CyberArk Privileged Access Manager Reviews

I use CyberArk as a password vault and session recordings and to connect the server sites. I use some critical systems if I can access them, including workflows and mechanisms. 

It's really good. 

The digital vault is great. It protects our passwords and manages those passwords and changing periods.

There is some third-party access to our system's recording process. It's very, very important for us and we're glad they allow it.

It is a robust product. It's very stable and reliable.

The solution can scale well. 

The interface could be updated a bit. Right now, it's not very good. 

It is very complex and difficult to set up the solution. 

Maybe some customers have a lot of systems. For example, we have 1000 Windows systems and 500 Linux systems. I need a remote desktop management solution for the CyberArk. I'd like to be able to change desktops with one click. We'd like the next release to have remote desktop management tools. 

I've been using the solution for the last five years. 

The solution is very stable.

We no have had no performance issues; it's a really robust product. If I need more performance, I use another server, install another server, and improve our performance.

It is very easily scalable. 

We have 50 admins on this solution. 

We are using the solution to 70% capacity. We do plan to increase usage. 

We did use Delinea, formally Thycotic. That solution is really good, however, not fully secure. CyberArk is a more secure product - much better than Thycotic. Thycotic may be better in terms of its admin-friendly interface and integration, however, CyberArk offers more than vendor integration. It has massive integration capabilities.

The implementation and integration process is very, very complex. It is a robust product, however. I don't have to do a lot of setups, luckily. However, when you first set it up, it's very difficult as you don't really know what you're doing. 

The first 27% of the implementation took us maybe three months, however, for more than 95% of installation, it took us over one year. We had all the features up and running, however. 

We started with connection and session recording features, however, items such as password changing and other integrations, for example, firewall connection and switch interface connection were rolled out over the year.

You only need one person to maintain the solution. 

We had a third party help us with the implementation process. 

It's a yearly license that we pay. It is more expensive than other options. There are competitive products that are cheaper. 

I can't speak to the exact price. On a scale of one to five, with one being the most expensive, I would rate it a one. The license covers five servers. If you need more servers, you pay more. The same is true with disaster sites. If you need a disaster site, you are fine. It is included. If you need more, you need to pay for it. 

We did look at multi-factor authentification options and zero-trust network access. 

I'm not sure which version of the solution we're using. It's likely the latest version.

This is a fully secure product and integrates with a lot of different systems. I'd recommend the product to others. 

I'd rate the solution eight out of ten.

We use the solution for cybersecurity and regulation.

The tool has safe vaults. We keep our passwords in the Vault. The tool’s recording feature is also valuable for us.

The tool needs to improve its usage and interface. They need to have a modern and useful interface. I want the product to improve its integration capabilities as well since some of the integration features do not work always.

I have been using the solution for five years.

The solution is a stable product.

The product is scalable. You can manage 100,000 scripts or 1000 secrets with the solution.

I would rate the tool’s support an eight out of ten. The tech support is good and not complex. You can escalate the problems easily.

If you do not have prior experience, then the tool’s setup is complex. It has a complex installation process. You need to do pre-configuration correctly. The deployment takes around two to three days to complete. One experienced person is enough for the deployment.

The product’s pricing is feasible for enterprise customers. The pricing is expensive for smaller businesses. You need to pay additional costs for service implementation and local support.

I would rate the product a ten out of ten. We recommend this product for enterprise customers. The tool’s pricing and operation are a problem for small customers. They need to opt for Software as a Service. Companies need to install this product since they have a lot of accounts and passwords.

The most common use case is when you need to hide the management for the servers, switches, routers, et cetera. You can use privileged access for remote use cases.

In my company, we have a lot of servers, and the problem is when the users want to access these platforms. You can access all the architecture and knowledge with this product. It provides more access and visibility.

The password rotation and cyber gateway have been quite useful. It's a solution that allows you to search for passwords for your servers and accounts. This is the most feature power.

The solution is quite stable.

It is scalable on the cloud. 

The implementation is hard. For example, the on-prem implementation specifically is really hard to deploy. 

The solution does not scale well on-premises. 

This is an expensive product.

It's hard to get help from support if you are not certified. 

I've been using the solution for five years. 

The product is really stable. You just need to deploy a higher viability solution. However, you need to do a lot of budgeting to deploy that higher viability solution. You need at least 12 servers. It's really, really difficult to have a budget for that.

It is easy to scale on the cloud. It is difficult to expand it on-premises. 

We have 30 people using the solution in my company.

At this point, we do not have plans to increase usage. 

The technical support is really excellent. However, if you don't have a certification, it is impossible for you to receive technical support.

We previously used BeyondTrust and Centrify, among other solutions.

The initial setup is pretty difficult and it takes a while to put into place. 

You need at least six servers to deploy it and it's really difficult to have a budget for that - plus, the implementation itself is really hard. You likely have to dedicate one week to deploy the solution and another week or two to onboard all the accounts.

Basically, it's pretty complex to implement. 

We've used a consultant to assist us with the implementation. 

The ROI is really quick. If you have a compromised account, it can compromise your infrastructure, and the loss of the business is really high. With this product and the protection it offers, you can witness ROI immediately.

You need a large number of servers, and therefore it gets expensive to deploy the product.

The license is expensive. It costs us around $200 per user. 

We are using a privileged cloud and an on-prem cloud, an on-prem APD. We have a hybrid setup.

I'd advise potential new users to have very good scripting at the outset. If you don't, you'll have difficulties in the long run. 

While the solution is expensive, it's excellent. I would rate it ten out of ten. You definitely get what you pay for. 

We use this solution for privileged systems access with a high emphasis on security. End users are required to go through a process of being vetted in our NERC environment in order to use the solution. This product has been used by my company for about five years now.

This product has placed a new culture in my company by making employees more aware of IT compliance and cyber security. It has also placed us in a position to meet NERC CIP v6 requirements.

The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task.

Using the PSMP (Privileged Session Manager Proxy) makes it extremely convenient for UNIX Administrators to utilize their favorite SSH client software (i.e. SecureCRT or Putty) to connect to a privileged target without having to go through the PVWA web login.

I would like to see the product enhancement with the Secure Connect feature. Today, there is no functionality to create "Accounts" using Secure Connect to permanently store a user's working tab. It is a tedious manual process of entering host IP information and user credentials into a privileged target system.

Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use. It’s a manual process of entering information all the time. Unless you are working with accounts already stored in “Safes”.

I have been using this solution for seven years.

We have noticed some stability issues with the PSM Servers. We've noticed that there may be a limitation on the number of users that a PSM Server can handle. We have two PSM Servers deployed in our Production environment and have come to a conclusion that we may need to add two more to stabilize the environment.

Upgrading to version 9.9 significantly reduced the stability issues with the PSM Servers and the limitation on the number of users that the PSM can handle.

CyberArk could use some improvement in their level of customer service. Sometimes, it can take more than a day before a Case that I have submitted online gets a response from tech support.

The level of technical support has been great. The challenge has been to get an initial response and sometimes follow-up from CyberArk Support.

If you are going to set up CyberArk for the first time, I highly recommend that you utilize their Professional Services. They are extremely knowledgeable and very helpful and will ensure that your implementation is a success.

We use Texas DIR when evaluation and making purchases of products.

We are currently on version 9.10. We would like to upgrade to the latest version some time this year. There is currently a CyberArk Security Bulleting CA19-09 that addresses potential administrative manipulations within the PVWA and the Digital Vault. CyberArk has released patch 9.10.4 to address the PVWA and they are working on releasing a patch for the Vault Server.

The solution is primarily for security and access control. 

It's used to ensure and protect the complete IT infrastructure administrative account and the administrators and limit them to do any particular activities on the server and record all the activities on the server. it's for auditing purposes and for forensic usage.

We use it o identify if somebody internally hits the organization or tries to intrude and try to do a data breach or try to steal the information or do some kind of internal hacking. That risk can be eliminated using the tool.

CyberArk is one of the greatest platforms. It supports lots of requirements in the privileged access management area. 

From a configuration point of view, it is not very straightforward as per the deployment. The configuration is typical. However, when it comes to the integration piece, it has flawless integrations with lots of applications, whether it is out-of-the-box or customized. It supports any number of platforms. 

The company is very keen on looking at new applications to build out-of-the-box plugins. The support for the privileged single sign-on configurations with the application is excellent. 

Security-wise, the security is unbeatable compared to any other tool in the industry. They have a vault concept. They consider it similar to a bank vault. This is where they keep all the privileged admins' passwords. That particular vault has seven layers of security, which are unbreakable. It basically cannot be hacked. It cannot be hijacked. 

If something goes wrong, for example, if the vault is destroyed, your data is still protected. You can easily revive your data from that particular vault. It's a great capability. The security is excellent. It is very, very tight here. They support one signal protocol kind of communication with the internal products.

Where your password will be residing that is protected by a seven-layer of security. It has a web interface hosted on an IAS server on Windows. It has a CPM called central password management, which will do the password rotation. That is sitting on one other server. It has a session manager, which provides the single sign-on mechanism, privileged single sign-on mechanism, or automatic single sign-on to log into any infrastructure servers and applications. These are the four core products, and they integrate with each other and they integrate on one single port.  

If you try to intrude on the system or any hackers try to intrude the system, they will not be able to do that as the communication through this port is entirely encrypted. They will not be able to revive the data in real-time. It's a great security feature.

It supports hybrid deployments as well. It supports single standalone deployments for high availability with different kinds of deployment structures or topologies. This is a growing trend in the market. 

They can work on the pricing part. Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge. 

I've used the solution for four years now. 

The solution is very stable. It's reliable and the performance is good. 

Every organization is different. Some are small, some are large, and some are medium-sized. This product fits all organizations. It is designed to be scalable. 

Technical support has been excellent overall. We are pleased with their level of service. 

The setup process is typical. It's not easy to set up. It depends upon the environment, the requirement, what the customer is looking for, et cetera. If, let's say, there's 1,500 accounts, which need to be protected and 10,000 servers, which need to be protected, the deployment can be done with the two-node setup. The two-node setup is okay. However, when it comes to the larger organization where we have lots of privileged accounts and lots of servers or when the account increases to 100,000 servers and 100,000 or 200,000 privileged accounts, in those cases, the product is complex.

You need to be well trained in order to be able to execute an implementation. 

The pricing used to be very competitive. I can't speak to the exact pricing. However, it is my understanding that it has gotten more expensive. 

I'm certified in CyberArk. Earlier, we worked with CyberArk as a partner. At this point, our contract is in a renewal state.

I'd rate the solution nine out of ten. 

It is a great product when it comes to security. From the security point of view, I would advise a new user to use this tool and deploy it in your environment since the security is unbeatable.

In our company, CyberArk is used to manage passwords for IP use. We use CyberArk for managing and automatically changing passwords in our managed system and environment.

We use it for coding privileged sessions, but we also use another solution for that, and CyberArk is the backup for this.

We are using the latest version.

It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes according to the internal security policies in our bank.

CyberArk PAM gives us a single pane of glass to manage and secure identities across multiple environments. This is quite important for compliance reasons.

CyberArk PAM provides quantitative risk analysis for every human and machine identity in our environment. This has a big impact on reducing risk. 

The PAM feature is the most valuable. It helps us to automate our jobs and administrative tasks. 

It also gives us a lot of features for compliance. Using this type of software is required by Polish law in finance and business in Poland.

We use CyberArk’s Secrets Manager to secure and manage secrets and credentials for mission-critical applications. The newest GUI is much better than the older version. Now, it is quite good.

CyberArk PAM provides an automated and unified approach for securing access to all types of identities that we use. This is very important to us.

I would like advanced RPA in the basic license. CyberArk has RPA, but we would need to buy additional licenses. It is not out-of-the-box.

I would like better support.

I have been using it for five years.

So far, we don't have any problems. We have implemented higher availability in CyberArk. So, maintenance or updates don't have an impact on our environment. We don't have performance problems or anything like that. The stability is very high.

I have had no problem with agility in this solution. Everything works fine and gives us an opportunity to act as we want.

According to the information that I have, we simply add more servers if we need it or have additional business requirements. So, scalability is high.

There are about 155 users. Mostly, they are our IT administrators and developers.

This tool is used daily in our bank. We don't have plans to increase usage right now.

We don't often contact technical support, but when we do it, the response could be faster and better.

Neutral

We didn't previously use another solution.

The initial setup was complex. Our deployment took three months.

We needed to scale our environment and implement the correct number of servers to prepare for a working environment.

Implementation of our CyberArk instance was done by an external company. It covered all our needs and requirements.

We have not seen ROI directly in money. However, we have seen ROI in quality. It increases security in our IT environment and provides the highest SLA for our systems.

CyberArk PAM helps save us time when it comes to onboarding new employees and providing them secure access to SaaS apps and IT systems. It is saving us about two to three days per new employee.

We use an old model for pricing. The new model is a subscription model on the cloud. 

The price of CyberArk support could be a little bit less. Otherwise, pricing is fine.

We did some benchmarking, without the tools, to compare the cost of maintenance and functionality. We compared CyberArk to Password Manager Pro from ManageEngine. CyberArk has more functionality and better stability, in our opinion. The price was very similar between the two solutions. 

CyberArk is a good technology partner. They help us a lot with maintenance and our security process management.

I don't have experience in the cloud using CyberArk. However, for on-premises environments, it works very well. I recommend it. 

I would rate the solution as a nine out of 10. 

It is used to manage the policies on our endpoint because we want to takeaway admin rights to protect our computers.

We have had our implementation issues. However, the software is light years ahead of its competitors. We have seen massive progress with the updates of the software. We have been doing pretty well with it in the time that we have been implementing it.

We are trying to manage the endpoints, but our company has been a long-time customer. We want to integrate the other products because EPM is not the only one. We do have PAS and AIM, but now it looks like CyberArk is moving towards integrating all of them into one thing, so they can all work together in one console. We would like to get there eventually. I can't wait to upgrade.

We are stripping administrative rights, and we have implemented a special ID to help folks that lose administrative rights. Maybe it broke something, so while we design policies and try to get them where they need to be, they will have this ID in the meantime. CyberArk is able to protect both of these things while we move forward in this.

The software is insanely robust. You can do whatever you want. If you want to put your own logo on the pop-up, then you can do it. You want to change the color to pink, yellow or brown, then you can do it. You can do whatever you want with this thing. This leads to people getting lost on what they want to do, but for those who have a great plan with a clear, concise idea of where their organization is going and what they want to accomplish, it is there to help you.

Where a lot of people might struggle is with the actual environment, and where to begin. The software builds on top of that. You have to have a solid foundation. You will learn that as you work through the product, but you will also see how great and powerful the product is.

With computer security, administrative rights is probably the number one thing that comes to mind. This is a software that will allow people to still use their Google Chrome, Adobe, and Facebook. They can do what they need to do, but it still keeps them protected. That is what is so great about the product, we can sell it to people as, "We are not trying to stop you. We want to enable you, but we want to be safe too. It's there to do that." 

• I love the interface because it is colorful, easy to read, easy to see, and how easy it is to make policies. 
• I love how we can make a policy that affects everybody instantly, which is great. 
• I love the reporting features, so it is easy to see what we did.

I love the product overall, because it is great.

I want some of the things which are glitching out there for me to be fixed. I have heard that there is something in the works, that they will be putting a feature in the help desk where they will have a message board now. So, I could communicate with other people who are having the same problems and pull their issues, this way I don't have to bother support all the time. Also, people can vote. They can vote on the most important issues, and CyberArk will prioritize them next, really listening to the customer. That is pretty cool.

One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening. However, they are coming close to a solution. It has been an issue for a while. I heard that this is one of the top priorities that they're working on.

This is where we have had some woes with this software. Part of it is in our environment, and what we built it in as far as our database server. We met the requirements and it had some issues. The software is still growing and getting better. It is not 100 percent there yet, but even so, there is nothing in comparison to the product. It is too robust. It offers too many features that nothing else does. You might as well deal with it. You are going to deal with implementation and memory issues regardless that we had on the SQL Server, etc.

Part of this will come from your personal environment, but CyberArk has done a great job with it. However, they still have a ways to go. One thing I really like with every upgrade, they listen to the people. If you are saying this needs to be fixed, they listen. They usually put it in the upgrade, so that is cool.

There are growing pains from integrating a software which allows you to do anything, and you could do anything but it is based on your environment. The software can do whatever it wants, but it is going to be reactive to your environment. Everyone will have a different experience. 

If this was a perfect world, you had a clean active directory environment, your SCCM solution was fantastic, and there were no firewall issues, the product would deploy. No problem. Read everything, and you are good to go.

I could definitely understand. It is like designing the program for how it should work, then dealing with real life scenarios. You talk to any company here, and everyone's active directory is a mess. That is where you are trying to get your data from. That is where you struggle sometimes. However, the software is great. The Dev guys are on it as far as upgrades, etc.

If they keep upgrading the software, they are going to be around for a long-time. We are a long-time customer. We have multiple products, and they are going towards the right direction because if we own three or four of their products, then we can meld them all into one and they all work together, which is great.

In the beginning (early 2017), we had some issues. We would have a discrepancy in what user support was telling us. From mid-last year until now, it has been absolutely spectacular. They have key people who are very good, and I speak extremely highly of them. They are excellent, very professional with a lot of knowledge.

We did not have a previous solution, because we have always had admin rights. In fact, we did a proof of concept in CyberArk, version 1.

We needed something to manage the endpoint and to be able to empower the user. By far from not only a user's perspective on what they would be able to accomplish, but from the person who has to design the policies, it was the best. It was like working in MS-DOS compared to Windows 10. 

We had an educational and technical guide for the entire setup process. I also had CyberArk with me on the phone.

I designed the solution. Because they knew that this is a solution that no one had really seen before, they made sure they had somebody onsite throughout the entire implementation.

We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us. That is pretty important. We are protecting ourselves the right way.

Avecto was the competitor. They integrated with McAfee ePO, which was our endpoint solution at the time. Unfortunately, it was not as robust as I thought it would be. I didn't like it. I felt like the product relied too much on McAfee to do what it needed to do. Whereas, CyberArk was a standalone client which was way more robust.

The competition was utilizing a product that we are getting rid of in two weeks.

Get on implementing it today. Be patient. Test a lot. Deploy slowly.

It has places to go. I see the potential. It is getting there, but it has room to grow. If you compare this product with anything else as far as an endpoint solution, there is nothing which even compares.

We have implemented the new plugin generator utility already. I trained the help desk. It is really easy. Instead of having to fix it myself, the service desk will receive a one-time code to help the customer immediately, so they do not have to wait. I will receive a ticket to make a long-term policy. It is a perfect system.

Most important criteria when selecting a vendor: communication.

The solution is used to provide privileged access management to our datacentre environments, for anyone with admin rights with infrastructure or applications within the datacentres. Authentication to the solution in the PVWA (Password Vault Web Access) with onward connectivity via the PSM for Windows (PSM) as well as the PSM for SSH (PSMP). These provide the session isolation, audit, and session recording capabilities that CyberArk offers. The use of Privileged Threat Analytics (PTA) adds more control functionality to the solution.

The product has allowed us to improve both the management and access to privileged credentials, while also creating a full audit trail of all activities happening within isolated sessions of all tasks and activities taking place within the solution. 

This includes sessions via the solution and sessions to administer the solution itself. From a user perspective, we no longer need to try and create or remember complex passwords or have to be concerned about when they will change as the solution takes care of this and can and does populate these credentials for you so mistyping a complex password is a thing of the past.

Password management is a great feature, as all passwords are changed more frequently. This can be scheduled in line with a specific policy requirement or each time the credentials are returned to the pool for reuse and are always compliant with the password policy however long or complicated the policy states that they need to be. 

Another great feature is the Privileged Threat Analytics (PTA) as this can stop a session based on prescribed risk and bring it to an end or pause it pending approval to proceed.  

The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow. That said, it has been moving in the right direction with features becoming available in the v10 interface and some user features are available in both classic and v10 interfaces. I would love to see all the classic interface features moved into the v10 interface or available in both interfaces within the next version. 

I've used the solution for about eight years.

The solution has been very stable.

The solution performs well, however, based on the user base may require a sizable footprint.

Support does vary depending on how critical your issue is and if it needs to be elevated to dev support.

Positive

Our previous solution was not a PAM solution and these days you can't afford to not use one.

The setup is not complicated when trained staff are used.

We handled the initial setup in-house.

Set-up costs can be minimized by controlling the number of applications that are made available within the solution. The newer licenses are per user and open up access to a suite of products, the best value, and security can be achieved by using more of the products.

We looked at other products like Delinia and Wallix.

Take advantage of the vendor's training or use a good partner to provide support and administration.