CyberArk Privileged Access Manager Reviews

Primarily, I import accounts from our critical systems.  

Knowing that our passwords are stored securely within the vault has been a big improvement. It eliminates the need for users to store passwords in less secure locations.

We want to integrate it with our IT service management platform and our SOC solution, but that's a future project.

The password protection itself is the most important feature. It's something we didn't have before.

Moreover, the interface is intuitive. It is clear and user-friendly. 

The session monitoring and recording feature is also a good feature feature, but we're currently experiencing an issue with session monitoring not working correctly. We're working with CyberArk to resolve it.

We aren't able to view active sessions or historical recordings of sessions.

It is complex, which is something I know CyberArk is working on. They're trying to simplify certain administration tasks because a common critique is the level of complexity. But overall, we can do everything we need with it.

So, CyberArk could still focus on making it more user-friendly.

I have been using it for a year. 

So far, we haven't had any scalability problems.

We have around 50 licensed users – primarily administrators. We currently manage about 5,000 accounts with CyberArk.

Sometimes, the initial response time is a bit slow, but once the customer service and support take on a case, they resolve issues quickly.

Positive

CyberArk handled the primary setup tasks. We worked with a partner to implement additional components and now have the knowledge to manage the solution ourselves.

The implementation process took around eight months. 

There has been an ROI. 

We expect to see a full return on investment within the next three years. This was part of our long-term security plan.

It is expensive, but the cost is justified considering the security it provides. Compared to other solutions, it is costly. We have not tried other solutions, but the price is high. 

We only license Password Vault.

My company evaluated another solution like Delinea but preferred CyberArk due to its robustness and flexibility.

I like its flexibility, while adding some complexity, allows us to fully customize the solution to our needs.

One of the main advantages is the way we can connect from outside. We use a portal that provides secure access to our systems without needing a VPN. We just scan a QR code, and we're connected. We do not need to use a password and we are in through the QR code scan. 

I would recommend using it. Overall, I would rate the solution a nine out of ten.

It's a very complete solution for what we need.

The solution is primarily for security and access control. 

It's used to ensure and protect the complete IT infrastructure administrative account and the administrators and limit them to do any particular activities on the server and record all the activities on the server. it's for auditing purposes and for forensic usage.

We use it o identify if somebody internally hits the organization or tries to intrude and try to do a data breach or try to steal the information or do some kind of internal hacking. That risk can be eliminated using the tool.

CyberArk is one of the greatest platforms. It supports lots of requirements in the privileged access management area. 

From a configuration point of view, it is not very straightforward as per the deployment. The configuration is typical. However, when it comes to the integration piece, it has flawless integrations with lots of applications, whether it is out-of-the-box or customized. It supports any number of platforms. 

The company is very keen on looking at new applications to build out-of-the-box plugins. The support for the privileged single sign-on configurations with the application is excellent. 

Security-wise, the security is unbeatable compared to any other tool in the industry. They have a vault concept. They consider it similar to a bank vault. This is where they keep all the privileged admins' passwords. That particular vault has seven layers of security, which are unbreakable. It basically cannot be hacked. It cannot be hijacked. 

If something goes wrong, for example, if the vault is destroyed, your data is still protected. You can easily revive your data from that particular vault. It's a great capability. The security is excellent. It is very, very tight here. They support one signal protocol kind of communication with the internal products.

Where your password will be residing that is protected by a seven-layer of security. It has a web interface hosted on an IAS server on Windows. It has a CPM called central password management, which will do the password rotation. That is sitting on one other server. It has a session manager, which provides the single sign-on mechanism, privileged single sign-on mechanism, or automatic single sign-on to log into any infrastructure servers and applications. These are the four core products, and they integrate with each other and they integrate on one single port.  

If you try to intrude on the system or any hackers try to intrude the system, they will not be able to do that as the communication through this port is entirely encrypted. They will not be able to revive the data in real-time. It's a great security feature.

It supports hybrid deployments as well. It supports single standalone deployments for high availability with different kinds of deployment structures or topologies. This is a growing trend in the market. 

They can work on the pricing part. Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge. 

I've used the solution for four years now. 

The solution is very stable. It's reliable and the performance is good. 

Every organization is different. Some are small, some are large, and some are medium-sized. This product fits all organizations. It is designed to be scalable. 

Technical support has been excellent overall. We are pleased with their level of service. 

The setup process is typical. It's not easy to set up. It depends upon the environment, the requirement, what the customer is looking for, et cetera. If, let's say, there's 1,500 accounts, which need to be protected and 10,000 servers, which need to be protected, the deployment can be done with the two-node setup. The two-node setup is okay. However, when it comes to the larger organization where we have lots of privileged accounts and lots of servers or when the account increases to 100,000 servers and 100,000 or 200,000 privileged accounts, in those cases, the product is complex.

You need to be well trained in order to be able to execute an implementation. 

The pricing used to be very competitive. I can't speak to the exact pricing. However, it is my understanding that it has gotten more expensive. 

I'm certified in CyberArk. Earlier, we worked with CyberArk as a partner. At this point, our contract is in a renewal state.

I'd rate the solution nine out of ten. 

It is a great product when it comes to security. From the security point of view, I would advise a new user to use this tool and deploy it in your environment since the security is unbeatable.

In our company, CyberArk is used to manage passwords for IP use. We use CyberArk for managing and automatically changing passwords in our managed system and environment.

We use it for coding privileged sessions, but we also use another solution for that, and CyberArk is the backup for this.

We are using the latest version.

It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes according to the internal security policies in our bank.

CyberArk PAM gives us a single pane of glass to manage and secure identities across multiple environments. This is quite important for compliance reasons.

CyberArk PAM provides quantitative risk analysis for every human and machine identity in our environment. This has a big impact on reducing risk. 

The PAM feature is the most valuable. It helps us to automate our jobs and administrative tasks. 

It also gives us a lot of features for compliance. Using this type of software is required by Polish law in finance and business in Poland.

We use CyberArk’s Secrets Manager to secure and manage secrets and credentials for mission-critical applications. The newest GUI is much better than the older version. Now, it is quite good.

CyberArk PAM provides an automated and unified approach for securing access to all types of identities that we use. This is very important to us.

I would like advanced RPA in the basic license. CyberArk has RPA, but we would need to buy additional licenses. It is not out-of-the-box.

I would like better support.

I have been using it for five years.

So far, we don't have any problems. We have implemented higher availability in CyberArk. So, maintenance or updates don't have an impact on our environment. We don't have performance problems or anything like that. The stability is very high.

I have had no problem with agility in this solution. Everything works fine and gives us an opportunity to act as we want.

According to the information that I have, we simply add more servers if we need it or have additional business requirements. So, scalability is high.

There are about 155 users. Mostly, they are our IT administrators and developers.

This tool is used daily in our bank. We don't have plans to increase usage right now.

We don't often contact technical support, but when we do it, the response could be faster and better.

Neutral

We didn't previously use another solution.

The initial setup was complex. Our deployment took three months.

We needed to scale our environment and implement the correct number of servers to prepare for a working environment.

Implementation of our CyberArk instance was done by an external company. It covered all our needs and requirements.

We have not seen ROI directly in money. However, we have seen ROI in quality. It increases security in our IT environment and provides the highest SLA for our systems.

CyberArk PAM helps save us time when it comes to onboarding new employees and providing them secure access to SaaS apps and IT systems. It is saving us about two to three days per new employee.

We use an old model for pricing. The new model is a subscription model on the cloud. 

The price of CyberArk support could be a little bit less. Otherwise, pricing is fine.

We did some benchmarking, without the tools, to compare the cost of maintenance and functionality. We compared CyberArk to Password Manager Pro from ManageEngine. CyberArk has more functionality and better stability, in our opinion. The price was very similar between the two solutions. 

CyberArk is a good technology partner. They help us a lot with maintenance and our security process management.

I don't have experience in the cloud using CyberArk. However, for on-premises environments, it works very well. I recommend it. 

I would rate the solution as a nine out of 10. 

It is used to manage the policies on our endpoint because we want to takeaway admin rights to protect our computers.

We have had our implementation issues. However, the software is light years ahead of its competitors. We have seen massive progress with the updates of the software. We have been doing pretty well with it in the time that we have been implementing it.

We are trying to manage the endpoints, but our company has been a long-time customer. We want to integrate the other products because EPM is not the only one. We do have PAS and AIM, but now it looks like CyberArk is moving towards integrating all of them into one thing, so they can all work together in one console. We would like to get there eventually. I can't wait to upgrade.

We are stripping administrative rights, and we have implemented a special ID to help folks that lose administrative rights. Maybe it broke something, so while we design policies and try to get them where they need to be, they will have this ID in the meantime. CyberArk is able to protect both of these things while we move forward in this.

The software is insanely robust. You can do whatever you want. If you want to put your own logo on the pop-up, then you can do it. You want to change the color to pink, yellow or brown, then you can do it. You can do whatever you want with this thing. This leads to people getting lost on what they want to do, but for those who have a great plan with a clear, concise idea of where their organization is going and what they want to accomplish, it is there to help you.

Where a lot of people might struggle is with the actual environment, and where to begin. The software builds on top of that. You have to have a solid foundation. You will learn that as you work through the product, but you will also see how great and powerful the product is.

With computer security, administrative rights is probably the number one thing that comes to mind. This is a software that will allow people to still use their Google Chrome, Adobe, and Facebook. They can do what they need to do, but it still keeps them protected. That is what is so great about the product, we can sell it to people as, "We are not trying to stop you. We want to enable you, but we want to be safe too. It's there to do that." 

• I love the interface because it is colorful, easy to read, easy to see, and how easy it is to make policies. 
• I love how we can make a policy that affects everybody instantly, which is great. 
• I love the reporting features, so it is easy to see what we did.

I love the product overall, because it is great.

I want some of the things which are glitching out there for me to be fixed. I have heard that there is something in the works, that they will be putting a feature in the help desk where they will have a message board now. So, I could communicate with other people who are having the same problems and pull their issues, this way I don't have to bother support all the time. Also, people can vote. They can vote on the most important issues, and CyberArk will prioritize them next, really listening to the customer. That is pretty cool.

One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening. However, they are coming close to a solution. It has been an issue for a while. I heard that this is one of the top priorities that they're working on.

This is where we have had some woes with this software. Part of it is in our environment, and what we built it in as far as our database server. We met the requirements and it had some issues. The software is still growing and getting better. It is not 100 percent there yet, but even so, there is nothing in comparison to the product. It is too robust. It offers too many features that nothing else does. You might as well deal with it. You are going to deal with implementation and memory issues regardless that we had on the SQL Server, etc.

Part of this will come from your personal environment, but CyberArk has done a great job with it. However, they still have a ways to go. One thing I really like with every upgrade, they listen to the people. If you are saying this needs to be fixed, they listen. They usually put it in the upgrade, so that is cool.

There are growing pains from integrating a software which allows you to do anything, and you could do anything but it is based on your environment. The software can do whatever it wants, but it is going to be reactive to your environment. Everyone will have a different experience. 

If this was a perfect world, you had a clean active directory environment, your SCCM solution was fantastic, and there were no firewall issues, the product would deploy. No problem. Read everything, and you are good to go.

I could definitely understand. It is like designing the program for how it should work, then dealing with real life scenarios. You talk to any company here, and everyone's active directory is a mess. That is where you are trying to get your data from. That is where you struggle sometimes. However, the software is great. The Dev guys are on it as far as upgrades, etc.

If they keep upgrading the software, they are going to be around for a long-time. We are a long-time customer. We have multiple products, and they are going towards the right direction because if we own three or four of their products, then we can meld them all into one and they all work together, which is great.

In the beginning (early 2017), we had some issues. We would have a discrepancy in what user support was telling us. From mid-last year until now, it has been absolutely spectacular. They have key people who are very good, and I speak extremely highly of them. They are excellent, very professional with a lot of knowledge.

We did not have a previous solution, because we have always had admin rights. In fact, we did a proof of concept in CyberArk, version 1.

We needed something to manage the endpoint and to be able to empower the user. By far from not only a user's perspective on what they would be able to accomplish, but from the person who has to design the policies, it was the best. It was like working in MS-DOS compared to Windows 10. 

We had an educational and technical guide for the entire setup process. I also had CyberArk with me on the phone.

I designed the solution. Because they knew that this is a solution that no one had really seen before, they made sure they had somebody onsite throughout the entire implementation.

We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us. That is pretty important. We are protecting ourselves the right way.

Avecto was the competitor. They integrated with McAfee ePO, which was our endpoint solution at the time. Unfortunately, it was not as robust as I thought it would be. I didn't like it. I felt like the product relied too much on McAfee to do what it needed to do. Whereas, CyberArk was a standalone client which was way more robust.

The competition was utilizing a product that we are getting rid of in two weeks.

Get on implementing it today. Be patient. Test a lot. Deploy slowly.

It has places to go. I see the potential. It is getting there, but it has room to grow. If you compare this product with anything else as far as an endpoint solution, there is nothing which even compares.

We have implemented the new plugin generator utility already. I trained the help desk. It is really easy. Instead of having to fix it myself, the service desk will receive a one-time code to help the customer immediately, so they do not have to wait. I will receive a ticket to make a long-term policy. It is a perfect system.

Most important criteria when selecting a vendor: communication.

The solution is used to provide privileged access management to our datacentre environments, for anyone with admin rights with infrastructure or applications within the datacentres. Authentication to the solution in the PVWA (Password Vault Web Access) with onward connectivity via the PSM for Windows (PSM) as well as the PSM for SSH (PSMP). These provide the session isolation, audit, and session recording capabilities that CyberArk offers. The use of Privileged Threat Analytics (PTA) adds more control functionality to the solution.

The product has allowed us to improve both the management and access to privileged credentials, while also creating a full audit trail of all activities happening within isolated sessions of all tasks and activities taking place within the solution. 

This includes sessions via the solution and sessions to administer the solution itself. From a user perspective, we no longer need to try and create or remember complex passwords or have to be concerned about when they will change as the solution takes care of this and can and does populate these credentials for you so mistyping a complex password is a thing of the past.

Password management is a great feature, as all passwords are changed more frequently. This can be scheduled in line with a specific policy requirement or each time the credentials are returned to the pool for reuse and are always compliant with the password policy however long or complicated the policy states that they need to be. 

Another great feature is the Privileged Threat Analytics (PTA) as this can stop a session based on prescribed risk and bring it to an end or pause it pending approval to proceed.  

The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow. That said, it has been moving in the right direction with features becoming available in the v10 interface and some user features are available in both classic and v10 interfaces. I would love to see all the classic interface features moved into the v10 interface or available in both interfaces within the next version. 

I've used the solution for about eight years.

The solution has been very stable.

The solution performs well, however, based on the user base may require a sizable footprint.

Support does vary depending on how critical your issue is and if it needs to be elevated to dev support.

Positive

Our previous solution was not a PAM solution and these days you can't afford to not use one.

The setup is not complicated when trained staff are used.

We handled the initial setup in-house.

Set-up costs can be minimized by controlling the number of applications that are made available within the solution. The newer licenses are per user and open up access to a suite of products, the best value, and security can be achieved by using more of the products.

We looked at other products like Delinia and Wallix.

Take advantage of the vendor's training or use a good partner to provide support and administration.

In a large financial institution, CyberArk Privileged Access Management (PAM) plays a pivotal role in ensuring the security and integrity of sensitive financial data. With numerous systems, applications, and databases holding critical client information and transaction data, the institution faced the challenge of managing and protecting privileged accounts effectively.

The PAM solution was seamlessly integrated into the existing IT infrastructure. It introduced granular access controls, requiring all employees to log in with standard user accounts, regardless of their role. When a privileged action is required, the PAM system enables the temporary elevation of privileges through just-in-time (JIT) access, granting access only for the necessary time frame. This reduces the window of opportunity for potential cyber threats.

CyberArk Privileged Access Management (PAM) has been a game-changer for our organization's security landscape. With PAM in place, we've experienced a significant reduction in potential security breaches. The meticulous control it offers over access rights ensures that only authorized personnel can access critical systems and sensitive information. The implementation of just-in-time access has effectively minimized our attack surface, making it incredibly challenging for unauthorized users to exploit vulnerabilities.

The most valuable features of CyberArk Privileged Access Management (PAM) are its granular access controls and just-in-time (JIT) access provisioning. These features ensure that only authorized users have elevated privileges and access to critical systems. JIT access reduces the attack surface by granting privileges only when needed, minimizing exposure to potential threats. 

Additionally, robust auditing and real-time monitoring capabilities enhance security by tracking privileged activities, aiding in threat detection and compliance. PAM's ability to seamlessly integrate into existing infrastructures and streamline workflows further adds operational efficiency, making it an indispensable tool for modern cybersecurity.

CyberArk PAM could greatly benefit from an under-the-hood update; integrating machine learning algorithms could provide predictive insights.

The user interface lacks intuitiveness; revamping the UX of the web access panel through intuitive navigation, customization, contextual assistance, visual coherence, and accessibility considerations will undoubtedly result in higher user satisfaction, increased engagement, and ultimately, a more competitive offering in the market.

In addition, several tools seem to be outdated, however, you can see that CyberArk is constantly working on them.

I've used the solution since 2017.

I'm a security solutions architect. I design solutions and hand them over to the client once they're implemented. We educate the users on how the solution works or turn it over to our managed services department

CyberArk PAM is an identity management solution used to manage privileged accounts on domains and local servers, including admin accounts in Windows environments and root users in Unix. 

With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent secure against attacks if you have all the right policies in place.

PAM could be more user-friendly and CyberArk could update the documentation to include more real-world examples. You have to learn it yourself through trial and error. In particular, the online documentation should have more information about troubleshooting.

I have used CyberArk PAM for two years. 

CyberArk PAM is stable.

CyberArk PAM is scalable. Managing 80,000 accounts is almost as easy as managing a thousand. 

CyberArk has a solid community. It's easy to get support and feedback from the forums. However, it can be difficult to access official technical support if you don't have a CyberArk certification because they have a process to limit unnecessary calls. You get excellent support once you're certified. 

Deploying CyberARK is complicated, but it is relatively easy for me because I have excellent scripts for implementing the prerequisites. It might be challenging for the average end user. It would be ideal to educate them in a demo environment because hard to explain this to a user without them. I would need to build an environment to show them. A simulated lab environment is one thing CyberArk PAM lacks.

We set up the prerequisites and discover the privileged accounts in the environment. CyberArk has a tool that scans the servers and detects accounts. This works best in a Microsoft environment. It's more difficult without Active Directory because you have to rely on the information the customer provides. You can begin the onboarding process once you've identified the accounts. 

It takes a month to set up the prerequisites and two or three days to install CyberArk PAM. Once it is deployed, it takes eight months to a year to tie up some loose ends. You may need to identify some accounts that you missed. The total time depends on the size and complexity of the user's environment. If you've configured everything correctly, it's simple to maintain. 

The ROI for CyberArk PAM is difficult to measure because the benefit is a reduction in risk. If CyberArk can eliminate most of the customer's security risks, then it's worth what they paid. 

CyberArk isn't cheap, but it's the best. You have to pay for quality. 

I rate CyberArk Privileged Access Manager 10 out of 10. CyberArk is the leader in Gartner's quadrant. I tell my customers that they need to be 100 percent secure—99 percent isn't good enough. The top hackers will exploit that 1 percent hole, and you're finished. You need 100 percent, or else you're wasting your money.  

I've deployed Password Vault for various use cases across different industries from finance to healthcare and manufacturing. 

I love how easily we could operate within Password Vault and get things done. It was almost effortless. After we went through the implementation phase, it did what was promised, and we did not have to call support. It was a flawless install. All of us had experience as well because we got our certifications. We'd worked with it for at least a year.

There was a situation when one of our presidents had an issue, but I can't recall the specifics.

I've been using Password Vault for three years now.

For scalability, I'd give it a 13 on a scale of one to 10.

The installation was very smooth. 

At my previous company, my budget amount was $15,000, and we didn't spend all of that. It was a larger company than the one I'm with now. It was global. We didn't spend that or come anywhere near it. They're still adding on, and I know that CyberArk will be the solution that they're going to stick with. They were hybrid, and now they're all cloud.

I rate Password Vault 10 out of 10. If you're planning to implement Password Vault, my advice is to just let it work. Do all your use cases up front, and make sure you throw everything at them that you think will happen in your environment. Make sure that that's all addressed, so when you go to deployment, it's just easy.