CyberArk Privileged Access Manager Reviews

Every feature of this product - Password Management, Session Management and so on has its own value depending on different use cases, but I like:

• It's a clientless product and does not require any third-party product for any of its operations (Password Management, Privileged Session Management).
• For password and session management, it can integrate with any device/script with a password OOB or via a custom plugin.
• Compared to other products, CyberArk is extremely easy to install and configure.

Due to regular growth of an organization infrastructure, managing passwords within the organization becomes extremely difficult.

In larger organizations with a large user and infrastructure base, it can be very difficult to ensure that the passwords for privileged accounts are changed according to the organization security policy. This can be especially true in case of local admins for Windows and Unix boxes. Unmanaged/neglected local admins accounts lead to a major security threat.

Another major risk is to monitor activities and usages associated with privileged accounts to hold people accountable for their actions.

CyberArk helps organizations to manage all the privileged account passwords (server or workstation) in a centralization location as per organizational security policies. It also helps to hold people accountable by controlling and managing password usage using privileged session management.

Accountability is set up using CyberArk OOB temper-proof reports.

CyberArk has evolved a lot in the last 16 years and has nearly all the features required for effective operation. The only area for improvement is using a native client while connecting to the target device instead of the current method of using a web portal (PVWA). CyberArk seems to be working on this area and we expect these features in coming versions.

It would be great if in the future CyberArk considers launching an installer for Unix-based OSs.

I have been using this product since 2010.

In my seven years of experience with CyberArk products, I have never seen an unstable environment due to product functionality. It's always lack of proper planning, inexperience and faulty configuration that leads to an unstable environment.

CyberArk can be horizontally and vertically scaled, if it is well thought out during panning phase. As an example, if an organization feels that they may need high availability of Vault servers (CyberArk’s centralized storage for passwords and audit data) in the foreseeable future, they should consider installing CyberArk Vault in cluster mode instead of standalone mode. One can't use a standalone vault as a cluster vault or convert a standalone vault to a cluster vault, but in terms of increasing the number of passwords and session recording, underlying hardware can be scale to achieve desired size.

Three-year support (unlimited case and call support) is free with license purchase but I would say sometimes it's not sufficient to resolve the issues with this model.

Nonetheless, CyberArk Profession Services is quite impressive, even though it's a costly affair.

I was part of the PIM product evaluation team at my previous organization. I stayed with CyberArk because is it's extremely easy to implement, and very stable when implemented with well-thought-out planning and experience. It has all of the required features for a PIM product, it does not have dependencies on third-party products for it to function and it is clientless.

Initial set up is super simple and if planned properly, can be installed within a couple of hours.

I cannot comment much on this because CyberArk has different pricing for its partners or resellers, and might also vary according to size of procurement.

Before choosing this product, I also I evaluated NetIQ PIM, Dell TPAM, CA PIM and ARCOS.

Invest as much as possible in the planning and design phase. Consider at least future three-year growth in password and user base such as growth in virtual environments, and size accordingly. Also consider requirements like high availability of vaults, PSM and other components.

• Password vaulting
• Granular commands profiling with OPM

• Sys/DB admins no longer need to have system credentials (and the same for third parties)
• Access profiling
• Request demands from domain groups

The management console has a lot of functionalities, but is a little bit complex to use.

Customer support and technical support can be better, compared with the level of products.

I have used it for one year.

I have not encountered any stability issues.

I have not encountered any scalability issues, technically speaking. Issues with the licenses can occur; the pricing model is not easy to understand.

Technical support is 7/10.

I did not previously use a different solution.

Initial setup was very easy. We started integrating systems and providing access to systems within few days.

From my experience, for small environments, the subscription licensing model is very cheap.

We also evaluate other solutions in the Magic Quadrant for PAM solutions.

Before defining the solution’s architecture, clearly define your requirements and the kind of systems in scope. Some systems/device can be integrated out-of-the-box, others need customization.

Plus: easy to deploy, highly customizable
Minus: a little bit complex to integrate in large environment, complex rules/customization takes time

We primarily use this product for privileged identity management, restricting privileged IDs, and governance. This is the primary function of the program, and what we expect from it within the broad business level.

One limitation is that we are not able to put this into a decentralized mode.

This solution is quite stable.

We have no issues with scalability.

The tech support is decent. 

It takes a while to adapt to the product.

I do not have experience with the pricing or licensing of this product.

I think having a distributed architecture would certainly help this solution.

The fact that there are more and more plugins developed make it easier for implementation.

It is difficult to say what the valuable features are. I use all the different parts together to get the full power of CyberArk.

I would like to see better usability for non-technical people. If you use the PVWA interface, I noticed that the end user would need some extra training. The portal doesn't navigate so easily, if you don't know it.

With Facebook, for example, people find their way around easily. In PVWA, it takes some time to know how it works from an end-user point of view.

I did not encounter any issues with stability.

There have been no issues with scalability. You can easily manage more than 4000 accounts with one PSM.

I haven't needed any support yet, as it is well documented.

We did not use a previous solution. Basically, we helped a telecom to migrate from a standard .XLS with accounts to CyberArk.

The most difficult part was convincing the technical teams to use it.

Pricing and licensing depend on the environment. First, make a good plan.

Basically, build it up step-by-step, starting with the EPV of course :-).

Our primary use case for this solution is business and client management. Our clients are mostly from the banking sector. 

The CyberArk solutions that have been the most valuable for my solution are the Discovery & Audit (DNA) and Privileged Threat Analytics (PTA) tools. CyberArk is a very important tool for my organization.  

The setup was very easy for me. 

The product could be easier to use. More work needs to be done on this aspect; it is not good enough yet. It also takes up a lot of server space. Sometimes we need to use up to seven servers. 

I have been using the solution for about a year. My company resells and implements this solution. 

I think this solution has a lot of stability. 

The technical support for this solution is very good. If I was to rate it on a scale of one to five, I would give it a five.

The initial setup was straightforward. It can be carried out by a single person. 

The great thing about this solution is that they offer tech support in my language. 

I recommend this product. 

I am a consultant. We are in the process of using this in our clients' companies.

The most valuable feature is Special Monitoring.

The authentication port is available in CyberArk Alero but not Fortinet products.

I have been working with CyberArk PAS for one year.

CyberArk is stable.

It's a scalable solution. 

I have limited experience with technical support, but our customers like the support.

In general, it appears to be fine.

I have also worked with Thycotic, until the completion of the project.

The initial setup is straightforward.

It is best suited for mid to large-size enterprises. It is not the best for smaller companies, largely because of the price.

I believe that this solution is priced well. It's the market leader and I think that it's the best solution.

The price is quite good for us.

For those who are interested in using this product, you have to know your requirements and compare them with CyberArk to see if it is suitable for them and fits their budget.

I would rate this solution a nine out of ten.

Some of the valuable features are:

• The different server vault is used to store data with 7 layers of security for protecting the data.
• The Application Identity Management Module is also very useful and easy to handle.
• AutoIt scripting is useful to simulate single sign-on for thick and thin clients.

It makes compliance of the organization with password management easy. This results in a handy auditing process and adheres to all risk compliance as well.

Some areas of improvement are:

• PSM: It should be hosted on UNIX rather than on Windows. In such cases, no extra OS license needs to purchased at the client's end.
• PVWA: The admin console should be in the Windows installer instead of a web application for admin users. It makes the work faster for admins; otherwise, it seems slow for the web interface.
• PSMP: It looks a bit complex to deploy and maintain.
• OPM: This module should be integrated with PrivateArk app.

I have used this solution for three years.

CyberArk is quite stable and no issues have been exprienced on regards to stability.

We have not encountered any scalability issues. It is very scalable with any requirements.

I would give the technical support a 9/10 rating. It has superb technical support for U.S. clients.

However, for Indian origin clients, i.e., for foreign clients, the support is poor thus I have rated it a 4/10.

It is very expensive. They charge for every single thing they offer.

It has the ability to monitor privileged sessions.

Our security has improved since implementing CyberArk.

The user interface needs to be improved. It could be done by getting the GUI to work with other programs from within internet browsers out of box.

I've used it for one year.

No issues encountered.

No issues encountered.

No issues encountered.

It's good.

It's good.

I didn't use a previous solution.

It was straightforward as the documentation was rather clear. This made the implementation simple.

I implemented myself.

I didn't evaluate any other options.