CyberArk Privileged Access Manager Reviews

We proactively vault and manage all elevated accounts across multiple platforms. 

For especially sensitive business units, we additionally leverage Privilege Session Manager to provide transparent connection to targeted systems and record activities.

Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials.

You can gradually implement CyberArk, starting with more easily attainable goals, such as basic vaulting and password rotation and build on that with additional modules, such as Privileged Session Manager and Application Identity Manager.

While in the past, administration required several tools and multiple screens/options in those products, v10 is moving towards a single pane of glass with common functions easily found and information regarding privileged accounts given to users in plain, easy to understand terms, now enhanced with graphics.

We use it all.

• Privileged account access and management
• Credential rotation
• Access control
• Privileged session recording

CyberArk PAS helps ensure accounts are managed according to corporate policies. In short, it takes people out of the machine work of ensuring credentials remain up-to-date, and handles connection brokering such that human usage and credential management remain independent.

All of the features we use have helped our security posture in some way. All of these have their place in defining and supporting the security posture:

• Password management
• Session management
• Recording
• Access control.

Overall, I think it is a fantastic product, when used as designed and intended.

One of its biggest downfalls is also one of its biggest strengths. It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill.

CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage.

The CyberArk PAS has greatly increased our insight into how privileged accounts are being used and distributed within our footprint.

• Ease of use
• The auditing capabilities
• The great support of their customer success teams

Areas the product could be improved are in some of the reporting capabilities and how the reports are configured.

• Vaulting of privileged credentials. 
• Used as a jump host solution. 
• We wanted to keep passwords from being exposed to end users and connect them seamlessly to their target devices.

Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened.

The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.

• Enhanced PSM support for Java based applications.
• Easier to use bulk uploader tools (which are already being worked on).

We are leveraging CyberArk to provide Windows server access management across our enterprise. All our staff is looking for access to a server and needs to use CyberArk.

CyberArk has resulted in a massive increase in our security footprint. All access to our servers, by both staff and vendors, is monitored and recorded.

Session recording and key logging. We can track down not only who made a change, but exactly what they changed or did.

The current user interface is a little dated. However, I hear there are changes coming in the next version. 

There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself.

The product enables us manage passwords of highly privileged (service) accounts. These are not tied to a person, and they include a full audit trail and approval workflow functionality.

Management of these accounts is typically required to prevent abuse and gain control of this.

Perhaps improve the user registry integration. It is already fine, but a bit atypical.

My experience with the product was with older versions, so this may not represent the actual case anymore. In essence, user registry integration is atypical in the sense that the product creates a copy of the user inside the product itself (to accommodate for license seat counting, I guess).

Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt the vendor considers this an issue, though.

I have used this for three years, including the implementation of the product

There were no issues with stability.

There were no issues with scalability.

Technical support is OK. The product is not very difficult to install, but there are some considerations that need to be taken into account. Tech support is very well aware of this.

The initial setup was simple. It is windows based and leverages installation wizards to perform installation. Also, sufficient documentation exists to guide the setup procedure.

Look well at the user base and frequency of use. A lot of licensing models exist, but having this clear will immediately indicate what fits best.

As for pricing, I cannot comment.

We did not evaluate other solutions.

Make sure that the organization is ready and willing to adopt this, as the typical business cases cannot be addressed by the product alone.

All features of the CyberArk PAS solution are valuable.

The Digital Vault is one of the key components of the solution along with many other great benefits. The highly secured vault stores the privileged account passwords and data files using encryption. In version v9.7, CyberArk has introduced the Cluster Vault feature, which enhances high availability of the Vault server.

Other important features:

• Automatic password management
• Monitor, record, and control privileged sessions
• Flexible architecture
• Clientless product
• Custom plug-ins for managing privileged accounts and sessions

Unmanaged, highly privileged accounts increase risks that can be exploited by attackers. The security controls defined by the organization require protection of the privileged account passwords. CyberArk helps organizations to identify, store, protect, and monitor the usage of privileged accounts.

An immediate improvement was the implementation of security controls to protect, control and monitor privileged accounts through CyberArk solution.

I have used CyberArk for over two and a half years.

It’s a very stable product. I haven’t encountered any stability issues.

I haven’t encountered any scalability issues. All the components are scalable.

I would give technical support a rating of 4.5/5.

This is the first PAM product that I have used.

The initial installation was straightforward. The configuration or integration can be complex depending on the requirements, design, and infrastructure of the organization.

The pricing and licensing depend on many factors and on the components considered for implementation.

The PAM solution brings cultural change and adds a layer to the way IT administrators access the privileged accounts before implementing the PAM tool. A great, valuable product like CyberArk requires good planning and time to implement all the features.

Password rotation, session recording & isolation and on-demand privileges.

For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products.

No

No

Very good.

Basic setup is pretty straightforward, but to fully utilise the product it can get complicated as it ties in with a lot of other products. Suggest a phased installation so staff can adjust to new processes.

It can be an expensive product. I Suggest only licensing basics to begin with and as need arises, start to license extensions (AIM, etc.) during next phase of implementation.

Centrify and Lieberman ERPM.

CyberArk offers extensive training, utilise it. Also their support staff are very good and can assist with everything.