Symantec Privileged Access Manager Reviews

One of the valuable features is the randomly generated password. It is a strong way to protect the security access to the network and servers in our department of Homeland Security Environmental Management System.

It has helped us with security.

Updates get difficult for the client. It needs to improve. I experienced difficulty in upgrading the software myself. With a tech engineer's help, I was able to manually delete some directories and was finally able to upgrade successfully. The codes should be easier and have an auto-feature to upgrade.

We have used this solution for two years.

We did not encounter any issues with stability.

We did not encounter any issues with scalability.

We did not use different solution before.

The initial setup was straightforward.

Make it easier to upgrade the software.

With CA PAM, it's mainly the vaulting of credentials that we're looking for, and then after that, probably the bastion functionality where we force all of our administrators through that to get to the servers. We'll also do session recording of both RDP and the SSH sessions through it.

It definitely helps with security. It also helps with how we audit which credentials are being used. When somebody actually logs in to CA PAM, they have to go in through second factor authentication. Once they're logged in, whatever credentials they check out, we get to see that and our auditors get to see that. It helps out in that way.

A better discovery interface of accounts.

It does do discovery of accounts for Windows servers, and you could do UNIX servers as well, but it's kind of clunky how it does it.

It's a very stable solution, but we also built it to be highly available and redundant as well. We built it out where we have four appliances in one single cluster across two data centers.

It's pretty scalable from what we can see. We have four appliances in a single cluster across two data centers, and we can actually even grow that if we wanted to.

I haven't had to call in any cases yet, but we've been working with the CA services team to help us implement the solution. They've been really really good.

Over time security has been becoming more prevalent, mainly because of the number of attacks out there. We found that just by looking at our whole portfolio of solutions that we already had in place, there were definitely some small gaps and areas that we needed to fill. PAM was one of the solutions that we found to help us with vaulting credentials, rapidly changing credentials.

Beforehand, for administrators to change certain credentials, they would have to go in and there would be change control processes that they had to go through. The vaulting automates a lot of that for us.

When we set up CA PAM, it's a OVA. It's an appliance, a virtual appliance, that we just needed to throw in VMware, spin it up, and there it is. From there it was just connecting in other things like our storage, our time server, and whatever else. Very very simple to set up.

For us, we mainly wanted a solution that worked in the scenarios that we were looking for.

We've demoed numerous products. After even just watching the demos we weeded some out. Then we actually brought a few in-house that we liked, and we did proof of concepts. We found out that some products just didn't work the way we wanted them to in our environment.

The reason we chose CA PAM is it worked in the scenarios that we wanted it to, and it just worked without problems.

Rating: I would say probably a seven or an eight. As I said, the interface is not the easiest to navigate and it doesn't really have the discovery piece or fully baked discovery. Overall, the solution works and there's just multiple ways of doing things. You don't have to use the whole GUI interface to get your stuff in. There's ways of importing our credentials and what not through Excel spreadsheets and what not. It's really easy how the import/export mechanism works.

I would definitely tell them [peers] to do an in-house proof of concept of the solution to make sure that solution works for their environment.

Transparent login and cluster synchronization. This is quite stable compared with other products. It is easy to manage for the administrator.

After the CA acquisition of Xceedium, I was able to see a lot of improvement in technical support.

There are a lot of gaps in the documentation. The documentation has to improve like anything else. There are a lot of things which are not covered in the documentation, and there are a few things which are covered in the documentation, but are not clear.

To mention the features which are not covered and which are not clear would require a separate document. Here are some examples:

• Authentication methods: PAM does support a few authentication mechanisms to login to PAM. But the documentation does not have the details of how to integrate TACACS+ in PAM. The documentation explains it at a very high level.
• Application Connectors: PAM does support different application connectors. But for CISCO devices, the details are not clear.
• Roles and Privileges: There are almost 200 privileges in Credential Management. There is not a document which has the details for the privileges and their functionality.
• Segregation of Duties: There is not a document for PAM roles. For example, if the user has “Standard User” as a role, he cannot have “Approver Role” from CM. It is a limitation in PAM. This limitation might be due to security or operational functionality. But it should be documented if it is limitation of PAM.

We have been using this solution for two and a half years.

I faced stability issues in the past, but I have not faced any stability issues lately.

I have not faced any scalability issues.

I would give technical support a rating of 6/10.

We did not use a previous solution.

The setup was straightforward.

There are currently other tools on the market which are much cheaper than PAM. They can do almost all of what PAM does, and even do it better. CA can think of reducing the pricing for PAM.

We did not evaluate other solutions.

Our clients are generally enterprise businesses, mainly in the financial sectors. We are resellers and I'm head of the security business unit. 

The best features are the comprehensive coverage of the required features for the PAM solution like a credential vault, a session recording, an endpoint agent, security analytics. All those things. 

I think the management console could be improved. I have just watched a demo video for the management console and I think it may need to be simplified. I haven't yet had hands-on experience with the solution so it's difficult to comment on possible additional features. 

I've been using this solution for two months. 

The stability looks okay. 

Scalability seems to be fine. 

I haven't used the support because I've relied on the documentation until now. I think there could be some improvement with that. 

I would recommend that anyone thinking of using this solution carry out a proof of concept first.

I would rate this solution an eight out of 10. 

Some of the valuable features are safe access to company resources, quick, comprehensible, and intuitive management interface, and good integration capabilities. Control on targets could be extended through CA PAM Server Control component. It now includes an optional risk evaluation engine (CA Threat Analytics for Privileged Access Manager).

• Quick setup
• Support for different types of existing user stores
• Management automation through REST interface
• Integration with Identity Management solutions easily for automatic user provisioning.

I would like it to support more types of integration.

We have used this solution since CA acquired Xceedium.

There were no stability issues.

There were no scalability issues.

I would give technical support a rating of an eight out of 10.

Many customers switched to CA PAM, because the list of useful features quickly expands.

The deployment was very fast, as it is commonly deployed as a virtual appliance.

Contact the sales department.

We evaluated Hitachi ID PAM and IBM PIM.

Proceed!

One of the most valuable items is the load balancing feature.

The live session recording is still not in the features.

We have used this solution for over a year.

There were no issues with stability.

There were no issues with scalability.

I would give technical support a rating of 7/10.

This is the first solution.

The setup is one of the advantages of CA PAM, as compared with the other solutions.

We evaluated CyberArk, BeyondTrust, and Dell.

The implementation of this product is not a problem and is simple.

Manager user/admin’s password, so it’s more secure and password will be changed on time.

When there’s new patches or upgrades, please test the new release well, so it won’t break the functional parts.

It’s very stable, unless we do some patches or upgrade, then it’ll break some functional parts.

So far, no.

So far, it's fair. Because sometimes, it takes me a few days/weeks to get attention.

No.

I didn’t get involved in the initial setup.

I don’t handle that.

I didn't get involved in that evaluation, either.

Have a test environment for testing any upgrades/patches first, before pushing it to production.

So far, we’re using the RDP-gateway and the “published application” features.

• The RDP-gateway: For limiting which server an operator can access.
• The “published applications” feature: To minimize the exposure of sensitive usernames and passwords.

The exposure of sensitive usernames and passwords has been limited in a massive way. This allows us to give much needed access to LDAP servers and databases without the operator knowing the username and/or password. They just have a link to click on after logging into the PAM virtual appliance.

I’m no fan of Java as an application front-end, as it tends to have issues depending on what browser one’s using. Have nothing further right now due to limited exposure to the more technical parts of the product.

We’ve had it running for approximately six months so far.

No issues so far, except the typical Java/web-browser problems that all Java-based products have.

Do not know as of right now, as we only have one instance in production at the moment.

So far, I would rate it high. I have gotten fast and accurate answers to my questions and any issues have been resolved in a timely manner.

We used the now discontinued Shared Account Management component of CA Privileged Identity Manager.

The initial setup is really easy. The only thing to worry about is to add all needed networks to your virtual appliance prior to the initial boot. This is a pain and should be fixed in my opinion.

I do not know as I only work with the technical parts of the product, I do not worry about pricing and licensing.

Make sure you have all your network needs mapped out prior to installation, as you have to add all needed networks to the virtual appliance prior to the first boot.