Coming October 25: PeerSpot Awards will be announced! Learn more

CyberArk Enterprise Password Vault OverviewUNIXBusinessApplication

CyberArk Enterprise Password Vault is #3 ranked solution in top Enterprise Password Managers. PeerSpot users give CyberArk Enterprise Password Vault an average rating of 8.2 out of 10. CyberArk Enterprise Password Vault is most commonly compared to Azure Key Vault: CyberArk Enterprise Password Vault vs Azure Key Vault. CyberArk Enterprise Password Vault is popular among the large enterprise segment, accounting for 76% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 20% of all views.
CyberArk Enterprise Password Vault Buyer's Guide

Download the CyberArk Enterprise Password Vault Buyer's Guide including reviews and more. Updated: September 2022

What is CyberArk Enterprise Password Vault?

CyberArk Enterprise Password Vault, a vital component of the CyberArk Privileged Access Manager Solution (PAM), is designed to create, secure, rotate, and control access to privileged accounts and credentials used to access systems throughout an enterprise IT ecosystem. CyberArk Enterprise Password Vault enables enterprise organizations to better understand the scope of their privileged account risks and put controls in place to prevent malicious or inappropriate account or credential access.

CyberArk Enterprise Password Vault uses a Central Policy Manager protocol (CPM) to perform the basic password management functions.

  • Verify Password Task - The CPM will pull the password from the vault and use it to log into the application or device to verify that the password is indeed correct and satisfies all the password safety protocols.
  • Change Password Task - The CPM will pull the password from the vault and create a new password that meets all preset protocols. It will send it to the device or application and then begin the process of changing it, using the same method that might be performed manually. The CPM will then update the password in the vault.
  • Reconcile Password Task - This task is utilized when there is a failure in either the Verify Password Task or the Change Password Task. Using a pre-established reconcile account from the vault, the CPM will use the reconcile account credentials to reset or fix problematic password issues due to changed passwords not being updated properly, new accounts being established, or any other failure with the above tasks.

Enterprise organizations can utilize the easily adaptable policies and protocols to enforce granular privileged access controls, automate workflows, and rotate passwords at prescribed regular intervals without requiring any manual IT effort. Additionally, to satisfy compliance regulations, organizations can easily generate reports to prove that passwords are being changed regularly according to guidelines, meet strict password safety protocols, and report on which users accessed what privileged accounts, when, why, and what device they were using. Enterprise organizations can know at all times that data has remained secure at all times. CyberArk Password Vault will have enterprise organizations audit-ready at all times, keeping them safe and secure from risks while maximizing productivity and profitability.

Reviews from Real Users

Irma S., a program manager at a HR/Recruiting firm, said, "I love how easily we could operate within Password Vault and get things done. It was almost effortless."

Another user, who is a security delivery analyst at a computer software company, relates that CyberArk Password Vault offers, “Good policy configuration and tech support.”



CyberArk Enterprise Password Vault Customers

AstraZeneca, Time, DBS, Novartis, Motorola, BT, pwc, Braun, Deloitte, Williams, Revlon, Belgacom, Barclays

Archived CyberArk Enterprise Password Vault Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
PAM Architect at a tech services company with 11-50 employees
MSP
Top 5Leaderboard
Stable, good support, and secures each password with individual encryption
Pros and Cons
  • "CyberArk probably has probably the best vault on the market because of the multiple layered security and each password getting its own encryption."
  • "CyberArk has two disadvantages; the first is that it's insanely expensive and the other is it's very complex."

What is our primary use case?

I'm an integrator and we identify and provide performance discovery, and we select the best product for our clients.

We have users that are administrators in the environment, and we convert them into a shared account model. Many of the organizations have two accounts. One is a regular user account and the other gives them administrative rights.

CyberArk allows for a higher degree of segregation of duties, although CyberArk itself doesn't do that. You have to have knowledge of role-based access control and least privilege principles. It supports it, but you have to implement it.

There is also service recording, service accounts on Windows Systems, and Linux systems, to rotate their passwords.

You will find service accounts with passwords that are 5,000 to 8,000 days old, but not with CyberArk. It creates a very strong service to prevent attacks. 

When passwords don't change it makes them very vulnerable and allows attackers significant lateral mobility within an organization. It gives them the necessary time to scout the environment and choose what their attack will be, whether it's going to be a ransomware attack or a data exfiltration attack or if it's going to go in to cause defamation to the company like creating a denial of service to clients. Also, hacking their Facebook page or their Twitter page are common attacks.

What is most valuable?

CyberArk probably has probably the best vault on the market because of the multiple layered security and each password getting its own encryption. Each password gets individual encryption. By the time you are able to crack one of the passwords, it's already been changed a dozen times.

The attack surface on a CyberArk Vault is very nominal and in addition, CyberArk also has its own on-staff hackers where companies actually hire them to perform penetration testing, but within, inside the environment.

What needs improvement?

CyberArk has two disadvantages; the first is that it's insanely expensive and the other is it's very complex. 

That's the downside because CyberArk was not built organically. It was built systematically.

They're not built into the product. You have to shoehorn things in. You have to create programmatic interfaces to make things work, but that's why I said it's the most complex product.

CyberArk is still in the model of managing accounts and passwords. When you're logged in as a domain admin, you're leaving footprints everywhere you go. These footprints can be picked up and replicated. So, I think CyberArk is behind the curve in that area.

Customers are already having an issue with the cost of CyberArk and then you have to add another $100,000.00 to the bill for other application accounts.

I would like to see a more streamlined and built-in programmatic onboarding and offboarding process. Something a little bit less complex than what they're currently doing.

The price is the problem and also the architecture can be daunting because CyberArk really strongly encourages having hardware vaults. Most corporations are totally virtualized.

I use virtualized vaults on everything including the high availability configuration.

For how long have I used the solution?

I started using Cyber-Ark Enterprise Password Vault when they were on version five or six, they are now on 11.5 or 11.6. I have been using this solution for a total of 15 years.

Buyer's Guide
CyberArk Enterprise Password Vault
September 2022
Learn what your peers think about CyberArk Enterprise Password Vault. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.

What do I think about the stability of the solution?

CyberArk is very stable.

If there is a problem, or if a problem does occur, unless you know exactly what to do and how to diagnose it, you may not be able to find it because there are so many moving parts. However, a good administrator can usually diagnose a problem fairly rapidly.

They determine the root cause by performing a root cause analysis. Also, you should inform CyberArk because sometimes a fix might be required. CyberArk stopped performing single sign-on.

What do I think about the scalability of the solution?

CyberArk is very scalable. It's one of the things that I love and it's also one of the things that I hate about CyberArk.

For example, it's a standalone vault that is practically uncrackable. If you want to do a password rotation you need to have a central password manager. It's called a CPM.

If you want session recordings you have to have a PSM. They can be run on the same server, but eventually, the performance is going to be an extensive task. 

A CPM is performing verification on passwords continuously, and to start stacking server roles on top of each other. 

If you're a semi-vault in a small environment, with one server running CPM, PSM, and PDWA all on one box, it would be no problem with less than 10 administrators and only 70 servers.

With other small or larger organizations that have hundreds of servers rendering that capability or that flexibility, you would have to have a dedicated CPM and dedicated PDWAs, which is the administrator web interface.

For a medium-sized company where you want to do a session recording for all the administrator access, it will cause a problem. It will require multiple PSM servers and if you don't have a good administrator who documents the build process well, or they don't update it, then the problem shows when you build a new PSM. If they don't add all the applications to it then you're going to get an intermittent error across the low-balanced PFMs, where eight of the ten work, but two of them don't because they didn't install the SFQL agent. It's a very complex program, albeit very scalable.

If you're a multinational corporation, you can have your vault in one location and have PSMs distributed where the systems are in the data centers. Then, the PDWAs and the CPMs would be in the data centers and you would have the PDWAs where the user populations are. Rather than having one single appliance or one single box that does everything, you end up having boxes distributed all over. This means that they have to do synchronization and it works out very well most times.

We have small to large company clients. We have clients that have tens of thousands of administrative accounts and 1000 or so servers, to clients as small as having 70 servers with maybe only 750 to 1500 accounts.

How are customer service and support?

Technical support is awesome!

CyberArk has excellent technical support. They may not be timely. They're not quick, but they're great.

I would rate the technical support a ten out of ten.

You have to follow the ticket creation process, which is in your benefit because you need screenshots and logs to be able to diagnose the problem. If you do that, then CyberArk comes back with some incredible support help and in most times it's something that I would have never been able to figure out because the product is very complex and it has a lot of moving parts.

Which solution did I use previously and why did I switch?

I have not used any other solution previously. CyberArk is what I learned first.

How was the initial setup?

The initial setup was very complex. There are a lot of moving parts. The skillsets for some of the advanced features require administrators to know how to program in specific APIs. 

The complexity to implement is very high. On a scale of one to 10, it's a 9.5.

What's my experience with pricing, setup cost, and licensing?

CyberArk is very expensive and there are additional fees for add-ons.

What other advice do I have?

CyberArk Password Vault is probably the top vault on the market and Thycotic would be a close second.

CyberArk is not always suited for our clients but it is the best solution. Eight out of 10 organizations don't implement it. Just because you know CyberArk doesn't mean you understand it.

The SaaS solution is sound but the on-premises is primarily what I have worked on. I am CyberArk certified. When I started off several years ago, I got my CIS as PE. I was put into a security group in EDS. 

Network admins who work for the company have to be administrators, with high skill levels. 

Before implementing CyberArk, I would say do a very aggressive use case creation of everything that you're expecting the vault to do. The security architecture should be able to create high-level bulleted use cases. Security administration should be able to take it down to the next level of detail.

They will have to add Conjure, which is another license for CyberArk.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Director at a tech services company with 11-50 employees
Reseller
Every aspect of the solution is very well integrated and it is fail-safe
Pros and Cons
  • "Every aspect of the solution is very well integrated, and even that gives comfort. It is a fail-safe kind of environment."
  • "Having a cloud version would be very helpful. You have to invest a lot of money for the infrastructure hardware so the cloud version would help."

What is our primary use case?

There are threats that get opened because of the vulnerability of privileged access that says to directly put it in a vault.

What is most valuable?

Every aspect of the solution is very well integrated, and that gives comfort. It is a fail-safe kind of environment. I think that's the fail-safe feature makes customers comfortable because there are no non-integrable stuff or cures. For example, a vault would have its own anti-virus,  its own application, its own operating system to stay hardened. It is absolutely hardened for it to be protected from the outside world.

What needs improvement?

Having a cloud version would be very helpful. You have to invest a lot of money for the infrastructure hardware so the cloud version would help.

For how long have I used the solution?

My organization has been using this solution for a few years but I joined the company three months back.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

Our clients are large enterprises. It is easy to scale.

How are customer service and technical support?

Our customers contact us for any technical support, but we are able to sort out customer issues to a very large extent. We only had to connect with CyberArk at L-3 level or L-4 level. We are able to address most of our customer's issues. 

I would rate their support a nine out of ten. 

Which solution did I use previously and why did I switch?

We have had customers use a competitive product that CyberArk has replaced but it is not very common. It is not very easy to change your Privileged Access Management framework so easily.

CyberArk is fail-safe, it has a threat intelligence filter, and prevention threat attacks. That sets the product apart from others, and I think the other part is their ability to onboard a maximum number of resources like storage network, security, IoT devices, and RPAs. Its ability to pervasively onboard almost all critical privileges and resources across the organization is where it stands out in a really big way.

How was the initial setup?

I didn't implement it. I don't believe we've had any problems implementing it. I've never heard any issues. I'd say it's neutral.

What's my experience with pricing, setup cost, and licensing?

There are costs in addition to the standard licensing. There is an implementation fee. Those are additional fees and the customer has the annual maintenance, the software, and whole maintenance cost added to that. So there are additional costs besides this standard license.

What other advice do I have?

The most important phase is the discovery phase. Pay the most attention to that. Spend the most amount of time on the discovery phase, which is really the startup planning. The project becomes smoother. Book stricter guidelines on timelines and let there be a senior sponsor part of the project so that you are able to get milestones addressed quickly otherwise, these projects tend to drag longer.

In the next release, I would like to have the cloud option and all of the features that come with it. 

I would rate CyberArk a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Buyer's Guide
CyberArk Enterprise Password Vault
September 2022
Learn what your peers think about CyberArk Enterprise Password Vault. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.
Engineering Manager at a comms service provider with 1,001-5,000 employees
Real User
Superior security, simple to use, and the technical support is good
Pros and Cons
  • "The interface is very simple to use."
  • "The installation process should be easier and more user-friendly so that you don't need to hire a third party to deploy it."

What is our primary use case?

Our primary use of this solution is as a password manager.

What is most valuable?

The interface is very simple to use.

Security-wise, CyberyberArk is better than the other products.

What needs improvement?

The pricing is too expensive and should be reduced. This is our only concern. When a small industry wants to invest in these kinds of tools, they don't have the budget to spend a lot of money on security. If the price were more reasonable then many other small businesses would consider using it.

The installation process should be easier and more user-friendly so that you don't need to hire a third party to deploy it. Instead, an in-house administrator could do it.

For how long have I used the solution?

I have been using this product for the last two years.

What do I think about the stability of the solution?

Over the past two years, I hardly remember us facing any large problems. We have experienced small bugs, but they release patches to fix those.

What do I think about the scalability of the solution?

This is a scalable product. In our company, we have about 100 users, most of which are part of our DevOps team or are administrators.

How are customer service and technical support?

We are satisfied with the technical support.

Which solution did I use previously and why did I switch?

Prior to CyberArk, we were using a Microsoft product, but it didn't fulfill our entire requirement. We adopted this new solution because it met all of our needs.

How was the initial setup?

The initial setup is complex. It took two or three days to complete the deployment.

What about the implementation team?

We implemented this solution with the help of consultants who had experience with it.

What's my experience with pricing, setup cost, and licensing?

This product is very expensive.

Which other solutions did I evaluate?

I have seen demonstrations of similar products by other vendors and what I found was that the security on this solution is better.

What other advice do I have?

Overall, I feel that this is a good product and I recommend it. The only thing that people have to consider is pricing.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Security Architect at a financial services firm with 10,001+ employees
Real User
Easy to set up and gives us the flexibility to grant access when we need it
Pros and Cons
  • "The most valuable feature is the ability to delegate access to admins when they need it."
  • "I would prefer that this is a fully-managed service, rather than have to manage the software ourselves and keep it up to date."

What is our primary use case?

This solution is used primarily for privileged segment access and break-glass access. We also use it for log-on session recording and access control, where we can grant access to our key systems for ad-hoc use.

What is most valuable?

The most valuable feature is the ability to delegate access to admins when they need it. It allows us to have some kind of proof on the approval process, rather than give people standing access on a full-time basis.

What needs improvement?

I would prefer that this is a fully-managed service, rather than have to manage the software ourselves and keep it up to date. A cloud-based deployment would ultimately be better for us than an on-premises appliance.

What do I think about the stability of the solution?

Stability has not been a problem.

What do I think about the scalability of the solution?

We didn't have any issues with scalability, although we only have 30 or 40 systems integrated. There were not tens of thousands.

How are customer service and technical support?

We did not need to contact technical support.

How was the initial setup?

The initial setup was not very hard, although it took a little while to get it set up. The only difficult part is making sure that it is integrated with all of the applications. If you've got Active Directory then it is easy, and pretty straightforward. If instead, you have all local accounts then it can get a lot harder, although I don't think that any other application can improve it if you've got local accounts everywhere.

The actual installation that included getting it up and running was pretty quick, taking only a couple of days. Going through all of the change management and other processes took much longer, on the order of months. The more problems there are with accounts inside the organization, the longer the deployment will take.

What about the implementation team?

Our in-house team was responsible for the deployment.

What's my experience with pricing, setup cost, and licensing?

The price of this solution is expensive.

What other advice do I have?

My advice for anybody who is implementing this product is to get the admins familiar with the setup. They have to learn how to get the process approved, especially in an ad-hoc scenario. The scheduled changes are ok, but the ad-hoc ones can be a little bit problematic if you don't have enough approvals ready to approve access.

If an organization can afford it then the Cyberark Enterprise Password Vault works well.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
BrettZych - PeerSpot reviewer
Identity and Access Management Advisor at a energy/utilities company with 5,001-10,000 employees
Real User
Improves our ability to control, secure, and manage access across the enterprise
Pros and Cons
  • "Service count rotation is probably one of my favorite features... The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now."
  • "I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access."

How has it helped my organization?

It was originally just a glorified KeePass. We scaled it up to an enterprise-wide solution for all our IT support teams. In that way, it improves our ability to control, secure, and manage access across the enterprise for different support teams, whether it be IAM, Exchange, or server admin. It's been a really fantastic growth opportunity for me and for the company.

What is most valuable?

Service count rotation is probably one of my favorite features. Even though we're not using it right now, we're going to be using it in the future. The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now.

The solution's ability to manage all our access requirements at scale is interesting, actually. It does everything we need it to, and it's not a tool that I expected we would be using at this scale, as an enterprise-wide client. A little bit of history on that being that when we first started using it, it was a glorified password vault. It was a store. It was KeePass. So we really scaled it up and it's been a really interesting journey.

What needs improvement?

I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access.

What do I think about the stability of the solution?

Lately, due to an upgrade, it hasn't been as stable as we need it to be, but I don't think that's any fault of the product. I think it's the fault of just infrastructure as a whole.

However, in the past, the product has never been down. It's been incredibly stable. And in terms of interface and usage, it's actually been really stable. There haven't been any bugs or glitches or anything of the sort to impede me from doing my job.

What do I think about the scalability of the solution?

I didn't think we'd be here. However, it's incredibly scalable. We are able to use it in two different environments: one is IT and one is OT. And the scalability, as a whole, has been able to translate to an enterprise-wide process, so it's been really great to see. We're hoping that, should we acquire anything or divest something, it would be that easy to actually deal with it in terms of scalability.

How are customer service and technical support?

Technical support has been good, even great. They have come in and assisted us whenever we had issues. If there was ever an outage, they were already on the phone by the time we needed them. They've been doing a great job helping us out so far.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

What was our ROI?

We have seen ROI. Our adoption rate is way up. More teams are involved in using it. That alone stands as a return on investment when we have more adopters, more people using the tool, more people logging into the tool and utilizing its capabilities.

What other advice do I have?

Use the tool, but communicate with your user base. If you're not going to communicate with your user base, then you're dead in the water already. Don't force this on someone. Work with them in order to use it.

The product has delivered innovation with each update. When I first started, we weren't able to run scans and pull service-account information and reset those service accounts at any endpoint. That, as a whole, as I mentioned earlier, was my favorite feature of the product. That innovation alone is probably one of my favorites, and definitely something that deserves praise.

I would rate the product a nine because nobody gets a 10. It's been a fantastic product and it's been easy to use. The training courses involved have been great, so I would rate it a nine.

I wouldn't say CyberArk has been a huge impact on my career, but it's definitely played a role in helping me advance, in terms of being able to communicate with clients, utilizing my skill sets, both the technical and soft-skill use. It's allowed me to really branch out and see my growth through business liaison.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user1026123 - PeerSpot reviewer
Pre-sales Engineer at StarLink - Trusted Security Advisor
Real User
Storing User Passwords and Credentials, Facilitates auditing by recording activity
Pros and Cons
  • "The most valuable feature is the special management. It records the activity and the actions that we use for auditing."
  • "The stability depends on the infrastructure it is installed on, which is important because CyberArk does not have the hardware appliance."

What is our primary use case?

The primary use case is for storing user passwords and administration credentials.

I am the engineer for a company that sells this solution mostly to financial institutions. 

It is also useful for auditing and securing shared accounts or co-shared accounts.

What is most valuable?

The most valuable feature is the special management. It records the activity and the actions that we use for auditing.

What needs improvement?

The deployment architecture, the ability to locate and change credentials and the stability need to be improved. They need to install or include an appliance-based option, which CyberArk does not have.

The technical support can improve on the time that it takes to get a callback.

The integration is great but needs to be a bit more user-friendly.

Also, a feature with the ability to create password sync.

In the next release, I would like to see the following:

  • Availability on the cloud and the appliance.
  • More documentation for the setup. 
  • Simplify the deployment.
  • Continuous operation with this solution.
  • Simplify the infrastructure for better stability.
  • Increase the support for applications.
  • Invest in local on the ground staff in various regions.
  • The ability to search by the activities, especially for Windows Servers.
  • Improve the auditing capabilities for their searches.

For how long have I used the solution?

I have been using this solution for three years.

What do I think about the stability of the solution?

The stability depends on the infrastructure it is installed on, which is important because CyberArk does not have the hardware appliance.

What do I think about the scalability of the solution?

This solution is scalable. It scales very well, there are no issues.

How are customer service and technical support?

The technical support is good, there are no issues.

They know what to do when you call them, they are competent.

Sometimes they can take too long before getting back to you, which is something that can be improved.

Which solution did I use previously and why did I switch?

Previously I was using Centrify and One Identity. We switched because CyberArk has a lot of strength in my region. Some partners do not want to deploy CyberArk to their customers because they feel it will create competition when it comes to renewal. They don't want the price to be affected.

How was the initial setup?

The initial setup is complex. The architecture needs improvement in the documentation for the setup and the manageability.

If you have everything provided for you, it can take three to four hours to deploy this solution.

What's my experience with pricing, setup cost, and licensing?

I think that it might be cheaper than the other competitors in our region.

What other advice do I have?

I have learned that the deployment can be tricky. Always plan your deployment in phases.

Don't unload all of your privilege credentials at once, otherwise, you have an issue with the passwords. 

Always, have help available on standby when you are deploying this solution to prevent issues.

This solution is quite efficient. You don't always have to have your applications. If you are encrypting the server, you don't need the applications. You are required to do it on your workstation. The server will deliver that to you from the managing pack when you try to implement the sessions.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Consultant at a financial services firm with 5,001-10,000 employees
Consultant
Stable, secured access solution with good flexibility
Pros and Cons
  • "The most valuable feature is that it is flexible. It has many connectors. that have done well, the EPV and SSH sessions are all being recorded and everything works fine."
  • "In the next release, they could simplify the setup and I would like some tasks added like file sharing. When a client connects to CyberArk and wants to put a file on the server, they cannot."

What is our primary use case?

The primary use case of this solution is for third-party developers that come into our infrastructure from VPN to connect. They are organizations that are outside of our organization.

How has it helped my organization?

Before CyberArk, our developers would connect from the VPN directly to the jump servers to get all of their access. We have removed the jump servers to connect to CyberArk.

The security has improved. We know who is accessing and what they are doing. The access is secure. 

CyberArk has increased our security.

What is most valuable?

The most valuable feature is that it is flexible. It has many connectors. that have done well, the EPV and SSH sessions are all being recorded and everything works fine.

What needs improvement?

This solution does not support the SQL Developer. We have to purchase separately from CyberArk and we have to ask them to develop it.

This solution is a bit complex compared to other solutions. The installation and administration are complex.

Some things can be done through the interface, but the whole installation process and upgrade process can be done with the installation script but it's complex.

This is too complex for some organizations that do not have a large scale.

In the next release, they could simplify the setup and I would like some tasks added like file sharing. When a client connects to CyberArk and wants to put a file on the server, they cannot.

I thought that the client would be able to drop a file onto the server and the file would be visible on the server.

I have to disable the connection to provide a copy and this is a security issue, and I closed this file to the client then he can't upload and files to us.

They need to come up with a way for the client to file share with CyberArk.

For how long have I used the solution?

I have been using this solution for six months.

What do I think about the stability of the solution?

This solution is stable. We have not had any issues.

What do I think about the scalability of the solution?

This solution is scalable but pricey.

There are fifty users and they are developers.

How are customer service and technical support?

I have not contacted technical support. I am not an engineer, I work for the bank and I have implemented this solution.

Which solution did I use previously and why did I switch?

Previously we used Fudo and jump servers with OTP. It is not the same, but from a security perspective, it is also quite good and less expensive.

How was the initial setup?

The initial setup is complex.

You need at least one engineer to manage the software. I must have dedicated people to administer it.

What about the implementation team?

We worked with integrators for the installation. The first step was the installation process and the hardening. This process took two weeks to implement.

The migration process was more complex and more time-consuming.

What's my experience with pricing, setup cost, and licensing?

This solution is expensive.

What other advice do I have?

My advice would be to compare with other products and if they don't want such a large solution they could try Fudo or a similar solution that is easier and can scale like CyberArk.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MariuszWalo - PeerSpot reviewer
Presales Engineer/Network Security Technical Consultant at a tech services company with 51-200 employees
Consultant
Good integration, excellent session monitoring and very good password protection
Pros and Cons
  • "Session monitoring is excellent. It may be the solution's most valuable aspect."
  • "The initial setup could be simplified. Right now, in comparison to its nearest competitors, it's quite complex."

What is most valuable?

The solution is very complete. It has the most features on the market.

Session monitoring is excellent. It may be the solution's most valuable aspect.

The solution offers very good password protection.

It offers great integration with many products.

What needs improvement?

The initial setup could be simplified. Right now, in comparison to its nearest competitors, it's quite complex.

For how long have I used the solution?

I've been using the solution for one year.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

The solution is easy to scale.

How are customer service and technical support?

I've never had to reach out to technical support.

How was the initial setup?

The initial setup is complex. You need to install many virtual machines. You must do many configurations. It's not just one machine to another; you'll also have to handle the configuration of independent machines as well.

What's my experience with pricing, setup cost, and licensing?

The price is higher than the competition, but if the customer wants the best product for their company, they won't mind the price.

We have a permanent license. Licensing is based on how man users you have, so the pricing varies according to the size of the company.

What other advice do I have?

We're a partner of CyberArk.

I'd rate the solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
FabioPericoli - PeerSpot reviewer
Director / Engineer at Provincia
Real User
Enables users to connect to a target machine without the need to know the privileged accounts' password
Pros and Cons
  • "Our most valuable features would probably be key rotation, the SKM or SSH key manager, and account discovery."
  • "I think they can improve account onboarding. For instance, you have to use the Password Vault utility, whereas in Thycotic I think there is a feature in the user interface that allows you to upload your account with an Excel file. So I'd like to have a similar thing in CyberArk."

What is our primary use case?

I have worked as a CyberArk SME, team leader, project manager in the financial industry. I've managed both the implementation and configuration of enterprise CyberArk infrastructures.

How has it helped my organization?

As an end-user within the organization, I can't and I don't need to know the passwords of privileged accounts as CyberArk is taking care of the password/SSH Keys management on the target machines. The solution provides this security without changing the end-user experience because they are able to use the end-user tool like putty or remote desktop connection even without passing through the CyberArk interface

What is most valuable?

Our most valuable features would probably be password/key rotation, the SSH key manager, account discovery and quality of video recordings.

What needs improvement?

I think they can add a new feature for the account onboarding like I've seen for another PAM tool: for instance they should give to the CyberArk administrator the chance to upload the accounts via the PVWA using a txt or an xls file.

For how long have I used the solution?

We've been using this solution for five years.

How was the initial setup?

If you don't know the product well, it might not be easy to set up, because CyberArk has several modules. You need to study it before to start to implement this solution. It's not like other PAM tools e.g.Thycotic, which is easy to set up, as it's just a web server with a database.

The deployment itself can take between one and two work weeks. The project, or configuration documents, however, must take more time. You cannot think about the infrastructure in one week. You have to prepare all the documents, understand the infrastructure you want, etc. It's the project management that takes more time.

What other advice do I have?

You have to analyze the target hosts that you have in your organization and understand what is the scope of your project. You have to make a very clear plan for the project and CyberArk infrastructure sizing. Then you have to do a very good job with the project management and collaborate with the privileged accounts stakeholders. With all that in mind, you can go ahead with CyberArk.

Be careful with the configuration. When you make changes and so on, be very careful to understand what you are doing. Plan and test what you are doing in a test environment before switching to production.

I would rate CyberArk as nine out of ten. Ten means that it's the best solution on the market and no one else compares to it.  However, before giving them a ten, they should do something related to the Password Vault utility. Maybe they should add some other features too. For me, it is one of the best tools on the market, so nine is enough for now.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Lead Systems Architect at IT Specialist LLC
Real User
Very good security, good scalability and a recently lowered pricing model
Pros and Cons
  • "Security is the solution's most valuable feature. As far as I know, this solution is the most secure system of this class on the market today, even considering another management system like Fudo Security, which we also use. The integration capabilities are very good; it helps strengthen our overall security."
  • "The solution is too big and complex for any businesses that are small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses."

What is our primary use case?

The primary use case of the solution is to gather privileged accounts from different systems and to contain privileged accounts in one secure place.

What is most valuable?

Security is the solution's most valuable feature. As far as I know, this solution is the most secure system of this class on the market today, even considering another management system like Fudo Security, which we also use. The integration capabilities are very good; it helps strengthen our overall security.

What needs improvement?

The interface and user experience could be improved. In comparison, in Fudo Security, items are very searchable and it's very comfortable to work with. CyberArk is not very good at that. It could be improved and it wouldn't be too complicated to do so. The solution is too big and complex for any business that is small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses.

For how long have I used the solution?

I've been using the solution for five to ten years.

What do I think about the scalability of the solution?

It's an enterprise-level solution. So long as you can afford it, you can scale.

How are customer service and technical support?

I've never had to reach out to technical support.

Which solution did I use previously and why did I switch?

We didn't really use a different solution. We use Fudo Security, but it's not for password management alone. It's more of an all-in-one solution. We still use it; it's cheap and it's a very simple solution in comparison to CyberArk.

How was the initial setup?

The initial setup is okay; I'd rate it seven out of ten in terms of ease of use compared to other solutions.

Many different things during installation are not straightforward. For example, it would be better to make some kind of pre-installed machine or virtual machine or to make it easy to deploy various ISO files. There are competitors that have just one machine and no infrastructure involved. It would also be better if they embedded the license or offered some free options.

Deployment took about a month.

What's my experience with pricing, setup cost, and licensing?

As far as I know, CyberArk changed its pricing policy for our region. Overall it was very expensive a few years ago, but now, just around a year ago, it became less expensive and it's easier for us to sell it.

What other advice do I have?

We use the on-premises deployment model.

In terms of advice, I'd suggest others follow the implementation carefully.

I'd rate the solution eight out of ten. It's not easy to install and it's got too many components which means it's not really suitable for small or medium-sized businesses.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user887514 - PeerSpot reviewer
User at a pharma/biotech company with 5,001-10,000 employees
Real User
Passwords are given out on a case by case basis so users don't need to worry about password sharing
Pros and Cons
  • "Thus far I can say technical support is excellent. We haven't had any issues or difficulties."
  • "To get it to a ten it should give other possibilities to select if you could follow the keystrokes. It should have a flexibility with things where people can use it a lot faster."

What is our primary use case?

Our primary use case of this solution is for elevated access.

How has it helped my organization?

The primary improvement to my organization is the fact that now the users are aware that: one, the work that they do will be recorded and so there will be an audit trail of what has happened; and then, two, we don't have to worry about people sharing passwords because they are given out on a case by case basis.

What is most valuable?

  • Session recording 
  • Password rotation

What needs improvement?

Some folks would like to have keystroke tracking and some would not. I guess if they could make that an option that might be interesting for certain organizations.

For how long have I used the solution?

One to three years.

What do I think about the scalability of the solution?

Scalability and stability are both excellent. We have around 250 users. All individuals with privilege to elevated access will be required to use this after a certain amount of time.

How are customer service and technical support?

Thus far technical support is excellent. We haven't had any issues or difficulties.

How was the initial setup?

The initial setup was pretty straightforward. Deployment took approximately six months. For the deployment, there was a group of about five to six individuals. For sustainment, we just have gotten into a training mode and we will have our support team giving them assistance.

What other advice do I have?

I would rate this solution a 9.5 out of ten. To get it to a ten it should give other possibilities to select if you could follow the keystrokes. It should have a flexibility with things in which people can use it a lot faster.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
DanHines - PeerSpot reviewer
Technologist - Specialty in Identity and Access Management at Sears Technology Services Incorporated
Real User
The DNA scan is very helpful and provides a security baseline for your environment

What is our primary use case?

  • This product provides accountability and audit trails for privileged account access. 
  • Automatic password rotation every 24 hours to adhere to our internal compliance guidelines.

How has it helped my organization?

  • It helped us in SOX, PCI, PII and HIPAA compliance. 
  • Accountability, as far as knowing who has access to what.

What is most valuable?

  • Reporting and PSM I feel are the two biggest points for us. We provide our audit team with failed password reporting, safe membership, and privileged account inventory reporting.
  • The DNA scan is very helpful and provides a security baseline for your environment. I highly recommend running a DNA scan on your environment.

What needs improvement?

  • Implementation documentation could use some improvement in a few areas. LDAP integration would be one area.
  • Providing a way to group accounts by application would be nice.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Kishore  Kumar - PeerSpot reviewer
SAP CRM /C4C /SAP Hybris at ATOS
MSP
PSM enables after-hours monitoring, and CPM helps keep the password policy up to date

What is our primary use case?

This solution is used for managing all unmanaged and forgotten privileged accounts. DNA tool is amazing, far better than imaginable in previous years.

How has it helped my organization?

We are able to keep an eye on every move made by privileged accounts throughout the enterprises, and with PSM we have monitoring after hours.

What is most valuable?

CPM, which helps keep the password policy up to date. which eventually helps to maintain the GDPR data security requirements for almost every client in Europe and elsewhere. 

What needs improvement?

It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user789450 - PeerSpot reviewer
User at a energy/utilities company with 1,001-5,000 employees
User
The ability to write your own connectors and plugins is invaluable as far as flexibility goes

What is our primary use case?

  • Vaulting of privileged credentials. 
  • Used as a jump host solution. 
  • We wanted to keep passwords from being exposed to end users and connect them seamlessly to their target devices.

How has it helped my organization?

Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened.

What is most valuable?

The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.

What needs improvement?

  • Enhanced PSM support for Java based applications.
  • Easier to use bulk uploader tools (which are already being worked on).

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user531600 - PeerSpot reviewer
Advanced CyberArk Specialist at a tech services company with 1,001-5,000 employees
Consultant
Secured vault storage provides the capabilities for structuring and accessing data.

What is most valuable?

The secured vault storage offers great capabilities for structuring and accessing data.
Central Password Manager is useful for agentless automated password management on endpoints.

Privileged Session Manager is good for provisioning, securing, and recording sessions to the endpoints.

How has it helped my organization?

CyberArk provided an audit trail for all account operations, including session recordings for all activities performed with high privilege accounts. It also gave us the ability to define various access controls per group, enabling us to differentiate between internal and external IT staff accessing the accounts.

What needs improvement?

The product documentation could be a little more precise in certain aspects with clearer explanations for functionality limitations. New functionalities or discovered bugs take a little longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.

For how long have I used the solution?

I have been working with CyberArk solutions for 7 years already.

I was involved in many implementations, proofs of concept, operational and development activities. I have worked with or test all CyberArk releases since version 5.5.

What do I think about the stability of the solution?

Unfortunately, I did have some problems with stability caused by not following the recommended configurations. But the recommended configurations are very strict, and it is not always possible to implement in a corporate infrastructure. Interference with other applications can also cause problems with CyberArk components.

What do I think about the scalability of the solution?

We did not have any problems with scalability. Each component of the solution is highly scalable and enables us to quickly increase capacity.

How are customer service and technical support?

Customer Service:

Customer service is very responsive and they are willing to help you with any deployment decisions, production issues or just various questions you might have.

Technical Support:

The technical support was great. They were very responsive and eager to help. We were able to have professional communication and the involvement of all levels of technical personnel as needed.

Which solution did I use previously and why did I switch?

I used another solution before CyberArk and its limited functionalities were the main reason for switching. We chose CyberArk because of its great functionalities, the ability to be deployed granularly at a different scale for each function, and the ability to be deployed in a distributed infrastructure.

How was the initial setup?

The initial setup is straightforward if you prepare for it properly and test the major functionalities using the configurations that you’ll actually require before you use it in a production deployment.

CyberArk documentation contains a lot of information, so the hardest part is to choose the right setup and deployment strategy.

What's my experience with pricing, setup cost, and licensing?

Plan ahead regarding the licensing costs. You can get a better prices per license as the number of licenses increases. CyberArk is open to providing a test license so you can test any particular functionalities prior to buying the real license.

Which other solutions did I evaluate?

We evaluated ObserveIT and IBM’s Privileged Identity Manager solution, which was still under development back in the times. We chose CyberArk because of its flexible installations, so that it was able to cover most of the deployment scenarios we required.

What other advice do I have?

Study and test it first, before going wild in the production.

It is very easy to create a disaster in production with even the smallest changes.
CyberArk has great resiliency capabilities; use them wherever you can.

Disclosure: My company has a business relationship with this vendor other than being a customer: My current company is a partner with CyberArk for selling the product as a service.
PeerSpot user
it_user529902 - PeerSpot reviewer
Network Security Consultant at a comms service provider with 501-1,000 employees
Vendor
Session recording is a valuable feature. Better documentation of error codes would be helpful.

What is most valuable?

How has it helped my organization?

  • Increased security and visibility

What needs improvement?

Error messages are useless; better documentation of error codes would be helpful.

For how long have I used the solution?

I have used it for two years.

What do I think about the stability of the solution?

I encountered stability issues.

What do I think about the scalability of the solution?

I have not encountered any scalability issues.

How are customer service and technical support?

Due to meaningless error messages, it is not possible to repair non-trivial errors without support. However, with support, we solved every problem.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

You have to exactly follow the installation manual; otherwise, installation can crash with a non-solvable error.

Which other solutions did I evaluate?

Before choosing this product, I evaluated BalaBit and ObserveIT.

What other advice do I have?

You have to exactly follow the installation manual.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user326337 - PeerSpot reviewer
it_user326337Customer Success Manager at PeerSpot
Consultant

How would documenting error codes help you in the short term and/or long term?

Ashish Khanal - PeerSpot reviewer
Identity and Access Management Consultant at a tech services company with 10,001+ employees
Real User
With the PSM connect option, authorized users do not need passwords to open a session. The user experience needs to be improved.

What is most valuable?

The features that I value most are the PSM connect option, where an authorized user doesn't even require a password to open a session to perform their role. Another feature that I think is really valuable is being able to monitor a user's activity; there is always a log recording activities performed by the privileged accounts in CyberArk.

How has it helped my organization?

This tool has definitely helped us manage all the privilege accounts, which mostly have access to the organization's crown-jewel data. Additionally, having a monitoring system puts extra visibility on these account's activities, so any irregular activity is highlighted and quickly escalated.

What needs improvement?

I think there can be improvement in providing information on how to develop connectors for various applications’ APIs.

Additionally, I think the user experience needs to improve. It's not very intuitive at the moment. An account could be more descriptive, and could have more attributes based on its functionality.

For how long have I used the solution?

I have used the product for almost a year. I have been part of the implementation project and post-release, supported account onboarding.

What do I think about the stability of the solution?

For the most part, there weren't many stability issue. Usually the issue persisted with system/application accounts, with the API and the object ref ID not being in sync.

What do I think about the scalability of the solution?

I didn't feel there were any scalability issues.

How are customer service and technical support?

Although I was part of business side of the team, and I only had interaction with internal engineering team, I found the internal engineering team very helpful and knowledgeable about the product and how it worked.

Which solution did I use previously and why did I switch?

We previously used a different solution, and then we updated it; we did not switch.

Which other solutions did I evaluate?

I am unable to comment on this, as I was not part of product evaluation team.

What other advice do I have?

My advice is that this tool does what it advertises. If your business/organization has crown-jewel data, this is the tool to use.

From a security standpoint, I find the tool very reliable and innovative. However, it could improve the user experience and become more intuitive. When the user experience becomes more intuitive, then I am willing to rate the product even higher.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user326337 - PeerSpot reviewer
it_user326337Customer Success Manager at PeerSpot
Consultant

Ashish, may I ask where you generally look for these types of courses? Are there any that you can recommend?

See all 5 comments
it_user528927 - PeerSpot reviewer
Owner at a tech consulting company with 51-200 employees
Consultant
You can control password management. It provides flexibility and security.

What is most valuable?

Auditing and control are the most valuable. You can control password management almost to the max, giving you, your users and your auditors great flexibility without compromising security.

The auditing and control is more valuable to the enterprise than to myself. Apparently one of the overseas offices was able to track and identify misuse of a privileged account. In addition, it is heavily used during the periodic user/account recertification process.

How has it helped my organization?

Recertification of accounts and users, whereas previously 100s of accounts reside on devices, targets, applications, etc., now, due to using the vault and recertification, owners are in total control of their accounts and usage. Dual control forces owners to approve access to their safes and usage of passwords. The number of audit points regarding rogue accounts is falling dramatically.

What needs improvement?

Small things such as resizing pop-ups but mainly the reporting possibilities: These are quite poor in my honest opinion. If you really want custom reports you actually need to export data to an Access database and create your own queries and reports. The default reports are just that.

The reporting functionality is currently limited to default reports, listings and overviews. For more detailed and in-depth reports, you need to export the data to an external app such as Access or MS SQL. For example, if you need a report listing all safes, owners, members and accounts (like we do), you need to create a bespoke report. Ideally, in 2016, perhaps a graphic drag & drop reporting interface would be ideal.

For how long have I used the solution?

I have been using the product now for a little over four years from the support side.

What do I think about the stability of the solution?

No stability issues at all; we have a 24/7 standby and have yet to be called out on issues other than locked accounts. These are almost always user-related. We have had no downtime other than planned DR tests.

What do I think about the scalability of the solution?

I have not encountered any scalability issues; we have actually scaled down since the new releases. Where previously we had CPMs & PVWAs throughout the world, we now have load-balanced CPMs and PVWAs in just two locations.

How are customer service and technical support?

It can take time before you get a solution. Frequently, we have already solved it ourselves. CyberArk is re-arranging its support teams to improve communication with clients and to resolve cases quicker. As there is a release every six months, this might prove to be a challenge.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

The vaults are installed on dedicated servers and subsequently hardened in their own dedicated workgroup. In our organization, there was a heavy battle with Server Support, who refused the workgroup setup and demanded that the servers join a/the domain. Do not agree! The servers have to be separate from the general server population and have nothing installed except the vault. Nothing has access, so no MS updates, AV software, etc. It took a while to convince them.

Which other solutions did I evaluate?

Before choosing this product, I did not evaluate other options.

What other advice do I have?

Do not take it lightly. It takes a lot of hard work to analyse and implement. Involve the entire organization from the start. As you will be working with security teams, you might encounter a certain level of distrust (you are in their domain right?). Involve them, liaise frequently and get everyone onboard.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user326337 - PeerSpot reviewer
it_user326337Customer Success Manager at PeerSpot
Consultant

Are there other SaaS solutions with reporting capabilities that you would hope CyberArk could learn from as an example of a successful model?

it_user506925 - PeerSpot reviewer
Senior Consultant (CyberArk) at a financial services firm with 10,001+ employees
Real User
The Enterprise Password Vault protects privileged IDs within a secure digital vault.

What is most valuable?

EPV (Enterprise Password Vault) is the most valuable feature of the product to me. It is the core of the product, where it stores the passwords it needs to protect. It protects privileged IDs within a secure digital vault.

What needs improvement?

User friendliness and reporting: While the PVWA (Password Vault Web Access) provides a web console for the end user and administrator to access the solution, there is room for improvement. (E.g.: show tips when the mouse hovers over.) Reportingprovides very detailed information; however, it requires customization before it is presentable.

For how long have I used the solution?

I first got introduced to CyberArk around 2012.

What do I think about the stability of the solution?

No issue with stability. The solution provides an HA option.

What do I think about the scalability of the solution?

I would say there are scalability issues. After the solution is deployed, resizing it is difficult. Therefore, proper sizing at the planning stage is important.

How are customer service and technical support?

Technical support is excellent; one of the most knowledgeable and well-trained support staff.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was complex. A typical deployment will require at least two months of full-time planning. In a large deployment, it can be over six months.

Which other solutions did I evaluate?

Before choosing this product, I did not evaluate other options.

What other advice do I have?

A well-trained and experienced deployment team is critical. Sizing, safe design, and access management need to be discussed beforehand.

reason for not being a 10 is, there is always rooms for improvements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free CyberArk Enterprise Password Vault Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Buyer's Guide
Download our free CyberArk Enterprise Password Vault Report and get advice and tips from experienced pros sharing their opinions.