CyberArk Privileged Access Manager Reviews

Some of the valuable features are:

• The different server vault is used to store data with 7 layers of security for protecting the data.
• The Application Identity Management Module is also very useful and easy to handle.
• AutoIt scripting is useful to simulate single sign-on for thick and thin clients.

It makes compliance of the organization with password management easy. This results in a handy auditing process and adheres to all risk compliance as well.

Some areas of improvement are:

• PSM: It should be hosted on UNIX rather than on Windows. In such cases, no extra OS license needs to purchased at the client's end.
• PVWA: The admin console should be in the Windows installer instead of a web application for admin users. It makes the work faster for admins; otherwise, it seems slow for the web interface.
• PSMP: It looks a bit complex to deploy and maintain.
• OPM: This module should be integrated with PrivateArk app.

I have used this solution for three years.

CyberArk is quite stable and no issues have been exprienced on regards to stability.

We have not encountered any scalability issues. It is very scalable with any requirements.

I would give the technical support a 9/10 rating. It has superb technical support for U.S. clients.

However, for Indian origin clients, i.e., for foreign clients, the support is poor thus I have rated it a 4/10.

It is very expensive. They charge for every single thing they offer.

Every feature of this product - Password Management, Session Management and so on has its own value depending on different use cases, but I like:

• It's a clientless product and does not require any third-party product for any of its operations (Password Management, Privileged Session Management).
• For password and session management, it can integrate with any device/script with a password OOB or via a custom plugin.
• Compared to other products, CyberArk is extremely easy to install and configure.

Due to regular growth of an organization infrastructure, managing passwords within the organization becomes extremely difficult.

In larger organizations with a large user and infrastructure base, it can be very difficult to ensure that the passwords for privileged accounts are changed according to the organization security policy. This can be especially true in case of local admins for Windows and Unix boxes. Unmanaged/neglected local admins accounts lead to a major security threat.

Another major risk is to monitor activities and usages associated with privileged accounts to hold people accountable for their actions.

CyberArk helps organizations to manage all the privileged account passwords (server or workstation) in a centralization location as per organizational security policies. It also helps to hold people accountable by controlling and managing password usage using privileged session management.

Accountability is set up using CyberArk OOB temper-proof reports.

CyberArk has evolved a lot in the last 16 years and has nearly all the features required for effective operation. The only area for improvement is using a native client while connecting to the target device instead of the current method of using a web portal (PVWA). CyberArk seems to be working on this area and we expect these features in coming versions.

It would be great if in the future CyberArk considers launching an installer for Unix-based OSs.

I have been using this product since 2010.

In my seven years of experience with CyberArk products, I have never seen an unstable environment due to product functionality. It's always lack of proper planning, inexperience and faulty configuration that leads to an unstable environment.

CyberArk can be horizontally and vertically scaled, if it is well thought out during panning phase. As an example, if an organization feels that they may need high availability of Vault servers (CyberArk’s centralized storage for passwords and audit data) in the foreseeable future, they should consider installing CyberArk Vault in cluster mode instead of standalone mode. One can't use a standalone vault as a cluster vault or convert a standalone vault to a cluster vault, but in terms of increasing the number of passwords and session recording, underlying hardware can be scale to achieve desired size.

Three-year support (unlimited case and call support) is free with license purchase but I would say sometimes it's not sufficient to resolve the issues with this model.

Nonetheless, CyberArk Profession Services is quite impressive, even though it's a costly affair.

I was part of the PIM product evaluation team at my previous organization. I stayed with CyberArk because is it's extremely easy to implement, and very stable when implemented with well-thought-out planning and experience. It has all of the required features for a PIM product, it does not have dependencies on third-party products for it to function and it is clientless.

Initial set up is super simple and if planned properly, can be installed within a couple of hours.

I cannot comment much on this because CyberArk has different pricing for its partners or resellers, and might also vary according to size of procurement.

Before choosing this product, I also I evaluated NetIQ PIM, Dell TPAM, CA PIM and ARCOS.

Invest as much as possible in the planning and design phase. Consider at least future three-year growth in password and user base such as growth in virtual environments, and size accordingly. Also consider requirements like high availability of vaults, PSM and other components.

• Password vaulting
• Granular commands profiling with OPM

• Sys/DB admins no longer need to have system credentials (and the same for third parties)
• Access profiling
• Request demands from domain groups

The management console has a lot of functionalities, but is a little bit complex to use.

Customer support and technical support can be better, compared with the level of products.

I have used it for one year.

I have not encountered any stability issues.

I have not encountered any scalability issues, technically speaking. Issues with the licenses can occur; the pricing model is not easy to understand.

Technical support is 7/10.

I did not previously use a different solution.

Initial setup was very easy. We started integrating systems and providing access to systems within few days.

From my experience, for small environments, the subscription licensing model is very cheap.

We also evaluate other solutions in the Magic Quadrant for PAM solutions.

Before defining the solution’s architecture, clearly define your requirements and the kind of systems in scope. Some systems/device can be integrated out-of-the-box, others need customization.

Plus: easy to deploy, highly customizable
Minus: a little bit complex to integrate in large environment, complex rules/customization takes time

I used CyberArk for vaulting passwords.

I haven't really thought about anything that I want to use it for, that I couldn't use it for.

I would like to see more integration with more tools, for more APIs. 

I have used this solution in the last 12 months.

The initial setup was not overly complex but it wasn't straightforward.

Once it was prepared properly, it was okay.

I would rate CyberArk Enterprise Password Vault an eight out of ten.

I am a consultant. We are in the process of using this in our clients' companies.

The most valuable feature is Special Monitoring.

The authentication port is available in CyberArk Alero but not Fortinet products.

I have been working with CyberArk PAS for one year.

CyberArk is stable.

It's a scalable solution. 

I have limited experience with technical support, but our customers like the support.

In general, it appears to be fine.

I have also worked with Thycotic, until the completion of the project.

The initial setup is straightforward.

It is best suited for mid to large-size enterprises. It is not the best for smaller companies, largely because of the price.

I believe that this solution is priced well. It's the market leader and I think that it's the best solution.

The price is quite good for us.

For those who are interested in using this product, you have to know your requirements and compare them with CyberArk to see if it is suitable for them and fits their budget.

I would rate this solution a nine out of ten.

We primarily use this product for privileged identity management, restricting privileged IDs, and governance. This is the primary function of the program, and what we expect from it within the broad business level.

One limitation is that we are not able to put this into a decentralized mode.

This solution is quite stable.

We have no issues with scalability.

The tech support is decent. 

It takes a while to adapt to the product.

I do not have experience with the pricing or licensing of this product.

I think having a distributed architecture would certainly help this solution.

Our primary use case for this solution is it provides a security solution that includes password management. This defends against threats.

The most valuable feature to me is the recording feature. I can track all of the records, the commands, the server, any misguidance, etc.

Over the past seven years, I have seen a lot of ups and downs with the product, but now I am happy with the version that we are using now. 

I have no issues with stability. 

It is scalable. We have added new equipment, and this solution has been relevant. 

They are very helpful for us whenever we have any questions. 

No, I do not have any advice on the price of the product. It is a great product that I recommend to others. 

I did not consider any other options. 

This product is helpful for financial auditing needs, as well.

Our primary use case for this solution is business and client management. Our clients are mostly from the banking sector. 

The CyberArk solutions that have been the most valuable for my solution are the Discovery & Audit (DNA) and Privileged Threat Analytics (PTA) tools. CyberArk is a very important tool for my organization.  

The setup was very easy for me. 

The product could be easier to use. More work needs to be done on this aspect; it is not good enough yet. It also takes up a lot of server space. Sometimes we need to use up to seven servers. 

I have been using the solution for about a year. My company resells and implements this solution. 

I think this solution has a lot of stability. 

The technical support for this solution is very good. If I was to rate it on a scale of one to five, I would give it a five.

The initial setup was straightforward. It can be carried out by a single person. 

The great thing about this solution is that they offer tech support in my language. 

I recommend this product.