CyberArk Privileged Access Manager Reviews

CyberArk Enterprise Password Vault is important to do privileged session management, access a privileged access manager. Additionally, it is important to do segmentation in your core environment with the support team. For example, it is doing access monitoring support in our servers.

The privileged support manager is the most valuable feature of CyberArk Enterprise Password Vault.

The interface could be improved it is not user-friendly, but they have improved but it could still improve. In the policies configuration, it would be a benefit to have more details.

I have been using CyberArk Enterprise Password Vault for approximately five years.

CyberArk Enterprise Password Vault is stable.

I have found CyberArk Enterprise Password Vault not to be scalable. There are hardware limitations.

The technical support is very good and helpful.

The initial installation is difficult because of the configuration. The process involved with the privileged access cycle is not easy to connect the process with the technology from CyberArk Enterprise Password Vault.

I rate CyberArk Enterprise Password Vault an eight out of ten.

Our clients primarily use the CyberArk Password Vault for password rotation and password management.

The feature I find most valuable is the password credential rotation.

With regards to potential improvements for the CyberArk product, I find the product quite expensive and I would like to see the cost reduced. 

I have been using CyberArk Password Vault for 8 years. 

CyberArk Password Vault is super stable once you are on a tried and true platform version. 

The product is also easy to scale. 

I have utilized CyberArk technical support for issues and this was very straightforward to work with. The response time was a little slow. 

I have previously deployed and installed Thycotic as an alternate password vault solution, but I find CyberArk to be much better.

With installation of CyberArk Password Vault, there are some complexities to setting it up, I would say it is not straight forward to setup. 

The major use case for us is to securely release and manage passwords for non-personal accounts.

CyberArk provides an automated and unified approach for securing access across environments. It's a work in progress but that is the goal, for us, of implementing CyberArk. We want to provide a unified way to access all environments. We are in transition, like most big companies, into cloud solutions. So this is also something that is being discussed and analyzed. But that, overall, is the mission of CyberArk in our organization.

CyberArk has made it possible to work with non-personal accounts. Before, there was a much more focus on having privileges associated with personal accounts, and non-personal accounts were scarcely used because doing so required a lot of manual work. That work has been replaced with automated password management and the controls that come with CyberArk. It allows our organization to control the risks associated with high privileges. Previously, anyone could do whatever they wanted, on their own, but now we can enforce dual control. That is very important from a risk perspective. And the fact that we have it automated means it doesn't require that much effort to maintain things.

Also, when we onboard new employees, the solution saves us time, to a certain extent, when it comes to providing them with secure access to the applications and IT systems they will be working with. Those savings are not directly thanks to CyberArk, but it can be considered part of the bigger solution to make sure that employees have the correct access to the resources they need as soon as possible. That is true after they have been onboarded or when their position has changed and they need to be granted new access.

The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so.

I have been using CyberArk Privileged Access Manager for five years.

My impression of the solution's stability, in general, is very positive. It's quite robust. There are mechanisms in place that allow you to have high availability and that allow you to have proper disaster recovery. Those mechanisms are very solid, as we have tested them extensively within our processes to assess the risk associated with the use of CyberArk. They have performed very well.

The only thing that is lacking with respect to the stability is the scalability issue. The amount of data we need processed is too big for CyberArk to manage properly. That mostly impacts performance, not the stability, but to some extent the stability has suffered due to that. 

But overall, I would rate it very good in terms of stability. We had a minor issue once and, other than that, we have been online the whole time that I have been here. We have tested it thoroughly and have not found any situation where it would become too unstable to perform our tasks.

The major pain point that we have is the capacity of CyberArk due to the sheer volume of NPAs that we are managing. We are a large organization and we have hundreds of thousands of non-personal accounts to manage. We have already found out that there are certain capacity limitations within CyberArk that might introduce performance issues. From my perspective, something that would be valuable would be if the Vault could hold more passwords and be more scalable.

We have used their tech support extensively and there has been a lot of improvement in the way that CyberArk support operates over the last few years, but it still leaves somewhat to be desired. That is particularly true given the pricing. You would expect, for the amount of money that they charge for their support, and for their product in general, that it would be better. 

But I've seen major improvements in the last couple of years. I think they are aware of this issue and that it is an area that they are lacking in and they're working towards improving it.

They need to better recognize who they are dealing with. CyberArk has an extensive training program, the CyberArk University. You put in a lot of effort, resources, and money, to attend the training and become a professional in terms of your knowledge and ability to manage the Vault, and the solution in general. But then, when you require support, you are asked very simple questions, which you have already answered based on the knowledge that you've obtained from CyberArk. It takes a lot of time and effort to convince their support that you indeed have a more complex case to resolve, rather than a very simple fire-and-forget solution. It's generally not the kind of thing where they can give you a link to their knowledge base and look through it to find a solution yourself.

I have been working with CyberArk for five years and have all the possible certificates, and have extensive knowledge about it. Any time that I report a case to support, it seems the general gist of how such services operate is that they're trying to get rid of you. They give you a solution that, maybe, vaguely resembles the issue, or a solution that you specifically stated that you tried already and it does not work, just to get rid of you. They probably have customers who would be happy with that, but because of the importance of that software within our organization and the level of maturity that we have within my team as administrators of CyberArk, we expect, and we've communicated this to them, that they will approach our requests in a more advanced way. 

They should recognize that we have probably already done what the first line of support would suggest be done, and that we require some more involved support, but it seems very difficult to communicate this to them. Even if we get through to further lines of support, we often have the feeling that we still know more than they do about their own tools. I think there has been some sort of knowledge drain from CyberArk. We often have the feeling that they are learning on the job. They don't inspire a lot of confidence when it comes to their support.

Neutral

There is a lot of return on investment in CyberArk. Being a financial institution, we are responsible for managing risks, and CyberArk really helps us to be in control with the usage of NPAs. That, in turn, translates into a proper risk score for the organization, and that directly translates into actual money being saved.

It's expensive, certainly. But CyberArk is the leader in the market with regards to privileged access management. You pay a lot, but you are paying for the value that is being delivered. 

It's not a tool for small companies. You need to be a large company with a lot of resources to implement it. But the price tag can be justified, even though it's always hard to quantify these things. It really brings value, regardless of the level at which you implement it. If you use it at a very basic level, as just a password manager, or you go further with all the other elements of the tool, it's expensive, but it's worth the price.

We only use it on-prem, but for someone who only wants to solve cloud security challenges with a born-in-the-cloud security solution, I would still tell them CyberArk is one of the potential solutions. I would also tell them to do their assessment because it costs a lot. So it depends on the scale of use and the use cases. It certainly has the most capabilities that could be of use, but it depends on whether you only have some small deployments in the cloud and on the size of the risks involved. For certain scenarios, I would say they should immediately go with CyberArk, and that they shouldn't bother with others' solutions. In other scenarios, I would say they should do a very thorough assessment of the market before they decide because there might be cheaper options that will be sufficient for them.

We use CyberArk Enterprise Password Vault and we provide it to our customers.

We use this solution for password vaulting and session management.

The most valuable feature is privileged session management.

The installation process could be simplified.

I would like to see a simplification of the product.

I have been dealing with CyberArk Enterprise Password Vault for ten years.

Depending on the needs of the client, it can be deployed both on-premises and in the cloud.

CyberArk Enterprise Password Vault is a stable solution.

CyberArk Enterprise Password Vault is scalable.

We use Teams for virtual meetings and storage, with SharePoint serving as the backend.

I've never liked the idea of using Zoom because the security was never great.

The installation is not straightforward. It's complex. You would have to be very knowledgeable about the product to do this.

We need two to three administrators to maintain this solution.

Licensing fees are paid on a yearly basis.

Our laptops are containerized, we don't see what antivirus is on there. Our organization strips out all bloatware. If it is not sanctioned or proprietary, we don't use it.

Try to complete as much of the CyberArk training as possible.

 I would rate CyberArk Enterprise Password Vault a nine out of ten.

We implement this solution for our customers. We are system integrators, not end-users.

The main use case is for secure access, and monitoring the access by IT administrators.

I like the performance of CyberArk Enterprise Password Vault.

Definitely, it's a reliable solution.

It has a wide range of features. They are probably the widest range of features on the market. It is the main reason customers usually select this product.

This solution works very well, and the feedback from our customers is very good.

Integration is one of the strongest capabilities of this solution. There are hundreds of integrations that are ready to use. It is continuously growing, which is one of its strengths.

The interface is really user-friendly.

It's a highly flexible solution that can adapt to each customer's needs.

Another strength, for both performance and the security levels, is the segregation of the different rules of the solution.

The initial setup could be simpler but it may not be as effective.

I've been using CyberArk Enterprise Password Vault for three years, and the company began using it in 2003.

This solution is used mainly on-premises, but the trend is to go with hybrid and cloud deployment for new projects.

CyberArk Enterprise Password Vault is a stable product.

CyberArk Enterprise Password Vault is easy to scale.

I have not contacted technical support. I deal in the presales department. I don't manage the technical aspects of delivery and support.

We needed to build a specific project that is tailored for each customer. It requires a bit of design with the first part of the project, which is a benefit because the solution has high performance and is built on the needs of the customer. 

There is a bit of a setup initially, but it provides them with a good result for the project.

It's an affordable platform.

It is not the cheapest solution available on the market, but if you want a good project, you need to have the value of the solution you are selecting. 

In my opinion, it is a good compromise between the cost and the benefits. I think the price is fair.

I would definitely recommend this solution to others who are interested in using it.

I do not have visibility with other solutions that may be better or more up-to-date.

I would rate CyberArk Enterprise Password Vault a ten out of ten.

The solution is too complicated to use and should be simplified. It took me a long time to understand how to use it. There is a lot that the solution can improve for the future.

I used CyberArk Enterprise Password within the last 12 months.

The solution is stable and reliable.

We have approximately eight people in my organization that use this solution.

I did not like the solution at all and I was happy when we stopped using it.

I rate CyberArk Enterprise Password an eight out of ten.

It is useful for protecting passwords. If you need to do access security management, you can first use the CyberArk console, and after that, you can connect the firewall interface or firewall command line. Similarly, if you need to do an RDP session, you need to first log in to CyberArk before connecting to the Windows RDP session. This way, the admin doesn't know the password, and that password is changed immediately. To change the password, you first discover the old password in the network, and after that, you can change the password.

It can be integrated with other systems, but it is not easy to integrate. It takes too long to integrate it. Its integration should be easier and simpler. 

Its stability is very good. It is a very robust and stable product if you have the correct installation and configuration. Otherwise, you would have problems.

It is scalable. Our customers are enterprises with a minimum of 2,000 users and maybe 100 admin users.

We are satisfied with their support. Our customers need local support, and CyberArk provides that. Their documentation is also good.

It is a little complex as compared to its competitors. Its deployment took a long time.

We had a consultant, and we were satisfied with the service. You need someone with one or two years of experience.

They have two types of licensing: purchase and subscription. You have to pay for each admin user, such as Microsoft admin, mail admin, database admin, etc.

I would rate CyberArk Privileged Access Security an eight out of ten. It is a good product.

We are a system integrator. We are selling its latest version to customers who are new to PAM or are coming from an older PAM. 

The respected partnership and portfolio with CyberArk are highly valuable to our organisation, as it helps to open doors with Enterprises and Financial organisations, on serious discussions on Identity and PAM projects. CyberArk PAS solutions bring good services revenue and long terms relationships with customers.

Their legacy of more than 20 years is very valuable. It brings a lot of stability to the product and a wide variety of integration with the ecosystem. Because of these factors, it has also been very successful in deployment. So, the legacy and integration with other technologies make the PAM platform very stable and strong.

In terms of features, most of the other vendors are still focusing just on the privileged access management or session recording, but CyberArk has incorporated artificial intelligence to make PAM a more proactive system. They have implemented threat analytics into this, and there is also a lot of focus on domain controller production, Windows, LINUX Server, DOMAIN CONTROLLER protection etc. They have also further advanced it with the security on the cloud and DevOps environment.

They have a bundle licensing model, which really helps, unlike competitions complex licensing. Even though in our market, few customers have the perception that CyberArk is expensive as compared to some of the other new PAM providers, but in terms of overall value and as a bundling solution, it is affordable and also CyberArk is highly scalable platform.

Their post-sale support area requires a little more attention to our region ( ME/UAE. The current support model does not allow the end customers to open a ticket directly with CyberArk. Customers have to inform the distributor or bring in partners who have access to the support portal to open support cases. The support teams liability is limited to product issues and they usually do not get into configurations and integrations, unless estimated and paid for PS services.  This indirectly helps Service providers like us to make extra revenue. The default 24/7 support to our region, is effective when there is an emergency like a serious software issue, or if password vault is down etc, for such cases they provide immediate attention. For the rest of the low priority like migrations, upgradations, backups etc ( in some site it shall be considered high ), they take more time to respond.

Looking forward to new features line API security 

I have been engaged with CyberArk solutions for about five years.

A very stable platform for small to extremely large and complex organisations and distributed networks.

In one of the projects for global MNC, we had successfully executed projects with distributed Vault in 16 countries spread across 5 continents. This is done with a centralized primary vault( on HA )- HQ Datacenter, which connected distributed local vault and PSM, along with DR in the cloud. 

All these years in none of our projects haven't come across product stability or system crash isuses due to cyberark software

For customer and service provides (like us ), PAM is a journey with continues improvement and hygiene practices to protect the critical system. CyberArk offers many solutions for endpoint privilege management, Domain Controller protection, DevOps security which helps in upselling and expanding the security measures. Also, the solution is capable of handling a distributed and heterogeneous environment 

CyberArk PAS setup needs expertise and experience. Based on my experience, a small deployment of 10 or 20 PAM users takes one week to set up the PAM infrastructure and another one week to go live with basic modules and standard out of box integrations. The rest of the rollout has customer dependencies.  Ideally, the PAM system needs 3-6 months to get mature in an organisation.

We do inhouse.

Overall, bundle pricing and sales team support are really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules required in PAS, except the add-on advance technologies like agent-based endpoint, Win/Linus server protection, domain controller protection etc. When it comes to agent-based advanced technologies the overall cost is not cheap. However, the values it brings is highly critical to customers who are paranoid about targeted attacks.

Vendor PS BOQ are expensive like usual OEMs rates, but they do the Scope effectively within less time, which help the large customers ( like banks ) to run without any downtime 

I would recommend CyberArk solution even for small customers, who have critical application and internet presence in their business. The licensing model support to start with even 5 privilege users, this really helps. We haven't experience Idaptive ( Identity Saas ) solution yet, however, it looks promising

I would rate CyberArk PAS a ten out of ten. They are sharp focused on privilege access security for more than 21 years. This highly remarkable.