CyberArk Privileged Access Manager Reviews

Primary use case: having privileged access management and ingress into customer networks and infrastructure.

The auditing and recording functionality along with stringent password-change policies and one-time password use has made compliance with customer requirements a much clearer and easily managed process.

• Recordings
• Exclusive use, and 
• OTP. 

There can be no ambiguity: An account can only be in use by one single known user, and they have no knowledge of the password.

Functionality to enable drive mappings to platforms and default connectors without the need to use AutoIt.

The primary use case of CyberArk is controlling privileged access. It is good at providing various privileged access controls. The CyberArk use case can be implemented on various platforms.

Password rotation is another key use case. There are many integrations available on the CyberArk Marketplace, plugins and connectors with different technologies to be integrated with CyberArk to achieve this use case.

I've had an experience of deploying CyberArk in on-premise and in the cloud.

For any use case, session management is a key because it isolates users' machines to the target system. That way then, if an attack happens on a user's machine, the privileged session is still an isolated session. The privileged session is not interrupted.

In general, all CyberArk's features are very useful from a privileged account control point of view, and for session management and password rotation. 

The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution.

There are many other important features of CyberArk: 

• Privileged Session Manager (PSM) connects you to the target platform. 
• Password management (CPM) provides automatic password rotations, including password verification and reconciliation. 
• Auditability, which means CyberArk keeps track of logs and audit trails, including session recording, which is another key feature. 

The password management enables the rotation of passwords per an organization's policy. Passwords can be rotated after N number of hours or based on a particular day. It's a very key feature from a security point of view, because passwords are meant to be rotated very frequently. CyberArk does it very well with different plugins.

More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured. That would make it easier when somebody is implementing it or referencing the documentation.

I have used CyberArk Privileged Access Manager for approximately seven years.

It is a very stable and reliable product.

It is scalable and scaling it is straightforward. It has been designed and planned well, making it easy to scale the environment.

We have frequently worked with CyberArk technical support. In the last year their support has been changed. I would rate it at about seven out of 10. It depends on the person who picks up the support ticket. If that person is fairly proficient in his experience, the response will be quick. Otherwise, it can take time. But, in general, it's good.

Neutral

The complexity of the initial setup depends on the organization's underlying infrastructure, on the environment in which the development is happening. Sometimes the environment on which the product is being installed is more of a challenge than the product. That plays a key role. And, as I mentioned, it's a bit of a challenge because of the documentation at the moment. It needs to be much more user-friendly

The time for deployment also depends on the environment in which the product is being deployed. The technology landscape is very complex. With an end-to-end implementation, it can vary depending on whether the environment is small or medium or complex, and what types of use cases are involved. If it is just a simple environment and minimal features need to be configured, it can be straightforward and take a few days. But if it's a really large-scale, complex environment, where multiple integrations are required, because the underlying requirement to deploy CyberArk with other applications is complex, it will definitely take longer.

Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive.

It's a long journey and it needs to be set out in phases very well, starting with something small and gradually implementing PAM controls across whatever multiple technologies an organization uses. It's a long-term project to fully deploy and benefit from all of CyberArk's features. 

Rather than being about the product, it's more about the overall PAM journey that a company decides to take. It's a very complex world, integrating multiple applications within CyberArk. There are various technical complexities involved, not with CyberArk, but with the other products. 

But it's worthwhile. CyberArk does its job very well. All the components are very useful and the benefits are all evident. CyberArk is the number-one PAM solution.

Its features like detailed audit and reporting, automated workflows, granulated privileged access controls, automated password rotation, and centralized and secure storage have helped us in developing a secure environment for customers, along with audit and compliance coverage.

Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment.

Performance of PIM could be better and intended for usability as well as security. Another point is that the free trials should be in place for all components so that PoC could be made easy.

No.

No.

Technical support is quite efficient and they always provide a timely response.

Haven’t use any solution prior to CyberArk.

As this was new product, there were some small challenges in understanding but the setup was straightforward.

As our deployment was not so large, our client was happy with the pricing and licensing.

Yes, we did a research and chose CyberArk above all due to its components that were suitable to our environment.

Proper implementation and prior study of product will give you efficient results. Organizations looking for a product that can provide proper paper trail for risk and compliance audits should certainly give it a try because the product's auditing and reporting capabilities are really bliss.

The primary use case of the solution is to gather privileged accounts from different systems and to contain privileged accounts in one secure place.

Security is the solution's most valuable feature. As far as I know, this solution is the most secure system of this class on the market today, even considering another management system like Fudo Security, which we also use. The integration capabilities are very good; it helps strengthen our overall security.

The interface and user experience could be improved. In comparison, in Fudo Security, items are very searchable and it's very comfortable to work with. CyberArk is not very good at that. It could be improved and it wouldn't be too complicated to do so. The solution is too big and complex for any business that is small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses.

I've been using the solution for five to ten years.

It's an enterprise-level solution. So long as you can afford it, you can scale.

I've never had to reach out to technical support.

We didn't really use a different solution. We use Fudo Security, but it's not for password management alone. It's more of an all-in-one solution. We still use it; it's cheap and it's a very simple solution in comparison to CyberArk.

The initial setup is okay; I'd rate it seven out of ten in terms of ease of use compared to other solutions.

Many different things during installation are not straightforward. For example, it would be better to make some kind of pre-installed machine or virtual machine or to make it easy to deploy various ISO files. There are competitors that have just one machine and no infrastructure involved. It would also be better if they embedded the license or offered some free options.

Deployment took about a month.

As far as I know, CyberArk changed its pricing policy for our region. Overall it was very expensive a few years ago, but now, just around a year ago, it became less expensive and it's easier for us to sell it.

We use the on-premises deployment model.

In terms of advice, I'd suggest others follow the implementation carefully.

I'd rate the solution eight out of ten. It's not easy to install and it's got too many components which means it's not really suitable for small or medium-sized businesses.

There are threats that get opened because of the vulnerability of privileged access that says to directly put it in a vault.

Every aspect of the solution is very well integrated, and that gives comfort. It is a fail-safe kind of environment. I think that's the fail-safe feature makes customers comfortable because there are no non-integrable stuff or cures. For example, a vault would have its own anti-virus,  its own application, its own operating system to stay hardened. It is absolutely hardened for it to be protected from the outside world.

Having a cloud version would be very helpful. You have to invest a lot of money for the infrastructure hardware so the cloud version would help.

My organization has been using this solution for a few years but I joined the company three months back.

It is very stable.

Our clients are large enterprises. It is easy to scale.

Our customers contact us for any technical support, but we are able to sort out customer issues to a very large extent. We only had to connect with CyberArk at L-3 level or L-4 level. We are able to address most of our customer's issues. 

I would rate their support a nine out of ten. 

We have had customers use a competitive product that CyberArk has replaced but it is not very common. It is not very easy to change your Privileged Access Management framework so easily.

CyberArk is fail-safe, it has a threat intelligence filter, and prevention threat attacks. That sets the product apart from others, and I think the other part is their ability to onboard a maximum number of resources like storage network, security, IoT devices, and RPAs. Its ability to pervasively onboard almost all critical privileges and resources across the organization is where it stands out in a really big way.

I didn't implement it. I don't believe we've had any problems implementing it. I've never heard any issues. I'd say it's neutral.

There are costs in addition to the standard licensing. There is an implementation fee. Those are additional fees and the customer has the annual maintenance, the software, and whole maintenance cost added to that. So there are additional costs besides this standard license.

The most important phase is the discovery phase. Pay the most attention to that. Spend the most amount of time on the discovery phase, which is really the startup planning. The project becomes smoother. Book stricter guidelines on timelines and let there be a senior sponsor part of the project so that you are able to get milestones addressed quickly otherwise, these projects tend to drag longer.

In the next release, I would like to have the cloud option and all of the features that come with it. 

I would rate CyberArk a nine out of ten. 

The primary use case is for storing user passwords and administration credentials.

I am the engineer for a company that sells this solution mostly to financial institutions. 

It is also useful for auditing and securing shared accounts or co-shared accounts.

The most valuable feature is the special management. It records the activity and the actions that we use for auditing.

The deployment architecture, the ability to locate and change credentials and the stability need to be improved. They need to install or include an appliance-based option, which CyberArk does not have.

The technical support can improve on the time that it takes to get a callback.

The integration is great but needs to be a bit more user-friendly.

Also, a feature with the ability to create password sync.

In the next release, I would like to see the following:

• Availability on the cloud and the appliance.
• More documentation for the setup. 
• Simplify the deployment.
• Continuous operation with this solution.
• Simplify the infrastructure for better stability.
• Increase the support for applications.
• Invest in local on the ground staff in various regions.
• The ability to search by the activities, especially for Windows Servers.
• Improve the auditing capabilities for their searches.

The stability depends on the infrastructure it is installed on, which is important because CyberArk does not have the hardware appliance.

This solution is scalable. It scales very well, there are no issues.

The technical support is good, there are no issues.

They know what to do when you call them, they are competent.

Sometimes they can take too long before getting back to you, which is something that can be improved.

Previously I was using Centrify and One Identity. We switched because CyberArk has a lot of strength in my region. Some partners do not want to deploy CyberArk to their customers because they feel it will create competition when it comes to renewal. They don't want the price to be affected.

The initial setup is complex. The architecture needs improvement in the documentation for the setup and the manageability.

If you have everything provided for you, it can take three to four hours to deploy this solution.

I think that it might be cheaper than the other competitors in our region.

I have learned that the deployment can be tricky. Always plan your deployment in phases.

Don't unload all of your privilege credentials at once, otherwise, you have an issue with the passwords. 

Always, have help available on standby when you are deploying this solution to prevent issues.

This solution is quite efficient. You don't always have to have your applications. If you are encrypting the server, you don't need the applications. You are required to do it on your workstation. The server will deliver that to you from the managing pack when you try to implement the sessions.

I would rate this solution an eight out of ten.

The solution is very complete. It has the most features on the market.

Session monitoring is excellent. It may be the solution's most valuable aspect.

The solution offers very good password protection.

It offers great integration with many products.

The initial setup could be simplified. Right now, in comparison to its nearest competitors, it's quite complex.

The solution is very stable.

The solution is easy to scale.

I've never had to reach out to technical support.

The initial setup is complex. You need to install many virtual machines. You must do many configurations. It's not just one machine to another; you'll also have to handle the configuration of independent machines as well.

The price is higher than the competition, but if the customer wants the best product for their company, they won't mind the price.

We have a permanent license. Licensing is based on how man users you have, so the pricing varies according to the size of the company.

We're a partner of CyberArk.

I'd rate the solution nine out of ten.

Every feature of this product - Password Management, Session Management and so on has its own value depending on different use cases, but I like:

• It's a clientless product and does not require any third-party product for any of its operations (Password Management, Privileged Session Management).
• For password and session management, it can integrate with any device/script with a password OOB or via a custom plugin.
• Compared to other products, CyberArk is extremely easy to install and configure.

Due to regular growth of an organization infrastructure, managing passwords within the organization becomes extremely difficult.

In larger organizations with a large user and infrastructure base, it can be very difficult to ensure that the passwords for privileged accounts are changed according to the organization security policy. This can be especially true in case of local admins for Windows and Unix boxes. Unmanaged/neglected local admins accounts lead to a major security threat.

Another major risk is to monitor activities and usages associated with privileged accounts to hold people accountable for their actions.

CyberArk helps organizations to manage all the privileged account passwords (server or workstation) in a centralization location as per organizational security policies. It also helps to hold people accountable by controlling and managing password usage using privileged session management.

Accountability is set up using CyberArk OOB temper-proof reports.

CyberArk has evolved a lot in the last 16 years and has nearly all the features required for effective operation. The only area for improvement is using a native client while connecting to the target device instead of the current method of using a web portal (PVWA). CyberArk seems to be working on this area and we expect these features in coming versions.

It would be great if in the future CyberArk considers launching an installer for Unix-based OSs.

I have been using this product since 2010.

In my seven years of experience with CyberArk products, I have never seen an unstable environment due to product functionality. It's always lack of proper planning, inexperience and faulty configuration that leads to an unstable environment.

CyberArk can be horizontally and vertically scaled, if it is well thought out during panning phase. As an example, if an organization feels that they may need high availability of Vault servers (CyberArk’s centralized storage for passwords and audit data) in the foreseeable future, they should consider installing CyberArk Vault in cluster mode instead of standalone mode. One can't use a standalone vault as a cluster vault or convert a standalone vault to a cluster vault, but in terms of increasing the number of passwords and session recording, underlying hardware can be scale to achieve desired size.

Three-year support (unlimited case and call support) is free with license purchase but I would say sometimes it's not sufficient to resolve the issues with this model.

Nonetheless, CyberArk Profession Services is quite impressive, even though it's a costly affair.

I was part of the PIM product evaluation team at my previous organization. I stayed with CyberArk because is it's extremely easy to implement, and very stable when implemented with well-thought-out planning and experience. It has all of the required features for a PIM product, it does not have dependencies on third-party products for it to function and it is clientless.

Initial set up is super simple and if planned properly, can be installed within a couple of hours.

I cannot comment much on this because CyberArk has different pricing for its partners or resellers, and might also vary according to size of procurement.

Before choosing this product, I also I evaluated NetIQ PIM, Dell TPAM, CA PIM and ARCOS.

Invest as much as possible in the planning and design phase. Consider at least future three-year growth in password and user base such as growth in virtual environments, and size accordingly. Also consider requirements like high availability of vaults, PSM and other components.