CyberArk Privileged Access Manager Reviews

My use cases for CyberArk Privileged Access Manager are specifically for privileged access management. We are using it along with other products. They have access management, their own certificate manager, and other managers. CyberArk Privileged Access Manager is for privileged access for users who require more than normal access, such as administrators and engineers. We can rely on this tool to manage that access.

You can see the benefits of CyberArk Privileged Access Manager immediately. This is risk management. You are not getting any features from the tool. It's not something that you are installing because you want it, for example, ChatGPT. With CyberArk Privileged Access Manager, you're getting control. You're not getting any additional features for your platform or systems. You are just controlling the risk. Users can't do what you aren’t allowing them. They can't make any change without approval, so it controls risks. Once you see that value, you're controlling what the privileged users in your system are doing.

The most valuable feature I find in CyberArk Privileged Access Manager is that we can record the sessions. It provides flexible workflows. I can change the workflow to specify if it needs one approval or two approvals, and I can approve my peer. We can record sessions for external people who want or require privileged access to our systems. That is very flexible. We can record what people are doing in the platform.

I find it hard to mention a point of improvement because I'm happy with the platform. The only thing I would say is that they can improve their price. 

I have been using CyberArk Privileged Access Manager for three years.

Regarding the stability of CyberArk Privileged Access Manager, I have seen a couple of times that the server was not available. In three years, it has only been a couple of times. It has high availability and low impact. In terms of the platform, it is stable.

The scalability of CyberArk Privileged Access Manager has been good; the only thing is the license. The platform is very scalable, but you need to get more licenses in terms of users.

I don't handle that kind of interaction, but my engineer does. Sometimes it requires escalation, but I have not heard of any complaints from him in terms of the support received. It is good.

Positive

I have used Delinea but not in this company. I prefer CyberArk over Delinea.

It is not that easy. You need to load the users and platforms that you will be using. You need to teach the users how to do it. It requires some change management. It is a bit complicated, but it is expected. It is not just plug-and-play.

Its maintenance depends. You can have an on-premise solution or you can have a cloud solution. We have an on-premise solution, so it requires some maintenance on the infrastructure.

Its implementation requires a team effort

With the current model of licensing, for my use cases, sometimes it's hard to convince the management and get budget approvals for it. It's expensive and you're not getting anything new. It's just a control, but in terms of risk, you are covering a big impact on the company. Improvement in the licensing prices is something I would want to have.

I would rate CyberArk Privileged Access Manager as an eight out of ten.

I use CyberArk Privileged Access Manager to prevent exposing credentials for super-critical accounts, such as admin accounts and root accounts. I use it to protect these credentials and to avoid exposing them.

The module called PTA, Privileged Threat Analytics, is very useful. When you give access to a user, it monitors and detects if the user's behavior is unusual. After giving access, it continually checks if the user is the same user. It detects unusual behavior if someone else accesses the application.

The solution's architecture could be improved. It requires installation on four to five different servers. Each server has a purpose, but when you need to troubleshoot, it can be difficult because you need to access each of them. Reducing the number of servers would be helpful.

In the SaaS version, the number of required servers is reduced from five to three, but it is not completely cloud-based because servers still need to be deployed on-premises. Some clients are migrating from on-premises to the cloud. They do not want to use more servers or increase their on-premises data centers. They want everything to be on the cloud, but even in the SaaS version of CyberArk Privileged Access Manager, they need to deploy some servers on-premises. That is not very helpful.

I started using CyberArk Privileged Access Manager in 2022, which was two years ago.

I have not experienced much instability. Sometimes, the issue lies with the server I deployed, but this is not very often.

In the on-premises version, scalability is difficult because server limitations can require buying new hardware. The SaaS version is more flexible, allowing easier scaling with increased users.

I contacted them more when I started to work with this solution. I still contact them but not so much.

I would rate their technical support a six out of ten. They are helpful, but complex issues can take a long time to resolve, which can delay solutions for urgent customer issues.

Neutral

I have used other solutions like Password Manager, but they were not very helpful because you use and store the same credentials, so there is a risk of exposing real credentials. CyberArk Privileged Access Manager allows me to create a random password and share it with a person, preventing the exposure of real credentials.

While some of the Password Manager solutions are free, they are too dangerous because they expose credentials.

I have worked with both on-premises and cloud versions. I prefer the cloud version because with on-prem, I need to install my own servers and maintain those servers. I do not have to do that with the cloud model. The responsibility belongs to CyberArk. I have fewer responsibilities as an administrator.

Initially, the setup was difficult to understand, but after three to four deployments, it became easier. It also depends on the kind of applications or servers needing integration.

In terms of maintenance, when the customer starts to use a new application, it needs to be integrated with CyberArk Privileged Access Manager. Sometimes the new application is not 100% compatible. In such a case, the developer needs to create the integration.

In the first deployment, there was a team of two people.

Its price is high. I have also worked with Delinea. CyberArk is comparatively expensive compared to other PAM solutions, such as Delinea, especially during renewal.

It takes some time to realize the benefits of this solution. Customers take time to understand this solution. It also happened to me when I first started to learn how this solution works. I was looking for a solution to protect identities, and when I came across this solution, I found it hard to deploy as the architecture is complex. Still, in one month, I was able to understand the purpose of this solution.

Before deployment, I advise being clear about the applications to integrate and the users who will use them. Mapping this information beforehand will save time during production. You will not have to add them one by one.

I would rate this solution a nine out of ten.

We currently use CyberArk Privileged Access Manager for password vaulting. Our roadmap includes managing service accounts, rotating passwords, and expanding to SSH keys, AWS keys, and other login credentials. We've already implemented local administrative accounts and rotated elevated domain administrative accounts. Additionally, we've integrated Okta for multi-factor authentication, using Okta Verify, and plan to expand this to workforce identity for broader end-user security and credential management.

CyberArk Privileged Access Management's most valuable features are primarily its password vault functionality, specifically CyberArk's Core Privileged Manager and Privileged Session Manager. These components facilitate secure password rotation and out-of-band session management, addressing our organization's critical security needs.

The current process for accessing RDP through the CyberArk or administrative portal involves downloading an RDP file. This is inconvenient for users and problematic due to security restrictions that prevent accessing servers via downloaded RDP files. Ideally, the process should allow for a direct RDP connection upon providing server details, eliminating the download step and streamlining access. This issue represents a significant challenge and source of frustration for users.

The product is complex and requires extensive configuration. More tutorials and detailed use cases with troubleshooting steps would be beneficial, particularly for first-time implementers. Despite the excellent customer service, resolving issues can be time-consuming due to the product's complexity. Compared to lightweight solutions like Okta, CyberArk requires more background experience and is not as straightforward to learn and implement.

I have been using CyberArk Privileged Access Manager for almost five years.

The performance of CyberArk Privileged Access Management sometimes lags or crashes, but this is not a significant concern.

We have not reached platform limitations yet, as CyberArk supports up to eight hundred platforms per tenant, and documentation is clear about scalability limits.

Customer support has been very helpful and responsive. My customer success manager facilitated many calls with technical experts, efficiently resolving critical issues.

Positive

CyberArk's environment setup was straightforward, but we encountered issues during the Proof of Concept stage, specifically with PAM account discovery. While the CyberArk Manager displayed discovered accounts, we couldn't download the data into a usable format like an Excel sheet. This hindered our ability to identify efficiently and inventory discovered accounts, particularly from Windows systems, for phased onboarding. Although we eventually received instructions from CyberArk support on downloading the data, the process was complex and time-consuming. Simplified data export features would greatly benefit administrators.

I received excellent support from CyberArk's technical team and customer success manager, who arranged calls and helped resolve implementation issues.

Although CyberArk Privileged Access Management is expensive, its protection capabilities outweigh the cost.

I also evaluated CyberArk, along with Okta PAM and BeyondTrust, because it encompasses all the features we require, and Gartner recognizes it as an industry leader.

I rate CyberArk Privileged Access Management seven out of ten. 

To streamline project setup, new users should receive guidance on planning and implementation scopes. Scheduling a jump start without such direction can complicate learning.

We're using CyberArk Privileged Access Manager to manage our service accounts, privileged service accounts, and password rotation. We also use Conjur.

CyberArk Privileged Access Manager has helped our organization remain compliant in the privileged access management space. It is very helpful for meeting compliance and regulatory requirements such as SOC, SWIFT, and PCI DSS.

CyberArk Privileged Access Manager has helped us become more efficient in managing these service accounts.

CyberArk Privileged Access Manager feels quite secure in ensuring data privacy.

CyberArk Privileged Access Manager has a very strong potential for preventing attacks and lateral movements, but it has not had an impact one way or the other on the number of privileged accounts in our organization. They are just managed differently.

CyberArk Privileged Access Manager makes it easy for users to retrieve and manage their passwords.

I have been using CyberArk Privileged Access Manager for a few months. I am still learning, and I appreciate all the networking and education at the CyberArk Impact in Boston, which is going to set me up for success as I take on my role.

In CyberArk Privileged Access Manager, the UI has room for improvement, as does the dashboard reporting, which could be made better or easier to use. The interface needs to be more intuitive in CyberArk Privileged Access Manager. There should be dashboards in CyberArk Privileged Access Manager with more data and reporting capability for the non-compliant scenarios.

My company has been using it for a long time; I have been using it only for a few months.

I have not had any support experience with CyberArk at this point in my journey. 

I found the CyberArk Impact event to be much more effective as an educational experience.

Positive

The time-to-value for CyberArk Privileged Access Manager was recognized pretty quickly after implementing it.

I hope to learn how the pricing works so that I can understand it better, but I am certain it is not inexpensive.

It is absolutely necessary to have a PAM tool like CyberArk Privileged Access Manager, even if someone is using other security tools.

Based on my experience thus far, I would recommend CyberArk Privileged Access Manager to other users.

I would rate CyberArk Privileged Access Manager as an eight out of ten. It is early in my journey with this solution.

My use cases as of right now include configuration, implementation, and developing a PowerShell report.

By implementing CyberArk Privileged Access Manager, we wanted to secure the password data and password accounts. We could see the benefits of CyberArk Privileged Access Manager immediately after we deployed it and started using it.

They could improve CyberArk Privileged Access Manager by providing more reports. If I need to know the 10 most-used accounts for this week, that functionality can be made available in the reports.

I have been using CyberArk Privileged Access Manager for seven years.

It is stable. The environment is stable, with no lagging, crashing, or downtime.

I cannot say much about scalability because we did not have any need for it.

I have contacted their technical support plenty of times. I would rate CyberArk's support a seven out of ten. They are always good.

Neutral

I have not used any alternatives to CyberArk Privileged Access Manager in my career.

The initial deployment was easy because I went to training first. The training was set up by CyberArk. From design to implementation, it took close to six months.

In terms of maintenance, it requires OS upgrades and patches. It doesn't take a long time.

We did not use any help from a third party, such as an integrator or consultant. The number of people required depends on the environment. I don't see how one person can manage it because there is a lot of information to collect before even doing a design.

My company always complains about the cost of CyberArk Privileged Access Manager because it's too high.

For a new user, I would advise them to try to configure CyberArk Privileged Access Manager a couple of times before starting to use it in a production environment.

I would rate CyberArk Privileged Access Manager a nine out of ten.

We are working with CyberArk solutions such as PAM on-premises. We are working with CyberArk Privileged Access Manager, including AIM, PSM, and PSMP components. 

The ability of CyberArk Privileged Access Manager to safeguard financial service infrastructure is important; without it, banking and financial clients cannot secure their operations. Despite various attacks affecting other companies, CyberArk's implementations ensured that we remained unaffected.

CyberArk Privileged Access Manager has been helpful in managing over 125,000 privileged accounts in a single environment for our client, and we have multiple CyberArk environments for different clients with different numbers of accounts. CyberArk Privileged Access Manager is excellent at helping companies meet regulatory requirements due to its ability to cater to the specific needs of clients across different countries, ensuring compliance without data transfer issues.

CyberArk Privileged Access Manager provides security and video recording of user sessions for audit purposes. This feature is critical in financial sectors where auditing who performed specific actions is essential. Having video records adds a layer of proof and ensures compliance with audit requirements.

The key feature of CyberArk Privileged Access Manager is that it's a comprehensive package rather than just dependent on components such as Vault or Privileged Session Manager. Each component is necessary, and the Vault is the heart of CyberArk; everything connects via PSM and PSMP. I particularly appreciate PSM and PSMP because they simplify troubleshooting and charging.

A potential area for improvement is enhancing support for cluster environments and distributed Vaults. Clients in multiple countries that need central access have different challenges that require better solutions from CyberArk.

For financial services, CyberArk can improve incident response by ensuring fast support for critical priority tickets to meet compliance requirements. Providing more documentation on CyberArk is recommended for new team members to enhance their troubleshooting capabilities. I understand it's up to the client, but 99% fail to change the demo key, so it's crucial for CyberArk to emphasize changing the key and documenting it as part of the installation process.

I have been working with CyberArk Privileged Access Manager for more than nine years.

For stability, I would rate CyberArk Privileged Access Manager a nine out of ten.

I would rate the scalability of CyberArk Privileged Access Manager as a nine.

Regarding technical support from CyberArk, while L2 and L3 teams are effective, L1 support requires improvement due to longer response times in critical situations. Coordination with higher support levels sometimes takes longer than expected, which should be addressed.

Positive

After implementing CyberArk Privileged Access Manager, it typically takes about four to five months for a company to realize time to value, assuming they have a strong implementation team and infrastructure in place.

Integrating CyberArk Privileged Access Manager is very simple due to the provided connectors for Windows and UNIX, as well as plugins for databases. Custom integrations may take longer, around one month, due to development requirements.

Regarding costs, CyberArk Privileged Access Manager is not a cheap product; hence, many companies struggle with its high licensing cost. While it's valuable, it comes with a high price tag, making it hard for every company to afford it.

After comparing with other products, I find that no other product currently matches CyberArk's performance; the performance issues in alternative solutions make them less desirable. While there are competitors, I cannot definitively name one that compares with CyberArk Privileged Access Manager.

The requirements for CyberArk, particularly in India, have evolved significantly since the company acquired several businesses in 2014. Every organization needs an identity and access management (IAM) and privileged access management (PAM) solution. CyberArk stands out as the leading product in this category. While there are other protocols available in the market, CyberArk is known for its security, reliability, and user-friendly access.

In my experience working with multiple companies and clients using CyberArk, I have not encountered any cases of breaches or malicious activity associated with the platform. This track record provides a strong sense of security and assurance regarding CyberArk’s capabilities. Although the privileged access management solution can be costly, it offers extensive security features, including multi-factor authentication (MFA). Overall, CyberArk is an excellent product for organizations seeking robust security solutions.

Regarding granularity of PAM controls in CyberArk Privileged Access Manager, it means having centralized control in the Vault. Standalone CyberArk Vaults perform best compared to cluster systems, which present challenges during maintenance or network connectivity issues.

Overall, I would rate CyberArk Privileged Access Manager a nine out of ten.

We use CyberArk Privileged Access Manager for privileged access management (PAM) escalation, securing our website, and applications. Our cybersecurity team actively utilizes its features.

The PAM escalation is valued. The access control feature and privilege and role-based assignment are outstanding. Dividing the user admin for security protection is the best feature. Additionally, its remote access allows easy connection for my team, and it efficiently manages identity.

Initially, it was challenging to understand and use all the features incrementally. Having a better user journey with a support team to connect would improve the product and services.

I have been using CyberArk Privileged Access Manager for about eight months in our company.

The solution is quite stable. We have not faced any issues related to stability since using CyberArk Privileged Access Manager for eight months.

CyberArk Privileged Access Manager is scalable. As a startup, it initially handled fewer users, but it scaled well as we grew.

Technical support was fast in its replies and always supportive, helping to resolve any issues efficiently.

Neutral

We used miniOrange, an Indian-based cybersecurity product for access management and PAM escalation. We also used one more product, which I don't remember the name of.

The initial setup was straightforward due to well-documented resources and tutorials.

Our cybersecurity team, comprising two to three people, worked on the deployment and feature implementation.

The pricing is quite well-structured with monthly and weekly plans.

I evaluated miniOrange and one other product.

New users should watch the YouTube channel, read the documentation, check the resource section including CyberArk University, and see if it works well with their product. I rate the overall solution a nine. My overall product rating is 9 out of 10.

I work in the cybersecurity team. We typically provide access to other end users or IT administrators through this solution. We monitor their activity on servers, provision access, and review all logs.

By implementing this solution, we wanted identity management and access management.

Over these three years, there have been a lot of improvements. User management is more efficient. The interface is user-friendly, and I can create comprehensive reports.

Session recordings and timestamps are valuable features. They allow me to specifically select the time a particular command was executed, so I do not have to review the entire recording. I can click on events to determine where and when they happened. 

We are looking for improvements in user provisioning, such as access provisioning and revoking access. We still have to test these improvements in the latest version. 

Updates have been somewhat difficult, resulting in challenges when moving from one version to another. The current version includes automatic updates for minor patches, which should be easy.

I have been using the solution for more than three years.

It has been stable so far, so I would rate it a nine out of ten.

Its scalability is very good. It is in the cloud, so we can just expand it. I would rate it a nine out of ten for scalability.

We haven't used customer support so far apart from implementation.

Neutral

I have not used any PAM solutions apart from this one.

Its implementation was very complex. It needs different servers and setup parameters involving load balancers, certification, encryption keys. The implementation took more than a month.

It requires maintenance once in six months and has been hard previously.

It was implemented by inhouse staff with oversight from vendor.

When it comes to compliance and audits the ROI on this is very good.

Licensing is little hard as they are perpetual and can't be used from a pool of resources.

I would recommend implementing CyberArk Privileged Access Manager as it is the best so far.

I would rate CyberArk Privileged Access Manager an eight out of ten.