It is great for identity governance or identity PAM, CAPAM.
Information Security Specialist at CAS Trading House
A simple-to-integrate solution great for identity governance, but is difficult to configure our requirements
Pros and Cons
- "It is great for identity governance."
- "We have to do a lot of manual work to automate features."
What is our primary use case?
What is most valuable?
It is simple to integrate. For other solutions, we have to install a component that can directly deploy from the OVA in this system.
What needs improvement?
We have to do a lot of manual work to automate features. The initial phase is simple, but it is difficult to configure our requirements. In addition, the integration between Symantec Privileged Access Manager and identity governance has to be better.
For how long have I used the solution?
We have been using this solution for about three years, and it is deployed on-premises. We are planning to deploy on cloud this year.
Buyer's Guide
Symantec Privileged Access Manager
October 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is a stable solution for PAM. We sometimes have issues with stability and identity governance.
What do I think about the scalability of the solution?
It is scalable because we can add and remove all the models. We have onboarded around 500 users, and actual users are around 100 to 500.
How are customer service and support?
The technical support is not satisfactory. I rate the technical support a four out of ten. Most of the time, they are not accessible, and we can't directly contact Symantec. There is a middle partner we can use to contact dot com support. We are waiting for a solution to the long wait times.
How would you rate customer service and support?
Neutral
What other advice do I have?
I rate this solution a seven out of ten. I recommend this solution because it is suitable for the initial phase and the small business plan.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at a tech services company with 10,001+ employees
One stop access for all things involving privileged access management
Pros and Cons
- "We can enforce complicated password policies and very important frequent password changes."
- "The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster."
- "We experience stability issues after every patch upgrade. This is a place where CA needs to improve drastically."
- "The service account management functionality needs to be extended to application pools, SQL database, PowerShell scripts, service account discovery, etc."
What is our primary use case?
- Privileged account management
- Session management
- Session recording
- One stop access for all things involving privileged access management.
How has it helped my organization?
- Earlier admins used to access critical system from their desktop, which was a security threat considering the wide variety of compromises happening on endpoint. Now, all the privileged access is tunneled through PAM.
- With password management, we can enforce complicated password policies and very important frequent password changes, i.e., weekly.
- Most importantly, we now have recordings for each and every privileged session which is used for auditing, compliance, and investigations.
What is most valuable?
Privileged account management for Windows (domain and local) and Unix.
What needs improvement?
Service account management is a key area where the product needs to develop. Currently, the product supports service account discovery, but only if the host name of the server is known. For unknown host names, it is still a dark area.
In comparison with Thycotic and CyberArk, the service account management functionality needs to be extended to application pools, SQL database, PowerShell scripts, service account discovery, etc.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
We experience stability issues after every patch upgrade. This is a place where CA needs to improve drastically.
What do I think about the scalability of the solution?
The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster. It comes in four forms.
- Physical appliance
- Virtual instance
- AWS
- Azure (just launched).
How are customer service and technical support?
The technical support has improved a lot in last year with the advent of the European technical support team.
Which solution did I use previously and why did I switch?
No previous solution was used.
How was the initial setup?
Initial setup is very straightforward and ease to configure. It is similar to any appliance-based network security device.
What's my experience with pricing, setup cost, and licensing?
Pricing is fair compared to other top vendors, like CyberArk. The licensing is simple and scalable.
Which other solutions did I evaluate?
We did not evaluate any other solutions.
What other advice do I have?
Go for it if your key areas are password/session management of Windows/Unix/database.
Be careful if you want to use this for service account management.
There are some technical challenges while integrating the web-based console (security devices) for transparent login/single sign-on.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Buyer's Guide
Symantec Privileged Access Manager
October 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Architect at a comms service provider with 10,001+ employees
Video Review
We found the architecture to be scalable and very resilient. However, make sure the roadmap is responsive going forward.
Pros and Cons
- "The key benefits are we improve our governance. We ensure we can build more trust in the way we run and operate our environment, and most of all is the accountability."
- "One of the key things for us about the product is around its simplicity. Being able to put in the technology that allows the business to remove complexity and also allow the security improvements."
- "We found that the architecture is scalable and very resilient."
- "Bring more technology into the portfolio and being able to collapse those products into a much more integrated way."
How has it helped my organization?
The key benefits are we improve our governance. We ensure we can build more trust in the way we run and operate our environment, and most of all is the accountability. Where things do go wrong from time to time, we are in a good position to ensure that we can recover quickly.
What is most valuable?
One of the key things for us about the product is around its simplicity. Being able to put in the technology that allows the business to remove complexity and also allow the security improvements. This is high on our agenda.
What needs improvement?
As with most things CA, once we are bringing more technology into the portfolio and being able to collapse those products into a much more integrated way, that will definitely come over the time.
In terms of improvement, keep listening to customers and their challenges and make sure the roadmap is very responsive. It is all about being agile, so we need to make sure the product is very easy to work with. It does not constrain us further down the road.
What do I think about the stability of the solution?
At the moment, we are going through several evaluations. We found that the architecture is scalable and very resilient. In terms of scaling up, it has yet to be proven, but so far, so good.
How is customer service and technical support?
We have worked with CA before, so we understand that each engagement is slightly different. One thing we do make sure is we always do things like test runs as part of any onboarding of a system. This would be no different if we go down this path in the future.
What other advice do I have?
It is fairly mature in the world of what it have known as a vault. When you look in a wider context of how to bring it into an organization, it is not necessarily just the technology side. I would rate it from the technology side between a seven and an eight. Actually, how it becomes too much of an adopted technology in a much more wider industry, they are still around about a five to six, but it has to do with the vendor across the industry.
Most important criteria when selecting a vendor: It is about really understanding what the security challenges are in the industry, but also being able to align with specific use cases each organization is going to deal with. You have a generic capability that we can take off the shelf, but we should be able to customize when you need it. Having that right balance is really important. I think from my of view, CA has started to move in that direction more. I would like to see more of that.
I think like most evaluations, it takes a lot of time and effort. We do look at things around where the history of the technology, where it's born out of, where they are currently going, and the direction they are going. Also, in terms of how well they are going to integrate into the wider portfolio. Evaluations are not just about features and functions of this specific product, but it is taking that holistic view around what else we can get out of it in the next three to five years. It is really important for us to have that clear roadmap and one that we believe in and trust.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Sr. Oracle DBA at a government with 10,001+ employees
One of the valuable features is the randomly generated password
What is most valuable?
One of the valuable features is the randomly generated password. It is a strong way to protect the security access to the network and servers in our department of Homeland Security Environmental Management System.
How has it helped my organization?
It has helped us with security.
What needs improvement?
Updates get difficult for the client. It needs to improve. I experienced difficulty in upgrading the software myself. With a tech engineer's help, I was able to manually delete some directories and was finally able to upgrade successfully. The codes should be easier and have an auto-feature to upgrade.
For how long have I used the solution?
We have used this solution for two years.
What do I think about the stability of the solution?
We did not encounter any issues with stability.
What do I think about the scalability of the solution?
We did not encounter any issues with scalability.
Which solution did I use previously and why did I switch?
We did not use different solution before.
How was the initial setup?
The initial setup was straightforward.
What other advice do I have?
Make it easier to upgrade the software.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Security Engineer at EarthLink
Video Review
In addition to helping with security, it also helps with how we audit which credentials are being used
What is most valuable?
With CA PAM, it's mainly the vaulting of credentials that we're looking for, and then after that, probably the bastion functionality where we force all of our administrators through that to get to the servers. We'll also do session recording of both RDP and the SSH sessions through it.
How has it helped my organization?
It definitely helps with security. It also helps with how we audit which credentials are being used. When somebody actually logs in to CA PAM, they have to go in through second factor authentication. Once they're logged in, whatever credentials they check out, we get to see that and our auditors get to see that. It helps out in that way.
What needs improvement?
A better discovery interface of accounts.
It does do discovery of accounts for Windows servers, and you could do UNIX servers as well, but it's kind of clunky how it does it.
What do I think about the stability of the solution?
It's a very stable solution, but we also built it to be highly available and redundant as well. We built it out where we have four appliances in one single cluster across two data centers.
What do I think about the scalability of the solution?
It's pretty scalable from what we can see. We have four appliances in a single cluster across two data centers, and we can actually even grow that if we wanted to.
How are customer service and technical support?
I haven't had to call in any cases yet, but we've been working with the CA services team to help us implement the solution. They've been really really good.
Which solution did I use previously and why did I switch?
Over time security has been becoming more prevalent, mainly because of the number of attacks out there. We found that just by looking at our whole portfolio of solutions that we already had in place, there were definitely some small gaps and areas that we needed to fill. PAM was one of the solutions that we found to help us with vaulting credentials, rapidly changing credentials.
Beforehand, for administrators to change certain credentials, they would have to go in and there would be change control processes that they had to go through. The vaulting automates a lot of that for us.
How was the initial setup?
When we set up CA PAM, it's a OVA. It's an appliance, a virtual appliance, that we just needed to throw in VMware, spin it up, and there it is. From there it was just connecting in other things like our storage, our time server, and whatever else. Very very simple to set up.
Which other solutions did I evaluate?
For us, we mainly wanted a solution that worked in the scenarios that we were looking for.
We've demoed numerous products. After even just watching the demos we weeded some out. Then we actually brought a few in-house that we liked, and we did proof of concepts. We found out that some products just didn't work the way we wanted them to in our environment.
The reason we chose CA PAM is it worked in the scenarios that we wanted it to, and it just worked without problems.
What other advice do I have?
Rating: I would say probably a seven or an eight. As I said, the interface is not the easiest to navigate and it doesn't really have the discovery piece or fully baked discovery. Overall, the solution works and there's just multiple ways of doing things. You don't have to use the whole GUI interface to get your stuff in. There's ways of importing our credentials and what not through Excel spreadsheets and what not. It's really easy how the import/export mechanism works.
I would definitely tell them [peers] to do an in-house proof of concept of the solution to make sure that solution works for their environment.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Business Coach & Consultant
When people are accessing our production environment as administrators or as non-end users, they use CA Privileged Access Manager to be able to access it
Pros and Cons
- "The two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors. That was pretty huge for us."
- "It'd be great if you just stuck in your PIV card and Windows popped up, asked you for your password. You typed it in, then it remembered your credentials."
What is most valuable?
If I remember correctly, it was the two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors. That was pretty huge for us.
How has it helped my organization?
Our organization does and uses cloud-based solutions. Those have to be very secure.
Specifically, administrative access needs to be highly secure. When people are accessing the production environment as administrators or as non-end users, they use CA Privileged Access Manager to be able to access it.
What needs improvement?
Trouble free installation and configuration and not even noticing that it's installed. There's too many steps involved in accessing the production network. Too many things you have to do to get on.
It'd be great if you just stuck in your PIV card and Windows popped up, asked you for your password. You typed it in, then it remembered your credentials.
For how long have I used the solution?
For about 10 months.
What do I think about the stability of the solution?
There were some issues with stability.
From what I remember, people would complain that every 30 minutes to an hour or so, their connection would drop and they'd have to reconnect, but it wasn't clear whether that was a problem with the network we were working on or whether that was a problem with Privileged Access Manager.
What do I think about the scalability of the solution?
We didn't run into any scale issues at all. The more people involved, the more it was able to handle.
How are customer service and technical support?
Yeah, we worked with technology support. They were actually pretty helpful. The couple of problems we had, they were able to identify and help us resolve.
Which solution did I use previously and why did I switch?
Yeah, we were using OpenVPN. We were using OpenVPN, and the biggest single reason was dual-factor authentication with PIV and CAC. That was the biggest single reason.
How was the initial setup?
I did not personally do the setup. From what I remember, it took a couple of weeks for the security lead to do the work. That's not out of the question or a surprise with a security product, because just getting it operating usually takes a little bit, then getting it fine tuned takes a whole another round of work.
Which other solutions did I evaluate?
We looked at about a half a dozen, and this one came out to be the best one. We filtered down.
What other advice do I have?
I would say, test it out in your environment, make sure it works out well. If it configures well, and then, assuming it works out fine, you're in good shape.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IT Infrastructure Manager at a tech services company
Individual administrators have access to end points without needing to know passwords. We have had many complications during the implementation.
What is most valuable?
The most important feature is that we do not need to know the passwords any more; just having access to the end point; and that it’s easy to manage users and the account.
How has it helped my organization?
Since we implemented CA PAM in our company, we don't need to pass the passwords to every individual administrator. He just logs in using his own credentials and then searches for the end point he wants to access and that's it. We approve their access and they're ready to administer the end point. This is good because we don't need to change passwords every time one of our colleagues leaves the company.
What needs improvement?
There are many improvements needed. We are always searching for new features and new ways to improve the solution, because I'm just the local administrator. I have a support company which implements the solution. We are always constantly trying to improve new features to upgrade the solution, to understand more ways to facilitate our databases.
For how long have I used the solution?
We are going on the third year. We have had many complications during the implementation.
What do I think about the stability of the solution?
The current release that we are using is much faster than the old ones we were trying. We had several problems with performance and crashes, screens that wouldn’t load up. The final release we are using is much better and more stable.
What do I think about the scalability of the solution?
Now, it is scalable.
How are customer service and technical support?
I would give technical support a 2.5/5. I'm not sure if this is a problem with my local support or CA support, but when we opened a case, it took several days to get a response. It cost me time to get a reply. They'd come back to us to understand what is going on or what was necessary to give support. Between me opening the case and my local support trying to understand what we want; then, they don't know how to solve it and go to CA support and try to understand again; that takes a long time.
Which solution did I use previously and why did I switch?
This is the only one. We got this implementation by bid, so we couldn't choose any company. It was the lowest price and a quicker time to implement.
How was the initial setup?
The first setup was complex. The implementation, to me, was very bad.
Which other solutions did I evaluate?
We did a proof of concept with another solution.
What other advice do I have?
When they came for the proof of concept, we only had access to the system itself. I couldn't try to understand the complexity of implementation or support or all the features that the solution would have to offer. I just saw the main features.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Solution Architect at a tech services company with 10,001+ employees
More expensive than other solutions but the password vaulting and password management features are valuable
Pros and Cons
- "We have received good support from the tech support team."
- "I would like this solution to be simpler. It should have a one-click access that works together with AWS."
What is our primary use case?
We look to make sure that there are two HyperACCESS specifications:
- Privileged managements: These are ordered to ensure that all the passwords assume one location so a user can enter and all their passwords are protected. Their passwords cannot be shared because they are rotated.
- The odd user: This user has to go through the system and exercise a chair relay. This should be our Gateway for login.
What is most valuable?
The most common features that I use are password vaulting and password management.
What needs improvement?
I would like this solution to be simpler. It should have a one-click access that works together with AWS.
For how long have I used the solution?
Less than one year.
What do I think about the scalability of the solution?
Scalability has been good.
How are customer service and technical support?
We have received good support from the tech support team.
Which solution did I use previously and why did I switch?
We used IBM before.
How was the initial setup?
It was a challenge for our newer staff members to install.
What's my experience with pricing, setup cost, and licensing?
It is more expensive than other solutions on the market.
Which other solutions did I evaluate?
We have been using IBM extensively because customers demand that we provide this option.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Symantec Privileged Access Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Privileged Access Management (PAM)Popular Comparisons
CyberArk Privileged Access Manager
Delinea Secret Server
BeyondTrust Endpoint Privilege Management
WALLIX Bastion
One Identity Safeguard
ARCON Privileged Access Management
MasterSAM PMS
Buyer's Guide
Download our free Symantec Privileged Access Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Privileged Identity Management, what aspect do you think is the most important to look for?
- Which is the best Privileged Account Management solution?
- What are the top 5 PAM solutions that can be implemented which cover both hybrid and cloud?
- What are the top 5 PAM solutions?
- How will AI and ML help or work with PIM/PAM?
- Is BeyondTrust Endpoint Privilege Management really expensive compared to other tools or software?
- What is the difference between PAM and PAS?
- What is the difference between IDAM , PIM and PAM?
- Which PAM tool do you prefer: CyberArk Privileged Access Manager, One Identity Safeguard, Delinea Secret Server, or BeyondTrust Privileged Remote A
- What is the best approach to limiting privileges for administrators?