Try our new research platform with insights from 80,000+ expert users
Security Consultant at a tech services company with 10,001+ employees
Real User
One stop access for all things involving privileged access management
Pros and Cons
  • "We can enforce complicated password policies and very important frequent password changes."
  • "The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster."
  • "We experience stability issues after every patch upgrade. This is a place where CA needs to improve drastically."
  • "The service account management functionality needs to be extended to application pools, SQL database, PowerShell scripts, service account discovery, etc."

What is our primary use case?

  • Privileged account management
  • Session management
  • Session recording
  • One stop access for all things involving privileged access management.

How has it helped my organization?

  • Earlier admins used to access critical system from their desktop, which was a security threat considering the wide variety of compromises happening on endpoint. Now, all the privileged access is tunneled through PAM.
  • With password management, we can enforce complicated password policies and very important frequent password changes, i.e., weekly.
  • Most importantly, we now have recordings for each and every privileged session which is used for auditing, compliance, and investigations.

What is most valuable?

Privileged account management for Windows (domain and local) and Unix.

What needs improvement?

Service account management is a key area where the product needs to develop. Currently, the product supports service account discovery, but only if the host name of the server is known. For unknown host names, it is still a dark area.

In comparison with Thycotic and CyberArk, the service account management functionality needs to be extended to application pools, SQL database, PowerShell scripts, service account discovery, etc.

Buyer's Guide
Symantec Privileged Access Manager
November 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,053 professionals have used our research since 2012.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We experience stability issues after every patch upgrade. This is a place where CA needs to improve drastically.

What do I think about the scalability of the solution?

The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster. It comes in four forms.

  1. Physical appliance
  2. Virtual instance
  3. AWS
  4. Azure (just launched).

How are customer service and support?

The technical support has improved a lot in last year with the advent of the European technical support team.

Which solution did I use previously and why did I switch?

No previous solution was used.

How was the initial setup?

Initial setup is very straightforward and ease to configure. It is similar to any appliance-based network security device.

What's my experience with pricing, setup cost, and licensing?

Pricing is fair compared to other top vendors, like CyberArk. The licensing is simple and scalable.

Which other solutions did I evaluate?

We did not evaluate any other solutions.

What other advice do I have?

Go for it if your key areas are password/session management of Windows/Unix/database.

Be careful if you want to use this for service account management.

There are some technical challenges while integrating the web-based console (security devices) for transparent login/single sign-on.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
it_user572919 - PeerSpot reviewer
Architect at a comms service provider with 10,001+ employees
Video Review
Real User
We found the architecture to be scalable and very resilient. However, make sure the roadmap is responsive going forward.
Pros and Cons
  • "The key benefits are we improve our governance. We ensure we can build more trust in the way we run and operate our environment, and most of all is the accountability."
  • "One of the key things for us about the product is around its simplicity. Being able to put in the technology that allows the business to remove complexity and also allow the security improvements."
  • "We found that the architecture is scalable and very resilient."
  • "Bring more technology into the portfolio and being able to collapse those products into a much more integrated way."

How has it helped my organization?

The key benefits are we improve our governance. We ensure we can build more trust in the way we run and operate our environment, and most of all is the accountability. Where things do go wrong from time to time, we are in a good position to ensure that we can recover quickly.

What is most valuable?

One of the key things for us about the product is around its simplicity. Being able to put in the technology that allows the business to remove complexity and also allow the security improvements. This is high on our agenda. 

What needs improvement?

As with most things CA, once we are bringing more technology into the portfolio and being able to collapse those products into a much more integrated way, that will definitely come over the time. 

In terms of improvement, keep listening to customers and their challenges and make sure the roadmap is very responsive. It is all about being agile, so we need to make sure the product is very easy to work with. It does not constrain us further down the road.

What do I think about the stability of the solution?

At the moment, we are going through several evaluations. We found that the architecture is scalable and very resilient. In terms of scaling up, it has yet to be proven, but so far, so good.

How is customer service and technical support?

We have worked with CA before, so we understand that each engagement is slightly different. One thing we do make sure is we always do things like test runs as part of any onboarding of a system. This would be no different if we go down this path in the future.

What other advice do I have?

It is fairly mature in the world of what it have known as a vault. When you look in a wider context of how to bring it into an organization, it is not necessarily just the technology side. I would rate it from the technology side between a seven and an eight. Actually, how it becomes too much of an adopted technology in a much more wider industry, they are still around about a five to six, but it has to do with the vendor across the industry.

Most important criteria when selecting a vendor: It is about really understanding what the security challenges are in the industry, but also being able to align with specific use cases each organization is going to deal with. You have a generic capability that we can take off the shelf, but we should be able to customize when you need it. Having that right balance is really important. I think from my of view, CA has started to move in that direction more. I would like to see more of that.

I think like most evaluations, it takes a lot of time and effort. We do look at things around where the history of the technology, where it's born out of, where they are currently going, and the direction they are going. Also, in terms of how well they are going to integrate into the wider portfolio. Evaluations are not just about features and functions of this specific product, but it is taking that holistic view around what else we can get out of it in the next three to five years. It is really important for us to have that clear roadmap and one that we believe in and trust.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Symantec Privileged Access Manager
November 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,053 professionals have used our research since 2012.
it_user705741 - PeerSpot reviewer
Sr. Oracle DBA at a government with 10,001+ employees
Vendor
One of the valuable features is the randomly generated password

What is most valuable?

One of the valuable features is the randomly generated password. It is a strong way to protect the security access to the network and servers in our department of Homeland Security Environmental Management System.

How has it helped my organization?

It has helped us with security.

What needs improvement?

Updates get difficult for the client. It needs to improve. I experienced difficulty in upgrading the software myself. With a tech engineer's help, I was able to manually delete some directories and was finally able to upgrade successfully. The codes should be easier and have an auto-feature to upgrade.

For how long have I used the solution?

We have used this solution for two years.

What do I think about the stability of the solution?

We did not encounter any issues with stability.

What do I think about the scalability of the solution?

We did not encounter any issues with scalability.

Which solution did I use previously and why did I switch?

We did not use different solution before.

How was the initial setup?

The initial setup was straightforward.

What other advice do I have?

Make it easier to upgrade the software.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user572856 - PeerSpot reviewer
Security Engineer at EarthLink
Video Review
Real User
In addition to helping with security, it also helps with how we audit which credentials are being used

What is most valuable?

With CA PAM, it's mainly the vaulting of credentials that we're looking for, and then after that, probably the bastion functionality where we force all of our administrators through that to get to the servers. We'll also do session recording of both RDP and the SSH sessions through it.

How has it helped my organization?

It definitely helps with security. It also helps with how we audit which credentials are being used. When somebody actually logs in to CA PAM, they have to go in through second factor authentication. Once they're logged in, whatever credentials they check out, we get to see that and our auditors get to see that. It helps out in that way.

What needs improvement?

A better discovery interface of accounts.

It does do discovery of accounts for Windows servers, and you could do UNIX servers as well, but it's kind of clunky how it does it.

What do I think about the stability of the solution?

It's a very stable solution, but we also built it to be highly available and redundant as well. We built it out where we have four appliances in one single cluster across two data centers.

What do I think about the scalability of the solution?

It's pretty scalable from what we can see. We have four appliances in a single cluster across two data centers, and we can actually even grow that if we wanted to.

How are customer service and technical support?

I haven't had to call in any cases yet, but we've been working with the CA services team to help us implement the solution. They've been really really good.

Which solution did I use previously and why did I switch?

Over time security has been becoming more prevalent, mainly because of the number of attacks out there. We found that just by looking at our whole portfolio of solutions that we already had in place, there were definitely some small gaps and areas that we needed to fill. PAM was one of the solutions that we found to help us with vaulting credentials, rapidly changing credentials.

Beforehand, for administrators to change certain credentials, they would have to go in and there would be change control processes that they had to go through. The vaulting automates a lot of that for us.

How was the initial setup?

When we set up CA PAM, it's a OVA. It's an appliance, a virtual appliance, that we just needed to throw in VMware, spin it up, and there it is. From there it was just connecting in other things like our storage, our time server, and whatever else. Very very simple to set up.

Which other solutions did I evaluate?

For us, we mainly wanted a solution that worked in the scenarios that we were looking for.

We've demoed numerous products. After even just watching the demos we weeded some out. Then we actually brought a few in-house that we liked, and we did proof of concepts. We found out that some products just didn't work the way we wanted them to in our environment.

The reason we chose CA PAM is it worked in the scenarios that we wanted it to, and it just worked without problems.

What other advice do I have?

Rating: I would say probably a seven or an eight. As I said, the interface is not the easiest to navigate and it doesn't really have the discovery piece or fully baked discovery. Overall, the solution works and there's just multiple ways of doing things. You don't have to use the whole GUI interface to get your stuff in. There's ways of importing our credentials and what not through Excel spreadsheets and what not. It's really easy how the import/export mechanism works.

I would definitely tell them [peers] to do an in-house proof of concept of the solution to make sure that solution works for their environment.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user712038 - PeerSpot reviewer
Business Coach & Consultant
Vendor
When people are accessing our production environment as administrators or as non-end users, they use CA Privileged Access Manager​ to be able to access it
Pros and Cons
  • "The two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors. That was pretty huge for us."
  • "It'd be great if you just stuck in your PIV card and Windows popped up, asked you for your password. You typed it in, then it remembered your credentials."

What is most valuable?

If I remember correctly, it was the two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors. That was pretty huge for us.

How has it helped my organization?

Our organization does and uses cloud-based solutions. Those have to be very secure.

Specifically, administrative access needs to be highly secure. When people are accessing the production environment as administrators or as non-end users, they use CA Privileged Access Manager to be able to access it.

What needs improvement?

Trouble free installation and configuration and not even noticing that it's installed. There's too many steps involved in accessing the production network. Too many things you have to do to get on.

It'd be great if you just stuck in your PIV card and Windows popped up, asked you for your password. You typed it in, then it remembered your credentials.

For how long have I used the solution?

For about 10 months.

What do I think about the stability of the solution?

There were some issues with stability.

From what I remember, people would complain that every 30 minutes to an hour or so, their connection would drop and they'd have to reconnect, but it wasn't clear whether that was a problem with the network we were working on or whether that was a problem with Privileged Access Manager.

What do I think about the scalability of the solution?

We didn't run into any scale issues at all. The more people involved, the more it was able to handle.

How are customer service and technical support?

Yeah, we worked with technology support. They were actually pretty helpful. The couple of problems we had, they were able to identify and help us resolve.

Which solution did I use previously and why did I switch?

Yeah, we were using OpenVPN. We were using OpenVPN, and the biggest single reason was dual-factor authentication with PIV and CAC. That was the biggest single reason.

How was the initial setup?

I did not personally do the setup. From what I remember, it took a couple of weeks for the security lead to do the work. That's not out of the question or a surprise with a security product, because just getting it operating usually takes a little bit, then getting it fine tuned takes a whole another round of work.

Which other solutions did I evaluate?

We looked at about a half a dozen, and this one came out to be the best one. We filtered down.

What other advice do I have?

I would say, test it out in your environment, make sure it works out well. If it configures well, and then, assuming it works out fine, you're in good shape.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user589527 - PeerSpot reviewer
IT Infrastructure Manager at a tech services company
Consultant
Individual administrators have access to end points without needing to know passwords. We have had many complications during the implementation.

What is most valuable?

The most important feature is that we do not need to know the passwords any more; just having access to the end point; and that it’s easy to manage users and the account.

How has it helped my organization?

Since we implemented CA PAM in our company, we don't need to pass the passwords to every individual administrator. He just logs in using his own credentials and then searches for the end point he wants to access and that's it. We approve their access and they're ready to administer the end point. This is good because we don't need to change passwords every time one of our colleagues leaves the company.

What needs improvement?

There are many improvements needed. We are always searching for new features and new ways to improve the solution, because I'm just the local administrator. I have a support company which implements the solution. We are always constantly trying to improve new features to upgrade the solution, to understand more ways to facilitate our databases.

For how long have I used the solution?

We are going on the third year. We have had many complications during the implementation.

What do I think about the stability of the solution?

The current release that we are using is much faster than the old ones we were trying. We had several problems with performance and crashes, screens that wouldn’t load up. The final release we are using is much better and more stable.

What do I think about the scalability of the solution?

Now, it is scalable.

How are customer service and technical support?

I would give technical support a 2.5/5. I'm not sure if this is a problem with my local support or CA support, but when we opened a case, it took several days to get a response. It cost me time to get a reply. They'd come back to us to understand what is going on or what was necessary to give support. Between me opening the case and my local support trying to understand what we want; then, they don't know how to solve it and go to CA support and try to understand again; that takes a long time.

Which solution did I use previously and why did I switch?

This is the only one. We got this implementation by bid, so we couldn't choose any company. It was the lowest price and a quicker time to implement.

How was the initial setup?

The first setup was complex. The implementation, to me, was very bad.

Which other solutions did I evaluate?

We did a proof of concept with another solution.

What other advice do I have?

When they came for the proof of concept, we only had access to the system itself. I couldn't try to understand the complexity of implementation or support or all the features that the solution would have to offer. I just saw the main features.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user762522 - PeerSpot reviewer
Solution Architect at a tech services company with 10,001+ employees
Real User
More expensive than other solutions but the password vaulting and password management features are valuable
Pros and Cons
  • "We have received good support from the tech support team."
  • "I would like this solution to be simpler. It should have a one-click access that works together with AWS."

What is our primary use case?

We look to make sure that there are two HyperACCESS specifications: 

  1. Privileged managements: These are ordered to ensure that all the passwords assume one location so a user can enter and all their passwords are protected. Their passwords cannot be shared because they are rotated. 
  2. The odd user: This user has to go through the system and exercise a chair relay. This should be our Gateway for login. 

What is most valuable?

The most common features that I use are password vaulting and password management. 

What needs improvement?

I would like this solution to be simpler. It should have a one-click access that works together with AWS. 

For how long have I used the solution?

Less than one year.

What do I think about the scalability of the solution?

Scalability has been good. 

How are customer service and technical support?

We have received good support from the tech support team.

Which solution did I use previously and why did I switch?

We used IBM before.

How was the initial setup?

It was a challenge for our newer staff members to install. 

What's my experience with pricing, setup cost, and licensing?

It is more expensive than other solutions on the market.

Which other solutions did I evaluate?

We have been using IBM extensively because customers demand that we provide this option.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user708474 - PeerSpot reviewer
Pre-Sales Engineer at a tech services company with 51-200 employees
Real User
It has proven to be a very stable solution, even when it is run as a virtual appliance
Pros and Cons
  • "Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated."
  • "The support for other remote assistance tools would be excellent. Free included tools in Windows (Remote Assist) and Microsoft SCCM Configuration Manager (ConMgr Remote Control) allow companies to reduce the amount of RDP connections and expand the usage of the tools are frequently used by companies to provide technical support for remote assistance."

What is most valuable?

Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated.

The recording feature uses a proprietary format that is very light, even with high definition videos, allowing you to use very little hard drive space. This has proven very valuable when managing large amounts of sessions.

How has it helped my organization?

We are now able to record all technical support requests that require a remote control session, therefore accountability has risen reducing the amount of mistakes or errors.

Clients are also more confident that all activities are recorded and everyone is held accountable when asking for support being provided.

With the recently added feature that supports recording VNC sessions, we have been able to expand the session management to the IT personnel who prefer VNC for remote session management.

What needs improvement?

The support for other remote assistance tools would be excellent. Free included tools in Windows (Remote Assist) and Microsoft SCCM Configuration Manager (ConMgr Remote Control) allow companies to reduce the amount of RDP connections and expand the usage of the tools are frequently used by companies to provide technical support for remote assistance.

This could increase the amount of purchased licenses, with increasing growth of (remote) managed services (MSPs), and would also allow a company to demand that a provider use a tool such as CA PAM when providing remote assistance, in order to record evidence or increase accountability. Access to online training free of charge is also highly recommended.

For how long have I used the solution?

Over two years.

What do I think about the stability of the solution?

Not in my experience. It has proven to be a very stable solution, even when it is run as a virtual appliance.

What do I think about the scalability of the solution?

Not in my experience.

How are customer service and technical support?

I have had a good experience because they have been able to resolve issues nine of 10 in a short period.

The cons are that you are rarely (if ever) able to talk to a technician when calling support. This is frustrating when the issues are critical or urgent.

This is much worse in out of office hours. At times, when the issues are complex, the resolution times has been longer than desired and the time in between contacts is also too long.

There is a lot of space to improve in this area.

Which solution did I use previously and why did I switch?

No, I have looked at CyberArk, but never used it as a customer.

How was the initial setup?

Session management is pretty straightforward as is the password management. We were able to get it up and running in no time. It might be a bit complex to follow the flow of creating the devices, users, and single sign on using the password vault, so that process could be simplified for those getting started with the solution.

What's my experience with pricing, setup cost, and licensing?

Can’t say much. The prices are not low, but one can ask for a discount. It’s not the cheapest PAM solution.

Which other solutions did I evaluate?

Yes, CyberArk. We found it too complex and with more features than one would probably need.

What other advice do I have?

If looking for a solution with privileged session management, great recording features with an integrated password vault and Single Sign-On that is pretty straightforward to implement out-of-the-box and does not overwhelm you with unnecessary features, it the best way to go.

It has space for improving the user interface and remote connection tools, but surely this is something that should be in their roadmap.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Symantec Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Symantec Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.