I have been working with the new services and don't see any additional issues at this hour. The key requirement is to have people who understand not only the tool but also the concepts and how to view it from an architectural perspective. One problem is that people may not know how to work with the tool, and another is that they don't understand the concepts. So, I think focusing on proof of concepts is good. For example, what I do at first is request information for identity providers and key management services. I rate the overall solution a nine out of ten.
HR Director at Kooperativa pojistovna, a.s., Vienna Insurance Group
Real User
Top 20
2024-05-02T07:54:00Z
May 2, 2024
Six people from the OPS team and three from the engineering team are needed to deploy and maintain the solution. Regarding enterprise, the solution is scalable and has a good feature set. The solution helps us stay compliant with regulations and be proactive in remediating security issues. Overall, I rate the solution an eight out of ten.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
The product takes some time to learn. That said, CyberArk Software offers both a customer success team as well as paid professional support to assist. The customer success team has always seemed to be in my corner when needed, bringing insight and assistance when I was unable to resolve some of my "self-created issues".
I would suggest finding a qualified partner. Don't try to install and configure it on your own. Instead, seek a certified CyberArk partner. It will save a lot of time and stress. Overall, I would rate the solution a nine out of ten. It's very good, but there are still areas for improvement, like any other product.
Individuals who wish to utilize CyberArk should be cautious when selecting a partner to implement the solution, as proper architecture design is essential to ensure a streamlined and effective implementation. I rate CyberArk Privileged Access Manager a nine out of ten.
A team of five to six people would be sufficient to maintain 24/7 operations. I would recommend reducing the fee for cancellations, but when it comes to cloud services, there are superior options available in the market. I rate CyberArk Privileged Access Manager a seven out of ten.
Sri Privileged Access Management Architect at Edgile
Reseller
Top 10
2023-02-17T19:24:00Z
Feb 17, 2023
I give the solution a ten out of ten. For maintenance, we require one part-time architect and two operations people. I recommend the solution to others.
We have four models which we are using. The first one has a wall that which we have deployed on the particular server. The next one is the CPM which is the Central Policy Manager through which we enforce the password policy and password rotation policies. I'd recommend the solution to others. We have conducted a POC in Pakistan on multiple sites with different customers. CyberArk is a quite typical product and can be a bit expensive, so it's a good idea to try it out first and make sure it is what you need. I'd rate the solution seven out of ten.
Before you get started, make sure that you know what it is that you're looking for from the product. That's one of the things that we went through. We had all of the groups involved, which included the Information Security Office, my team with the servers and the networks, and people who were managing the accounts. We all got together and submitted scenarios for what we wanted out of the product, and then we went to CyberArk and asked them how they were going to meet these needs, and they were able to meet pretty much every need. There were only one or two minor things that they couldn't manage, and those weren't that important. So, we were willing to go with it. I don't know if the other company was able to meet those either. My advice would be to make sure what it is that you want first before you go talk to them because they have a huge list of things that they can do for you, and you don't want to buy the things you don't need. I would rate it an eight out of ten in terms of flexibility in everything because it does almost everything. The biggest drawback is because of the complexity, it is hard to manage. It is not impossible by any means, but it is not the simplest thing to manage. Cost-wise, it is not a cheap product, but it does a ton of things, and it does them well.
Consultant at a recruiting/HR firm with 10,001+ employees
Real User
2022-07-13T11:28:24Z
Jul 13, 2022
We are CyberArk partners. I’m a consultant. We’re always using the most up-to-date solution version, as we are utilizing the cloud. We use it mostly to secure our privileged accounts. We don't actively use any other products of CyberArk. I’d recommend the solution. It’s ideal for smaller organizations. I would rate it seven out of ten.
I'm working for a company that sells privileged access management solutions, including CyberArk Privileged Access Manager. The version of the solution which I'm dealing with is an old version. Most of the deployment is on-premises, but my company will start cloud deployment for CyberArk Privileged Access Manager as well. My company resells, implements, and also provides support for CyberArk Privileged Access Manager for the customers. The solution requires upgrading regularly, and if there's a new system or application, you need to set it up for privileged access management on CyberArk Privileged Access Manager, so maintenance is important. Currently, in my company, five people work with the solution where there are about two hundred devices with fifty administrators. In the beginning, CyberArk Privileged Access Manager was for large-sized businesses. Nowadays, it's also used by medium-sized businesses. I would recommend CyberArk Privileged Access Manager to others looking into implementing it because it's very important to protect privileged accounts in the company and do password rotation, so the hackers won't have a chance to detect and find the real passwords in the system. You can also use CyberArk Privileged Access Manager to protect external users and the admins from the direct connection to the server and after that, you can see what the users and admins do because the system makes video recordings and session logs. It's important to see what the admins do from time to time. For me, CyberArk Privileged Access Manager is the best product, and even Gartner says the same, so I would rate it a ten out of ten. My company is a partner and reseller of CyberArk Privileged Access Manager.
Identity and Access Management Engineer at Wiley Global Technology Pvt. Ltd.
Real User
2022-06-03T15:14:46Z
Jun 3, 2022
If you can afford CyberArk Privileged Access Manager or you are looking 5 to 10 years in the future, it's a good investment. You will gain experience handling all these pieces using the one product. You can easily integrate with other products also. You would have maintenance with other PAM products, and you won't with CyberArk. You can save that money by investing in a high quality product from the beginning itself. Overall, I would rate CyberArk Privileged Access Manager at eight on a scale from one to ten.
I recently switched jobs, so I was working with CyberArk Privileged Access Manager in my previous organization, and also using it in my current organization. I'm using version 12.2 of the solution. In terms of maintenance, it can be monitored through SCOM Monitoring, but the vault is standalone. CyberArk Privileged Access Manager can enable SNMP Traps so that the vault can be monitored automatically and it can trigger an incident to the ticketing tool the teams are using. It has the ability for automated monitoring. My advice to others looking into implementing CyberArk Privileged Access Manager is to know their network properly. If they're doing an on-premises deployment, they should know their network properly, and they should first audit their environment in terms of the accounts they're going to manage on CyberArk Privileged Access Manager. They should also assign the owners and assign everything beforehand to help make implementation faster. I'm rating CyberArk Privileged Access Manager nine out of ten.
Manager at a financial services firm with 1,001-5,000 employees
Real User
2022-04-27T11:56:40Z
Apr 27, 2022
I would advise others that requirements should be discussed properly with all the stakeholders to understand their expectations. Additionally, it is important to explore our tool limitations. We should more focus on solution designing. I rate CyberArk Privileged Access Manager a nine out of ten.
If you are using this solution for the first time, you need to be a little bit aware of Windows, Linux, and AD. Otherwise, it might be complex for you. I would rate it a nine out of ten.
Consultant at a consultancy with 10,001+ employees
Consultant
2022-03-07T19:12:00Z
Mar 7, 2022
When you work on CyberArk, you have to have more than one skill set. You are not just a PAM consultant because you manage passwords for all kinds of systems. You have to have skills in Windows, Linux, databases, and security because you manage those kinds of accounts. If you don't have those kinds of prerequisites, you can't work with CyberArk. I started working on CyberArk when it was version 10.x and at this moment it is at 12 and more. The interface has changed and a lot of features have been added over that time. It's a good solution.
It's a long journey and it needs to be set out in phases very well, starting with something small and gradually implementing PAM controls across whatever multiple technologies an organization uses. It's a long-term project to fully deploy and benefit from all of CyberArk's features. Rather than being about the product, it's more about the overall PAM journey that a company decides to take. It's a very complex world, integrating multiple applications within CyberArk. There are various technical complexities involved, not with CyberArk, but with the other products. But it's worthwhile. CyberArk does its job very well. All the components are very useful and the benefits are all evident. CyberArk is the number-one PAM solution.
Security Architect at a tech services company with 1,001-5,000 employees
Real User
2022-01-12T12:29:00Z
Jan 12, 2022
Plan wisely and you will have a very good product. The approach should be modular and step by step. Start with the UNIX administrators, network device administrator, Windows administrator, and Active Directory administrator, then move onto more complex scenarios, like web server administrators, sub-administrators, etc. I would rate CyberArk PAM as nine out of 10. It could be more manageable.
Product Owner at a tech services company with 1,001-5,000 employees
Real User
2022-01-10T13:53:00Z
Jan 10, 2022
We only use it on-prem, but for someone who only wants to solve cloud security challenges with a born-in-the-cloud security solution, I would still tell them CyberArk is one of the potential solutions. I would also tell them to do their assessment because it costs a lot. So it depends on the scale of use and the use cases. It certainly has the most capabilities that could be of use, but it depends on whether you only have some small deployments in the cloud and on the size of the risks involved. For certain scenarios, I would say they should immediately go with CyberArk, and that they shouldn't bother with others' solutions. In other scenarios, I would say they should do a very thorough assessment of the market before they decide because there might be cheaper options that will be sufficient for them.
Information Security Leader at a government with 10,001+ employees
Real User
2021-12-19T18:34:00Z
Dec 19, 2021
CyberArk's abilities are amazing. We're just starting to hit some limits, but we're able to get through the majority of them. Some of the database stuff is a little bit more involved. The other things, like cloud and all of the Linux and Windows, have not been a problem at all. It's not that the database stuff is a problem, but it's just more complex. If you want to talk about CyberArk providing an automated and unified approach for securing access for all types of identity, "all types" is a strong claim. I wouldn't ascribe "all types" of identities to anything. But for everything that we're doing with it, it has been a great tool and it's doing that for us.
Information Security Administrator at a insurance company with 501-1,000 employees
Real User
2021-12-16T18:49:00Z
Dec 16, 2021
Make sure your use cases are covered. Go for a small PoC, if possible, to make sure that all your use cases are covered and delivered per your expectations. Check whether the solution is on-prem or Azure and the resource utilization needed for implementation. For your IT expansions in future, check whether you will need any additional modules in future or if the existing ones will meet your future requirements. With Secure Web Solutions, we could access any web applications from a PC. It was like a native tool where you could browse from your Chrome or any web applications, and the applications would be routed to the CyberArk where it was securing the web applications and access. However, this product was deprecated last year so it is no longer supported from CyberArk's point of view. I would rate CyberArk PAM as nine out of 10.
Cybersecurity Engineer at a healthcare company with 10,001+ employees
Real User
2021-12-14T02:29:00Z
Dec 14, 2021
It is a good choice. I'm not sure if they're the market leader or not, but they seem to have the biggest footprint. I know there are a couple of competitors, but I've never used them. The other two that I know about are not as widely used, so there is a bigger community for support for CyberArk, and there is also CyberArk's support. CyberArk is good as a technology partner for ensuring that we maintain a strong security posture throughout our digital transformation. It is a needed platform to have. Given my experience with CyberArk PAM, to a colleague at another company who says, “We want to solve cloud security challenges with born-in-the-cloud security solutions as opposed to legacy solutions that have been adapted to the cloud," I would say that CyberArk is a good option for the cloud. That's because you don't have to worry about maintenance, and all the integrations are already in place. The different accounts that CyberArk can integrate with are already in place. It doesn't really give a single pane of glass to manage and secure identities across multiple environments. It only gives visibility into CyberArk and how the accounts are working there. If something is wrong with an account, sometimes, you have to check other tools, such as Active Directory, or permissions. We don't use CyberArk’s Cloud Entitlements Manager and Secrets Manager. We use CyberArk PAM to implement least privilege entitlements, and it is neither easy nor difficult to implement them. It is somewhere in the middle. The adoption of least privilege entitlements by using CyberArk PAM is also somewhere in the middle. If users aren't really technical, they would have problems with it. It provides consistent controls to enable secure access, manage secrets, and implement least privilege at scale across our environment. It is somewhat user-friendly for people to just rotate passwords. Its interface can be a bit difficult. I would rate it an eight out of 10.
Security Lead at a insurance company with 1,001-5,000 employees
Real User
2021-10-29T13:55:00Z
Oct 29, 2021
As it stands today, I would rate CyberArk PAM nine out of 10. However, I'm concerned about the future of the platform. While I've had nothing but great experiences so far, I have concerns about how they've been pushing that cloud solution in the last year and a half. I feel like they're going to pressure us to move to the cloud even though they're not mature enough in the cloud. Rather than create a cloud-native version, they've migrated their on-premise solution to the cloud, but they don't allow cloud customers to access the backend, which I recommend all the time as an on-premise user. Instead, you have to submit a support ticket and have their support do things on your behalf, which delays your ability to work with the tool. Furthermore, they may not be willing to make the modifications you want because it would affect their ability to impact the solution consistently. CyberArk designed the on-premise version to be incredibly flexible, and I have never found a use case where I can't do the work I want to do. Their cloud model discards a lot of that flexibility, which is where I see a lot of value, so I have concerns about the future of the tool. Also, I'd like to point out that service account management is incredibly hard, particularly in a company that's been around for a while. Any company looking to adopt service account management needs to know that it's not as easy as vendors make it sound. Many things don't work right out of the box, so the most important lesson we've learned is to calibrate the expectations of senior management when it comes to service account management because it is a lot harder than anybody thinks. You're likely to break things in the process of trying to manage these accounts.
IT Manager at a financial services firm with 1,001-5,000 employees
Real User
2021-10-16T07:22:00Z
Oct 16, 2021
CyberArk is a good technology partner. They help us a lot with maintenance and our security process management. I don't have experience in the cloud using CyberArk. However, for on-premises environments, it works very well. I recommend it. I would rate the solution as a nine out of 10.
This is a complete package that has a lot of the capabilities you would want in this type of solution but it is very expensive. I rate CyberArk PAS a seven out of ten.
I would recommend CyberArk solution even for small customers, who have critical application and internet presence in their business. The licensing model support to start with even 5 privilege users, this really helps. We haven't experience Idaptive ( Identity Saas ) solution yet, however, it looks promising I would rate CyberArk PAS a ten out of ten. They are sharp focused on privilege access security for more than 21 years. This highly remarkable.
Product Manager at a tech services company with 11-50 employees
Reseller
2021-02-04T07:52:57Z
Feb 4, 2021
For those who are interested in using this product, you have to know your requirements and compare them with CyberArk to see if it is suitable for them and fits their budget. I would rate this solution a nine out of ten.
Junior Product Consultant at a tech services company with 501-1,000 employees
Real User
2020-12-08T05:35:26Z
Dec 8, 2020
We're just users of the solution. We're customers. We aren't resellers or consultants. We don't have a business relationship with the solution. I'm using the latest version of the solution. I'd recommend the product to others. Overall, we've been mostly happy with the solution. I'd rate it at an eight out of ten so far.
I'd never ever rate anything a 10. I'd probably never rate anything a one. I'd rate CyberArk as 7.5 out of 10. We actually did surveys of all the people that saw all the demos of all the new solutions we looked at. CyberArk was a seven or eight consistently, from all the people who watched it. The benefit of it is it's stable, it's old-school, it just works. The downside is that it's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers. Those are the highs and lows. It could be amazing if it all ran in the cloud, but that wouldn't be possible. I started as a PAM engineer eight years ago. Learning PAM and understanding how it protects people and being the liaison who needs to take passwords away from engineers is really tough. But it put me in a good spot. I grew from a PAM engineer to an identity engineer to identity team lead to identity manager. Within the last year-and-a-half, I came into this company because of a PAM role. They hired me as an identity manager because I knew PAM and because I had a relationship; I was working on bringing CyberArk in as part of my previous role and they wanted me to come in and do that same evaluation here. So knowing CyberArk got me my job and, within three months, they said, "We don't need just one team like this doing these assessments. We need multiple teams. So you're an associate director." I said, "Thanks, I don't want to do that. I just want to play with PAM."
Corporate Vice President at a insurance company with 10,001+ employees
Real User
2019-12-15T09:11:00Z
Dec 15, 2019
We use the solution with AWS. In fact, we set up a custom setup for AWS. We worked with the CyberArk engineering team to get it working, to come up with a custom solution to integrate our AWS EC2 instances. There were some limitations, as I mentioned earlier, with how the product integrates with AWS, so we had to make some major changes to how the integration works. As far as monitoring is concerned, it's standard CyberArk monitoring. We don't see anything specific to AWS, as far as the monitoring is concerned. This is the one place where CyberArk can improve. Privileged access management is one part of IM. Anything that goes through has to get approved through the IM team, and our product of choice for privilege access is CyberArk. When we decided to go to the cloud, this was the natural choice because this was the product that the enterprise uses. We've had challenges. We've had to customize the product to meet our requirements. It might not be the same for every customer because our requirements are a little unique. But it eventually worked out. We've been able to meet most of our use cases. CyberArk is an eight out of 10. It can do a lot. But there is definitely scope for improvement. I come from the IM world, but I was more into access management. CyberArk was just one of those products which was thrust on me. Now I'm head of privileged access management, so CyberArk has been pretty good for me, going from the access management space to privileged access management. It's definitely had an impact on my career.
Cyber Security Manager at a hospitality company with 10,001+ employees
Real User
2019-12-15T09:11:00Z
Dec 15, 2019
I would rate CyberArk an eight point five on a scale of one to 10 because it has done everything that we have asked of it. There is a bit of a learning curve, but it's a pretty complex solution. They do have ways to make it easier, but it's easy to fall down the rabbit hole when you're going into a deep dive. However, if you follow the trail, you will find some pretty cool stuff.
CyberArk continues to innovate, as they refine strategies based on industry research and trends in the cyber security landscape, and incorporate the necessary updates to both their roadmaps as well as their product sets. The creation of the customer implementation roadmap, acquisition of Conjur for DEVOPS and the development of Alero to address 3rd party secured access, are examples of product innovation to address emerging risks within the industry. I would rate CyberArk 8 our of 10; although I do remain impressed with their existing set of product offerings, their cyber security roadmap & strategy, and their overall corporate philosophy, I do feel it is necessary for them to ensure they remain vigilant and maintain pace with an evolving cyber industry. Significant disruption in the technology industry brought on by advancements in Machine Learning / AI, commoditization of cyber attack tools, and rapid deployment of IoT based technologies, summon the need to ensure companies do not become complacent in the agility of their security tools. I have several passions. One of the passions I've always had is in organizational transformation and leadership. A second is really around the space for identity and access management. CyberArk has allowed me to continue, even after I've retired from the industry after 35 years, to still live that passion through their customers. I've been given the opportunity to provide some keynotes around organizational transformation. It's an exciting industry to be in and CyberArk has allowed me the benefit of still continuing to enjoy that experience.
We are currently on version 9.10. We would like to upgrade to the latest version sometime this year. There is currently a CyberArk Security Bulleting CA19-09 that addresses potential administrative manipulations within the PVWA and the Digital Vault. CyberArk has released patch 9.10.4 to address the PVWA and they are working on releasing a patch for the Vault Server.
CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.
CyberArk Privileged Access Manager possesses...
I have been working with the new services and don't see any additional issues at this hour. The key requirement is to have people who understand not only the tool but also the concepts and how to view it from an architectural perspective. One problem is that people may not know how to work with the tool, and another is that they don't understand the concepts. So, I think focusing on proof of concepts is good. For example, what I do at first is request information for identity providers and key management services. I rate the overall solution a nine out of ten.
Six people from the OPS team and three from the engineering team are needed to deploy and maintain the solution. Regarding enterprise, the solution is scalable and has a good feature set. The solution helps us stay compliant with regulations and be proactive in remediating security issues. Overall, I rate the solution an eight out of ten.
Overall, I rate the solution a nine out of ten.
Overall, I am really glad I worked with CyberArk for five years.
Take advantage of the vendor's training or use a good partner to provide support and administration.
Use CyberArk professional services when needed. They are very knowledgeable and experienced which means engagements have a high success rate.
I'd advise other users to take their time, measure twice, and cut once.
The product takes some time to learn. That said, CyberArk Software offers both a customer success team as well as paid professional support to assist. The customer success team has always seemed to be in my corner when needed, bringing insight and assistance when I was unable to resolve some of my "self-created issues".
I would suggest finding a qualified partner. Don't try to install and configure it on your own. Instead, seek a certified CyberArk partner. It will save a lot of time and stress. Overall, I would rate the solution a nine out of ten. It's very good, but there are still areas for improvement, like any other product.
Individuals who wish to utilize CyberArk should be cautious when selecting a partner to implement the solution, as proper architecture design is essential to ensure a streamlined and effective implementation. I rate CyberArk Privileged Access Manager a nine out of ten.
A team of five to six people would be sufficient to maintain 24/7 operations. I would recommend reducing the fee for cancellations, but when it comes to cloud services, there are superior options available in the market. I rate CyberArk Privileged Access Manager a seven out of ten.
I give the solution a ten out of ten. For maintenance, we require one part-time architect and two operations people. I recommend the solution to others.
I rate the solution a seven out of ten.
We are reselling the solution to customers. I'd rate the solution nine out of ten. It's quite a good product.
We have four models which we are using. The first one has a wall that which we have deployed on the particular server. The next one is the CPM which is the Central Policy Manager through which we enforce the password policy and password rotation policies. I'd recommend the solution to others. We have conducted a POC in Pakistan on multiple sites with different customers. CyberArk is a quite typical product and can be a bit expensive, so it's a good idea to try it out first and make sure it is what you need. I'd rate the solution seven out of ten.
I would recommend this solution to others. I rate CyberArk Privileged Access Manager a nine out of ten.
Before you get started, make sure that you know what it is that you're looking for from the product. That's one of the things that we went through. We had all of the groups involved, which included the Information Security Office, my team with the servers and the networks, and people who were managing the accounts. We all got together and submitted scenarios for what we wanted out of the product, and then we went to CyberArk and asked them how they were going to meet these needs, and they were able to meet pretty much every need. There were only one or two minor things that they couldn't manage, and those weren't that important. So, we were willing to go with it. I don't know if the other company was able to meet those either. My advice would be to make sure what it is that you want first before you go talk to them because they have a huge list of things that they can do for you, and you don't want to buy the things you don't need. I would rate it an eight out of ten in terms of flexibility in everything because it does almost everything. The biggest drawback is because of the complexity, it is hard to manage. It is not impossible by any means, but it is not the simplest thing to manage. Cost-wise, it is not a cheap product, but it does a ton of things, and it does them well.
We are CyberArk partners. I’m a consultant. We’re always using the most up-to-date solution version, as we are utilizing the cloud. We use it mostly to secure our privileged accounts. We don't actively use any other products of CyberArk. I’d recommend the solution. It’s ideal for smaller organizations. I would rate it seven out of ten.
I'm working for a company that sells privileged access management solutions, including CyberArk Privileged Access Manager. The version of the solution which I'm dealing with is an old version. Most of the deployment is on-premises, but my company will start cloud deployment for CyberArk Privileged Access Manager as well. My company resells, implements, and also provides support for CyberArk Privileged Access Manager for the customers. The solution requires upgrading regularly, and if there's a new system or application, you need to set it up for privileged access management on CyberArk Privileged Access Manager, so maintenance is important. Currently, in my company, five people work with the solution where there are about two hundred devices with fifty administrators. In the beginning, CyberArk Privileged Access Manager was for large-sized businesses. Nowadays, it's also used by medium-sized businesses. I would recommend CyberArk Privileged Access Manager to others looking into implementing it because it's very important to protect privileged accounts in the company and do password rotation, so the hackers won't have a chance to detect and find the real passwords in the system. You can also use CyberArk Privileged Access Manager to protect external users and the admins from the direct connection to the server and after that, you can see what the users and admins do because the system makes video recordings and session logs. It's important to see what the admins do from time to time. For me, CyberArk Privileged Access Manager is the best product, and even Gartner says the same, so I would rate it a ten out of ten. My company is a partner and reseller of CyberArk Privileged Access Manager.
If you can afford CyberArk Privileged Access Manager or you are looking 5 to 10 years in the future, it's a good investment. You will gain experience handling all these pieces using the one product. You can easily integrate with other products also. You would have maintenance with other PAM products, and you won't with CyberArk. You can save that money by investing in a high quality product from the beginning itself. Overall, I would rate CyberArk Privileged Access Manager at eight on a scale from one to ten.
I recently switched jobs, so I was working with CyberArk Privileged Access Manager in my previous organization, and also using it in my current organization. I'm using version 12.2 of the solution. In terms of maintenance, it can be monitored through SCOM Monitoring, but the vault is standalone. CyberArk Privileged Access Manager can enable SNMP Traps so that the vault can be monitored automatically and it can trigger an incident to the ticketing tool the teams are using. It has the ability for automated monitoring. My advice to others looking into implementing CyberArk Privileged Access Manager is to know their network properly. If they're doing an on-premises deployment, they should know their network properly, and they should first audit their environment in terms of the accounts they're going to manage on CyberArk Privileged Access Manager. They should also assign the owners and assign everything beforehand to help make implementation faster. I'm rating CyberArk Privileged Access Manager nine out of ten.
I would advise others that requirements should be discussed properly with all the stakeholders to understand their expectations. Additionally, it is important to explore our tool limitations. We should more focus on solution designing. I rate CyberArk Privileged Access Manager a nine out of ten.
If you are using this solution for the first time, you need to be a little bit aware of Windows, Linux, and AD. Otherwise, it might be complex for you. I would rate it a nine out of ten.
When you work on CyberArk, you have to have more than one skill set. You are not just a PAM consultant because you manage passwords for all kinds of systems. You have to have skills in Windows, Linux, databases, and security because you manage those kinds of accounts. If you don't have those kinds of prerequisites, you can't work with CyberArk. I started working on CyberArk when it was version 10.x and at this moment it is at 12 and more. The interface has changed and a lot of features have been added over that time. It's a good solution.
It's a long journey and it needs to be set out in phases very well, starting with something small and gradually implementing PAM controls across whatever multiple technologies an organization uses. It's a long-term project to fully deploy and benefit from all of CyberArk's features. Rather than being about the product, it's more about the overall PAM journey that a company decides to take. It's a very complex world, integrating multiple applications within CyberArk. There are various technical complexities involved, not with CyberArk, but with the other products. But it's worthwhile. CyberArk does its job very well. All the components are very useful and the benefits are all evident. CyberArk is the number-one PAM solution.
Plan wisely and you will have a very good product. The approach should be modular and step by step. Start with the UNIX administrators, network device administrator, Windows administrator, and Active Directory administrator, then move onto more complex scenarios, like web server administrators, sub-administrators, etc. I would rate CyberArk PAM as nine out of 10. It could be more manageable.
We only use it on-prem, but for someone who only wants to solve cloud security challenges with a born-in-the-cloud security solution, I would still tell them CyberArk is one of the potential solutions. I would also tell them to do their assessment because it costs a lot. So it depends on the scale of use and the use cases. It certainly has the most capabilities that could be of use, but it depends on whether you only have some small deployments in the cloud and on the size of the risks involved. For certain scenarios, I would say they should immediately go with CyberArk, and that they shouldn't bother with others' solutions. In other scenarios, I would say they should do a very thorough assessment of the market before they decide because there might be cheaper options that will be sufficient for them.
CyberArk's abilities are amazing. We're just starting to hit some limits, but we're able to get through the majority of them. Some of the database stuff is a little bit more involved. The other things, like cloud and all of the Linux and Windows, have not been a problem at all. It's not that the database stuff is a problem, but it's just more complex. If you want to talk about CyberArk providing an automated and unified approach for securing access for all types of identity, "all types" is a strong claim. I wouldn't ascribe "all types" of identities to anything. But for everything that we're doing with it, it has been a great tool and it's doing that for us.
Make sure your use cases are covered. Go for a small PoC, if possible, to make sure that all your use cases are covered and delivered per your expectations. Check whether the solution is on-prem or Azure and the resource utilization needed for implementation. For your IT expansions in future, check whether you will need any additional modules in future or if the existing ones will meet your future requirements. With Secure Web Solutions, we could access any web applications from a PC. It was like a native tool where you could browse from your Chrome or any web applications, and the applications would be routed to the CyberArk where it was securing the web applications and access. However, this product was deprecated last year so it is no longer supported from CyberArk's point of view. I would rate CyberArk PAM as nine out of 10.
It is a good choice. I'm not sure if they're the market leader or not, but they seem to have the biggest footprint. I know there are a couple of competitors, but I've never used them. The other two that I know about are not as widely used, so there is a bigger community for support for CyberArk, and there is also CyberArk's support. CyberArk is good as a technology partner for ensuring that we maintain a strong security posture throughout our digital transformation. It is a needed platform to have. Given my experience with CyberArk PAM, to a colleague at another company who says, “We want to solve cloud security challenges with born-in-the-cloud security solutions as opposed to legacy solutions that have been adapted to the cloud," I would say that CyberArk is a good option for the cloud. That's because you don't have to worry about maintenance, and all the integrations are already in place. The different accounts that CyberArk can integrate with are already in place. It doesn't really give a single pane of glass to manage and secure identities across multiple environments. It only gives visibility into CyberArk and how the accounts are working there. If something is wrong with an account, sometimes, you have to check other tools, such as Active Directory, or permissions. We don't use CyberArk’s Cloud Entitlements Manager and Secrets Manager. We use CyberArk PAM to implement least privilege entitlements, and it is neither easy nor difficult to implement them. It is somewhere in the middle. The adoption of least privilege entitlements by using CyberArk PAM is also somewhere in the middle. If users aren't really technical, they would have problems with it. It provides consistent controls to enable secure access, manage secrets, and implement least privilege at scale across our environment. It is somewhat user-friendly for people to just rotate passwords. Its interface can be a bit difficult. I would rate it an eight out of 10.
As it stands today, I would rate CyberArk PAM nine out of 10. However, I'm concerned about the future of the platform. While I've had nothing but great experiences so far, I have concerns about how they've been pushing that cloud solution in the last year and a half. I feel like they're going to pressure us to move to the cloud even though they're not mature enough in the cloud. Rather than create a cloud-native version, they've migrated their on-premise solution to the cloud, but they don't allow cloud customers to access the backend, which I recommend all the time as an on-premise user. Instead, you have to submit a support ticket and have their support do things on your behalf, which delays your ability to work with the tool. Furthermore, they may not be willing to make the modifications you want because it would affect their ability to impact the solution consistently. CyberArk designed the on-premise version to be incredibly flexible, and I have never found a use case where I can't do the work I want to do. Their cloud model discards a lot of that flexibility, which is where I see a lot of value, so I have concerns about the future of the tool. Also, I'd like to point out that service account management is incredibly hard, particularly in a company that's been around for a while. Any company looking to adopt service account management needs to know that it's not as easy as vendors make it sound. Many things don't work right out of the box, so the most important lesson we've learned is to calibrate the expectations of senior management when it comes to service account management because it is a lot harder than anybody thinks. You're likely to break things in the process of trying to manage these accounts.
CyberArk is a good technology partner. They help us a lot with maintenance and our security process management. I don't have experience in the cloud using CyberArk. However, for on-premises environments, it works very well. I recommend it. I would rate the solution as a nine out of 10.
This is a complete package that has a lot of the capabilities you would want in this type of solution but it is very expensive. I rate CyberArk PAS a seven out of ten.
Overall, on a scale from one to ten, I would give CyberArk PAS a rating of ten.
I recommend this product.
I would recommend CyberArk solution even for small customers, who have critical application and internet presence in their business. The licensing model support to start with even 5 privilege users, this really helps. We haven't experience Idaptive ( Identity Saas ) solution yet, however, it looks promising I would rate CyberArk PAS a ten out of ten. They are sharp focused on privilege access security for more than 21 years. This highly remarkable.
For those who are interested in using this product, you have to know your requirements and compare them with CyberArk to see if it is suitable for them and fits their budget. I would rate this solution a nine out of ten.
We're just users of the solution. We're customers. We aren't resellers or consultants. We don't have a business relationship with the solution. I'm using the latest version of the solution. I'd recommend the product to others. Overall, we've been mostly happy with the solution. I'd rate it at an eight out of ten so far.
Hard to implement and to get acceptance from the users and management. But when installed the solution is rock solid.
I'd never ever rate anything a 10. I'd probably never rate anything a one. I'd rate CyberArk as 7.5 out of 10. We actually did surveys of all the people that saw all the demos of all the new solutions we looked at. CyberArk was a seven or eight consistently, from all the people who watched it. The benefit of it is it's stable, it's old-school, it just works. The downside is that it's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers. Those are the highs and lows. It could be amazing if it all ran in the cloud, but that wouldn't be possible. I started as a PAM engineer eight years ago. Learning PAM and understanding how it protects people and being the liaison who needs to take passwords away from engineers is really tough. But it put me in a good spot. I grew from a PAM engineer to an identity engineer to identity team lead to identity manager. Within the last year-and-a-half, I came into this company because of a PAM role. They hired me as an identity manager because I knew PAM and because I had a relationship; I was working on bringing CyberArk in as part of my previous role and they wanted me to come in and do that same evaluation here. So knowing CyberArk got me my job and, within three months, they said, "We don't need just one team like this doing these assessments. We need multiple teams. So you're an associate director." I said, "Thanks, I don't want to do that. I just want to play with PAM."
We use the solution with AWS. In fact, we set up a custom setup for AWS. We worked with the CyberArk engineering team to get it working, to come up with a custom solution to integrate our AWS EC2 instances. There were some limitations, as I mentioned earlier, with how the product integrates with AWS, so we had to make some major changes to how the integration works. As far as monitoring is concerned, it's standard CyberArk monitoring. We don't see anything specific to AWS, as far as the monitoring is concerned. This is the one place where CyberArk can improve. Privileged access management is one part of IM. Anything that goes through has to get approved through the IM team, and our product of choice for privilege access is CyberArk. When we decided to go to the cloud, this was the natural choice because this was the product that the enterprise uses. We've had challenges. We've had to customize the product to meet our requirements. It might not be the same for every customer because our requirements are a little unique. But it eventually worked out. We've been able to meet most of our use cases. CyberArk is an eight out of 10. It can do a lot. But there is definitely scope for improvement. I come from the IM world, but I was more into access management. CyberArk was just one of those products which was thrust on me. Now I'm head of privileged access management, so CyberArk has been pretty good for me, going from the access management space to privileged access management. It's definitely had an impact on my career.
I would rate CyberArk an eight point five on a scale of one to 10 because it has done everything that we have asked of it. There is a bit of a learning curve, but it's a pretty complex solution. They do have ways to make it easier, but it's easy to fall down the rabbit hole when you're going into a deep dive. However, if you follow the trail, you will find some pretty cool stuff.
CyberArk continues to innovate, as they refine strategies based on industry research and trends in the cyber security landscape, and incorporate the necessary updates to both their roadmaps as well as their product sets. The creation of the customer implementation roadmap, acquisition of Conjur for DEVOPS and the development of Alero to address 3rd party secured access, are examples of product innovation to address emerging risks within the industry. I would rate CyberArk 8 our of 10; although I do remain impressed with their existing set of product offerings, their cyber security roadmap & strategy, and their overall corporate philosophy, I do feel it is necessary for them to ensure they remain vigilant and maintain pace with an evolving cyber industry. Significant disruption in the technology industry brought on by advancements in Machine Learning / AI, commoditization of cyber attack tools, and rapid deployment of IoT based technologies, summon the need to ensure companies do not become complacent in the agility of their security tools. I have several passions. One of the passions I've always had is in organizational transformation and leadership. A second is really around the space for identity and access management. CyberArk has allowed me to continue, even after I've retired from the industry after 35 years, to still live that passion through their customers. I've been given the opportunity to provide some keynotes around organizational transformation. It's an exciting industry to be in and CyberArk has allowed me the benefit of still continuing to enjoy that experience.
We are currently on version 9.10. We would like to upgrade to the latest version sometime this year. There is currently a CyberArk Security Bulleting CA19-09 that addresses potential administrative manipulations within the PVWA and the Digital Vault. CyberArk has released patch 9.10.4 to address the PVWA and they are working on releasing a patch for the Vault Server.