CyberArk Privileged Access Manager Reviews

Its features like detailed audit and reporting, automated workflows, granulated privileged access controls, automated password rotation, and centralized and secure storage have helped us in developing a secure environment for customers, along with audit and compliance coverage.

Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment.

Performance of PIM could be better and intended for usability as well as security. Another point is that the free trials should be in place for all components so that PoC could be made easy.

No.

No.

Technical support is quite efficient and they always provide a timely response.

Haven’t use any solution prior to CyberArk.

As this was new product, there were some small challenges in understanding but the setup was straightforward.

As our deployment was not so large, our client was happy with the pricing and licensing.

Yes, we did a research and chose CyberArk above all due to its components that were suitable to our environment.

Proper implementation and prior study of product will give you efficient results. Organizations looking for a product that can provide proper paper trail for risk and compliance audits should certainly give it a try because the product's auditing and reporting capabilities are really bliss.

Implementing CyberArk is not only "rolling out" a tool. It also will force the company to have a good look at the access management strategy, improve security processes and clean data. Implementation of CyberArk will increase the insight the company has in their access management implementation.

The password management component (CPM) is the most valuable. This enables companies to automate password management on target systems gaining a more secure access management approach.

Another major component is the PSM, which enables session recording and provides additional possibilities to securely connect to target devices.

Allthough it's highly configurable, the user interface could use a do-over. The current interface doesn't scale that well, has some screens still in the old layout, while others are in the new ones and consistency in layout between pages sometimes is an issue. As I understand, this is scheduled for version 10.

If there are stability issues, most of the time this relates to the companies infrastructure.

CyberArk is highly scalable. Depending on the companies infrastructure, the size of the CyberArk implementation can become quite large.

I rate support 7/10. Technical knowledge of the support staff is good. Sometimes it is a lengthy process to get to the actual answer you require. One the one hand, that is because lots of information is required (logs, settings, reports, etc.). On the other hand, the support crew sometimes answers on questions that we did not ask.

We did not have a previous solution.

The installation manual is quite straightforward and extensive. There also is an implementation manual to support the function implementation. The installation requires specific hardware which sometimes might not fit the standards within an organisation. Over the last few years the documentation has improved hugely. Of course, there is always room for improvement, but I guess this is one of the better ones in the IT field.

I do not have anything to do with pricing.

I was not involved in the acquisition process, but I know that sometimes a Hitachi solution is considered.

Do a detailed assessment of your requirements before you invest. Map the requirements to the functionality and go just that step deeper in the assessment of whether the tool fits your needs. Keep in mind that, although CyberArk is highly configurable and provides lots of functionality, it still is an out-of-the-box solution and customization is limited in some ways.

This product helps to improve the privilege account security in the organization. Privilege accounts were involved in all the breaches.

PSM (Privilege Session Manager)

I would like to see improvement in the custom connector for integration with different devices. Currently, it needs professional services and lots of time for out-of-the-box custom connectors.

There were no issues with stability. However, there were a few times when there were stability issues because the solution was deployed on a Windows platform.

There were no issues with scalability.

Technical support is average. They are not so great, because the first level support partner or distributor has to provide the support and customers cannot contact CyberArk support directly.

We moved from version 8 to Version 9.

The initial setup is a bit complex because it has lots of prerequisites and dependencies on Windows' features.

It is not a cheap solution. It is expensive as compared with other solutions. However, it is one of the best solutions in their domain.

I worked in the CyberArk distribution company. However, I have seen that other products do not provide all the features that CyberArk can provide.

For implementation, you will need professional services or other experts.

With the ability to better control access to systems and privileged accounts, we no longer need to manage privilege accounts per user. We are able to manage privilege accounts for the service, which is automatically managed by the CPM as part of the solution. Allowing access to systems by group membership, via safe access, makes controlling actual access much simpler than traditional mapping via the Active Directory.

• The ability to isolate sessions to protect the target system.
• Automates password management to remove the human chain weakness.
• Creates a full audit chain to ensure privilege management is responsibly done
• Creates an environment in which privilege accounts are used, without exposing the password, on target systems.
• Performs privilege functions, without undue exposure, whilst maintaining the ability to audit, where anything suspicious, or unfortunate, may have occurred.

The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA.

Whilst the client is completely functional, it's been around for a long time and is reminiscent of XP, or even Windows 95. It could use an aesthetic update, with some of the wording and functions needing to be updated to be more representative of what is found in similar configuration from within the PVWA.

To go into more detail- The old PrivateArk client is simply that, old. Looking at the recently released Cluster Manager quickly reminds us of that. Also, the way in which objects are handled within the old client is similar to how objects were handled in older versions of Windows. The PrivateArk client could do with easier to follow links to configuration items and the ability to perform searches and data relevant tasks in an easier to follow process, there may even be room for inclusion of the server management component (lightweight even) and cluster manager components to be made available via the same client, should permissions permit such. As much as the client remains stable and functional, I believe it is time for an update, even if only aesthetically.

Some improvements could be made to the PSM service. However, this could also be a problem with how Microsoft RDS functions, rather than the PSM services.

This product scales amazingly well.

Technical support works with customers and partners to resolve issues in a timely way.

No previous solutions were used.

The manual reads like a step-by-step guide. The installation, although complex, can be achieved by following the installation guide.

I don’t work with pricing, but licensing is dependent on the needs and requirements of each customer.

We evaluated alternatives, but nothing compares.

Make sure you understand your business objects and your technical objects. Plan to scale out to the entire organization, but start small, and grow organically.

The fact that there are more and more plugins developed make it easier for implementation.

It is difficult to say what the valuable features are. I use all the different parts together to get the full power of CyberArk.

I would like to see better usability for non-technical people. If you use the PVWA interface, I noticed that the end user would need some extra training. The portal doesn't navigate so easily, if you don't know it.

With Facebook, for example, people find their way around easily. In PVWA, it takes some time to know how it works from an end-user point of view.

I did not encounter any issues with stability.

There have been no issues with scalability. You can easily manage more than 4000 accounts with one PSM.

I haven't needed any support yet, as it is well documented.

We did not use a previous solution. Basically, we helped a telecom to migrate from a standard .XLS with accounts to CyberArk.

The most difficult part was convincing the technical teams to use it.

Pricing and licensing depend on the environment. First, make a good plan.

Basically, build it up step-by-step, starting with the EPV of course :-).

All the high privileged accounts are managed by CyberArk at a regular frequency. This mitigates the big risk that we had for passwords not changing forever.

The combination of CPM and PSM resolves a lot of use cases.

They can do a better job in the PSM space.

It has been pretty stable. No ongoing issues; only one-off, and CyberArk support has been pretty good for support.

I can foresee some issues if we suddenly have to put thousands of passwords into CyberArk Vault. I know they have the password upload utility, but it has its limitations.

Customer Service:

Their support is pretty good and responsive.

Technical Support:

Their support is pretty good and responsive. Their L3 is in Israel, so sometimes it takes more time getting responses for complicated use cases.

I did not previously use a different solution. I have always used CyberArk.

I would rate initial setup as a medium complexity. They have good documentation, as well.

I am from a vendor team that does the implementation.

I was not involved in the pricing and licensing. I have an idea that it's on the higher side of the price scale.

Before choosing this product, we also evaluated Dell and NetIQ.

• Ability to manage passwords for highly privileged, service accounts, which are not tied to a person
• The inclusion of a full audit trail
• Approval workflow functionality

Management of these accounts is typically required to prevent abuse and prove compliance.

Perhaps improve the user registry integration. User registry integration is atypical in the sense that the product creates a copy of the user inside the product itself. This is done to accommodate for license seat counting.

Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt that the vendor considers this an issue.

I have used CyberArk for three years, including the implementation of the product.

I did not have stability issues.

I did not have scalability issues.

The product is not very difficult to install. However, there are some considerations that need to be taken into account. Technical support is very well aware of this.

The setup was simple. It is Windows based and leverages installation wizards to perform the installation. Also, sufficient documentation exists to guide you through the setup procedure.

Examine the user base and frequency of use. A lot of licensing models exist. However, having this clear will immediately indicate what fits best. As for pricing, I cannot comment.

We didn’t look at alternatives.

Assure that the organization is ready and willing to adopt this. The typical business cases cannot be addressed by the product alone.

The secured vault storage offers great capabilities for structuring and accessing data.
Central Password Manager is useful for agentless automated password management on endpoints.

Privileged Session Manager is good for provisioning, securing, and recording sessions to the endpoints.

CyberArk provided an audit trail for all account operations, including session recordings for all activities performed with high privilege accounts. It also gave us the ability to define various access controls per group, enabling us to differentiate between internal and external IT staff accessing the accounts.

The product documentation could be a little more precise in certain aspects with clearer explanations for functionality limitations. New functionalities or discovered bugs take a little longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.

I have been working with CyberArk solutions for 7 years already.

I was involved in many implementations, proofs of concept, operational and development activities. I have worked with or test all CyberArk releases since version 5.5.

Unfortunately, I did have some problems with stability caused by not following the recommended configurations. But the recommended configurations are very strict, and it is not always possible to implement in a corporate infrastructure. Interference with other applications can also cause problems with CyberArk components.

We did not have any problems with scalability. Each component of the solution is highly scalable and enables us to quickly increase capacity.

Customer service is very responsive and they are willing to help you with any deployment decisions, production issues or just various questions you might have.

The technical support was great. They were very responsive and eager to help. We were able to have professional communication and the involvement of all levels of technical personnel as needed.

I used another solution before CyberArk and its limited functionalities were the main reason for switching. We chose CyberArk because of its great functionalities, the ability to be deployed granularly at a different scale for each function, and the ability to be deployed in a distributed infrastructure.

The initial setup is straightforward if you prepare for it properly and test the major functionalities using the configurations that you’ll actually require before you use it in a production deployment.

CyberArk documentation contains a lot of information, so the hardest part is to choose the right setup and deployment strategy.

Plan ahead regarding the licensing costs. You can get a better prices per license as the number of licenses increases. CyberArk is open to providing a test license so you can test any particular functionalities prior to buying the real license.

We evaluated ObserveIT and IBM’s Privileged Identity Manager solution, which was still under development back in the times. We chose CyberArk because of its flexible installations, so that it was able to cover most of the deployment scenarios we required.

Study and test it first, before going wild in the production.

It is very easy to create a disaster in production with even the smallest changes.
CyberArk has great resiliency capabilities; use them wherever you can.