This solution is used primarily for privileged segment access and break-glass access. We also use it for log-on session recording and access control, where we can grant access to our key systems for ad-hoc use.
Security Architect at a financial services firm with 10,001+ employees
Easy to set up and gives us the flexibility to grant access when we need it
Pros and Cons
- "The most valuable feature is the ability to delegate access to admins when they need it."
- "I would prefer that this is a fully-managed service, rather than have to manage the software ourselves and keep it up to date."
What is our primary use case?
What is most valuable?
The most valuable feature is the ability to delegate access to admins when they need it. It allows us to have some kind of proof on the approval process, rather than give people standing access on a full-time basis.
What needs improvement?
I would prefer that this is a fully-managed service, rather than have to manage the software ourselves and keep it up to date. A cloud-based deployment would ultimately be better for us than an on-premises appliance.
What do I think about the stability of the solution?
Stability has not been a problem.
Buyer's Guide
CyberArk Privileged Access Manager
November 2024
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
What do I think about the scalability of the solution?
We didn't have any issues with scalability, although we only have 30 or 40 systems integrated. There were not tens of thousands.
How are customer service and support?
We did not need to contact technical support.
How was the initial setup?
The initial setup was not very hard, although it took a little while to get it set up. The only difficult part is making sure that it is integrated with all of the applications. If you've got Active Directory then it is easy, and pretty straightforward. If instead, you have all local accounts then it can get a lot harder, although I don't think that any other application can improve it if you've got local accounts everywhere.
The actual installation that included getting it up and running was pretty quick, taking only a couple of days. Going through all of the change management and other processes took much longer, on the order of months. The more problems there are with accounts inside the organization, the longer the deployment will take.
What about the implementation team?
Our in-house team was responsible for the deployment.
What's my experience with pricing, setup cost, and licensing?
The price of this solution is expensive.
What other advice do I have?
My advice for anybody who is implementing this product is to get the admins familiar with the setup. They have to learn how to get the process approved, especially in an ad-hoc scenario. The scheduled changes are ok, but the ad-hoc ones can be a little bit problematic if you don't have enough approvals ready to approve access.
If an organization can afford it then the Cyberark Enterprise Password Vault works well.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Director at Unique Performance Techsoft Pvt Ltd
Anomaly detection and prevention for all privilege accounts
Pros and Cons
- "Automatic password management, which will automatically change passwords based on compliance requirements."
- "DVR like video recording and text-based recording for easier audits."
- "This product needs professional consulting services to onboard accounts effectively based user profiles."
What is our primary use case?
We provide privilege account security and consulting to our customers. Organisations that we work with use CyberArk Privileged Account Security to secure their privilege accounts, which are shared between users in the organisation. It provides automatic password management and provides the single sign-on experience to users for all privilege accounts (Windows - administrator, Linux - root, MS SQL - SA, Oracle - SYS, SSH keys, etc.).
It also provides DVR like recording for all privilege access and text-based recording to easily audit all privilege activities.
The new Privilege Threat Analytics platform provides proactive protection by suspending the user session when it detects an anomaly based on past user login and session activity details. In addition, we can configure the solution to detect scoring on all privilege sessions for easier audits.
The Application Identity Manager module helps to eliminate hard-coded passwords in the application and enables us to easily change database passwords.
How has it helped my organization?
- Automatic password management, which will automatically change passwords based on compliance requirements.
- DVR like video recording and text-based recording for easier audits.
- Easily scan the network for all privilege accounts and has an easier onboarding process.
- SSH key management
- Command level restriction for all SSH-based devices.
- Anomaly detection and prevention for all privilege accounts.
- Integration with ticketing tools and SIEM solutions.
What is most valuable?
- Ability to provide native experience for users to login to privilege accounts. They do not need to go through a portal to access servers and accounts.
- Agentless solution which is easy to customise to any platform having network connectivity.
- Wide range of devices supported out-of-the-box.
- Easy to configure HA and DR options.
- Online training enables cost effective valuable training.
What needs improvement?
This product needs professional consulting services to onboard accounts effectively based user profiles.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
No issues.
What do I think about the scalability of the solution?
No issues.
How are customer service and technical support?
Excellent customer support.
Which solution did I use previously and why did I switch?
We did not previously use another solution.
How was the initial setup?
The setup is very straightforward.
What's my experience with pricing, setup cost, and licensing?
The cost is high compared to other products, but CyberArk provides all the features bundled. This is compared to other vendors who provide them as a different license for each functionality.
Which other solutions did I evaluate?
At present, we are only focusing on CyberArk for privilege account security. Comparing it to other providers, Cyberark provides a more user-friendly environment with many more features and benefits.
What other advice do I have?
I have used and deployed it in various environments so far. It really covers all the use cases provided by the customer.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are certified Gold partners for CyberArk and implemented this solution for a customer from various industry verticals.
Buyer's Guide
CyberArk Privileged Access Manager
November 2024
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
Security Engineer at a tech services company with 51-200 employees
Enables us to manage passwords of highly privileged accounts.
What is most valuable?
The product enables us manage passwords of highly privileged (service) accounts. These are not tied to a person, and they include a full audit trail and approval workflow functionality.
How has it helped my organization?
Management of these accounts is typically required to prevent abuse and gain control of this.
What needs improvement?
Perhaps improve the user registry integration. It is already fine, but a bit atypical.
My experience with the product was with older versions, so this may not represent the actual case anymore. In essence, user registry integration is atypical in the sense that the product creates a copy of the user inside the product itself (to accommodate for license seat counting, I guess).
Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt the vendor considers this an issue, though.
For how long have I used the solution?
I have used this for three years, including the implementation of the product
What do I think about the stability of the solution?
There were no issues with stability.
What do I think about the scalability of the solution?
There were no issues with scalability.
How is customer service and technical support?
Technical support is OK. The product is not very difficult to install, but there are some considerations that need to be taken into account. Tech support is very well aware of this.
How was the initial setup?
The initial setup was simple. It is windows based and leverages installation wizards to perform installation. Also, sufficient documentation exists to guide the setup procedure.
What's my experience with pricing, setup cost, and licensing?
Look well at the user base and frequency of use. A lot of licensing models exist, but having this clear will immediately indicate what fits best.
As for pricing, I cannot comment.
Which other solutions did I evaluate?
We did not evaluate other solutions.
What other advice do I have?
Make sure that the organization is ready and willing to adopt this, as the typical business cases cannot be addressed by the product alone.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CyberArk business partner.
Security Engineer at a tech services company with 51-200 employees
Provides a full audit trail and approval workflow functionality.
What is most valuable?
- Ability to manage passwords for highly privileged, service accounts, which are not tied to a person
- The inclusion of a full audit trail
- Approval workflow functionality
How has it helped my organization?
Management of these accounts is typically required to prevent abuse and prove compliance.
What needs improvement?
Perhaps improve the user registry integration. User registry integration is atypical in the sense that the product creates a copy of the user inside the product itself. This is done to accommodate for license seat counting.
Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt that the vendor considers this an issue.
For how long have I used the solution?
I have used CyberArk for three years, including the implementation of the product.
What do I think about the stability of the solution?
I did not have stability issues.
What do I think about the scalability of the solution?
I did not have scalability issues.
How is customer service and technical support?
The product is not very difficult to install. However, there are some considerations that need to be taken into account. Technical support is very well aware of this.
How was the initial setup?
The setup was simple. It is Windows based and leverages installation wizards to perform the installation. Also, sufficient documentation exists to guide you through the setup procedure.
What's my experience with pricing, setup cost, and licensing?
Examine the user base and frequency of use. A lot of licensing models exist. However, having this clear will immediately indicate what fits best. As for pricing, I cannot comment.
Which other solutions did I evaluate?
We didn’t look at alternatives.
What other advice do I have?
Assure that the organization is ready and willing to adopt this. The typical business cases cannot be addressed by the product alone.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CyberArk business partner implementing for customers.
Security Delivery Analyst at a computer software company with 10,001+ employees
Good policy configuration and tech support
Pros and Cons
- "Password Vault's policy configuration is very good - when you receive an attack, you can segment the structure of the project in order to isolate parts or users."
- "Upgrading the product is very difficult, so this could be an area for improvement."
What is our primary use case?
My primary use case is the digital identity for access management of users and the configuration of passwords, or MSA, or SSO.
What is most valuable?
Password Vault's policy configuration is very good - when you receive an attack, you can segment the structure of the project in order to isolate parts or users.
What needs improvement?
Upgrading the product is very difficult, so this could be an area for improvement.
For how long have I used the solution?
I've been using this solution for six months.
What do I think about the stability of the solution?
There have been a few lags when connecting with RDP, but otherwise, the stability is good.
What do I think about the scalability of the solution?
Password Vault's scalability is good.
How are customer service and support?
The technical support is very good in general but could provide more help when upgrading.
What other advice do I have?
I would rate this solution eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Takes away all ambiguity around "known" admin accounts
What is our primary use case?
Privileged account access into customer environments.
How has it helped my organization?
A higher level of password rotation and usage auditing.
What is most valuable?
- OTP
- Session recording
- Auditing
- It takes away all ambiguity around "known" admin accounts.
What needs improvement?
The native PSM components are really good, however, if you have to apply environmental tweaks to an application launch, custom AutoIt scripts are needed.
Options for specifying drive mappings or script execution without the need for AutoIt based scripting in the native components would be good.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Auditing and recording functionality has made compliance with customer requirements a much clearer and easily managed process
What is our primary use case?
Primary use case: having privileged access management and ingress into customer networks and infrastructure.
How has it helped my organization?
The auditing and recording functionality along with stringent password-change policies and one-time password use has made compliance with customer requirements a much clearer and easily managed process.
What is most valuable?
- Recordings
- Exclusive use, and
- OTP.
There can be no ambiguity: An account can only be in use by one single known user, and they have no knowledge of the password.
What needs improvement?
Functionality to enable drive mappings to platforms and default connectors without the need to use AutoIt.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Engineering Lead PAM with 10,001+ employees
Session management isolates users' machines, maintaining privileged session in the event of an attack
Pros and Cons
- "The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution."
- "More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured."
What is our primary use case?
The primary use case of CyberArk is controlling privileged access. It is good at providing various privileged access controls. The CyberArk use case can be implemented on various platforms.
Password rotation is another key use case. There are many integrations available on the CyberArk Marketplace, plugins and connectors with different technologies to be integrated with CyberArk to achieve this use case.
I've had an experience of deploying CyberArk in on-premise and in the cloud.
How has it helped my organization?
For any use case, session management is a key because it isolates users' machines to the target system. That way then, if an attack happens on a user's machine, the privileged session is still an isolated session. The privileged session is not interrupted.
What is most valuable?
In general, all CyberArk's features are very useful from a privileged account control point of view, and for session management and password rotation.
The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution.
There are many other important features of CyberArk:
- Privileged Session Manager (PSM) connects you to the target platform.
- Password management (CPM) provides automatic password rotations, including password verification and reconciliation.
- Auditability, which means CyberArk keeps track of logs and audit trails, including session recording, which is another key feature.
The password management enables the rotation of passwords per an organization's policy. Passwords can be rotated after N number of hours or based on a particular day. It's a very key feature from a security point of view, because passwords are meant to be rotated very frequently. CyberArk does it very well with different plugins.
What needs improvement?
More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured. That would make it easier when somebody is implementing it or referencing the documentation.
For how long have I used the solution?
I have used CyberArk Privileged Access Manager for approximately seven years.
What do I think about the stability of the solution?
It is a very stable and reliable product.
What do I think about the scalability of the solution?
It is scalable and scaling it is straightforward. It has been designed and planned well, making it easy to scale the environment.
How are customer service and support?
We have frequently worked with CyberArk technical support. In the last year their support has been changed. I would rate it at about seven out of 10. It depends on the person who picks up the support ticket. If that person is fairly proficient in his experience, the response will be quick. Otherwise, it can take time. But, in general, it's good.
How would you rate customer service and support?
Neutral
How was the initial setup?
The complexity of the initial setup depends on the organization's underlying infrastructure, on the environment in which the development is happening. Sometimes the environment on which the product is being installed is more of a challenge than the product. That plays a key role. And, as I mentioned, it's a bit of a challenge because of the documentation at the moment. It needs to be much more user-friendly
The time for deployment also depends on the environment in which the product is being deployed. The technology landscape is very complex. With an end-to-end implementation, it can vary depending on whether the environment is small or medium or complex, and what types of use cases are involved. If it is just a simple environment and minimal features need to be configured, it can be straightforward and take a few days. But if it's a really large-scale, complex environment, where multiple integrations are required, because the underlying requirement to deploy CyberArk with other applications is complex, it will definitely take longer.
What's my experience with pricing, setup cost, and licensing?
Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive.
What other advice do I have?
It's a long journey and it needs to be set out in phases very well, starting with something small and gradually implementing PAM controls across whatever multiple technologies an organization uses. It's a long-term project to fully deploy and benefit from all of CyberArk's features.
Rather than being about the product, it's more about the overall PAM journey that a company decides to take. It's a very complex world, integrating multiple applications within CyberArk. There are various technical complexities involved, not with CyberArk, but with the other products.
But it's worthwhile. CyberArk does its job very well. All the components are very useful and the benefits are all evident. CyberArk is the number-one PAM solution.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Implementer
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Privileged Access Management (PAM) User Activity Monitoring Enterprise Password Managers Mainframe Security Operational Technology (OT) SecurityPopular Comparisons
Okta Workforce Identity
Delinea Secret Server
CyberArk Endpoint Privilege Manager
BeyondTrust Endpoint Privilege Management
WALLIX Bastion
One Identity Safeguard
BeyondTrust Privileged Remote Access
BeyondTrust Password Safe
ARCON Privileged Access Management
Delinea Privileged Access Service
ManageEngine PAM360
Symantec Privileged Access Manager
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- CyberArk vs. ManageEngine Password Manager Pro
- How does Sailpoint IdentityIQ compare with CyberArk PAM?
- Which PAM tool do you prefer: CyberArk Privileged Access Manager, One Identity Safeguard, Delinea Secret Server, or BeyondTrust Privileged Remote A
- What is the difference between Privileged Users and Privileged Accounts
- When evaluating Privileged Identity Management, what aspect do you think is the most important to look for?
- Which is the best Privileged Account Management solution?
- What are the top 5 PAM solutions that can be implemented which cover both hybrid and cloud?
- What are the top 5 PAM solutions?
- How will AI and ML help or work with PIM/PAM?
- Is BeyondTrust Endpoint Privilege Management really expensive compared to other tools or software?