CyberArk Privileged Access Manager Reviews

We are using CyberArk Privileged Access Manager because we have too many accounts and we need to manage them.

CyberArk Privileged Access Manager has helped our organization by controlling users' access.

CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift.

I have been using CyberArk Privileged Access Manager for approximately two years.

CyberArk Privileged Access Manager is stable.

We have thousands of users using CyberArk Privileged Access Manager in my organization.

The support from CyberArk Privileged Access Manager is good.

The initial setup of CyberArk Privileged Access Manager was straightforward.

We had a local third-party company help us with the implementation of CyberArk Privileged Access Manager. The maintenance is sometimes a challenge for our consulting team that does it.

I would recommend this solution to others.

I rate CyberArk Privileged Access Manager a nine out of ten.

We use this solution for privileged systems access with a high emphasis on security. End users are required to go through a process of being vetted in our NERC environment in order to use the solution. This product has been used by my company for about five years now.

This product has placed a new culture in my company by making employees more aware of IT compliance and cyber security. It has also placed us in a position to meet NERC CIP v6 requirements.

The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task.

Using the PSMP (Privileged Session Manager Proxy) makes it extremely convenient for UNIX Administrators to utilize their favorite SSH client software (i.e. SecureCRT or Putty) to connect to a privileged target without having to go through the PVWA web login.

I would like to see the product enhancement with the Secure Connect feature. Today, there is no functionality to create "Accounts" using Secure Connect to permanently store a user's working tab. It is a tedious manual process of entering host IP information and user credentials into a privileged target system.

Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use. It’s a manual process of entering information all the time. Unless you are working with accounts already stored in “Safes”.

I have been using this solution for seven years.

We have noticed some stability issues with the PSM Servers. We've noticed that there may be a limitation on the number of users that a PSM Server can handle. We have two PSM Servers deployed in our Production environment and have come to a conclusion that we may need to add two more to stabilize the environment.

Upgrading to version 9.9 significantly reduced the stability issues with the PSM Servers and the limitation on the number of users that the PSM can handle.

CyberArk could use some improvement in their level of customer service. Sometimes, it can take more than a day before a Case that I have submitted online gets a response from tech support.

The level of technical support has been great. The challenge has been to get an initial response and sometimes follow-up from CyberArk Support.

If you are going to set up CyberArk for the first time, I highly recommend that you utilize their Professional Services. They are extremely knowledgeable and very helpful and will ensure that your implementation is a success.

We use Texas DIR when evaluation and making purchases of products.

We are currently on version 9.10. We would like to upgrade to the latest version some time this year. There is currently a CyberArk Security Bulleting CA19-09 that addresses potential administrative manipulations within the PVWA and the Digital Vault. CyberArk has released patch 9.10.4 to address the PVWA and they are working on releasing a patch for the Vault Server.

The primary use case of CyberArk is controlling privileged access. It is good at providing various privileged access controls. The CyberArk use case can be implemented on various platforms.

Password rotation is another key use case. There are many integrations available on the CyberArk Marketplace, plugins and connectors with different technologies to be integrated with CyberArk to achieve this use case.

I've had an experience of deploying CyberArk in on-premise and in the cloud.

For any use case, session management is a key because it isolates users' machines to the target system. That way then, if an attack happens on a user's machine, the privileged session is still an isolated session. The privileged session is not interrupted.

In general, all CyberArk's features are very useful from a privileged account control point of view, and for session management and password rotation. 

The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution.

There are many other important features of CyberArk: 

• Privileged Session Manager (PSM) connects you to the target platform. 
• Password management (CPM) provides automatic password rotations, including password verification and reconciliation. 
• Auditability, which means CyberArk keeps track of logs and audit trails, including session recording, which is another key feature. 

The password management enables the rotation of passwords per an organization's policy. Passwords can be rotated after N number of hours or based on a particular day. It's a very key feature from a security point of view, because passwords are meant to be rotated very frequently. CyberArk does it very well with different plugins.

More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured. That would make it easier when somebody is implementing it or referencing the documentation.

I have used CyberArk Privileged Access Manager for approximately seven years.

It is a very stable and reliable product.

It is scalable and scaling it is straightforward. It has been designed and planned well, making it easy to scale the environment.

We have frequently worked with CyberArk technical support. In the last year their support has been changed. I would rate it at about seven out of 10. It depends on the person who picks up the support ticket. If that person is fairly proficient in his experience, the response will be quick. Otherwise, it can take time. But, in general, it's good.

Neutral

The complexity of the initial setup depends on the organization's underlying infrastructure, on the environment in which the development is happening. Sometimes the environment on which the product is being installed is more of a challenge than the product. That plays a key role. And, as I mentioned, it's a bit of a challenge because of the documentation at the moment. It needs to be much more user-friendly

The time for deployment also depends on the environment in which the product is being deployed. The technology landscape is very complex. With an end-to-end implementation, it can vary depending on whether the environment is small or medium or complex, and what types of use cases are involved. If it is just a simple environment and minimal features need to be configured, it can be straightforward and take a few days. But if it's a really large-scale, complex environment, where multiple integrations are required, because the underlying requirement to deploy CyberArk with other applications is complex, it will definitely take longer.

Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive.

It's a long journey and it needs to be set out in phases very well, starting with something small and gradually implementing PAM controls across whatever multiple technologies an organization uses. It's a long-term project to fully deploy and benefit from all of CyberArk's features. 

Rather than being about the product, it's more about the overall PAM journey that a company decides to take. It's a very complex world, integrating multiple applications within CyberArk. There are various technical complexities involved, not with CyberArk, but with the other products. 

But it's worthwhile. CyberArk does its job very well. All the components are very useful and the benefits are all evident. CyberArk is the number-one PAM solution.

Companies often have an enormous amount of admin credentials out there. They want to find out how many they have, start cleaning them up, and ensure they're all kept in an encrypted vault. Password Vault is probably the top product in that space, and it's a monster to implement, but CyberArk is great at what they do.

Password Vault's main advantage is its scalability. We constantly see huge enterprises implementing something like this, and the privileged session management is an excellent piece. You can kind of watch videos of whatever an admin has done. So, for example, if an admin doesn't check out their password and fires up a session on a machine, you can see playback. Scalability and those particular features are pretty valuable for monitoring your insider threat.

Our customers haven't complained about any stability issues, and we've set Password Vault up for quite a few customers. However, the stability depends on the equipment unless they do it in the cloud. But if they're setting up on a bunch of VMs, and that VM store goes down, that's not necessarily a CyberArk problem. That's more of a problem with Windows or VMware, etc., or something like that. So I guess the stability's fine.

There are upwards of six components you need to set it up. And you might need anywhere from two to five servers. It takes some work to set that up, especially in a larger environment.

On-prem CyberArk is pretty expensive. It's pricey and you get what you pay for. It's an incredible product for what it does, but it's significantly cheaper to go to the cloud.

I would rate Password Vault seven out of 10. I'd only go that low because of how challenging the installation can be. I advise our customers to consider using CyberArk's cloud option because many people just reflexively lean toward the on-prem solution. The cloud solution is considerably less expensive. It's still complex to set up the different components and make it all work together, so I suggest you make sure you need all those components. Maybe you don't even want to use everything there, but consider the cloud version. It's the same product, but it's more straightforward and cost-effective. You're not losing any functionality.

My primary use case is the digital identity for access management of users and the configuration of passwords, or MSA, or SSO.

Password Vault's policy configuration is very good - when you receive an attack, you can segment the structure of the project in order to isolate parts or users.

Upgrading the product is very difficult, so this could be an area for improvement.

I've been using this solution for six months.

There have been a few lags when connecting with RDP, but otherwise, the stability is good.

Password Vault's scalability is good.

The technical support is very good in general but could provide more help when upgrading.

I would rate this solution eight out of ten.

The primary use case is to monitor the official activity of a privileged user for privilege violations.

CyberArk's GUI is user friendly.

I have been using CyberArk for only six months.

Password Vault is a reasonably stable solution.

I've only used it for a few months, so it's hard for me to say how scalable Password Vault is. Those who've used it longer and deployed it on more endpoints could answer that question better.

We're served by CyberArk's regional support based in India and Singapore, but I want country-level support in Bangladesh, so I can get help quickly. Also, online support is annoying. I would like to get face-to-face support from a local CyberArk representative. 

Setting up Password Vault is not easy. We needed an online consultant to help us.

Password Vault is much pricier than other solutions. A vendor team might struggle to explain why that price is justified. There are good alternatives that cost less.

I rate CyberArk Enterprise Password Vault seven out of 10

We use this solution for ID purposes. When we remove a user from the server, we need a privileged ID password.

We are a University. It's a large organization.

It's not very different when compared with other products.

From what I can see, the Systems Integrator is useless. When I ask for the information, nothing is given to me. They need to provide better training for the System Integrator.

I have been working with this solution for two years.

Its' quite stable.

It's a scalable solution but could be improved. On a scale of one to five, I would rate it a four.

I have not used technical support.

The initial setup is pretty easy. It is not complex.

We used a reseller, integrators, but they were useless to me.

Pricing is quite high and it could be improved.

I would rate CyberArk Privileged Access Security a six out of ten.

This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access. 

I use the solution for security. I make sure the bulk of the password of the certificate for the cloud and on-premise applications are good. I action and administer them when needed.

The solution is stable, it is very resilient.

I have found the solution to be scalable.

The installation is not difficult for me because all the information is on the website.

The solution is very expensive and requires a license. We pay for an enterprise license.

This is a complete package that has a lot of the capabilities you would want in this type of solution but it is very expensive.

I rate CyberArk PAS a seven out of ten.