Coming October 25: PeerSpot Awards will be announced! Learn more

CyberArk Privileged Access Manager Room for Improvement

SatishIyer - PeerSpot reviewer
Assistant Vice President at a financial services firm with 10,001+ employees

When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time.

PTA is essentially the monitoring interface of the broker (e.g. Privileged Access Management, the Vault, CPM, PSM, etc.), and it's where you can capture your broker bypass and perform related actions. For this reason, we thought that this kind of mapping would be required, but CyberArk informed us that they did not have the capability we had in mind with regard to MITRE ATT&CK.

I am not sure what the situation is now, but it would definitely help to have that kind of alignment with one of the more well-known frameworks like MITRE. For CyberArk as a vendor, it would also help them to clearly spell out in which areas they have full functionality and in which ares they have partial or none. Of course, it also greatly benefits the customers when they're evaluating the product.

View full review »
JA
Security Lead at a insurance company with 1,001-5,000 employees

CyberArk's web console isn't in a great state. Over the last three years, if not more, it has been transitioning from what they call the "classic UI" to its modern interface. However, there are a lot of features that you can only use in the classic interface. Hence, each version seems to put more makeup on the modern interface, but all of the complex functionality you need is still in the classic UI. 

I'm not sure they've figured out how to transition, and they're kind of in a weird state. So, while CyberArk has made strides, the web interface is painful, particularly as an administrator, because you have to bounce between these different user interfaces. It is an incredibly complex solution that requires at least a dedicated employee or more to maintain it, support it, and understand it thoroughly. If you don't have that, it's just not the right solution for you because it is very complicated. 

Many of the infrastructure folks who use the product dislike it because it complicates their workflow. They get a little less control, and they have to go through a specific solution. It proactively logs in for them, which obfuscates some of the issues that they may be troubleshooting. And I think some of the consumers aren't big fans of the product. Also, I feel that in the last year or so, CyberArk has been pushing very hard for customers to go to their cloud solution. It doesn't have the same flexibility as the on-premise version, which is problematic because that's where I see a lot of value in the solution.

View full review »
KS
Information Security Administrator at a insurance company with 501-1,000 employees

The continuous scanning of the assets is limited to Windows and Unix. We like to have the solution scan any databases, network devices, and security devices for privileged accounts. That would be very helpful. 

For least privilege management, we need a different level of certification from privileged management. Least privilege management comes under endpoint management. It takes time to get used to it, as it is not straightforward.

View full review »
Buyer's Guide
CyberArk Privileged Access Manager
October 2022
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,513 professionals have used our research since 2012.
KD
Network Engineer at CalSTRS

It should be easier to install. It is a comprehensive product, which makes it difficult to install. You need to have their consulting services in order to get it all installed and set up correctly because there is so much going on. It would be nice if there were an easier way to do the installation without professional services. I suspect they get a fair amount of their money from professional services. So, there is not a huge incentive.

It would be nice to do personal password management so that we could roll something out to the entire organization to manage people's passwords. At the moment, we're rolling out LastPass to do that, at least to some groups. I'm not sure if everybody in the organization is going to get it because most people only have a couple of accounts that we're concerned about. We're using LastPass because it is significantly less money than the CyberArk solution. CyberArk has one, but it is rather expensive. The LastPass solution is integrated into browsers. So, you can use it in your browser. I don't remember if I had to install a client on my machine or not. I probably just installed a browser extension. So, I'm not sure how that'll work with some of the other things. There must be a client that I didn't get around to because that's also in the very beginning currently. They have sent me links to training on how to use it and set it up, but I haven't had time to take the training yet.

View full review »
Rohan Basu - PeerSpot reviewer
IT Manager at a tech services company with 10,001+ employees

What could be improved in CyberArk Privileged Access Manager is the licensing model. It should be more flexible in terms of the users. Currently, it's based on the number of users, but many users only log in once in four months or once in five months. It would be great if the licensing model could be modified based on user needs. We even have users who have not logged in even once.

Another area for improvement in CyberArk Privileged Access Manager is the release of vulnerability patches because they don't release it for all versions. They would say: "Okay, you should upgrade it to this point. The patches are available", but sometimes it is not feasible to do an upgrade instantly for any environment, because it has to go through the change management process and also have other application dependencies. If that can be sorted out, that would be nice.

View full review »
Salif Bereh - PeerSpot reviewer
Consultant at a consultancy with 10,001+ employees

The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments. 

CyberArk, as a solution, can easily adapt to a lot of environments, and you can add a lot of components to different zones, and that will work with the Vault. But not all the components, such as the PTA, can do so.

Also, it would be helpful if CyberArk added some features for monitoring machines when we access them. For example, they need to improve the PVWA. In general, when we don't use the PVWA, we don't have a lot of problems. For me, the PVWA is not perfect. I would like to see more features in the PVWA to administer our machines and to improve the transfer of data.

View full review »
Syed Javid - PeerSpot reviewer
Security Consultant at a financial services firm with 1,001-5,000 employees

CyberArk PAM is able to find all pending servers that can be integrated, but we cannot get this as a report. We can only see the list of servers on CyberArk PAM. This is a problem that could be improved.

If you are an administrator or architect, then the solution is kind of complicated, as it is mostly focused on the end user. So, they need to also focus on the people who are implementing it.

View full review »
IB
Security Architect at a tech services company with 1,001-5,000 employees

Some aspects of the administration need improvement, though they have recently made improvements to the API. However, the management with the interface and configuration are not so user-friendly. It has not changed much during all the years that CyberArk has been on the market. The management part, like platform management as well as PSM connectors definition and management, could be improved, even if it has already been done with the API.

Onboarding is always a difficult path for every PAM solution. It is not immediate.

View full review »
Jan Strnad - PeerSpot reviewer
Security Architect at AutoCont CZ a. s.

In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution.

Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations.

In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows.

View full review »
Aakash Chakraborty - PeerSpot reviewer
IEM Consultant at IC Consult

They should allow further customization as it's really hard to do any further customizations over CyberArk. We do have a wrapper of customization. However, it's very difficult, especially their web implementation. That's one thing I would say they can improve. With Angular and everything on the market, they still have their in-house web implementation tool, which is sort of a headache. 

I would love them to improve their UI customizing features. 

You simply cannot install the demo UI in every customer, basically. They would always ask for something to make their UI look a little different -  simple things like their logo or some sort of additional information pertaining to their particular customer. Even doing the smallest of changes takes a lot to do. 

View full review »
JP
Cybersecurity Engineer at a healthcare company with 10,001+ employees

It should be easy to use for non-technical people. Its interface can be a bit difficult. Some parts of its interface are not very intuitive. Some of the controls are hidden, and instead of having a screen with all the controls for that account on it, you have to use menus and other similar things.

Its documentation could be better. Some of the documentation lacks details for people who aren't super technical.

View full review »
ABHILASH TH - PeerSpot reviewer
Managing Director at FOX DATA

Their post-sale support area requires a little more attention to our region ( ME/UAE. The current support model does not allow the end customers to open a ticket directly with CyberArk. Customers have to inform the distributor or bring in partners who have access to the support portal to open support cases. The support teams liability is limited to product issues and they usually do not get into configurations and integrations, unless estimated and paid for PS services.  This indirectly helps Service providers like us to make extra revenue. The default 24/7 support to our region, is effective when there is an emergency like a serious software issue, or if password vault is down etc, for such cases they provide immediate attention. For the rest of the low priority like migrations, upgradations, backups etc ( in some site it shall be considered high ), they take more time to respond.

Looking forward to new features line API security 

View full review »
Gaurav Gaurav - PeerSpot reviewer
Architect at a tech services company with 10,001+ employees

They can work on the pricing part. Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge. 

View full review »
MV
Engineering Lead PAM with 10,001+ employees

More than the product itself, there is room for improvement in the documentation. The documentation should be very detailed and very structured. It has a lot of good information, on one level, but I feel that it could be more elaborate and more structured. That would make it easier when somebody is implementing it or referencing the documentation.

View full review »
Mateusz Kordeusz - PeerSpot reviewer
IT Manager at a financial services firm with 1,001-5,000 employees

I would like advanced RPA in the basic license. CyberArk has RPA, but we would need to buy additional licenses. It is not out-of-the-box.

I would like better support.

View full review »
Meo Ist - PeerSpot reviewer
Senior Product Manager and Technology Consultant at Barikat

The interface could be updated a bit. Right now, it's not very good. 

It is very complex and difficult to set up the solution. 

Maybe some customers have a lot of systems. For example, we have 1000 Windows systems and 500 Linux systems. I need a remote desktop management solution for the CyberArk. I'd like to be able to change desktops with one click. We'd like the next release to have remote desktop management tools. 

View full review »
Furqan Ahmed - PeerSpot reviewer
Network Engineer at Pronet

The support services could act faster when people reach out to resolve issues. 

View full review »
Rodney Dapilmoto - PeerSpot reviewer
Systems Admin Analyst 3 at CPS Energy

I would like to see the product enhancement with the Secure Connect feature. Today, there is no functionality to create "Accounts" using Secure Connect to permanently store a user's working tab. It is a tedious manual process of entering host IP information and user credentials into a privileged target system.

Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use. It’s a manual process of entering information all the time. Unless you are working with accounts already stored in “Safes”.


View full review »
DK
Manager at a financial services firm with 1,001-5,000 employees

The solution could improve by adding more connectors. 

View full review »
VA
Consultant at a recruiting/HR firm with 10,001+ employees

It can be made user-friendly, in the sense of the console is pretty outdated. They could add more enhancements, et cetera.

They could add more built-in connection components to support various other application platforms. The built-in connection components available are mostly not fit for our purpose. We need to do additional customization to make it work.

View full review »
Amandeep Singh - PeerSpot reviewer
Associate Manager at Wipro

There is a lot of room for improvement in the report section. I also work on other tools, such as Thycotic, which allows you to create customized reports for your organization's needs. In CyberArk, there are limited reports, whereas in Thycotic or some of the other PAM tools, because the database is different, you can customize the report based on your needs through SQL queries.

The GUI part can be better. Previously, they had a classic one, and then they upgraded to the new one, but it is less user-friendly than other PAM solutions. Its GUI is a little bit complex.

View full review »
ChaminiEllawala - PeerSpot reviewer
Identity and Access Management Engineer at Wiley Global Technology Pvt. Ltd.

Report creation could be improved.

The policies could be more customized.

View full review »
KN
Junior Product Consultant at a tech services company with 501-1,000 employees

We found a lot of errors during the initial setup. They should work to improve the implementation experience and to remove errors from the process.

The solution could be more stable. 

 It should have more specific configurations. There are lots of types of servers and devices. The product should have a more detailed, specific configuration and integration with other products.

View full review »
Meo Ist - PeerSpot reviewer
Senior Product Manager and Technology Consultant at Barikat

It can be integrated with other systems, but it is not easy to integrate. It takes too long to integrate it. Its integration should be easier and simpler. 

View full review »
Richard Nagygyörgy - PeerSpot reviewer
Product Manager at a tech services company with 11-50 employees

The authentication port is available in CyberArk Alero but not Fortinet products.

View full review »
Anthony Mook - PeerSpot reviewer
Senior Security Manager at SMU

From what I can see, the Systems Integrator is useless. When I ask for the information, nothing is given to me. They need to provide better training for the System Integrator.

View full review »
JL
Presales Engineer at a tech services company with 51-200 employees

The product could be easier to use. More work needs to be done on this aspect; it is not good enough yet. It also takes up a lot of server space. Sometimes we need to use up to seven servers. 

View full review »
KL
Team Lead Information Security Control at a financial services firm with 5,001-10,000 employees

CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift.

View full review »
LT
Auditor de Sistemas y Procesos at a tech services company with 11-50 employees

There are always improvements that can be made, but nothing really stands out. It's hard for me to say as I am not a direct user.

View full review »
Buyer's Guide
CyberArk Privileged Access Manager
October 2022
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,513 professionals have used our research since 2012.