CyberArk Privileged Access Manager Reviews

My main use case for CyberArk Privileged Access Manager is installing it to prevent direct access to the users. For the privileged account, we are using the PAM, and all sessions have been monitored, with all logs shared and logged on the vault.

I have more to add about my main use case for CyberArk Privileged Access Manager, specifically our Privileged Threat Analysis, which detects any suspicious event and alarms us.

The best features CyberArk Privileged Access Manager offers are PTA, Privileged Threat Analysis, and Alero, Remote Access Management, and these features are essential for enhancing security.

PTA and Alero have made a difference for my team by providing a predefined rule assigned and implemented on the PAM; for example, it sends us an email if there is any suspicious activity or threat credential loss, offering feedback related to user behavior. For Alero, Remote Access Management, it is a very wonderful Identity and Access Management with biometric MFA, mobile access, location tracking, and a small RBAC role-based matrix access that defines user roles, serving as a replacement for VPN.

CyberArk Privileged Access Manager has positively impacted my organization, showing significant improvement since all sessions are monitored and isolated using isolated RDP sessions, which are created temporarily and expire if not used.

In terms of specific metrics or outcomes, the time savings have been noticeable, and while it is not direct access, the PAM works efficiently between servers and end users, preventing users from running or installing unauthorized applications through the AppLocker application created on the PSM.

CyberArk Privileged Access Manager can be improved because I have experienced one issue where a user connected through RDP to a Linux server and the PAM could not fetch any commands or key store logging from the Linux server, which works fine on Windows servers. If they could combine both into one keylogger solution, it would be great, and increasing the number of CPM plugins for password retention while providing common web portal applications out-of-the-box would also help.

I have been using CyberArk Privileged Access Manager for more than five years.

CyberArk Privileged Access Manager is stable in my experience, with no issues of downtime or reliability due to our disaster recovery (DR) and high availability (HA) servers in place.

CyberArk Privileged Access Manager's scalability is good, as it can handle more users or workloads with our five-year roadmap indicating that the PSM server can manage around 20 sessions per hour, which is sufficient for our organization.

I would rate customer support a nine on a scale.

I previously used BeyondTrust and Delinea, but I did not switch because I noticed many features in CyberArk that are not available in other solutions.

I did not evaluate other options before choosing CyberArk Privileged Access Manager, as I had good experience with another live product.

My advice for others looking to use CyberArk Privileged Access Manager is to pay attention to the vaulting part, which is essential for every organization, as each server has a secured vault that connects over TLS with a lot of encryption details. The product is consistently enhanced, and the latest release is 14.6. I rate this solution 9 out of 10.

For CyberArk Privileged Access Manager, use cases are providing just-in-time privileged access. The most simple use case is hosting all privileged credentials in a secure manner and managing and controlling access to those credentials. Therefore, controlling access to privileged endpoints is the usual thing that will be done with PAM.

CyberArk Privileged Access Manager has several valuable features. The basic feature is privileged access management with all the processes and procedures that are needed. It has all the relevant features required to provide a PAM project or PAM program. It does everything that is needed. A tangible benefit is that we already have full control of privileged access. We have just started and have onboarded all privileged accounts into the system.

I have noticed areas of CyberArk Privileged Access Manager that could be improved or enhanced in integration with automation tools. It's not quite the same in the cloud, the Privilege Cloud version. The on-premises version allows users to do absolutely everything. When they took it to the cloud, they started cutting things out. The other issue with CyberArk is that they are marketing their new product, SIA, which is based on Privilege Cloud. Users still need to have Privilege Cloud to achieve the same level of functionality as the on-premises version.

We are still early in the roadmap and haven't progressed far enough to identify additional needs. When organizations reach the end of their maturity roadmap, they can better identify specific tool requirements that aren't currently available.

We have been deploying CyberArk Privileged Access Manager for two years now and counting.

The evaluation of customer service and technical support for CyberArk Privileged Access Manager depends on several factors. When receiving support directly from CyberArk, they are the most knowledgeable, though they don't always have immediate solutions as they might need to create them, which can take considerable time. For instance, the Ansible integration for the cloud version has been requested for years.

When working with CyberArk partners for support, it's crucial to ensure they have actual knowledge and aren't just acting as middlemen. There have been instances where third parties are hired to provide first and second line support, but they simply forward requests to CyberArk without adding value to the process.

We used a deployment partner recommended by CyberArk for the deployment and maintenance process. One crucial step that should be done first is creating an inventory of how privileged access is currently handled and where it is needed. Without this inventory, you might deploy CyberArk and realize it doesn't work with your existing architecture or infrastructure.

Our implementation team consisted of approximately 15 people, including architects, engineers, application owners, network specialists, Windows and Linux administrators, database administrators, and cloud specialists. While maintenance requires fewer people, input from all these stakeholders is crucial for successful implementation as they each have different requirements.

Most importantly, this needs to be a management-driven initiative with a top-down approach. Management must establish new working methods, as the biggest barrier to acceptance is typically resistance to changes in working procedures.

For ongoing operations, the staffing requirements depend on the company's operations. Typically, 24/7 coverage requires at least three people per shift in a follow-the-sun model. This accounts for first and second line support only, with additional staff needed for server maintenance, totaling around nine people.

The primary problem addressed by implementing CyberArk Privileged Access Manager is the lack of control over privileged access - where it happens, how it occurs, and what is done with that access. When attempting to attack an enterprise, attackers target the highest-privilege credentials available. Therefore, protecting the most critical credentials within your organization is essential.

For those planning to deploy CyberArk Privileged Access Manager, it's crucial to understand that it's a multi-year program. It's not just about deploying the tool; it needs policies and governance around it. Additionally, infrastructure modifications are necessary to ensure PAM is the only way to provide privileged access to endpoints.

It's a great product that does everything required from a PAM tool. I would rate CyberArk Privileged Access Manager as a nine out of ten.

Mainly, I use the CyberArk Privileged Access Manager for securely storing and managing the credentials, and its main features include the Password Vault and automatic password rotation.

The granularity of the controls in the CyberArk Privileged Access Manager is good; they have provided compliance which is required, helping us in auditing and reducing the risk of insider misuse of credential theft while also saving time for the IT guys with automating password rotations.

It's a valuable tool. The main function is securing data from theft and saving all the passwords in the same place, as the whole organization's main API endpoints are stored here.

The feature I appreciate the most about the CyberArk Privileged Access Manager is the secure data, which acts as a centralized store where credentials are securely stored.

The interface of the CyberArk Privileged Access Manager could be smoother, and the GUI could be more user-friendly and modern.

I have been using the CyberArk Privileged Access Manager for one year.

I have not really seen any lagging, crashing, or downtime with the stability of the CyberArk Privileged Access Manager.

I have contacted their technical support and customer support a couple of times, and the quality and speed are good. The service is great.

When I first started using the CyberArk Privileged Access Manager, it was easy to learn how to use it. It's a simple and straightforward tool. It took me approximately three days to fully learn how to use the CyberArk Privileged Access Manager, which is less than a week.

I have not tried using any alternatives to the CyberArk Privileged Access Manager.

On a scale from 1 to 10, I would rate the CyberArk Privileged Access Manager overall as 9.5.

We use CyberArk Privileged Access Manager to manage our privileged accounts because it protects against cyberattacks and prevents unnecessary or illegal access. 

It provides a centralized management system, making it easier for us to enforce policies and monitor access across our organization. Additionally, we can monitor sessions and record and detect suspicious activities that are harmful to our systems and organization.

The AI capabilities, including advanced threat detection features, are very helpful for us. They reduce human effort and errors, allowing us to quickly identify and respond to threats. This solution scales up our IT environment and resolves almost every issue that poses a threat to our organization.

Pricing is a concern for me because it is not very user-friendly for startups, new users, or very small organizations. It might be better if the price was reduced. Sometimes, the maintenance cost can also be high.

I have been using CyberArk Privileged Access Manager for the last one and a half to two years.

Every application has downtime. However, it remains stable overall. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

Sometimes, when I face issues or want to understand some features, or it is difficult to identify activities in our system, I contact the support team. They are very helpful, always available, and try to resolve our issues as soon as possible.

Positive

This is the first PAM solution that I implemented in our organization.

The initial setup is not very easy, nor very difficult. It is moderate to deploy.

It does not require any maintenance from our side.

We have a team of three to five members, and they deployed it in a minimum of one week.

Its price can be reduced.

I researched some solutions and found CyberArk Privileged Access Manager to be one of the good solutions. I am very happy with the product.

I am happy with this product. If someone is looking for a PAM solution, I recommend it because it has a large developer community and good customer support. It is more stable than the others, and I am very happy with it. 

Overall, I would rate it a ten out of ten.

I use the solution mainly for credential tasks. For instance, if the company I work for has recent data stored in a privileged report and needs security from cyber attackers, CyberArk Privileged Access Manager is used. The solution helps provide access only to authorized users and rotate passwords every sixty or ninety days. CyberArk Privileged Access Manager also allows the configuration of the password either manually or automatically. 

In our organization, Privileged Session Managers (PSM) assist in recording sessions of a particular server using the solution. The product allows users to utilize different permissions, such as end-user, auditor, and administrator permissions. For CyberArk Privileged Access Manager, administrators have the major access to implement tasks like creating, changing, rotating the password and adding new users. 

The most valuable feature of this tool is the password rotation feature. Another vital feature of the solution is the Safe feature, which acts as a container. Only accounts included within the Safe can access a particular server. 

The solution allows the distinguished use of PSM and PSMP for a Windows and Linux server, respectively. The tool makes all session recordings compulsory and cannot be tampered with. It also eliminates hard-coded credentials and supports demand-based applications.  

CyberArk is very popular and provides a lot of features compared to competitors' PAM tools, which is why many customers are migrating to CyberArk's Privileged Access Manager. 

The solution should be able to completely mitigate internal threats. For instance, if an employee of a company saves the CyberArk passwords in a system, then another employee might be able to use it and log in, so there remains an internal threat when using the solution.  

The feature of giving user access through a Safe should be modified. The solution should allow users access directly through an account, and the Safe concept needs to be improved. 

I have been using CyberArk Privileged Access Manager for the past two years. 

In my organization, about ninety to one hundred people are using CyberArk Privileged Access Manager. 

It's easy to setup and install CyberArk Privileged Access Manager. Multiple components need to be installed for the solution. Often, the PVWA, PSM, and CPM need to be installed. If an organization has a Linux account, then PSMP needs to be installed for using the solution. While installing the solution, the Vaults need to be defined, if it's a standalone Vault or a cluster Vault. A cluster Vault is mostly implemented for disaster recovery to replicate data when something happens to the main Vault. 

CyberArk Privileged Access Manager comes at a high cost. But the solution is worth its price. 

I would recommend the solution to others depending on their goals. If the aim is to protect an organization's data and use PAM, then one should use CyberArk Privileged Access Manager. If the goals include detecting malicious activity, onboarding privileged accounts, and maintaining data accounts, then an organization should adopt the solution.   

I have used the solution's session monitoring capabilities to monitor user activities. The solution's session monitoring feature can be useful for monitoring a user while the person logs in or performs other molecular activities.  

CyberArk Privileged Access Manager is difficult and time-consuming to learn in comparison to other IAM tools. There are multiple components, like the vault, that need to be understood before using the solution. But basic administrator tasks like onboarding accounts and rotating passwords will be easy for a beginner user of CyberArk Privileged Access Manager. A beginner-level user of the solution may face challenges with secret rotating, management and AIM handling.  

I would rate CyberArk Privileged Access Manager an eight out of ten. 

My company uses CyberArk Enterprise Password Vault for privileged access management, a domain that the product fits under. CyberArk Enterprise Password Vault involves password rotations, recording of sessions, keystrokes, and securing sessions, which all come under the same category in the solution.

The most valuable feature of the solution stems from the fact that it's the best in the market. I haven't seen any other PAM solutions better than CyberArk Enterprise Password Vault.

CyberArk Enterprise Password Vault's GUI has certain shortcomings that need improvement.

I have been using CyberArk Enterprise Password Vault for two years. I use the solution's latest version.

It is a stable solution, but sometimes its GUI lags if the load gets too much. If you try to click some buttons, responding will take five seconds instead of just responding immediately.

It is a highly scalable solution.

My company has around 500 uses of the solution and 3,000 to 4,000 accounts, which can be scaled up to 10,000 or 15,000 accounts.

My company does not have plans to increase the usage of the solution.

I am not an admirer of the product's technical support team. The product's technical support team doesn't know the product well enough to give customers suggestions, so they need to work on that part.

BeyondTrust and LastPass were the two solutions I had used in the past.

The initial setup of CyberArk Enterprise Password Vault is quite complicated, but if you follow the documentation, I don't think you should have any issues. The issues are only with the solution's support team and the GUI.

The initial deployment just takes about five days to a week if you have got all the network architecture right.

If you don't get the network architecture right, then the deployment could take two or three weeks.

For the deployment process, you should ensure you have some open IP ranges because CyberArk needs to talk to the cloud at its end, so you need to allow certain IPs to make certain connections, after which you need infrastructure and servers in place.

There is a Zip file for your environment, like an image you download from their website, which CyberArk's partners can access. Once you download the Zip file, there are a few scripts to run, and if the scripts run properly, your environment will be set up properly, after which you deploy the connector.

There is a need for an architect who is an expert in CyberArk and networking for the deployment and maintenance, along with one senior engineer.

The ROI for the solution is good because if you deploy the product, then you will not face any issues for five to ten years, especially if you manage it well.

Payments have to be made on a yearly basis toward the licensing costs of the solution.

I would say that the solution is expensive because it's only preferred by the top-tier companies involved in banking or insurance who have no problem with budgets for their cybersecurity. A medium or small-sized company would prefer to use some other solution over CyberArk Enterprise Password Vault.

was not part of the evaluation process in my company. I wouldn't know why my company chose CyberArk Enterprise Password Vault over other products. I can say that I am comfortable with CyberArk Enterprise Password Vault.

I recommend the solution to those planning to use it. I suggest that CyberArk's potential users invest in getting their own IT environments working perfectly before involving a team of CyberArk-certified engineers since it makes the process a lot easier. If you don't follow the aforementioned steps, then you will find yourself going back and forth to the product's support team, which will take you ages because they take time to respond.

I rate the overall solution a seven out of ten.

We use CyberArk to secure the last resort accounts by introducing dual control approval, ticket validation, temporary access, and regular password rotation.

It also allows us to introduce location-aware access controls with multiple sites having access to specific location-protected content.

Finally, the session management capabilities allowed us to introduce delegated accounts to secure access to all sorts of devices in an easy way, but without losing the individual traceability. 

It allows us to comply with the regulator requirements allowing us to operate in the different countries and to fulfil the security and compliance requirements.

In the end, it secures all the highly privileged accounts and protects the company from internal and external threat actors.

The solution is multifaceted and includes session management, password management, temporary access, ticketing validation, API access, single sign-on integration, load balancing, and high availability principles.

The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis.

The session isolation reduces the risk of exposure of the credentials and applying simpler network controls.

Web access allows the introduction of location-aware controlled access so that different locations can only access the data that is allowed to be retrieved from their sites allowing centralisation but fulfilling the regional requirements.

The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials.

The upgrade options are good but could be further simplified.

The high availability options could be improved, and the load distribution as well for both the vaults and the credentials managers.

The web interface should allow having multiple sites for location-aware access control within the same web server.

I've used the solution for more than ten years.

We have the identity provider for all the authentication processes. However, sometimes, we need access to different applications for customers or clients that are not integrated into the identity provider. For these, we need to store a password to gain access. For example, we use the CyberArk Password Vault for third-party services. This vault needs to be shared with many people in our company. 

This allows us to store passwords and create privileged access for some users without them needing to know the password. The system inputs the password into the endpoint URLs they use for authentication, but the users never see the password. This is crucial because people may leave the company, posing a high risk. If we had integrated it into the identity provider, we would have policies for active directory users but not for users outside the company.

For example, our development teams need to connect to databases, systems, and cloud services during development. The developers don’t get access to third-party services. We use the solution to manage this access. The application being developed and deployed integrates with CyberArk Password Vault services.

The main challenge was integrating with in-house IT and business applications, which are not standard. We needed to create special updates for that kind of integration.

I have been working with the product for three to four years. 

The solution is 99 percent scalable. 

Sometimes, support is not easy because you need to share the company's architecture. Maybe they are on time, but they don't understand the specifics we're talking about. Communication can be an issue, especially when speaking with people whose first language isn't English. There can be difficulties with understanding and making sense of conversations. So, outsourcing support can sometimes be challenging.

Neutral

CyberArk Enterprise Password Vault's deployment is complex. 

I have been working with the new services and don't see any additional issues at this hour. The key requirement is to have people who understand not only the tool but also the concepts and how to view it from an architectural perspective. 

One problem is that people may not know how to work with the tool, and another is that they don't understand the concepts. So, I think focusing on proof of concepts is good. For example, what I do at first is request information for identity providers and key management services.

I rate the overall solution a nine out of ten.