What is our primary use case?
There are many possible use cases, but in general, CyberArk permits users to target machines and rotate their passwords, and to record decisions. It is used to create security through PTA and to forward Vault logs and investigate events. It also enables users to access passwords in dev code without actually knowing the passwords. There are a lot of advantages to CyberArk.
As a consultant, I have seen a lot of CyberArk configurations. Sometimes we use the CyberArk Cluster Vaults with one DR. I also worked for a company that used only one vault, without a cluster, but they switched data centers when there was an incident.
How has it helped my organization?
I used to be a Windows and Linux administrator before I used CyberArk. The difference is that now it is simple for me to connect to my target machines. I can add them to my favorites, making access to the servers simple.
CyberArk enables confidentiality. The passwords are stored in a fully secured Vault. If you want, you can access target machines without using PVWA. If you act as a remote desktop manager, you can register your connections and connect your target machines through the virtual IP and easily connect to your machines. Your connections and commands would all be registered to the Vault.
What is most valuable?
All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information.
Another valuable feature is that if you don't have access to a machine, you can see the machine in CyberArk. It's the management capabilities that CyberArk enables for a company that are very useful.
Other useful features are optional, such as recording decisions or rotating passwords.
What needs improvement?
The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments.
CyberArk, as a solution, can easily adapt to a lot of environments, and you can add a lot of components to different zones, and that will work with the Vault. But not all the components, such as the PTA, can do so.
Also, it would be helpful if CyberArk added some features for monitoring machines when we access them. For example, they need to improve the PVWA. In general, when we don't use the PVWA, we don't have a lot of problems. For me, the PVWA is not perfect. I would like to see more features in the PVWA to administer our machines and to improve the transfer of data.
For how long have I used the solution?
I have been using CyberArk Privileged Access Manager for more than three years.
I have implemented and maintained CyberArk solutions for clients, including creating administration functionality, such as platforms and support for users, so that everybody has 24/7 access to the account.
I have also been involved in enhancing the solution by installing useful components and testing them. I would help analyze if a component could be of interest to the client and then implement it in production.
In general, I would help maintain the solutions and make sure that everybody can access the accounts, and that password rotation works.
How are customer service and support?
I would rate WALLIX support at six out of ten, while CyberArk's support is a seven. The reason it's a seven is that we always have to send them the logs. Of course, we do get some response and they work on things, but sometimes we lose time on little tickets.
How would you rate customer service and support?
How was the initial setup?
If you have some experience, it is not complex to implement CyberArk. For me, the preparation is more difficult than the installation. Because CyberArk uses binaries, if you add good information, it will work. But if you miss something at the preparation stage, like the opening of the flows that you need, of course, it will be difficult. I know how the solution works, so it's not difficult.
First, you have to install the Vaults, and after installing them you can add PVWA to access the information. After that, you can install the PSM and then the CPM for the rotation, and that's it.
The time it takes to implement depends on the environment. Sometimes we work with complex environments and we have to adapt and collect all the information that we will need. We need to look out how the machines should be set up for the installation. It really depends on the size of CyberArk you want to install, including how many computers will be onboarded to CyberArk. There are technical and functional variables.
What's my experience with pricing, setup cost, and licensing?
CyberArk is one of the best PAM solutions and one of the most expensive, but it works better than the others, so the pricing is fair.
Which other solutions did I evaluate?
I used to work on WALLIX Bastion, but CyberArk works better than WALLIX. WALLIX is a PAM solution, a French version, but when I was at another job I was a consultant on both WALLIX and CyberArk at the same time. That's when I saw that CyberArk is better.
It is simpler to upgrade the CyberArk environment and components than WALLIX. CyberArk has a user interface but WALLIX does not because WALLIX is installed on Linux while CyberArk is installed on Windows, making it user-friendly. Connecting is also simple with CyberArk. When a user connects to the PVWA, there aren't a lot of buttons. When users see the icon, they click "Connect" and connect. It is simple for them.
CyberArk can adapt easily to environments. For example, when we talk about connectors, CyberArk can easily connect to all the target machines these days. CyberArk can onboard network machines, Windows Servers, Linux servers, and Oracle Databases.
Web application passwords can be rotated. With its PSM and Selenium features, it enables the connection of a web application to CyberArk and rotation of passwords, so that it's not system accounts all the time. We can manage the web application accounts as well. CyberArk can also connect to the cloud.
What other advice do I have?
When you work on CyberArk, you have to have more than one skill set. You are not just a PAM consultant because you manage passwords for all kinds of systems. You have to have skills in Windows, Linux, databases, and security because you manage those kinds of accounts. If you don't have those kinds of prerequisites, you can't work with CyberArk.
I started working on CyberArk when it was version 10.x and at this moment it is at 12 and more. The interface has changed and a lot of features have been added over that time. It's a good solution.
Which deployment model are you using for this solution?
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.