CyberArk Endpoint Privilege Manager Reviews

Day-to-day, normally when administrative access is required for a user, they have a UAC prompt that comes up and they have to click yes or no. When we whitelist an application, it automatically elevates, so it's one less click for the user. It's improving efficiency and it's making it easier for them, at the end of the day.

The tool has great functionality in reducing risk in the environment, especially if an endpoint is compromised. It reduces pass-the-hash and same-account harvesting. And if something were to happen, we would be able to report on that right away and let the SOC know.

In terms of removing local admin credentials on the endpoint and the effect on the size of the attack surface in our organization, it has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know.

We have also been able to reduce the number of local admins. We originally scoped out to only have a certain number of licenses for the software and we have reduced it significantly from what we thought we would need, purely based on a policy perspective and who actually really needs some administrative access.

With conventional local administrative access, you have no insight into how users are using that access. With Endpoint Privilege Manager, we have the ability to see how they're using that and then lock down things that aren't appropriate or are not allowed in our company.

At scale, in an enterprise environment, it's very easy to start installing agents on multiple workstations. So if we need to deploy to several thousand more workstations, we will have the ability to do that.

So far, there are a lot of integrations we are using. We are sending logs to a SIEM. We are working with AD to make sure that we are provisioning roles properly at that point. That's where we've left it.

If we look at the Privilege Management Inbox, we get a lot of information on what's happening right then and now. But if we would able to filter it down based on a role group or an AD group to say, "Give me all the actions run by this specific AD group," it would be very easy to scope out access for different roles.

Overall, the ability on the endpoint is very good for the user. It can be used online and offline. As for the administrative console, there's room for improvement and that is something we've already escalated. We've worked with the R&D teams to address those issues.

Scaling is easy. If you want to put it out on more endpoints, if you need thousands of more workstations, it's very easy to do. CyberArk has easy guidelines on how you should be sizing your infrastructure.  

Overall, I would rate technical support at seven out of 10. We have had some major issues with the tool, but we have worked with the R&D teams and we have worked with support. There is room for improvement, especially on response times. But they're working on it and they're doing the best they can.

We did not have a previous solution. However, we knew that there is a large attack surface in the event that we were to be compromised or fished. We knew that there was a vulnerability and we said, "Okay, we want to get it in front of this so we're not Equifax or CapitalOne or something like that."

It was a pretty straightforward setup. CyberArk does support the documentation for it. We did customize it a little bit more for high-availability. If a server were to go down, we can automatically switch. So overall, it's quite easy to set up, but you can always customize a little bit more.

I don't think I could quantify ROI, to be honest. Reducing risk is always something that is going to cost you. But when it comes to share price, stock price, etc., if a breach were to occur that would have huge implications.

If you're going to implement Endpoint Privilege Manager, don't just give everybody EPM and think you're done with it. Spend the time, engineer it, think about it from a project perspective, and deploy it with the concept of least privilege. Really spend the time to make sure it's deployed correctly and all the processes are established so it's smooth sailing from there on in.

Overall, I would rate this product at 8.5 out of 10. The product does exactly what we need it to do. However, we do need a little bit more action and response time with regards to support.

In terms of the effect working with CyberArk has had on my career, it has really put my name on the map with regards to the whole CSO world and IT security, as well as from our company-wide, holistic perspective. People come to me; they know me as the person who will solve problems. Usually, things are very difficult, but at the end of the day, we'll find a solution and implement it. From that perspective, it's giving me a lot more opportunities.

Our primary use case for this solution is to manage enterprise passwords and monitor session connections.

Prior to using this solution, we did not know where our accounts were being created. The DNS scanning is a very good tool that allows us to manage existing accounts.

While I find all of the features valuable, one of them that stands out is the DNS scanning. This provides information with respect to the locations of accounts that are created. We then get an overview of the location information. 

What I would really like to see improved is the AIM (Application Identity Manager). I think that it could be simpler to use, and much more straight forward.

In terms of additional features, I cannot think of any that I would like to see implemented at the moment.

I find the product to be very stable.

This product is very, very scalable. Currently we have about one hundred users, and we have plans to increase the usage.

I found the technical support to be good. They are always available and ready to answer questions and provide support.

No, beyond evaluating other solutions we did not use a different one.

I found the initial setup to be quite complex. You really have to pay attention to detail during the process, because any mistake will render the installation and setup useless.

For an experienced system implementer it will take approximately one day. However, for somebody who is inexperienced it may take up to five days.

Once the deployment is complete, no staff is required for maintaining the solution. Everything is pretty much straight forward.

We take care of the implementation for our customers.

We have indeed seen a return on investment with this solution. I cannot put a monetary value on it, but it is valuable information that we are protecting. If it were to be leaked then it would result in damage to reputation, as well as a loss in confidence.

As I am the technical contact for this product, I do not have direct knowledge of the pricing. However, I can say that the licensing for this solution is based on the number of APV (privileged users), and the number of sessions that you want to record.

Yes, we evaluated three other products before choosing this one. They were Security from CA, BeyondTrust, and ObserveIT.

This is the number one product for privilege account security.

I suggest getting the best help available when it comes time to implement and deploy this solution. Once this is complete, everything else will fall into place.

I would rate this product eight out of ten. It is very good, but there is always room for improvement.

It has removed the need for the local admin.

It identifies the original source, and all instances of malicious applications in the environment.

Some technical admins create crazy rules, which allow the staff to run anything they want. Currently I'm reviewing our Viewfinity rules and I have noticed different kinds of rules, such as permitting any installation from "download folder." I would suggest that Viewfinity add a new feature which refuses these rules.

I've used it for four years.

There have been no issues with the deployment.

There have been no issues with its stability.

There have been no issues with the scalability.

9/10

8/10

It was complex to introduction the product to the end-users and the technical team.

We have better product management, review, and the training of our admins.

We're comparing Viewfinity to Bit9.

Keep the product managed by specialists and create global rules.

The solution's pricing could be better.

I have been working with the solution for about six years.

The solution's technical support is good. We have a team of qualified and certified support engineers.

The solution's initial setup process is straightforward.

It is an expensive solution.

I rate the solution a seven out of ten.

We use the solution as a Privilege Access Manager to manage user's passwords. 

I am impressed with the product's seamless integration. The PAM wallet and enterprise password wallet are good also good. 

The tool should be more user-friendly. 

I have been using the product for one year. 

The solution is stable.I would rate it an eight out of ten.

The product is scalable. I would rate it an eight out of ten. There are about 35 users for the solution in my company. The users are mostly sales managers. 

The product's technical support is only average. They need to improve their response time. 

Neutral

I have used ARCON before. It is not as user-friendly compared to CyberArk. CyberArk has got more visibility compared to ARCON. 

The product's setup was complex. I would rate its setup a seven out of ten. The tool's architecture is difficult. The product's deployment takes one to two months to complete. 

The tool is priced high. I would rate its pricing an eight out of ten. 

I would rate the product an eight out of ten. The tool's performance is good. It is an enterprise product. 

There are a lot of companies that have servers that want to monitor their members if they do something that violates their policy.

The most valuable feature of CyberArk Endpoint Privilege Manager is its high performance, it's the best identity security platform. The security is good. It's easy to showcase the feature and capabilities and compare it with other competitors. It competes well with other solutions. Additionally, it is a complete solution.

The solution can be complex to use at times.

CyberArk Endpoint Privilege Manager has a lot of integrated APIs. Some of them are outdated and could be improved.

I have been using CyberArk Endpoint Privilege Manager for approximately one year.

I rate the stability of CyberArk Endpoint Privilege Manager a seven out of ten.

I rate the scalability of CyberArk Endpoint Privilege Manager a seven out of ten.

The support from CyberArk Endpoint Privilege Manager is good.

The initial setup of CyberArk Endpoint Privilege Manager can be complex. It took approximately six hours to complete the installation.

I rate the initial setup of CyberArk Endpoint Privilege Manager a seven out of ten.

The solution requires an annual license to use it. There can be some extra costs in some cases.

I would recommend this solution to others.

I rate CyberArk Endpoint Privilege Manager a nine out of ten.