CyberArk Endpoint Privilege Manager OverviewUNIXBusinessApplication

CyberArk Endpoint Privilege Manager is the #8 ranked solution in top Privileged Access Management (PAM) tools. PeerSpot users give CyberArk Endpoint Privilege Manager an average rating of 7.6 out of 10. CyberArk Endpoint Privilege Manager is most commonly compared to Microsoft Defender for Endpoint: CyberArk Endpoint Privilege Manager vs Microsoft Defender for Endpoint. CyberArk Endpoint Privilege Manager is popular among the large enterprise segment, accounting for 70% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
CyberArk Endpoint Privilege Manager Buyer's Guide

Download the CyberArk Endpoint Privilege Manager Buyer's Guide including reviews and more. Updated: November 2022

What is CyberArk Endpoint Privilege Manager?

What is CyberArk Endpoint Privilege Manager?

CyberArk Endpoint Privilege Manager enables organizations to enforce least privilege policies for business and administrative users, as well as control applications to reduce the attack surface on Windows, Mac and Linux platforms. The solution helps organizations revoke everyday local administrator privileges from business users while seamlessly elevating privileges when required by trusted applications. CyberArk Endpoint Privilege Manager also enables security teams to enforce granular least privilege policies for IT administrators, helping organizations effectively segregate duties on Windows and Linux servers. Complementing these privilege controls, the solution also delivers comprehensive protection from credential theft, actively defending operating system, browser and management application credential stores and defusing critical TTPs that routinely enable large-impact breaches. Easy-to-configure anti-ransomware policy prevents malicious data encryption and exfiltration.

CyberArk Endpoint Privilege Manager is 100% SaaS solution. It offers out-of-the-box configurations that can be applied with a single click, instantly closing security gaps and delivering value. It also offers integrations with third-party security solutions, such as SIEMs, identity providers, threat intelligence providers and others.

CyberArk Endpoint Privilege Manager was previously known as Viewfinity.

CyberArk Endpoint Privilege Manager Customers


CyberArk Endpoint Privilege Manager Video

Archived CyberArk Endpoint Privilege Manager Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Enterprise Architect at a tech services company with 11-50 employees
Real User
Supports dynamically-generated keys, it's stable, and has automatic lifecylce management
Pros and Cons
  • "The most valuable feature is that it does lifecycle management and that it will change to whatever the end target is."
  • "It's an old product and has many areas that can be improved."

What is our primary use case?

Because we are dealing with personal health information, we have had to setup up a security broker for admin access in and out of the accounts.

They wanted to have a break-glass solution in case there was a problem with the multi-factor authentication or any other issues.

We chose to use CyberArk for their failover abilities. If the Multi-factor authentication fails then you can still log in and it has a second factor that authenticates.  

It gives them the break glass option that they needed.

What is most valuable?

The most valuable feature is that it does lifecycle management and that it will change to whatever the end target is. For example, you can go into Azure AD, a backup directory, or a set of Google cloud platforms.

It will do lifecycle management on the keys. It makes it so that you won't have to ever have a standard key. 

It's generating dynamically keys and you can enforce policy easier.

As you start adjusting your key lengths and everything further, you can adjust them all in a single day.

What needs improvement?

It's an old product and has many areas that can be improved.

They are having to purchase Centrify to get a Linux client session that is authenticated against Active Directory. 

If you wanted to log in and use your ID credentials into Linux boxes, the solution that worked was not CyberArk, it was Centrify. They had to purchase two different products to do the same thing.

The interface is not great, but good.

In the next release, I would like to see a Linux Client added.

For how long have I used the solution?

I have been using CyberArk Endpoint Privilege Manager, since the early 2000s.

We are using the latest version.

Buyer's Guide
CyberArk Endpoint Privilege Manager
November 2022
Learn what your peers think about CyberArk Endpoint Privilege Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,522 professionals have used our research since 2012.

What do I think about the stability of the solution?

It's a stable solution.

What do I think about the scalability of the solution?

CyberArk Endpoint Privilege Management is scalable.

We have 1200 users in our organization.

How are customer service and support?

Technical support is fine, they are better than what they used to be.

How was the initial setup?

The initial setup is complex because you are dealing with federated credentials across multiple authentication protocols.

What about the implementation team?

We did not use a vendor or reseller. I am there as a consultant.

What's my experience with pricing, setup cost, and licensing?

I think that it was in the range of $200,000  that had to get approved. That may have been for the whole three to five years for the project length.

What other advice do I have?

I basically am trying to drive their digital transformation and do the overall build a mass data network for their data strategy. Building out different APIs and different things. 

Building out a blockchain security framework to allow HIPAA compliance where you can go in at the portability of their data to pull in and out without creating an issue with the payers.

I would recommend this solution depending on what the business needs are. I'm a big proponent for keeping things simple and trying to avoid unneeded complexity.

The company demanded certain things and only wanted to do it one way, and the way they wanted to do is what we got stuck with.

The API mobilities are there, they exist and they are okay, but as a framework and in total is worrisome because it's not a stateless application.

It doesn't appear to be moving forward. It's still a type of software-oriented architecture instead of moving to microservices, where it could be stateless. If it were stateless, and it failed during a password change, you would see it as a failure and go back to the original password.

I think that they have a lot of work to do to get there.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
WarranGrin - PeerSpot reviewer
Enterprise Cyber Security Advisor at a energy/utilities company with 5,001-10,000 employees
Real User
Enables us to see how users use their access and lock down things that aren't appropriate
Pros and Cons
  • "It has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know."
  • "We have had some major issues with the tool, but we have worked with the R&D teams and we have worked with support. There is room for improvement, especially on response times. But they're working on it and they're doing the best they can."

How has it helped my organization?

Day-to-day, normally when administrative access is required for a user, they have a UAC prompt that comes up and they have to click yes or no. When we whitelist an application, it automatically elevates, so it's one less click for the user. It's improving efficiency and it's making it easier for them, at the end of the day.

The tool has great functionality in reducing risk in the environment, especially if an endpoint is compromised. It reduces pass-the-hash and same-account harvesting. And if something were to happen, we would be able to report on that right away and let the SOC know.

In terms of removing local admin credentials on the endpoint and the effect on the size of the attack surface in our organization, it has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know.

We have also been able to reduce the number of local admins. We originally scoped out to only have a certain number of licenses for the software and we have reduced it significantly from what we thought we would need, purely based on a policy perspective and who actually really needs some administrative access.

What is most valuable?

With conventional local administrative access, you have no insight into how users are using that access. With Endpoint Privilege Manager, we have the ability to see how they're using that and then lock down things that aren't appropriate or are not allowed in our company.

At scale, in an enterprise environment, it's very easy to start installing agents on multiple workstations. So if we need to deploy to several thousand more workstations, we will have the ability to do that.

So far, there are a lot of integrations we are using. We are sending logs to a SIEM. We are working with AD to make sure that we are provisioning roles properly at that point. That's where we've left it.

What needs improvement?

If we look at the Privilege Management Inbox, we get a lot of information on what's happening right then and now. But if we would able to filter it down based on a role group or an AD group to say, "Give me all the actions run by this specific AD group," it would be very easy to scope out access for different roles.

What do I think about the stability of the solution?

Overall, the ability on the endpoint is very good for the user. It can be used online and offline. As for the administrative console, there's room for improvement and that is something we've already escalated. We've worked with the R&D teams to address those issues.

What do I think about the scalability of the solution?

Scaling is easy. If you want to put it out on more endpoints, if you need thousands of more workstations, it's very easy to do. CyberArk has easy guidelines on how you should be sizing your infrastructure.  

How are customer service and technical support?

Overall, I would rate technical support at seven out of 10. We have had some major issues with the tool, but we have worked with the R&D teams and we have worked with support. There is room for improvement, especially on response times. But they're working on it and they're doing the best they can.

Which solution did I use previously and why did I switch?

We did not have a previous solution. However, we knew that there is a large attack surface in the event that we were to be compromised or fished. We knew that there was a vulnerability and we said, "Okay, we want to get it in front of this so we're not Equifax or CapitalOne or something like that."

How was the initial setup?

It was a pretty straightforward setup. CyberArk does support the documentation for it. We did customize it a little bit more for high-availability. If a server were to go down, we can automatically switch. So overall, it's quite easy to set up, but you can always customize a little bit more.

What was our ROI?

I don't think I could quantify ROI, to be honest. Reducing risk is always something that is going to cost you. But when it comes to share price, stock price, etc., if a breach were to occur that would have huge implications.

What other advice do I have?

If you're going to implement Endpoint Privilege Manager, don't just give everybody EPM and think you're done with it. Spend the time, engineer it, think about it from a project perspective, and deploy it with the concept of least privilege. Really spend the time to make sure it's deployed correctly and all the processes are established so it's smooth sailing from there on in.

Overall, I would rate this product at 8.5 out of 10. The product does exactly what we need it to do. However, we do need a little bit more action and response time with regards to support.

In terms of the effect working with CyberArk has had on my career, it has really put my name on the map with regards to the whole CSO world and IT security, as well as from our company-wide, holistic perspective. People come to me; they know me as the person who will solve problems. Usually, things are very difficult, but at the end of the day, we'll find a solution and implement it. From that perspective, it's giving me a lot more opportunities.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
CyberArk Endpoint Privilege Manager
November 2022
Learn what your peers think about CyberArk Endpoint Privilege Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,522 professionals have used our research since 2012.
Uchechukwu Ukazu - PeerSpot reviewer
Tech Support at a tech services company with 11-50 employees
Real User
DNS Scanning allows for the reporting of account location information
Pros and Cons
  • "This is the number one product for privilege account security."
  • "For an experienced system implementer it will take approximately one day. However, for somebody who is inexperienced it may take up to five days."

What is our primary use case?

Our primary use case for this solution is to manage enterprise passwords and monitor session connections.

How has it helped my organization?

Prior to using this solution, we did not know where our accounts were being created. The DNS scanning is a very good tool that allows us to manage existing accounts.

What is most valuable?

While I find all of the features valuable, one of them that stands out is the DNS scanning. This provides information with respect to the locations of accounts that are created. We then get an overview of the location information. 

What needs improvement?

What I would really like to see improved is the AIM (Application Identity Manager). I think that it could be simpler to use, and much more straight forward.

In terms of additional features, I cannot think of any that I would like to see implemented at the moment.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

I find the product to be very stable.

What do I think about the scalability of the solution?

This product is very, very scalable. Currently we have about one hundred users, and we have plans to increase the usage.

How are customer service and technical support?

I found the technical support to be good. They are always available and ready to answer questions and provide support.

Which solution did I use previously and why did I switch?

No, beyond evaluating other solutions we did not use a different one.

How was the initial setup?

I found the initial setup to be quite complex. You really have to pay attention to detail during the process, because any mistake will render the installation and setup useless.

For an experienced system implementer it will take approximately one day. However, for somebody who is inexperienced it may take up to five days.

Once the deployment is complete, no staff is required for maintaining the solution. Everything is pretty much straight forward.

What about the implementation team?

We take care of the implementation for our customers.

What was our ROI?

We have indeed seen a return on investment with this solution. I cannot put a monetary value on it, but it is valuable information that we are protecting. If it were to be leaked then it would result in damage to reputation, as well as a loss in confidence.

What's my experience with pricing, setup cost, and licensing?

As I am the technical contact for this product, I do not have direct knowledge of the pricing. However, I can say that the licensing for this solution is based on the number of APV (privileged users), and the number of sessions that you want to record.

Which other solutions did I evaluate?

Yes, we evaluated three other products before choosing this one. They were Security from CA, BeyondTrust, and ObserveIT.

What other advice do I have?

This is the number one product for privilege account security.

I suggest getting the best help available when it comes time to implement and deploy this solution. Once this is complete, everything else will fall into place.

I would rate this product eight out of ten. It is very good, but there is always room for improvement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Vadim Sedletsky - PeerSpot reviewer
Vadim SedletskySr. Product Marketing Manager at CyberArk
Vendor

Thank you for the review!

PeerSpot user
Information Security Senior Engineer at a tech vendor with 10,001+ employees
Vendor
It identifies the original source, and all instances of malicious applications in the environment​​.

Valuable Features

It has removed the need for the local admin.

Improvements to My Organization

It identifies the original source, and all instances of malicious applications in the environment.

Room for Improvement

Some technical admins create crazy rules, which allow the staff to run anything they want. Currently I'm reviewing our Viewfinity rules and I have noticed different kinds of rules, such as permitting any installation from "download folder." I would suggest that Viewfinity add a new feature which refuses these rules.

Use of Solution

I've used it for four years.

Deployment Issues

There have been no issues with the deployment.

Stability Issues

There have been no issues with its stability.

Scalability Issues

There have been no issues with the scalability.

Customer Service and Technical Support

Customer Service:

9/10

Technical Support:

8/10

Initial Setup

It was complex to introduction the product to the end-users and the technical team.

ROI

We have better product management, review, and the training of our admins.

Other Solutions Considered

We're comparing Viewfinity to Bit9.

Other Advice

Keep the product managed by specialists and create global rules.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free CyberArk Endpoint Privilege Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2022
Buyer's Guide
Download our free CyberArk Endpoint Privilege Manager Report and get advice and tips from experienced pros sharing their opinions.