We changed our name from IT Central Station: Here's why
Mateusz Kordeusz
IT Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 20Leaderboard
Helps us to automate our jobs and administrative tasks
Pros and Cons
  • "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."
  • "We don't often contact technical support, but when we do it, the response could be faster and better."

What is our primary use case?

In our company, CyberArk is used to manage passwords for IP use. We use CyberArk for managing and automatically changing passwords in our managed system and environment.

We use it for coding privileged sessions, but we also use another solution for that, and CyberArk is the backup for this.

We are using the latest version.

How has it helped my organization?

It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes according to the internal security policies in our bank.

CyberArk PAM gives us a single pane of glass to manage and secure identities across multiple environments. This is quite important for compliance reasons.

CyberArk PAM provides quantitative risk analysis for every human and machine identity in our environment. This has a big impact on reducing risk. 

What is most valuable?

The PAM feature is the most valuable. It helps us to automate our jobs and administrative tasks. 

It also gives us a lot of features for compliance. Using this type of software is required by Polish law in finance and business in Poland.

We use CyberArk’s Secrets Manager to secure and manage secrets and credentials for mission-critical applications. The newest GUI is much better than the older version. Now, it is quite good.

CyberArk PAM provides an automated and unified approach for securing access to all types of identities that we use. This is very important to us.

What needs improvement?

I would like advanced RPA in the basic license. CyberArk has RPA, but we would need to buy additional licenses. It is not out-of-the-box.

I would like better support.

For how long have I used the solution?

I have been using it for five years.

What do I think about the stability of the solution?

So far, we don't have any problems. We have implemented higher availability in CyberArk. So, maintenance or updates don't have an impact on our environment. We don't have performance problems or anything like that. The stability is very high.

I have had no problem with agility in this solution. Everything works fine and gives us an opportunity to act as we want.

What do I think about the scalability of the solution?

According to the information that I have, we simply add more servers if we need it or have additional business requirements. So, scalability is high.

There are about 155 users. Mostly, they are our IT administrators and developers.

This tool is used daily in our bank. We don't have plans to increase usage right now.

How are customer service and support?

We don't often contact technical support, but when we do it, the response could be faster and better.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We didn't previously use another solution.

How was the initial setup?

The initial setup was complex. Our deployment took three months.

We needed to scale our environment and implement the correct number of servers to prepare for a working environment.

What about the implementation team?

Implementation of our CyberArk instance was done by an external company. It covered all our needs and requirements.

What was our ROI?

We have not seen ROI directly in money. However, we have seen ROI in quality. It increases security in our IT environment and provides the highest SLA for our systems.

CyberArk PAM helps save us time when it comes to onboarding new employees and providing them secure access to SaaS apps and IT systems. It is saving us about two to three days per new employee.

What's my experience with pricing, setup cost, and licensing?

We use an old model for pricing. The new model is a subscription model on the cloud. 

The price of CyberArk support could be a little bit less. Otherwise, pricing is fine.

Which other solutions did I evaluate?

We did some benchmarking, without the tools, to compare the cost of maintenance and functionality. We compared CyberArk to Password Manager Pro from ManageEngine. CyberArk has more functionality and better stability, in our opinion. The price was very similar between the two solutions. 

What other advice do I have?

CyberArk is a good technology partner. They help us a lot with maintenance and our security process management.

I don't have experience in the cloud using CyberArk. However, for on-premises environments, it works very well. I recommend it. 

I would rate the solution as a nine out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Threat Protection Architect at a consumer goods company with 10,001+ employees
Real User
Top 5Leaderboard
Guarantees the password is known by no one or for a maximum of eight hours
Pros and Cons
  • "The risk of lost password and forbidden access to resources has been drastically reduced which increased the security level for the entire company,"
  • "It needs better documentation with more examples for the configuration files and API/REST integration"

What is our primary use case?

Our primary use case is to control the technical accounts used in our DevOps environnment. The primary goal was to automate to the maximum all privileged accounts used by applications. It was a big issue because al dev guys were always using the same account/password couple. CyberArk is doing this for them transparently. Through time the scope was extended to all interactive users with the target to avoid them knowing the password. The automated password change was implemented to 99% of all accounts inside the company.

How has it helped my organization?

Before the CyberArk implementation passwords were never changed and known by everyone. We were also not able to track who is supposed to have access to what and who did what. With the successful CyberArk implementation, we are able now to:

- Guarantee the password is known by no one or for a maximum of eight hours.

- Full visibility about who is doing what.

- Full control about who is supposed to access what.

The risk of lost password and forbidden access to resources has been drastically reduced which increased the security level for the entire company,

What is most valuable?

In order to reduce the attack surface, the automated password change was pushed to the maximum. This way we know that no password is known or not for more than eight hours. It simplified the life of the operational teams because they do not need to take care of the secrets and keep their attention to maintain the infrastructure.

What also helped is the ability to constantly track who accessed which object. We took the opportunity to change our process in order to comply it. Now the activities can be done faster with better user experience.

What needs improvement?

CyberArk lacks the following functions for a better IAM like solution:

- Provision accounts for systems and directories.

- Create access to the systems.

- Monitor if any new account has been created into the system.

- Better GUI for the end-user and also for administrators. The learning curve is quite long and requires lots of training for good usage.

- More automated process for account provisioning into CyberArk. For example when a new DB is created.

- Better documentation with more examples for the configuration files and API/REST integration.

For how long have I used the solution?

I have been using CyberArk PAS for eight years.

What do I think about the stability of the solution?

The stability is very good. We never had any crash in eight years.

What do I think about the scalability of the solution?

Scalability is good because of the big variety of modules. Except for the redundancy which is quite limited with the not live replication. Also, the speed is quite slow for application accounts.

How are customer service and technical support?

Very good always reactive. The commercial part was more difficult.

How was the initial setup?

The initial setup is complex because it requires a clear company structure which was not the case. Technically also CyberArk is hard to address at the start because of its technical complexity and abilities.

What about the implementation team?

In house. Very good.

What was our ROI?

Not calculated. Users and administrators more happy than before which is the best RIO.

What's my experience with pricing, setup cost, and licensing?

CyberArk is quite expensive and they should have a better pricing model.

Which other solutions did I evaluate?

BeyondTrust, Hitachi ID, CA.

What other advice do I have?

Hard to implement and to get acceptance from the users and management. But when installed the solution is rock solid.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,322 professionals have used our research since 2012.
Rodney Dapilmoto
Systems Admin Analyst 3 at CPS Energy
Real User
Top 20Leaderboard
The Privileged Session Manager Proxy makes it extremely convenient for UNIX Administrators to utilize their favorite SSH client software
Pros and Cons
  • "The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."
  • "Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use."

What is our primary use case?

We use this solution for privileged systems access with a high emphasis on security. End users are required to go through a process of being vetted in our NERC environment in order to use the solution. This product has been used by my company for about 5 years now.

How has it helped my organization?

By using this product, it has placed a new culture in my company by making employees more aware of IT compliance and cyber security. It has also placed us in a position to meet NERC CIP v6 requirements.

What is most valuable?

The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task.

Using the PSMP (Privileged Session Manager Proxy) makes it extremely convenient for UNIX Administrators to utilize their favorite SSH client software (i.e. SecureCRT or Putty) to connect to a privileged target without having to go through the PVWA web login.

What needs improvement?

I would like to see a product enhancement with the Secure Connect feature. Today, there is no functionality to create "Accounts" using Secure Connect to permanently store a user's working tab. It is a tedious manual process of entering host IP information and user credentials to a privileged target system.

Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use. It’s a manual process of entering information all the time. Unless, you are working with accounts already stored in “Safes”.


For how long have I used the solution?

5 years

What do I think about the stability of the solution?

We have noticed some stability issues with the PSM Servers. We've noticed that there may be a limitation on the number of users that a PSM Server can handle. We have two PSM Servers deployed in our Production environment and have come to a conclusion that we may need to add two more to stabilize the environment.

An update to the above statement: Upgrading to version 9.9 significantly reduced the stability issues with the PSM Servers and the limitation on the number of users that the PSM can handle.

How are customer service and technical support?

Customer Service:

CyberArk could use some improvement with their level of customer service. Sometimes, it can take more than a day before a Case that I have submitted online gets a response from tech support.

Technical Support:

The level of technical support has been great. The challenge has been to get an initial response and sometimes follow-up from CyberArk Support.

What about the implementation team?

If you are going to setup CyberArk for the first time, I highly recommend that you utilize their Professional Services. They are extremely knowledgeable and very helpful and will ensure that your implementation is a success.

What's my experience with pricing, setup cost, and licensing?

We use Texas DIR when evaluation and making purchases of products.

What other advice do I have?

We are currently on version 9.10. We would like to upgrade to the latest version sometime this year. There is currently a CyberArk Security Bulleting CA19-09 that addresses potential administrative manipulations within the PVWA and the Digital Vault. CyberArk has released patch 9.10.4 to address the PVWA and they are working on releasing a patch for the Vault Server.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Junior Product Consultant at a tech services company with 501-1,000 employees
Consultant
Top 5Leaderboard
Good technical support with helpful third party vendors and good at recording actions
Pros and Cons
  • "The technical support is good."
  • "We found a lot of errors during the initial setup. They should work to improve the implementation experience and to remove errors from the process."

What is our primary use case?

I primarily use the solution to record any actions taken on specific important targets. It allows management to look at actions and play them back to see what was done within the environment.

What is most valuable?

The technical support is good.

It's pretty good at recording actions taken within an environment.

What needs improvement?

We found a lot of errors during the initial setup. They should work to improve the implementation experience and to remove errors from the process.

The solution could be more stable. 

 It should have more specific configurations. There are lots of types of servers and devices. The product should have a more detailed, specific configuration and integration with other products.

For how long have I used the solution?

I've been using the solution for about three months at this point.

What do I think about the stability of the solution?

This was my first experience in the solution's UI and UX user experience and user interface. I didn't find the solution to be very stable at all.

What do I think about the scalability of the solution?

We do plan to continue to use the solution, however, it's unclear as to if we will scale it further.

How are customer service and technical support?

We're pretty satisfied with technical support. They are helpful. I find them knowledgable and responsive and I've been happy with the level of service we've been given thus far.

How was the initial setup?

We found the initial setup quite difficult. There were a lot of errors and we found the process to be a bit complex. I wouldn't describe the implementation as straightforward.

In total, the deployment took about one week from beginning to end.

What about the implementation team?

We did not handle the entire implementation ourselves. We had assistance from an outside firm. They were helpful.

What other advice do I have?

We're just users of the solution. We're customers. We aren't resellers or consultants. We don't have a business relationship with the solution.

I'm using the latest version of the solution.

I'd recommend the product to others.

Overall, we've been mostly happy with the solution. I'd rate it at an eight out of ten so far.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Meo Ist
Senior Product Manager and Technology Consultant at Barikat
Consultant
A robust, stable, and scalable solution for protecting passwords
Pros and Cons
  • "It is useful for protecting passwords. If you need to do access security management, you can first use the CyberArk console, and after that, you can connect the firewall interface or firewall command line. Similarly, if you need to do an RDP session, you need to first log in to CyberArk before connecting to the Windows RDP session. This way, the admin doesn't know the password, and that password is changed immediately. To change the password, you first discover the old password in the network, and after that, you can change the password."
  • "It can be integrated with other systems, but it is not easy to integrate. It takes too long to integrate it. Its integration should be easier and simpler."

What is most valuable?

It is useful for protecting passwords. If you need to do access security management, you can first use the CyberArk console, and after that, you can connect the firewall interface or firewall command line. Similarly, if you need to do an RDP session, you need to first log in to CyberArk before connecting to the Windows RDP session. This way, the admin doesn't know the password, and that password is changed immediately. To change the password, you first discover the old password in the network, and after that, you can change the password.

What needs improvement?

It can be integrated with other systems, but it is not easy to integrate. It takes too long to integrate it. Its integration should be easier and simpler. 

What do I think about the stability of the solution?

Its stability is very good. It is a very robust and stable product if you have the correct installation and configuration. Otherwise, you would have problems.

What do I think about the scalability of the solution?

It is scalable. Our customers are enterprises with a minimum of 2,000 users and maybe 100 admin users.

How are customer service and technical support?

We are satisfied with their support. Our customers need local support, and CyberArk provides that. Their documentation is also good.

How was the initial setup?

It is a little complex as compared to its competitors. Its deployment took a long time.

What about the implementation team?

We had a consultant, and we were satisfied with the service. You need someone with one or two years of experience.

What's my experience with pricing, setup cost, and licensing?

They have two types of licensing: purchase and subscription. You have to pay for each admin user, such as Microsoft admin, mail admin, database admin, etc.

What other advice do I have?

I would rate CyberArk Privileged Access Security an eight out of ten. It is a good product.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
reviewer988578
Snr Technical Consultant at a tech services company with 10,001+ employees
Consultant
Reduces the number of “admin” accounts by utilizing accounts that can be used by individuals with the same role

What is our primary use case?

Managing passwords to infrastructure and applications, keeping those accounts “safe,” and being able to audit their use.

How has it helped my organization?

The audit capabilities include video so that not only keystrokes but also mouse clicks are captured. This provides safety and reassurance for anyone working in our infrastructure. 

What is most valuable?

Reducing the number of “admin” accounts by utilizing accounts that can be used by individuals with the same role, but only one at a time. When the accounts have been used, its password is changed (to something a user would have had to write down) before being made available for reuse. The passwords which are hidden from the users are not known, and thus can be long and complex, while only being used for a session before being changed.

What needs improvement?

Privileged Threat Analytics (PTA) that can function in more that one AD domain at a time. The recent enhancement that allows resilience in PTA is great, but operation in more than one domain is required as many organizations have multiple AD domains. Even if it’s just prod and test or PPE split, you still want to know what’s going on in it.

For how long have I used the solution?

Three to five years.

Which solution did I use previously and why did I switch?

No Previous PAM solution used.

Which other solutions did I evaluate?

Yes, based on Gartner

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Richard Nagygyörgy
Product Manager at a tech services company with 11-50 employees
Reseller
Top 5Leaderboard
Priced well with good support, stable, and scalable
Pros and Cons
  • "The most valuable feature is Special Monitoring."
  • "The authentication port is available in CyberArk Alero but not Fortinet products."

What is our primary use case?

I am a consultant. We are in the process of using this in our clients' companies.

What is most valuable?

The most valuable feature is Special Monitoring.

What needs improvement?

The authentication port is available in CyberArk Alero but not Fortinet products.

For how long have I used the solution?

I have been working with CyberArk PAS for one year.

What do I think about the stability of the solution?

CyberArk is stable.

What do I think about the scalability of the solution?

It's a scalable solution. 

How are customer service and technical support?

I have limited experience with technical support, but our customers like the support.

In general, it appears to be fine.

Which solution did I use previously and why did I switch?

I have also worked with Thycotic, until the completion of the project.

How was the initial setup?

The initial setup is straightforward.

What's my experience with pricing, setup cost, and licensing?

It is best suited for mid to large-size enterprises. It is not the best for smaller companies, largely because of the price.

I believe that this solution is priced well. It's the market leader and I think that it's the best solution.

The price is quite good for us.

What other advice do I have?

For those who are interested in using this product, you have to know your requirements and compare them with CyberArk to see if it is suitable for them and fits their budget.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Anthony Mook
Senior Security Manager at SMU
Real User
Reliable, scalable, and easy to install but the pricing could be better as it's expensive

What is our primary use case?

We use this solution for ID purposes. When we remove a user from the server, we need a privileged ID password. We are a University. It's a large organization.

What is most valuable?

It's not very different when compared with other products.

What needs improvement?

From what I can see, the Systems Integrator is useless. When I ask for the information, nothing is given to me. They need to provide better training for the System Integrator.

For how long have I used the solution?

I have been working with this solution for two years.

What do I think about the stability of the solution?

Its' quite stable.

What do I think about the scalability of the solution?

It's a scalable solution but could be improved. On a scale of one to five, I would…

What is our primary use case?

We use this solution for ID purposes. When we remove a user from the server, we need a privileged ID password.

We are a University. It's a large organization.

What is most valuable?

It's not very different when compared with other products.

What needs improvement?

From what I can see, the Systems Integrator is useless. When I ask for the information, nothing is given to me. They need to provide better training for the System Integrator.

For how long have I used the solution?

I have been working with this solution for two years.

What do I think about the stability of the solution?

Its' quite stable.

What do I think about the scalability of the solution?

It's a scalable solution but could be improved. On a scale of one to five, I would rate it a four.

How are customer service and technical support?

I have not used technical support.

How was the initial setup?

The initial setup is pretty easy. It is not complex.

What about the implementation team?

We used a reseller, integrators, but they were useless to me.

What's my experience with pricing, setup cost, and licensing?

Pricing is quite high and it could be improved.

What other advice do I have?

I would rate CyberArk Privileged Access Security a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.