CyberArk Privileged Access Manager Reviews

Its features like detailed audit and reporting, automated workflows, granulated privileged access controls, automated password rotation, and centralized and secure storage have helped us in developing a secure environment for customers, along with audit and compliance coverage.

Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment.

Performance of PIM could be better and intended for usability as well as security. Another point is that the free trials should be in place for all components so that PoC could be made easy.

No.

No.

Technical support is quite efficient and they always provide a timely response.

Haven’t use any solution prior to CyberArk.

As this was new product, there were some small challenges in understanding but the setup was straightforward.

As our deployment was not so large, our client was happy with the pricing and licensing.

Yes, we did a research and chose CyberArk above all due to its components that were suitable to our environment.

Proper implementation and prior study of product will give you efficient results. Organizations looking for a product that can provide proper paper trail for risk and compliance audits should certainly give it a try because the product's auditing and reporting capabilities are really bliss.

The primary use case of the solution is to gather privileged accounts from different systems and to contain privileged accounts in one secure place.

Security is the solution's most valuable feature. As far as I know, this solution is the most secure system of this class on the market today, even considering another management system like Fudo Security, which we also use. The integration capabilities are very good; it helps strengthen our overall security.

The interface and user experience could be improved. In comparison, in Fudo Security, items are very searchable and it's very comfortable to work with. CyberArk is not very good at that. It could be improved and it wouldn't be too complicated to do so. The solution is too big and complex for any business that is small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses.

I've been using the solution for five to ten years.

It's an enterprise-level solution. So long as you can afford it, you can scale.

I've never had to reach out to technical support.

We didn't really use a different solution. We use Fudo Security, but it's not for password management alone. It's more of an all-in-one solution. We still use it; it's cheap and it's a very simple solution in comparison to CyberArk.

The initial setup is okay; I'd rate it seven out of ten in terms of ease of use compared to other solutions.

Many different things during installation are not straightforward. For example, it would be better to make some kind of pre-installed machine or virtual machine or to make it easy to deploy various ISO files. There are competitors that have just one machine and no infrastructure involved. It would also be better if they embedded the license or offered some free options.

Deployment took about a month.

As far as I know, CyberArk changed its pricing policy for our region. Overall it was very expensive a few years ago, but now, just around a year ago, it became less expensive and it's easier for us to sell it.

We use the on-premises deployment model.

In terms of advice, I'd suggest others follow the implementation carefully.

I'd rate the solution eight out of ten. It's not easy to install and it's got too many components which means it's not really suitable for small or medium-sized businesses.

There are threats that get opened because of the vulnerability of privileged access that says to directly put it in a vault.

Every aspect of the solution is very well integrated, and that gives comfort. It is a fail-safe kind of environment. I think that's the fail-safe feature makes customers comfortable because there are no non-integrable stuff or cures. For example, a vault would have its own anti-virus,  its own application, its own operating system to stay hardened. It is absolutely hardened for it to be protected from the outside world.

Having a cloud version would be very helpful. You have to invest a lot of money for the infrastructure hardware so the cloud version would help.

My organization has been using this solution for a few years but I joined the company three months back.

It is very stable.

Our clients are large enterprises. It is easy to scale.

Our customers contact us for any technical support, but we are able to sort out customer issues to a very large extent. We only had to connect with CyberArk at L-3 level or L-4 level. We are able to address most of our customer's issues. 

I would rate their support a nine out of ten. 

We have had customers use a competitive product that CyberArk has replaced but it is not very common. It is not very easy to change your Privileged Access Management framework so easily.

CyberArk is fail-safe, it has a threat intelligence filter, and prevention threat attacks. That sets the product apart from others, and I think the other part is their ability to onboard a maximum number of resources like storage network, security, IoT devices, and RPAs. Its ability to pervasively onboard almost all critical privileges and resources across the organization is where it stands out in a really big way.

I didn't implement it. I don't believe we've had any problems implementing it. I've never heard any issues. I'd say it's neutral.

There are costs in addition to the standard licensing. There is an implementation fee. Those are additional fees and the customer has the annual maintenance, the software, and whole maintenance cost added to that. So there are additional costs besides this standard license.

The most important phase is the discovery phase. Pay the most attention to that. Spend the most amount of time on the discovery phase, which is really the startup planning. The project becomes smoother. Book stricter guidelines on timelines and let there be a senior sponsor part of the project so that you are able to get milestones addressed quickly otherwise, these projects tend to drag longer.

In the next release, I would like to have the cloud option and all of the features that come with it. 

I would rate CyberArk a nine out of ten. 

The primary use case is for storing user passwords and administration credentials.

I am the engineer for a company that sells this solution mostly to financial institutions. 

It is also useful for auditing and securing shared accounts or co-shared accounts.

The most valuable feature is the special management. It records the activity and the actions that we use for auditing.

The deployment architecture, the ability to locate and change credentials and the stability need to be improved. They need to install or include an appliance-based option, which CyberArk does not have.

The technical support can improve on the time that it takes to get a callback.

The integration is great but needs to be a bit more user-friendly.

Also, a feature with the ability to create password sync.

In the next release, I would like to see the following:

• Availability on the cloud and the appliance.
• More documentation for the setup. 
• Simplify the deployment.
• Continuous operation with this solution.
• Simplify the infrastructure for better stability.
• Increase the support for applications.
• Invest in local on the ground staff in various regions.
• The ability to search by the activities, especially for Windows Servers.
• Improve the auditing capabilities for their searches.

The stability depends on the infrastructure it is installed on, which is important because CyberArk does not have the hardware appliance.

This solution is scalable. It scales very well, there are no issues.

The technical support is good, there are no issues.

They know what to do when you call them, they are competent.

Sometimes they can take too long before getting back to you, which is something that can be improved.

Previously I was using Centrify and One Identity. We switched because CyberArk has a lot of strength in my region. Some partners do not want to deploy CyberArk to their customers because they feel it will create competition when it comes to renewal. They don't want the price to be affected.

The initial setup is complex. The architecture needs improvement in the documentation for the setup and the manageability.

If you have everything provided for you, it can take three to four hours to deploy this solution.

I think that it might be cheaper than the other competitors in our region.

I have learned that the deployment can be tricky. Always plan your deployment in phases.

Don't unload all of your privilege credentials at once, otherwise, you have an issue with the passwords. 

Always, have help available on standby when you are deploying this solution to prevent issues.

This solution is quite efficient. You don't always have to have your applications. If you are encrypting the server, you don't need the applications. You are required to do it on your workstation. The server will deliver that to you from the managing pack when you try to implement the sessions.

I would rate this solution an eight out of ten.

The solution is very complete. It has the most features on the market.

Session monitoring is excellent. It may be the solution's most valuable aspect.

The solution offers very good password protection.

It offers great integration with many products.

The initial setup could be simplified. Right now, in comparison to its nearest competitors, it's quite complex.

The solution is very stable.

The solution is easy to scale.

I've never had to reach out to technical support.

The initial setup is complex. You need to install many virtual machines. You must do many configurations. It's not just one machine to another; you'll also have to handle the configuration of independent machines as well.

The price is higher than the competition, but if the customer wants the best product for their company, they won't mind the price.

We have a permanent license. Licensing is based on how man users you have, so the pricing varies according to the size of the company.

We're a partner of CyberArk.

I'd rate the solution nine out of ten.

The primary use case is password management. 

I find the threat analytics is an important feature. CyberArk can look at the log details, and analyze who is using the applications, which are their locations, and which are the IP locations from which they are accessing. This enables the solution to find the exact location the threat is emanating from. We really value this feature.

The usual workload on the system is sometimes delayed by CyberArk. So, any major work is getting delayed, and may take twice the amount of time that it usually does. For instance, if there's a password change of an account it will take time because you have to log in, then  authenticate, and this is followed by delays. It becomes cumbersome and frustrating.

It is a stable product. 

The scalability of the solution is good. We expanded, and we found the biggest part was a bit unfomfortable in terms of product. They are designing, leveraging the features so greater different markets are joined. On the ground it was difficult initially.

I found techincal support is adequate. The Indian team is not so good. They are OK with helping, but not all of the engineers are entirely experienced. 

The initial setup was OK. If I set up one box, one automation, one machine, within one program, it is O. But, if I have multiple locations in Japan, China, Asia, Singapore, and the like, I will have some trouble. I have faced this problem in the past. 

It is quite costly. The license is a concern for some of the clients. 

I have previous experience with Oracle in the past. There is an ease of use with Oracle, because it is small and not very complex. You can wrap your work in a single day with Oracle. In comparison, the API is quite small with CyberArk. But, the product itself is so robust.

Every feature of this product - Password Management, Session Management and so on has its own value depending on different use cases, but I like:

• It's a clientless product and does not require any third-party product for any of its operations (Password Management, Privileged Session Management).
• For password and session management, it can integrate with any device/script with a password OOB or via a custom plugin.
• Compared to other products, CyberArk is extremely easy to install and configure.

Due to regular growth of an organization infrastructure, managing passwords within the organization becomes extremely difficult.

In larger organizations with a large user and infrastructure base, it can be very difficult to ensure that the passwords for privileged accounts are changed according to the organization security policy. This can be especially true in case of local admins for Windows and Unix boxes. Unmanaged/neglected local admins accounts lead to a major security threat.

Another major risk is to monitor activities and usages associated with privileged accounts to hold people accountable for their actions.

CyberArk helps organizations to manage all the privileged account passwords (server or workstation) in a centralization location as per organizational security policies. It also helps to hold people accountable by controlling and managing password usage using privileged session management.

Accountability is set up using CyberArk OOB temper-proof reports.

CyberArk has evolved a lot in the last 16 years and has nearly all the features required for effective operation. The only area for improvement is using a native client while connecting to the target device instead of the current method of using a web portal (PVWA). CyberArk seems to be working on this area and we expect these features in coming versions.

It would be great if in the future CyberArk considers launching an installer for Unix-based OSs.

I have been using this product since 2010.

In my seven years of experience with CyberArk products, I have never seen an unstable environment due to product functionality. It's always lack of proper planning, inexperience and faulty configuration that leads to an unstable environment.

CyberArk can be horizontally and vertically scaled, if it is well thought out during panning phase. As an example, if an organization feels that they may need high availability of Vault servers (CyberArk’s centralized storage for passwords and audit data) in the foreseeable future, they should consider installing CyberArk Vault in cluster mode instead of standalone mode. One can't use a standalone vault as a cluster vault or convert a standalone vault to a cluster vault, but in terms of increasing the number of passwords and session recording, underlying hardware can be scale to achieve desired size.

Three-year support (unlimited case and call support) is free with license purchase but I would say sometimes it's not sufficient to resolve the issues with this model.

Nonetheless, CyberArk Profession Services is quite impressive, even though it's a costly affair.

I was part of the PIM product evaluation team at my previous organization. I stayed with CyberArk because is it's extremely easy to implement, and very stable when implemented with well-thought-out planning and experience. It has all of the required features for a PIM product, it does not have dependencies on third-party products for it to function and it is clientless.

Initial set up is super simple and if planned properly, can be installed within a couple of hours.

I cannot comment much on this because CyberArk has different pricing for its partners or resellers, and might also vary according to size of procurement.

Before choosing this product, I also I evaluated NetIQ PIM, Dell TPAM, CA PIM and ARCOS.

Invest as much as possible in the planning and design phase. Consider at least future three-year growth in password and user base such as growth in virtual environments, and size accordingly. Also consider requirements like high availability of vaults, PSM and other components.

• Password vaulting
• Granular commands profiling with OPM

• Sys/DB admins no longer need to have system credentials (and the same for third parties)
• Access profiling
• Request demands from domain groups

The management console has a lot of functionalities, but is a little bit complex to use.

Customer support and technical support can be better, compared with the level of products.

I have used it for one year.

I have not encountered any stability issues.

I have not encountered any scalability issues, technically speaking. Issues with the licenses can occur; the pricing model is not easy to understand.

Technical support is 7/10.

I did not previously use a different solution.

Initial setup was very easy. We started integrating systems and providing access to systems within few days.

From my experience, for small environments, the subscription licensing model is very cheap.

We also evaluate other solutions in the Magic Quadrant for PAM solutions.

Before defining the solution’s architecture, clearly define your requirements and the kind of systems in scope. Some systems/device can be integrated out-of-the-box, others need customization.

Plus: easy to deploy, highly customizable
Minus: a little bit complex to integrate in large environment, complex rules/customization takes time