CyberArk Privileged Access Manager Reviews

The primary use case for CyberArk Privileged Access Manager is within the IT security industry. It manages privileged access and generates reports, particularly for clients in sectors like finance. The system facilitates account management, enables the generation of on-demand reports, and helps maintain security protocols for these clients.

CyberArk Privileged Access Manager has enhanced my organizational capabilities by providing important security reporting features.

The most valuable features of CyberArk Privileged Access Manager include its search capabilities. Searching was previously a challenge, especially with Windows servers. When searching, we could only search based on the account name itself, as the system couldn't identify which accounts had access to which systems. This functionality caught my attention. Another standout feature is CyberArk Compass, which is planned for an upcoming release or has potentially already been released for Prisma Cloud. Finally, managing user accounts through the PWA is quite helpful. When a user is suspended, we can activate the account using the PWA instead of the private client.

The ability to manage user accounts and suspend them with ease through Password Vault Web Access rather than a client is a significant feature.

I like the integration with tools like Compass and the ability to search based on account names and systems.

My concern and area for improvement revolves around reporting. I even submitted an enhancement request to CyberArk Software, suggesting that they include a dedicated dashboard page within either Privileged Cloud or their self-hosted PAM solution. This dashboard could feature visual elements like pie charts to display metrics such as account compliance percentages. For example, it could show PTA alerts to visualize security events occurring within a month, quarter, or year. Having such a feature would allow for on-the-spot report generation. Currently, we rely on the REST API to invoke and pull the necessary information. We then have to manually copy the data, convert it from JSON to Excel, and generate the desired report and dashboard. This process is time-consuming and sometimes leads to inconsistencies in the information provided.

I have been using CyberArk Privileged Access Manager for six years.

The stability of CyberArk Privileged Access Manager is generally good. Minor issues may arise, but they are typically manageable and not major. On a scale of one to ten, I would rate the stability an eight out of ten.

My deployment of CyberArk is scalable, although the scalability differs depending on whether it's on-premises or cloud.

Customer support is somewhat lacking. They are often unavailable on Fridays, and the support process, such as raising a call or case, can take too long. On a scale of zero to ten, I would rate their support as six out of ten.

Neutral

Before using CyberArk, I interacted with BeyondTrust. BeyondTrust features, such as their reporting simplicity, made it easier for me to generate reports. The switch was primarily motivated by cost considerations.

The initial setup was detailed and required steps to ensure security measures were aligned with standards. Efficient sequencing, working with redundancy, and cooperation with load-balancing teams were crucial parts of the process.

The deployment took one week to complete because of the redundancy.

The solution is expensive but not excessively so. Discussions with clients have revealed that costs, especially for Privileged Cloud, are a concern. Improved support could enhance the solution's overall value.

I would rate the cost of CyberArk Privileged Access Manager seven out of ten with ten being the most expensive.

I would recommend CyberArk Privileged Access Manager because it is a leading solution for privileged access management. Although it has room for improvement, particularly in areas like reporting and support, it remains a solid option. I rate it an eight out of ten.

We have deployed CyberArk Privileged Access Manager using various configurations. For instance, active components are located in one location, while passive components reside in another. This is determined by the route to the virtual machine, as the components operate as virtual machines. The primary vault is situated in a separate location, and the disaster recovery vault is placed in another distinct location. Currently, we have a PAM license for 800 users, but we are utilizing it for 650 users.

CyberArk Privileged Access Manager maintenance addresses security bulletins and involves several key steps. We ensure the admin utilizes the security bulletin during maintenance, which begins with raising a change request. Before the change is approved and implemented in production, it is thoroughly tested in a test environment to verify its functionality. Deployment to production follows successful testing. Application-specific maintenance for CyberArk follows the product roadmap, ensuring we remain at most one version behind the latest release. We also promptly apply necessary security patches from security bulletins. Furthermore, from an OS perspective, we maintain alignment with the latest Microsoft patches, ensuring all systems are up-to-date and secure.

I'm using CyberArk Privileged Access Manager in the telecom industry, specifically for one of the clients. The main use case for CyberArk Privileged Access Manager is the Endpoint Privilege Management part, where privileged access needs to be managed, monitored, and recorded as part of SOX compliance. Other major use cases involve event management, trigger management, and notifications for break glass scenarios for various customers.

CyberArk Privileged Access Manager offers various exposed REST APIs, allowing for quick onboarding and reporting from the SOX compliance perspective, which wasn't available before. The exposed APIs give us the flexibility to perform scripting using Python and other languages to develop native tools.

CyberArk Privileged Access Manager integrates with various incident management tools, enabling automated actions through triggers for generated events. The integration with Ignimission provides operations teams with a dashboard for compliance management more efficiently. 

CyberArk Privileged Access Manager offers customers good visibility of accounts to onboard. The DNA tool provides an overview of their network entity, thereby helping them streamline their network from a privilege management perspective. They can see how many assets there are, how many assets have different accounts, and which accounts are currently active or not. From the dashboard, the customer has clear visibility.

Its integration is seamless with out-of-the-box connectors. You just need to provide the input in a configuration file. It can be integrated very easily.

The most valuable features of CyberArk Privileged Access Manager include quick access, ease of use, and a variety of connection methods beyond the web portal. The Just-in-Time functionality within CyberArk is very important, and recent features such as the MFA gateway allow external customers to perform their work while being monitored seamlessly. Any events not adhering to SOP trigger notifications to admins for prompt action.

Improvements in CyberArk Privileged Access Manager should focus on simplifying installation and upgrade times, and also consider making professional services training more accessible to implementers and partners. Free training for implementers should be offered, and the installation and upgrade process should take less time. 

In addition to that, CyberArk should communicate their Impact events to customers and SI partners, and consider making them free, as these events showcase their roadmap and new features.

I have been working with CyberArk Privileged Access Manager for more than eight years.

I find CyberArk Privileged Access Manager to be a stable solution and would rate its stability a nine out of ten.

I would rate the scalability of CyberArk Privileged Access Manager an eight out of ten.

I would rate CyberArk's customer support as a seven out of ten. The rating stems from the fact that sometimes critical issues require follow-ups, as the support team doesn't always recognize the urgency of a critical ticket immediately. There is a need for more dedicated support for some customers moving forward.

Neutral

The previous versions were a bit difficult, but the newer versions have improved. They have done some scripting for the installation part, which has improved the overall installation very much. There is still some scope for improvement. I'm looking for an automated script where all the entities or inputs can be provided. Once that script runs on a particular server, CyberArk gets installed without any user interruptions. Currently, we have to be very specific with prerequisites and everything else. If the prerequisites are not met, there are some issues, and you have to sometimes rebuild that particular server. To avoid such things, an automated script should be there to check the overall prerequisites. After installation, there should be a global script that checks all the functionalities to see whether every entity and every component has been installed correctly or not.

I am the implementer for CyberArk. As an implementer, my customers are from various industries, currently managing customers from the healthcare, telecom, and semiconductor industries.

Since CyberArk is at the top of the Gartner list, the cost is indeed on the higher side, but customers must discern which entities are essential to purchase. They should weigh the cost against the quality received.

The setup cost for CyberArk depends upon the customer's infrastructure, and while it may be on the expensive side, the quality and support provided justify the investment, along with documentation and training that add value.

CyberArk Privileged Access Manager is the best solution for safeguarding sensitive patient data in healthcare, providing visibility and traceability that enhance compliance. Its strong design offers security and visibility for events across all industries, showcasing its robust capabilities. CyberArk Privileged Access Manager is crucial for safeguarding credentials in healthcare organizations. 

I would recommend CyberArk Privileged Access Manager to those looking to use it. The biggest benefit is its versatility, providing comprehensive flexibility across various operational needs, while also offering expert support to resolve any issues encountered.

It stands out as the best tool on the market. It deserves a nine out of ten overall. 

Our main use cases are to monitor all privileged accesses. It can be HTTPS, LDAP, SSH, or SQL management, so anywhere we have privileged access, we want to monitor it and place it under CyberArk.

Its monitoring capabilities are good. Whenever the end users start their session, it quickly allows you to monitor. However, if there are no firewall rules, it creates a video, but it does not take all the audit logs. For audit logs, you need firewall rules. It is very well described in their documentation. At the start, they communicate this to clients. The documentation is well-defined.

The features that are most effective, like every PAM solution, include monitoring and password rotations. 

The best thing about this solution, especially on-premises, is that we can interact with it directly. If we need to develop something, we are allowed or can do it by ourselves, which is most effective for us as administrators. It is not a black box. We have the ability to customize, especially the connection components.

There are some options in the web portal where they can improve the user experience. For example, in remote, there is a parameter called 'access to remote machine.' When we put host names in that field, we are not able to search it. It would be useful if a search feature was there to check if a machine is already onboarded. When we onboard a few machines in the same domain using just one account, we put the domain name in the address field and host machine names in the remote access parameter. However, we are not able to search within that field, which makes it difficult for us as admins to know if a machine has already been onboarded.

Other than that, I do not have any areas for improvement. Whenever we find any bugs or have a need for a feature, we open a ticket with them. They usually work on that if the same request has also come from other people. They are already good at doing that.

I have been working with CyberArk for almost six to seven years.

The solution is very stable. If you install the solution with CyberArk's guidelines, it remains stable. I also offer 24/7 services, and in three years, I have received two or three calls from clients indicating the solution was not working. It means the solution is very stable.

It is scalable. If a client has 100 users and wants to add 100 more users, it is possible. They can make it bigger and smaller, depending on their needs.

Our clients are medium enterprises.

Their technical support is good. They provide solutions and also the documentation if you ask. If you cannot find something, they point you to the right documentation. With support, I have never found any problems.

Positive

There is a lot of complexity if we are installing the solution on-premises. On the cloud, there is no such complexity, but on-premises, it is complex because there are different components like Vault, PVWA, PSM, and CPM. There are many components, and we need to follow a sequence to install these products. One needs a good knowledge of these components to install because we cannot just follow the documentation and install it. The documentation is vast. First, we need to read all of it. For first-time users, it is a bit difficult, but with experience, it is not a big deal. In terms of ease of use, I would rate it a six out of ten for on-premises and a nine out of ten for the cloud.

The deployment model depends on the clients. Our clients from banks usually use it on-premises. Clients in other fields do not want to install the machines on-premises because that is resource-consuming, so they go for the cloud deployment.

With the cloud deployment model, the clients need to deploy fewer components in their infrastructure. Vault and PVWA are already in the cloud, but other components like PSM, CPM, and PSMP are on-premises. It is not that all the infrastructure is on the cloud. There are a few components that are on-premises. However, in the case of on-premises, all the components are on-premises inside the infrastructure of the client, and they are responsible for maintaining that.

Our clients have seen an ROI.

If you want a Ferrari, it will cost you. The solution is really nice, so it costs the client, but in the long run, it is very good. If you buy a solution that costs a lot to maintain because it is not stable, and you are frequently asking for consultant support, it costs more. It is better if the client spends a little more money initially. In the long run, it is very good.

My recommendation depends on your needs and what you want to achieve. If you just want SSH, LDAP, and basic monitoring, you can consider other solutions like Wallix or One Identity, which cost less. If you need a lot of customization, such as you want to put in a lot of HTTPS ports and change the passwords of internal applications, this solution is much better than others. 

I would rate it a nine out of ten.

We use CyberArk Privileged Access Manager for least privilege and accountability purposes, while we also utilize the EPM solution for endpoint protection. Additionally, PTA is one of the most important tools from CyberArk Privileged Access Manager, which we use on a real-time protection basis. CyberArk Privileged Access Manager effectively prevents attacks on the financial service infrastructure, as we protect against lateral movement, credential stuffing, and since no passwords are available because they are rotated through CyberArk Privileged Access Manager, we can isolate every session and record all activity while monitoring in real-time.

The ability of CyberArk Privileged Access Manager to safeguard the financial services infrastructure by protecting credentials is extremely important, as every activity in a financial organization needs to be recorded for accountability in auditing. Therefore, CyberArk Privileged Access Manager is a crucial tool, and we utilize credential rotation as 85% of successful attacks in the last 10 years have been initiated through credential theft. Monitoring, recording, and credential rotating activities are crucial because if CyberArk Privileged Access Manager goes out of service, the total environment would collapse due to the lack of passwords for respective servers.

While I cannot suggest major changes, I did encounter a vulnerability concerning RADIUS blasts, which was recently mitigated by CyberArk Privileged Access Manager in their latest version, indicating an area for improvement in vulnerability assessments. Improvements in vulnerability assessment are essential. A notable request I have regarding CyberArk Privileged Access Manager is to address the issues of database corruption identified in cluster environments experienced by multiple clients.

From 2021 to now, I have been working on CyberArk Privileged Access Manager.

I have not experienced any stability issues with CyberArk Privileged Access Manager.

It is easy to scale.

In terms of technical support, CyberArk Privileged Access Manager has provided excellent support without any doubt. Based on the issue resolution and support quality, I rate the support 10 out of 10.

Before using CyberArk Privileged Access Manager, I did not evaluate any other PAM tools.

Setting up CyberArk Privileged Access Manager is not complex, especially if you properly follow the recommendations from CyberArk.

I handled the deployment myself.

CyberArk Privileged Access Manager has been very effective in helping my company meet compliance and regulatory requirements. Implementing CyberArk Privileged Access Manager saved time on compliance requirements in finance, typically around one hour.

There has been no reduced cost associated with CyberArk Privileged Access Manager, as when it is required, you must pay for their licensing and prepare the full environment. While there are costs for the licensing of CyberArk Privileged Access Manager, it definitely provides value when I need any accountability or session recording.

CyberArk Privileged Access Manager is one of the most important components from CyberArk, along with EPM (Endpoint Privilege Manager) and PTA (Privileged Threat Analytics tool). I recommend anyone considering CyberArk Privileged Access Manager to view it as a friendly environment, as it stands out among the other PAM solutions I have encountered. CyberArk Privileged Access Manager is highly recommended for its user-friendly nature. I rate CyberArk Privileged Access Manager a ten out of ten.

The use cases for CyberArk Privileged Access Manager include access to Windows, Windows servers, Linux servers, firewalls, clouds, GCP, AWS, and Azure, but I do not administer the clouds. I only administer CyberArk.

CyberArk Privileged Access Manager helps us maintain an inventory of our privileged credentials and manage password rotation easily for our organization. It provides a secure way to access and monitor.

CyberArk Privileged Access Manager has positively impacted visibility into the PAM accounts. It has a very good dashboard that provides visibility into our accounts and password information.

CyberArk Privileged Access Manager's abilities to safeguard the infrastructure are important, as protecting credentials provides us with security and visibility.

CyberArk Privileged Access Manager is effective for preventing attacks and threats. It's very effective since it connects to a SIEM, such as Splunk and ArcSight. The functionality called PTA, Privileged Threat Analytics, is very good.

CyberArk Privileged Access Manager integrates well with other products.

CyberArk Privileged Access Manager improves operations because it's all centralized. When you have CyberArk to gain access to the admin console and other applications, it's the easiest way to configure your firewall rule because everything comes from CyberArk.

It's user-friendly and very configurable. We can do many things with it, especially with password management. It's easy to manage, and the controls are straightforward. It's a specialized solution for which it's hard to find professionals to work with, but it's very effective.

It's a very good solution for data privacy.

The reports could be more editable. I want to be able to edit a dashboard to see other information or graphics. Making the reports more editable would be beneficial.

I've been using this solution for at least five years.

I would evaluate the customer service and technical support of CyberArk Privileged Access Manager as very good.

Positive

I worked with Senhasegura, which is a Brazilian application for password security. We switched to CyberArk Privileged Access Manager because it is recommended for larger environments.

The initial setup is easy. I was involved in the setup process and was part of it.

It takes six months for the full implementation in a big company.

The deployment team consisted of approximately 10 people. While I don't know the exact job titles, a manager and at least two engineers on the CyberArk team were required.

CyberArk Privileged Access Manager has helped our organization save on costs. CyberArk Privileged Access Manager is expensive, but it helps protect us from losing money. 

Its benefits are visible immediately after the deployment, but in Brazil, people generally implement CyberArk Privileged Access Manager after an incident.

It's not a cheap application. It's very expensive.

Don't wait to be attacked or lose your data. Protect your credentials, even if you use other security tools. 

I would rate this solution a nine out of ten.

I am a senior manager, and we have multiple clients for whom we deploy CyberArk Privileged Access Manager. We also manage or upgrade their instances. We handle migrations and new implementations. We take care of anything related to CyberArk.

The feature that I like the most is the Privileged Session Manager. It offers session recordings, logging, and tracking of user workstreams. It keeps a record of activities, allowing me to easily fetch screen recordings to detect any misuse and see who did what and what happened. Its benefits can be seen immediately after the deployment.

Based on the user experience that I see on a day-to-day basis, some changes could be made to the Privileged Session Manager tool to make it more user-friendly. The user interface of that tool could be more advanced and understandable to laymen, rather than being more of a developer tool. I would recommend more user-friendliness there.

CyberArk is more focused on the cloud solution. They are not going towards on-prem, but a lot of clients still like the on-prem solution. With the cloud implementation, you have a lot of dependencies on expert services. When you get into some issues, you have to wait for expert services. They usually reply in two to three days. That is something CyberArk needs to make better. If they want clients to move to the cloud, they need to support them in real-time. The client should not be waiting for two days to get a response for the issue. If CyberArk wants people to pay for cloud services, they need to make the cloud services much more real-time.

I have been using CyberArk Privileged Access Manager for approximately six years.

CyberArk Privileged Access Manager is a stable solution. I have never faced any issues with stability.

CyberArk Privileged Access Manager is a scalable solution.

I have contacted their support a lot of times. The quality of support is okay, but the time frame for replies should be much faster than it is currently.

Neutral

I have not used any similar solution for PAM. However, for managing the accounts, we have used some password management solutions such as 1Password, but they do not give you the accessibility and different components that PAM provides. They are just for password storage and keeping the passwords safe. A PAM solution from CyberArk or BeyondTrust solution provides a lot more than that, so we cannot compare them. There is no comparison.

I have deployed it both on the cloud and on-prem. My one client is on-prem, and another one is on the cloud.

The initial deployment depends on how extensive it is. For one client, it was quite easy, but after the deployment, it was tricky to deploy the components for AEM, EP, and CCP. On-prem implementation is much easier than the cloud. Cloud solutions require better and more immediate support. Cloud deployment is challenging due to dependencies on expert services.

It requires a bit of maintenance but not that much. Once you deploy the solution, it works, but there are always new upgrades. For example, if you deploy a web connector for web applications and Chrome releases an upgrade, you have to see whether CyberArk is supporting that upgrade or not. Accordingly, you have to update the drivers and other things for the web applications. The same goes with PSMP and SMP. If there are any version upgrades or any vulnerability patch fixes, you have to perform maintenance.

We help customers deploy it.

The duration depends on how big the instance is. To deploy all the components, the duration can range from three to six months.

It can be deployed by one person, but it also depends on how many instances of servers you are deploying, what is the concurrent usage, how many users are being onboarded, and what components you have. There is PSM. There is EPM and PSMP. It depends on what exactly the client requires. These are some factors that determine the time frame and number of people required.

From a client perspective, CyberArk's pricing is fair but there is a significant increase each year. They should limit the price increase because this could potentially drive customers to other partners. Price changes should be at defined intervals. There should not be sudden jumps.

I would rate CyberArk Privileged Access Manager an eight out of ten.

My primary use case for CyberArk Privileged Access Manager is managing privileged access across the organization. I focus on auditing compliance and ensuring compliance with financial systems like SAP.

The benefits of CyberArk Privileged Access Manager are typically realized over time, often facing initial resistance from various teams within an organization. While security, audit, and governance teams readily recognize the value of CyberArk, platform teams, and other stakeholders may resist its implementation. This necessitates a concerted effort to sell CyberArk internally, emphasizing its benefits and addressing concerns. Convincing internal stakeholders can be more challenging than securing buy-in from security or IT teams, often requiring three to six months after deployment for the benefits to become evident and widely accepted.

For me, CyberArk Privileged Access Manager's most valuable features are password and session management. It also includes technologies like Zero Standing Privileges and EPM, which I deploy for customers to demonstrate the return on investment.

CyberArk could enhance its usability by simplifying its architecture and design. Additionally, incorporating automated onboarding and offboarding features directly into the product would reduce the maintenance burden on administrators.

I have been using CyberArk Privileged Access Manager for eight years.

I find CyberArk to be quite stable. Exceptions occur mostly due to user errors. It has a large customer base and positive feedback within my network.

On-premises scalability is challenging for me due to deploying various components on different servers, but I find SaaS to be more promising in scalability.

In my experience, the quality of support has been inconsistent. Response times seem to correlate with the strength of the relationship with the CyberArk account manager, with quicker responses when rapport is strong.

Neutral

I worked briefly with BeyondTrust but returned to CyberArk, which has been my primary focus.

In SaaS, most tasks are abstracted, reducing the workload compared to on-premise solutions where tasks like network configuration, connectivity, SSL certificates, and management fall on the user. However, SaaS solution eliminate the overhead of building VMs and similar infrastructure. Overall effort for both approaches is comparable, but SaaS offers the significant advantage of CyberArk managing the underlying infrastructure, including the vault and web interface, a feature most customers prefer today.

Initial setups were challenging for me at first, but with experience, they became more manageable. It generally requires reviewing documentation and seeking initial support from CyberArk. The deployments take between three and six months.

Implementation involves a project team with a project manager and Windows engineers for tasks like VM provisioning. Typically, I have executed projects primarily by myself, sometimes with minimal assistance from junior resources.

CyberArk Privileged Access Manager is more expensive than its competitors, such as BeyondTrust, Delinea, and ManageEngine PAM360. While ManageEngine PAM360 offers similar flexibility and support at a lower cost, CyberArk's SaaS solution is particularly expensive. This high price point has discouraged many customers from migrating from on-premise solutions to the CyberArk SaaS platform.

I would rate CyberArk Privileged Access Manager nine out of ten.

CyberArk manages the maintenance for the Privileged Access Manager.

Organizations must ensure users understand the importance of PAM and how it secures infrastructure. Training sessions, workshops, and demos are crucial for building user engagement and overcoming initial resistance.

We use CyberArk Privileged Access Manager to manage privileged access, so all the privileged accounts are vaulted in CyberArk, and that's our control method to manage privileged access. We also manage access for developers, so we have dual control to give approval to developers.

CyberArk Privileged Access Manager has made our operations more streamlined. There is an approval process, so it helps us keep tabs on who's working on what and for how long. We also have to give a reason when we're using privileged accounts, which helps keep track of whether they're being used correctly. 

It's been good so far in safeguarding the infrastructure, but we've not used additional features of CyberArk Privileged Access Manager. Modern PAM with secure web sessions or secure infrastructure access is something that I learned about at the conference. I am curious about how we can use it.

It has not helped to reduce the number of privileged accounts. Whatever we find privileged in the environment, we want to control that by using CyberArk Privileged Access Manager. That's how we're able to control it. It has helped us identify privileged access better because we discovered users who didn't need privileged access. There have been cases where users with privileged access don't want their accounts in PAM because they need to pick up the password on a daily basis to perform their actions. There have been cases where they've gotten their privileged access off the account because it's not needed.

The user interface needs some training, but with a guide telling the user how to go about it, we have received positive feedback from whoever has used it.

It took us some time to realize its benefits because any new tool needs a proper understanding of how it can be used. A lot of testing was done on the engineering side, and demos were given. It took some time, but it is going smoothly.

Given that this is the only tool that I've worked with for the control process of privileged access, I don't have anything to compare it with. However, it's helped us keep our privileged access in check. We're able to get logs as to when the user checks out an ID and for how long, so it's a good monitoring tool.

They covered a lot at the conference. I don't have visibility into what product we've bought. It would be nice for them to approach us with what we have bought versus the new features being added. We need clarity on whether new features come included in the package that we already have, or if it's something that we need to have over and above.

Occasionally, there are lagging issues. Sometimes users have to re-login. When users copy passwords, there is sometimes a lag, so they have to log out and log in, but these are very rare cases.

I've been using it for about 5 years.

Occasionally lagging occurs. I've not heard about crashing, but there is a lag. Sometimes users will have to re-login and get it right.

The team that I work with is our in-house engineering team. I've had a conversation with CyberArk once last year revolving around efficiently generating the inventory reports. I contacted the technical support, but I didn't get a very straightforward solution that I was expecting.

We were developing a dashboard to find all the privileged accounts that weren't vaulted in CyberArk. We wanted the inventory report to be generated on a daily basis, but were having some trouble. We reached out to their technical support. The solution that they proposed was not straightforward because of the backend processes of CyberArk. We had to approach it in a different way.

Neutral

I would rate CyberArk Privileged Access Manager a seven out of ten.