Gaurav Gaurav - PeerSpot reviewer
Architect at a tech services company with 10,001+ employees
Real User
Top 5Leaderboard
Extremely secure, great configuration capabilities and offers lots of plugins
Pros and Cons
  • "It supports lots of requirements in the privileged access management area."
  • "Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge."

What is our primary use case?

The solution is primarily for security and access control. 

It's used to ensure and protect the complete IT infrastructure administrative account and the administrators and limit them to do any particular activities on the server and record all the activities on the server. it's for auditing purposes and for forensic usage.

We use it o identify if somebody internally hits the organization or tries to intrude and try to do a data breach or try to steal the information or do some kind of internal hacking. That risk can be eliminated using the tool.

What is most valuable?

CyberArk is one of the greatest platforms. It supports lots of requirements in the privileged access management area. 

From a configuration point of view, it is not very straightforward as per the deployment. The configuration is typical. However, when it comes to the integration piece, it has flawless integrations with lots of applications, whether it is out-of-the-box or customized. It supports any number of platforms. 

The company is very keen on looking at new applications to build out-of-the-box plugins. The support for the privileged single sign-on configurations with the application is excellent. 

Security-wise, the security is unbeatable compared to any other tool in the industry. They have a vault concept. They consider it similar to a bank vault. This is where they keep all the privileged admins' passwords. That particular vault has seven layers of security, which are unbreakable. It basically cannot be hacked. It cannot be hijacked. 

If something goes wrong, for example, if the vault is destroyed, your data is still protected. You can easily revive your data from that particular vault. It's a great capability. The security is excellent. It is very, very tight here. They support one signal protocol kind of communication with the internal products.

Where your password will be residing that is protected by a seven-layer of security. It has a web interface hosted on an IAS server on Windows. It has a CPM called central password management, which will do the password rotation. That is sitting on one other server. It has a session manager, which provides the single sign-on mechanism, privileged single sign-on mechanism, or automatic single sign-on to log into any infrastructure servers and applications. These are the four core products, and they integrate with each other and they integrate on one single port.  

If you try to intrude on the system or any hackers try to intrude the system, they will not be able to do that as the communication through this port is entirely encrypted. They will not be able to revive the data in real-time. It's a great security feature.

It supports hybrid deployments as well. It supports single standalone deployments for high availability with different kinds of deployment structures or topologies. This is a growing trend in the market. 

What needs improvement?

They can work on the pricing part. Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge. 

For how long have I used the solution?

I've used the solution for four years now. 

Buyer's Guide
CyberArk Privileged Access Manager
September 2023
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
735,432 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is very stable. It's reliable and the performance is good. 

What do I think about the scalability of the solution?

Every organization is different. Some are small, some are large, and some are medium-sized. This product fits all organizations. It is designed to be scalable. 

How are customer service and support?

Technical support has been excellent overall. We are pleased with their level of service. 

How was the initial setup?

The setup process is typical. It's not easy to set up. It depends upon the environment, the requirement, what the customer is looking for, et cetera. If, let's say, there's 1,500 accounts, which need to be protected and 10,000 servers, which need to be protected, the deployment can be done with the two-node setup. The two-node setup is okay. However, when it comes to the larger organization where we have lots of privileged accounts and lots of servers or when the account increases to 100,000 servers and 100,000 or 200,000 privileged accounts, in those cases, the product is complex.

You need to be well trained in order to be able to execute an implementation. 

What's my experience with pricing, setup cost, and licensing?

The pricing used to be very competitive. I can't speak to the exact pricing. However, it is my understanding that it has gotten more expensive. 

What other advice do I have?

I'm certified in CyberArk. Earlier, we worked with CyberArk as a partner. At this point, our contract is in a renewal state.

I'd rate the solution nine out of ten. 

It is a great product when it comes to security. From the security point of view, I would advise a new user to use this tool and deploy it in your environment since the security is unbeatable.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Engineering Lead PAM with 10,001+ employees
MSP
Top 20
Session management isolates users' machines, maintaining privileged session in the event of an attack
Pros and Cons
  • "The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution."
  • "More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured."

What is our primary use case?

The primary use case of CyberArk is controlling privileged access. It is good at providing various privileged access controls. The CyberArk use case can be implemented on various platforms.

Password rotation is another key use case. There are many integrations available on the CyberArk Marketplace, plugins and connectors with different technologies to be integrated with CyberArk to achieve this use case.

I've had an experience of deploying CyberArk in on-premise and in the cloud.

How has it helped my organization?

For any use case, session management is a key because it isolates users' machines to the target system. That way then, if an attack happens on a user's machine, the privileged session is still an isolated session. The privileged session is not interrupted.

What is most valuable?

In general, all CyberArk's features are very useful from a privileged account control point of view, and for session management and password rotation. 

The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution.

There are many other important features of CyberArk: 

  • Privileged Session Manager (PSM) connects you to the target platform. 
  • Password management (CPM) provides automatic password rotations, including password verification and reconciliation. 
  • Auditability, which means CyberArk keeps track of logs and audit trails, including session recording, which is another key feature. 

The password management enables the rotation of passwords per an organization's policy. Passwords can be rotated after N number of hours or based on a particular day. It's a very key feature from a security point of view, because passwords are meant to be rotated very frequently. CyberArk does it very well with different plugins.

What needs improvement?

More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured. That would make it easier when somebody is implementing it or referencing the documentation.

For how long have I used the solution?

I have used CyberArk Privileged Access Manager for approximately seven years.

What do I think about the stability of the solution?

It is a very stable and reliable product.

What do I think about the scalability of the solution?

It is scalable and scaling it is straightforward. It has been designed and planned well, making it easy to scale the environment.

How are customer service and support?

We have frequently worked with CyberArk technical support. In the last year their support has been changed. I would rate it at about seven out of 10. It depends on the person who picks up the support ticket. If that person is fairly proficient in his experience, the response will be quick. Otherwise, it can take time. But, in general, it's good.

How would you rate customer service and support?

Neutral

How was the initial setup?

The complexity of the initial setup depends on the organization's underlying infrastructure, on the environment in which the development is happening. Sometimes the environment on which the product is being installed is more of a challenge than the product. That plays a key role. And, as I mentioned, it's a bit of a challenge because of the documentation at the moment. It needs to be much more user-friendly

The time for deployment also depends on the environment in which the product is being deployed. The technology landscape is very complex. With an end-to-end implementation, it can vary depending on whether the environment is small or medium or complex, and what types of use cases are involved. If it is just a simple environment and minimal features need to be configured, it can be straightforward and take a few days. But if it's a really large-scale, complex environment, where multiple integrations are required, because the underlying requirement to deploy CyberArk with other applications is complex, it will definitely take longer.

What's my experience with pricing, setup cost, and licensing?

Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive.

What other advice do I have?

It's a long journey and it needs to be set out in phases very well, starting with something small and gradually implementing PAM controls across whatever multiple technologies an organization uses. It's a long-term project to fully deploy and benefit from all of CyberArk's features. 

Rather than being about the product, it's more about the overall PAM journey that a company decides to take. It's a very complex world, integrating multiple applications within CyberArk. There are various technical complexities involved, not with CyberArk, but with the other products. 

But it's worthwhile. CyberArk does its job very well. All the components are very useful and the benefits are all evident. CyberArk is the number-one PAM solution.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Implementer
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
September 2023
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
735,432 professionals have used our research since 2012.
IT Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Helps us to automate our jobs and administrative tasks
Pros and Cons
  • "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."
  • "We don't often contact technical support, but when we do it, the response could be faster and better."

What is our primary use case?

In our company, CyberArk is used to manage passwords for IP use. We use CyberArk for managing and automatically changing passwords in our managed system and environment.

We use it for coding privileged sessions, but we also use another solution for that, and CyberArk is the backup for this.

We are using the latest version.

How has it helped my organization?

It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes according to the internal security policies in our bank.

CyberArk PAM gives us a single pane of glass to manage and secure identities across multiple environments. This is quite important for compliance reasons.

CyberArk PAM provides quantitative risk analysis for every human and machine identity in our environment. This has a big impact on reducing risk. 

What is most valuable?

The PAM feature is the most valuable. It helps us to automate our jobs and administrative tasks. 

It also gives us a lot of features for compliance. Using this type of software is required by Polish law in finance and business in Poland.

We use CyberArk’s Secrets Manager to secure and manage secrets and credentials for mission-critical applications. The newest GUI is much better than the older version. Now, it is quite good.

CyberArk PAM provides an automated and unified approach for securing access to all types of identities that we use. This is very important to us.

What needs improvement?

I would like advanced RPA in the basic license. CyberArk has RPA, but we would need to buy additional licenses. It is not out-of-the-box.

I would like better support.

For how long have I used the solution?

I have been using it for five years.

What do I think about the stability of the solution?

So far, we don't have any problems. We have implemented higher availability in CyberArk. So, maintenance or updates don't have an impact on our environment. We don't have performance problems or anything like that. The stability is very high.

I have had no problem with agility in this solution. Everything works fine and gives us an opportunity to act as we want.

What do I think about the scalability of the solution?

According to the information that I have, we simply add more servers if we need it or have additional business requirements. So, scalability is high.

There are about 155 users. Mostly, they are our IT administrators and developers.

This tool is used daily in our bank. We don't have plans to increase usage right now.

How are customer service and support?

We don't often contact technical support, but when we do it, the response could be faster and better.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We didn't previously use another solution.

How was the initial setup?

The initial setup was complex. Our deployment took three months.

We needed to scale our environment and implement the correct number of servers to prepare for a working environment.

What about the implementation team?

Implementation of our CyberArk instance was done by an external company. It covered all our needs and requirements.

What was our ROI?

We have not seen ROI directly in money. However, we have seen ROI in quality. It increases security in our IT environment and provides the highest SLA for our systems.

CyberArk PAM helps save us time when it comes to onboarding new employees and providing them secure access to SaaS apps and IT systems. It is saving us about two to three days per new employee.

What's my experience with pricing, setup cost, and licensing?

We use an old model for pricing. The new model is a subscription model on the cloud. 

The price of CyberArk support could be a little bit less. Otherwise, pricing is fine.

Which other solutions did I evaluate?

We did some benchmarking, without the tools, to compare the cost of maintenance and functionality. We compared CyberArk to Password Manager Pro from ManageEngine. CyberArk has more functionality and better stability, in our opinion. The price was very similar between the two solutions. 

What other advice do I have?

CyberArk is a good technology partner. They help us a lot with maintenance and our security process management.

I don't have experience in the cloud using CyberArk. However, for on-premises environments, it works very well. I recommend it. 

I would rate the solution as a nine out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer990891 - PeerSpot reviewer
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Consultant
Top 20
Good password rotation with helpful reporting and auditing functions
Pros and Cons
  • "I appreciate the ease of use for support analysts."
  • "Overall what I would really love to see is the third-party PAS reporter tool pulled more into the overall solution, ideally as its own deployable component service installation package."

What is our primary use case?

We use the solution for privileged access to internal systems and multiple customer environments.

We have distributed PSM and CPM components throughout multiple sites and customer domains access over the VPN, with PSM load balancing handled via third-party hardware load balancers. 

Environment segregation and security are high on the criteria for the implemented solution, however, not at the overall expense of performance. 

We tend towards providing access to privileged admin applications direct from the PSM servers wherever suitable, yet offload additional workloads to siloed RDS collections if the need arises. 

How has it helped my organization?

I appreciate the ease of use for support analysts. We provide a single pane of glass access to our analysts where segregated admin access is provided via safe access groups. The overall goal is to provide the analysts with just enough access to function without being totally impaired by security constraints. With the piece of mind that the auditing and recording capabilities allow. We provide access to fully managed systems via distributed PSMs, or where the need arises we can provide access to online third-party access points via a central pool of web-enabled PSMs.

What is most valuable?

The most important feature is the password rotation and recording to align with customer security requirements.

The reporting and auditing functions allow us to provide evidence-based accounting to customers or security personnel when or if required. Being able to prove that "it does what it says on the tin" is a very key selling point or point scorer in project and planning sessions.

The marketplace default connectors are constantly evolving and simplifying administration. In the case of one not being available then the majority of additional requests can be catered for with some clever AutoIT scripting.

What needs improvement?

Remediation of some of the platform settings in the master policies section would be handy.

Overall what I would really love to see is the third-party PAS reporter tool pulled more into the overall solution, ideally as its own deployable component service installation package, that could be installed/branded alongside the PVWA service, and build out API integration so that third party calls could draw valuable data directly out of the management backend with very little amount of additional admin overhead.

For how long have I used the solution?

I've used the solution for eight years. 

What do I think about the stability of the solution?

The solution is very stable; if instability is ever experienced it is likely to be as a result or symptom of a problem elsewhere, such as external factors (updates, network etc.).

What do I think about the scalability of the solution?

The solution is fairly scalable, although depending on how far and wide you stretch your footprint, you may be better suited to multiple smaller vaults and component environments, than one large pot.

How are customer service and support?

Initial call logging can be tedious at times. If you clearly articulate an issue yet are then required to collate entirely irrelevant logging information or jump through a default set of "have you tried this" questions it can cause frustration. Call escalation via account management has improved and when needed we have then progressed with support at a faster pace.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have not worked with a solution with a focus explicitly for PAM.

How was the initial setup?

The initial setup was both straightforward and complex in equal measure.

What about the implementation team?

The majority of the setup was in-house. On occasion, we have engaged the vendor team and always had a positive outcome.

What was our ROI?

I'm not in the loop to be able to answer to ROI.

What's my experience with pricing, setup cost, and licensing?

Engage with Cyberark account management and professional services to fully understand your current, expected, and future requirements. 

Some default settings applied early on may be very time-consuming to amend at a later date (for example, set a default attribute in a platform, extrapolate that platform out to 300 other platforms and a single change may then have to be retrofitted 300 times). So the more scope you can define at deployment the better.

Which other solutions did I evaluate?

I believe other vendors were evaluated prior to selecting CyberArk.

What other advice do I have?

I'd advise other users to take their time, measure twice, and cut once.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Meo Ist - PeerSpot reviewer
Senior Product Manager and Technology Consultant at Barikat
Reseller
Top 5Leaderboard
Greta digital vault, very robust, and offers great integration capabilities
Pros and Cons
  • "It is a robust product."
  • "It is very complex and difficult to set up the solution."

What is our primary use case?

I use CyberArk as a password vault and session recordings and to connect the server sites. I use some critical systems if I can access them, including workflows and mechanisms. 

What is most valuable?

It's really good. 

The digital vault is great. It protects our passwords and manages those passwords and changing periods.

There is some third-party access to our system's recording process. It's very, very important for us and we're glad they allow it.

It is a robust product. It's very stable and reliable.

The solution can scale well. 

What needs improvement?

The interface could be updated a bit. Right now, it's not very good. 

It is very complex and difficult to set up the solution. 

Maybe some customers have a lot of systems. For example, we have 1000 Windows systems and 500 Linux systems. I need a remote desktop management solution for the CyberArk. I'd like to be able to change desktops with one click. We'd like the next release to have remote desktop management tools. 

For how long have I used the solution?

I've been using the solution for the last five years. 

What do I think about the stability of the solution?

The solution is very stable.

We no have had no performance issues; it's a really robust product. If I need more performance, I use another server, install another server, and improve our performance.

What do I think about the scalability of the solution?

It is very easily scalable. 

We have 50 admins on this solution. 

We are using the solution to 70% capacity. We do plan to increase usage. 

Which solution did I use previously and why did I switch?

We did use Delinea, formally Thycotic. That solution is really good, however, not fully secure. CyberArk is a more secure product - much better than Thycotic. Thycotic may be better in terms of its admin-friendly interface and integration, however, CyberArk offers more than vendor integration. It has massive integration capabilities.

How was the initial setup?

The implementation and integration process is very, very complex. It is a robust product, however. I don't have to do a lot of setups, luckily. However, when you first set it up, it's very difficult as you don't really know what you're doing. 

The first 27% of the implementation took us maybe three months, however, for more than 95% of installation, it took us over one year. We had all the features up and running, however. 

We started with connection and session recording features, however, items such as password changing and other integrations, for example, firewall connection and switch interface connection were rolled out over the year.

You only need one person to maintain the solution. 

What about the implementation team?

We had a third party help us with the implementation process. 

What's my experience with pricing, setup cost, and licensing?

It's a yearly license that we pay. It is more expensive than other options. There are competitive products that are cheaper. 

I can't speak to the exact price. On a scale of one to five, with one being the most expensive, I would rate it a one. The license covers five servers. If you need more servers, you pay more. The same is true with disaster sites. If you need a disaster site, you are fine. It is included. If you need more, you need to pay for it. 

Which other solutions did I evaluate?

We did look at multi-factor authentification options and zero-trust network access. 

What other advice do I have?

I'm not sure which version of the solution we're using. It's likely the latest version.

This is a fully secure product and integrates with a lot of different systems. I'd recommend the product to others. 

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: ex-partner, changed companies a month ago
PeerSpot user
reviewer988578 - PeerSpot reviewer
Snr Technical Consultant at a tech services company with 10,001+ employees
Consultant
Top 20
Great password management and Privileged Threat Analytics with good auditing capabilities
Pros and Cons
  • "The product has allowed us to improve both the management and access to privileged credentials, while also creating a full audit trail of all activities happening within isolated sessions of all tasks and activities taking place within the solution."
  • "The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow."

What is our primary use case?

The solution is used to provide privileged access management to our datacentre environments, for anyone with admin rights with infrastructure or applications within the datacentres. Authentication to the solution in the PVWA (Password Vault Web Access) with onward connectivity via the PSM for Windows (PSM) as well as the PSM for SSH (PSMP). These provide the session isolation, audit, and session recording capabilities that CyberArk offers. The use of Privileged Threat Analytics (PTA) adds more control functionality to the solution.

How has it helped my organization?

The product has allowed us to improve both the management and access to privileged credentials, while also creating a full audit trail of all activities happening within isolated sessions of all tasks and activities taking place within the solution. 

This includes sessions via the solution and sessions to administer the solution itself. From a user perspective, we no longer need to try and create or remember complex passwords or have to be concerned about when they will change as the solution takes care of this and can and does populate these credentials for you so mistyping a complex password is a thing of the past.

What is most valuable?

Password management is a great feature, as all passwords are changed more frequently (this can be scheduled in line with a specific policy requirement or each time the credentials are returned to the pool for reuse and are always compliant with the password policy however long or complicated the policy states that they need to be. 

Another great feature is the Privileged Threat Analytics (PTA) as this can stop a session based on prescribed risk and bring it to an end or pause it pending approval to proceed.  

What needs improvement?

The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow. That said, it has been moving in the right direction with features becoming available in the v10 interface and some user features are available in both classic and v10 interfaces. I would love to see all the classic interface features moved into the v10 interface or available in both interfaces within the next version. 

For how long have I used the solution?

I've used the solution for about six years.

What do I think about the stability of the solution?

The solution has been very stable.

What do I think about the scalability of the solution?

The solution performs well, however, based on the user base may require a sizable footprint.

How are customer service and support?

Support does vary depending on how critical your issue is and if it needs to be elevated to dev support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Our previous solution was not a PAM solution and these days you can't afford to not use one.

How was the initial setup?

The setup is not complicated when trained staff are used.

What about the implementation team?

We handled the initial setup in-house.

What's my experience with pricing, setup cost, and licensing?

Set-up costs can be minimized by controlling the number of applications that are made available within the solution. The newer licenses are per user and open up access to a suite of products, the best value, and security can be achieved by using more of the products.

Which other solutions did I evaluate?

We looked at other products like Delinia and Wallix.

What other advice do I have?

Take advantage of the vendor's training or use a good partner to provide support and administration.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Furqan Ahmed - PeerSpot reviewer
Network Engineer at Pronet
Real User
Top 5Leaderboard
Works well and is easy to set up but support needs a faster response time
Pros and Cons
  • "The solution is stable."
  • "The support services could act faster when people reach out to resolve issues."

What is our primary use case?

It is a PAM solution, in which we provide privileged access to CyberArk and the users who are using to try to access their devices. They onboard on the CyberArk and then, whenever they need to access the devices, they get access to CyberArk which means they have to log in on CyberArk.

What is most valuable?

The models as a whole are great. I'm not sure if I can pull out specific features. I like that if we execute the user can't access their devices. If you remove the session manager, the user can't access their devices. It helps ensure we can protect our organization and data. The session manager is the most critical part of CyberArk's PAM solution. 

It works perfectly well. 

The solution is pretty easy to set up. 

The solution is stable.

It's scalable. 

What needs improvement?

The support services could act faster when people reach out to resolve issues. 

For how long have I used the solution?

I've been using the solution for the last two years. 

What do I think about the stability of the solution?

It's a stable product. 

We have deployed CyberArk for two years, and so far, we haven't received any issues regarding any bugs or anything like that. We haven't faced any issues. There are some challenges regarding user access. We have to explain to users who are not familiar with the PAM solution what to do, however, regarding stability, or regarding bugs we haven't faced any issues.

What do I think about the scalability of the solution?

It's a scalable product. For example, in my scenario, the deployment that I have done, if I want to scale it up or if I want to extend it, I can easily add the next module in that. There are no challenges regarding scalability.

I have only one deployment in Pakistan. It is at one of the largest banks in Pakistan here which has thousands of users on CyberArk.

How are customer service and support?

Technical support is good. I haven't faced any issues. If you're looking at the response time, I will say that it's quite a long wait. 

How was the initial setup?

The setup process of CyberArk is quite typical. Once you understand the process, it is very easy for you. That said, for a newbie, it may be a bit difficult. For example, for the PSM module, we have to make changes in the registry of the devices. You have to collaborate with your system team to make a configuration. I can get complex. That said, once you know, it's very easy.

What about the implementation team?

I have been through the process of implementing the solution for clients. 

What's my experience with pricing, setup cost, and licensing?

The licensing can be yearly or over a couple of years. Support needs to be renewed every year. 

What other advice do I have?

We have four models which we are using. 

The first one has a wall that which we have deployed on the particular server. The next one is the CPM which is the Central Policy Manager through which we enforce the password policy and password rotation policies. 

I'd recommend the solution to others. 

We have conducted a POC in Pakistan on multiple sites with different customers. CyberArk is a quite typical product and can be a bit expensive, so it's a good idea to try it out first and make sure it is what you need.

I'd rate the solution seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer907214 - PeerSpot reviewer
Director, CyberSecurity at Ashburn Consulting LLC
User
Top 20
Great credential rotation automation and privileged session management with helpful support
Pros and Cons
  • "The ability to develop and deploy applications with no stored secrets is very valuable."
  • "The greatest area of improvement is with the user interface of the Password Vault Web Access component."

What is our primary use case?

We use the solution for the full automation of tens of thousands of credentials across hundreds of different integrations. Our use case includes Windows, Linux, networks, security, storage, mainframe, and cloud (both Software as a Service and Azure platform based). In addition to the credential rotation, we use credential providers and privileged session management to greatly reduce the use of passwords in the environment. Users authenticate using MFA, Multi-Factor Authentication, and are able to access systems based on Role Bases authentication rules. 

How has it helped my organization?

The solution has improved security posture while greatly reducing administrative burden. We leverage CyberArk to deploy applications without the use of secrets.  

Applications authenticate securely to CyberArk using a combination of certificates and other extended application-identifying parameters to promote a secure DevSecOps environment.   

The extensibility of CyberArk has enabled us to develop custom integrations into Microsoft Azure leveraging KeyVault to synchronize on-premise and cloud secrets in a consistent hybrid credential management architecture.

What is most valuable?

Credential rotation automation combined with privileged session management are great aspects of the solution. It enables highly complex passwords that the end user never knows or sees. We have some use cases where administrative users will log in to highly privileged systems using a one-time use secret and immediately following their administrative session the password is rotated

The ability to develop and deploy applications with no stored secrets is very valuable. This keeps code repositories free of secrets and application authentication is centrally controlled and monitored.

What needs improvement?

The greatest area of improvement is with the user interface of the Password Vault Web Access component. The latest long-term support version of CyberArk (12.x)  still includes and still leverages the version 9.x UI in order to maintain some of the administrative functionality.   

The performance of the 9.x UI leaves much to be desired and there are still some administrative tasks that require the use of a thick "PrivateArk" client.   

Many improvements have been made over time, however, there is still work needed.

For how long have I used the solution?

I've used the solution for eight years.

What do I think about the stability of the solution?

The solution has been quite stable for many years and includes the functionality for clustering the multiple site replication, both of which we leverage for a high level of uptime.

What do I think about the scalability of the solution?

The solution is very scalable, however, with scale, there are certainly performance considerations.

How are customer service and support?

Support has been a mixed bag. First-level support has been extremely time-consuming to get to an escalation resource that can help us resolve our reported issue. In all fairness, we have a very experienced staff and generally only contact support for more complex issues. There have been improvements made over the years and the commitment to improving support. Still, there is work needed in that department.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did not previously use a different solution. 

How was the initial setup?

Setup depends on the complexity of the solution. A simple configuration could be up and running in a day.

What about the implementation team?

Our environment is run in-house by a contract team with expertise in CyberArk.  However, we do leverage the vendor for major upgrades and have used their technical account manager services in the past

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2023
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.