Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Senior Manager of System Security at a tech services company with 51-200 employees
Consultant
​The most valuable feature of this product is the Central Policy Manager but CyberArk can be improved in all areas

What is most valuable?

The most valuable feature of this product is the Central Policy Manager. From the Operation and Security point of view a robot that can connect to destination machines, change passwords at fixed times, and put them in the vault, like a person, and therefore, is the best that you can ask for.

It combines more functionality in a single product and solve a lot of problem, from security to compliance.

How has it helped my organization?

It has improved many parts of the organization. From the security and audit perspective, we're now fully aware of who accessed data and from where they accessed it. This helped us with regulatory compliance. We've improved our level of security in many typically-unsafe environments, such as domains.

What needs improvement?

I think that this product can be improved in all the areas. The details usually are important as the funcionallity. So I think that understanding the request from the customer CyberArk, as is already doing, can improve day by day his product.

For how long have I used the solution?

I have used Cyber-Ark PAS since 2008, so thid is the seventh year that I will be working with it.

Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.

What was my experience with deployment of the solution?

Usually not. The biggest problem was the incompatibility or non-default installation of an OS to be managed by the Central Policy Manager.

What do I think about the stability of the solution?

Never encountered any problems with stability.

What do I think about the scalability of the solution?

Never encountered any problems with scalability. The Vault, Central Policy Manager, Password Vault Web Access, Privileged Session Manager and Application Identity Management architecture are designed to support scalability.

How are customer service and support?

Customer Service:

It's improved over the years and now is very fast and efficient. We've got a very good Italian customer service.

Technical Support:

Very high level of technical support. Fast and organized.

Which solution did I use previously and why did I switch?

Never used a different solution.

How was the initial setup?

The initial setup is really fast, simple and straightforward. It consist of a simple Windows installation (next-next type) for any component. The only requirement is to do the installation step by step following a list of components to do beforehand.

What about the implementation team?

I work in a vendor team, and we installed the product in a large company.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer991878 - PeerSpot reviewer
Senior IT Security Engineer at a insurance company with 5,001-10,000 employees
User
Having the vaulting tech ensures that the credentials are secure

What is our primary use case?

We are using the solution for privileged account management. (Rotation, session isolation, checkout, etc.)

How has it helped my organization?

Accounts are managed, passwords change frequently, and we have better audit logs! When something happens, there is a better chance you can determine the who/what/where/when/why of the situation.

What is most valuable?

The vaulting technology as well as the privileged session management: Having the vaulting tech ensures that the credentials are secure, and PSM ensures that the end user can perform needed tasks without knowing or needing the credentials.

What needs improvement?

A greater number of out-of-the-box integrations with other vendors: They are working on it, but more is better!

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Rock solid! I would say it is, set it and forget it, but the vendor keeps on top of upgrades and enhancements.

What do I think about the scalability of the solution?

It seems to work well for any size of organization, or any size of deployment in my experience.  

How was the initial setup?

Pretty straightforward, a lot of time will be spent on the initial engineering phase where you determine how you want to use the solution, naming requirements, admin accounts, etc.

What's my experience with pricing, setup cost, and licensing?

As with everything, try before you buy. Get a trial licence, set up a demo environment and see if it meets the use case for your enterprise.  

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
PeerSpot user
Global Privilege Access Management Technical Architect at a consultancy with 10,001+ employees
Real User
All access to our servers, by both staff and vendors, is monitored and recorded
Pros and Cons
  • "CyberArk has resulted in a massive increase in our security footprint."
  • "All access to our servers by both staff and vendors is monitored and recorded."
  • "The current user interface is a little dated. However, I hear there are changes coming in the next version."
  • "There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself."

What is our primary use case?

We are leveraging CyberArk to provide Windows server access management across our enterprise. All our staff is looking for access to a server and needs to use CyberArk.

How has it helped my organization?

CyberArk has resulted in a massive increase in our security footprint. All access to our servers, by both staff and vendors, is monitored and recorded.

What is most valuable?

Session recording and key logging. We can track down not only who made a change, but exactly what they changed or did.

What needs improvement?

The current user interface is a little dated. However, I hear there are changes coming in the next version. 

There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Rodney Dapilmoto - PeerSpot reviewer
Rodney DapilmotoSystems Admin Analyst 3 at CPS Energy
Real User

The UI has been completely revamped in Version 10. It has a differently look and feel. We will be looking to test it in our Development landscape and possibly go to Production towards the end of the year.

Technical Architect at a tech vendor with 10,001+ employees
MSP
Top 5Leaderboard
Reduces the number of “admin” accounts by utilizing accounts that can be used by individuals with the same role

What is our primary use case?

Managing passwords to infrastructure and applications, keeping those accounts “safe,” and being able to audit their use.

How has it helped my organization?

The audit capabilities include video so that not only keystrokes but also mouse clicks are captured. This provides safety and reassurance for anyone working in our infrastructure. 

What is most valuable?

Reducing the number of “admin” accounts by utilizing accounts that can be used by individuals with the same role, but only one at a time. When the accounts have been used, its password is changed (to something a user would have had to write down) before being made available for reuse. The passwords which are hidden from the users are not known, and thus can be long and complex, while only being used for a session before being changed.

What needs improvement?

Privileged Threat Analytics (PTA) that can function in more that one AD domain at a time. The recent enhancement that allows resilience in PTA is great, but operation in more than one domain is required as many organizations have multiple AD domains. Even if it’s just prod and test or PPE split, you still want to know what’s going on in it.

For how long have I used the solution?

Three to five years.

Which solution did I use previously and why did I switch?

No Previous PAM solution used.

Which other solutions did I evaluate?

Yes, based on Gartner

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Shad Smith - PeerSpot reviewer
Shad SmithTechnical Architect at a tech vendor with 10,001+ employees
Top 5LeaderboardMSP

With the accounts being used in CyberArk being made available for “exclusive use” it can only be used by one person at a time. When the account is checked back in at the end of a session, the password is then changed before being made available for use by another person.

it_user574734 - PeerSpot reviewer
Technology Architect at a renewables & environment company with 51-200 employees
Vendor
Reduced the overhead to protect enterprise data from delays.

What is most valuable?

  • EPV: Enterprise Password Vault
  • PSM: Privileged Session Manager
  • AIM: Application Identity Manager
  • The latest version of the product is mature and there is more functionality than we need.

How has it helped my organization?

  • Improved security
  • Reduced the overhead to protect enterprise data from delays
  • Receives logs about all activities
  • Compliance with several standards

For how long have I used the solution?

I’m not the end-user. As a solutions architect (consultant), I designed and planned the solution in a very complex network environment.

What do I think about the stability of the solution?

We have not encountered any stability issues. After more than six years with my first CyberArk client, everything works great.

What do I think about the scalability of the solution?

We have not encountered any scalability issues. The solution was scaled right at the beginning of the project.

How are customer service and technical support?

We called technical support a few times and they came back to us very quickly. They fixed our problems very quickly. The problems were caused mainly by changes in the network.

Which solution did I use previously and why did I switch?

We did not use any previous solution.

How was the initial setup?

We were assisted for the initial setup by a CyberArk consultant for one week.

What's my experience with pricing, setup cost, and licensing?

A good architecture will help to gather the business requirements. You can then come up with the right sizing and licenses. If it is a large installation, implement in phases to become familiar with the products, and then purchase the licenses at the right time.

Which other solutions did I evaluate?

All other top solutions in the Gartner Magic Quadrant were evaluated and CyberArk came up as the best and most mature choice. I compared all solutions using my client business requirements and what the solutions offered to them on the top of the business requirements. The scope of the project became wider.

What other advice do I have?

I would recommend being well prepared. Do not improvise. Understand what you are doing. Take the time to read the technical documentation, and not just the marketing material, to understand CyberArk. It will not be a waste of time.

Take the time to prepare, clean, and document all your privileged, services, and application accounts. Use the product for its intended design.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user455391 - PeerSpot reviewer
IT Admin at a tech company with 10,001+ employees
Real User
The proxy solution using PSM and PSMP gives leverage to reach out to servers which are NATed.

What is most valuable?

The proxy solution using PSM and PSMP is valuable. It gives leverage to reach out to servers which are NATed in separate networks and can be reached only by using a jump server.

How has it helped my organization?

Security has been improved. It has improved compliance and there is more control over the privileged users.

What needs improvement?

The performance of this product needs to be improved. When the number of privileged accounts increases, i.e., exceeds 2000, then the performance of the system reduces. The login slows down drastically and also the connection to the target system slows down. This is my observation and thus, the server sizing needs to be increased.

For how long have I used the solution?

I have used this solution for three years.

What do I think about the stability of the solution?

We have not encountered any stability issues so far.

What do I think about the scalability of the solution?

We have experienced some scalability issues, in terms of the performance.

How are customer service and technical support?

The technical support is good.

Which solution did I use previously and why did I switch?

Initially, we were using the CA ControlMinder. There were many issues with this solution, mainly in regards to no proxy solution and poor performance.

How was the initial setup?

The setup has a medium level of complexity.

What's my experience with pricing, setup cost, and licensing?

One should negotiate well.

Which other solutions did I evaluate?

We looked at other solutions such as CA PAM, Lieberman Software, Thycotic and ARCOS.

What other advice do I have?

This is the best product from its breed.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Rodney Dapilmoto - PeerSpot reviewer
Rodney DapilmotoSystems Admin Analyst 3 at CPS Energy
Real User

The beauty of using the PSMP is that an end user can bypass logging through the PVWA and go directly to using their choice of terminal emulation for SSH (i.e. Putty or SecureCRT, etc.).

See all 2 comments
Identity and Access Management Consultant at a tech services company with 10,001+ employees
Real User
With the PSM connect option, authorized users do not need passwords to open a session. The user experience needs to be improved.

What is most valuable?

The features that I value most are the PSM connect option, where an authorized user doesn't even require a password to open a session to perform their role. Another feature that I think is really valuable is being able to monitor a user's activity; there is always a log recording activities performed by the privileged accounts in CyberArk.

How has it helped my organization?

This tool has definitely helped us manage all the privilege accounts, which mostly have access to the organization's crown-jewel data. Additionally, having a monitoring system puts extra visibility on these account's activities, so any irregular activity is highlighted and quickly escalated.

What needs improvement?

I think there can be improvement in providing information on how to develop connectors for various applications’ APIs.

Additionally, I think the user experience needs to improve. It's not very intuitive at the moment. An account could be more descriptive, and could have more attributes based on its functionality.

For how long have I used the solution?

I have used the product for almost a year. I have been part of the implementation project and post-release, supported account onboarding.

What do I think about the stability of the solution?

For the most part, there weren't many stability issue. Usually the issue persisted with system/application accounts, with the API and the object ref ID not being in sync.

What do I think about the scalability of the solution?

I didn't feel there were any scalability issues.

How are customer service and technical support?

Although I was part of business side of the team, and I only had interaction with internal engineering team, I found the internal engineering team very helpful and knowledgeable about the product and how it worked.

Which solution did I use previously and why did I switch?

We previously used a different solution, and then we updated it; we did not switch.

Which other solutions did I evaluate?

I am unable to comment on this, as I was not part of product evaluation team.

What other advice do I have?

My advice is that this tool does what it advertises. If your business/organization has crown-jewel data, this is the tool to use.

From a security standpoint, I find the tool very reliable and innovative. However, it could improve the user experience and become more intuitive. When the user experience becomes more intuitive, then I am willing to rate the product even higher.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user326337 - PeerSpot reviewer
it_user326337Customer Success Manager at PeerSpot
Real User

Ashish, may I ask where you generally look for these types of courses? Are there any that you can recommend?

See all 5 comments
reviewer1329747 - PeerSpot reviewer
Security at a tech services company with 201-500 employees
Consultant
Its privileged session management is valuable for monitoring your inside threats, but it's a lot of work to set up
Pros and Cons
  • "Password Vault's main advantage is its scalability. We constantly see huge enterprises implementing something like this, and the privileged session management is an excellent piece. You can kind of watch videos of whatever an admin has done."
  • "There are upwards of six components you need to set it up. And you might need anywhere from two to five servers. It takes some work to set that up, especially in a larger environment."

What is our primary use case?

Companies often have an enormous amount of admin credentials out there. They want to find out how many they have, start cleaning them up, and ensure they're all kept in an encrypted vault. Password Vault is probably the top product in that space, and it's a monster to implement, but CyberArk is great at what they do.

What is most valuable?

Password Vault's main advantage is its scalability. We constantly see huge enterprises implementing something like this, and the privileged session management is an excellent piece. You can kind of watch videos of whatever an admin has done. So, for example, if an admin doesn't check out their password and fires up a session on a machine, you can see playback. Scalability and those particular features are pretty valuable for monitoring your insider threat.

What do I think about the stability of the solution?

Our customers haven't complained about any stability issues, and we've set Password Vault up for quite a few customers. However, the stability depends on the equipment unless they do it in the cloud. But if they're setting up on a bunch of VMs, and that VM store goes down, that's not necessarily a CyberArk problem. That's more of a problem with Windows or VMware, etc., or something like that. So I guess the stability's fine.

How was the initial setup?

There are upwards of six components you need to set it up. And you might need anywhere from two to five servers. It takes some work to set that up, especially in a larger environment.

What's my experience with pricing, setup cost, and licensing?

On-prem CyberArk is pretty expensive. It's pricey and you get what you pay for. It's an incredible product for what it does, but it's significantly cheaper to go to the cloud.

What other advice do I have?

I would rate Password Vault seven out of 10. I'd only go that low because of how challenging the installation can be. I advise our customers to consider using CyberArk's cloud option because many people just reflexively lean toward the on-prem solution. The cloud solution is considerably less expensive. It's still complex to set up the different components and make it all work together, so I suggest you make sure you need all those components. Maybe you don't even want to use everything there, but consider the cloud version. It's the same product, but it's more straightforward and cost-effective. You're not losing any functionality.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.