We performed a comparison between CyberArk Privileged Access Manager, IBM Tivoli Access Manager [EOL], and Keeper based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."Provides improved security around having your credentials locked down and rotated regularly."
"The established sessions on the target systems are fully isolated and the privileged account credentials are never exposed to the end-users or their client applications and devices."
"If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network."
"When we started with RPA, there was a requirement that every credential and the bots themselves be protected through the PAM system. From the get-go, we've had CyberArk in the middle... We've got a pretty robust RPA implementation with our PAM platform. Users, bots, the credentials — everything is managed via our PAM solution."
"They just released Marketplace, and they are constantly releasing updates to the components and adding new components, like Conjur. This is something that we ran into with Secret Server and DevOps, so it is already scalable, but becoming more so in the future."
"On the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us."
"With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent"
"The risk of lost password and forbidden access to resources has been drastically reduced which increased the security level for the entire company,"
"The Verify feature: A push method which customers are going for."
"SAML 2.0."
"Single Sign-On functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites."
"OAuth 2 is now the de facto standard for API protection and scoped authorized delegation. IBM TAM now supports OAuth 2 and can act as fully compliant OAuth 2 authorization server."
"The integration effort with the end application is quite straightforward and easy."
"The chat support is quick. I have never encountered any problems. On the contrary, they have been very helpful and kind."
"The ability to autofill the login credentials has saved me a lot of time in my day to day computing."
"Possibility to login using the fingerprint sensor on Android/iPhone."
"I like a couple of things about this solution. Being able to share passwords with other people is valuable. You can see if the information is out on the dark web and whether you have weak passwords and the last time they were changed. You could also have the 2FA or MFA codes embedded in the application so that you don't have to use your phone or any other 2FA device, which is something very important."
"It saves us from duplicating passwords for different accounts."
"I like Keeper's mobility and its accessibility."
"I can access my passwords from any Internet connected device."
"It keeps my passwords organized and safe."
"Tech support staff can be more proactive."
"Their post-sale support area requires a big improvement. Customers cannot automate tickets directly with CyberArk. They have to come through the distributor or bring in partners who have access to the support portal. Basically, the support for post-sales implementation is there, but the role of CyberArk is very minimal. Customers have to rely on partners, which sometimes creates issues. Some of the vendors help you during the implementation process, but the CyberArk support team does not do that. They have 24/7 support for our region, but they help only if there is an emergency or there is a problem with their system. If the password vault is down or the system is down, they provide immediate attention. For almost everything else, they take more time to respond. They give low priority to service-related or migration-related questions."
"Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use."
"It's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers."
"When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time."
"This product needs professional consulting services to onboard accounts effectively based user profiles."
"CyberArk PAM is a very broad product as everyone's requirements for implementation are different. In our particular case, the initial implementation was planned and developed by people who didn't know our specific network requirements, so the initial implementation needed to be tweaked over time. While this is normal, at the time all these "major" changes required CyberArk professional services to come in-plant and "assist" with the changes."
"It's hard to find competent resellers/support."
"The profiling element is incredibly robust, but also equally as complex, it requires an off-site course to be able to understand the context or the plethora of options available."
"An Amazon Machine Image (AMI) for the newer appliance versions for hosting the virtual appliances on AWS will help."
"Looking at their roadmap, they have a broad grasp of the security features which the industry needs."
"The self-service portal needs improvement."
"Multi-factor authentication with social integration needs to improve."
"The technical support has no experience."
"I would add a category for personal documents or photos of ID cards."
"Possible offline access to passwords. Therefore, when internet access is unavailable, I can still access my vault."
"Ability to set up password profiles that can predefine custom fields and password complexity."
"Room for improvement in my eyes would be being able to share my credit cards and other types of information. The only thing they really share is passwords, and you can only do it with one password at a time. When you're trying to share it out or trying to remove it from being shared, you can't do multiple selections."
"Search functions are sometimes weird."
"Rearranging folders via drag/drop functionality would be very helpful."
"It would be nice to see this great tool integrate with other tools out there."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
More IBM Tivoli Access Manager [EOL] Pricing and Cost Advice →
Earn 20 points
