Share your experience using TSFactory RecordTS

In the healthcare sector, my use case involves securing privileged accounts across the entire organization. Although this is not specific to any sector, I also work for banking and financial services. As a PAM solution, I secure privileged accounts while provisioning access.

With nine plus years of experience, I can develop and suggest solutions for various infrastructures, install, build, onboard, upgrade, patch, reboot, and maintain backup and restore solutions, as well as handle disaster recovery activities. I address troubleshooting of infrastructure issues and end-user requests, effectively managing onboarding and deboarding, and access provisioning for end-users. This allows me to provide end-to-end support in CyberArk Privileged Access Manager.

CyberArk Privileged Access Manager's best features include password rotation and an excellent monitoring solution, with the additional benefit of monitoring for Enterprise Password Management (EPM) where I provision privileged access.

Delving deeper into the solution reveals many valuable features, but I particularly find password rotation and monitoring capabilities highly effective for auditing purposes. These features restrict users from unauthorized communications outside of CyberArk.

CyberArk Privileged Access Manager has helped reduce privileged accounts in my healthcare organization, where I generate reports for approximately 500,000 accounts. This reporting capability allows me to analyze and restrict based on the reports tab effectively. I note that there are limitations with supporting the pass reporter feature, although I still find it valuable for generating comprehensive account and safe level reports.

CyberArk Privileged Access Manager assists in meeting compliance and regulatory requirements such as HIPAA and SOX, ensuring I adhere to necessary standards in my operations.

CyberArk Privileged Access Manager has room for improvement regarding notifications for service account password rotations. Currently, notifications are sent at the platform level rather than at the account or safe level. I suggest enabling notifications at lower levels to help users and application owners easily identify which specific accounts are due for password rotation.

This would alleviate confusion among multiple application accounts on the platform.

With CyberArk Privileged Access Manager implemented in the healthcare industry, I observe benefits in efficient password rotation for individual and generic accounts. However, there are challenges with service account password rotation. Application teams often do not adhere to standards for rotating service account passwords, fearing failure in their jobs. While the feature exists, the delay in updates can lead to reluctance among teams to use it effectively. This reveals a need for better integration at the application level for immediate password updates.

I have been using CyberArk Privileged Access Manager for nearly nine years.

Regarding stability, I rate it a nine out of ten. After upgrading to version 14.2, I encountered some bugs that the vendor has been diligently working to resolve. Initially, the vendor took time to fix the issues I faced.

Positive

CyberArk Privileged Access Manager is definitely scalable, allowing me to manage increasing demands effectively. I would rate its scalability as a nine.

Positive

Regarding my relationship with the vendor, I am currently a customer. Previously, I was a partner while working in the banking and financial sector, but now in healthcare solutions, I associate as a customer. I reach out to the vendor whenever I encounter issues, seek information, or require assistance with upgrades. I maintain consistent communication on a weekly or biweekly basis through calls, emails, or tickets.

I rate CyberArk's technical support as an eight. The vendor provides solid support when needed.

Positive

The deployment of CyberArk Privileged Access Manager is straightforward, similar to installing any application on a PC. For those familiar with CyberArk, the installation process is very simple. Thoroughness is essential, but it is generally an easy process.

In comparison to other PAM solutions like Delinea and BeyondTrust, I find CyberArk Privileged Access Manager continues to lead in effectiveness. With over nine years of experience, I believe CyberArk is superior in its password rotation capabilities and overall management, despite competitors having similar functionalities under different names.

I recommend CyberArk Privileged Access Manager to small and mid-level organizations needing a PAM solution. I assert that it has been a reliable tool for me for over nine years. Even a proof of concept might be beneficial initially, with an emphasis on understanding the budget aspect. I would rate this product a nine overall.

I find CyberArk to be expensive in general. Many organizations have considered alternatives due to budget constraints, even though CyberArk is a leading product in the PAM industry, recognized for its quality and long-standing presence. However, the high cost can drive some customers away.

Integrating CyberArk Privileged Access Manager with existing EHR systems and healthcare workflows, such as SailPoint, presents challenges. SailPoint integration often hinges on third-party tools, making the process complicated and critical for many organizations. I endeavor to manage this necessity.

In terms of mean time to respond, I acknowledge variable response time. The L1 team is proactive, yet the vendor often pushes to close incidents swiftly, even when issues remain unresolved. This can extend the resolution timeline significantly.

When assessing CyberArk Privileged Access Manager for protecting against ransomware attacks, I find that it effectively isolates components such as the primary vault, DR vault, PVWA, CPM, PSM, and PSMP, ensuring communication is limited to internal only. This isolation prevents any interaction with the external world, including AD, thereby safeguarding my systems. The feature of maintaining a DMZ for the vault, which ensures that attackers cannot reach it, is critical in protecting against ransomware threats targeting Active Directory.

Every infrastructure requires maintenance, including upkeep and patching. I find managing CyberArk Privileged Access Manager's infrastructure is straightforward. It can run effectively in physical or virtual environments, whether on cloud machines or VMware systems. Overall, maintenance is not overly complex.

If deploying in a lab environment, setting up the primary and DR vaults, PVWA, and CPM can usually be completed within one and a half to two hours. Organization-wide implementations may require more time due to necessary approvals and hardware availability, but the actual installation process itself remains swift.

I assess the granular controls provided by CyberArk Privileged Access Manager as robust because they enable tailored access at the individual user level or through AD groups. This includes detailed role definitions such as safe reader, safe auditor, safe approver, and safe manager. As an administrator, I can manage all access. By provisioning least privileged access and allowing users to connect and view their accounts without exposing passwords, I uphold the principle of least privilege at the safe level.

My main use case for Amplitude is user behavior analysis within products.

For user behavior analysis within my products using Amplitude, I can see how users are interacting with the product, specifically how they're using it, splitting them up into different cohorts to find out which users are converting to paid subscribers and which users are not, and identifying the behaviors of those that are converting to paid subscribers to understand the behavior to drive in the overall user base to increase conversion rate.

In addition to user behavior analysis, my main use case with Amplitude includes finding bugs in a system and conducting cohort analysis, using it to AB test feature flags and various features in a product to identify how the subscription rate, or conversion rate, has increased based on different variants, along with sending out surveys to users and analyzing that data, creating audiences of data for advertising purposes and reselling it as well. I have used Amplitude at many different companies as a data or director leader over the last seven years across 10 different products.

The best features of Amplitude are that it's a database with a visualization layer on top of it; at a foundation level, that's what it is. You can do anything with that, and there's a whole toolkit available. One feature worth noting is abnormality detection, which can detect abnormalities in metrics over time and can trigger alerts or emails to notify the necessary parties when an issue arises, such as a spike in users trying to log in but failing, indicating potential failures in the authentication part of the product.

The abnormality detection feature helps my team respond to issues or improve our product by alerting us to critical failures in the application that might otherwise go undetected; while ARM tools may catch more technical failures, some failures are only detectable through user behavior analysis. Amplitude impacts my organization positively as it serves as a central point that allows everyone within the organization to speak the same language of data.

Regarding how Amplitude can be improved, I think that dashboards and charts are ephemeral; people often create dashboards but rarely revisit them, so while a handful of dashboards might survive, the real value lies in the insight derived from them. I believe Amplitude should bypass the whole dashboard approach and proactively surface insights instead.

I have been using Amplitude for seven years.

Amplitude is stable.

Amplitude's scalability is fine; I have millions of active users, tens of millions, with high throughput, and it performs great.

Amplitude customer support is responsive.

Negative

I have used other solutions including Power BI, Heap, Mixpanel, Grafana, Looker, and DataDog.

I have seen a return on investment with Amplitude, saving about 120 man hours per month for a specific report that needs to be created and generating revenue by creating a product where Amplitude is the foundation.

My experience with pricing, setup cost, and licensing involved lots of negotiation, but the setup cost was negligible.

Before choosing Amplitude, I evaluated all the options I just mentioned.

The advice I would give to others considering Amplitude depends on the person; if they know what they're doing, I would suggest doing event-based pricing because it provides more control versus user-based pricing.

I could go down any path, and I understand you may have some script that you want to follow, but if there's something more specific that you're after, then I would have some insight. I have used Amplitude in nearly every way possible, even in ways that they don't advertise because Amplitude doesn't know you can use it that way. I have worked closely with the founders to get features off the ground for Amplitude, and I have alpha tested every feature, or beta tested, whatever you call it, so I know it inside and out. My overall rating for Amplitude is eight out of ten.

Private Cloud

Amazon Web Services (AWS)