Coming October 25: PeerSpot Awards will be announced! Learn more

CyberArk Endpoint Privilege Manager OverviewUNIXBusinessApplication

CyberArk Endpoint Privilege Manager is #8 ranked solution in top Privileged Access Management (PAM) tools. PeerSpot users give CyberArk Endpoint Privilege Manager an average rating of 7.6 out of 10. CyberArk Endpoint Privilege Manager is most commonly compared to BeyondTrust Endpoint Privilege Management: CyberArk Endpoint Privilege Manager vs BeyondTrust Endpoint Privilege Management. CyberArk Endpoint Privilege Manager is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
CyberArk Endpoint Privilege Manager Buyer's Guide

Download the CyberArk Endpoint Privilege Manager Buyer's Guide including reviews and more. Updated: September 2022

What is CyberArk Endpoint Privilege Manager?

CyberArk Endpoint Privilege Manager enables organizations to enforce least privilege policies for business and administrative users, as well as control applications to reduce the attack surface without halting productivity. The solution helps organizations revoke everyday local administrator privileges from business users while seamlessly elevating privileges when required by trusted applications. CyberArk Endpoint Privilege Manager also enables security teams to enforce granular least privilege policies for IT administrators, helping organizations effectively segregate duties on Windows servers. Complementing these privilege controls, the solution also delivers application controls, which are designed to manage and control which applications are permitted to run on endpoints and servers and prevent malicious applications from penetrating the environment.

CyberArk Endpoint Privilege Manager was previously known as Viewfinity.

CyberArk Endpoint Privilege Manager Customers

Clearstream, McKesson, Boston Childrens Hospital

CyberArk Endpoint Privilege Manager Video

Archived CyberArk Endpoint Privilege Manager Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
WarranGrin - PeerSpot reviewer
Enterprise Cyber Security Advisor at a energy/utilities company with 5,001-10,000 employees
Real User
Enables us to see how users use their access and lock down things that aren't appropriate
Pros and Cons
  • "It has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know."
  • "We have had some major issues with the tool, but we have worked with the R&D teams and we have worked with support. There is room for improvement, especially on response times. But they're working on it and they're doing the best they can."

How has it helped my organization?

Day-to-day, normally when administrative access is required for a user, they have a UAC prompt that comes up and they have to click yes or no. When we whitelist an application, it automatically elevates, so it's one less click for the user. It's improving efficiency and it's making it easier for them, at the end of the day.

The tool has great functionality in reducing risk in the environment, especially if an endpoint is compromised. It reduces pass-the-hash and same-account harvesting. And if something were to happen, we would be able to report on that right away and let the SOC know.

In terms of removing local admin credentials on the endpoint and the effect on the size of the attack surface in our organization, it has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know.

We have also been able to reduce the number of local admins. We originally scoped out to only have a certain number of licenses for the software and we have reduced it significantly from what we thought we would need, purely based on a policy perspective and who actually really needs some administrative access.

What is most valuable?

With conventional local administrative access, you have no insight into how users are using that access. With Endpoint Privilege Manager, we have the ability to see how they're using that and then lock down things that aren't appropriate or are not allowed in our company.

At scale, in an enterprise environment, it's very easy to start installing agents on multiple workstations. So if we need to deploy to several thousand more workstations, we will have the ability to do that.

So far, there are a lot of integrations we are using. We are sending logs to a SIEM. We are working with AD to make sure that we are provisioning roles properly at that point. That's where we've left it.

What needs improvement?

If we look at the Privilege Management Inbox, we get a lot of information on what's happening right then and now. But if we would able to filter it down based on a role group or an AD group to say, "Give me all the actions run by this specific AD group," it would be very easy to scope out access for different roles.

What do I think about the stability of the solution?

Overall, the ability on the endpoint is very good for the user. It can be used online and offline. As for the administrative console, there's room for improvement and that is something we've already escalated. We've worked with the R&D teams to address those issues.

Buyer's Guide
CyberArk Endpoint Privilege Manager
September 2022
Learn what your peers think about CyberArk Endpoint Privilege Manager. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.

What do I think about the scalability of the solution?

Scaling is easy. If you want to put it out on more endpoints, if you need thousands of more workstations, it's very easy to do. CyberArk has easy guidelines on how you should be sizing your infrastructure.  

How are customer service and support?

Overall, I would rate technical support at seven out of 10. We have had some major issues with the tool, but we have worked with the R&D teams and we have worked with support. There is room for improvement, especially on response times. But they're working on it and they're doing the best they can.

Which solution did I use previously and why did I switch?

We did not have a previous solution. However, we knew that there is a large attack surface in the event that we were to be compromised or fished. We knew that there was a vulnerability and we said, "Okay, we want to get it in front of this so we're not Equifax or CapitalOne or something like that."

How was the initial setup?

It was a pretty straightforward setup. CyberArk does support the documentation for it. We did customize it a little bit more for high-availability. If a server were to go down, we can automatically switch. So overall, it's quite easy to set up, but you can always customize a little bit more.

What was our ROI?

I don't think I could quantify ROI, to be honest. Reducing risk is always something that is going to cost you. But when it comes to share price, stock price, etc., if a breach were to occur that would have huge implications.

What other advice do I have?

If you're going to implement Endpoint Privilege Manager, don't just give everybody EPM and think you're done with it. Spend the time, engineer it, think about it from a project perspective, and deploy it with the concept of least privilege. Really spend the time to make sure it's deployed correctly and all the processes are established so it's smooth sailing from there on in.

Overall, I would rate this product at 8.5 out of 10. The product does exactly what we need it to do. However, we do need a little bit more action and response time with regards to support.

In terms of the effect working with CyberArk has had on my career, it has really put my name on the map with regards to the whole CSO world and IT security, as well as from our company-wide, holistic perspective. People come to me; they know me as the person who will solve problems. Usually, things are very difficult, but at the end of the day, we'll find a solution and implement it. From that perspective, it's giving me a lot more opportunities.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Uchechukwu Ukazu - PeerSpot reviewer
Tech Support at a tech services company with 11-50 employees
Real User
DNS Scanning allows for the reporting of account location information
Pros and Cons
  • "This is the number one product for privilege account security."
  • "For an experienced system implementer it will take approximately one day. However, for somebody who is inexperienced it may take up to five days."

What is our primary use case?

Our primary use case for this solution is to manage enterprise passwords and monitor session connections.

How has it helped my organization?

Prior to using this solution, we did not know where our accounts were being created. The DNS scanning is a very good tool that allows us to manage existing accounts.

What is most valuable?

While I find all of the features valuable, one of them that stands out is the DNS scanning. This provides information with respect to the locations of accounts that are created. We then get an overview of the location information. 

What needs improvement?

What I would really like to see improved is the AIM (Application Identity Manager). I think that it could be simpler to use, and much more straight forward.

In terms of additional features, I cannot think of any that I would like to see implemented at the moment.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

I find the product to be very stable.

What do I think about the scalability of the solution?

This product is very, very scalable. Currently we have about one hundred users, and we have plans to increase the usage.

How are customer service and technical support?

I found the technical support to be good. They are always available and ready to answer questions and provide support.

Which solution did I use previously and why did I switch?

No, beyond evaluating other solutions we did not use a different one.

How was the initial setup?

I found the initial setup to be quite complex. You really have to pay attention to detail during the process, because any mistake will render the installation and setup useless.

For an experienced system implementer it will take approximately one day. However, for somebody who is inexperienced it may take up to five days.

Once the deployment is complete, no staff is required for maintaining the solution. Everything is pretty much straight forward.

What about the implementation team?

We take care of the implementation for our customers.

What was our ROI?

We have indeed seen a return on investment with this solution. I cannot put a monetary value on it, but it is valuable information that we are protecting. If it were to be leaked then it would result in damage to reputation, as well as a loss in confidence.

What's my experience with pricing, setup cost, and licensing?

As I am the technical contact for this product, I do not have direct knowledge of the pricing. However, I can say that the licensing for this solution is based on the number of APV (privileged users), and the number of sessions that you want to record.

Which other solutions did I evaluate?

Yes, we evaluated three other products before choosing this one. They were Security from CA, BeyondTrust, and ObserveIT.

What other advice do I have?

This is the number one product for privilege account security.

I suggest getting the best help available when it comes time to implement and deploy this solution. Once this is complete, everything else will fall into place.

I would rate this product eight out of ten. It is very good, but there is always room for improvement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Vadim Sedletsky - PeerSpot reviewer
Vadim SedletskySr. Product Marketing Manager at CyberArk
Vendor

Thank you for the review!

Buyer's Guide
CyberArk Endpoint Privilege Manager
September 2022
Learn what your peers think about CyberArk Endpoint Privilege Manager. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.
PeerSpot user
Information Security Senior Engineer at a tech vendor with 10,001+ employees
Vendor
It identifies the original source, and all instances of malicious applications in the environment​​.

Valuable Features

It has removed the need for the local admin.

Improvements to My Organization

It identifies the original source, and all instances of malicious applications in the environment.

Room for Improvement

Some technical admins create crazy rules, which allow the staff to run anything they want. Currently I'm reviewing our Viewfinity rules and I have noticed different kinds of rules, such as permitting any installation from "download folder." I would suggest that Viewfinity add a new feature which refuses these rules.

Use of Solution

I've used it for four years.

Deployment Issues

There have been no issues with the deployment.

Stability Issues

There have been no issues with its stability.

Scalability Issues

There have been no issues with the scalability.

Customer Service and Technical Support

Customer Service:

9/10

Technical Support:

8/10

Initial Setup

It was complex to introduction the product to the end-users and the technical team.

ROI

We have better product management, review, and the training of our admins.

Other Solutions Considered

We're comparing Viewfinity to Bit9.

Other Advice

Keep the product managed by specialists and create global rules.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free CyberArk Endpoint Privilege Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Buyer's Guide
Download our free CyberArk Endpoint Privilege Manager Report and get advice and tips from experienced pros sharing their opinions.