My recommendation for improvement is to add functionality for when users request access to an application. There's a pop-up UI, but it's not very customizable. I suggest creating a UI where we can write scripts or use SDKs to enhance it. This could automatically create tickets in a system like ServiceNow when users request an application. If a manager approves, we could automatically push policies to those users.
The price of the product is an area of concern where improvements are required. The product's price should be made more flexible. The tool's UI could be better and more user-friendly.
CyberArk Consultant at a tech services company with 11-50 employees
Reseller
Top 20
2024-02-26T15:50:02Z
Feb 26, 2024
The product's threat protection and defense capabilities need enhancement. While there have been significant improvements in recent months, there's still a need for better identification and handling of real threats versus false alarms. It would be beneficial if the product could accurately detect and respond to genuine threats without generating false positives. This would allow organizations to rely more confidently on the product as a complete tool for application control and endpoint protection.
CyberArk meets clients' need very spot-on. It covers everything customers ask for. As for improvements, honestly, the feedback's been really positive. I haven't heard any specific areas that need work.
In terms of improvement, CyberArk Endpoint Privilege Manager can be better by making its UI more consistent. Right now, there is a mix of a new, user-friendly look and an older interface with some functions. This mix can confuse users and affect how smoothly everything works together. Making the interface more uniform would make things easier and more efficient for everyone.
CyberArk has some performance issues. For example, servers could not handle the solution when we first took CyberArk Endpoint Privilege Manager. But to solve the problem, I first examine why the services take so much time to install. After that, I look at where we start the services. After that, if we need any patches there, I'll contact CyberArk. It would be good if, based on an analysis of the user behavior from the logs we collect, we can see if a user has been accessing some other things. We need better reporting tools for those use cases.
Learn what your peers think about CyberArk Endpoint Privilege Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
The solution could improve: User experience and ease of use: The product needs a streamlined user interface; improvements to the user interface can enhance user experience and make the solution more intuitive to navigate. Simplified policy configuration: Making the process of creating and managing policies more user-friendly can lead to better adoption and utilization. Integration and compatibility: Enhanced Integrations, Improving compatibility with a wider range of operating systems, applications, and devices can broaden the solution's scope and effectiveness. API and automation: Expanding API capabilities allows for more seamless integration into existing security workflows and automation processes. Threat intelligence and analytics and advanced threat detection: Incorporating more advanced threat detection mechanisms can help in identifying and mitigating potential security breaches. Analytics and reporting: Robust reporting and analytics features can provide insights into privilege usage, potential vulnerabilities, and overall security posture. Performance and scalability: Enhancements in performance, such as reduced latency and faster policy enforcement, can contribute to a more efficient endpoint management process. Ensuring the solution can handle a large number of endpoints without sacrificing performance is crucial for enterprises of varying sizes.
Enterprise Architect - Information Security at EasyJet
Real User
Top 10
2023-03-17T13:38:03Z
Mar 17, 2023
We've sent requests to CyberArk for improvement. We've had issues around migration surrounding legacy to cloud ADs. The implementation process wasn't as straightforward as we had hoped. They need much better integration with Azure AD. It is expensive; however, it does offer good value compared to the competition.
A major factor for improvement would be the PAS, although they are improving on that part. Basically, the ease of installation and the configurations could be improved upon and are being adjusted. First of all, with a Windows machine, we have to follow very strict procedures for the installation of different components, specifically for Vault. And then you must just keep in mind all the policies that need to be there. In case there is any kind of limitation with respect to any kind of GPO policy being applied, then you have got different issues that you have to deal with it. You have to be very careful and intelligent. Otherwise, the whole platform might come down. They need to add more automation when it comes to onboarding and configurations so that the process is more practical. The installation process is pretty difficult. It's an expensive product.
CyberArk Endpoint Privilege Manager is a perfect solution, but CyberArk Endpoint Privilege Manager for Linux has many issues. One issue I observed while using it is that it needs to synchronize from an agent to a cloud because the agent does not update configurations or settings from the cloud. When I change some settings on the cloud, the changes don't synchronize into the system, and the policies won't come back unless I reinstall all the services. This is an area for improvement in CyberArk Endpoint Privilege Manager. Another area for improvement in CyberArk Endpoint Privilege Manager, specifically for Windows, is that there's no way for you to check credential theft from a text file, such as a notepad file. Suppose I have a text file that contains passwords, for instance. In that case, I'm doing an application configuration that needs a password. CyberArk Endpoint Privilege Manager won't be able to help you locate that file, which means there's still an opportunity for an attacker to look into that text file and steal the passwords. You can leverage the CyberArk Application Access Manager with CyberArk Endpoint Privilege Manager, but that aspect also needs improvement. An additional feature I want to see in CyberArk Endpoint Privilege Manager is XDR, where you can trace how an attack can happen on an endpoint, how traffic was initiated, or if a person tried to access your computer and whether he was denied or allowed. CyberArk Endpoint Privilege Manager should be able to track such activities. The solution should allow you to see a specific event ID and use it to correlate whatever activity the malicious person was trying to do.
It cannot be on-prem. It is only cloud-based. Sometimes, that's a restriction in terms of usage. I want to have the EPM platform on the same platform as PAM. I'd like not to have two different dashboards or two different consoles to manage the endpoint systems. Having a single platform for PAM and for EPM would actually help a lot.
Professional Services Manager at PT Korelasi Persada Indonesia
Real User
2022-07-31T13:35:52Z
Jul 31, 2022
CyberArk Endpoint Privilege Manager is not suitable for the current situation because when you compare it to OTP, OTP is the strongest password solution. You can use it as a one-time password, but you have to log into the password manager itself and if you don't change your password, it will be the weakest link in the security. In OTP, you don't have that weakest link.
Compared to other tools like Linux, this solution isn't as user-friendly. In the next release, CyberArk should add integration with PAM tools, blacklisting and whitelisting for applications, and adaptive MFA.
IT Security Service Specialist at a manufacturing company with 10,001+ employees
Real User
2021-06-30T14:37:14Z
Jun 30, 2021
Performance could be better. We have a couple of problems with CyberArk right now. One of the problems is performance in our environment. Support also takes a long time to respond. If the user already has local admin rights, then I can't collect any events in the console from this device. There are also some options in CyberArk that are not working properly, and are not helpful in this case. I can't collect any information to create a proper policy for the device. I have to investigate everything manually, or even disable the local admin from the device. I can collect the events only after this, and it's very time consuming. In my case, it's a waste of resources.
Network Security & Data Management Admin at Digitaltrack
Real User
Top 5
2021-03-29T18:38:06Z
Mar 29, 2021
Technical support is slow to respond when we run into issues. We haven't really faced too many issues so far. There are some small issues here and there, however, it hasn't been anything major. We've faced some delays in tax reporting. When you're trying to integrate the other products, there are some workarounds which we have to do. We'd like the integration of security to be easier. We expected it to be very easy for the people who are deploying and managing the product, however, that isn't necessarily the case.
Enterprise Architect at a tech services company with 11-50 employees
Real User
2020-10-22T13:37:00Z
Oct 22, 2020
It's an old product and has many areas that can be improved. They are having to purchase Centrify to get a Linux client session that is authenticated against Active Directory. If you wanted to log in and use your ID credentials into Linux boxes, the solution that worked was not CyberArk, it was Centrify. They had to purchase two different products to do the same thing. The interface is not great, but good. In the next release, I would like to see a Linux Client added.
Enterprise Cyber Security Advisor at a energy/utilities company with 5,001-10,000 employees
Real User
2019-12-15T09:11:00Z
Dec 15, 2019
If we look at the Privilege Management Inbox, we get a lot of information on what's happening right then and now. But if we would able to filter it down based on a role group or an AD group to say, "Give me all the actions run by this specific AD group," it would be very easy to scope out access for different roles.
Senior Specialist, Cyber Security Technology at a tech services company with 51-200 employees
Real User
2019-11-18T07:22:00Z
Nov 18, 2019
I know that in earlier versions several windows would pop up for connection to different systems, and admin would prefer to have it in one screen. I believe that the issue has been solved in the latest version and there is now one screen. And the price is always quite high. As an integrator, an additional feature I'd like to see is for the product to include out of the box connectors. We could then speed up implementation, add more logins and so on, it would help speed things up.
Tech Support at a tech services company with 11-50 employees
Real User
2019-03-03T11:30:00Z
Mar 3, 2019
What I would really like to see improved is the AIM (Application Identity Manager). I think that it could be simpler to use, and much more straight forward. In terms of additional features, I cannot think of any that I would like to see implemented at the moment.
CyberArk Endpoint Privilege Manager, a critical and foundational endpoint control addresses the underlying weaknesses of endpoint defenses against a privileged attacker and helps enterprises defend against these attacks through removing local admin rights, enforcing least privilege, and implementing foundational endpoint security controls across all Windows, macOS and Linux endpoints from hybrid to cloud environments.
Click here for a free 30 day trial: CyberArk Endpoint Privilege...
My recommendation for improvement is to add functionality for when users request access to an application. There's a pop-up UI, but it's not very customizable. I suggest creating a UI where we can write scripts or use SDKs to enhance it. This could automatically create tickets in a system like ServiceNow when users request an application. If a manager approves, we could automatically push policies to those users.
The price of the product is an area of concern where improvements are required. The product's price should be made more flexible. The tool's UI could be better and more user-friendly.
The product's threat protection and defense capabilities need enhancement. While there have been significant improvements in recent months, there's still a need for better identification and handling of real threats versus false alarms. It would be beneficial if the product could accurately detect and respond to genuine threats without generating false positives. This would allow organizations to rely more confidently on the product as a complete tool for application control and endpoint protection.
CyberArk meets clients' need very spot-on. It covers everything customers ask for. As for improvements, honestly, the feedback's been really positive. I haven't heard any specific areas that need work.
In terms of improvement, CyberArk Endpoint Privilege Manager can be better by making its UI more consistent. Right now, there is a mix of a new, user-friendly look and an older interface with some functions. This mix can confuse users and affect how smoothly everything works together. Making the interface more uniform would make things easier and more efficient for everyone.
CyberArk has some performance issues. For example, servers could not handle the solution when we first took CyberArk Endpoint Privilege Manager. But to solve the problem, I first examine why the services take so much time to install. After that, I look at where we start the services. After that, if we need any patches there, I'll contact CyberArk. It would be good if, based on an analysis of the user behavior from the logs we collect, we can see if a user has been accessing some other things. We need better reporting tools for those use cases.
The solution could improve: User experience and ease of use: The product needs a streamlined user interface; improvements to the user interface can enhance user experience and make the solution more intuitive to navigate. Simplified policy configuration: Making the process of creating and managing policies more user-friendly can lead to better adoption and utilization. Integration and compatibility: Enhanced Integrations, Improving compatibility with a wider range of operating systems, applications, and devices can broaden the solution's scope and effectiveness. API and automation: Expanding API capabilities allows for more seamless integration into existing security workflows and automation processes. Threat intelligence and analytics and advanced threat detection: Incorporating more advanced threat detection mechanisms can help in identifying and mitigating potential security breaches. Analytics and reporting: Robust reporting and analytics features can provide insights into privilege usage, potential vulnerabilities, and overall security posture. Performance and scalability: Enhancements in performance, such as reduced latency and faster policy enforcement, can contribute to a more efficient endpoint management process. Ensuring the solution can handle a large number of endpoints without sacrificing performance is crucial for enterprises of varying sizes.
The solution's pricing could be better.
The tool should be more user-friendly.
We've sent requests to CyberArk for improvement. We've had issues around migration surrounding legacy to cloud ADs. The implementation process wasn't as straightforward as we had hoped. They need much better integration with Azure AD. It is expensive; however, it does offer good value compared to the competition.
A major factor for improvement would be the PAS, although they are improving on that part. Basically, the ease of installation and the configurations could be improved upon and are being adjusted. First of all, with a Windows machine, we have to follow very strict procedures for the installation of different components, specifically for Vault. And then you must just keep in mind all the policies that need to be there. In case there is any kind of limitation with respect to any kind of GPO policy being applied, then you have got different issues that you have to deal with it. You have to be very careful and intelligent. Otherwise, the whole platform might come down. They need to add more automation when it comes to onboarding and configurations so that the process is more practical. The installation process is pretty difficult. It's an expensive product.
CyberArk Endpoint Privilege Manager is a perfect solution, but CyberArk Endpoint Privilege Manager for Linux has many issues. One issue I observed while using it is that it needs to synchronize from an agent to a cloud because the agent does not update configurations or settings from the cloud. When I change some settings on the cloud, the changes don't synchronize into the system, and the policies won't come back unless I reinstall all the services. This is an area for improvement in CyberArk Endpoint Privilege Manager. Another area for improvement in CyberArk Endpoint Privilege Manager, specifically for Windows, is that there's no way for you to check credential theft from a text file, such as a notepad file. Suppose I have a text file that contains passwords, for instance. In that case, I'm doing an application configuration that needs a password. CyberArk Endpoint Privilege Manager won't be able to help you locate that file, which means there's still an opportunity for an attacker to look into that text file and steal the passwords. You can leverage the CyberArk Application Access Manager with CyberArk Endpoint Privilege Manager, but that aspect also needs improvement. An additional feature I want to see in CyberArk Endpoint Privilege Manager is XDR, where you can trace how an attack can happen on an endpoint, how traffic was initiated, or if a person tried to access your computer and whether he was denied or allowed. CyberArk Endpoint Privilege Manager should be able to track such activities. The solution should allow you to see a specific event ID and use it to correlate whatever activity the malicious person was trying to do.
The price of the solution should improve.
It cannot be on-prem. It is only cloud-based. Sometimes, that's a restriction in terms of usage. I want to have the EPM platform on the same platform as PAM. I'd like not to have two different dashboards or two different consoles to manage the endpoint systems. Having a single platform for PAM and for EPM would actually help a lot.
CyberArk Endpoint Privilege Manager is not suitable for the current situation because when you compare it to OTP, OTP is the strongest password solution. You can use it as a one-time password, but you have to log into the password manager itself and if you don't change your password, it will be the weakest link in the security. In OTP, you don't have that weakest link.
Compared to other tools like Linux, this solution isn't as user-friendly. In the next release, CyberArk should add integration with PAM tools, blacklisting and whitelisting for applications, and adaptive MFA.
Performance could be better. We have a couple of problems with CyberArk right now. One of the problems is performance in our environment. Support also takes a long time to respond. If the user already has local admin rights, then I can't collect any events in the console from this device. There are also some options in CyberArk that are not working properly, and are not helpful in this case. I can't collect any information to create a proper policy for the device. I have to investigate everything manually, or even disable the local admin from the device. I can collect the events only after this, and it's very time consuming. In my case, it's a waste of resources.
Technical support is slow to respond when we run into issues. We haven't really faced too many issues so far. There are some small issues here and there, however, it hasn't been anything major. We've faced some delays in tax reporting. When you're trying to integrate the other products, there are some workarounds which we have to do. We'd like the integration of security to be easier. We expected it to be very easy for the people who are deploying and managing the product, however, that isn't necessarily the case.
It's an old product and has many areas that can be improved. They are having to purchase Centrify to get a Linux client session that is authenticated against Active Directory. If you wanted to log in and use your ID credentials into Linux boxes, the solution that worked was not CyberArk, it was Centrify. They had to purchase two different products to do the same thing. The interface is not great, but good. In the next release, I would like to see a Linux Client added.
If we look at the Privilege Management Inbox, we get a lot of information on what's happening right then and now. But if we would able to filter it down based on a role group or an AD group to say, "Give me all the actions run by this specific AD group," it would be very easy to scope out access for different roles.
I know that in earlier versions several windows would pop up for connection to different systems, and admin would prefer to have it in one screen. I believe that the issue has been solved in the latest version and there is now one screen. And the price is always quite high. As an integrator, an additional feature I'd like to see is for the product to include out of the box connectors. We could then speed up implementation, add more logins and so on, it would help speed things up.
What I would really like to see improved is the AIM (Application Identity Manager). I think that it could be simpler to use, and much more straight forward. In terms of additional features, I cannot think of any that I would like to see implemented at the moment.