Try our new research platform with insights from 80,000+ expert users
Mohammad Jasim - PeerSpot reviewer
Senior Information Security at a non-profit with 501-1,000 employees
Real User
Top 20
A comprehensive solution for securing our environment but it could be more user-friendly
Pros and Cons
  • "It has a lot of good tools, including everything we need."
  • "CyberArk Privileged Access Manager is cool."
  • "It could be more user-friendly. Sometimes I encounter issues, and I do not know what the issue is. It takes a lot of time to find the error and fix it. Sometimes it gives an error, but I do not know what the error is. I have to find the documents, but it does not provide all the details needed to fix the error. This is one of the day-to-day issues with CyberArk."
  • "It could be more user-friendly. Sometimes I encounter issues, and I do not know what the issue is."

What is our primary use case?

I am an admin, and I use this solution for all our users. We have 80 users in our environment.

How has it helped my organization?

By implementing CyberArk Privileged Access Manager, we wanted to secure our environment and track everything.

We were able to realize its benefits within four to five months of its deployment after we had onboarded everything.

What is most valuable?

CyberArk Privileged Access Manager is cool. It has a lot of good tools, including everything we need. 

What needs improvement?

It could be more user-friendly. Sometimes I encounter issues, and I do not know what the issue is. It takes a lot of time to find the error and fix it. Sometimes it gives an error, but I do not know what the error is. I have to find the documents, but it does not provide all the details needed to fix the error. This is one of the day-to-day issues with CyberArk. 

When I contact support, it takes a long time to get help. They request all these logs, but they are not always relevant to my case. It is not always a definite help because I sometimes need help with issues that do not require any logs or device details. I am not sure if they read the case or not.

Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for four years.

What do I think about the stability of the solution?

It is good. We had a ten-minute outage last month. That is all. We do not know the reason. 

It is reliable.

How are customer service and support?

CyberArk's support quality has to improve because we are totally dependent on them. I would rate their support a five out of ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I used to use Okta. CyberArk Privileged Access Manager has more features.

How was the initial setup?

We had a third-party professional service that helped us to install it. It took about four or five months. To deploy, we worked with three people.

It does not require any maintenance. We just have to do the day-to-day operations work.

What other advice do I have?

New users should have training before they sign up for CyberArk. CyberArk should provide mandatory training so that everyone implements it properly. Sometimes, new users do not know what is going on, and they open a ticket, which might be an issue from their end. CyberArk should have a new user training service so that everyone is familiar with it.

I would rate CyberArk Privileged Access Manager a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Saransh Sondhi - PeerSpot reviewer
Senior Manager at a consultancy with 11-50 employees
Reseller
Top 20
Privileged Session Manager offers session recordings, logging, and tracking of user activities
Pros and Cons
  • "The feature that I like the most is the Privileged Session Manager. It offers session recordings, logging, and tracking of user workstreams."
  • "The feature that I like the most is the Privileged Session Manager."
  • "Based on the user experience that I see on a day-to-day basis, some changes could be made to the Privileged Session Manager tool to make it more user-friendly. The user interface of that tool could be more advanced and understandable to laymen, rather than being more of a developer tool."
  • "If CyberArk wants people to pay for cloud services, they need to make the cloud services much more real-time."

What is our primary use case?

I am a senior manager, and we have multiple clients for whom we deploy CyberArk Privileged Access Manager. We also manage or upgrade their instances. We handle migrations and new implementations. We take care of anything related to CyberArk.

What is most valuable?

The feature that I like the most is the Privileged Session Manager. It offers session recordings, logging, and tracking of user workstreams. It keeps a record of activities, allowing me to easily fetch screen recordings to detect any misuse and see who did what and what happened. Its benefits can be seen immediately after the deployment.

What needs improvement?

Based on the user experience that I see on a day-to-day basis, some changes could be made to the Privileged Session Manager tool to make it more user-friendly. The user interface of that tool could be more advanced and understandable to laymen, rather than being more of a developer tool. I would recommend more user-friendliness there.

CyberArk is more focused on the cloud solution. They are not going towards on-prem, but a lot of clients still like the on-prem solution. With the cloud implementation, you have a lot of dependencies on expert services. When you get into some issues, you have to wait for expert services. They usually reply in two to three days. That is something CyberArk needs to make better. If they want clients to move to the cloud, they need to support them in real-time. The client should not be waiting for two days to get a response for the issue. If CyberArk wants people to pay for cloud services, they need to make the cloud services much more real-time.

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for approximately six years.

What do I think about the stability of the solution?

CyberArk Privileged Access Manager is a stable solution. I have never faced any issues with stability.

What do I think about the scalability of the solution?

CyberArk Privileged Access Manager is a scalable solution.

How are customer service and support?

I have contacted their support a lot of times. The quality of support is okay, but the time frame for replies should be much faster than it is currently.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have not used any similar solution for PAM. However, for managing the accounts, we have used some password management solutions such as 1Password, but they do not give you the accessibility and different components that PAM provides. They are just for password storage and keeping the passwords safe. A PAM solution from CyberArk or BeyondTrust solution provides a lot more than that, so we cannot compare them. There is no comparison.

How was the initial setup?

I have deployed it both on the cloud and on-prem. My one client is on-prem, and another one is on the cloud.

The initial deployment depends on how extensive it is. For one client, it was quite easy, but after the deployment, it was tricky to deploy the components for AEM, EP, and CCP. On-prem implementation is much easier than the cloud. Cloud solutions require better and more immediate support. Cloud deployment is challenging due to dependencies on expert services.

It requires a bit of maintenance but not that much. Once you deploy the solution, it works, but there are always new upgrades. For example, if you deploy a web connector for web applications and Chrome releases an upgrade, you have to see whether CyberArk is supporting that upgrade or not. Accordingly, you have to update the drivers and other things for the web applications. The same goes with PSMP and SMP. If there are any version upgrades or any vulnerability patch fixes, you have to perform maintenance.

What about the implementation team?

We help customers deploy it.

The duration depends on how big the instance is. To deploy all the components, the duration can range from three to six months.

It can be deployed by one person, but it also depends on how many instances of servers you are deploying, what is the concurrent usage, how many users are being onboarded, and what components you have. There is PSM. There is EPM and PSMP. It depends on what exactly the client requires. These are some factors that determine the time frame and number of people required.

What's my experience with pricing, setup cost, and licensing?

From a client perspective, CyberArk's pricing is fair but there is a significant increase each year. They should limit the price increase because this could potentially drive customers to other partners. Price changes should be at defined intervals. There should not be sudden jumps.

What other advice do I have?

I would rate CyberArk Privileged Access Manager an eight out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
March 2025
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
reviewer2619339 - PeerSpot reviewer
Senior Manager at a energy/utilities company with 1,001-5,000 employees
Real User
Top 20
Achieves effective privileged access management with comprehensive password and session management
Pros and Cons
  • "For me, CyberArk Privileged Access Manager's most valuable features are password and session management."
  • "I would rate CyberArk Privileged Access Manager nine out of ten."
  • "CyberArk could enhance its usability by simplifying its architecture and design."
  • "CyberArk Privileged Access Manager is more expensive than its competitors, such as BeyondTrust, Delinea, and ManageEngine PAM360."

What is our primary use case?

My primary use case for CyberArk Privileged Access Manager is managing privileged access across the organization. I focus on auditing compliance and ensuring compliance with financial systems like SAP.

How has it helped my organization?

The benefits of CyberArk Privileged Access Manager are typically realized over time, often facing initial resistance from various teams within an organization. While security, audit, and governance teams readily recognize the value of CyberArk, platform teams, and other stakeholders may resist its implementation. This necessitates a concerted effort to sell CyberArk internally, emphasizing its benefits and addressing concerns. Convincing internal stakeholders can be more challenging than securing buy-in from security or IT teams, often requiring three to six months after deployment for the benefits to become evident and widely accepted.

What is most valuable?

For me, CyberArk Privileged Access Manager's most valuable features are password and session management. It also includes technologies like Zero Standing Privileges and EPM, which I deploy for customers to demonstrate the return on investment.

What needs improvement?

CyberArk could enhance its usability by simplifying its architecture and design. Additionally, incorporating automated onboarding and offboarding features directly into the product would reduce the maintenance burden on administrators.

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for eight years.

What do I think about the stability of the solution?

I find CyberArk to be quite stable. Exceptions occur mostly due to user errors. It has a large customer base and positive feedback within my network.

What do I think about the scalability of the solution?

On-premises scalability is challenging for me due to deploying various components on different servers, but I find SaaS to be more promising in scalability.

How are customer service and support?

In my experience, the quality of support has been inconsistent. Response times seem to correlate with the strength of the relationship with the CyberArk account manager, with quicker responses when rapport is strong.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I worked briefly with BeyondTrust but returned to CyberArk, which has been my primary focus.

How was the initial setup?

In SaaS, most tasks are abstracted, reducing the workload compared to on-premise solutions where tasks like network configuration, connectivity, SSL certificates, and management fall on the user. However, SaaS solution eliminate the overhead of building VMs and similar infrastructure. Overall effort for both approaches is comparable, but SaaS offers the significant advantage of CyberArk managing the underlying infrastructure, including the vault and web interface, a feature most customers prefer today.

Initial setups were challenging for me at first, but with experience, they became more manageable. It generally requires reviewing documentation and seeking initial support from CyberArk. The deployments take between three and six months.

What about the implementation team?

Implementation involves a project team with a project manager and Windows engineers for tasks like VM provisioning. Typically, I have executed projects primarily by myself, sometimes with minimal assistance from junior resources.

What's my experience with pricing, setup cost, and licensing?

CyberArk Privileged Access Manager is more expensive than its competitors, such as BeyondTrust, Delinea, and ManageEngine PAM360. While ManageEngine PAM360 offers similar flexibility and support at a lower cost, CyberArk's SaaS solution is particularly expensive. This high price point has discouraged many customers from migrating from on-premise solutions to the CyberArk SaaS platform.

Which other solutions did I evaluate?


What other advice do I have?

I would rate CyberArk Privileged Access Manager nine out of ten.

CyberArk manages the maintenance for the Privileged Access Manager.

Organizations must ensure users understand the importance of PAM and how it secures infrastructure. Training sessions, workshops, and demos are crucial for building user engagement and overcoming initial resistance.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
reviewer2618997 - PeerSpot reviewer
Presales Engineer at a computer software company with 201-500 employees
Reseller
Top 20
Continuously monitors the access and detects any unusual behavior
Pros and Cons
  • "The module called PTA, Privileged Threat Analytics, is very useful. When you give access to a user, it monitors and detects if the user's behavior is unusual. After giving access, it continually checks if the user is the same user."
  • "I would rate this solution a nine out of ten."
  • "The solution's architecture could be improved. It requires installation on four to five different servers. Each server has a purpose, but when you need to troubleshoot, it can be difficult because you need to access each of them. Reducing the number of servers would be helpful."
  • "The solution's architecture could be improved. It requires installation on four to five different servers."

What is our primary use case?

I use CyberArk Privileged Access Manager to prevent exposing credentials for super-critical accounts, such as admin accounts and root accounts. I use it to protect these credentials and to avoid exposing them.

What is most valuable?

The module called PTA, Privileged Threat Analytics, is very useful. When you give access to a user, it monitors and detects if the user's behavior is unusual. After giving access, it continually checks if the user is the same user. It detects unusual behavior if someone else accesses the application.

What needs improvement?

The solution's architecture could be improved. It requires installation on four to five different servers. Each server has a purpose, but when you need to troubleshoot, it can be difficult because you need to access each of them. Reducing the number of servers would be helpful.

In the SaaS version, the number of required servers is reduced from five to three, but it is not completely cloud-based because servers still need to be deployed on-premises. Some clients are migrating from on-premises to the cloud. They do not want to use more servers or increase their on-premises data centers. They want everything to be on the cloud, but even in the SaaS version of CyberArk Privileged Access Manager, they need to deploy some servers on-premises. That is not very helpful.

For how long have I used the solution?

I started using CyberArk Privileged Access Manager in 2022, which was two years ago.

What do I think about the stability of the solution?

I have not experienced much instability. Sometimes, the issue lies with the server I deployed, but this is not very often.

What do I think about the scalability of the solution?

In the on-premises version, scalability is difficult because server limitations can require buying new hardware. The SaaS version is more flexible, allowing easier scaling with increased users.

How are customer service and support?

I contacted them more when I started to work with this solution. I still contact them but not so much.

I would rate their technical support a six out of ten. They are helpful, but complex issues can take a long time to resolve, which can delay solutions for urgent customer issues.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have used other solutions like Password Manager, but they were not very helpful because you use and store the same credentials, so there is a risk of exposing real credentials. CyberArk Privileged Access Manager allows me to create a random password and share it with a person, preventing the exposure of real credentials.

While some of the Password Manager solutions are free, they are too dangerous because they expose credentials.

How was the initial setup?

I have worked with both on-premises and cloud versions. I prefer the cloud version because with on-prem, I need to install my own servers and maintain those servers. I do not have to do that with the cloud model. The responsibility belongs to CyberArk. I have fewer responsibilities as an administrator.

Initially, the setup was difficult to understand, but after three to four deployments, it became easier. It also depends on the kind of applications or servers needing integration.

In terms of maintenance, when the customer starts to use a new application, it needs to be integrated with CyberArk Privileged Access Manager. Sometimes the new application is not 100% compatible. In such a case, the developer needs to create the integration.

What about the implementation team?

In the first deployment, there was a team of two people.

What's my experience with pricing, setup cost, and licensing?

Its price is high. I have also worked with Delinea. CyberArk is comparatively expensive compared to other PAM solutions, such as Delinea, especially during renewal.

What other advice do I have?

It takes some time to realize the benefits of this solution. Customers take time to understand this solution. It also happened to me when I first started to learn how this solution works. I was looking for a solution to protect identities, and when I came across this solution, I found it hard to deploy as the architecture is complex. Still, in one month, I was able to understand the purpose of this solution.

Before deployment, I advise being clear about the applications to integrate and the users who will use them. Mapping this information beforehand will save time during production. You will not have to add them one by one.

I would rate this solution a nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
SatishIyer - PeerSpot reviewer
Assistant Vice President at a financial services firm with 10,001+ employees
Real User
Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK
Pros and Cons
  • "I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault."
  • "When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time."

What is our primary use case?

I work with the infrastructure access team in my organization and we have CyberArk as a primary solution along with a number of components for Privileged Access Management (PAM) and monitoring within the privileged access sphere.

We began with CyberArk in 2018, when we procured the licenses for CyberArk and all its components including the PAM suite and Endpoint Privilege Management (EPM). Our management took a call and we had to do a proof of concept to evaluate the product and see what it was capable of. As a product owner, I had six months to complete this. We evaluated a few specific use cases and presented our findings of the CyberArk's capability to management around the end of the third month.

Since then, CyberArk's Privileged Access Management is still our central solution for the entire estate, including all our servers (Windows/Unix), databases, devices, and so on, with around 5,000 to 8,000 users globally. Essentially, all access is managed through Privileged Access Management. That said, I am not sure to what extent all of the findings were carried forward after our initial evaluation because a lot of changes have happened within the organization. Our overall threat assessment, criteria, and even the framework has changed, now leaning towards a Zero Trust kind of strategy.

For instance, even for the tools that are used within the Privileged Access Management suite, there is a tighter alignment towards enterprise architecture, and we currently have a highly-evolved enterprise architecture group from which everything is driven. Earlier, individual units would have had their own licenses to see what they can do with them, but now things are more closely aligned with the overall enterprise architecture strategy. Given this, some of CyberArk's tools such as EPM have somewhat dropped off from the list of our priorities.

As for how we have deployed CyberArk, it's currently all on-premises. We do have a roadmap for transformation to the cloud, but I am not sure what kind of place CyberArk will have in that, as it depends on the enterprise architect's view on the cloud transformation. We have had some discussions around what to do about the cloud portion of our assets (e.g. VMs and such), what kind of monitoring we need, and so on, and I think that, among other apps, Splunk will likely become part of our toolset when it comes to the cloud. I believe we are also evaluating CyberArk's Cloud Entitlements Manager on this roadmap.

How has it helped my organization?

From a functional point of view, I would not have a concrete idea of how CyberArk has improved our organization because that information is better provided by someone from the operations team. Those kind of evaluations are typically done at a much higher level, probably at COO or a similar level, and they have a close alignment with the enterprise architecture group.

On a practical note, with CyberArk there is integration with your identity management system such that, when done properly, you can ensure that anyone from an administrator to production support personnel will gain the relevant access they need in good time. PAM offers integration with Active Directory, LDAP, and so on, and is fairly compliant with these kinds of approaches to identity.

What is most valuable?

I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault.

The second most useful feature is the monitoring of your privileged sessions. So you have an audit trail, where any privileged access session has to be authorized, and you have access to all the relevant monitoring controls.

What needs improvement?

When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time.

PTA is essentially the monitoring interface of the broker (e.g. Privileged Access Management, the Vault, CPM, PSM, etc.), and it's where you can capture your broker bypass and perform related actions. For this reason, we thought that this kind of mapping would be required, but CyberArk informed us that they did not have the capability we had in mind with regard to MITRE ATT&CK.

I am not sure what the situation is now, but it would definitely help to have that kind of alignment with one of the more well-known frameworks like MITRE. For CyberArk as a vendor, it would also help them to clearly spell out in which areas they have full functionality and in which ares they have partial or none. Of course, it also greatly benefits the customers when they're evaluating the product.

For how long have I used the solution?

I've been using CyberArk Privileged Access Management since 2018.

What do I think about the stability of the solution?

CyberArk's PAM does what it's supposed to do, based on the interactions I've had with the folks from operations. There are the usual operational challenges, but it fulfills its basic purpose.

Stability assessments are conducted by a separate team that does risk assessments, so I don't have a lot of insight into this aspect, but considering that the product has been running for quite some time now and it's still the central solution for access management, I would reckon that it's a pretty stable product.

What do I think about the scalability of the solution?

There are different categories out there when it comes to scalability. In the case of bringing in new target systems, then sure, you can bring in what you need based on your licensing criteria. In terms of bringing in target systems which are not covered by the list of connectors that you have, this too is possible as there is scope for customization. Overall, I think it's fairly scalable and it does give decent support on the scalability front.

Our onboarding is progressing smoothly and at a steady pace. With the onboarding, you have new users coming on, and because it's a central solution, the rollout is global. There are even plans for extending the department in terms of increasing the redundancy of components, which is largely determined by operational performance reviews and so forth.

How are customer service and support?

In my personal experience as product owner assigned to various components, there have been challenges with the support at times. I would say that it has scope for improvement.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have used a similar solution, but it was closer to a desktop password manager kind of tool. It was made by IBM and it was something you could actually install on your desktop and manage your passwords around that.

Later on IBM developed the tool into something more enterprise-oriented, and it turned into what we would classify as a privileged access management solution. But otherwise, CyberArk was probably the first fully-fledged solution in this sphere that I have used.

How was the initial setup?

The initial part of the setup was quite good. When it came to Windows, we had success in the beginning stages, but later on we had to have a number of discussions with CyberArk with respect to the 'groups' nomenclature, as we wanted to have a very clear standard that could be used consistently throughout the organization.

The first iteration was mostly fast and easy, however at one point we realized that there was much more detailing needed to be done. So we went through another iteration with a more detailed design and came up with more comprehensive coverage of groups, or roles, as you might say. In total, I think it was around two years before the Windows part was comprehensively addressed, but after that, it was covered quite quickly. 

Before CyberArk's PAM, we had a legacy tool that was managing the privileged access for Windows and we had that decommissioned around this time, which was a victory of sorts.

What about the implementation team?

The first step of the implementation strategy was putting all the passwords in the vault, thereby securing them. We also had a tool called Application Identity Manager, which we used for mitigation of the hard-coded passwords. Only after the vault was in place alongside Application Identity Manager, were steps taken to deploy the PAM suite.

Back in 2015, we had about three or four full-time CyberArk Professional Services folks undertake an effort to implement it, but that project failed. All that was achieved was the central vault deployment, and I think they also had Application Identity Manager installed at the time, but nothing apart from that. So it didn't take off the way it was supposed to, possibly due to a misalignment with the top management and the enterprise architecture viewpoint. But later on, and toward the second half of 2016, things started picking up again and further steps were taken from 2017 onward to deploy the Privileged Access Management functionality.

Throughout the PAM deployment, there was a fairly large vendor team that we were working with. I reckon the vendor team size was around 45 to 50 people. Within the organization, there was another large team that was supporting with various roles, such as in engineering, architecture, operations, governance, and so on. In total, there were around 50 of the vendor's team and maybe 20 to 30 roles from within the organization. There were other layers of responsibility, such as the risk team, but all those were kind of on the outside of the deployment.

What was our ROI?

I don't have much access to the facts and figures surrounding ROI, but I would reckon that with the Zero Trust risk strategy that we have, the product does match some of our key challenges. For one, we have the vault solution, so the passwords are safe up there. And then we have brokering in place for some of the key platforms, so I would say that these positives, along with our strategy and roadmap, will decide the fate of the future of CyberArk within the organization.

What's my experience with pricing, setup cost, and licensing?

I'm aware that the organization had purchased licensing for almost all of CyberArk's solutions including licensing for PTA, EPM, and the Application Identity Manager. But when it comes to PSM, this is one of the components where there's an additional charge for any extra PSMs that you want to deploy. I believe that there's some rider where the vendor has a bit of leeway to, at times, charge a premium on whatever additional services you may require above the board.

What other advice do I have?

Based on my experience as a product owner, I would advise, firstly, to set up an enterprise security architecture as authority within the organization, and ensure that it is closely aligned with your business. Once that is set up, then the enterprise security architecture should determine the priorities of the business and, accordingly, you can lay out a roadmap and strategy.

From a product perspective, CyberArk may or may not fit into your organization based on what strategy you have detailed, or it may or may not fit your requirements. So I would definitely not recommend purchasing the tool first and then determining what to do with it next.

Regarding automation, we are adopting DevOps for the positives it brings, such as cost savings, efficiency, etc., yet there needs to be some checks and balances. Having a fully automated solution would require you to think through the security aspects very carefully. That is why alignment with the enterprise security architecture is of great importance when it comes to securing access across environments in an identity management solution.

CyberArk's PAM is based on the concept of identity, such that a user logs in with his or her identity. So whatever systems the user accesses, there is an audit trail that is tied back to that same identity. This can happen across multiple environments based on factors such as the separation of duties, where certain engineers may not be allowed access to certain areas of development. These checks and balances occur when we give access to those kinds of rules and permissions. There are some targets we have for automation, but if it's fully automated it wouldn't be all throughout our organization as we have found there are some pitfalls with full automation.

Now, when you bring the cloud into the picture, as with our own transformation roadmap, you can't just put a tool in front of you and then expect everything to fall into place from on-premises to the cloud. It does not work that way. You need to have a sound strategy from your enterprise security perspective and only then can you ensure that things will fall into place.

Concerning the UI, PAM has an administrative dashboard and everything, but from a monitoring perspective, we also rely on additional tools apart from what CyberArk offers. For least privilege and managing secrets, there's a tool from CyberArk for that, but I'm not sure we have any plans on using that solution.

Overall, I would rate CyberArk Privileged Access Management a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2620077 - PeerSpot reviewer
IT Security Architect at a comms service provider with 201-500 employees
Real User
Top 10
Facilitates secure password rotation and out-of-band session management but the process for accessing RDP could be improved
Pros and Cons
  • "CyberArk Privileged Access Management's most valuable features are primarily its password vault functionality, specifically CyberArk's Core Privileged Manager and Privileged Session Manager."
  • "Customer support has been very helpful and responsive."
  • "The product is complex and requires extensive configuration."
  • "The current process for accessing RDP through the CyberArk or administrative portal involves downloading an RDP file. This is inconvenient for users and problematic due to security restrictions that prevent accessing servers via downloaded RDP files."

What is our primary use case?

We currently use CyberArk Privileged Access Manager for password vaulting. Our roadmap includes managing service accounts, rotating passwords, and expanding to SSH keys, AWS keys, and other login credentials. We've already implemented local administrative accounts and rotated elevated domain administrative accounts. Additionally, we've integrated Okta for multi-factor authentication, using Okta Verify, and plan to expand this to workforce identity for broader end-user security and credential management.

What is most valuable?

CyberArk Privileged Access Management's most valuable features are primarily its password vault functionality, specifically CyberArk's Core Privileged Manager and Privileged Session Manager. These components facilitate secure password rotation and out-of-band session management, addressing our organization's critical security needs.

What needs improvement?

The current process for accessing RDP through the CyberArk or administrative portal involves downloading an RDP file. This is inconvenient for users and problematic due to security restrictions that prevent accessing servers via downloaded RDP files. Ideally, the process should allow for a direct RDP connection upon providing server details, eliminating the download step and streamlining access. This issue represents a significant challenge and source of frustration for users.

The product is complex and requires extensive configuration. More tutorials and detailed use cases with troubleshooting steps would be beneficial, particularly for first-time implementers. Despite the excellent customer service, resolving issues can be time-consuming due to the product's complexity. Compared to lightweight solutions like Okta, CyberArk requires more background experience and is not as straightforward to learn and implement.

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for almost five years.

What do I think about the stability of the solution?

The performance of CyberArk Privileged Access Management sometimes lags or crashes, but this is not a significant concern.

What do I think about the scalability of the solution?

We have not reached platform limitations yet, as CyberArk supports up to eight hundred platforms per tenant, and documentation is clear about scalability limits.

How are customer service and support?

Customer support has been very helpful and responsive. My customer success manager facilitated many calls with technical experts, efficiently resolving critical issues.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?


How was the initial setup?

CyberArk's environment setup was straightforward, but we encountered issues during the Proof of Concept stage, specifically with PAM account discovery. While the CyberArk Manager displayed discovered accounts, we couldn't download the data into a usable format like an Excel sheet. This hindered our ability to identify efficiently and inventory discovered accounts, particularly from Windows systems, for phased onboarding. Although we eventually received instructions from CyberArk support on downloading the data, the process was complex and time-consuming. Simplified data export features would greatly benefit administrators.

What about the implementation team?

I received excellent support from CyberArk's technical team and customer success manager, who arranged calls and helped resolve implementation issues.

What's my experience with pricing, setup cost, and licensing?

Although CyberArk Privileged Access Management is expensive, its protection capabilities outweigh the cost.

Which other solutions did I evaluate?

I also evaluated CyberArk, along with Okta PAM and BeyondTrust, because it encompasses all the features we require, and Gartner recognizes it as an industry leader.

What other advice do I have?

I rate CyberArk Privileged Access Management seven out of ten. 

To streamline project setup, new users should receive guidance on planning and implementation scopes. Scheduling a jump start without such direction can complicate learning.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Jonathan Hawes - PeerSpot reviewer
CyberArk PAS Administrator at L3Harris Technologies
Real User
Top 5
Good automation, reduces human error, and offers helpful support
Pros and Cons
  • "The implementation of the PSM proxy has reduced the specific risk of "insider attacks" on our domain controllers and SLDAP servers by eliminating direct user login by an open secure connection on the user's behalf without ever revealing the privileged credentials."
  • "We'd like to see the creation of some kind of memo field for each device account, which could be used, in our network at least, to leave a note about the device for either the security or network engineering team members."

What is our primary use case?

Our primary use case is the scheduled password change management of Windows, Linux, and Cisco privileged local user passwords, as well as providing internal applications using the REST API credentials to access and maintain network elements.

Utilizing the CyberArk Password Vault DR implementation, we have a ready resource as a hedge against network issues caused by seasonal hurricanes through having a replicated DR vault in an out-of-state facility.

How has it helped my organization?

The implementation of the CyberArk Privileged Access Management has reduced the total labor cost of doing quarterly password change management (PCM) on the thousands of network elements (routers & switches), servers, and workstations throughout our nationwide network.

In addition to reducing the direct labor cost of the PCM procedures, the automation aspect has reduced risk that has previously resulted in many lost man-days resolving issues which previously was attributed to human-factor error during PCM procedures.

What is most valuable?

Utilizing the Central Policy Manager to provide policy programmable password change management automation, which can be configured either globally, or by using the individual PlatformIDs which limits the effect of human error on a nationwide implementation of network devices that are remotely co-located and not readily accessible. 

The implementation of the PSM proxy has reduced the specific risk of "insider attacks" on our domain controllers and SLDAP servers by eliminating direct user login by an open secure connection on the user's behalf without ever revealing the privileged credentials.

What needs improvement?

My personal wishlist of features has been fulfilled with versions 12.6 and 13.2, which provide a host of improvements that the administrator community has been asking for.  

With these version releases, that leaves my only "unfulfilled" product improvement request to be the creation of some kind of memo field for each device account, which could be used, in our network at least, to leave a note about the device for either the security or network engineering team members.

For how long have I used the solution?

We originally implemented the product in 2014 as a compliance mandate and fully integrated the application and functionality in 2017. We have just finished our fourth product upgrade and expanded our enterprise vault space to meet growing demand.

What do I think about the stability of the solution?

My implementation has been very stable over the past seven years, only having minor hiccups caused by "human error" during the "accidental" editing of a configuration file.

What do I think about the scalability of the solution?

We currently store over 50,000 privileged passwords, and I know if our network doubled tomorrow, the product would scale to meet the increased demand.

How are customer service and support?

There are two specific organizations within CyberArk that can provide customer assistance.

The customer success team is there with serious advanced knowledge to assist when things are not flowing. In my specific case, while I was learning to be a PAM administrator, I routinely contacted our customer success team with questions related to "Where can I find this documentation?", "How does this work?" and my favorite, "How can I put my permission back onto a safe?"

The other team is the professional services team, whose job is to be able to come in, analyze an issue, and correct it with the utmost speed. These are also highly experienced individuals that can be brought in the expand your implementation as needed.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Prior to the implementation of the CyberArk Privileged Access Manager, the security operations utilized unencrypted spreadsheets to store privileged passwords, which became a POAM when discovered during a routine security audit.

How was the initial setup?

Our organization utilized the CyberArk professional support team to come in and provide a local, hands-on planning and implementation approach. This implementation methodology actually reduced long-term costs by making sure the implementation was done according to CyberArk's Best Practices.

What about the implementation team?

Our organization utilized CyberArk's professional support team to come in and provide a local, hands-on planning and implementation approach. This implementation methodology actually reduced long-term costs by making sure the implementation was done according to CyberArk's Best Practices.

What was our ROI?

Our annual support costs are offset by the reduced labor costs within the SOCC environment, as the product has automated most of the password change management procedures, allowing labor to be focused on other topics.

What's my experience with pricing, setup cost, and licensing?

While the IAM space is heating up with new vendors, both CyberArk development and the product team seem to be ahead of the curve, with features and products to enable enterprise customers the ability to secure their networks and break the intrusion cycle.

Which other solutions did I evaluate?

CyberArk was our first venture into a secure password vault and was implemented at the recommendation of our federal customer.

What other advice do I have?

The product takes some time to learn. That said, CyberArk Software offers both a customer success team as well as paid professional support to assist.  

The customer success team has always seemed to be in my corner when needed, bringing insight and assistance when I was unable to resolve some of my "self-created issues".

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CEO at CareerCraftly
Real User
Top 5Leaderboard
Privileged access management escalates efficiently with robust access control and remote connectivity
Pros and Cons
  • "The access control feature and privilege and role-based assignment are outstanding."

    What is our primary use case?

    We use CyberArk Privileged Access Manager for privileged access management (PAM) escalation, securing our website, and applications. Our cybersecurity team actively utilizes its features.

    What is most valuable?

    The PAM escalation is valued. The access control feature and privilege and role-based assignment are outstanding. Dividing the user admin for security protection is the best feature. Additionally, its remote access allows easy connection for my team, and it efficiently manages identity.

    What needs improvement?

    Initially, it was challenging to understand and use all the features incrementally. Having a better user journey with a support team to connect would improve the product and services.

    For how long have I used the solution?

    I have been using CyberArk Privileged Access Manager for about eight months in our company.

    What do I think about the stability of the solution?

    The solution is quite stable. We have not faced any issues related to stability since using CyberArk Privileged Access Manager for eight months.

    What do I think about the scalability of the solution?

    CyberArk Privileged Access Manager is scalable. As a startup, it initially handled fewer users, but it scaled well as we grew.

    How are customer service and support?

    Technical support was fast in its replies and always supportive, helping to resolve any issues efficiently.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We used miniOrange, an Indian-based cybersecurity product for access management and PAM escalation. We also used one more product, which I don't remember the name of.

    How was the initial setup?

    The initial setup was straightforward due to well-documented resources and tutorials.

    What about the implementation team?

    Our cybersecurity team, comprising two to three people, worked on the deployment and feature implementation.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is quite well-structured with monthly and weekly plans.

    Which other solutions did I evaluate?

    I evaluated miniOrange and one other product.

    What other advice do I have?

    New users should watch the YouTube channel, read the documentation, check the resource section including CyberArk University, and see if it works well with their product. I rate the overall solution a nine. My overall product rating is 9 out of 10.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Buyer's Guide
    Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.