all privilege accounts.
7. Integration with ticketing tools and SIEM solutions.

1. Ability to provide native experience for users to login to privilege accounts. They do not need to go through a portal to access servers and accounts.
2. Agentless solution which is easy to customise to any platform having network connectivity.
3. Wide range of devices supported out-of-the-box.
4. Easy to configure HA and DR options.
5. Online training enables cost effective valuable training.

This product needs professional consulting services to onboard accounts effectively based user profiles.

No issues.

No issues.

Excellent customer support.

We did not previously use another solution.

The setup is very straightforward.

The cost is high compared to other products, but CyberArk provides all the features bundled. This is compared to other vendors who provide them as a different license for each functionality.

At present, we are only focusing on CyberArk for privilege account security. Comparing it to other providers, Cyberark provides a more user-friendly environment with many more features and benefits.

I have used and deployed it in various environments so far. It really covers all the use cases provided by the customer.

The product enables us manage passwords of highly privileged (service) accounts. These are not tied to a person, and they include a full audit trail and approval workflow functionality.

Management of these accounts is typically required to prevent abuse and gain control of this.

Perhaps improve the user registry integration. It is already fine, but a bit atypical.

My experience with the product was with older versions, so this may not represent the actual case anymore. In essence, user registry integration is atypical in the sense that the product creates a copy of the user inside the product itself (to accommodate for license seat counting, I guess).

Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt the vendor considers this an issue, though.

I have used this for three years, including the implementation of the product

There were no issues with stability.

There were no issues with scalability.

Technical support is OK. The product is not very difficult to install, but there are some considerations that need to be taken into account. Tech support is very well aware of this.

The initial setup was simple. It is windows based and leverages installation wizards to perform installation. Also, sufficient documentation exists to guide the setup procedure.

Look well at the user base and frequency of use. A lot of licensing models exist, but having this clear will immediately indicate what fits best.

As for pricing, I cannot comment.

We did not evaluate other solutions.

Make sure that the organization is ready and willing to adopt this, as the typical business cases cannot be addressed by the product alone.

• Ability to manage passwords for highly privileged, service accounts, which are not tied to a person
• The inclusion of a full audit trail
• Approval workflow functionality

Management of these accounts is typically required to prevent abuse and prove compliance.

Perhaps improve the user registry integration. User registry integration is atypical in the sense that the product creates a copy of the user inside the product itself. This is done to accommodate for license seat counting.

Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt that the vendor considers this an issue.

I have used CyberArk for three years, including the implementation of the product.

I did not have stability issues.

I did not have scalability issues.

The product is not very difficult to install. However, there are some considerations that need to be taken into account. Technical support is very well aware of this.

The setup was simple. It is Windows based and leverages installation wizards to perform the installation. Also, sufficient documentation exists to guide you through the setup procedure.

Examine the user base and frequency of use. A lot of licensing models exist. However, having this clear will immediately indicate what fits best. As for pricing, I cannot comment.

We didn’t look at alternatives.

Assure that the organization is ready and willing to adopt this. The typical business cases cannot be addressed by the product alone.

My primary use case is the digital identity for access management of users and the configuration of passwords, or MSA, or SSO.

Password Vault's policy configuration is very good - when you receive an attack, you can segment the structure of the project in order to isolate parts or users.

Upgrading the product is very difficult, so this could be an area for improvement.

I've been using this solution for six months.

There have been a few lags when connecting with RDP, but otherwise, the stability is good.

Password Vault's scalability is good.

The technical support is very good in general but could provide more help when upgrading.

I would rate this solution eight out of ten.

Privileged account access into customer environments.

A higher level of password rotation and usage auditing.

• OTP
• Session recording
• Auditing
• It takes away all ambiguity around "known" admin accounts.

The native PSM components are really good, however, if you have to apply environmental tweaks to an application launch, custom AutoIt scripts are needed. 

Options for specifying drive mappings or script execution without the need for AutoIt based scripting in the native components would be good.

Primary use case: having privileged access management and ingress into customer networks and infrastructure.

The auditing and recording functionality along with stringent password-change policies and one-time password use has made compliance with customer requirements a much clearer and easily managed process.

• Recordings
• Exclusive use, and 
• OTP. 

There can be no ambiguity: An account can only be in use by one single known user, and they have no knowledge of the password.

Functionality to enable drive mappings to platforms and default connectors without the need to use AutoIt.

The primary use case of CyberArk is controlling privileged access. It is good at providing various privileged access controls. The CyberArk use case can be implemented on various platforms.

Password rotation is another key use case. There are many integrations available on the CyberArk Marketplace, plugins and connectors with different technologies to be integrated with CyberArk to achieve this use case.

I've had an experience of deploying CyberArk in on-premise and in the cloud.

For any use case, session management is a key because it isolates users' machines to the target system. That way then, if an attack happens on a user's machine, the privileged session is still an isolated session. The privileged session is not interrupted.

In general, all CyberArk's features are very useful from a privileged account control point of view, and for session management and password rotation. 

The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution.

There are many other important features of CyberArk: 

• Privileged Session Manager (PSM) connects you to the target platform. 
• Password management (CPM) provides automatic password rotations, including password verification and reconciliation. 
• Auditability, which means CyberArk keeps track of logs and audit trails, including session recording, which is another key feature. 

The password management enables the rotation of passwords per an organization's policy. Passwords can be rotated after N number of hours or based on a particular day. It's a very key feature from a security point of view, because passwords are meant to be rotated very frequently. CyberArk does it very well with different plugins.

More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured. That would make it easier when somebody is implementing it or referencing the documentation.

I have used CyberArk Privileged Access Manager for approximately seven years.

It is a very stable and reliable product.

It is scalable and scaling it is straightforward. It has been designed and planned well, making it easy to scale the environment.

We have frequently worked with CyberArk technical support. In the last year their support has been changed. I would rate it at about seven out of 10. It depends on the person who picks up the support ticket. If that person is fairly proficient in his experience, the response will be quick. Otherwise, it can take time. But, in general, it's good.

Neutral

The complexity of the initial setup depends on the organization's underlying infrastructure, on the environment in which the development is happening. Sometimes the environment on which the product is being installed is more of a challenge than the product. That plays a key role. And, as I mentioned, it's a bit of a challenge because of the documentation at the moment. It needs to be much more user-friendly

The time for deployment also depends on the environment in which the product is being deployed. The technology landscape is very complex. With an end-to-end implementation, it can vary depending on whether the environment is small or medium or complex, and what types of use cases are involved. If it is just a simple environment and minimal features need to be configured, it can be straightforward and take a few days. But if it's a really large-scale, complex environment, where multiple integrations are required, because the underlying requirement to deploy CyberArk with other applications is complex, it will definitely take longer.

Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive.

It's a long journey and it needs to be set out in phases very well, starting with something small and gradually implementing PAM controls across whatever multiple technologies an organization uses. It's a long-term project to fully deploy and benefit from all of CyberArk's features. 

Rather than being about the product, it's more about the overall PAM journey that a company decides to take. It's a very complex world, integrating multiple applications within CyberArk. There are various technical complexities involved, not with CyberArk, but with the other products. 

But it's worthwhile. CyberArk does its job very well. All the components are very useful and the benefits are all evident. CyberArk is the number-one PAM solution.

The primary use case is to monitor the official activity of a privileged user for privilege violations.

CyberArk's GUI is user friendly.

I have been using CyberArk for only six months.

Password Vault is a reasonably stable solution.

I've only used it for a few months, so it's hard for me to say how scalable Password Vault is. Those who've used it longer and deployed it on more endpoints could answer that question better.

We're served by CyberArk's regional support based in India and Singapore, but I want country-level support in Bangladesh, so I can get help quickly. Also, online support is annoying. I would like to get face-to-face support from a local CyberArk representative. 

Setting up Password Vault is not easy. We needed an online consultant to help us.

Password Vault is much pricier than other solutions. A vendor team might struggle to explain why that price is justified. There are good alternatives that cost less.

I rate CyberArk Enterprise Password Vault seven out of 10