Try our new research platform with insights from 80,000+ expert users
it_user705717 - PeerSpot reviewer
Senior Systems Administrator at a tech company with 5,001-10,000 employees
Vendor
The most valuable feature is the keystroke tracking feature

What is most valuable?

The most valuable element is the keystroke tracking feature.

We use the tool in our FedRAMP data centers. Whenever an employee does some work at the command line in the servers, app servers or database servers, we need to track what they do.

We use the tool to do just that. We bought it for that purpose. That is why this is the most important feature for us.

How has it helped my organization?

The product has not improved our organization. It is an intentionally limiting product. That’s why we have it.

What needs improvement?

It limits the number of CIs. Why not have unlimited CIs?

As I understand the licensing, we purchase the PAM product and pay for it based on the number of CIs. (A “CI” is a “configuration item”. It’s an ITIL term.)

That means the number of servers, routers, switches, etc. for which PAM controls access and tracks activity. Why not charge us a flat fee and give us unlimited CIs?

For how long have I used the solution?

We have been using the solution for around four years.

Buyer's Guide
Symantec Privileged Access Manager
November 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,053 professionals have used our research since 2012.

What do I think about the stability of the solution?

We did not encounter any issues with stability.

What do I think about the scalability of the solution?

We had scalability issues, particularly in regards to the limit of CIs.

How are customer service and support?

The technical support is very good. They are very helpful. They are knowledgeable and follow-up when we have issues.

Which solution did I use previously and why did I switch?

We did not use a previous solution.

How was the initial setup?

I don’t know about the initial setup. I was not involved in the initial setup.

What's my experience with pricing, setup cost, and licensing?

I am not involved in pricing and licensing.

Which other solutions did I evaluate?

I don’t know about the evaluation of other products. I was not involved in that part of the process.

What other advice do I have?

Make sure you can track enough CIs and have room for growth.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user705711 - PeerSpot reviewer
System Support Analyst at a financial services firm with 10,001+ employees
Real User
I like the fact that passwords are checked-in automatically. They shouldn’t compromise better looking UI with performance.
Pros and Cons
  • "You can do A2A integration. You can have your own script, which can then run outside of PA to retrieve the password and perform other tasks."
  • "What I hope happens with the new product CA PAM is to keep all the useful features that exist in PA, but what I’ve noticed with many new products is the UI gets polished but systems lags stability and performance or it adds additional complexity instead of simplifying the user experience."

What is most valuable?

I mostly do support for the product so I’m aware of all the features this product offers. I like the fact that passwords are checked-in automatically. In case you forget to release the account so that other people can use it, it keeps the account secured by changing the password automatically.

You can do A2A integration. You can have your own script, which can then run outside of PA to retrieve the password and perform other tasks.

It has CLI commands for bulk changes. I’ve used that feature to on-board thousands of accounts, and it saved time and effort rather than doing it manually.

How has it helped my organization?

PA is a global vault application which is essential in our day-to-day tasks is retrieving and using privileged accounts. Also provides a nice logging and notification to management as well as audit.

What needs improvement?

I think most people that use the product are concern with performance and they are also used to the user inference. We shouldn’t compromise a better looking UI with performance. It’s hard to say, because ever since I’ve started using the product, we have had performance issues.

What I hope happens with the new product CA PAM is to keep all the useful features that exist in PA, but what I’ve noticed with many new products is the UI gets polished but systems lags stability and performance or it adds additional complexity instead of simplifying the user experience.

I hope that’s not the case with the new product. And of course with any new product, there should be improvements in stability, usability, performance and support.

For how long have I used the solution?

We have used this solution for over two years.

What do I think about the stability of the solution?

Stability is a problem that we fight every day.

What do I think about the scalability of the solution?

We have scalability issues. For our current stress test, it looks like the system is not able to handle a large number of users at peak times.

How are customer service and technical support?

I think there are two points to this. It’s very hard to get to level 2 or 3 support to answer questions. We had cases that were dragged on for years with no answer waiting for engineering. It almost sounds like we are on our own and this product is not “really supported” or CA is so busy with other more important issues that higher level support is almost never available.

Which solution did I use previously and why did I switch?

I am not sure. When I joined the bank, this was what they were using.

How was the initial setup?

I was not part of the bank at that point.

What other advice do I have?

I think this product is no longer available. But if it is, I would recommend a full stress test before they even implement it. Make sure you can run it on the newest web or application servers.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Symantec Privileged Access Manager
November 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,053 professionals have used our research since 2012.
TechLeadea1e - PeerSpot reviewer
Tech Lead at a financial services firm with 5,001-10,000 employees
Real User
Automates the security of DevOps pipeline for the shared secrets across environments
Pros and Cons
  • "For me, it is the robust API which is the most valuable feature. This allows for low maintenance costs and allows applications to automatically connect. This is great to automate security of the DevOps pipeline for shared secrets across environments. Also, being on Linux and a virtual appliance is great."
  • "I wish it could create local accounts on desktops."

What is most valuable?

For me, it is the robust API which is the most valuable feature. This allows for low maintenance costs and allows applications to automatically connect. This is great to automate security of the DevOps pipeline for shared secrets across environments. Also, being on Linux and a virtual appliance is great.

How has it helped my organization?

Before we had a vaulting solution that had a manual provisioning of the DB and privileged accounts. Now, we can automate this provisioning through APIs which are easy to understand and implement.

What needs improvement?

I wish it could create local accounts on desktops. But, what I really want to do with it is automatically manage DevOps pipelines through tools like Docker/Puppet/Chef. It would manage shared secrets to the segregated environments. I am hoping that the API is helpful for this.

For how long have I used the solution?

We have used it just for a PoC, but we are purchasing it soon. From going through the selection process, we felt CA PAM was the best option for our company.

How are customer service and technical support?

CA technical support has been very responsive the past couple years. It has come a long way.

Which solution did I use previously and why did I switch?

I have used ERPM, but it was difficult to upgrade the product. The structure of the vaulting policies was not conducive to Ally’s organization. Plus, it ran on Windows, which in our world you want to always go with a Linux solution, when possible.

How was the initial setup?

In the PoC, it seems very easy to get started.

What's my experience with pricing, setup cost, and licensing?

Don’t go with an agent model. Don’t go with a model that has you buying a thousand different parts. Go with PAM that gives you everything, or you’ll just be paying costs of implementing another tool that PAM would have just given you up front. PAM can monitor exponentially more devices than it competitors. This covers a large audit item for us.

Which other solutions did I evaluate?

We looked at CyberArk, BeyondTrust, ERPM and ObserveIT.

What other advice do I have?

If you truly want to secure a DevOps world that is constantly changing the architecture and number of boxes, then you need CA PAM.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user621030 - PeerSpot reviewer
Works at a tech vendor with 10,001+ employees
Vendor
This product is for privileged access for a jump server using a PIV card.

What is most valuable?

The product is for privileged access for a jump server using a PIV card.

How has it helped my organization?

So far, with the functionality of what we had, there has not been much improvement at this point of time. I am not able to comment at this time.

What needs improvement?

I think it works just enough because it is a mandate from the customer to have the privileged access for the administrators to manage the servers using the PIV cards. We haven't used it long enough to comment on areas for improvement.

We clearly know what the functionality is that we need from the product. I think this has been accomplished by the functionality that exists in the PAM of Xceedium.

For how long have I used the solution?

We have been using this solution for six months.

What do I think about the stability of the solution?

We don't use it that often and it is only for admin users. So far, there have been no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

I would give technical support a rating of 10/10. It's a matter of a learning curve for my administrators. When they requested support, they were quick to respond. It's not really a problem. It's basically a lack of awareness of the product. It was quickly resolved talking to the technical support people.

Which solution did I use previously and why did I switch?

There was not a previous solution.

How was the initial setup?

We did not have any team members who were trained in Xceedium. For the setup, we got directions from the manual that was provided by the reseller.

We then went to Xceedium, which is now CA. They helped us if we had any issues from the technical point of it.

I would rate the setup as 80/20: 80% being simple and the remaining 20% needed some help from the technical folks at CA.

Which other solutions did I evaluate?

We did not evaluate different products. There was no choice for us. We didn't have a choice to evaluate other solutions because they mandated the use of this product.

What other advice do I have?

I think it's a good solution for anybody who is looking for a single sign-on implementation for administration of the servers.

It's a straightforward solution. It has been in the federal space for quite some time. It has been part of our TRM.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user479766 - PeerSpot reviewer
CIO/Management Consultant at a tech company with 51-200 employees
Vendor
Privileged users see only those systems and access methods to which they’re expressly allowed access.

What is most valuable?

The CA PAM’s ability to seamlessly integrate and provide a demarcation between users and systems is the most attractive aspect. It:

  • Enables all control to start with Xsuite’s Deny All, Permit by Exception (DAPE) approach to limit privilege access controls.
  • Enables all privileged users to see only those systems and access methods to which they’re expressly allowed access. Privileged users include Vendor Integration and Partners.
  • Enables and verifies all system policies, providing an additional level of control by selectively filtering commands issued.
  • Enables unauthorized commands to be blocked, with optional user warnings and policy violation alerts to security teams and logs.
  • Enables sessions of users attempting to violate policies to be terminated, or accounts deactivated; enterprise policy control.
  • Enables “leapfrogging” prevention, which allows one system to be used as a launch point for additional attacks / lateral movement.
  • Enables full stack and system integration.
  • Enables service integration with all systems using APIs or application to application.

These features greatly assist us and our clients in protecting their data privacy.

How has it helped my organization?

In retrospect, we and our clients have seen a reduction in service-related issues for application server and mainframe environments, a reduction in the provisioning lifecycle and requirements for systems such as mainframes, and a substantial increase in security flow and protection.

What needs improvement?

I believe continued expansion of integration to multiple systems including SSO and SAML technologies will provide a more-expansive, enterprise view of access orchestration, which will in turn strengthen the security of the environment.

For how long have I used the solution?

I have been involved with this product for three years, both using and implementing for client architectures.

What do I think about the stability of the solution?

I have not encountered any issues with stability.

What do I think about the scalability of the solution?

I have not encountered any issues with scalability; this is a true enterprise expandable product for mid-market and beyond.

How are customer service and technical support?

In my experience with the CA PAM, their support apparatus has improved immensely over the past 12 months and continues to improve based on client feedback. Indications from my clients are that CA Technologies actually listens to their concerns and takes action.

Which solution did I use previously and why did I switch?

Being in the technology sector for many years, we did not initially use products such as the CA PAM. We relied on common architecture, such as Microsoft and Oracle. As the need for more segregation of duties became prevalent, we looked to enhance our security with privileged access management. The feedback from most clients surrounding PAM is it provides a segregated extension of access control framework to enable better protection of customer privacy/data.

How was the initial setup?

The initial setup is not complex. The design and integration can become complex without the proper solution architecture and understanding the impacts changes in technology place on a companies operational process and employee behavioral management. These topics became more complex to manage and establish than the product itself.

What's my experience with pricing, setup cost, and licensing?

Product pricing and licensing is related to short-term or long-term business planning. In many cases, this solution should be looked at as a long-term solution. Therefore, considering the long-term savings in perpetual vs annual licensing is paramount to a progressive architecture. Therefore, I believe it is in the interest of the business to make these decisions prior to OEM engagement; they need to be vetted and defined as a value to the company at large.

Which other solutions did I evaluate?

No other options were evaluated because this PAM has made substantial gains in system integration, which outweigh industry choices.

What other advice do I have?

I am a proponent of the product in many ways but most importantly, I believe a solid, well-thought-out strategy and solid architectural plan for the future needs to be the priority, not buying a product to fit the unknown.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: My company is a CA Technologies OEM partner.
PeerSpot user
it_user526257 - PeerSpot reviewer
Senior Solutions Architect, at a tech services company with 10,001+ employees
Consultant
It can wrap system connectivity information into its internal Java-based shell. Online Help is not detailed enough.

What is most valuable?

  • Ease of use.
  • The way in which it can learn about the connectivity to systems, e.g., VMware vCenter Console; it can wrap that into its internal Java-based shell. Therefore, one does not need a terminal server solution.
  • The non-Java based client.
  • Two integration options with AD using SAML and the AD GC ports.
  • The API explorer.

This system comes with a built in Java client which handles the connectivity to remote systems, e.g. the VMware vCenter Console Web Interface.

When you add the system to the CA PAM, you can put the connection into “learn mode” where you map out where the username and the password and submit fields are. You can then configure the system in PAM with the relevant credentials and then based on the information it “learned” about where the username and password and submit fields are and what needs to go where, it presents you with a vCenter Web Interface and logs you onto vCenter automatically based on your PAM permissions. This vCenter Web Console is effectively proxied via this Java Client that CA PAM has available and happens through the PAM system – the end user does not make a direct connection to vCenter.

In other PAM solutions that we tested, one had to setup a Microsoft Remote Desktop Server (TS) and publish the vCenter Web Interface and integrate that published app with the PAM solution so that when a user wants to access the particular vCenter server, PAM initiates the Remote Desktop Server published app – inserts the credentials – to provide you with access to vCenter.

When integrating with Active Directory for authentication purposes – most vendors support LDAP. For larger AD environments, the LDAP integration supports the Microsoft MSFT ports (3268 & 3269) that allows one to look for nested group memberships across multiple child domains. Another way to integrate with AD is to use SAML.

We were able to use both methods with the CA PAM solution. With another vendor we tested, they did not support SAML.

How has it helped my organization?

We only did an evaluation of the product, but we do feel that it will improve our security and governance posture and shave time off our engineers having to connect to systems managed by the PAM solution. It also gives us the accountability we are looking for.

What needs improvement?

  • Reporting is very limited.
  • Online Help is not detailed enough.
  • Canned reports provided results for all targets and cannot simply be run for a particular customer when used in a service provider environment; one has to create some custom filtering.
  • Multi-tenancy (reporting, AD users, customer devices, customer credentials).
  • Interface and routing configuration (no individual routing tables per interface, cannot see routing table).
  • Network connectivity to multiple networks where these networks might have overlapping IP address spaces.
  • Session recording not included by default without an additional license.
  • Session recording mount point is often disconnected after a system restart.
  • Additional configuration required for multi-domain AD forests in order to find groups in child domains and to expand their membership.

For how long have I used the solution?

We used it over a period of about 2-3 months, up to slightly less than two months ago as part of our proof of concept tests.

What do I think about the stability of the solution?

I have not encountered any stability issues; it is very stable.

What do I think about the scalability of the solution?

I have not encountered any scalability issues; it scaled easily.

How are customer service and technical support?

Technical support is very good.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was straightforward, but we had some problems initially understanding what needed to be done to get an end device under management and how to set up the networking.

What's my experience with pricing, setup cost, and licensing?

  • Take note that Session Recording is not included by default.
  • One would likely also have to invest in other infrastructure in a service provider environment when wanting to use the same solution for multiple clients to allow for the necessary networking.
  • Additional costs that need to be catered for:
    • Storage space, NAS or SAN for session recording data.
    • A Terminal Server and CALs for more-complex end devices, e.g., Cisco UCS – the client needs to be run from a Terminal Server as a published application by the PAM solution

Which other solutions did I evaluate?

We ran a PoC with CA and BeyondTrust at the same time.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user521199 - PeerSpot reviewer
it_user521199Sr. Solution Strategist Security - Platinum Accounts at a tech company with 10,001+ employees
Real User

Session recording is included and only additional infrastructure required is storage space for session recording.

Senior Security Engineer at a comms service provider with 10,001+ employees
Reseller
Reduces viral attacks on my website but the setup is complex
Pros and Cons
  • "It reduces the viral attacks on my website. It also allows certain users access to see what happens daily."
  • "The setup is complex."

What is our primary use case?

It reduces the viral attacks on my website. It also allows certain users access to see what happens daily.

What is most valuable?

The password manager is a valuable feature. It saves time for the user. The users do not have to remember the password or change the password. It is a user-friendly solution.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability is very good. 

What do I think about the scalability of the solution?

There is enough power to support our whole organization and the scalability potential is very wide. We currently have between 50-100 users of the solution. 

How is customer service and technical support?

The tech support is good. They are very helpful.

How was the initial setup?

The setup was complex. It took one month and we needed collaboration between various different departments. We used a consultant to help us. We needed two people to integrate the solution and we currently employ one person for maintenance.

What's my experience with pricing, setup cost, and licensing?

It is reasonably priced.

What other advice do I have?

This solution is our gateway to access other servers. We plan to continue with this product as our company grows. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
IT Security Consultant at a tech services company with 51-200 employees
Consultant
Some of the valuable features include session management and one step installation

What is most valuable?

  • Session Management (Session Control and Recording)
  • Very good in reliability
  • Deployment Model: Available in both hardware and software appliance with one step installation only

How has it helped my organization?

Not applicable. I’m distributor of this product, not an end user.

What needs improvement?

Live session

GUI command keystroke and filtering

Session limitation

Live Session is a common feature now on PAM technology. By having this feature, an Administrator can monitor on live session about a privileged user activity, same like what we saw in CCTV. CA should add this feature on their PAM product, then they can compete with competitors.

Command keystroke and filtering on GUI session is needed to record and filter which commands allowed or not allowed privileged user work on GUI sessions, i.e., RDP Windows. By having this feature an Administrator can prevent dangerous commands when a privileged user on an RDP Session and open PowerShell or Windows Command or Database Engine CLI (MySQL, Oracle, etc.)

Session limitation is a very critical feature that cannot be addressed by CA PAM. By having this feature, only one username can allowed to login to the PAM dashboard at the same time and prevent another person to login using the same username (sharing password/username).

For how long have I used the solution?

I have used this solution for two years.

What do I think about the stability of the solution?

There were no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

I would give technical support a rating of four out of five.

Which solution did I use previously and why did I switch?

We did not use a solution before this one.

How was the initial setup?

The initial setup was straightforward and very easy to setup.

What's my experience with pricing, setup cost, and licensing?

There is a combination of user and target devices pricing/licensing. There is no point to charge on target device pricing for 1000+ target devices. I would suggest charging for user percentages.

What other advice do I have?

I’m very satisfied with the product.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are distributor of this product.
PeerSpot user
Buyer's Guide
Download our free Symantec Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Symantec Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.