The main challenge was integrating with in-house IT and business applications, which are not standard. We needed to create special updates for that kind of integration.
The session monitoring and recording feature is also a good feature feature, but we're currently experiencing an issue with session monitoring not working correctly. We're working with CyberArk to resolve it. We aren't able to view active sessions or historical recordings of sessions. It is complex, which is something I know CyberArk is working on. They're trying to simplify certain administration tasks because a common critique is the level of complexity. But overall, we can do everything we need with it. So, CyberArk could still focus on making it more user-friendly.
The tool's UI has bugs and lags. It needs to be improved. The deployment process can be complex due to multiple components for various functionalities, each requiring separate infrastructure management. To simplify this process, consolidating all these components into a single platform could be beneficial. The product's pricing could be cheaper.
Technical Consultant at a outsourcing company with 51-200 employees
Consultant
Top 20
2023-12-05T15:03:27Z
Dec 5, 2023
CyberArk Enterprise Password Vault's deployment is complex for resources with little experience. Tech support needs to be improved as well based on quality and knowledge.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
Password management for all the endpoints needs improvement. CyberArk can handle password management for Windows, Linux, databases, and network devices. However, there are solutions like Tenable or Skybox, Palo Alto, and other security devices for which we cannot provide password rotations on CyberArk. CyberArk should look into development for those particular plugins. I heard they had developed them, but they are not widely available. So if, for example, a customer requires CPM's password management plugin for Tenable, they need to send a request to CyberArk themselves so that the CyberArk team will then sell it to the customer. It does not come with an implementation license. It's a separate thing that a customer needs to purchase. CyberArk will assign it to that particular customer ID, and that plugin will not be supported for other customers. But those are their business tactics. They will not reveal all their plugins, only the basic ones.
The challenge with the product is pricing since it's expensive. It also needs to improve the customization. We encountered some stability issues as well.
The tool needs to improve its usage and interface. They need to have a modern and useful interface. I want the product to improve its integration capabilities as well since some of the integration features do not work always.
The implementation is hard. For example, the on-prem implementation specifically is really hard to deploy. The solution does not scale well on-premises. This is an expensive product. It's hard to get help from support if you are not certified.
Pre sales Engineer (West Africa) at StarLink - Trusted Security Advisor
Real User
2022-10-12T08:04:04Z
Oct 12, 2022
The architecture needs to be improved. For example, the whole solution can come within a single software bundle instead of the distributed components we have for the on-premise deployments. I think there's room for improvements in that area because the competitors within that space have appliances and software that are just a single software. You don't have to split functionality across several servers like the current deployment.
CyberArk is not friendly in terms of having a Community Edition. It's enterprise software. They could maybe give a Community Edition that you can just play around with and see how the software is. It's a very, very costly app. Therefore, they can definitely give a demo version or some sort of a Community Edition with partial features at least to help potential users understand its capabilities. The initial setup can get complex.
Senior Leader at a financial services firm with 5,001-10,000 employees
Real User
2022-06-16T13:53:42Z
Jun 16, 2022
CyberArk Enterprise Password Vault can improve the distributive vault feature. Distributing the vault in multiple areas and multiple data centers should improve.
Information Security Engineer II at a healthcare company with 1,001-5,000 employees
Real User
2022-03-23T00:30:37Z
Mar 23, 2022
What needs to be improved in CyberArk Enterprise Password Vault is their customer support, because as administrative engineers, since we're not experts in the solution, we have to rely on customer support. Their customer support needs improvement in terms of being responsive and being understanding. They are knowledgeable, but responding and willingness to come and help knowing that it's their tool, rather than relying on the engineers from the customer side, e.g. our side, to do all the technical things. The initial setup and upgrade process for CyberArk Enterprise Password Vault is complex and can only be done by CyberArk, so this is another area for improvement.
Identity and Access Management Analyst at Security Finance Corporation
Real User
2021-09-28T15:52:21Z
Sep 28, 2021
The solution is too complicated to use and should be simplified. It took me a long time to understand how to use it. There is a lot that the solution can improve for the future.
Technical Lead IMSS at a computer software company with 1,001-5,000 employees
Real User
2020-11-23T14:40:53Z
Nov 23, 2020
I don't see any problems because it's highly secure and very flexible. It gives us all types of storage options and it gives us a high level of security. From my experience, overall, I don't see many problems that need to be rectified. The only problem involves granting access to people who are authorized to view it. This user management area is the most critical. We have to constantly check on that area and we have to review and give proper access. Nobody should have more access than they are authorized for.
CyberArk has two disadvantages; the first is that it's insanely expensive and the other is it's very complex. That's the downside because CyberArk was not built organically. It was built systematically. They're not built into the product. You have to shoehorn things in. You have to create programmatic interfaces to make things work, but that's why I said it's the most complex product. CyberArk is still in the model of managing accounts and passwords. When you're logged in as a domain admin, you're leaving footprints everywhere you go. These footprints can be picked up and replicated. So, I think CyberArk is behind the curve in that area. Customers are already having an issue with the cost of CyberArk and then you have to add another $100,000.00 to the bill for other application accounts. I would like to see a more streamlined and built-in programmatic onboarding and offboarding process. Something a little bit less complex than what they're currently doing. The price is the problem and also the architecture can be daunting because CyberArk really strongly encourages having hardware vaults. Most corporations are totally virtualized. I use virtualized vaults on everything including the high availability configuration.
Manager Engineering at a comms service provider with 1,001-5,000 employees
Real User
2020-07-15T07:11:38Z
Jul 15, 2020
The pricing is too expensive and should be reduced. This is our only concern. When a small industry wants to invest in these kinds of tools, they don't have the budget to spend a lot of money on security. If the price were more reasonable then many other small businesses would consider using it. The installation process should be easier and more user-friendly so that you don't need to hire a third party to deploy it. Instead, an in-house administrator could do it.
Security Architect at a financial services firm with 10,001+ employees
Real User
2020-06-25T10:49:31Z
Jun 25, 2020
I would prefer that this is a fully-managed service, rather than have to manage the software ourselves and keep it up to date. A cloud-based deployment would ultimately be better for us than an on-premises appliance.
Identity and Access Management Advisor at a energy/utilities company with 5,001-10,000 employees
Real User
2019-12-15T09:11:00Z
Dec 15, 2019
I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access.
Pre-sales Engineer at StarLink - Trusted Security Advisor
Real User
2019-11-07T10:35:00Z
Nov 7, 2019
The deployment architecture, the ability to locate and change credentials and the stability need to be improved. They need to install or include an appliance-based option, which CyberArk does not have. The technical support can improve on the time that it takes to get a callback. The integration is great but needs to be a bit more user-friendly. Also, a feature with the ability to create password sync. In the next release, I would like to see the following: * Availability on the cloud and the appliance. * More documentation for the setup. * Simplify the deployment. * Continuous operation with this solution. * Simplify the infrastructure for better stability. * Increase the support for applications. * Invest in local on the ground staff in various regions. * The ability to search by the activities, especially for Windows Servers. * Improve the auditing capabilities for their searches.
Consultant at a financial services firm with 5,001-10,000 employees
Real User
2019-11-07T10:35:00Z
Nov 7, 2019
This solution does not support the SQL Developer. We have to purchase separately from CyberArk and we have to ask them to develop it. This solution is a bit complex compared to other solutions. The installation and administration are complex. Some things can be done through the interface, but the whole installation process and upgrade process can be done with the installation script but it's complex. This is too complex for some organizations that do not have a large scale. In the next release, they could simplify the setup and I would like some tasks added like file sharing. When a client connects to CyberArk and wants to put a file on the server, they cannot. I thought that the client would be able to drop a file onto the server and the file would be visible on the server. I have to disable the connection to provide a copy and this is a security issue, and I closed this file to the client then he can't upload and files to us. They need to come up with a way for the client to file share with CyberArk.
The interface and user experience could be improved. In comparison, in Fudo Security, items are very searchable and it's very comfortable to work with. CyberArk is not very good at that. It could be improved and it wouldn't be too complicated to do so. The solution is too big and complex for any business that is small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses.
I think they can add a new feature for the account onboarding like I've seen for another PAM tool: for instance they should give to the CyberArk administrator the chance to upload the accounts via the PVWA using a txt or an xls file.
Works at a pharma/biotech company with 5,001-10,000 employees
Real User
2019-02-14T07:37:00Z
Feb 14, 2019
Some folks would like to have keystroke tracking and some would not. I guess if they could make that an option that might be interesting for certain organizations.
Technologist - Specialty in Identity and Access Management at Sears Technology Services Incorporated
Real User
2018-11-13T21:53:00Z
Nov 13, 2018
* Implementation documentation could use some improvement in a few areas. LDAP integration would be one area. * Providing a way to group accounts by application would be nice.
CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.
CyberArk Privileged Access Manager possesses...
The main challenge was integrating with in-house IT and business applications, which are not standard. We needed to create special updates for that kind of integration.
The session monitoring and recording feature is also a good feature feature, but we're currently experiencing an issue with session monitoring not working correctly. We're working with CyberArk to resolve it. We aren't able to view active sessions or historical recordings of sessions. It is complex, which is something I know CyberArk is working on. They're trying to simplify certain administration tasks because a common critique is the level of complexity. But overall, we can do everything we need with it. So, CyberArk could still focus on making it more user-friendly.
The tool's UI has bugs and lags. It needs to be improved. The deployment process can be complex due to multiple components for various functionalities, each requiring separate infrastructure management. To simplify this process, consolidating all these components into a single platform could be beneficial. The product's pricing could be cheaper.
CyberArk Enterprise Password Vault's deployment is complex for resources with little experience. Tech support needs to be improved as well based on quality and knowledge.
CyberArk Enterprise Password Vault's GUI has certain shortcomings that need improvement.
We require IAM (identify and access management) capability at the administrator level because we need more identification.
Password management for all the endpoints needs improvement. CyberArk can handle password management for Windows, Linux, databases, and network devices. However, there are solutions like Tenable or Skybox, Palo Alto, and other security devices for which we cannot provide password rotations on CyberArk. CyberArk should look into development for those particular plugins. I heard they had developed them, but they are not widely available. So if, for example, a customer requires CPM's password management plugin for Tenable, they need to send a request to CyberArk themselves so that the CyberArk team will then sell it to the customer. It does not come with an implementation license. It's a separate thing that a customer needs to purchase. CyberArk will assign it to that particular customer ID, and that plugin will not be supported for other customers. But those are their business tactics. They will not reveal all their plugins, only the basic ones.
The challenge with the product is pricing since it's expensive. It also needs to improve the customization. We encountered some stability issues as well.
The price is high compared to Azure Key Vault. It's the most expensive solution.
The tool needs to improve its usage and interface. They need to have a modern and useful interface. I want the product to improve its integration capabilities as well since some of the integration features do not work always.
The implementation is hard. For example, the on-prem implementation specifically is really hard to deploy. The solution does not scale well on-premises. This is an expensive product. It's hard to get help from support if you are not certified.
The architecture needs to be improved. For example, the whole solution can come within a single software bundle instead of the distributed components we have for the on-premise deployments. I think there's room for improvements in that area because the competitors within that space have appliances and software that are just a single software. You don't have to split functionality across several servers like the current deployment.
CyberArk is not friendly in terms of having a Community Edition. It's enterprise software. They could maybe give a Community Edition that you can just play around with and see how the software is. It's a very, very costly app. Therefore, they can definitely give a demo version or some sort of a Community Edition with partial features at least to help potential users understand its capabilities. The initial setup can get complex.
CyberArk Enterprise Password Vault can improve the distributive vault feature. Distributing the vault in multiple areas and multiple data centers should improve.
What needs to be improved in CyberArk Enterprise Password Vault is their customer support, because as administrative engineers, since we're not experts in the solution, we have to rely on customer support. Their customer support needs improvement in terms of being responsive and being understanding. They are knowledgeable, but responding and willingness to come and help knowing that it's their tool, rather than relying on the engineers from the customer side, e.g. our side, to do all the technical things. The initial setup and upgrade process for CyberArk Enterprise Password Vault is complex and can only be done by CyberArk, so this is another area for improvement.
With regards to potential improvements for the CyberArk product, I find the product quite expensive and I would like to see the cost reduced.
Upgrading the product is very difficult, so this could be an area for improvement.
There was a situation when one of our presidents had an issue, but I can't recall the specifics.
The installation process could be simplified. I would like to see a simplification of the product.
The solution is too complicated to use and should be simplified. It took me a long time to understand how to use it. There is a lot that the solution can improve for the future.
I would like to see more integration with more tools, for more APIs.
I don't see any problems because it's highly secure and very flexible. It gives us all types of storage options and it gives us a high level of security. From my experience, overall, I don't see many problems that need to be rectified. The only problem involves granting access to people who are authorized to view it. This user management area is the most critical. We have to constantly check on that area and we have to review and give proper access. Nobody should have more access than they are authorized for.
CyberArk has two disadvantages; the first is that it's insanely expensive and the other is it's very complex. That's the downside because CyberArk was not built organically. It was built systematically. They're not built into the product. You have to shoehorn things in. You have to create programmatic interfaces to make things work, but that's why I said it's the most complex product. CyberArk is still in the model of managing accounts and passwords. When you're logged in as a domain admin, you're leaving footprints everywhere you go. These footprints can be picked up and replicated. So, I think CyberArk is behind the curve in that area. Customers are already having an issue with the cost of CyberArk and then you have to add another $100,000.00 to the bill for other application accounts. I would like to see a more streamlined and built-in programmatic onboarding and offboarding process. Something a little bit less complex than what they're currently doing. The price is the problem and also the architecture can be daunting because CyberArk really strongly encourages having hardware vaults. Most corporations are totally virtualized. I use virtualized vaults on everything including the high availability configuration.
The pricing is too expensive and should be reduced. This is our only concern. When a small industry wants to invest in these kinds of tools, they don't have the budget to spend a lot of money on security. If the price were more reasonable then many other small businesses would consider using it. The installation process should be easier and more user-friendly so that you don't need to hire a third party to deploy it. Instead, an in-house administrator could do it.
Having a cloud version would be very helpful. You have to invest a lot of money for the infrastructure hardware so the cloud version would help.
I would prefer that this is a fully-managed service, rather than have to manage the software ourselves and keep it up to date. A cloud-based deployment would ultimately be better for us than an on-premises appliance.
I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access.
The initial setup could be simplified. Right now, in comparison to its nearest competitors, it's quite complex.
The deployment architecture, the ability to locate and change credentials and the stability need to be improved. They need to install or include an appliance-based option, which CyberArk does not have. The technical support can improve on the time that it takes to get a callback. The integration is great but needs to be a bit more user-friendly. Also, a feature with the ability to create password sync. In the next release, I would like to see the following: * Availability on the cloud and the appliance. * More documentation for the setup. * Simplify the deployment. * Continuous operation with this solution. * Simplify the infrastructure for better stability. * Increase the support for applications. * Invest in local on the ground staff in various regions. * The ability to search by the activities, especially for Windows Servers. * Improve the auditing capabilities for their searches.
This solution does not support the SQL Developer. We have to purchase separately from CyberArk and we have to ask them to develop it. This solution is a bit complex compared to other solutions. The installation and administration are complex. Some things can be done through the interface, but the whole installation process and upgrade process can be done with the installation script but it's complex. This is too complex for some organizations that do not have a large scale. In the next release, they could simplify the setup and I would like some tasks added like file sharing. When a client connects to CyberArk and wants to put a file on the server, they cannot. I thought that the client would be able to drop a file onto the server and the file would be visible on the server. I have to disable the connection to provide a copy and this is a security issue, and I closed this file to the client then he can't upload and files to us. They need to come up with a way for the client to file share with CyberArk.
The interface and user experience could be improved. In comparison, in Fudo Security, items are very searchable and it's very comfortable to work with. CyberArk is not very good at that. It could be improved and it wouldn't be too complicated to do so. The solution is too big and complex for any business that is small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses.
I think they can add a new feature for the account onboarding like I've seen for another PAM tool: for instance they should give to the CyberArk administrator the chance to upload the accounts via the PVWA using a txt or an xls file.
Some folks would like to have keystroke tracking and some would not. I guess if they could make that an option that might be interesting for certain organizations.
* Implementation documentation could use some improvement in a few areas. LDAP integration would be one area. * Providing a way to group accounts by application would be nice.
It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.