CyberArk Privileged Access Manager Reviews

We use it to control privileged access within the environment, including domain admins and server admins.

We're using the CyberArk Privilege Cloud version, which is the PaaS.

It provides a one-stop shop for the majority of our administrators to get the privileged access they need. It has enabled us to reduce risk as well, and that is the largest benefit that we've encountered through the solution. We've reduced the number of admins in our environment significantly.

It provides an automated and unified approach for securing access across environments, including hybrid, multi-cloud, RPA, and DevOps, as well as for SaaS applications. For what we're using it for, it's doing all of that seamlessly in one place. It helps us to quickly adapt and secure modern technology, and that's another reason we chose CyberArk. They already had integrations with solutions that we were either moving toward or that we already had. We weren't going to have to do them as customizations.

The ability, with Secrets Manager, to secure secrets and credentials for mission-critical applications means people don't have to go searching for them. They know where they are—they're in CyberArk—so they don't have to go to a separate place. They have one identity to manage, which is their single sign-on identity. From there, they can go into CyberArk to get the access they need. That's an area that has been very helpful. And from a risk perspective, the multifactor authentication to get to those accounts has also been awesome. That helps us to be in compliance, as well as secure.

The Privileged Session Manager has been the most useful feature because we're able to pull back information on how an account is used and a session is run. We're also able to pull training sessions and do reviews of what types of access have been used.

We also use CyberArk’s Secrets Manager. Because AWS is the biggest area for us, we have accounts in AWS that are being rotated by CyberArk. We also have a manual process for the most sensitive of our AWS accounts, like root accounts. We've used Secrets Manager on those and that has resulted in a significant risk reduction, as well. There's a lot to it, but from a high level, we've been able to get some things under control that would have been difficult otherwise.

For DevOps, we've integrated some automation with CyberArk to be able to onboard those systems. There are some native tools like the CFTs that we're using with CyberArk to get CyberArk deployed automatically to them.

It also gives us a single pane of glass to manage and secure identities across multiple environments; a single view with all of the accounts. It's super important for us to be able to see all of that in one place and have that one-stop shop with access to different environments. We have lots of domains because a lot of acquisitions have happened. It's important for us to be able to manage all of those environments with one solution and we do have that capability with CyberArk.

I've been using CyberArk Privileged Access Manager at this company for two years, and all together for the past six years.

The stability is great. We haven't had problems with it.

The scalability is very good. I'm surprised they keep as many logs and video recordings as they do on their side. But scalability hasn't been a problem. If we wanted to scale up, we could certainly do so. All we would have to do is add more servers on our side, with our PSMs (Privileged Session Managers). The way the solution is built out, you can expand it elastically pretty easily.

We have around 400 users right now who are mostly in IT. There are developers, database administrators, as well as our Active Directory enterprise teams, and some of our cloud implementation and infrastructure teams. We have some in incident response people, from information security, who use it as well.

We're looking to expand it in the coming year. We've already started that expansion. It's the developers we're targeting next and there are a lot of them. We're looking at a couple of hundred more users within a year.

If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone. I would rate their support at eight out of 10, whereas the rest of the solution is a nine or 10.

From a technical support perspective, they've been really good. There has just been a little bit of trouble with the database stuff, but that's because ours is a very aggressive deployment. Sometimes, when working with support, they aren't as aggressive as we are.

Positive

I've used Thycotic and Hitachi HiPAM, and we've used some custom in-house build solutions.

The reason we switched is that Thycotic opened up the door to that possibility when we talked about pricing. The price came out to be something similar to what we were spending. We were basically going to have to redeploy the whole Thycotic solution to get what we needed, and that opened it up for us to evaluate the landscape.

There were some complexities about the setup, but deploying a solution like this is going to be complex, no matter what solution you go with. CyberArk did an excellent job of making sure that we had everything we needed. They had checklists and the prerequisites we had to do before we got to the next steps. Although it was complex, they were complex "knowns," and we were able to get everything organized fairly easily.

Our initial deployment took about two weeks.

We broke the deployment into four phases. The first phase was called Rapid Risk Reduction, and with that we were getting our domain admins under control, where we went with domain admin, server admin, and link admin. A part of that was the server administrators and Linux administrators. All of that was part of a very short-term goal that we had. 

Phase two was called risk reduction, where we were focused on Microsoft SQL, the database administrators, and Oracle Database administrators. It also included bringing in some infrastructure support as well. 

Phase three was enterprise-grade security, and with that we've been pushing the network tools and AWS admins, along with some other controls. 

And our last phase, which we've just recently started on, is one where we are going to be pushing hard to get developers onboarded into CyberArk. There are a whole lot of little details that go along with all of that. The initial auto onboarding happened in phase three, but we also have auto onboarding that we're looking to roll out across a larger group.

We implement least privilege entitlements as well. We started out from a high level of not going the least privilege route and, rather, we locked things down in a way that they were managed, at least. Then we started knocking down the least privileged path. You have to start somewhere, and least privilege is not going to be the first option, out of the gate. You're going to have to take stepping stones to the best practices. And that's what we've done. We took this large amount of high-risk access and brought it into CyberArk and then pulled access away over time and have been making things more granular, when it comes to access to the systems. The access within the systems, within CyberArk, is absolutely granular and we have been very granular with that from the beginning.

For maintenance of it we need about one and a half people. My team supports it and, while one full-time person is probably enough to support the solution, my team is split up. The general operations of CyberArk are what take up the most time. The actual running of the solution, from an engineering perspective, is very lightweight; it's hardly anything.

We did not use a third party for the deployment.

We started doing some comparisons of different tools and that's why we ended up switching to CyberArk, after discussions with both Thycotic and CyberArk. When looking at the capabilities, we ended up moving towards CyberArk. We felt it was a more mature solution and that some of the connectivity and reporting was done in a way that we would prefer, for a company of our size.

Thycotic is a good tool. A lot of IT people already understand the structure of how it runs. The upgradability is nice as well. You can just click an "upgrade" button and it upgrades the solution for you. The cons of Thycotic include the way that the recorded sessions are done. In addition, proxy server connections were not available. Maybe they are now, but at the time we were building out custom connectors and we had to go through a third party to get those developed. It was very bad and every step of the way was like pulling teeth. That really soured our relationship with them a bit because we couldn't seem to execute with that solution. When we started talking with them about what we needed it to do to make things easier, they ended up recommending a full redeploy. That's not ideal under any circumstances for anyone. That's why we took a step back and evaluated other solutions.

With CyberArk, some of the pros were that their sales team and engineers were very quick to come in and help us understand exactly what we needed. The deployment timeframe was  also much shorter. We didn't have to work through a third party, as we would have had to with Thycotic. And the type of relationship we've had with CyberArk is one that I wish we had with other vendors we use. They've been phenomenal working with us.

CyberArk's abilities are amazing. We're just starting to hit some limits, but we're able to get through the majority of them. Some of the database stuff is a little bit more involved. The other things, like cloud and all of the Linux and Windows, have not been a problem at all. It's not that the database stuff is a problem, but it's just more complex.

If you want to talk about CyberArk providing an automated and unified approach for securing access for all types of identity, "all types" is a strong claim. I wouldn't ascribe "all types" of identities to anything. But for everything that we're doing with it, it has been a great tool and it's doing that for us.

We use the product to store system accounts. 

CyberArk is a good and adaptive solution. It is easy to adopt and install. It is easy for every use case. 

The challenge with the product is pricing since it's expensive. It also needs to improve the customization. We encountered some stability issues as well. 

I have been working with the product for more than 10 years. 

I would rate the solution's stability a seven out of ten. 

My company has more than 20,000 users for the product. I would rate the product's stability an eight out of ten. 

We have a direct connection with the CyberArk leadership. However, the tool's support is not user-friendly. They will charge you for premium support and push you towards it. 

Neutral

I have used BeyondTrust before. 

The solution's setup is easy. There were some challenges while managing from environment to environment. We experienced some glitches during the installation process. 

The product's licensing is yearly. I would rate the solution's pricing a six out of ten. 

I would rate the product an eight out of ten. We only have the licensing contract with the product and everything else is managed in-house with a team size of four members. 

I'm an integrator and we identify and provide performance discovery, and we select the best product for our clients.

We have users that are administrators in the environment, and we convert them into a shared account model. Many of the organizations have two accounts. One is a regular user account and the other gives them administrative rights.

CyberArk allows for a higher degree of segregation of duties, although CyberArk itself doesn't do that. You have to have knowledge of role-based access control and least privilege principles. It supports it, but you have to implement it.

There is also service recording, service accounts on Windows Systems, and Linux systems, to rotate their passwords.

You will find service accounts with passwords that are 5,000 to 8,000 days old, but not with CyberArk. It creates a very strong service to prevent attacks. 

When passwords don't change it makes them very vulnerable and allows attackers significant lateral mobility within an organization. It gives them the necessary time to scout the environment and choose what their attack will be, whether it's going to be a ransomware attack or a data exfiltration attack or if it's going to go in to cause defamation to the company like creating a denial of service to clients. Also, hacking their Facebook page or their Twitter page are common attacks.

CyberArk probably has probably the best vault on the market because of the multiple layered security and each password getting its own encryption. Each password gets individual encryption. By the time you are able to crack one of the passwords, it's already been changed a dozen times.

The attack surface on a CyberArk Vault is very nominal and in addition, CyberArk also has its own on-staff hackers where companies actually hire them to perform penetration testing, but within, inside the environment.

CyberArk has two disadvantages; the first is that it's insanely expensive and the other is it's very complex. 

That's the downside because CyberArk was not built organically. It was built systematically.

They're not built into the product. You have to shoehorn things in. You have to create programmatic interfaces to make things work, but that's why I said it's the most complex product.

CyberArk is still in the model of managing accounts and passwords. When you're logged in as a domain admin, you're leaving footprints everywhere you go. These footprints can be picked up and replicated. So, I think CyberArk is behind the curve in that area.

Customers are already having an issue with the cost of CyberArk and then you have to add another $100,000.00 to the bill for other application accounts.

I would like to see a more streamlined and built-in programmatic onboarding and offboarding process. Something a little bit less complex than what they're currently doing.

The price is the problem and also the architecture can be daunting because CyberArk really strongly encourages having hardware vaults. Most corporations are totally virtualized.

I use virtualized vaults on everything including the high availability configuration.

I started using Cyber-Ark Enterprise Password Vault when they were on version five or six, they are now on 11.5 or 11.6. I have been using this solution for a total of 15 years.

CyberArk is very stable.

If there is a problem, or if a problem does occur, unless you know exactly what to do and how to diagnose it, you may not be able to find it because there are so many moving parts. However, a good administrator can usually diagnose a problem fairly rapidly.

They determine the root cause by performing a root cause analysis. Also, you should inform CyberArk because sometimes a fix might be required. CyberArk stopped performing single sign-on.

CyberArk is very scalable. It's one of the things that I love and it's also one of the things that I hate about CyberArk.

For example, it's a standalone vault that is practically uncrackable. If you want to do a password rotation you need to have a central password manager. It's called a CPM.

If you want session recordings you have to have a PSM. They can be run on the same server, but eventually, the performance is going to be an extensive task. 

A CPM is performing verification on passwords continuously, and to start stacking server roles on top of each other. 

If you're a semi-vault in a small environment, with one server running CPM, PSM, and PDWA all on one box, it would be no problem with less than 10 administrators and only 70 servers.

With other small or larger organizations that have hundreds of servers rendering that capability or that flexibility, you would have to have a dedicated CPM and dedicated PDWAs, which is the administrator web interface.

For a medium-sized company where you want to do a session recording for all the administrator access, it will cause a problem. It will require multiple PSM servers and if you don't have a good administrator who documents the build process well, or they don't update it, then the problem shows when you build a new PSM. If they don't add all the applications to it then you're going to get an intermittent error across the low-balanced PFMs, where eight of the ten work, but two of them don't because they didn't install the SFQL agent. It's a very complex program, albeit very scalable.

If you're a multinational corporation, you can have your vault in one location and have PSMs distributed where the systems are in the data centers. Then, the PDWAs and the CPMs would be in the data centers and you would have the PDWAs where the user populations are. Rather than having one single appliance or one single box that does everything, you end up having boxes distributed all over. This means that they have to do synchronization and it works out very well most times.

We have small to large company clients. We have clients that have tens of thousands of administrative accounts and 1000 or so servers, to clients as small as having 70 servers with maybe only 750 to 1500 accounts.

Technical support is awesome!

CyberArk has excellent technical support. They may not be timely. They're not quick, but they're great.

I would rate the technical support a ten out of ten.

You have to follow the ticket creation process, which is in your benefit because you need screenshots and logs to be able to diagnose the problem. If you do that, then CyberArk comes back with some incredible support help and in most times it's something that I would have never been able to figure out because the product is very complex and it has a lot of moving parts.

I have not used any other solution previously. CyberArk is what I learned first.

The initial setup was very complex. There are a lot of moving parts. The skillsets for some of the advanced features require administrators to know how to program in specific APIs. 

The complexity to implement is very high. On a scale of one to 10, it's a 9.5.

CyberArk is very expensive and there are additional fees for add-ons.

CyberArk Password Vault is probably the top vault on the market and Thycotic would be a close second.

CyberArk is not always suited for our clients but it is the best solution. Eight out of 10 organizations don't implement it. Just because you know CyberArk doesn't mean you understand it.

The SaaS solution is sound but the on-premises is primarily what I have worked on. I am CyberArk certified. When I started off several years ago, I got my CIS as PE. I was put into a security group in EDS. 

Network admins who work for the company have to be administrators, with high skill levels. 

Before implementing CyberArk, I would say do a very aggressive use case creation of everything that you're expecting the vault to do. The security architecture should be able to create high-level bulleted use cases. Security administration should be able to take it down to the next level of detail.

They will have to add Conjure, which is another license for CyberArk.

I would rate this solution a nine out of ten.

Primarily, I import accounts from our critical systems.  

Knowing that our passwords are stored securely within the vault has been a big improvement. It eliminates the need for users to store passwords in less secure locations.

We want to integrate it with our IT service management platform and our SOC solution, but that's a future project.

The password protection itself is the most important feature. It's something we didn't have before.

Moreover, the interface is intuitive. It is clear and user-friendly. 

The session monitoring and recording feature is also a good feature feature, but we're currently experiencing an issue with session monitoring not working correctly. We're working with CyberArk to resolve it.

We aren't able to view active sessions or historical recordings of sessions.

It is complex, which is something I know CyberArk is working on. They're trying to simplify certain administration tasks because a common critique is the level of complexity. But overall, we can do everything we need with it.

So, CyberArk could still focus on making it more user-friendly.

I have been using it for a year. 

So far, we haven't had any scalability problems.

We have around 50 licensed users – primarily administrators. We currently manage about 5,000 accounts with CyberArk.

Sometimes, the initial response time is a bit slow, but once the customer service and support take on a case, they resolve issues quickly.

Positive

CyberArk handled the primary setup tasks. We worked with a partner to implement additional components and now have the knowledge to manage the solution ourselves.

The implementation process took around eight months. 

There has been an ROI. 

We expect to see a full return on investment within the next three years. This was part of our long-term security plan.

It is expensive, but the cost is justified considering the security it provides. Compared to other solutions, it is costly. We have not tried other solutions, but the price is high. 

We only license Password Vault.

My company evaluated another solution like Delinea but preferred CyberArk due to its robustness and flexibility.

I like its flexibility, while adding some complexity, allows us to fully customize the solution to our needs.

One of the main advantages is the way we can connect from outside. We use a portal that provides secure access to our systems without needing a VPN. We just scan a QR code, and we're connected. We do not need to use a password and we are in through the QR code scan. 

I would recommend using it. Overall, I would rate the solution a nine out of ten.

It's a very complete solution for what we need.

We use the solution for the full automation of tens of thousands of credentials across hundreds of different integrations. Our use case includes Windows, Linux, networks, security, storage, mainframe, and cloud (both Software as a Service and Azure platform based). In addition to the credential rotation, we use credential providers and privileged session management to greatly reduce the use of passwords in the environment. Users authenticate using MFA, Multi-Factor Authentication, and are able to access systems based on Role Bases authentication rules. 

The solution has improved security posture while greatly reducing administrative burden. We leverage CyberArk to deploy applications without the use of secrets.  

Applications authenticate securely to CyberArk using a combination of certificates and other extended application-identifying parameters to promote a secure DevSecOps environment.   

The extensibility of CyberArk has enabled us to develop custom integrations into Microsoft Azure leveraging KeyVault to synchronize on-premise and cloud secrets in a consistent hybrid credential management architecture.

Credential rotation automation combined with privileged session management are great aspects of the solution. It enables highly complex passwords that the end user never knows or sees. We have some use cases where administrative users will log in to highly privileged systems using a one-time use secret and immediately following their administrative session the password is rotated

The ability to develop and deploy applications with no stored secrets is very valuable. This keeps code repositories free of secrets and application authentication is centrally controlled and monitored.

The greatest area of improvement is with the user interface of the Password Vault Web Access component. The latest long-term support version of CyberArk (12.x)  still includes and still leverages the version 9.x UI in order to maintain some of the administrative functionality.   

The performance of the 9.x UI leaves much to be desired and there are still some administrative tasks that require the use of a thick "PrivateArk" client.   

Many improvements have been made over time, however, there is still work needed.

I've used the solution for eight years.

The solution has been quite stable for many years and includes the functionality for clustering the multiple site replication, both of which we leverage for a high level of uptime.

The solution is very scalable, however, with scale, there are certainly performance considerations.

Support has been a mixed bag. First-level support has been extremely time-consuming to get to an escalation resource that can help us resolve our reported issue. In all fairness, we have a very experienced staff and generally only contact support for more complex issues. There have been improvements made over the years and the commitment to improving support. Still, there is work needed in that department.

Positive

I did not previously use a different solution. 

Setup depends on the complexity of the solution. A simple configuration could be up and running in a day.

Our environment is run in-house by a contract team with expertise in CyberArk.  However, we do leverage the vendor for major upgrades and have used their technical account manager services in the past

CyberArk PAM is used to secure passwords and remediate audit findings. CyberArk PAM is used to manage access to passwords, rotating these after use or on a regular basis, and verifying the passwords on the system match what is in the vault on a regular basis. Passwords are managed in this manner on both Linux and Windows servers.

CyberArk PAM ensures that passwords on Linux servers are highly secure, regularly changed, and completely auditable. This saves enormous amounts of time when responding to audits and security concerns. And the scheduled verification of passwords ensures that passwords remain available when needed and stay secure. CyberArk has become the standard tool for password management.

I find value in notifications from CyberArk when passwords fail verification and have other issues. Investigation of these issues often uncovers other issues. The way safe security is handled is outstanding and makes it easy to provide safe access to those who need it and deny safe access to those who should not have it.  

Another valuable feature is the agentless architecture of the product. Using native processes to manage passwords and not having to install and update agents is a huge plus.

A more friendly and functionally complete user interface would be nice to have. The current interface is not very intuitive. It is somewhat clunky and difficult to navigate, and many times have to toggle between the somewhat underdeveloped new interface and the older classic UI. This state of basically having two interfaces is a prime opportunity for CyberArk to improve its product.

Also, it would be nice if the vaults could run on Linux instead of Windows.

I have been working with CyberArk for more than ten years in various capacities ranging from end user to safe/vault administrator to application administrator.

The solution is incredibly stable.

We have not run into any scaling issues.

CyberArk support is pretty solid.

Positive

I did not previously use a different solution.

The initial setup is more complex than simple, however, not daunting.

We worked with the vendor team who were very knowledgeable during the implementation.

The PAM product isn't low-cost, however, it is worth it. Go with a longer-term agreement to realize lower costs.

CyberArk PAM was chosen before I got involved so I am not aware of which other products were evaluated. However, we have never had to go back and review the decision to use CyberArk.

Use CyberArk professional services when needed. They are very knowledgeable and experienced which means engagements have a high success rate.

We're a small IT shop of a few hundred people and the company has only a couple of thousand employees. We had some SharePoint workflows that people had used to get access via submitting a ticket. We had updated those processes by using some DevOps, some JAMS jobs that run in Azure, and they were breaking frequently. We have gotten people to understand now that they can just go to CyberArk. They don't have to submit a ticket, they don't have to go through a workflow, they don't have to put in the right server name or wait for an approval. It's just there. People really like that.

The solution standardizes security and reduces risk-access across the company. It's what the solution does. It's just a requirement. Standardizing access is taking away the "onesie-twosies." With the DNA scan, you're running a full report of everything on all your servers that you're targeting, or all the servers period, and finding those onesie-twosies accounts and getting rid of them. Standardizing and making local accounts on the servers, accounts that have least privilege and that don't have access to anything else, and giving people only that access when they log onto a box; that's pretty cool standardization.

In terms of being able to have a quick win using the solution, we were given a ridiculous deadline to meet an external customer requirement to have privileged access management in place within a couple of months. That was to include signing the purchase order, getting it installed, and having it up day one to take in what we thought were 17 servers. Actually, we found out it was 53 and, two weeks after we had it running, we found out there were upwards of 60 to 70 servers. Getting all those servers in, the accounts in place, by the deadline — even just installing it — was all an immediate win. People said it couldn't be done.

Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control.

We're quite new with CyberArk. We've just installed it this past summer and we've taken off with the Microsoft tier model. Tier 0 is our domain admin accounts and our local admin accounts on some applications are specific to SOX requirements. That's been amazing. It's basic-use PAM, but it's been really fast and easy because of the DNA scan. We knew what was there and we were able to go find who owned those accounts. Step one, step two, step three are really easy.

We're pretty excited about Alero, the third-party access management. As a small company we lean on vendors quite a bit and we do that in multiple areas. That's going to be a big one for us. It's just gone from beta to production. It's one of those things that's on our roadmap, but being so new to the toolset, we're just growing into the tool. We're not quite there yet.

The product has been around forever. In a way, it's a bit old-school. I came from a Windows Server environment, so I get how it's built. It's INI files, it's apps that run on Windows Servers. I'm sure there are other ways that it runs, such as in the cloud as well. There are other directions. But the base of the product is old-school. It just works. So the stability is there. My new engineers can do the install, they can understand how it works. It's quite stable.

In terms of scaling, we're not there yet. We have a number of offices, we're a small company but we're spread globally and we're installing servers in Brazil. We also have servers in London, so we can scale geographically quite easily because it's applications running on servers. There's also a DR capability, having those vaults where needed, so we can scale that way.

There are a lot of new things coming out about endpoints, and third-party management is going to be big. We can scale geographically and we can scale outside of our borders and that's going to be cool.

We had no PAM program when I came to this company.

The initial setup is very straightforward. It's well-documented. We sought to have external advisors and third-party consultants help, in addition to CyberArk's help, because we had such tight deadlines. We were installing multiple environments with a turnaround in weeks and had to complete the training at the same time. Junior engineers were coming in and they could walk through it. We found out that it's almost self-doable. But that's probably not advised in any solution. The help was appreciated but it's straight-away easy.

In a previous life, I worked with TPAM, Quest products, and Safeguard. We evaluated five different toolsets when it came to my new role here — all the major players. The last two were Quest and CyberArk and I had a strong relationship with both groups. A lot of it came down to dollars and cents, but CyberArk also had that marketplace that told us that we could do certain things out-of-the-box. That was very important to us, enabling us to get stakeholders' buy-in: strategic alliances within our customers or the companies that we own. We got them bought-in to the idea that they were going to be using this tool. It came down to the marketplace.

I'd never ever rate anything a 10. I'd probably never rate anything a one. I'd rate CyberArk as 7.5 out of 10. We actually did surveys of all the people that saw all the demos of all the new solutions we looked at. CyberArk was a seven or eight consistently, from all the people who watched it. The benefit of it is it's stable, it's old-school, it just works. The downside is that it's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers. Those are the highs and lows. It could be amazing if it all ran in the cloud, but that wouldn't be possible.

I started as a PAM engineer eight years ago. Learning PAM and understanding how it protects people and being the liaison who needs to take passwords away from engineers is really tough. But it put me in a good spot. I grew from a PAM engineer to an identity engineer to identity team lead to identity manager. Within the last year-and-a-half, I came into this company because of a PAM role. They hired me as an identity manager because I knew PAM and because I had a relationship; I was working on bringing CyberArk in as part of my previous role and they wanted me to come in and do that same evaluation here. So knowing CyberArk got me my job and, within three months, they said, "We don't need just one team like this doing these assessments. We need multiple teams. So you're an associate director." I said, "Thanks, I don't want to do that. I just want to play with PAM."

We use CyberArk Privileged Access Manager to manage our privileged accounts because it protects against cyberattacks and prevents unnecessary or illegal access. 

It provides a centralized management system, making it easier for us to enforce policies and monitor access across our organization. Additionally, we can monitor sessions and record and detect suspicious activities that are harmful to our systems and organization.

The AI capabilities, including advanced threat detection features, are very helpful for us. They reduce human effort and errors, allowing us to quickly identify and respond to threats. This solution scales up our IT environment and resolves almost every issue that poses a threat to our organization.

Pricing is a concern for me because it is not very user-friendly for startups, new users, or very small organizations. It might be better if the price was reduced. Sometimes, the maintenance cost can also be high.

I have been using CyberArk Privileged Access Manager for the last one and a half to two years.

Every application has downtime. However, it remains stable overall. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

Sometimes, when I face issues or want to understand some features, or it is difficult to identify activities in our system, I contact the support team. They are very helpful, always available, and try to resolve our issues as soon as possible.

Positive

This is the first PAM solution that I implemented in our organization.

The initial setup is not very easy, nor very difficult. It is moderate to deploy.

It does not require any maintenance from our side.

We have a team of three to five members, and they deployed it in a minimum of one week.

Its price can be reduced.

I researched some solutions and found CyberArk Privileged Access Manager to be one of the good solutions. I am very happy with the product.

I am happy with this product. If someone is looking for a PAM solution, I recommend it because it has a large developer community and good customer support. It is more stable than the others, and I am very happy with it. 

Overall, I would rate it a ten out of ten.