CyberArk Privileged Access Manager Reviews

We have different privileged accounts in our enterprise. All of the application owners and the stakeholders want to store those accounts CyberArk privileged security, so they can connect to the target systems. It also allows for session recordings at the time of auditing.

We can be connected to the target system and the PSM component comes into play. In addition, a true asset is the recordings the solution keeps.

We have found with the recent upgrade a lot of issues we had with the connection have been resolved.

It is stable.

There are no issues with scalability. Our clients are very happy to use the product.

Tech support is very quick to answer our request tickets. 

It is necessary to use professional service for the setup of the solution. It is a challenge if you are not well-versed in CyberArk.

In comparison to other products on the market, CyberArk is a more costly product.

We provide privilege account security and consulting to our customers. Organisations that we work with use CyberArk Privileged Account Security to secure their privilege accounts, which are shared between users in the organisation. It provides automatic password management and provides the single sign-on experience to users for all privilege accounts (Windows - administrator, Linux - root, MS SQL - SA, Oracle - SYS, SSH keys, etc.).

It also provides DVR like recording for all privilege access and text-based recording to easily audit all privilege activities.

The new Privilege Threat Analytics platform provides proactive protection by suspending the user session when it detects an anomaly based on past user login and session activity details. In addition, we can configure the solution to detect scoring on all privilege sessions for easier audits.

The Application Identity Manager module helps to eliminate hard-coded passwords in the application and enables us to easily change database passwords.

1. Automatic password management, which will automatically change passwords based on compliance requirements.
2. DVR like video recording and text-based recording for easier audits.
3. Easily scan the network for all privilege accounts and has an easier onboarding process.
4. SSH key management
5. Command level restriction for all SSH-based devices.
6. Anomaly detection and prevention for all privilege accounts.
7. Integration with ticketing tools and SIEM solutions.

1. Ability to provide native experience for users to login to privilege accounts. They do not need to go through a portal to access servers and accounts.
2. Agentless solution which is easy to customise to any platform having network connectivity.
3. Wide range of devices supported out-of-the-box.
4. Easy to configure HA and DR options.
5. Online training enables cost effective valuable training.

This product needs professional consulting services to onboard accounts effectively based user profiles.

No issues.

No issues.

Excellent customer support.

We did not previously use another solution.

The setup is very straightforward.

The cost is high compared to other products, but CyberArk provides all the features bundled. This is compared to other vendors who provide them as a different license for each functionality.

At present, we are only focusing on CyberArk for privilege account security. Comparing it to other providers, Cyberark provides a more user-friendly environment with many more features and benefits.

I have used and deployed it in various environments so far. It really covers all the use cases provided by the customer.

The most valuable feature of this product is the Central Policy Manager. From the Operation and Security point of view a robot that can connect to destination machines, change passwords at fixed times, and put them in the vault, like a person, and therefore, is the best that you can ask for.

It combines more functionality in a single product and solve a lot of problem, from security to compliance.

It has improved many parts of the organization. From the security and audit perspective, we're now fully aware of who accessed data and from where they accessed it. This helped us with regulatory compliance. We've improved our level of security in many typically-unsafe environments, such as domains.

I think that this product can be improved in all the areas. The details usually are important as the funcionallity. So I think that understanding the request from the customer CyberArk, as is already doing, can improve day by day his product.

I have used Cyber-Ark PAS since 2008, so thid is the seventh year that I will be working with it.

Usually not. The biggest problem was the incompatibility or non-default installation of an OS to be managed by the Central Policy Manager.

Never encountered any problems with stability.

Never encountered any problems with scalability. The Vault, Central Policy Manager, Password Vault Web Access, Privileged Session Manager and Application Identity Management architecture are designed to support scalability.

It's improved over the years and now is very fast and efficient. We've got a very good Italian customer service.

Very high level of technical support. Fast and organized.

Never used a different solution.

The initial setup is really fast, simple and straightforward. It consist of a simple Windows installation (next-next type) for any component. The only requirement is to do the installation step by step following a list of components to do beforehand.

I work in a vendor team, and we installed the product in a large company.

We are using the solution for privileged account management. (Rotation, session isolation, checkout, etc.)

Accounts are managed, passwords change frequently, and we have better audit logs! When something happens, there is a better chance you can determine the who/what/where/when/why of the situation.

The vaulting technology as well as the privileged session management: Having the vaulting tech ensures that the credentials are secure, and PSM ensures that the end user can perform needed tasks without knowing or needing the credentials.

A greater number of out-of-the-box integrations with other vendors: They are working on it, but more is better!

Rock solid! I would say it is, set it and forget it, but the vendor keeps on top of upgrades and enhancements.

It seems to work well for any size of organization, or any size of deployment in my experience.  

Pretty straightforward, a lot of time will be spent on the initial engineering phase where you determine how you want to use the solution, naming requirements, admin accounts, etc.

As with everything, try before you buy. Get a trial licence, set up a demo environment and see if it meets the use case for your enterprise.  

Managing passwords to infrastructure and applications, keeping those accounts “safe,” and being able to audit their use.

The audit capabilities include video so that not only keystrokes but also mouse clicks are captured. This provides safety and reassurance for anyone working in our infrastructure. 

Reducing the number of “admin” accounts by utilizing accounts that can be used by individuals with the same role, but only one at a time. When the accounts have been used, its password is changed (to something a user would have had to write down) before being made available for reuse. The passwords which are hidden from the users are not known, and thus can be long and complex, while only being used for a session before being changed.

Privileged Threat Analytics (PTA) that can function in more that one AD domain at a time. The recent enhancement that allows resilience in PTA is great, but operation in more than one domain is required as many organizations have multiple AD domains. Even if it’s just prod and test or PPE split, you still want to know what’s going on in it.

Three to five years.

No Previous PAM solution used.

Yes, based on Gartner

• EPV: Enterprise Password Vault
• PSM: Privileged Session Manager
• AIM: Application Identity Manager
• The latest version of the product is mature and there is more functionality than we need.

• Improved security
• Reduced the overhead to protect enterprise data from delays
• Receives logs about all activities
• Compliance with several standards

I’m not the end-user. As a solutions architect (consultant), I designed and planned the solution in a very complex network environment.

We have not encountered any stability issues. After more than six years with my first CyberArk client, everything works great.

We have not encountered any scalability issues. The solution was scaled right at the beginning of the project.

We called technical support a few times and they came back to us very quickly. They fixed our problems very quickly. The problems were caused mainly by changes in the network.

We did not use any previous solution.

We were assisted for the initial setup by a CyberArk consultant for one week.

A good architecture will help to gather the business requirements. You can then come up with the right sizing and licenses. If it is a large installation, implement in phases to become familiar with the products, and then purchase the licenses at the right time.

All other top solutions in the Gartner Magic Quadrant were evaluated and CyberArk came up as the best and most mature choice. I compared all solutions using my client business requirements and what the solutions offered to them on the top of the business requirements. The scope of the project became wider.

I would recommend being well prepared. Do not improvise. Understand what you are doing. Take the time to read the technical documentation, and not just the marketing material, to understand CyberArk. It will not be a waste of time.

Take the time to prepare, clean, and document all your privileged, services, and application accounts. Use the product for its intended design.

The proxy solution using PSM and PSMP is valuable. It gives leverage to reach out to servers which are NATed in separate networks and can be reached only by using a jump server.

Security has been improved. It has improved compliance and there is more control over the privileged users.

The performance of this product needs to be improved. When the number of privileged accounts increases, i.e., exceeds 2000, then the performance of the system reduces. The login slows down drastically and also the connection to the target system slows down. This is my observation and thus, the server sizing needs to be increased.

I have used this solution for three years.

We have not encountered any stability issues so far.

We have experienced some scalability issues, in terms of the performance.

The technical support is good.

Initially, we were using the CA ControlMinder. There were many issues with this solution, mainly in regards to no proxy solution and poor performance.

The setup has a medium level of complexity.

One should negotiate well.

We looked at other solutions such as CA PAM, Lieberman Software, Thycotic and ARCOS.

This is the best product from its breed.

The features that I value most are the PSM connect option, where an authorized user doesn't even require a password to open a session to perform their role. Another feature that I think is really valuable is being able to monitor a user's activity; there is always a log recording activities performed by the privileged accounts in CyberArk.

This tool has definitely helped us manage all the privilege accounts, which mostly have access to the organization's crown-jewel data. Additionally, having a monitoring system puts extra visibility on these account's activities, so any irregular activity is highlighted and quickly escalated.

I think there can be improvement in providing information on how to develop connectors for various applications’ APIs.

Additionally, I think the user experience needs to improve. It's not very intuitive at the moment. An account could be more descriptive, and could have more attributes based on its functionality.

I have used the product for almost a year. I have been part of the implementation project and post-release, supported account onboarding.

For the most part, there weren't many stability issue. Usually the issue persisted with system/application accounts, with the API and the object ref ID not being in sync.

I didn't feel there were any scalability issues.

Although I was part of business side of the team, and I only had interaction with internal engineering team, I found the internal engineering team very helpful and knowledgeable about the product and how it worked.

We previously used a different solution, and then we updated it; we did not switch.

I am unable to comment on this, as I was not part of product evaluation team.

My advice is that this tool does what it advertises. If your business/organization has crown-jewel data, this is the tool to use.

From a security standpoint, I find the tool very reliable and innovative. However, it could improve the user experience and become more intuitive. When the user experience becomes more intuitive, then I am willing to rate the product even higher.