Share your experience using CA VM:Secure

In the healthcare sector, my use case involves securing privileged accounts across the entire organization. Although this is not specific to any sector, I also work for banking and financial services. As a PAM solution, I secure privileged accounts while provisioning access.

With nine plus years of experience, I can develop and suggest solutions for various infrastructures, install, build, onboard, upgrade, patch, reboot, and maintain backup and restore solutions, as well as handle disaster recovery activities. I address troubleshooting of infrastructure issues and end-user requests, effectively managing onboarding and deboarding, and access provisioning for end-users. This allows me to provide end-to-end support in CyberArk Privileged Access Manager.

CyberArk Privileged Access Manager's best features include password rotation and an excellent monitoring solution, with the additional benefit of monitoring for Enterprise Password Management (EPM) where I provision privileged access.

Delving deeper into the solution reveals many valuable features, but I particularly find password rotation and monitoring capabilities highly effective for auditing purposes. These features restrict users from unauthorized communications outside of CyberArk.

CyberArk Privileged Access Manager has helped reduce privileged accounts in my healthcare organization, where I generate reports for approximately 500,000 accounts. This reporting capability allows me to analyze and restrict based on the reports tab effectively. I note that there are limitations with supporting the pass reporter feature, although I still find it valuable for generating comprehensive account and safe level reports.

CyberArk Privileged Access Manager assists in meeting compliance and regulatory requirements such as HIPAA and SOX, ensuring I adhere to necessary standards in my operations.

CyberArk Privileged Access Manager has room for improvement regarding notifications for service account password rotations. Currently, notifications are sent at the platform level rather than at the account or safe level. I suggest enabling notifications at lower levels to help users and application owners easily identify which specific accounts are due for password rotation.

This would alleviate confusion among multiple application accounts on the platform.

With CyberArk Privileged Access Manager implemented in the healthcare industry, I observe benefits in efficient password rotation for individual and generic accounts. However, there are challenges with service account password rotation. Application teams often do not adhere to standards for rotating service account passwords, fearing failure in their jobs. While the feature exists, the delay in updates can lead to reluctance among teams to use it effectively. This reveals a need for better integration at the application level for immediate password updates.

I have been using CyberArk Privileged Access Manager for nearly nine years.

Regarding stability, I rate it a nine out of ten. After upgrading to version 14.2, I encountered some bugs that the vendor has been diligently working to resolve. Initially, the vendor took time to fix the issues I faced.

Positive

CyberArk Privileged Access Manager is definitely scalable, allowing me to manage increasing demands effectively. I would rate its scalability as a nine.

Positive

Regarding my relationship with the vendor, I am currently a customer. Previously, I was a partner while working in the banking and financial sector, but now in healthcare solutions, I associate as a customer. I reach out to the vendor whenever I encounter issues, seek information, or require assistance with upgrades. I maintain consistent communication on a weekly or biweekly basis through calls, emails, or tickets.

I rate CyberArk's technical support as an eight. The vendor provides solid support when needed.

Positive

The deployment of CyberArk Privileged Access Manager is straightforward, similar to installing any application on a PC. For those familiar with CyberArk, the installation process is very simple. Thoroughness is essential, but it is generally an easy process.

In comparison to other PAM solutions like Delinea and BeyondTrust, I find CyberArk Privileged Access Manager continues to lead in effectiveness. With over nine years of experience, I believe CyberArk is superior in its password rotation capabilities and overall management, despite competitors having similar functionalities under different names.

I recommend CyberArk Privileged Access Manager to small and mid-level organizations needing a PAM solution. I assert that it has been a reliable tool for me for over nine years. Even a proof of concept might be beneficial initially, with an emphasis on understanding the budget aspect. I would rate this product a nine overall.

I find CyberArk to be expensive in general. Many organizations have considered alternatives due to budget constraints, even though CyberArk is a leading product in the PAM industry, recognized for its quality and long-standing presence. However, the high cost can drive some customers away.

Integrating CyberArk Privileged Access Manager with existing EHR systems and healthcare workflows, such as SailPoint, presents challenges. SailPoint integration often hinges on third-party tools, making the process complicated and critical for many organizations. I endeavor to manage this necessity.

In terms of mean time to respond, I acknowledge variable response time. The L1 team is proactive, yet the vendor often pushes to close incidents swiftly, even when issues remain unresolved. This can extend the resolution timeline significantly.

When assessing CyberArk Privileged Access Manager for protecting against ransomware attacks, I find that it effectively isolates components such as the primary vault, DR vault, PVWA, CPM, PSM, and PSMP, ensuring communication is limited to internal only. This isolation prevents any interaction with the external world, including AD, thereby safeguarding my systems. The feature of maintaining a DMZ for the vault, which ensures that attackers cannot reach it, is critical in protecting against ransomware threats targeting Active Directory.

Every infrastructure requires maintenance, including upkeep and patching. I find managing CyberArk Privileged Access Manager's infrastructure is straightforward. It can run effectively in physical or virtual environments, whether on cloud machines or VMware systems. Overall, maintenance is not overly complex.

If deploying in a lab environment, setting up the primary and DR vaults, PVWA, and CPM can usually be completed within one and a half to two hours. Organization-wide implementations may require more time due to necessary approvals and hardware availability, but the actual installation process itself remains swift.

I assess the granular controls provided by CyberArk Privileged Access Manager as robust because they enable tailored access at the individual user level or through AD groups. This includes detailed role definitions such as safe reader, safe auditor, safe approver, and safe manager. As an administrator, I can manage all access. By provisioning least privileged access and allowing users to connect and view their accounts without exposing passwords, I uphold the principle of least privilege at the safe level.

My use case for CyberArk Privileged Access Manager is that I work as an administrator where I can configure and integrate all those CyberArk Privileged Access Manager components such as PSM, CPM, hardening the CPMs, checking the services of the PVWA and Vaults, and making sure everything is operational. I am responsible for creating safes and managing the accounts. I onboard the accounts on the platform based on their vendor requirement.

We also provide the SIEM integration to check the logs and we are responsible for Splunk integration too, but it is not related to CyberArk Privileged Access Manager. We actually implement all those application logs to Splunk for the dashboard monitoring and the alert-based system through ITSI.

CyberArk Privileged Access Manager has improved how my organization functions as we have 24 PSM servers, four CPM servers, one primary Vault, and one DR Vault. We are in the process of upgrading from version 11.3 to 14.6 and maybe next month, we are going to update our servers.

The best features of CyberArk Privileged Access Manager include that it is normally used for securing passwords because nowadays, most of the breaches happen due to leaking passwords. So we actually manage the passwords in a secured way. In a Vault, there is end-to-end security, with seven layers of security that we are maintaining. That is called session encryption, firewalls, authentication, authorization, and auditing. At the end of the day, we are doing the file encryption. Through this, we are actually managing the passwords in a very secure way. We can explain this architecture to the vendor to convince them to come to CyberArk Privileged Access Manager.

What I appreciate about CyberArk Privileged Access Manager is that it is not only for password security; we can also manage their applications and platforms. Each and every thing, whenever a user is coming to CyberArk Privileged Access Manager or logging in to CyberArk Privileged Access Manager, end-to-end protection will be handled by CyberArk Privileged Access Manager. Whenever they connect to their target servers, each and every thing will be monitored and reviewed by CyberArk Privileged Access Manager administrators such as us. We see whatever incidents happen and whatever is going to happen. Whatever the user does from the target system, we can monitor everything through the PSM servers. We also have PTA, Privileged Threat Analysis. Whenever a user is doing unwanted things such as running unwanted scripts in their target system, the PTA incident automatically closes their target system. For example, if a user is working beyond their scope and is running some scripts, it will show that and raise an incident. We get the tickets and we can monitor it and have a call with the user. We are giving end-to-end security from the user to the platform level.

In CyberArk Privileged Access Manager, I see room for improvement as I am working in the on-premises networks, and now we are also having the cloud-based PAM. So there, everything is maintained by the CyberArk Privileged Access Manager team, and we are only maintaining the PSM servers. So it is already upgraded from the on-premises network to the cloud network. If you ask me what we can implement beyond that, I just need a few minutes to think about what new things, because it is already an end-to-end security on-premises itself. Now, when it comes to PCloud, Privileged Cloud, it is more secure than the on-premises networks because most of the things are handled using the cloud itself. So it is an already upgraded version; we do not need to implement something new. But if you think in that way, we can have a chance to implement our things.

If anything could be improved in CyberArk Privileged Access Manager, I think we could build a small agent AI in my team, we could give access to these logs—the Vault logs, PSM logs, and CPM logs. Whenever the system is going down, the AI will automatically check. If we actually implement agent AI in CyberArk Privileged Access Manager, it will check the logs, and if any errors are coming, it automatically triggers alerts and gives the solution. That is the best improvement I can think of because these days, most things are done by agent AI. So if we also implement this agent AI in CyberArk Privileged Access Manager, we can add more features.

I have been using CyberArk Privileged Access Manager for around three years. I have exactly three years of experience with CyberArk Privileged Access Manager.

I would rate the stability of CyberArk Privileged Access Manager as an eight.

I will rate the scalability of CyberArk Privileged Access Manager as a ten, indicating it is a scalable solution.

I rate the technical support for CyberArk Privileged Access Manager as the main thing in any environment. It can be a production environment such as CyberArk Privileged Access Manager or any production environment with any project. Because of technical support, we have continuous deployment and continuous monitoring. Whenever they are doing their work best, and at that time, when something is going down, they are the first point of contact to check what the issue is. After that, it will come to the developers to check that issue. So I will rate the monitoring team, the operations team, a ten.

Positive

I have used other PAM solutions, and I find that when it comes to CyberArk Privileged Access Manager, it is a company that has a long history of trust with users and vendors, which provides a more secure way of doing things for their platforms and their work. So in my opinion, CyberArk Privileged Access Manager is the best solution we can give to vendors for PAM solutions.

The time it takes to deploy CyberArk Privileged Access Manager is actually based on the architecture of their requirement, such as the number of users, accounts, and the platforms they are onboarding into CyberArk Privileged Access Manager. If it is less than ten users and four platforms, it will take one or two days. If the communication between our servers and the platforms is already good, it will normally take one to two days. If their requirement is more, such as at the platform level where they have both Windows and Linux operating systems and database operating systems and they want to segregate multiple users based on their OS, at that time we just need some time to create the SOPs and we have to proceed based on that requirement.

My team works with CyberArk Privileged Access Manager, and we have 12 members.

My thoughts on the pricing of CyberArk Privileged Access Manager depend entirely on the vendors' requirements. If they want their things to be secure, they have to spend accordingly. We have four types of pricing. Based on their requirement, we will actually propose the pricing to the vendor. If their platforms and accounts are fewer, we can go for the minimal requirement of a PAM solution. And if they want more upgraded servers in their system, we can go for the maximum pricing.

CyberArk Privileged Access Manager solution requires maintenance, and definitely, we are actually doing rotations 24/7 to make sure every system is active 24/7 so a user will not get interrupted when accessing their platforms.

My clients use CyberArk Privileged Access Manager for around 12,000 accounts.

The vendor can contact me if they have any questions or comments about my review.

I'm interested in being a reference for CyberArk Privileged Access Manager.

I definitely recommend CyberArk Privileged Access Manager to other users because it gives more security to their platforms and users to store their passwords and provides end-to-end security. If they do not want to breach their platforms, I would recommend CyberArk Privileged Access Manager 100 to 200 percent to keep it secure. My overall rating for this product is a ten.

On-premises

Other