We performed a comparison between CyberArk Privileged Access Manager, Netgate pfSense, and Palo Alto Networks WildFire based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."Ensures accounts are managed according to corporate policies."
"We know when passwords will be expiring so we can force users to change their passwords, as well as requiring specific password requirements for length, complexity, etc."
"The risk of lost password and forbidden access to resources has been drastically reduced which increased the security level for the entire company,"
"It is useful for protecting passwords. If you need to do access security management, you can first use the CyberArk console, and after that, you can connect the firewall interface or firewall command line. Similarly, if you need to do an RDP session, you need to first log in to CyberArk before connecting to the Windows RDP session. This way, the admin doesn't know the password, and that password is changed immediately. To change the password, you first discover the old password in the network, and after that, you can change the password."
"I find value in notifications from CyberArk when passwords fail verification and have other issues."
"It helps our customers in their software requirement imports."
"We utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs."
"What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users."
"Creation of certificates and the facility to administer services are valuable features."
"We like the fact that the product is open-source. It's free to use. There are no costs associated with it."
"The classic features such as content inspection, content protection, and the application-level firewall, are the most important."
"The ability to create a VPN allows me to monitor branch offices from a central location."
"Its scalability is a strong point."
"The solution is very easy to use and configure."
"We generally use it because it's cheap. When we need something more robust we use Barracuda and Sony Wireless Routers. For certain clients, we use pfSense because it's compatible with the VoIP platform."
"I had some outages in the network and we provide services for our company. We sell mobile credits. The terminal gets access to our own server inside the network and if one internet fails, then the other one is still up and we have a back-up link on the devices."
"You have better control because you define apps. You just don't define ports. You define apps, and the apps are monitored in the traffic. It is more specific than the Cisco firewall when it comes to our needs."
"Using WildFire has reduced the number of viruses and the amount of malware that comes into our system, which means that I don't have to rely on the end-users to identify it."
"What I like about Palo Alto is that it is a complete product, with everything in it."
"The reporting feature helps our performance."
"The most valuable feature is the Automatic Verdict, to recognize whether something is a threat, or not."
"The most effective feature of WildFire for threat analysis is its collaboration with other security profiles on our Palo Alto firewall."
"I love the idea of Palo Alto Networks WildFire. It's more geared toward preventing malware. If someone's laptop or phone is malware-infected, the tool prevents it from uploading valuable corporate data outside the corporate network. That's what I love about Palo Alto Networks WildFire. It stops malware in its tracks."
"Remote access is excellent."
"There is a lot of room for improvement in the report section. I also work on other tools, such as Thycotic, which allows you to create customized reports for your organization's needs. In CyberArk, there are limited reports, whereas in Thycotic or some of the other PAM tools, because the database is different, you can customize the report based on your needs through SQL queries."
"The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials."
"Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations."
"There is a bit of a learning curve, but it's a pretty complex solution."
"More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet."
"We found a lot of errors during the initial setup. They should work to improve the implementation experience and to remove errors from the process."
"The support services could act faster when people reach out to resolve issues."
"We need a bit more education for our user community because they are not using it to its capabilities."
"We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up."
"There is more demand for UTMs than a simple firewall. pfSense should support real-time features for handling the latest viruses and threats. It should support real-time checks and real-time status of threats. Some other vendors, such as Fortinet, already offer this type of capability. Such capability will be good for bringing pfSense at the same level as other solutions."
"I'd like to find something in pfSense that is more specific to URL filtering. We have customers who would like to filter their web traffic. They would like to be able to say to their employees, "You can surf the web, but you cannot get access to Facebook or other social media," or "You can surf the web, but you're not allowed to gamble or watch porn on the web." My technicians say that doing this kind of stuff with pfSense nowadays is not easy. They can implement some filters using IP addresses but not by using the names of the domains and categories. So, we are not able to exclude some categories from the allowed traffic, such as porn, gambling, etc. To do that, we have to use another product and another web filter that uses DNS. I know that there are some third-party products that could work with pfSense, but I'd like the native pfSense solution to do that."
"The usage reports can be better."
"I tried pfSense, and it has a big issue with file system consistency, and this is what drove me to OPNsense. The file system stability is quite a big issue for us. We have a lot of outages related to power issues, and OPNsense is much more stable on this side."
"The solution requires a lot of administration."
"The interface is not very shiny and attractive."
"There could be a way to remote to it through a mobile app. You can always browse through your browser on your mobile phone or tablet, but it would be good to have a dedicated app. I understand that iOS and Android developers are expensive, but there should be a mobile app."
"The cost of this solution could still be improved, in particular, giving product discounts for charitable causes."
"The cyber security visibility and forensics features to receive more information about incidents could improve in Palo Alto Networks WildFire."
"I don't think it needs to improve anything, except maybe the speed to deploy the changes."
"It's not really their problem, it's a problem across the board. There will always be problems with interrupted traffic. We have to set it up where we're playing a middle man game where we're stripping it out, looking at it, and then putting it back together and sending it on its way. That requires CPU cycles. And there's some overhead with that."
"Many years back an update caused an issue with the firewall. However, Palo Alto not only informed us of said issue, they also sent an update that fixed the issue before I even had time to log in to determine if the issue affected our services."
"The product's false positive logs could be more user-friendly to understand. They could provide examples of precious cases to learn."
"As a firewall and 360 degrees of security, there needs to be more maturity."
"The GUI is better in 8.0, but I still feel it lacks the fast response most of us desire. Logs are much quicker."
More CyberArk Privileged Access Manager Pricing and Cost Advice →