The solution is primarily for security and access control.
It's used to ensure and protect the complete IT infrastructure administrative account and the administrators and limit them to do any particular activities on the server and record all the activities on the server. it's for auditing purposes and for forensic usage.
We use it o identify if somebody internally hits the organization or tries to intrude and try to do a data breach or try to steal the information or do some kind of internal hacking. That risk can be eliminated using the tool.
CyberArk is one of the greatest platforms. It supports lots of requirements in the privileged access management area.
From a configuration point of view, it is not very straightforward as per the deployment. The configuration is typical. However, when it comes to the integration piece, it has flawless integrations with lots of applications, whether it is out-of-the-box or customized. It supports any number of platforms.
The company is very keen on looking at new applications to build out-of-the-box plugins. The support for the privileged single sign-on configurations with the application is excellent.
Security-wise, the security is unbeatable compared to any other tool in the industry. They have a vault concept. They consider it similar to a bank vault. This is where they keep all the privileged admins' passwords. That particular vault has seven layers of security, which are unbreakable. It basically cannot be hacked. It cannot be hijacked.
If something goes wrong, for example, if the vault is destroyed, your data is still protected. You can easily revive your data from that particular vault. It's a great capability. The security is excellent. It is very, very tight here. They support one signal protocol kind of communication with the internal products.
Where your password will be residing that is protected by a seven-layer of security. It has a web interface hosted on an IAS server on Windows. It has a CPM called central password management, which will do the password rotation. That is sitting on one other server. It has a session manager, which provides the single sign-on mechanism, privileged single sign-on mechanism, or automatic single sign-on to log into any infrastructure servers and applications. These are the four core products, and they integrate with each other and they integrate on one single port.
If you try to intrude on the system or any hackers try to intrude the system, they will not be able to do that as the communication through this port is entirely encrypted. They will not be able to revive the data in real-time. It's a great security feature.
It supports hybrid deployments as well. It supports single standalone deployments for high availability with different kinds of deployment structures or topologies. This is a growing trend in the market.
They can work on the pricing part. Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge.
I've used the solution for four years now.
The solution is very stable. It's reliable and the performance is good.
Every organization is different. Some are small, some are large, and some are medium-sized. This product fits all organizations. It is designed to be scalable.
Technical support has been excellent overall. We are pleased with their level of service.
The setup process is typical. It's not easy to set up. It depends upon the environment, the requirement, what the customer is looking for, et cetera. If, let's say, there's 1,500 accounts, which need to be protected and 10,000 servers, which need to be protected, the deployment can be done with the two-node setup. The two-node setup is okay. However, when it comes to the larger organization where we have lots of privileged accounts and lots of servers or when the account increases to 100,000 servers and 100,000 or 200,000 privileged accounts, in those cases, the product is complex.
You need to be well trained in order to be able to execute an implementation.
The pricing used to be very competitive. I can't speak to the exact pricing. However, it is my understanding that it has gotten more expensive.
I'm certified in CyberArk. Earlier, we worked with CyberArk as a partner. At this point, our contract is in a renewal state.
I'd rate the solution nine out of ten.
It is a great product when it comes to security. From the security point of view, I would advise a new user to use this tool and deploy it in your environment since the security is unbeatable.