CyberArk Privileged Access Manager Reviews

We are a consulting company, and we provide consulting for solutions like CyberArk, HashiCorp, and similar offerings. I provide consultancy for various industries such as finance and hospitality.

Our clients use this solution for their critical assets and crown jewels. They want good identity and access management or privileged access management for their critical assets. A lot of mid-tier clients would have also implemented CyberArk on their servers if its pricing was better. Usually, they deploy it for their critical assets. They have implemented policies, just-in-time access, etc.

Having an efficient Privileged Access Management solution like CyberArk helps you stop bad actors early in the cyber attack chain process. You have an additional layer of security for your assets.

CyberArk Privileged Access Manager provides a good amount of granularity in giving access.

CyberArk Privileged Access Manager has a policy for blocking out everything as per the Zero Trust model, which can be helpful in a breach situation.

CyberArk Privileged Access Manager ensures data privacy by locking down your assets and recording each and every instance. That helps with the data information protection piece.

Privileged access management solutions like CyberArk Privileged Access Manager make it difficult for malicious entities to gain information or expose sensitive assets. Even if a specific asset not part of the PAM group gets breached, your critical information remains safe as access to specific resources or ports is not allowed. Implementing privileged access management in a way that blocks necessary threats makes it difficult for bad actors to access sensitive information.

The whole concept of Zero Trust and implementing it with CyberArk, which somewhat adheres to the 'never trust, always verify' principle, is very valuable. I really appreciate this aspect. Moreover, the just-in-time access is impressive, allowing access for a specific time.

Apart from CyberArk's PAM solution, I like CyberArk Conjur for secrets rotation. The constant rotation of secrets makes it hard for bad actors to gain access to environments. 

CyberArk provides a good amount of control over access types. However, as a future enhancement, having additional features for cross-platform integration would be beneficial. It would be good to have integrations with other tools and firewalls, such as Zscaler and CrowdStrike. Although I am not fully aware of recent updates, more cross-platform integration would be valuable. A SOC analyst would like to have centralized access in terms of information flowing in even for privileged access management. They would like to have control over everything instead of opening four to five tabs for different sorts of information. Cross-platform integration would help with that.

Customers also want CyberArk's pricing to be better so that they can implement it further and have more licenses.

Implementing a privileged access management solution can be challenging. It would be great if CyberArk could provide recommendations based on the compliance standards of an organization. It would help system admins ensure that all the required ports are closed and the systems are being managed properly. If any system is not being used anymore, any ports opened for that system need to be closed. Having such recommendations would be helpful.

I have been associated with CyberArk since it became popular two to three years ago. I have been working with CyberArk tools on the client side and the consultant or vendor side.

I cannot think of any stability issues.

I cannot think of any scalability issues.

In terms of tech support, I have had a positive experience with ManageEngine support, and I wish that a similar experience was there with other vendors and products. With ManageEngine, I appreciated the chat option. When I was stuck, I did not need to go through a dedicated portal or wait hours for a solution. A chat system providing quick access to a technical engineer, within four to five minutes, is very helpful.

I would rate CyberArk's technical support a seven out of ten.

Neutral

I worked with HashiCorp, specifically HashiCorp Vault, and had collaborations representing CyberArk's perspective. 

CyberArk focuses on privileged access management for enterprise security. They offer CyberArk Conjur, but if customers need secrets management or infrastructure automation, HashiCorp has a better solution with HashiCorp Vault. In terms of PAM, CyberArk excels. For Conjur-type products, HashiCorp is better. CyberArk caters to traditional infrastructures and security or IT admins, while HashiCorp has good cloud-native, DevSecOps, or DevOps services.

About two years ago, people focused on the on-prem side of things, but now the cloud version is gaining popularity.

The solution has so much to offer that it becomes a little bit complex. Every infrastructure is different, and you need a customized solution as per the infrastructure design. CyberArk has a lot to offer. It has a lot of buttons to push in terms of security, so it becomes a little bit complex when you are deploying it for a big organization.

During on-prem deployments, we followed specific steps for the right deployment process. The order of deployment is crucial, such as deploying necessary components first and then setting up CPM policies. This order is essential whenever deploying CyberArk.

Two to three years ago, its integration was difficult. We had to take different routes to integrate those solutions, but now, we see a lot of plug-ins. For example, Microsoft Sentinel does have a CyberArk plug-in.

For deploying a CyberArk solution, you would need at least two security analysts, two to three system admins, and one network administrator. The security admin provides the right infrastructure and access. The network administrator helps with all VLANs or separate segmentation for specific sites or resources. The security admin works on the CPM policies and more.

In terms of maintenance, like any other solution, it requires keeping an eye on it and any updates. You would need someone to support it.

A strong identity and access management solution aids in navigating significant incident responses or breach situations. Omitting important solutions can be highly costly. Implementing a privileged access management solution can help avoid such expenses.

Its value can be seen after one or two months of proper implementation. It makes the life of a security admin easier. 

I focus more on the technical side, but I hear customers say that if CyberArk was more affordable, they might have acquired more licenses. Some clients consider alternative solutions due to pricing concerns. If CyberArk could address this, it would help in offering their solution to additional customers.

With a PAM product, most customers want to block access to critical assets and have a strong policy set. They also look for cost-effectiveness.

For a financial organization, even a compromised password can trigger a domino effect in terms of exposure of sensitive information, leading to a failure to meet specific compliances being followed in a specific region. They might have to let consumers know. Having an effective PAM solution can save a company from such a situation. Generally, it is not that the solution is not efficient. It is usually that the implementation is not done correctly. Every infrastructure is different, so you need to have a proper plan and make sure it is implemented as per your industry requirements.

CyberArk Privileged Access Manager helps with compliance to a certain extent, but it is not a compliance solution. For compliance, we still rely on other solutions.

I tell my clients that having an additional piece of PAM helps protect against threats and provides an extra layer of security. Identity and access management are fundamental in cybersecurity. Done right, it offers peace of mind and safeguards against unauthorized access to sensitive information. In the financial sector, where data is highly sensitive, exposure to bad actors can lead to significant breaches and potential damages. A breach can cost a million of dollars.

I would rate CyberArk Privileged Access Manager an eight out of ten.

The use case of privileged access management is self-explanatory. A large telecommunication company like ours needs to protect our privileged access because every attack cycle has privilege escalation, and we have to stop attackers at this point. 

We have a lot of vendors or third parties working with us. They need to access our resources. The trust level of external third parties is lower than direct employees, so we do not want to share our critical credentials with them. That is our primary use case. 

Another use case is managing internal employees, especially highly privileged administrators. Furthermore, the critical business applications and areas throughout our IT infrastructure involve privileged access, and we aim to protect those. We want the ability to audit and have real-time control.

I appreciate CyberArk's real-time capabilities. I can secure critical sessions, such as SSH or database sessions. As a security professional, I have real-time visibility into ongoing sessions. If anything suspicious occurs, I can terminate or freeze the session, which is part of user behavior analytics. 

We can monitor and have real-time control over our environment with sessions coming from around the world, ensuring security. We have visibility and control through real-time user behavior analytics. That is my favorite feature.

It has a learning curve and is a complex product that requires dedicated training and people. 

Maintaining the product is challenging. Upgrades require a lot of resources, as it impacts the entire organization. For example, upgrading components like the Privileged Session Manager (PSM) and the vault is time-consuming and difficult. In the long term, I would like to see these processes simplified, especially for on-premise installations.

I have been using this solution since 2018, which is a little over six years for me.

The product is solid and works as designed. The product itself is not yet very mature. That is one side. Another side is not putting enough resources into it as a customer. Most of the time, any stability issues are mostly with the customer, not the vendor. Proper fine-tuning and expertise ensure the product performs well.

It is highly scalable. We started small and expanded it to an enterprise level, and are now moving to the cloud for further growth. Its architecture offers scalability. It can grow much bigger than our company. It provides all the flexibility and modules if you have the required expertise.

CyberArk's customer service has improved recently and is now very responsive. However, four to five years ago, they were average. They are now at acceptable levels.

Neutral

We are fully on-prem for the PAM, but we are moving to the cloud.

Its deployment is not easy due to CyberArk's complexity. We started from a small footprint and then moved to a larger deployment. It was a lot of work. This could not be managed without CyberArk-certified engineers. It is very complex.

We can never deploy and manage it fully by ourselves. No company has that expertise, so you always need CyberArk-certified engineers from a third party when it comes to critical things. We have over 30 servers running for the CyberArk solution. All 30 servers have different pieces of this complete solution. We can never upgrade it by ourselves without professional services. We can do some of the things ourselves, such as day-to-day management, troubleshooting, and operations, but for upgrades, installations, migrations, and disaster recovery, we need professional services. We have a separate budget every year for professional services.

We have a team including myself from governance, a project manager, senior leadership, and hands-on team members, among others. It requires four to five people from security and two CyberArk-certified engineers. I need two engineers because if one gets sick in the middle, the other person can take over because there is no going back when we start the upgrades and critical changes. We have four to seven knowledgeable and dedicated people in a critical scenario.

Pricing is a problem. CyberArk is expensive compared to other products I know. It is similar to buying a German car. It comes with all the bells and whistles, but some companies may find it too expensive.

I compared CyberArk with a product called Delinea. I preferred CyberArk because Delinea required additional agents installed on each target for session recording, whereas CyberArk does not. There was a difference between the two products in how they did the session recording. Because Delinea needs an extra agent installed on each target to do the session recording, you have a huge amount of work managing those target agents on probably thousands of servers. You need another team to do that. An extra workforce is needed to manage that. That was the first turn-off for me. CyberArk does not need an agent. It is in real-time. It drops DLLs to the target host during the session so that you do not need to manage the agent.

The most important aspect for us was that Delinea did not have real-time controls. They said they were developing that piece. They could only analyze recordings after the event had already happened, but then you are too late. All the artificial intelligence and machine learning were applied for the post-event activities. That was a big differentiator. CyberArk's real-time controls set it apart as Delinea only analyzed recordings after events.

These were the two main reasons for going with CyberArk. Everything else was fine. For an average-sized company, Delinea is fine, but for a large-scale company, CyberArk is a better choice.

It took us some time to realize its benefits because there was a learning curve for us. It took us about a year to get our heads around this product and start effectively using it. It is a journey. It takes at least five years for any company to make this product very useful and reach maturity. It is not only the product's fault. The company needs to have a vision, and the company culture needs to go with it. Senior leadership needs to support the vision. You need to have lots of ingredients for success. If everything is in place, you will see success after one year. In the first year, it is a struggle for everybody.

My company was bought by a bigger company, and they were very new to privileged access management. Everybody was struggling. The advice I would give is to have a good vision for privileged access management. You need dedicated teams, senior management support, and proper company policies and standards before implementing the solution. Start building knowledge slowly and avoid jumping into the deep end without preparation.

I would rate CyberArk Privileged Access Manager a nine out of ten.

My first use case is seamless recording and seamless connection to the area target, as well as the recording of ten sessions with command restriction. This is the first use case. 

Secondly, I can perform password rotation without needing to know or use the password of the privileged account. I can connect and rotate my password as needed. Various customers have password rotation for each day. 

These are the two main use cases currently employed: password rotation and a seamless connection to end targets with the recording feature.

It's a one-stop solution. Whatever I need, whether securing identity, web applications, privileged accounts, RDP, Windows, Linux, or other devices like switches or firewalls, CyberArk supports it fully. It eliminates the need for me to search for other solutions.

Its identity compatibility with CyberArk Identity Solution provides extra security, including free MFA with the licensing cost. Premium accounts can increase security using the EnCon Privileged Manager. CyberArk's integration with PaaS solutions makes it the most comprehensive solution, eliminating the need for me to explore other Gartner solutions.

The best feature is vaulting. CyberArk has a separate vault, which is their proprietary vault, which provides multiple encryptions for every password object, as well as tamper-proof recording. Recordings are sent to the vault. This is the best feature since all data and security we have are situated in the vault. 

CyberArk provides me with a single account page to access all endpoints or privileged accounts, simplifying connection without the hassle of password maintenance.

I sometimes require learning resources when there is a new solution for CyberArk. I need to mark favourite accounts or group accounts which point to needed improvements. Some users wish to bypass providing a reason when logging into some target servers. 

Additionally, some users could be excluded from certain requirements, but this is not currently possible. A gradual setting could be added to exclude users from regular routing, allowing direct access without entering a reason. 

Also, improving the support process is necessary. They are focusing on cloud solutions instead of on-prem. They are taking two to three days for resolution are too slow. Customers, including myself, do not want to wait this long for solutions. It is vital for CyberArk to focus more on enhancing support, though CyberArk is committed to monitoring customer reviews and is making progress in its solutions.

I have deployed and implemented CyberArk for various customers. I have been installing and deploying CyberArk to different clients and regions for more than four years.

In my four years of experience, I did not encounter any glitches or big problems in CyberArk. I have only encountered minor issues, such as a learning curve, which cannot be changed. There are also a few items that are mandatory and not optional in terms of being able to change things. Even if the customer does not want it, it is a one-stop solution.

Apart from these minor issues, CyberArk is perfect for daily operations when compared to other solutions. It secures my organization despite some mandatory features that clients do not want. 

I'd rate stability nine out of ten.

I'd rate scalability ten out of ten.

I'd rate the technical support seven out of ten.

I have experience with CyberArk support, where I had some unresolved issues. The support provided me with a different solution, which was unrelated to my request. The support staff appeared lacking in technical knowledge, which resulted in dissatisfaction for both myself and the customer. Consequently, they hired partners and services to manage their CyberArk application.

Neutral

The initial setup depends entirely on the investment. CyberArk consists of several components, such as four to five for a standard setup or eight to ten for distributed or high-availability configurations. 

This increases investment costs. SaaS, which requires fewer components, might be chosen yet comes with disadvantages, as Vault and PVWX come with the application. Compared to on-prem solutions, it's a bit more expensive, however it gives more rights to the customer. 

The initial setup is straightforward. The customer can use it almost right away.

The process might take 20 minutes with troubleshooting all the way up to three months for a full project. 

Most of our clients are bigger enterprises.

CyberArk does not need any maintenance. It deploys custom management, so you don't require anything beyond an administrator that can handle any downtime. It automatically upgrades.

Our team currently consists of up to ten members working, depending on the project's requirements.

The ROI is a big concern. It's a total solution, and most customers are totally satisfied with their solution right now. Most customers are satisfied with having this single solution, having initially wanted different solutions. After experiencing CyberArk and its demo, customers are fully satisfied. CyberArk's capabilities and functionality outperform other solutions.

CyberArk is not inexpensive. It offers a two-way model: access is a licensing cost based on the number of users, and the implementation cost is handled by partners. Although it is somewhat expensive, paying only for licenses instead of the number of devices can be considered fair. Yet, it is not labeled as cheap, it is somewhat falling on the expensive side.

CyberArk is a bit expensive and enterprise clients are the ones that are using it right now. It works well in big organizations with big architecture. 

I have experience with CyberArk as well as other on-prem solutions. CyberArk offers numerous solutions. Compared to others, CyberArk's identity system is bundled with access solutions and securing privileged access. The admin gateway first checks user legitimacy before granting access to the PaaS solution or privileged accounts. CyberArk integrates various cybersecurity solutions, such as identity, endpoint privilege manager, and PAM solution, apart from VPN-less access and dynamic privilege access. 

Other solutions only offer traditional features. CyberArk is progressing in AI and ML. It's allowing web applications and scripts onboarded without credential hassle. Hence, CyberArk is a leader in time solutions.

Overall, I would rate the product a nine out of ten. 

It's a one-stop solution. CyberArk has total support for everything, saving you from finding any other solution. You get strong security for your license costs.

I'm a partner of CyberArk.

We're using CyberArk Privileged Access Manager to manage our service accounts, privileged service accounts, and password rotation. We also use Conjur.

CyberArk Privileged Access Manager has helped our organization remain compliant in the privileged access management space. It is very helpful for meeting compliance and regulatory requirements such as SOC, SWIFT, and PCI DSS.

CyberArk Privileged Access Manager has helped us become more efficient in managing these service accounts.

CyberArk Privileged Access Manager feels quite secure in ensuring data privacy.

CyberArk Privileged Access Manager has a very strong potential for preventing attacks and lateral movements, but it has not had an impact one way or the other on the number of privileged accounts in our organization. They are just managed differently.

CyberArk Privileged Access Manager makes it easy for users to retrieve and manage their passwords.

I have been using CyberArk Privileged Access Manager for a few months. I am still learning, and I appreciate all the networking and education at the CyberArk Impact in Boston, which is going to set me up for success as I take on my role.

In CyberArk Privileged Access Manager, the UI has room for improvement, as does the dashboard reporting, which could be made better or easier to use. The interface needs to be more intuitive in CyberArk Privileged Access Manager. There should be dashboards in CyberArk Privileged Access Manager with more data and reporting capability for the non-compliant scenarios.

My company has been using it for a long time; I have been using it only for a few months.

I have not had any support experience with CyberArk at this point in my journey. 

I found the CyberArk Impact event to be much more effective as an educational experience.

Positive

The time-to-value for CyberArk Privileged Access Manager was recognized pretty quickly after implementing it.

I hope to learn how the pricing works so that I can understand it better, but I am certain it is not inexpensive.

It is absolutely necessary to have a PAM tool like CyberArk Privileged Access Manager, even if someone is using other security tools.

Based on my experience thus far, I would recommend CyberArk Privileged Access Manager to other users.

I would rate CyberArk Privileged Access Manager as an eight out of ten. It is early in my journey with this solution.

I use CyberArk Privileged Access Manager to manage privileged access within the organization.

By implementing CyberArk Privileged Access Manager, we wanted the management of periodic password rotation, management of privileged access, and discovery of privileged access.

CyberArk Privileged Access Manager’s ability to safeguard credentials for our organization is very important because it helps in managing the keys to the kingdom, especially the privileged access for various platforms. It is quite important for the organization, and it is one of the must-have applications. It plays a key role in managing privileged access for the organization.

We are able to manage close to 20,000 accounts without many cases by using out-of-the-box features available in CyberArk Privileged Access Manager.

CyberArk Privileged Access Manager helps in meeting certain compliance and regulatory requirements and closing any gaps.

CyberArk Privileged Access Manager has not helped reduce MTTR. When we have an incident with CyberArk, it takes time for us to recover. There is always an increase in MTTR because of the complexity of the CyberArk infrastructure itself.

From an operational efficiency perspective, CyberArk Privileged Access Manager has reduced a lot of manual work, such as changing passwords and managing privileged access accounts manually. By automatically rotating passwords within a set period of time, it streamlines many processes. It has improved operational efficiency for privileged access, but managing the infrastructure is one of the things that we are working on. It is a complex product. 

CyberArk Privileged Access Manager has not helped reduce the number of privileged accounts in our organization. Privileged accounts are the key entities within CyberArk. There has not been any decrease in the number of privileged accounts, but there are areas that we, as an organization, have not touched, such as cloud infrastructure, etc. We are working closely with CyberArk engineers to have them onboarded and manage those privileged accounts through CyberArk. That is in our road map.

The most valuable feature is platform management. It is quite easy to manage privileged access for certain target platforms with CyberArk Privileged Access Manager as compared to other products I have worked with.

It is very out-of-the-box and straightforward to configure periodic password rotations and access management for the platforms my organization is working with. That makes things easier in terms of what needs to be done. We do not have to spend time troubleshooting and working with support to figure out why something is not working, which is what I have personally done with other competitors.

One area for improvement is the user interface. It needs significant enhancements. It is outdated and does not align with the stress and challenges happening across the IT products landscape regarding user experience. CyberArk definitely needs to improve user experience and reduce complexity.

It is quite complex. CyberArk needs to reduce complexity. The product is currently very complex and challenging to understand without training. The product should be user-friendly and easy to use. CyberArk should understand that a product should not require training after a customer subscribes. Hence, user experience should be given the utmost priority.

Maintaining the infrastructure is not easy. Patching CyberArk Privileged Access Manager when there is an update or patch release requires professional services due to the complexity of the product. It takes us three months to six months to do an upgrade. For managing or monitoring the infrastructure, CyberArk Privileged Access Manager does not have any inbuilt tools. We have to rely on other tools which CyberArk does not recommend. There is no other way to monitor those infrastructure components. It is quite taxing and resource-intensive. For an organization of our size, at least five people are required to work full-time with CyberArk and monitor and maintain the infrastructure.

I have been using CyberArk Privileged Access Manager for more than two years.

Regarding the stability, it is pretty stable. We do not need continuous management. The performance is also very good for the size of our organization and the user base we are working with. We have not had any performance issues so far.

It is not easily scalable due to the on-premises infrastructure we use. It is not elastic like cloud-based solutions.

We have approximately 6,500 users. We have sized the environment accordingly. As an organization, we have done our own risk assessment to understand how CyberArk will grow in the next three years. We sized the environment accordingly so that there are no performance issues if it grows vertically or horizontally.

We use their premium support, but we do not get the value for the price we pay for the support.

For some questions, CyberArk support recommends professional services, which takes us on a financial route. From a customer perspective, it is unclear why I need to reach out to professional services for certain issues. If I have straightforward questions, I get answers from technical support easily. However, there have been instances where we were redirected to services requiring additional payments to get certain questions answered or receive suggestions.

Positive

In my previous organizations, I have used multiple products. I have also worked in a company competing with CyberArk. I worked on the development of a competitive product for CyberArk. 

I also implemented a competitor product in another organization which is listed as a leader alongside CyberArk. It was much easier to work with in terms of user experience compared to CyberArk. It was pretty easy to use and could be self-learned.

Its implementation is complex. If a new customer is onboarding CyberArk as a product to manage privileged access, it is quite complex.

Its integration is pretty straightforward. There are many out-of-the-box connectors. There are also a lot of connectors available in the marketplace to have CyberArk integrated with various systems. For a particular connector, testing to production took close to six weeks.

As CyberArk always recommends, we went with one of their partners to implement it within the organization.

We have three key engineers within the team responsible for managing the entire CyberArk architecture. They handle monitoring and management. They also work with other business units to have the privileged access vaulted and determine the road map for privileged access management. They also help in performing certain day-to-day business activities or tasks.

It took us close to three years to see its value and understand why it was chosen over other solutions.

I have heard from my leaders that CyberArk is costlier in terms of licensing. The support and maintenance are also costly. We use their premium support, but for the price we pay, we do not get the value.

CyberArk Privileged Access Manager is pretty costly, and it takes a lot of time to implement it. It is quite complex to implement CyberArk Privileged Access Manager, but once it is properly implemented, with the user community that is available with CyberArk, it is pretty straightforward and easy to use. Once implemented, it does provide value for the organization.

I would advise sizing it appropriately and building the infrastructure accordingly so that it is scalable. When it is sized properly in terms of CPU, RAM, memory, and disk size, it works smoothly without requiring specific maintenance, such as clearing logs. That is what I would recommend to any of my peers or colleagues working in other companies.

I would rate CyberArk Privileged Access Manager a six out of ten. Four points are deducted because of its complexity.

I use CyberArk Privileged Access Manager to manage the privileged credentials of our environment.

When I arrived at my company, CyberArk Privileged Access Manager was already deployed, so I didn't set it up myself. However, I've increasingly taken over its management during the past five and a half years. I saw its benefits almost immediately. Much of the value is tied to user adoption; as the end-user base becomes more familiar with CyberArk and embraces it, the benefits increase. Conversely, when we have users who know CyberArk exists but don't trust it, prefer their own methods, and avoid using it, its effectiveness is reduced. Ultimately, the more users embrace CyberArk, the greater the benefits I observe.

The best feature of CyberArk Privileged Access Manager is its core function: automatically managing and securing credentials. The ability to ensure compliance with both our internal and industry standards is invaluable, particularly in the current environment. While managing a couple of thousand accounts may not be a large number within the CyberArk community, it significantly simplifies our work in ensuring compliance and maintaining standards. The PSM feature is also excellent, as I've found it increasingly helpful in establishing connections without exposing passwords. Although a bit clunky when I used it a few years ago, it runs much smoother now. Overall, it's a great product, and I appreciate most of its features.

We use the privileged cloud model. However, transitioning from a traditional on-premises deployment to the privileged cloud has resulted in losing access to many logs and administrative tools typically available on the back end. For instance, we can no longer examine safes directly, delve into the vault to set permissions more granularly, diagnose port issues, or manage license allocation. These functionalities were readily accessible with our on-premises setup, but the cloud environment significantly restricts them. One highly desirable feature, for which I've seen an enhancement request already submitted, would be the implementation of more comprehensive logging around platform and policy changes, including details on the nature of the change when it occurred, and who made it. I recently encountered an instance where one of our platforms was altered without knowing when or by whom. This lack of auditability makes it impossible to understand the rationale behind the change, even though it appears relatively intuitive. Therefore, enhanced logging would be a valuable addition to our current system.

I have been using Privileged Access Manager for five and a half years.

Generally, the performance of CyberArk Privileged Access Manager is quite good, and we've experienced very few issues. Specifically regarding the PSM, the response time is typically excellent. However, some users have reported occasional timeout issues where the PSM session terminates unexpectedly. The source of this problem is unclear, as it could originate from the target server or the PSM server itself. While I encountered more issues with the PSM a couple of years ago, the response time has significantly improved recently. There are inherent challenges due to the multiple network connections involved, mainly when mapping network drives to transfer files within a PSM session. This connection can be slow, especially when enumerating folders during file system traversal, but it's likely an unavoidable consequence of the process.

Scalability is straightforward. While the initial deployment presents some challenges, deploying additional servers afterward is quite simple. The servers are robust in terms of their handling capacity. In discussions with CyberArk engineers, I learned that the expected load for the CPM and PSM was discussed. The CPM, in particular, can reportedly handle up to 50,000 accounts independently without issue. Given that we only have a couple of thousand accounts rotating, deploying an additional CPM would be a relatively easy task, achievable in less than a day. Therefore, scaling up appears to be quite feasible if necessary.

We subscribe to premium support, and it's been excellent, providing us with relatively rapid responses and overall good experiences. Previously, with regular support, the quality was inconsistent and heavily dependent on the technician assigned to our ticket. Some technicians were excellent, diving right in, carefully reading my notes, and offering helpful solutions. Others seemed to overlook the details I provided. For instance, I'd explain that I'd already consulted a specific knowledge base article and implemented the recommended solution without success, only to have the technician suggest I review that very same KB article, which I had just referenced.

Positive

I rate CyberArk Privileged Access Manager eight out of ten.

The connector servers require minimal maintenance. The only constraint is keeping the browser drivers up-to-date for web application connections, which can be more of an annoyance than a hindrance. Overall, there is not much maintenance involved for CyberArk Privileged Access Manager.

My advice for new users is to read the documentation. There's a lot of good information in there. I know it can be a bit of a drag to go through it all, but as you work, especially on the administrative side, you'll find that it contains a lot of information that can save you headaches. It would help you avoid opening tickets just by reading and following the guidelines. The documentation is pretty good, though not perfect; there are actually several errors. However, for most day-to-day activities, it's quite helpful.

My use cases as of right now include configuration, implementation, and developing a PowerShell report.

By implementing CyberArk Privileged Access Manager, we wanted to secure the password data and password accounts. We could see the benefits of CyberArk Privileged Access Manager immediately after we deployed it and started using it.

They could improve CyberArk Privileged Access Manager by providing more reports. If I need to know the 10 most-used accounts for this week, that functionality can be made available in the reports.

I have been using CyberArk Privileged Access Manager for seven years.

It is stable. The environment is stable, with no lagging, crashing, or downtime.

I cannot say much about scalability because we did not have any need for it.

I have contacted their technical support plenty of times. I would rate CyberArk's support a seven out of ten. They are always good.

Neutral

I have not used any alternatives to CyberArk Privileged Access Manager in my career.

The initial deployment was easy because I went to training first. The training was set up by CyberArk. From design to implementation, it took close to six months.

In terms of maintenance, it requires OS upgrades and patches. It doesn't take a long time.

We did not use any help from a third party, such as an integrator or consultant. The number of people required depends on the environment. I don't see how one person can manage it because there is a lot of information to collect before even doing a design.

My company always complains about the cost of CyberArk Privileged Access Manager because it's too high.

For a new user, I would advise them to try to configure CyberArk Privileged Access Manager a couple of times before starting to use it in a production environment.

I would rate CyberArk Privileged Access Manager a nine out of ten.

The main use of CyberArk Privileged Access Manager is to manage identities and access for our clients. We mainly focus on use cases like managing shared accounts, automatic password rotation, and recording sessions.

Its quite difficult to track for client who has access and at what time, which activity was done with that account, especially for built-in administrator accounts and Shared accounts. 

Automatic password rotation is another use case. CyberArk Privileged Access Manager has the capability to rotate automatic passwords in the defined period of time. CyberArk Privileged Access Manager is also used for recording and session monitoring .

With CyberArk DNA, we can discover the accounts and their associated dependencies and usage.

Data is secure. The passwords are stored in an encrypted format. The data privacy is very high, and it is quite challenging for someone to retrieve credentials from CyberArk Privileged Access Manager.

With Privileged Threat Analytics (PTA), which is a different component in CyberArk, you can put some additional control. For example, you have an account onboarded on CyberArk. If someone wants to access the system without using CyberArk and copying a password, which they might have stored in the notepad or their system, an alert gets triggered. There is also an additional control for ad hoc admin access if someone wants to access an admin privilege or and want to access some critical application after business hours. PTA provides more control.

It improves the overall security posture and provides more control. We have better governance. Credentials are stored in the safe vault.

It reduces the need for IT and help desk resources. There is a streamlined change process without relying on the L1 team to reset the admin account credentials. There is also better compliance and segregation of duties. We can meet the compliance requirement for retention of logs, password rotations, etc. It helps client to meet different compliance requirement / standards, such as HIPAA, SOX, ISO 27001, etc.

With no manual intervention, there is also a reduction in human errors. Based on the number of available accounts for the organization and the user entitlement, that is 300 to 400 hours.

It improves operational efficiency. With the control that we have with CyberArk Privileged Access Manager, there is a reduction in the manual effort for validation of the admin accounts. Without it, a person has to extract the accounts from the servers and revalidate them with the owners or approvers. That is quite tricky.

It can help to reduce the number of privileged accounts. For example, if the Windows team has 10 or 15 members with individual accounts. It is better to create one shared account based on their role such as L1, L2, or L3, reducing it to 2 accounts. It will reduce the number of privileged accounts in the organization as well as threats.

The main feature of CyberArk Privileged Access Manager is the ability to manage who has access to what and when, especially with shared accounts. With individual accounts, that is easy, but with shared accounts, it is quite challenging for clients.

The sessions are being monitored based on the Safe design and the ownership of a respective Safe. And its maintain individual accountability, Also check-in and check-out the passwords.

The reporting should be improved.  There should be more customization. The report should show how we are going to mitigate the risk because we cannot show the system environment to each and every auditor. Some kind of custom report should be there so that we can give a clear output about the risk.

There should be improvements in the dashboard visibility within CyberArk Privileged Access Manager. It should give more visibility in a single go rather than having to compare different reports.

Furthermore, having out-of-the-box dependency discovery for accounts, such as scheduled tasks , services and application pools, would be beneficial to improve overall functionality.

I have a total of 16 years of experience, and I have been working with CyberArk for about twelve to thirteen years. 

There have been no stability or performance issues as long as the design meets the requirements. It is essential to adhere to the recommendations for concurrent session capacities.

The solution is quite stable and scalable. It does not seem to have any gaps.

The technical support from CyberArk is quite impressive. They are responsive and provide detailed information when needed. I would rate them a nine out of ten because sometimes there are delays due to different reasons or misunderstandings.

Positive

I have worked in CyberArk, Delinea, CA PAM, ARCON, and BeyondTrust. I am parallelly working on other PAM tools along with CyberArk. I started to work in CyberArk PAM since version 7.1.

For on-premises, there is complexity due to the need for physical servers and cluster configuration, which might require going to data centers. However, after several deployments, it becomes less challenging. A cloud deployment would be easier.

Its integration capabilities are quite good. We are using CyberArk identity as a multifactor authentication with RADIUS. That is quite impressive because, with one dashboard, we can manage the users' identities.

In terms of the deployment strategy, we first identify the scale and then design the solution. If the number of admins is high, there will be more concurrent sessions and recordings.

It is not tough to maintain. We once had an issue because of human error, but overall, it is easy. For 8X5 support, five members should be there.

For a large-scale deployment, two to three people are sufficient.

The cost savings vary based on the organization. A larger organization will definitely have more cost savings with the reduction in the manual effort in managing the accounts in the system.

The pricing is slightly higher compared to other solutions, but it is reasonable because there are better security features. Initially, it was based on endpoints, now it is based on the number of users, which offers cost savings based on administrative accounts.

I would recommend CyberArk Privileged Access Manager. My recommendation would be to ensure that the benefits of the solution are highlighted by presales, such as risk mitigation and meeting compliance posture.

The overall rating for CyberArk Privileged Access Manager is ten out of ten.