CyberArk Privileged Access Manager Reviews

The primary use case is for password credential management of privileged accounts. The product has performed very well, and we will continue to invest in this space because the CyberArk tools are working well for us.

We are using it to manage infrastructure and applications in the cloud, rotating credentials which are used for operating system logins and cloud console credentials.

We have a lot of privileged accounts with a lot of administrators. The only way to have a good handle on the inventory of accounts, and have some type of controls around who has access to the accounts, is to have a tool like CyberArk.

The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used). This helps our security posture. We also look at other privileged accounts, which are used by overlooked applications, and this provides a benefit to the company. 

The most valuable features would be:

• Ease of installation
• Support for every use case that we have come across.
• Application credentials: We have been able to manage them in CyberArk, whether they come as a custom plugin or straight out-of-the-box.

Some of the additional features that we are looking at are in the Conjur product. So, CyberArk has some of the features we want covered either by utilizing Conjur's features or by integrating Conjur directing into the CyberArk tool. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines.

Stability is great, especially as the product matures. I have been using CyberArk since version 4. We currently are using version 9 in our production environment, and are looking to deploy version 10. Version 9 is very stable compared to the previous versions. 

Scalability is great. We have no problems. 

We have a very large, diverse, global environment, and we have not run into any scalability issues. 

Technical support is very good. We have had a technical account manager (TAM) in the past, and have worked directly with her as our primary source. However, we also contact other people in the support environment, and they know the product well and are always willing to help out.

I did an initial installation at another company. It was pretty straightforward. 

CyberArk offered to help with designing the architecture. Once we got all those pieces sorted out, the implementation was easy.

I don't know if anyone has done a true number analysis, but we do see the following:

• The amount of time that people used to spend maintaining credentials;
• The amount of time that used to be utilized for audit purposes and who had which accounts at any point in time.

There is ROI on the actions above because the amount of time that it took to do these tasks has been significantly cut.

If you are starting from scratch with the product, you should take a good inventory of your accounts to know what is in the scope. Start off with the password management aspect of it, but also look into things that provide session management, SSH key, and rotation. These are some of the basic things a new company using privileged access should look for.

CyberArk is always willing to take feedback from the customer and are looking for ways to improve. There are all types of programs within CyberArk to take that feedback and incorporate it into their product.

I have experience using quite a few of the plugins, but I am not familiar with the new generator utility plugin.

The most important criteria when selecting a vendor: They need to understand our environment. We have a very complex environment at a very large scale. They need to show that they have a product which can meet the needs of a large organization like ours, and find solutions from old legacy environments to everything through the cloud.

The primary use case is for privileged account management. It is performing well.

We are currently using CyberArk for applications running in the cloud. We are also using them for DevOps. We have some new things that we are implementing, and are working non-stop to leverage these features.

In addition, we are using CyberArk to secure applications and endpoints. 

We know when passwords will be expiring so we can force users to change their passwords, as well as requiring specific password requirements for length, complexity, etc.

Our security goal would be to keep people from putting the passwords in text files, do online shares, etc. This gives us more granular control.

The most valuable feature is the ability to manage many accounts and broker connections between devices without needing to know passwords.

It is a customizable product.

I like that they have continued with the RESTful API and the ability to leverage automation. I would like to see that continue. 

I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool.

The stability has been very good.

The scalability has been good, and will meet our needs in five year's time.

Technical support has been very responsive in navigating challenges. It is very easy to open a ticket.

We were previously using HPM.

It was complex. Because at that point. I had only recently joined the security team. I was told, "Here's a share with the files. Go install this."

I don't know that we are able to measure that at this point, other than no data breaches.

Make sure you have a development or QA environment.

I did training today on the new plugin generator utility.

I would rate it about a nine for ease of use and deployment. They are continuously improving the product. It works great, and there is a lot of documentation available.

Most important criteria when selecting a vendor: Longevity and length of time in the business. Not that there is anything wrong with startups, but these folks have been out there with a proven track record. We talk to other people, look at the reports, etc.

This solution is used for managing all unmanaged and forgotten privileged accounts. DNA tool is amazing, far better than imaginable in previous years.

We are able to keep an eye on every move made by privileged accounts throughout the enterprises, and with PSM we have monitoring after hours.

CPM, which helps keep the password policy up to date. which eventually helps to maintain the GDPR data security requirements for almost every client in Europe and elsewhere. 

It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.

We provide privilege account security and consulting to our customers. Organisations that we work with use CyberArk Privileged Account Security to secure their privilege accounts, which are shared between users in the organisation. It provides automatic password management and provides the single sign-on experience to users for all privilege accounts (Windows - administrator, Linux - root, MS SQL - SA, Oracle - SYS, SSH keys, etc.).

It also provides DVR like recording for all privilege access and text-based recording to easily audit all privilege activities.

The new Privilege Threat Analytics platform provides proactive protection by suspending the user session when it detects an anomaly based on past user login and session activity details. In addition, we can configure the solution to detect scoring on all privilege sessions for easier audits.

The Application Identity Manager module helps to eliminate hard-coded passwords in the application and enables us to easily change database passwords.

1. Automatic password management, which will automatically change passwords based on compliance requirements.
2. DVR like video recording and text-based recording for easier audits.
3. Easily scan the network for all privilege accounts and has an easier onboarding process.
4. SSH key management
5. Command level restriction for all SSH-based devices.
6. Anomaly detection and prevention for all privilege accounts.
7. Integration with ticketing tools and SIEM solutions.

1. Ability to provide native experience for users to login to privilege accounts. They do not need to go through a portal to access servers and accounts.
2. Agentless solution which is easy to customise to any platform having network connectivity.
3. Wide range of devices supported out-of-the-box.
4. Easy to configure HA and DR options.
5. Online training enables cost effective valuable training.

This product needs professional consulting services to onboard accounts effectively based user profiles.

No issues.

No issues.

Excellent customer support.

We did not previously use another solution.

The setup is very straightforward.

The cost is high compared to other products, but CyberArk provides all the features bundled. This is compared to other vendors who provide them as a different license for each functionality.

At present, we are only focusing on CyberArk for privilege account security. Comparing it to other providers, Cyberark provides a more user-friendly environment with many more features and benefits.

I have used and deployed it in various environments so far. It really covers all the use cases provided by the customer.

Managing and securing the access to the environment.

I have worked with CyberArk solutions/applications for more than three years.

I have completed several implementations, proofs of concept, operational, and development activities. I have also worked with or checked most CyberArk releases since version 8.7.

Much stricter rotation of credentials.

Unmanaged and highly privileged accounts increase risks that can be exploited. The security controls defined by the organization require protection of the privileged account passwords. CyberArk has helped us to identify, store, protect, and monitor the usage of privileged accounts.

• Controlled access and rotation of credentials.
• The Vault offers great capabilities for structuring and accessing data. 
• Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices.
• Privileged Session Manager is for provisioning, securing, and recording sessions.

• The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots. 
• New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.
• Online help also needs to be looked into with live agent support.

It has made things more complex, but has eliminated the possibility of Pass The Hash.

Allows secure, logged access to highly sensitive servers and services.

Perhaps by design, but it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs.

No scalability issues.

Yes. The OU limitations, noted above.

It's hard to find competent resellers/support.

Complex. Lots of architecture, lots of planning, and lots of education and training are needed. Technically, roll-out isn’t bad. It’s the support, training, education, philosophy, and integration within existing ways of doing things that are challenging.

I’m a consultant. I help implement and train others on how to use it in a highly secure environment.

I’d give it a nine out of 10. It is very, very secure.

Plan for major culture change, especially in non-progressive shops. This is a necessary evil to endure for the sake of real security.

Our main use is for CyberArk to hold, maintain, and securely protect our TAP/NUID and "privileged access" accounts within the company.

For audit and risk purposes, CyberArk EPV has helped us meet our standards and requirements to help us comply with industry standards and banking regulations. Reports and other quick audit checks make this possible.

EPV, as a whole, is very valuable to the company. However, the regulation of accounts is by far the most needed and valuable part of the application.

Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product.

We proactively vault and manage all elevated accounts across multiple platforms. 

For especially sensitive business units, we additionally leverage Privilege Session Manager to provide transparent connection to targeted systems and record activities.

Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials.

You can gradually implement CyberArk, starting with more easily attainable goals, such as basic vaulting and password rotation and build on that with additional modules, such as Privileged Session Manager and Application Identity Manager.

While in the past, administration required several tools and multiple screens/options in those products, v10 is moving towards a single pane of glass with common functions easily found and information regarding privileged accounts given to users in plain, easy to understand terms, now enhanced with graphics.