We performed a comparison between CyberArk Privileged Access Manager, IBM Tivoli Access Manager [EOL], and RSA Identity Governance and Lifecycle based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."
"We are able to know who is accessing what and when; having accountability."
"Their legacy of more than 20 years is very valuable. It brings a lot of stability to the product and a wide variety of integration with the ecosystem. Because of these factors, it has also been very successful in deployment. So, the legacy and integration with other technologies make the PAM platform very stable and strong. In terms of features, most of the other vendors are still focusing just on the privileged access management or session recording, but CyberArk has incorporated artificial intelligence to make PAM a more proactive system. They have implemented threat analytics into this, and there is also a lot of focus on domain controller production, Windows Server protection, and stuff like that. They have also further advanced it with the security on the cloud and DevOps systems. They have a bundle licensing model, which really helps. They don't have a complex licensing model. Even though in our market, people say CyberArk is expensive as compared to some of the other products, but in terms of overall value and as a bundling solution, it is an affordable and highly scalable product."
"The solution is scalable."
"The product is for hardening access and making the organization more secure, therefore reducing chances of a breach."
"Performance-wise, it is excellent."
"With PAM in place, we've experienced a significant reduction in potential security breaches."
"CyberArk is a very stable product and it's a stable product because it has a simple design and a simple architecture that allows you to leverage the economies of scale across the base of your infrastructure that you already have implemented. It doesn't really introduce any new complex pieces of infrastructure that would make it that much more difficult to scale."
"Single Sign-On functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites."
"The Verify feature: A push method which customers are going for."
"OAuth 2 is now the de facto standard for API protection and scoped authorized delegation. IBM TAM now supports OAuth 2 and can act as fully compliant OAuth 2 authorization server."
"SAML 2.0."
"The integration effort with the end application is quite straightforward and easy."
"RSA Identity Governance and lifecycles are good for the access certification and auditing sections."
"The data collection is excellent and easy to do. It does not require a lot of configuration nor does it require rules to be written like other competitors do."
"With the tool in place, you need to hire fewer people to provide access, and you have control over your processes."
"Roles, connectors for provisioning and re-accreditation or reviews help greatly to govern user access."
"The most valuable feature is the security, in particular, the One Time Password support."
"As they grow, the technical support is having growing pains. One of the things is just being able to get somebody on the phone sometimes."
"Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
"In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution. Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations. In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows."
"CyberArk PAM is a very broad product as everyone's requirements for implementation are different. In our particular case, the initial implementation was planned and developed by people who didn't know our specific network requirements, so the initial implementation needed to be tweaked over time. While this is normal, at the time all these "major" changes required CyberArk professional services to come in-plant and "assist" with the changes."
"The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA."
"What could be improved in CyberArk Privileged Access Manager is the licensing model. It should be more flexible in terms of the users. Currently, it's based on the number of users, but many users only log in once in four months or once in five months. It would be great if the licensing model could be modified based on user needs. We even have users who have not logged in even once."
"There is room for improvement in the availability of custom connectors on the marketplace for this solution. Additionally, their services for the CICD pipeline and ease of integration could be improved."
"They need to provide better training for the System Integrator."
"Multi-factor authentication with social integration needs to improve."
"An Amazon Machine Image (AMI) for the newer appliance versions for hosting the virtual appliances on AWS will help."
"The self-service portal needs improvement."
"The profiling element is incredibly robust, but also equally as complex, it requires an off-site course to be able to understand the context or the plethora of options available."
"Looking at their roadmap, they have a broad grasp of the security features which the industry needs."
"RSA Identity Governance and Lifecycle could improve out-of-the-box customization."
"There are scalability issues. This product does not scale very well. It is not a good product for load balancing / active–active architecture."
"Technical support in Pakistan can be improved."
"If you use the appliance version then it won't handle a huge database volume."
"Every connector that you have in the product needs to be custom-built, so there are not a lot of standard connectors available in the product, because of which there are a lot of hidden consultancy costs."
"The user interface and workflow need improvement, and more connectors would help."
"This product is missing a lot of features which other competitors are providing. One of the key features that are missing right now is risk scoring. Additionally, there is not much scope for customization - everything is hard-coded and predefined, so it does not allow the developers to make many modifications."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
More IBM Tivoli Access Manager [EOL] Pricing and Cost Advice →
More RSA Identity Governance and Lifecycle Pricing and Cost Advice →
Earn 20 points