Senior Security Consultant at a computer software company with 5,001-10,000 employees
Consultant
It helps our clients have full confidence in their security
Pros and Cons
  • "With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent"
  • "PAM could be more user-friendly and CyberArk could update the documentation to include more real-world examples. You have to learn it yourself through trial and error. In particular, the online documentation should have more information about troubleshooting."

What is our primary use case?

I'm a security solutions architect. I design solutions and hand them over to the client once they're implemented. We educate the users on how the solution works or turn it over to our managed services department

CyberArk PAM is an identity management solution used to manage privileged accounts on domains and local servers, including admin accounts in Windows environments and root users in Unix. 

How has it helped my organization?

With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent secure against attacks if you have all the right policies in place.

What needs improvement?

PAM could be more user-friendly and CyberArk could update the documentation to include more real-world examples. You have to learn it yourself through trial and error. In particular, the online documentation should have more information about troubleshooting.

For how long have I used the solution?

I have used CyberArk PAM for two years. 

Buyer's Guide
CyberArk Privileged Access Manager
September 2023
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
734,678 professionals have used our research since 2012.

What do I think about the stability of the solution?

CyberArk PAM is stable.

What do I think about the scalability of the solution?

CyberArk PAM is scalable. Managing 80,000 accounts is almost as easy as managing a thousand. 

How are customer service and support?

CyberArk has a solid community. It's easy to get support and feedback from the forums. However, it can be difficult to access official technical support if you don't have a CyberArk certification because they have a process to limit unnecessary calls. You get excellent support once you're certified. 

How was the initial setup?

Deploying CyberARK is complicated, but it is relatively easy for me because I have excellent scripts for implementing the prerequisites. It might be challenging for the average end user. It would be ideal to educate them in a demo environment because hard to explain this to a user without them. I would need to build an environment to show them. A simulated lab environment is one thing CyberArk PAM lacks.

We set up the prerequisites and discover the privileged accounts in the environment. CyberArk has a tool that scans the servers and detects accounts. This works best in a Microsoft environment. It's more difficult without Active Directory because you have to rely on the information the customer provides. You can begin the onboarding process once you've identified the accounts. 

It takes a month to set up the prerequisites and two or three days to install CyberArk PAM. Once it is deployed, it takes eight months to a year to tie up some loose ends. You may need to identify some accounts that you missed. The total time depends on the size and complexity of the user's environment. If you've configured everything correctly, it's simple to maintain. 

What was our ROI?

The ROI for CyberArk PAM is difficult to measure because the benefit is a reduction in risk. If CyberArk can eliminate most of the customer's security risks, then it's worth what they paid. 

What's my experience with pricing, setup cost, and licensing?

CyberArk isn't cheap, but it's the best. You have to pay for quality. 

What other advice do I have?

I rate CyberArk Privileged Access Manager 10 out of 10. CyberArk is the leader in Gartner's quadrant. I tell my customers that they need to be 100 percent secure—99 percent isn't good enough. The top hackers will exploit that 1 percent hole, and you're finished. You need 100 percent, or else you're wasting your money.  

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
PeerSpot user
Korneliusz Lis - PeerSpot reviewer
CyberSecurity Service Support Specialist at Integrity Partners
User
Top 10
Good password management with good integrations and security capabilities
Pros and Cons
  • "I like the integrations for external applications."
  • "The Vault's disaster recovery features need improvement."

What is our primary use case?

The primary use case and the most used functionality of CyberArk PAM is managing privileged access (an easy way to pass permissions to specific servers to specific users granularly) and password management (an automated solution that manages password validity, expiration, etc.). PSM gives a possibility to set all connections secure and it is possible to re-trace actions made by users during such sessions. It is a good tool for extending usage to new end targets sometimes even out of the box.

How has it helped my organization?

CyberArk PAM ended a scenario where several dozens or even hundreds of privileged accounts had the same password or administrators had passwords written down on sticky notes. 

I have experience with onboarding thousands of accounts - mostly Windows, Unix, and network devices. I have developed (customized based on defaults) password management plugins for Unix systems and network devices.

What is most valuable?

I like the integrations for external applications. There are actually infinite possibilities of systems to integrate with - you would just need to have more time to do that. It is not an easy job, yet really valuable. I am not an expert on that, however, I try every day to be better and better. I have the support of other experienced engineers I work with so there is always someone to ask if I face any problems. End-customers sometimes have really customized needs and ideas for PSM-related usage.

What needs improvement?

The Vault's disaster recovery features need improvement. There is no possibility to automatically manage Vault's roles and for some customers, it is not an easy topic to understand.

I noticed that CyberArk changed a little in terms of the documentation about disaster recovery failover and failback scenarios. Still, it is a big field for CyberArk developers. Logically it is an easy scenario to understand - yet not for everyone, surely.

For how long have I used the solution?

I've used the solution for around five years. I have been using CyberArk PAM as an end customer for three years. For another two, I work as a CyberArk support specialist.

What do I think about the stability of the solution?

Stability is overall good. However, there are many error messages that are like false-positive - they do not produce any issue yet logs are full of information.

What do I think about the scalability of the solution?

The scaling has been mostly positive. It seems not hard to scale it up.

How are customer service and support?

Sometimes it is hard to understand the capabilities, limitations, etc. They try to help with that.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've never used another solution that would have the same or similar capabilities.

How was the initial setup?

The initial setup can be complex. It is important to go really carefully step-by-step with instructions. When you do that, you can be 100% sure everything will work well.

What about the implementation team?

When I was an end-customer I recall using a vendor for the implementation and support. Now, I am a vender and therefore I do it by myself.

What's my experience with pricing, setup cost, and licensing?

Licensing may sometimes seem a little complicated. A good partner from CyberArk can work it out.

Which other solutions did I evaluate?

Unfortunately, I have not participated in evaluating other options.

What other advice do I have?

Overall, I am really glad I worked with CyberArk for five years.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Just like I said above - I work as a CyberArk Support Specialist mostly. My company is an integrator of cybersecurity services such as CyberArk. We also use CyberArk PAM as a product inside our organization. But still - I am a real user and this review is based on my own experience and options. I think my review is really valuable because I have sight on this product either as a end-customer and a support.
Flag as inappropriate
PeerSpot user
Buyer's Guide
CyberArk Privileged Access Manager
September 2023
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
734,678 professionals have used our research since 2012.
PeerSpot user
Systems Admin Analyst 3 at CPS Energy
Real User
Top 20
The Privileged Session Manager Proxy makes it extremely convenient for UNIX Administrators to utilize their favorite SSH client software
Pros and Cons
  • "The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."
  • "Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use."

What is our primary use case?

We use this solution for privileged systems access with a high emphasis on security. End users are required to go through a process of being vetted in our NERC environment in order to use the solution. This product has been used by my company for about five years now.

How has it helped my organization?

This product has placed a new culture in my company by making employees more aware of IT compliance and cyber security. It has also placed us in a position to meet NERC CIP v6 requirements.

What is most valuable?

The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task.

Using the PSMP (Privileged Session Manager Proxy) makes it extremely convenient for UNIX Administrators to utilize their favorite SSH client software (i.e. SecureCRT or Putty) to connect to a privileged target without having to go through the PVWA web login.

What needs improvement?

I would like to see the product enhancement with the Secure Connect feature. Today, there is no functionality to create "Accounts" using Secure Connect to permanently store a user's working tab. It is a tedious manual process of entering host IP information and user credentials into a privileged target system.

Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use. It’s a manual process of entering information all the time. Unless you are working with accounts already stored in “Safes”.


For how long have I used the solution?

I have been using this solution for seven years.

What do I think about the stability of the solution?

We have noticed some stability issues with the PSM Servers. We've noticed that there may be a limitation on the number of users that a PSM Server can handle. We have two PSM Servers deployed in our Production environment and have come to a conclusion that we may need to add two more to stabilize the environment.

Upgrading to version 9.9 significantly reduced the stability issues with the PSM Servers and the limitation on the number of users that the PSM can handle.

How are customer service and support?

CyberArk could use some improvement in their level of customer service. Sometimes, it can take more than a day before a Case that I have submitted online gets a response from tech support.

The level of technical support has been great. The challenge has been to get an initial response and sometimes follow-up from CyberArk Support.

What about the implementation team?

If you are going to set up CyberArk for the first time, I highly recommend that you utilize their Professional Services. They are extremely knowledgeable and very helpful and will ensure that your implementation is a success.

What's my experience with pricing, setup cost, and licensing?

We use Texas DIR when evaluation and making purchases of products.

What other advice do I have?

We are currently on version 9.10. We would like to upgrade to the latest version some time this year. There is currently a CyberArk Security Bulleting CA19-09 that addresses potential administrative manipulations within the PVWA and the Digital Vault. CyberArk has released patch 9.10.4 to address the PVWA and they are working on releasing a patch for the Vault Server.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Rodney Dapilmoto - PeerSpot reviewer
Rodney DapilmotoSystems Admin Analyst 3 at CPS Energy
Top 20Real User

We do not use CyberArk PTA in our environment.

See all 5 comments
Oluwajuwon Olorunlona - PeerSpot reviewer
Cyber Security Engineer at eprocessconsulting
Real User
Top 5Leaderboard
Highly stable and efficiently automates application authorization
Pros and Cons
  • "It's secure and reliable. I especially appreciate that it's locked down and only allows access to authorized components."
  • "One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible."

What is our primary use case?

We use it for other use cases, such as automating application authorization, managing files, and securing monetary accounts. We use it for managing privileged accounts.

What is most valuable?

I like everything about it. It's secure and reliable. I especially appreciate that it's locked down and only allows access to authorized components.

What needs improvement?

The issue is that in many environments, what I purchase via text is different. We have some policies that are specific to Microsoft environments. For example, my actual manager may not be able to connect to a Microsoft product due to a policy on it. The issue that comes to mind now is how six credentials are managed.

Currently, if you try to log in to any server within the environment, you would need to log in every time, regardless of whether you have already received the credential or if the connecting device is present or not. It is a problem with CyberArk. If CyberArk could find a way to solve this, it would greatly improve the experience.

I'm not sure if it is possible to fix this. It's not a point of entry, but it may require a longer string than the user might want to know, or maybe cheaper right now. If CyberArk can find a solution that improves the experience, it would be beneficial to customers.

Another thing is that there are some time needs that could be improved in the future. One thing that could be improved is to create of a better alternative for fixing group policy fees. We currently use Microsoft, but they have introduced new policies that may not be compatible.

For how long have I used the solution?

I've been working with it for three years. I'm currently working with version 12 of the solution, and I've also worked with version 10 and partition 11.

What do I think about the stability of the solution?

The number of users is about 3,305, and it is stable. We don't have any small clients, mainly medium and enterprise businesses.

I would rate stability a ten out of ten, and it's very stable.

What do I think about the scalability of the solution?

I would rate scalability an eight out of ten. It's not perfect, but it's fairly scalable.

How are customer service and support?

Some things need improvement. The solution doesn't provide sufficient support. I contacted them at one point, but it took several months to get a response. Additionally, we had an issue with account balances that took a while to resolve. That was four or five years ago, though. Other than that, it's a decent solution.

How would you rate customer service and support?

Positive

How was the initial setup?

Regarding the initial setup, I would say it's pretty straightforward on a scale from one to ten, where one is difficult and ten is easy. I'd give it a nine. Deployment took less than a week.

What about the implementation team?

I deployed the solution.

What's my experience with pricing, setup cost, and licensing?

It is pretty pricey. I would rate it a seven on a scale of one to ten, where one is cheap, and ten is very expensive.

What other advice do I have?

Overall, I would rate the solution a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Alex Lozikoff - PeerSpot reviewer
Business Development Manager at Softprom by ERC
Real User
Top 10
Ensures the security of privileged accounts and very stable solution
Pros and Cons
  • "It is an extremely scalable solution."
  • "There is room for improvement in the pricing model."

What is our primary use case?

The main use case is the protection of privileged accounts. We also use it for multi-factor authentication and single sign-on.

How has it helped my organization?

Now we feel assured that all our privileged accounts are well protected. Our admins don't know passwords and don't enter them manually. This eliminates the risk of interception and account hijacking.

What is most valuable?

First of all, CyberArk offers great flexibility. Throughout our years of experience, we haven't found any system that we couldn't connect with CyberArk. We have many web management consoles, and it's no problem to connect to them using custom connectors.

Moreover, it's a highly customizable solution. If you know how to do it, you can customize it as you want.

What needs improvement?

There is room for improvement in the pricing model. From a technical point of view, there are no issues. Support could be faster, though. We have mentioned that better support from CyberArk would be beneficial.

So, support could be faster, and pricing can be improved.

For how long have I used the solution?

We have been using it for our needs and sharing it for over ten years. Currently, we use version 12.

What do I think about the stability of the solution?

It is a very stable solution. I would rate the stability a ten out of ten. If you can read the manual and avoid making mistakes, it's very stable.

What do I think about the scalability of the solution?

It is an extremely scalable solution. I would rate the scalability a ten out of ten. In our organization, there are ten CyberArk users; they all are system administrators. 

How are customer service and support?

The customer service and support could be better. The response time could be better. 

How would you rate customer service and support?

Neutral

How was the initial setup?

I would rate my experience with the initial setup a four out of ten, one being difficult and ten being easy. It's a modular system. To run CyberArk, you need to deploy several different services, set them up, and configure the interactions. It's not a solution in one box.

The initial setup is not very complex, but I would say it's not very simple, either.

What about the implementation team?

We have deployed CyberArk in both environments. We have several working calls in the cloud and some parts on-premises. The initial deployment takes about two days. 

What was our ROI?

Our main technical task was to reduce security risks, which we accomplished with CyberArk.

What's my experience with pricing, setup cost, and licensing?

I would rate CyberArk's pricing a nine out of ten, with one being cheap and ten being expensive. It's one of the most expensive solutions in the market, but it's worth it.

What other advice do I have?

I would suggest finding a qualified partner. Don't try to install and configure it on your own. Instead, seek a certified CyberArk partner. It will save a lot of time and stress.

Overall, I would rate the solution a nine out of ten. It's very good, but there are still areas for improvement, like any other product. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
IT Manager at BCBS of MI
User
Top 20
Good notifications, solid support, and agentless architecture
Pros and Cons
  • "I find value in notifications from CyberArk when passwords fail verification and have other issues."
  • "The current interface is not very intuitive."

What is our primary use case?

CyberArk PAM is used to secure passwords and remediate audit findings. CyberArk PAM is used to manage access to passwords, rotating these after use or on a regular basis, and verifying the passwords on the system match what is in the vault on a regular basis. Passwords are managed in this manner on both Linux and Windows servers.

How has it helped my organization?

CyberArk PAM ensures that passwords on Linux servers are highly secure, regularly changed, and completely auditable. This saves enormous amounts of time when responding to audits and security concerns. And the scheduled verification of passwords ensures that passwords remain available when needed and stay secure. CyberArk has become the standard tool for password management.

What is most valuable?

I find value in notifications from CyberArk when passwords fail verification and have other issues. Investigation of these issues often uncovers other issues. The way safe security is handled is outstanding and makes it easy to provide safe access to those who need it and deny safe access to those who should not have it.  

Another valuable feature is the agentless architecture of the product. Using native processes to manage passwords and not having to install and update agents is a huge plus.

What needs improvement?

A more friendly and functionally complete user interface would be nice to have. The current interface is not very intuitive. It is somewhat clunky and difficult to navigate, and many times have to toggle between the somewhat underdeveloped new interface and the older classic UI. This state of basically having two interfaces is a prime opportunity for CyberArk to improve its product.

Also, it would be nice if the vaults could run on Linux instead of Windows.

For how long have I used the solution?

I have been working with CyberArk for more than ten years in various capacities ranging from end user to safe/vault administrator to application administrator.

What do I think about the stability of the solution?

The solution is incredibly stable.

What do I think about the scalability of the solution?

We have not run into any scaling issues.

How are customer service and support?

CyberArk support is pretty solid.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

The initial setup is more complex than simple, however, not daunting.

What about the implementation team?

We worked with the vendor team who were very knowledgeable during the implementation.

What's my experience with pricing, setup cost, and licensing?

The PAM product isn't low-cost, however, it is worth it. Go with a longer-term agreement to realize lower costs.

Which other solutions did I evaluate?

CyberArk PAM was chosen before I got involved so I am not aware of which other products were evaluated. However, we have never had to go back and review the decision to use CyberArk.

What other advice do I have?

Use CyberArk professional services when needed. They are very knowledgeable and experienced which means engagements have a high success rate.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Beneficial secure server assess, useful user log access, and good support
Pros and Cons
  • "CyberArk Privileged Access Manager's main benefit is it provides secure access to our servers. There are features to capture the user activity, it provides video recording processing. If the users are logged in to the server, we can see what activities they are performing. It's a very nice tool for Privileged Access Management. They have plenty of useful services and the solution has fulfilled our needs."
  • "The solution could improve by adding more connectors."

What is our primary use case?

I am using CyberArk Privileged Access Manager to protect our servers. It can be either a Windows or Linux Server. Additionally, we have some network devices, and databases, such as Oracle and MySQL Server being protected.

How has it helped my organization?

It's improved our organization a lot. It has fulfilled some guidelines from the Indian government. There is some Indian government guideline for anonymity and access management. Similarly, there are guidelines for GDPR, and where we have vendor's control. CyberArk Privileged Access Manager has helped us to meet all the requirements.

What is most valuable?

CyberArk Privileged Access Manager's main benefit is it provides secure access to our servers. There are features to capture the user activity, it provides video recording processing. If the users are logged in to the server, we can see what activities they are performing. It's a very nice tool for Privileged Access Management. They have plenty of useful services and the solution has fulfilled our needs.

What needs improvement?

The solution could improve by adding more connectors. 

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for two and a half years.

What do I think about the stability of the solution?

CyberArk Privileged Access Manager is a stable and reliable solution.

What do I think about the scalability of the solution?

We have approximately 200 people using this solution.

How are customer service and support?

The support team from CyberArk Privileged Access Manager is very good.

Which solution did I use previously and why did I switch?

I have not used other solutions.

How was the initial setup?

CyberArk Privileged Access Manager's initial setup is straightforward. However, it can depend on many factors, such as architecture.

What about the implementation team?

I used a partner for the implementation of the CyberArk Privileged Access Manager.

The number of people required for the implementation of CyberArk Privileged Access Manager depends on the number of applications. However, for my team, we have two to four people who were involved in the development of our architecture. 

What was our ROI?

From a technology perspective, CyberArk Privileged Access Manager has helped us to improve our services. It helped us to meet our requirements or guidelines. Whether it's audit perspective, internal, or external, whatever the guideline is, it meets our needs. If there are any independent agencies that need to be involved we meet those requirements.

What's my experience with pricing, setup cost, and licensing?

The price of CyberArk Privileged Access Manager is expensive. There are no other fees other than the standard licensing fees.

Which other solutions did I evaluate?

As part of our company's policies, we have to evaluate other solutions.

What other advice do I have?

I would advise others that requirements should be discussed properly with all the stakeholders to understand their expectations. Additionally, it is important to explore our tool limitations. We should more focus on solution designing.

I rate CyberArk Privileged Access Manager a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Consultant at a recruiting/HR firm with 10,001+ employees
Real User
Top 20
Reliable and great for securing environments but could be more user-friendly
Pros and Cons
  • "The solution is scalable."
  • "It can be made user-friendly, in the sense of the console is pretty outdated."

What is our primary use case?

CyberArk is for Privileged Access Management, so we secure our privileged accounts using CyberArk.

What is most valuable?

The main, most valuable aspect is its capability to secure our environment. That's the main reason why we are using it.

What needs improvement?

It can be made user-friendly, in the sense of the console is pretty outdated. They could add more enhancements, et cetera.

They could add more built-in connection components to support various other application platforms. The built-in connection components available are mostly not fit for our purpose. We need to do additional customization to make it work.

For how long have I used the solution?

I’ve used the solution for almost two years.

What do I think about the stability of the solution?

Stability is fine so far, other than a couple of phishes every once in a while.

What do I think about the scalability of the solution?

25 people are using the solution.

The solution is scalable. It’s on the cloud, which makes it simple.

How are customer service and support?

We have enterprise support from the vendors.

The response time could be a bit better. Some people don’t have the access to be able to jump in right away. Sometimes we need someone from the development team who has access to help.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I’ve never had experience with any other vendors.

How was the initial setup?

The initial setup was not that straightforward. However, we had vendor support, and we were able to fix all the issues.

It took us almost a month to deploy the solution.

I’d rate the solution a three out of five in terms of ease of setup.

In terms of maintenance, some of the components are not in the cloud, so we handle these aspects ourselves. We have a dedicated team for it.

What about the implementation team?

We initiated the setup with the help of the vendor.

What's my experience with pricing, setup cost, and licensing?

I don’t deal with the licensing. That said, my understanding is that it is on the higher side.

When we need enhancements, we do have to pay more.

What other advice do I have?

We are CyberArk partners. I’m a consultant.

We’re always using the most up-to-date solution version, as we are utilizing the cloud.

We use it mostly to secure our privileged accounts. We don't actively use any other products of CyberArk.

I’d recommend the solution. It’s ideal for smaller organizations.

I would rate it seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2023
Buyer's Guide
Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.