We have the identity provider for all the authentication processes. However, sometimes, we need access to different applications for customers or clients that are not integrated into the identity provider. For these, we need to store a password to gain access. For example, we use the CyberArk Password Vault for third-party services. This vault needs to be shared with many people in our company. This allows us to store passwords and create privileged access for some users without them needing to know the password. The system inputs the password into the endpoint URLs they use for authentication, but the users never see the password. This is crucial because people may leave the company, posing a high risk. If we had integrated it into the identity provider, we would have policies for active directory users but not for users outside the company. For example, our development teams need to connect to databases, systems, and cloud services during development. The developers don’t get access to third-party services. We use the solution to manage this access. The application being developed and deployed integrates with CyberArk Password Vault services.
In my organization, we are using CyberArk Privileged Access Manager to enhance the security of an organization's critical systems, mainly by securing privileged accounts (e.g. administrator passwords, SSH keys, and API tokens). We are also using Cyber-Ark for access control by ensuring that only authorized personnel can access privileged accounts and sensitive systems. very important for us is also Session Recording and Monitoring. We can record and monitor privileged user sessions in real time for auditing purposes.
CyberSecurity Service Support Specialist at Integrity Partners
User
Top 10
2023-08-22T08:21:00Z
Aug 22, 2023
The primary use case and the most used functionality of CyberArk PAM is managing privileged access (an easy way to pass permissions to specific servers to specific users granularly) and password management (an automated solution that manages password validity, expiration, etc.). PSM gives a possibility to set all connections secure and it is possible to re-trace actions made by users during such sessions. It is a good tool for extending usage to new end targets sometimes even out of the box.
Senior IT Systems Administrator at a financial services firm with 10,001+ employees
Real User
Top 20
2023-08-21T20:45:00Z
Aug 21, 2023
In a large financial institution, CyberArk Privileged Access Management (PAM) plays a pivotal role in ensuring the security and integrity of sensitive financial data. With numerous systems, applications, and databases holding critical client information and transaction data, the institution faced the challenge of managing and protecting privileged accounts effectively. The PAM solution was seamlessly integrated into the existing IT infrastructure. It introduced granular access controls, requiring all employees to log in with standard user accounts, regardless of their role. When a privileged action is required, the PAM system enables the temporary elevation of privileges through just-in-time (JIT) access, granting access only for the necessary time frame. This reduces the window of opportunity for potential cyber threats.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
The solution is used to provide privileged access management to our datacentre environments, for anyone with admin rights with infrastructure or applications within the datacentres. Authentication to the solution in the PVWA (Password Vault Web Access) with onward connectivity via the PSM for Windows (PSM) as well as the PSM for SSH (PSMP). These provide the session isolation, audit, and session recording capabilities that CyberArk offers. The use of Privileged Threat Analytics (PTA) adds more control functionality to the solution.
CyberArk PAM is used to secure passwords and remediate audit findings. CyberArk PAM is used to manage access to passwords, rotating these after use or on a regular basis, and verifying the passwords on the system match what is in the vault on a regular basis. Passwords are managed in this manner on both Linux and Windows servers.
We use the solution for the full automation of tens of thousands of credentials across hundreds of different integrations. Our use case includes Windows, Linux, networks, security, storage, mainframe, and cloud (both Software as a Service and Azure platform based). In addition to the credential rotation, we use credential providers and privileged session management to greatly reduce the use of passwords in the environment. Users authenticate using MFA, Multi-Factor Authentication, and are able to access systems based on Role Bases authentication rules.
Information Technology Specialist (Contract role) at Computacenter
Consultant
Top 20
2023-08-19T18:19:00Z
Aug 19, 2023
We use the solution for privileged access to internal systems and multiple customer environments. We have distributed PSM and CPM components throughout multiple sites and customer domains access over the VPN, with PSM load balancing handled via third-party hardware load balancers. Environment segregation and security are high on the criteria for the implemented solution, however, not at the overall expense of performance. We tend towards providing access to privileged admin applications direct from the PSM servers wherever suitable, yet offload additional workloads to siloed RDS collections if the need arises.
Our primary use case is the scheduled password change management of Windows, Linux, and Cisco privileged local user passwords, as well as providing internal applications using the REST API credentials to access and maintain network elements. Utilizing the CyberArk Password Vault DR implementation, we have a ready resource as a hedge against network issues caused by seasonal hurricanes through having a replicated DR vault in an out-of-state facility.
We currently employ CyberArk Privileged Access Management, which involves extremely complex processes for ensuring the secure management, verification, and guarantee of credentials. Implementing the professional installation tool represents another challenging aspect of this task.
It is a PAM solution, in which we provide privileged access to CyberArk and the users who are using to try to access their devices. They onboard on the CyberArk and then, whenever they need to access the devices, they get access to CyberArk which means they have to log in on CyberArk.
We're in the process of rolling it out. We haven't finished our rollout yet. Most of my co-workers have been doing a lot of hands-on, and I haven't been the one with the most hands-on. We're not in production yet. We're still in tests, but it will give us the ability to manage the privileged accounts. It'll make that a lot easier. One of the things that we've been having trouble with is that we haven't been changing the passwords on our service accounts, for instance, for a long time, because it is so difficult to do. That was one of the main reasons we started down this road. We decided we would also expand out into managing things like the local administrator accounts on our laptops, etc. We've started there with local administrator accounts because it is an easier thing to tackle, rather than doing the service accounts and all of that. We're going to start there, and then we'll move into service accounts, and then we're going to move into administrative accounts that are human-owned rather than service accounts. At this point, we're still dealing with the things related to local administrators. I'm pretty sure we are using its latest version. In terms of deployment, we're split between an on-prem and public cloud setup.
We use CyberArk Privileged Access Manager for our customers who want to monitor and protect the access from the vendor side or the partner side. These customers want to cover external users who want to gain access.
Identity and Access Management Engineer at Wiley Global Technology Pvt. Ltd.
Real User
2022-06-03T15:14:46Z
Jun 3, 2022
We use this solution for the user ADM account onboarding process within our company. If they need server access, we create ADM accounts, and we onboard to CyberArk. We use it also for the password protection process with other products. We can use this as a password wallet, and we create the password rotation in CyberArk. We can grant access, check the system's health, and create policies for users.
Our main use cases for CyberArk Privileged Access Manager are privileged access management and privileged session management. Another use case of the solution is password rotation.
Manager at a financial services firm with 1,001-5,000 employees
Real User
2022-04-27T11:56:40Z
Apr 27, 2022
I am using CyberArk Privileged Access Manager to protect our servers. It can be either a Windows or Linux Server. Additionally, we have some network devices, and databases, such as Oracle and MySQL Server being protected.
It is for the lab. We just onboard all the privileged accounts and then try to make them compliant and provide access to end-users. We are CyberArk administrators, and our responsibility is to onboard the accounts and provide access to end-users so that there is no business impact and the users are able to connect to their target services. I started with version 10.6, and now, the current version of CyberArk is 12.1. It is deployed on-prem, but in my lab, it is my virtual setup.
Consultant at a consultancy with 10,001+ employees
Consultant
2022-03-07T19:12:00Z
Mar 7, 2022
There are many possible use cases, but in general, CyberArk permits users to target machines and rotate their passwords, and to record decisions. It is used to create security through PTA and to forward Vault logs and investigate events. It also enables users to access passwords in dev code without actually knowing the passwords. There are a lot of advantages to CyberArk. As a consultant, I have seen a lot of CyberArk configurations. Sometimes we use the CyberArk Cluster Vaults with one DR. I also worked for a company that used only one vault, without a cluster, but they switched data centers when there was an incident.
The primary use case of CyberArk is controlling privileged access. It is good at providing various privileged access controls. The CyberArk use case can be implemented on various platforms. Password rotation is another key use case. There are many integrations available on the CyberArk Marketplace, plugins and connectors with different technologies to be integrated with CyberArk to achieve this use case. I've had an experience of deploying CyberArk in on-premise and in the cloud.
Security Architect at a tech services company with 1,001-5,000 employees
Real User
2022-01-12T12:29:00Z
Jan 12, 2022
We have clients that ask us to implement CyberArk PAM. There are two kinds: * Greenfield installation and setup. * They already have CyberArk and want to extend their usage to protect different types of accounts and passwords. CyberArk PAM protects privileged accounts and passwords. Privileged account means that those accounts have particular authorization that can span all the features of the system. For example, usually on network devices, they come out out-of-the-box with administrator accounts. Windows has an administrator account built-in so you need to protect that. Also, Active Directory has some accounts, like domain administrators, who can do whatever on the platform. These accounts are used for administration. CyberArk stores and rotates the password/credential. They can rotate SSH keys as well. This protects the attack surface. By way of CyberArk, you can allow sessions, isolation, and recording. The main aim is to protect privileged accounts and their credentials. I started with version 9.7, and now I am working with version 10.10, but the latest version is 12.
Product Owner at a tech services company with 1,001-5,000 employees
Real User
2022-01-10T13:53:00Z
Jan 10, 2022
The major use case for us is to securely release and manage passwords for non-personal accounts. CyberArk provides an automated and unified approach for securing access across environments. It's a work in progress but that is the goal, for us, of implementing CyberArk. We want to provide a unified way to access all environments. We are in transition, like most big companies, into cloud solutions. So this is also something that is being discussed and analyzed. But that, overall, is the mission of CyberArk in our organization.
Information Security Leader at a government with 10,001+ employees
Real User
2021-12-19T18:34:00Z
Dec 19, 2021
We use it to control privileged access within the environment, including domain admins and server admins. We're using the CyberArk Privilege Cloud version, which is the PaaS.
Information Security Administrator at a insurance company with 501-1,000 employees
Real User
2021-12-16T18:49:00Z
Dec 16, 2021
I have been working with CyberArk for the past five years. I do installations, support, and presales. We have installed the CyberArk solution and have been using it as a PAM solution. The main reason for having the solution in place is to isolate and monitor all previous activities that have taken place within the organization. The second thing is to make sure all the previous accounts have been onboarded to the solution and accurately monitored as well as passwords have been managed as per the policies defined. The third thing is to make sure users are unaware of their previous account passwords. Those should be centrally stored and located in one of the solutions where we can manage them per our policy or ask users to raise a request for internal workflows on the solution, in case of any emergencies. The last thing is for managing the service account passwords.
Security Lead at a insurance company with 1,001-5,000 employees
Real User
2021-10-29T13:55:00Z
Oct 29, 2021
CyberArk's Privileged Access Management solution covers a whole range of features, like privileged web access, private vault, privileged session manager rights for a session in isolation, privileged threat analytics for analytics, and private sessions. We also use CyberArk's Application Access Manager, which includes their credential providers, such as agents and run servers. Then there is a central credential provider, which is API-based credential retrieval, and DAP or Conjur. This is more of a DevOps model for credential provisioning. We also have the Central Policy Manager, which rotates the credentials associated with unprivileged or servers accounts. It's a huge environment. Those are all the different functions we use. We initially purchased CyberArk for privileged access manager and session isolation of privileged users. By privileged users, I mean main admins, global admins, and preps like Azure or Office 365. Our initial use case was to manage those users who could drastically impact the environment if their credentials were compromised. After we purchased the product, we had a third party on it. They suggested we also leverage CyberArk as part of the platform for managing service accounts, i.e. go out and proactively rotate credentials that are running or ordering services. That's another kind of big use case that we started implementing a couple of years. It's long work. It is tough to do, there's a lot of cases where it just doesn't work right, but overall it's been pretty valuable.
IT Manager at a financial services firm with 1,001-5,000 employees
Real User
2021-10-16T07:22:00Z
Oct 16, 2021
In our company, CyberArk is used to manage passwords for IP use. We use CyberArk for managing and automatically changing passwords in our managed system and environment. We use it for coding privileged sessions, but we also use another solution for that, and CyberArk is the backup for this. We are using the latest version.
Junior Product Consultant at a tech services company with 501-1,000 employees
Real User
2020-12-08T05:35:26Z
Dec 8, 2020
I primarily use the solution to record any actions taken on specific important targets. It allows management to look at actions and play them back to see what was done within the environment.
Threat Protection Architect at a consumer goods company with 10,001+ employees
Real User
2020-07-08T14:17:00Z
Jul 8, 2020
Our primary use case is to control the technical accounts used in our DevOps environnment. The primary goal was to automate to the maximum all privileged accounts used by applications. It was a big issue because al dev guys were always using the same account/password couple. CyberArk is doing this for them transparently. Through time the scope was extended to all interactive users with the target to avoid them knowing the password. The automated password change was implemented to 99% of all accounts inside the company.
Cyber Security Manager at a hospitality company with 10,001+ employees
Real User
2019-12-15T09:11:00Z
Dec 15, 2019
So far, CyberArk has done everything that we've needed it to. We are growing and moving into the cloud. We have a pretty complex environment. Everything that we've needed it to do in terms of managing our privileged accounts, it has done.
We use this solution for privileged systems access with a high emphasis on security. End users are required to go through a process of being vetted in our NERC environment in order to use the solution. This product has been used by my company for about 5 years now.
CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.
CyberArk Privileged Access Manager possesses...
We have the identity provider for all the authentication processes. However, sometimes, we need access to different applications for customers or clients that are not integrated into the identity provider. For these, we need to store a password to gain access. For example, we use the CyberArk Password Vault for third-party services. This vault needs to be shared with many people in our company. This allows us to store passwords and create privileged access for some users without them needing to know the password. The system inputs the password into the endpoint URLs they use for authentication, but the users never see the password. This is crucial because people may leave the company, posing a high risk. If we had integrated it into the identity provider, we would have policies for active directory users but not for users outside the company. For example, our development teams need to connect to databases, systems, and cloud services during development. The developers don’t get access to third-party services. We use the solution to manage this access. The application being developed and deployed integrates with CyberArk Password Vault services.
We use the solution to provide elevated access for developers. We also use it for controlling access between departments and teams.
CyberArk is a good, profitable, and most valuable solution.
In my organization, we are using CyberArk Privileged Access Manager to enhance the security of an organization's critical systems, mainly by securing privileged accounts (e.g. administrator passwords, SSH keys, and API tokens). We are also using Cyber-Ark for access control by ensuring that only authorized personnel can access privileged accounts and sensitive systems. very important for us is also Session Recording and Monitoring. We can record and monitor privileged user sessions in real time for auditing purposes.
The primary use case and the most used functionality of CyberArk PAM is managing privileged access (an easy way to pass permissions to specific servers to specific users granularly) and password management (an automated solution that manages password validity, expiration, etc.). PSM gives a possibility to set all connections secure and it is possible to re-trace actions made by users during such sessions. It is a good tool for extending usage to new end targets sometimes even out of the box.
In a large financial institution, CyberArk Privileged Access Management (PAM) plays a pivotal role in ensuring the security and integrity of sensitive financial data. With numerous systems, applications, and databases holding critical client information and transaction data, the institution faced the challenge of managing and protecting privileged accounts effectively. The PAM solution was seamlessly integrated into the existing IT infrastructure. It introduced granular access controls, requiring all employees to log in with standard user accounts, regardless of their role. When a privileged action is required, the PAM system enables the temporary elevation of privileges through just-in-time (JIT) access, granting access only for the necessary time frame. This reduces the window of opportunity for potential cyber threats.
The solution is used to provide privileged access management to our datacentre environments, for anyone with admin rights with infrastructure or applications within the datacentres. Authentication to the solution in the PVWA (Password Vault Web Access) with onward connectivity via the PSM for Windows (PSM) as well as the PSM for SSH (PSMP). These provide the session isolation, audit, and session recording capabilities that CyberArk offers. The use of Privileged Threat Analytics (PTA) adds more control functionality to the solution.
CyberArk PAM is used to secure passwords and remediate audit findings. CyberArk PAM is used to manage access to passwords, rotating these after use or on a regular basis, and verifying the passwords on the system match what is in the vault on a regular basis. Passwords are managed in this manner on both Linux and Windows servers.
We use the solution for the full automation of tens of thousands of credentials across hundreds of different integrations. Our use case includes Windows, Linux, networks, security, storage, mainframe, and cloud (both Software as a Service and Azure platform based). In addition to the credential rotation, we use credential providers and privileged session management to greatly reduce the use of passwords in the environment. Users authenticate using MFA, Multi-Factor Authentication, and are able to access systems based on Role Bases authentication rules.
It's a privileged access management tool so it helps in making sure that all privileged accounts are compliant.
We use the solution for privileged access to internal systems and multiple customer environments. We have distributed PSM and CPM components throughout multiple sites and customer domains access over the VPN, with PSM load balancing handled via third-party hardware load balancers. Environment segregation and security are high on the criteria for the implemented solution, however, not at the overall expense of performance. We tend towards providing access to privileged admin applications direct from the PSM servers wherever suitable, yet offload additional workloads to siloed RDS collections if the need arises.
Our primary use case is the scheduled password change management of Windows, Linux, and Cisco privileged local user passwords, as well as providing internal applications using the REST API credentials to access and maintain network elements. Utilizing the CyberArk Password Vault DR implementation, we have a ready resource as a hedge against network issues caused by seasonal hurricanes through having a replicated DR vault in an out-of-state facility.
The main use case is the protection of privileged accounts. We also use it for multi-factor authentication and single sign-on.
We currently employ CyberArk Privileged Access Management, which involves extremely complex processes for ensuring the secure management, verification, and guarantee of credentials. Implementing the professional installation tool represents another challenging aspect of this task.
CyberArk Privileged Access Manager is used for identity and privilege access management.
The primary use case of the solution is mining the credentials on our Windows unique network.
Our primary use case for the solution is to support privileged identities.
The concern on our end was separating the components, including the password storage component, and having everything completely separated.
It is a PAM solution, in which we provide privileged access to CyberArk and the users who are using to try to access their devices. They onboard on the CyberArk and then, whenever they need to access the devices, they get access to CyberArk which means they have to log in on CyberArk.
We are using CyberArk Privileged Access Manager because we have too many accounts and we need to manage them.
We're in the process of rolling it out. We haven't finished our rollout yet. Most of my co-workers have been doing a lot of hands-on, and I haven't been the one with the most hands-on. We're not in production yet. We're still in tests, but it will give us the ability to manage the privileged accounts. It'll make that a lot easier. One of the things that we've been having trouble with is that we haven't been changing the passwords on our service accounts, for instance, for a long time, because it is so difficult to do. That was one of the main reasons we started down this road. We decided we would also expand out into managing things like the local administrator accounts on our laptops, etc. We've started there with local administrator accounts because it is an easier thing to tackle, rather than doing the service accounts and all of that. We're going to start there, and then we'll move into service accounts, and then we're going to move into administrative accounts that are human-owned rather than service accounts. At this point, we're still dealing with the things related to local administrators. I'm pretty sure we are using its latest version. In terms of deployment, we're split between an on-prem and public cloud setup.
CyberArk is for Privileged Access Management, so we secure our privileged accounts using CyberArk.
We use CyberArk Privileged Access Manager for our customers who want to monitor and protect the access from the vendor side or the partner side. These customers want to cover external users who want to gain access.
We use this solution for the user ADM account onboarding process within our company. If they need server access, we create ADM accounts, and we onboard to CyberArk. We use it also for the password protection process with other products. We can use this as a password wallet, and we create the password rotation in CyberArk. We can grant access, check the system's health, and create policies for users.
Our main use cases for CyberArk Privileged Access Manager are privileged access management and privileged session management. Another use case of the solution is password rotation.
I am using CyberArk Privileged Access Manager to protect our servers. It can be either a Windows or Linux Server. Additionally, we have some network devices, and databases, such as Oracle and MySQL Server being protected.
It is for the lab. We just onboard all the privileged accounts and then try to make them compliant and provide access to end-users. We are CyberArk administrators, and our responsibility is to onboard the accounts and provide access to end-users so that there is no business impact and the users are able to connect to their target services. I started with version 10.6, and now, the current version of CyberArk is 12.1. It is deployed on-prem, but in my lab, it is my virtual setup.
There are many possible use cases, but in general, CyberArk permits users to target machines and rotate their passwords, and to record decisions. It is used to create security through PTA and to forward Vault logs and investigate events. It also enables users to access passwords in dev code without actually knowing the passwords. There are a lot of advantages to CyberArk. As a consultant, I have seen a lot of CyberArk configurations. Sometimes we use the CyberArk Cluster Vaults with one DR. I also worked for a company that used only one vault, without a cluster, but they switched data centers when there was an incident.
The primary use case of CyberArk is controlling privileged access. It is good at providing various privileged access controls. The CyberArk use case can be implemented on various platforms. Password rotation is another key use case. There are many integrations available on the CyberArk Marketplace, plugins and connectors with different technologies to be integrated with CyberArk to achieve this use case. I've had an experience of deploying CyberArk in on-premise and in the cloud.
We have clients that ask us to implement CyberArk PAM. There are two kinds: * Greenfield installation and setup. * They already have CyberArk and want to extend their usage to protect different types of accounts and passwords. CyberArk PAM protects privileged accounts and passwords. Privileged account means that those accounts have particular authorization that can span all the features of the system. For example, usually on network devices, they come out out-of-the-box with administrator accounts. Windows has an administrator account built-in so you need to protect that. Also, Active Directory has some accounts, like domain administrators, who can do whatever on the platform. These accounts are used for administration. CyberArk stores and rotates the password/credential. They can rotate SSH keys as well. This protects the attack surface. By way of CyberArk, you can allow sessions, isolation, and recording. The main aim is to protect privileged accounts and their credentials. I started with version 9.7, and now I am working with version 10.10, but the latest version is 12.
The major use case for us is to securely release and manage passwords for non-personal accounts. CyberArk provides an automated and unified approach for securing access across environments. It's a work in progress but that is the goal, for us, of implementing CyberArk. We want to provide a unified way to access all environments. We are in transition, like most big companies, into cloud solutions. So this is also something that is being discussed and analyzed. But that, overall, is the mission of CyberArk in our organization.
We use it to control privileged access within the environment, including domain admins and server admins. We're using the CyberArk Privilege Cloud version, which is the PaaS.
I have been working with CyberArk for the past five years. I do installations, support, and presales. We have installed the CyberArk solution and have been using it as a PAM solution. The main reason for having the solution in place is to isolate and monitor all previous activities that have taken place within the organization. The second thing is to make sure all the previous accounts have been onboarded to the solution and accurately monitored as well as passwords have been managed as per the policies defined. The third thing is to make sure users are unaware of their previous account passwords. Those should be centrally stored and located in one of the solutions where we can manage them per our policy or ask users to raise a request for internal workflows on the solution, in case of any emergencies. The last thing is for managing the service account passwords.
We are mostly rotating passwords and using PSM for remote connections.
CyberArk's Privileged Access Management solution covers a whole range of features, like privileged web access, private vault, privileged session manager rights for a session in isolation, privileged threat analytics for analytics, and private sessions. We also use CyberArk's Application Access Manager, which includes their credential providers, such as agents and run servers. Then there is a central credential provider, which is API-based credential retrieval, and DAP or Conjur. This is more of a DevOps model for credential provisioning. We also have the Central Policy Manager, which rotates the credentials associated with unprivileged or servers accounts. It's a huge environment. Those are all the different functions we use. We initially purchased CyberArk for privileged access manager and session isolation of privileged users. By privileged users, I mean main admins, global admins, and preps like Azure or Office 365. Our initial use case was to manage those users who could drastically impact the environment if their credentials were compromised. After we purchased the product, we had a third party on it. They suggested we also leverage CyberArk as part of the platform for managing service accounts, i.e. go out and proactively rotate credentials that are running or ordering services. That's another kind of big use case that we started implementing a couple of years. It's long work. It is tough to do, there's a lot of cases where it just doesn't work right, but overall it's been pretty valuable.
In our company, CyberArk is used to manage passwords for IP use. We use CyberArk for managing and automatically changing passwords in our managed system and environment. We use it for coding privileged sessions, but we also use another solution for that, and CyberArk is the backup for this. We are using the latest version.
We sell this solution to our partners. We are not currently using the application for our own use — we're consultants.
Our primary use case for this solution is business and client management. Our clients are mostly from the banking sector.
We are a system integrator. We are selling its latest version to customers who are new to PAM or are coming from an older PAM.
I am a consultant. We are in the process of using this in our clients' companies.
I primarily use the solution to record any actions taken on specific important targets. It allows management to look at actions and play them back to see what was done within the environment.
Our primary use case is to control the technical accounts used in our DevOps environnment. The primary goal was to automate to the maximum all privileged accounts used by applications. It was a big issue because al dev guys were always using the same account/password couple. CyberArk is doing this for them transparently. Through time the scope was extended to all interactive users with the target to avoid them knowing the password. The automated password change was implemented to 99% of all accounts inside the company.
So far, CyberArk has done everything that we've needed it to. We are growing and moving into the cloud. We have a pretty complex environment. Everything that we've needed it to do in terms of managing our privileged accounts, it has done.
Managing passwords to infrastructure and applications, keeping those accounts “safe,” and being able to audit their use.
We use this solution for privileged systems access with a high emphasis on security. End users are required to go through a process of being vetted in our NERC environment in order to use the solution. This product has been used by my company for about 5 years now.