CyberArk Privileged Access Manager Reviews

• Credential faulting
• Credential management
• Privilege session management
• Secure file storage

We are utilizing CyberArk to secure applications, credentials, and endpoints.

The product is performing very well. It is a difficult product to implement into a large organization though. There is a lot of customization and a lot of hands on stuff, which is not just install and be done. This isn't bad, but it does require a lot of time. 

The value is probably the best of all of the other products which are offering the same services.

Having the keys securely locked helps drive policy. We can say what policy is, then we can point to the solution which provides it. Having that availability is strong in a large enterprise, especially in a global enterprise where there is a lot of different cultures and people do not want to hand off their privilege, rights, or workflows. Having that all set up and making it easier for them takes a lot of the stress off of our job.

We are implementing PSM right now. It is providing a secured workflow substitute where people would go in and check out their passwords. They want to use it instead of having passwords, similar to Guard Check. 

You go in because you need a key. You get the key, and you are accountable for that key while you have it. You open the door, do your work, close it, and return the key. People get that analogy, and it is awesome.

We are in the basics, like Windows, Unix, and databases. We do plan on getting everything eventually managed. It is just a lot of customization and time to get it fully matured.

The support is good and quick. This is what we are paying for. We can try to implement something on our own end. However, when we need immediate support, because something is down, we usually get it within acceptable time frames.

It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile. There are competitors that have mobile apps which do the same thing. Mobile browsing is just not there with CyberArk. 

This might be out of scope for CyberArk, but LastPass is an example of personal credential management. It would be cool if we could give personalized solutions to people, even if it is stored in the cloud. We have an enterprise solution, but we don't have a personalized one. It would be nice to have it all under one umbrella.

Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug. Our management is very upset about it.

CyberArk has been helping out, and it has been okay. However, the stability is definitely a concern, because with PSM, it becomes more critical to have it up. All of a sudden you have to have PSM up to be able to do your work.

The stability issues started when we upgraded from 9.7 to 9.95. Then, we were told during one of our cases that there was a bug in our new version and the only solution was to upgrade.

The scalability is big. We are a large company, and there are only a few companies that can scale so well.

We use their technical support all the time. It is a little slow to start a case. Then, once you get through that door (Level 1), it does escalate appropriately.

On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need.

Since I started, it has always been CyberArk.

I can't say we have an ROI. Our CIO is not about measuring profit from our security stuff. Our risk is definitely significantly lower. Also, our resources are low.

Start small and don't try to overwhelm your scope. Do small steps and get them completed. Take notes, document, then scale out. Go from high risk out instead of trying to get everything in, then fixing it.

One of my homework assignments at CyberArk Impact is to find out more about how to utilize CyberArk to secure infrastructure or applications running in the cloud.

We have a lot of the out-of-the-box plugins with one custom plugin, but we are still new to using them.

Most important criteria when selecting a vendor

Age of the company, because we do not want to be first to market. We want to hear about it from other people. How is the sales rep is communicating. Whether it is more of a sales pitch or if it is a genuine concern for our security.

Then, make sure our vision is lined up with the product. We want to get our bang for the buck

The primary use case is for password credential management of privileged accounts. The product has performed very well, and we will continue to invest in this space because the CyberArk tools are working well for us.

We are using it to manage infrastructure and applications in the cloud, rotating credentials which are used for operating system logins and cloud console credentials.

We have a lot of privileged accounts with a lot of administrators. The only way to have a good handle on the inventory of accounts, and have some type of controls around who has access to the accounts, is to have a tool like CyberArk.

The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used). This helps our security posture. We also look at other privileged accounts, which are used by overlooked applications, and this provides a benefit to the company. 

The most valuable features would be:

• Ease of installation
• Support for every use case that we have come across.
• Application credentials: We have been able to manage them in CyberArk, whether they come as a custom plugin or straight out-of-the-box.

Some of the additional features that we are looking at are in the Conjur product. So, CyberArk has some of the features we want covered either by utilizing Conjur's features or by integrating Conjur directing into the CyberArk tool. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines.

Stability is great, especially as the product matures. I have been using CyberArk since version 4. We currently are using version 9 in our production environment, and are looking to deploy version 10. Version 9 is very stable compared to the previous versions. 

Scalability is great. We have no problems. 

We have a very large, diverse, global environment, and we have not run into any scalability issues. 

Technical support is very good. We have had a technical account manager (TAM) in the past, and have worked directly with her as our primary source. However, we also contact other people in the support environment, and they know the product well and are always willing to help out.

I did an initial installation at another company. It was pretty straightforward. 

CyberArk offered to help with designing the architecture. Once we got all those pieces sorted out, the implementation was easy.

I don't know if anyone has done a true number analysis, but we do see the following:

• The amount of time that people used to spend maintaining credentials;
• The amount of time that used to be utilized for audit purposes and who had which accounts at any point in time.

There is ROI on the actions above because the amount of time that it took to do these tasks has been significantly cut.

If you are starting from scratch with the product, you should take a good inventory of your accounts to know what is in the scope. Start off with the password management aspect of it, but also look into things that provide session management, SSH key, and rotation. These are some of the basic things a new company using privileged access should look for.

CyberArk is always willing to take feedback from the customer and are looking for ways to improve. There are all types of programs within CyberArk to take that feedback and incorporate it into their product.

I have experience using quite a few of the plugins, but I am not familiar with the new generator utility plugin.

The most important criteria when selecting a vendor: They need to understand our environment. We have a very complex environment at a very large scale. They need to show that they have a product which can meet the needs of a large organization like ours, and find solutions from old legacy environments to everything through the cloud.

The primary use case is for privileged account management. It is performing well.

We are currently using CyberArk for applications running in the cloud. We are also using them for DevOps. We have some new things that we are implementing, and are working non-stop to leverage these features.

In addition, we are using CyberArk to secure applications and endpoints. 

We know when passwords will be expiring so we can force users to change their passwords, as well as requiring specific password requirements for length, complexity, etc.

Our security goal would be to keep people from putting the passwords in text files, do online shares, etc. This gives us more granular control.

The most valuable feature is the ability to manage many accounts and broker connections between devices without needing to know passwords.

It is a customizable product.

I like that they have continued with the RESTful API and the ability to leverage automation. I would like to see that continue. 

I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool.

The stability has been very good.

The scalability has been good, and will meet our needs in five year's time.

Technical support has been very responsive in navigating challenges. It is very easy to open a ticket.

We were previously using HPM.

It was complex. Because at that point. I had only recently joined the security team. I was told, "Here's a share with the files. Go install this."

I don't know that we are able to measure that at this point, other than no data breaches.

Make sure you have a development or QA environment.

I did training today on the new plugin generator utility.

I would rate it about a nine for ease of use and deployment. They are continuously improving the product. It works great, and there is a lot of documentation available.

Most important criteria when selecting a vendor: Longevity and length of time in the business. Not that there is anything wrong with startups, but these folks have been out there with a proven track record. We talk to other people, look at the reports, etc.

This solution is used for managing all unmanaged and forgotten privileged accounts. DNA tool is amazing, far better than imaginable in previous years.

We are able to keep an eye on every move made by privileged accounts throughout the enterprises, and with PSM we have monitoring after hours.

CPM, which helps keep the password policy up to date. which eventually helps to maintain the GDPR data security requirements for almost every client in Europe and elsewhere. 

It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.

We provide privilege account security and consulting to our customers. Organisations that we work with use CyberArk Privileged Account Security to secure their privilege accounts, which are shared between users in the organisation. It provides automatic password management and provides the single sign-on experience to users for all privilege accounts (Windows - administrator, Linux - root, MS SQL - SA, Oracle - SYS, SSH keys, etc.).

It also provides DVR like recording for all privilege access and text-based recording to easily audit all privilege activities.

The new Privilege Threat Analytics platform provides proactive protection by suspending the user session when it detects an anomaly based on past user login and session activity details. In addition, we can configure the solution to detect scoring on all privilege sessions for easier audits.

The Application Identity Manager module helps to eliminate hard-coded passwords in the application and enables us to easily change database passwords.

1. Automatic password management, which will automatically change passwords based on compliance requirements.
2. DVR like video recording and text-based recording for easier audits.
3. Easily scan the network for all privilege accounts and has an easier onboarding process.
4. SSH key management
5. Command level restriction for all SSH-based devices.
6. Anomaly detection and prevention for all privilege accounts.
7. Integration with ticketing tools and SIEM solutions.

1. Ability to provide native experience for users to login to privilege accounts. They do not need to go through a portal to access servers and accounts.
2. Agentless solution which is easy to customise to any platform having network connectivity.
3. Wide range of devices supported out-of-the-box.
4. Easy to configure HA and DR options.
5. Online training enables cost effective valuable training.

This product needs professional consulting services to onboard accounts effectively based user profiles.

No issues.

No issues.

Excellent customer support.

We did not previously use another solution.

The setup is very straightforward.

The cost is high compared to other products, but CyberArk provides all the features bundled. This is compared to other vendors who provide them as a different license for each functionality.

At present, we are only focusing on CyberArk for privilege account security. Comparing it to other providers, Cyberark provides a more user-friendly environment with many more features and benefits.

I have used and deployed it in various environments so far. It really covers all the use cases provided by the customer.

Managing and securing the access to the environment.

I have worked with CyberArk solutions/applications for more than three years.

I have completed several implementations, proofs of concept, operational, and development activities. I have also worked with or checked most CyberArk releases since version 8.7.

Much stricter rotation of credentials.

Unmanaged and highly privileged accounts increase risks that can be exploited. The security controls defined by the organization require protection of the privileged account passwords. CyberArk has helped us to identify, store, protect, and monitor the usage of privileged accounts.

• Controlled access and rotation of credentials.
• The Vault offers great capabilities for structuring and accessing data. 
• Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices.
• Privileged Session Manager is for provisioning, securing, and recording sessions.

• The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots. 
• New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.
• Online help also needs to be looked into with live agent support.

It has made things more complex, but has eliminated the possibility of Pass The Hash.

Allows secure, logged access to highly sensitive servers and services.

Perhaps by design, but it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs.

No scalability issues.

Yes. The OU limitations, noted above.

It's hard to find competent resellers/support.

Complex. Lots of architecture, lots of planning, and lots of education and training are needed. Technically, roll-out isn’t bad. It’s the support, training, education, philosophy, and integration within existing ways of doing things that are challenging.

I’m a consultant. I help implement and train others on how to use it in a highly secure environment.

I’d give it a nine out of 10. It is very, very secure.

Plan for major culture change, especially in non-progressive shops. This is a necessary evil to endure for the sake of real security.

Our main use is for CyberArk to hold, maintain, and securely protect our TAP/NUID and "privileged access" accounts within the company.

For audit and risk purposes, CyberArk EPV has helped us meet our standards and requirements to help us comply with industry standards and banking regulations. Reports and other quick audit checks make this possible.

EPV, as a whole, is very valuable to the company. However, the regulation of accounts is by far the most needed and valuable part of the application.

Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product.