CyberArk Privileged Access Manager Reviews

I use CyberArk Privileged Access Manager for privileged access management for our IT administrative team. It helps in managing access to IT systems.

By implementing this solution, we wanted to monitor and manage access. We wanted to control who can log into which machine.

Our administrators no longer have to save the passwords or credentials in a file or spreadsheet to share with colleagues. Everything is organized in a vault. We have logs on which credentials were used and at what time on a machine.

CyberArk Privileged Access Manager is very powerful and customizable. We are able to customize it as per our needs. 

It has been stable over the last four years, and we have a good overview of the usage of every credential on hosts and endpoints. Our infrastructure consists of many solutions and pieces, and CyberArk Privileged Access Manager is one of the important pieces. 

CyberArk Privileged Access Manager has not helped us reduce the number of privileged accounts, but it certainly helps us manage our privileged accounts. Without it, it would not be possible to manage them.

CyberArk Privileged Access Manager assists us in meeting compliance and regulatory requirements from the government, the European Central Bank, and our customers. It is hard to measure the time saved on satisfying compliance requirements related to financial services by implementing CyberArk Privileged Access Manager, but without it, it would not be possible for us to meet these requirements.

The most valuable features of CyberArk Privileged Access Manager are its robust functionality and reliability. 

It has reduced the mean time to respond, but it is hard to provide any metrics. Its log and audit files are very helpful when we have to investigate an incident.

CyberArk Privileged Access Manager helps ensure data privacy because we now know who is using which credentials and at what time.

CyberArk Privileged Access Manager did not have much effect on our operational efficiency because it is a new tool for us. Any new tool means more work. It has also not saved us costs, but without it, we would not be able to meet the requirements for operating our bank.

We were able to realize its benefits immediately after the deployment.

The graphical user interface could be simplified and harmonized for better usability. It should be consistent. Its GUI is very confusing.

I have been using CyberArk Privileged Access Manager for four years.

Overall, the stability of the solution is high. I would rate it a nine out of ten for stability.

Currently, it meets my organization's capacity requirements. I would rate it a nine out of ten for scalability.

We have about 6,000 employees at different locations. We have different operating systems, database systems, and decentralized infrastructure.

Their technical support is good, but it can be better. Even if we provide everything required along with the ticket, we get a standard response asking for the logs. They do not go into analyzing the issue. They just ask for the log files. I would rate their support a six out of ten.

Neutral

We did not use any solution before CyberArk Privileged Access Manager. This is the first solution we are using for Privileged Access Management.

Its implementation took us a year because we have a complicated infrastructure. It requires support from a consultant or an implementation partner. You cannot install it yourself. The automatic onboarding of the privileged accounts is a lot of work.

It requires maintenance because if your infrastructure changes, you have to take care of all the new credentials. If you also have a cloud setup, you need to figure out how to connect everything. There is a lot of work involved in maintaining it. It is not easy.

We took the help of a third party for deployment and customization.

CyberArk Privileged Access Manager is on the expensive side.

I would recommend CyberArk Privileged Access Manager to other users. It is one of the leaders in Gartner's Quadrant. It is stable. 

My overall rating for the solution is an eight out of ten.

We use CyberArk Privileged Access Manager for privileged access management (PAM) escalation, securing our website, and applications. Our cybersecurity team actively utilizes its features.

The PAM escalation is valued. The access control feature and privilege and role-based assignment are outstanding. Dividing the user admin for security protection is the best feature. Additionally, its remote access allows easy connection for my team, and it efficiently manages identity.

Initially, it was challenging to understand and use all the features incrementally. Having a better user journey with a support team to connect would improve the product and services.

I have been using CyberArk Privileged Access Manager for about eight months in our company.

The solution is quite stable. We have not faced any issues related to stability since using CyberArk Privileged Access Manager for eight months.

CyberArk Privileged Access Manager is scalable. As a startup, it initially handled fewer users, but it scaled well as we grew.

Technical support was fast in its replies and always supportive, helping to resolve any issues efficiently.

Neutral

We used miniOrange, an Indian-based cybersecurity product for access management and PAM escalation. We also used one more product, which I don't remember the name of.

The initial setup was straightforward due to well-documented resources and tutorials.

Our cybersecurity team, comprising two to three people, worked on the deployment and feature implementation.

The pricing is quite well-structured with monthly and weekly plans.

I evaluated miniOrange and one other product.

New users should watch the YouTube channel, read the documentation, check the resource section including CyberArk University, and see if it works well with their product. I rate the overall solution a nine. My overall product rating is 9 out of 10.

We have traditional use cases for Windows, Unix, and Linux-based systems. Additionally, we have use cases involving AWS, Oracle, SQL, and Postgres databases.

We also plan to bring in more use cases for VMware vCenter, VMware VxRail, and iDRAC. We aim for CyberArk Privileged Access Manager to be an integral part of all our infrastructures in accessing and securing credentials, particularly in restricted environments. It is a life science project. There are certain places restricted for the users.

We are still trying to get everything driven through CyberArk. We are trying to restrict direct RDPs to a particular target or doing an SSH outside of CyberArk. The adaptability is about 60% at this time, but we want to make it 100%.

Authentication is the key to protecting sensitive data. Integration with SAML or Okta prevents intrusions to a great extent.

We were able to realize its benefits immediately after the deployment, and we are happy with it.

CyberArk Privileged Access Manager has not helped reduce the number of privileged accounts, but they all are being vaulted now. We do not have any privileged accounts that are not vaulted in CyberArk.

CyberArk Privileged Access Manager’s ability to safeguard credentials is very important. The paradigms are changing. The data is at threat when it is online. Anything digital needs to be secured. CyberArk has been the leader in the PAM product market. Our client made a good decision by taking CyberArk as their PAM tool.

The features that CyberArk Privileged Access Manager provides are good. It helps to meet the compliance and regulatory requirements to a large extent.

CyberArk Privileged Access Manager has helped to improve the incident response mean times. We have notifications configured from CyberArk. We have integrated CyberArk with ServiceNow and Splunk SIEM. We get notified pretty easily. The notification part works very well with CyberArk. There is about 85% improvement.

One of the best features of CyberArk Privileged Access Manager is the capability of Privileged Session Manager (PSM) because it provides visibility into user activities, audit ability, and traceability. 

The integration with most other technologies is also excellent. We expect more plug-ins, but it already includes plug-ins for password management with other technologies, offering a robust mechanism for credential safety and management.

One area for improvement is the plug-in development challenge. Although CyberArk provides a plug-in generator utility, it does not fully meet our needs, particularly for web-based applications. The plug-in generator currently works only for Telnet and SSH connections. We cannot generate a plug-in for web-based applications.

Moreover, integration with ServiceNow ticketing supports change requests or incidents but lacks support for service requests. Introducing service request support could prevent the overhead of raising unnecessary incidents or changes. There have been a lot of votes for this feature, but I am not sure why CyberArk has not yet introduced it. This is one of the features that we have been waiting for.

I have used CyberArk for over six years, and the client I am working with has been using it for over four years.

I would rate its stability an eight out of ten. There are occasional bugs where while installing the product, it behaves differently on different servers, especially during patch upgrades. Such issues have been more noticeable since we moved from version 12.6 to higher versions. This could be because they have done a lot of UI changes and enhancements in these versions.

Scalability is good, and I would rate it around an eight out of ten.

They are fast. In some cases, they typically respond within one to two days. However, the response time can vary depending on the priority and volume of cases they receive.

Neutral

We previously used BeyondTrust but are transitioning everything to CyberArk, as it offers better integration and enhancements.

The initial setup is easy. I was not part of the organization during the initial setup phase. It probably took around six months.

There are other vendors that handle the maintenance for us. CyberArk comes into the picture if issues are not resolved by our vendors.

The pricing for CyberArk is on the higher side compared to other Privileged Access Management products. Something should be done regarding enterprise licensing for long-standing customers.

I would advise trying CyberArk as it offers a wide range of integrations, plug-ins, and enhancements compared to other solutions. However, it is expensive.

Overall, I would rate CyberArk Privileged Access Manager an eight out of ten.

My main use case for CyberArk Privileged Access Manager is installing it to prevent direct access to the users. For the privileged account, we are using the PAM, and all sessions have been monitored, with all logs shared and logged on the vault.

I have more to add about my main use case for CyberArk Privileged Access Manager, specifically our Privileged Threat Analysis, which detects any suspicious event and alarms us.

The best features CyberArk Privileged Access Manager offers are PTA, Privileged Threat Analysis, and Alero, Remote Access Management, and these features are essential for enhancing security.

PTA and Alero have made a difference for my team by providing a predefined rule assigned and implemented on the PAM; for example, it sends us an email if there is any suspicious activity or threat credential loss, offering feedback related to user behavior. For Alero, Remote Access Management, it is a very wonderful Identity and Access Management with biometric MFA, mobile access, location tracking, and a small RBAC role-based matrix access that defines user roles, serving as a replacement for VPN.

CyberArk Privileged Access Manager has positively impacted my organization, showing significant improvement since all sessions are monitored and isolated using isolated RDP sessions, which are created temporarily and expire if not used.

In terms of specific metrics or outcomes, the time savings have been noticeable, and while it is not direct access, the PAM works efficiently between servers and end users, preventing users from running or installing unauthorized applications through the AppLocker application created on the PSM.

CyberArk Privileged Access Manager can be improved because I have experienced one issue where a user connected through RDP to a Linux server and the PAM could not fetch any commands or key store logging from the Linux server, which works fine on Windows servers. If they could combine both into one keylogger solution, it would be great, and increasing the number of CPM plugins for password retention while providing common web portal applications out-of-the-box would also help.

I have been using CyberArk Privileged Access Manager for more than five years.

CyberArk Privileged Access Manager is stable in my experience, with no issues of downtime or reliability due to our disaster recovery (DR) and high availability (HA) servers in place.

CyberArk Privileged Access Manager's scalability is good, as it can handle more users or workloads with our five-year roadmap indicating that the PSM server can manage around 20 sessions per hour, which is sufficient for our organization.

I would rate customer support a nine on a scale.

I previously used BeyondTrust and Delinea, but I did not switch because I noticed many features in CyberArk that are not available in other solutions.

I did not evaluate other options before choosing CyberArk Privileged Access Manager, as I had good experience with another live product.

My advice for others looking to use CyberArk Privileged Access Manager is to pay attention to the vaulting part, which is essential for every organization, as each server has a secured vault that connects over TLS with a lot of encryption details. The product is consistently enhanced, and the latest release is 14.6. I rate this solution 9 out of 10.

Our main use cases are to monitor all privileged accesses. It can be HTTPS, LDAP, SSH, or SQL management, so anywhere we have privileged access, we want to monitor it and place it under CyberArk.

Its monitoring capabilities are good. Whenever the end users start their session, it quickly allows you to monitor. However, if there are no firewall rules, it creates a video, but it does not take all the audit logs. For audit logs, you need firewall rules. It is very well described in their documentation. At the start, they communicate this to clients. The documentation is well-defined.

The features that are most effective, like every PAM solution, include monitoring and password rotations. 

The best thing about this solution, especially on-premises, is that we can interact with it directly. If we need to develop something, we are allowed or can do it by ourselves, which is most effective for us as administrators. It is not a black box. We have the ability to customize, especially the connection components.

There are some options in the web portal where they can improve the user experience. For example, in remote, there is a parameter called 'access to remote machine.' When we put host names in that field, we are not able to search it. It would be useful if a search feature was there to check if a machine is already onboarded. When we onboard a few machines in the same domain using just one account, we put the domain name in the address field and host machine names in the remote access parameter. However, we are not able to search within that field, which makes it difficult for us as admins to know if a machine has already been onboarded.

Other than that, I do not have any areas for improvement. Whenever we find any bugs or have a need for a feature, we open a ticket with them. They usually work on that if the same request has also come from other people. They are already good at doing that.

I have been working with CyberArk for almost six to seven years.

The solution is very stable. If you install the solution with CyberArk's guidelines, it remains stable. I also offer 24/7 services, and in three years, I have received two or three calls from clients indicating the solution was not working. It means the solution is very stable.

It is scalable. If a client has 100 users and wants to add 100 more users, it is possible. They can make it bigger and smaller, depending on their needs.

Our clients are medium enterprises.

Their technical support is good. They provide solutions and also the documentation if you ask. If you cannot find something, they point you to the right documentation. With support, I have never found any problems.

Positive

There is a lot of complexity if we are installing the solution on-premises. On the cloud, there is no such complexity, but on-premises, it is complex because there are different components like Vault, PVWA, PSM, and CPM. There are many components, and we need to follow a sequence to install these products. One needs a good knowledge of these components to install because we cannot just follow the documentation and install it. The documentation is vast. First, we need to read all of it. For first-time users, it is a bit difficult, but with experience, it is not a big deal. In terms of ease of use, I would rate it a six out of ten for on-premises and a nine out of ten for the cloud.

The deployment model depends on the clients. Our clients from banks usually use it on-premises. Clients in other fields do not want to install the machines on-premises because that is resource-consuming, so they go for the cloud deployment.

With the cloud deployment model, the clients need to deploy fewer components in their infrastructure. Vault and PVWA are already in the cloud, but other components like PSM, CPM, and PSMP are on-premises. It is not that all the infrastructure is on the cloud. There are a few components that are on-premises. However, in the case of on-premises, all the components are on-premises inside the infrastructure of the client, and they are responsible for maintaining that.

Our clients have seen an ROI.

If you want a Ferrari, it will cost you. The solution is really nice, so it costs the client, but in the long run, it is very good. If you buy a solution that costs a lot to maintain because it is not stable, and you are frequently asking for consultant support, it costs more. It is better if the client spends a little more money initially. In the long run, it is very good.

My recommendation depends on your needs and what you want to achieve. If you just want SSH, LDAP, and basic monitoring, you can consider other solutions like Wallix or One Identity, which cost less. If you need a lot of customization, such as you want to put in a lot of HTTPS ports and change the passwords of internal applications, this solution is much better than others. 

I would rate it a nine out of ten.

I am an admin, and I use this solution for all our users. We have 80 users in our environment.

By implementing CyberArk Privileged Access Manager, we wanted to secure our environment and track everything.

We were able to realize its benefits within four to five months of its deployment after we had onboarded everything.

CyberArk Privileged Access Manager is cool. It has a lot of good tools, including everything we need. 

It could be more user-friendly. Sometimes I encounter issues, and I do not know what the issue is. It takes a lot of time to find the error and fix it. Sometimes it gives an error, but I do not know what the error is. I have to find the documents, but it does not provide all the details needed to fix the error. This is one of the day-to-day issues with CyberArk. 

When I contact support, it takes a long time to get help. They request all these logs, but they are not always relevant to my case. It is not always a definite help because I sometimes need help with issues that do not require any logs or device details. I am not sure if they read the case or not.

I have been using CyberArk Privileged Access Manager for four years.

It is good. We had a ten-minute outage last month. That is all. We do not know the reason. 

It is reliable.

CyberArk's support quality has to improve because we are totally dependent on them. I would rate their support a five out of ten.

Neutral

I used to use Okta. CyberArk Privileged Access Manager has more features.

We had a third-party professional service that helped us to install it. It took about four or five months. To deploy, we worked with three people.

It does not require any maintenance. We just have to do the day-to-day operations work.

New users should have training before they sign up for CyberArk. CyberArk should provide mandatory training so that everyone implements it properly. Sometimes, new users do not know what is going on, and they open a ticket, which might be an issue from their end. CyberArk should have a new user training service so that everyone is familiar with it.

I would rate CyberArk Privileged Access Manager a seven out of ten.

I am a senior manager, and we have multiple clients for whom we deploy CyberArk Privileged Access Manager. We also manage or upgrade their instances. We handle migrations and new implementations. We take care of anything related to CyberArk.

The feature that I like the most is the Privileged Session Manager. It offers session recordings, logging, and tracking of user workstreams. It keeps a record of activities, allowing me to easily fetch screen recordings to detect any misuse and see who did what and what happened. Its benefits can be seen immediately after the deployment.

Based on the user experience that I see on a day-to-day basis, some changes could be made to the Privileged Session Manager tool to make it more user-friendly. The user interface of that tool could be more advanced and understandable to laymen, rather than being more of a developer tool. I would recommend more user-friendliness there.

CyberArk is more focused on the cloud solution. They are not going towards on-prem, but a lot of clients still like the on-prem solution. With the cloud implementation, you have a lot of dependencies on expert services. When you get into some issues, you have to wait for expert services. They usually reply in two to three days. That is something CyberArk needs to make better. If they want clients to move to the cloud, they need to support them in real-time. The client should not be waiting for two days to get a response for the issue. If CyberArk wants people to pay for cloud services, they need to make the cloud services much more real-time.

I have been using CyberArk Privileged Access Manager for approximately six years.

CyberArk Privileged Access Manager is a stable solution. I have never faced any issues with stability.

CyberArk Privileged Access Manager is a scalable solution.

I have contacted their support a lot of times. The quality of support is okay, but the time frame for replies should be much faster than it is currently.

Neutral

I have not used any similar solution for PAM. However, for managing the accounts, we have used some password management solutions such as 1Password, but they do not give you the accessibility and different components that PAM provides. They are just for password storage and keeping the passwords safe. A PAM solution from CyberArk or BeyondTrust solution provides a lot more than that, so we cannot compare them. There is no comparison.

I have deployed it both on the cloud and on-prem. My one client is on-prem, and another one is on the cloud.

The initial deployment depends on how extensive it is. For one client, it was quite easy, but after the deployment, it was tricky to deploy the components for AEM, EP, and CCP. On-prem implementation is much easier than the cloud. Cloud solutions require better and more immediate support. Cloud deployment is challenging due to dependencies on expert services.

It requires a bit of maintenance but not that much. Once you deploy the solution, it works, but there are always new upgrades. For example, if you deploy a web connector for web applications and Chrome releases an upgrade, you have to see whether CyberArk is supporting that upgrade or not. Accordingly, you have to update the drivers and other things for the web applications. The same goes with PSMP and SMP. If there are any version upgrades or any vulnerability patch fixes, you have to perform maintenance.

We help customers deploy it.

The duration depends on how big the instance is. To deploy all the components, the duration can range from three to six months.

It can be deployed by one person, but it also depends on how many instances of servers you are deploying, what is the concurrent usage, how many users are being onboarded, and what components you have. There is PSM. There is EPM and PSMP. It depends on what exactly the client requires. These are some factors that determine the time frame and number of people required.

From a client perspective, CyberArk's pricing is fair but there is a significant increase each year. They should limit the price increase because this could potentially drive customers to other partners. Price changes should be at defined intervals. There should not be sudden jumps.

I would rate CyberArk Privileged Access Manager an eight out of ten.

My primary use case for CyberArk Privileged Access Manager is managing privileged access across the organization. I focus on auditing compliance and ensuring compliance with financial systems like SAP.

The benefits of CyberArk Privileged Access Manager are typically realized over time, often facing initial resistance from various teams within an organization. While security, audit, and governance teams readily recognize the value of CyberArk, platform teams, and other stakeholders may resist its implementation. This necessitates a concerted effort to sell CyberArk internally, emphasizing its benefits and addressing concerns. Convincing internal stakeholders can be more challenging than securing buy-in from security or IT teams, often requiring three to six months after deployment for the benefits to become evident and widely accepted.

For me, CyberArk Privileged Access Manager's most valuable features are password and session management. It also includes technologies like Zero Standing Privileges and EPM, which I deploy for customers to demonstrate the return on investment.

CyberArk could enhance its usability by simplifying its architecture and design. Additionally, incorporating automated onboarding and offboarding features directly into the product would reduce the maintenance burden on administrators.

I have been using CyberArk Privileged Access Manager for eight years.

I find CyberArk to be quite stable. Exceptions occur mostly due to user errors. It has a large customer base and positive feedback within my network.

On-premises scalability is challenging for me due to deploying various components on different servers, but I find SaaS to be more promising in scalability.

In my experience, the quality of support has been inconsistent. Response times seem to correlate with the strength of the relationship with the CyberArk account manager, with quicker responses when rapport is strong.

Neutral

I worked briefly with BeyondTrust but returned to CyberArk, which has been my primary focus.

In SaaS, most tasks are abstracted, reducing the workload compared to on-premise solutions where tasks like network configuration, connectivity, SSL certificates, and management fall on the user. However, SaaS solution eliminate the overhead of building VMs and similar infrastructure. Overall effort for both approaches is comparable, but SaaS offers the significant advantage of CyberArk managing the underlying infrastructure, including the vault and web interface, a feature most customers prefer today.

Initial setups were challenging for me at first, but with experience, they became more manageable. It generally requires reviewing documentation and seeking initial support from CyberArk. The deployments take between three and six months.

Implementation involves a project team with a project manager and Windows engineers for tasks like VM provisioning. Typically, I have executed projects primarily by myself, sometimes with minimal assistance from junior resources.

CyberArk Privileged Access Manager is more expensive than its competitors, such as BeyondTrust, Delinea, and ManageEngine PAM360. While ManageEngine PAM360 offers similar flexibility and support at a lower cost, CyberArk's SaaS solution is particularly expensive. This high price point has discouraged many customers from migrating from on-premise solutions to the CyberArk SaaS platform.

I would rate CyberArk Privileged Access Manager nine out of ten.

CyberArk manages the maintenance for the Privileged Access Manager.

Organizations must ensure users understand the importance of PAM and how it secures infrastructure. Training sessions, workshops, and demos are crucial for building user engagement and overcoming initial resistance.