CyberArk Privileged Access Manager Reviews

I'm a security solutions architect. I design solutions and hand them over to the client once they're implemented. We educate the users on how the solution works or turn it over to our managed services department

CyberArk PAM is an identity management solution used to manage privileged accounts on domains and local servers, including admin accounts in Windows environments and root users in Unix. 

With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent secure against attacks if you have all the right policies in place.

PAM could be more user-friendly and CyberArk could update the documentation to include more real-world examples. You have to learn it yourself through trial and error. In particular, the online documentation should have more information about troubleshooting.

I have used CyberArk PAM for two years. 

CyberArk PAM is stable.

CyberArk PAM is scalable. Managing 80,000 accounts is almost as easy as managing a thousand. 

CyberArk has a solid community. It's easy to get support and feedback from the forums. However, it can be difficult to access official technical support if you don't have a CyberArk certification because they have a process to limit unnecessary calls. You get excellent support once you're certified. 

Deploying CyberARK is complicated, but it is relatively easy for me because I have excellent scripts for implementing the prerequisites. It might be challenging for the average end user. It would be ideal to educate them in a demo environment because hard to explain this to a user without them. I would need to build an environment to show them. A simulated lab environment is one thing CyberArk PAM lacks.

We set up the prerequisites and discover the privileged accounts in the environment. CyberArk has a tool that scans the servers and detects accounts. This works best in a Microsoft environment. It's more difficult without Active Directory because you have to rely on the information the customer provides. You can begin the onboarding process once you've identified the accounts. 

It takes a month to set up the prerequisites and two or three days to install CyberArk PAM. Once it is deployed, it takes eight months to a year to tie up some loose ends. You may need to identify some accounts that you missed. The total time depends on the size and complexity of the user's environment. If you've configured everything correctly, it's simple to maintain. 

The ROI for CyberArk PAM is difficult to measure because the benefit is a reduction in risk. If CyberArk can eliminate most of the customer's security risks, then it's worth what they paid. 

CyberArk isn't cheap, but it's the best. You have to pay for quality. 

I rate CyberArk Privileged Access Manager 10 out of 10. CyberArk is the leader in Gartner's quadrant. I tell my customers that they need to be 100 percent secure—99 percent isn't good enough. The top hackers will exploit that 1 percent hole, and you're finished. You need 100 percent, or else you're wasting your money.  

The primary use case and the most used functionality of CyberArk PAM is managing privileged access (an easy way to pass permissions to specific servers to specific users granularly) and password management (an automated solution that manages password validity, expiration, etc.). PSM gives a possibility to set all connections secure and it is possible to re-trace actions made by users during such sessions. It is a good tool for extending usage to new end targets sometimes even out of the box.

CyberArk PAM ended a scenario where several dozens or even hundreds of privileged accounts had the same password or administrators had passwords written down on sticky notes. 

I have experience with onboarding thousands of accounts - mostly Windows, Unix, and network devices. I have developed (customized based on defaults) password management plugins for Unix systems and network devices.

I like the integrations for external applications. There are actually infinite possibilities of systems to integrate with - you would just need to have more time to do that. It is not an easy job, yet really valuable. I am not an expert on that, however, I try every day to be better and better. I have the support of other experienced engineers I work with so there is always someone to ask if I face any problems. End-customers sometimes have really customized needs and ideas for PSM-related usage.

The Vault's disaster recovery features need improvement. There is no possibility to automatically manage Vault's roles and for some customers, it is not an easy topic to understand.

I noticed that CyberArk changed a little in terms of the documentation about disaster recovery failover and failback scenarios. Still, it is a big field for CyberArk developers. Logically it is an easy scenario to understand - yet not for everyone, surely.

I've used the solution for around five years. I have been using CyberArk PAM as an end customer for three years. For another two, I work as a CyberArk support specialist.

Stability is overall good. However, there are many error messages that are like false-positive - they do not produce any issue yet logs are full of information.

The scaling has been mostly positive. It seems not hard to scale it up.

Sometimes it is hard to understand the capabilities, limitations, etc. They try to help with that.

Positive

I've never used another solution that would have the same or similar capabilities.

The initial setup can be complex. It is important to go really carefully step-by-step with instructions. When you do that, you can be 100% sure everything will work well.

When I was an end-customer I recall using a vendor for the implementation and support. Now, I am a vender and therefore I do it by myself.

Licensing may sometimes seem a little complicated. A good partner from CyberArk can work it out.

Unfortunately, I have not participated in evaluating other options.

Overall, I am really glad I worked with CyberArk for five years.

We use this solution for privileged systems access with a high emphasis on security. End users are required to go through a process of being vetted in our NERC environment in order to use the solution. This product has been used by my company for about five years now.

This product has placed a new culture in my company by making employees more aware of IT compliance and cyber security. It has also placed us in a position to meet NERC CIP v6 requirements.

The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task.

Using the PSMP (Privileged Session Manager Proxy) makes it extremely convenient for UNIX Administrators to utilize their favorite SSH client software (i.e. SecureCRT or Putty) to connect to a privileged target without having to go through the PVWA web login.

I would like to see the product enhancement with the Secure Connect feature. Today, there is no functionality to create "Accounts" using Secure Connect to permanently store a user's working tab. It is a tedious manual process of entering host IP information and user credentials into a privileged target system.

Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use. It’s a manual process of entering information all the time. Unless you are working with accounts already stored in “Safes”.

I have been using this solution for seven years.

We have noticed some stability issues with the PSM Servers. We've noticed that there may be a limitation on the number of users that a PSM Server can handle. We have two PSM Servers deployed in our Production environment and have come to a conclusion that we may need to add two more to stabilize the environment.

Upgrading to version 9.9 significantly reduced the stability issues with the PSM Servers and the limitation on the number of users that the PSM can handle.

CyberArk could use some improvement in their level of customer service. Sometimes, it can take more than a day before a Case that I have submitted online gets a response from tech support.

The level of technical support has been great. The challenge has been to get an initial response and sometimes follow-up from CyberArk Support.

If you are going to set up CyberArk for the first time, I highly recommend that you utilize their Professional Services. They are extremely knowledgeable and very helpful and will ensure that your implementation is a success.

We use Texas DIR when evaluation and making purchases of products.

We are currently on version 9.10. We would like to upgrade to the latest version some time this year. There is currently a CyberArk Security Bulleting CA19-09 that addresses potential administrative manipulations within the PVWA and the Digital Vault. CyberArk has released patch 9.10.4 to address the PVWA and they are working on releasing a patch for the Vault Server.

We use it for other use cases, such as automating application authorization, managing files, and securing monetary accounts. We use it for managing privileged accounts.

I like everything about it. It's secure and reliable. I especially appreciate that it's locked down and only allows access to authorized components.

The issue is that in many environments, what I purchase via text is different. We have some policies that are specific to Microsoft environments. For example, my actual manager may not be able to connect to a Microsoft product due to a policy on it. The issue that comes to mind now is how six credentials are managed.

Currently, if you try to log in to any server within the environment, you would need to log in every time, regardless of whether you have already received the credential or if the connecting device is present or not. It is a problem with CyberArk. If CyberArk could find a way to solve this, it would greatly improve the experience.

I'm not sure if it is possible to fix this. It's not a point of entry, but it may require a longer string than the user might want to know, or maybe cheaper right now. If CyberArk can find a solution that improves the experience, it would be beneficial to customers.

Another thing is that there are some time needs that could be improved in the future. One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible.

I've been working with it for three years. I'm currently working with version 12 of the solution, and I've also worked with version 10 and partition 11.

The number of users is about 3,305, and it is stable. We don't have any small clients, mainly medium and enterprise businesses.

I would rate stability a ten out of ten, and it's very stable.

I would rate scalability an eight out of ten. It's not perfect, but it's fairly scalable.

Some things need improvement. The solution doesn't provide sufficient support. I contacted them at one point, but it took several months to get a response. Additionally, we had an issue with account balances that took a while to resolve. That was four or five years ago, though. Other than that, it's a decent solution.

Positive

Regarding the initial setup, I would say it's pretty straightforward on a scale from one to ten, where one is difficult and ten is easy. I'd give it a nine. Deployment took less than a week.

I deployed the solution.

It is pretty pricey. I would rate it a seven on a scale of one to ten, where one is cheap, and ten is very expensive.

Overall, I would rate the solution a ten out of ten.

The main use case is the protection of privileged accounts. We also use it for multi-factor authentication and single sign-on.

Now we feel assured that all our privileged accounts are well protected. Our admins don't know passwords and don't enter them manually. This eliminates the risk of interception and account hijacking.

First of all, CyberArk offers great flexibility. Throughout our years of experience, we haven't found any system that we couldn't connect with CyberArk. We have many web management consoles, and it's no problem to connect to them using custom connectors.

Moreover, it's a highly customizable solution. If you know how to do it, you can customize it as you want.

There is room for improvement in the pricing model. From a technical point of view, there are no issues. Support could be faster, though. We have mentioned that better support from CyberArk would be beneficial.

So, support could be faster, and pricing can be improved.

We have been using it for our needs and sharing it for over ten years. Currently, we use version 12.

It is a very stable solution. I would rate the stability a ten out of ten. If you can read the manual and avoid making mistakes, it's very stable.

It is an extremely scalable solution. I would rate the scalability a ten out of ten. In our organization, there are ten CyberArk users; they all are system administrators. 

The customer service and support could be better. The response time could be better. 

Neutral

I would rate my experience with the initial setup a four out of ten, one being difficult and ten being easy. It's a modular system. To run CyberArk, you need to deploy several different services, set them up, and configure the interactions. It's not a solution in one box.

The initial setup is not very complex, but I would say it's not very simple, either.

We have deployed CyberArk in both environments. We have several working calls in the cloud and some parts on-premises. The initial deployment takes about two days. 

Our main technical task was to reduce security risks, which we accomplished with CyberArk.

I would rate CyberArk's pricing a nine out of ten, with one being cheap and ten being expensive. It's one of the most expensive solutions in the market, but it's worth it.

I would suggest finding a qualified partner. Don't try to install and configure it on your own. Instead, seek a certified CyberArk partner. It will save a lot of time and stress.

Overall, I would rate the solution a nine out of ten. It's very good, but there are still areas for improvement, like any other product. 

CyberArk PAM is used to secure passwords and remediate audit findings. CyberArk PAM is used to manage access to passwords, rotating these after use or on a regular basis, and verifying the passwords on the system match what is in the vault on a regular basis. Passwords are managed in this manner on both Linux and Windows servers.

CyberArk PAM ensures that passwords on Linux servers are highly secure, regularly changed, and completely auditable. This saves enormous amounts of time when responding to audits and security concerns. And the scheduled verification of passwords ensures that passwords remain available when needed and stay secure. CyberArk has become the standard tool for password management.

I find value in notifications from CyberArk when passwords fail verification and have other issues. Investigation of these issues often uncovers other issues. The way safe security is handled is outstanding and makes it easy to provide safe access to those who need it and deny safe access to those who should not have it.  

Another valuable feature is the agentless architecture of the product. Using native processes to manage passwords and not having to install and update agents is a huge plus.

A more friendly and functionally complete user interface would be nice to have. The current interface is not very intuitive. It is somewhat clunky and difficult to navigate, and many times have to toggle between the somewhat underdeveloped new interface and the older classic UI. This state of basically having two interfaces is a prime opportunity for CyberArk to improve its product.

Also, it would be nice if the vaults could run on Linux instead of Windows.

I have been working with CyberArk for more than ten years in various capacities ranging from end user to safe/vault administrator to application administrator.

The solution is incredibly stable.

We have not run into any scaling issues.

CyberArk support is pretty solid.

Positive

I did not previously use a different solution.

The initial setup is more complex than simple, however, not daunting.

We worked with the vendor team who were very knowledgeable during the implementation.

The PAM product isn't low-cost, however, it is worth it. Go with a longer-term agreement to realize lower costs.

CyberArk PAM was chosen before I got involved so I am not aware of which other products were evaluated. However, we have never had to go back and review the decision to use CyberArk.

Use CyberArk professional services when needed. They are very knowledgeable and experienced which means engagements have a high success rate.

I am using CyberArk Privileged Access Manager to protect our servers. It can be either a Windows or Linux Server. Additionally, we have some network devices, and databases, such as Oracle and MySQL Server being protected.

It's improved our organization a lot. It has fulfilled some guidelines from the Indian government. There is some Indian government guideline for anonymity and access management. Similarly, there are guidelines for GDPR, and where we have vendor's control. CyberArk Privileged Access Manager has helped us to meet all the requirements.

CyberArk Privileged Access Manager's main benefit is it provides secure access to our servers. There are features to capture the user activity, it provides video recording processing. If the users are logged in to the server, we can see what activities they are performing. It's a very nice tool for Privileged Access Management. They have plenty of useful services and the solution has fulfilled our needs.

The solution could improve by adding more connectors. 

I have been using CyberArk Privileged Access Manager for two and a half years.

CyberArk Privileged Access Manager is a stable and reliable solution.

We have approximately 200 people using this solution.

The support team from CyberArk Privileged Access Manager is very good.

I have not used other solutions.

CyberArk Privileged Access Manager's initial setup is straightforward. However, it can depend on many factors, such as architecture.

I used a partner for the implementation of the CyberArk Privileged Access Manager.

The number of people required for the implementation of CyberArk Privileged Access Manager depends on the number of applications. However, for my team, we have two to four people who were involved in the development of our architecture. 

From a technology perspective, CyberArk Privileged Access Manager has helped us to improve our services. It helped us to meet our requirements or guidelines. Whether it's audit perspective, internal, or external, whatever the guideline is, it meets our needs. If there are any independent agencies that need to be involved we meet those requirements.

The price of CyberArk Privileged Access Manager is expensive. There are no other fees other than the standard licensing fees.

As part of our company's policies, we have to evaluate other solutions.

I would advise others that requirements should be discussed properly with all the stakeholders to understand their expectations. Additionally, it is important to explore our tool limitations. We should more focus on solution designing.

I rate CyberArk Privileged Access Manager a nine out of ten.

CyberArk is for Privileged Access Management, so we secure our privileged accounts using CyberArk.

The main, most valuable aspect is its capability to secure our environment. That's the main reason why we are using it.

It can be made user-friendly, in the sense of the console is pretty outdated. They could add more enhancements, et cetera.

They could add more built-in connection components to support various other application platforms. The built-in connection components available are mostly not fit for our purpose. We need to do additional customization to make it work.

I’ve used the solution for almost two years.

Stability is fine so far, other than a couple of phishes every once in a while.

25 people are using the solution.

The solution is scalable. It’s on the cloud, which makes it simple.

We have enterprise support from the vendors.

The response time could be a bit better. Some people don’t have the access to be able to jump in right away. Sometimes we need someone from the development team who has access to help.

Neutral

I’ve never had experience with any other vendors.

The initial setup was not that straightforward. However, we had vendor support, and we were able to fix all the issues.

It took us almost a month to deploy the solution.

I’d rate the solution a three out of five in terms of ease of setup.

In terms of maintenance, some of the components are not in the cloud, so we handle these aspects ourselves. We have a dedicated team for it.

We initiated the setup with the help of the vendor.

I don’t deal with the licensing. That said, my understanding is that it is on the higher side.

When we need enhancements, we do have to pay more.

We are CyberArk partners. I’m a consultant.

We’re always using the most up-to-date solution version, as we are utilizing the cloud.

We use it mostly to secure our privileged accounts. We don't actively use any other products of CyberArk.

I’d recommend the solution. It’s ideal for smaller organizations.

I would rate it seven out of ten.