CyberArk Privileged Access Manager Valuable Features
SI
Sean Izor
Senior PAM Consultant at iC Consult GmbH
Many people underestimate the value of these tools because they treat them as simple automated password management. Once you realize the volume of passwords in your organization and factor in nonhuman passwords, you realize its value. Last year, CyberArk Impact cited 45 nonhuman passwords for every human password. If you have 10,000 employees, you can imagine the number of passwords. There are also many other operations. For example, you have a Qualys scanner that needs to reach out and touch all your endpoints and scan them for vulnerabilities. They use an API call to CyberArk to pull out a Privileged credential that allows them to log in to that target. This is an automated machine call. It is tapping into CyberArk to get that credential. There can be hundreds of thousands of those operations a day. You do not want to manage those passwords by hand. Some people marginalize the significance of such a solution by saying that it is just a fancy password changer. It goes well beyond that, especially with API calls and automation. Its importance extends beyond merely changing passwords; it involves automation, API calls, and process integration, crucial in agile environments for standing up new Amazon servers or other processes needing privileged credentials. CyberArk can automate these tasks into their build processes.
Another critical feature is the proxy service via Privileged Session Manager (PSM), providing not only a proxy between your user and the target servers, protecting against malware but also offering session recording. Many companies I have worked with implemented a PAM product as a knee-jerk reaction to SOX audit requirements. They discovered they needed session recording and retention for regulatory compliance. This has become a major factor for clients instituting CyberArk, so PSM is a big deal in addition to regular password rotation.
View full review »The session recording and monitoring capabilities are valuable. We have real-time session management ability to record, audit, and monitor any privileged user activities. That is a big deal.
Automatic credential rotation and granular access control for target resources accessed by admins add to the value.
Seamless integration with the SIEM, especially Microsoft Sentinel, is valuable.
Lastly, the platform's versatility allows for the use of different types of platforms beyond just RDP and SSH, including SQL and web applications.
View full review »The whole concept of Zero Trust and implementing it with CyberArk, which somewhat adheres to the 'never trust, always verify' principle, is very valuable. I really appreciate this aspect. Moreover, the just-in-time access is impressive, allowing access for a specific time.
Apart from CyberArk's PAM solution, I like CyberArk Conjur for secrets rotation. The constant rotation of secrets makes it hard for bad actors to gain access to environments.
View full review »Buyer's Guide
CyberArk Privileged Access Manager
July 2025

Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
860,632 professionals have used our research since 2012.
I appreciate CyberArk's real-time capabilities. I can secure critical sessions, such as SSH or database sessions. As a security professional, I have real-time visibility into ongoing sessions. If anything suspicious occurs, I can terminate or freeze the session, which is part of user behavior analytics.
We can monitor and have real-time control over our environment with sessions coming from around the world, ensuring security. We have visibility and control through real-time user behavior analytics. That is my favorite feature.
View full review »The best feature is vaulting. CyberArk has a separate vault, which is their proprietary vault, which provides multiple encryptions for every password object, as well as tamper-proof recording. Recordings are sent to the vault. This is the best feature since all data and security we have are situated in the vault.
CyberArk provides me with a single account page to access all endpoints or privileged accounts, simplifying connection without the hassle of password maintenance.
View full review »The most valuable feature is platform management. It is quite easy to manage privileged access for certain target platforms with CyberArk Privileged Access Manager as compared to other products I have worked with.
It is very out-of-the-box and straightforward to configure periodic password rotations and access management for the platforms my organization is working with. That makes things easier in terms of what needs to be done. We do not have to spend time troubleshooting and working with support to figure out why something is not working, which is what I have personally done with other competitors.
NC
Nate Chiles
Privileged Access Management Engineer at a hospitality company with 10,001+ employees
The best feature of CyberArk Privileged Access Manager is its core function: automatically managing and securing credentials. The ability to ensure compliance with both our internal and industry standards is invaluable, particularly in the current environment. While managing a couple of thousand accounts may not be a large number within the CyberArk community, it significantly simplifies our work in ensuring compliance and maintaining standards. The PSM feature is also excellent, as I've found it increasingly helpful in establishing connections without exposing passwords. Although a bit clunky when I used it a few years ago, it runs much smoother now. Overall, it's a great product, and I appreciate most of its features.
View full review »The most valuable features in CyberArk Privileged Access Manager are session recording, role management, and access control division. Different groups can use all the abilities of the administrative role, and customers can divide their teams into auditors, administrators, and CISOs.
The storage of passwords is also brilliant. Everything is stored in a highly protected area, allowing customers to use a single sign-on approach to connect to infrastructure servers necessary for their daily activities.
The impact of CyberArk Privileged Access Manager on customer operational efficiency is quite positive. While we cannot provide exact figures, the effectiveness is apparent, though we lack specific data.
Assessing CyberArk Privileged Access Manager's ability to prevent attacks on financial services infrastructure is quite complicated, as customers usually do not share information about attacks or prevention. During POCs, before selling the solution, we run common attack simulations that typically occur in the financial sector, such as lateral movement. We have tested various attack scenarios in testing mode where CyberArk is installed, and we have shown to our customers that CyberArk successfully mitigates those attempts.
CyberArk Privileged Access Manager has helped reduce the number of privileged accounts to a minimum over the years. When we start working with CyberArk in customer infrastructure, the first thing we do is run the Discovery feature, which shows all the administrative accounts in different information systems. The next step involves addressing accounts that are unnecessary or could be used for malicious activities, so reducing administrative accounts is typically the second or third step after integrating the system.
CyberArk Privileged Access Manager indeed helps meet compliance and regulatory requirements for customers, especially in the financial sector, by aligning with PCI DSS standards. Consequently, customers are very satisfied when auditors evaluate their compliance. When assessing CyberArk Privileged Access Manager for ensuring data privacy, the focus mainly lies on password management. I have not encountered customers using the storage solutions for anything other than passwords, making it challenging to discuss broader data privacy. The primary data customers prefer to store consists solely of passwords.
View full review »The main feature of CyberArk Privileged Access Manager is the ability to manage who has access to what and when, especially with shared accounts. With individual accounts, that is easy, but with shared accounts, it is quite challenging for clients.
The sessions are being monitored based on the Safe design and the ownership of a respective Safe. And its maintain individual accountability, Also check-in and check-out the passwords.
CyberArk Privileged Access Manager is cool. It has a lot of good tools, including everything we need.
TB
Th. B.
Senior Cybersecurity Manager at a financial services firm with 10,001+ employees
The most valuable features of CyberArk Privileged Access Manager are its robust functionality and reliability.
It has reduced the mean time to respond, but it is hard to provide any metrics. Its log and audit files are very helpful when we have to investigate an incident.
CyberArk Privileged Access Manager helps ensure data privacy because we now know who is using which credentials and at what time.
CyberArk Privileged Access Manager did not have much effect on our operational efficiency because it is a new tool for us. Any new tool means more work. It has also not saved us costs, but without it, we would not be able to meet the requirements for operating our bank.
We were able to realize its benefits immediately after the deployment.
View full review »One of the best features of CyberArk Privileged Access Manager is the capability of Privileged Session Manager (PSM) because it provides visibility into user activities, audit ability, and traceability.
The integration with most other technologies is also excellent. We expect more plug-ins, but it already includes plug-ins for password management with other technologies, offering a robust mechanism for credential safety and management.
View full review »SS
Shad Smith
Technical Architect at a tech vendor with 10,001+ employees
The most beneficial feature in CyberArk Privileged Access Manager is its simple user interface. It is definitely advantageous. I also appreciate the enhancements that come along with the continual updates that are provided.
It has improved the organization by making it simpler to gain access to privileged credentials. There are so many accounts needed by most people now, and having a tool that can not only store those credentials for you but also manage them and give you easy access has made life a lot easier. The tool manages credential cycling, which is typically a pain for anybody, while providing a simple means to use them.
The solution is very good for protecting full levels of data privacy. We silo out different parts of the solution for access to to different types of infrastructure in the same way we would to our customers so that we can restrict who can get to something. In combination with our IM processes, we can be quite granular about who has access to what.
We can stay updated on regulations. The updates that are coming through help to keep the product secure and also add in updates and enhancements that give greater functionality and keep it relevant in terms of requirements.
The controls are fairly granular. We can control who can administrate it and who can use it and what they can use when they're using it. It has positively impacted visibility. As we leverage the product for administration of the product, we're able to be much more granular in how we provide the access. The audit controls allow us to see who is doing what, and when, it should be required.
It safeguards credentials. This is very important. The ability to have the product manage and maintain credentials and only provide them to authorized individuals, whilst not actually allowing them to retrieve those credentials, has become more paramount as we look to increase the security based on sort of ongoing real-world threats.
It's helping with compliance, specifically around securing and hardening of infrastructure. It allows us to harden while still maintaining usability.
In terms of operational efficiency, it depends on where you're coming from. Some things are more efficient, some things are a little less efficient yet more secure. It's that ongoing balancing act between operation efficiency and security that we must deal with.
We've been able to reduce the number of privileged accounts in the organization with the ability to have shared accounts. Since the credentials are not specific to a user and they're made available to a user for the duration of their session, we can reduce the number of privileged accounts we have within the organization. We've reduced the accounts by a half to a third between ourselves and our customers.
View full review »AS
Aniket-Singh
Senior Engineer at a tech vendor with 1,001-5,000 employees
The best thing about CyberArk Privileged Access Manager is that they keep on upgrading it. They continually conduct research and development from their end, and we get immediate support from CyberArk whenever OEM support is required for any task. Support-wise, they are the best, and the way they conduct research and analysis and upgrade the tool often is excellent.
ST
Sathesh-Thangaraju
Technical Support Analyst at Capgemini
Session monitoring includes recordings of all activities performed. For instance, if I connect to a server, whether it is Windows or Linux, and perform some activities, all actions are recorded. It is a video recording.
It can integrate with Splunk, SNMP, and other solutions and technologies. We have integrated it with Splunk for the audit logs.
View full review »I find the discovery feature, which includes credential management, session management, monitoring, and remediation within a session, to be very valuable. It can remediate bad activities occurring in sessions. It offers good management and monitoring as well as good remediating within a session to help users remediate within managed sessions. There's good auditing and activity monitoring.
The session monitoring helps enhance security protocols. With it, users can have more control over what's happening within the session. You have more visibility and can restrict certain activities from happening, such as someone running a malicious command or someone trying to open or edit some sort of platform configurations. You can also send notifications and remediate or terminate sessions. Monitoring helps you build in polices around how to build polices around what's happening within a session.
The implementation of CyberArk impacted our customers' compliance with the regulatory standards in a positive way. Now customers are very happy since they can ensure credentials are compliant. In terms of password management complexity, since they're managing everything through CyberArk, they're able to create complex passwords. The user doesn't really need to remember passwords since the session is entirely being launched through CyberArk. That means that they're able to have much more compliant account management within an organization. They're also able to run reports as well as activity and compliance reports in terms of data related to accounts. It is much easier when you have a tool that manages that. Before CyberArk, having reporting and visibility around usage of accounts was really tricky. In terms of compliance, it's able to cover that by giving just a whole overview of accounts within the organization.
CyberArk incorporates AI to improve Privileged Access Management. It's consistently improved as well. They do have a previous threat analysis analytics engine, which also can ingest logs from a SIEM solution if it's in place at the customer site. It's able to ingest this information and then give much more correlated security events. This module, the privileged analytics, is able to utilize behavior analytics and AI-related capabilities to be able to give security alerts to the teams. They can action alerts, or even automate to be able to have things blocked or terminated. For example, if someone changes their location. It has a geolocation that's able to then trigger maybe a password or QR code or email with a verification code to check it's that person. It utilizes AI capabilities or behavior analytics capabilities to have capabilities like that enforced.
It has the most plug-ins. Maybe thousands. So in terms of integration within different customer environments, it's much easier compared the competition. CyberArk a pioneer for PAM. They've always been the leader in terms of research and development and bringing new capabilities to the PAM. It will be able to cover 99.9% of most use cases.
View full review »The most valuable features of CyberArk Privileged Access Manager include its search capabilities. Searching was previously a challenge, especially with Windows servers. When searching, we could only search based on the account name itself, as the system couldn't identify which accounts had access to which systems. This functionality caught my attention. Another standout feature is CyberArk Compass, which is planned for an upcoming release or has potentially already been released for Prisma Cloud. Finally, managing user accounts through the PWA is quite helpful. When a user is suspended, we can activate the account using the PWA instead of the private client.
The ability to manage user accounts and suspend them with ease through Password Vault Web Access rather than a client is a significant feature.
I like the integration with tools like Compass and the ability to search based on account names and systems.
View full review »AP
Ashish Pandey
Delivery Manager at Tech Mahindra Limited
The most valuable features of CyberArk Privileged Access Manager include quick access, ease of use, and a variety of connection methods beyond the web portal. The Just-in-Time functionality within CyberArk is very important, and recent features such as the MFA gateway allow external customers to perform their work while being monitored seamlessly. Any events not adhering to SOP trigger notifications to admins for prompt action.
NS
Nawaz Sarwar
Consultant at a tech vendor with 11-50 employees
The features that are most effective, like every PAM solution, include monitoring and password rotations.
The best thing about this solution, especially on-premises, is that we can interact with it directly. If we need to develop something, we are allowed or can do it by ourselves, which is most effective for us as administrators. It is not a black box. We have the ability to customize, especially the connection components.
View full review »LL
LZ LZ
Coordenador at a computer software company with 1,001-5,000 employees
It's user-friendly and very configurable. We can do many things with it, especially with password management. It's easy to manage, and the controls are straightforward. It's a specialized solution for which it's hard to find professionals to work with, but it's very effective.
It's a very good solution for data privacy.
The feature that I like the most is the Privileged Session Manager. It offers session recordings, logging, and tracking of user workstreams. It keeps a record of activities, allowing me to easily fetch screen recordings to detect any misuse and see who did what and what happened. Its benefits can be seen immediately after the deployment.
For me, CyberArk Privileged Access Manager's most valuable features are password and session management. It also includes technologies like Zero Standing Privileges and EPM, which I deploy for customers to demonstrate the return on investment.
View full review »Given that this is the only tool that I've worked with for the control process of privileged access, I don't have anything to compare it with. However, it's helped us keep our privileged access in check. We're able to get logs as to when the user checks out an ID and for how long, so it's a good monitoring tool.
The most valuable feature I find in CyberArk Privileged Access Manager is that we can record the sessions. It provides flexible workflows. I can change the workflow to specify if it needs one approval or two approvals, and I can approve my peer. We can record sessions for external people who want or require privileged access to our systems. That is very flexible. We can record what people are doing in the platform.
The module called PTA, Privileged Threat Analytics, is very useful. When you give access to a user, it monitors and detects if the user's behavior is unusual. After giving access, it continually checks if the user is the same user. It detects unusual behavior if someone else accesses the application.
View full review »CyberArk Privileged Access Management's most valuable features are primarily its password vault functionality, specifically CyberArk's Core Privileged Manager and Privileged Session Manager. These components facilitate secure password rotation and out-of-band session management, addressing our organization's critical security needs.
View full review »CyberArk Privileged Access Manager makes it easy for users to retrieve and manage their passwords.
I have been using CyberArk Privileged Access Manager for a few months. I am still learning, and I appreciate all the networking and education at the CyberArk Impact in Boston, which is going to set me up for success as I take on my role.
View full review »JM
Jean-Luc Momplaisir
Infrastructure Architect, Senior Engineer at a tech vendor with 5,001-10,000 employees
By implementing CyberArk Privileged Access Manager, we wanted to secure the password data and password accounts. We could see the benefits of CyberArk Privileged Access Manager immediately after we deployed it and started using it.
View full review »AU
AnantUpadhyay
CEO at CareerCraftly
The PAM escalation is valued. The access control feature and privilege and role-based assignment are outstanding. Dividing the user admin for security protection is the best feature. Additionally, its remote access allows easy connection for my team, and it efficiently manages identity.
View full review »Session recordings and timestamps are valuable features. They allow me to specifically select the time a particular command was executed, so I do not have to review the entire recording. I can click on events to determine where and when they happened.
View full review »The best features CyberArk Privileged Access Manager offers are PTA, Privileged Threat Analysis, and Alero, Remote Access Management, and these features are essential for enhancing security.
PTA and Alero have made a difference for my team by providing a predefined rule assigned and implemented on the PAM; for example, it sends us an email if there is any suspicious activity or threat credential loss, offering feedback related to user behavior. For Alero, Remote Access Management, it is a very wonderful Identity and Access Management with biometric MFA, mobile access, location tracking, and a small RBAC role-based matrix access that defines user roles, serving as a replacement for VPN.
CyberArk Privileged Access Manager has positively impacted my organization, showing significant improvement since all sessions are monitored and isolated using isolated RDP sessions, which are created temporarily and expire if not used.
In terms of specific metrics or outcomes, the time savings have been noticeable, and while it is not direct access, the PAM works efficiently between servers and end users, preventing users from running or installing unauthorized applications through the AppLocker application created on the PSM.
View full review »Utilizing the Central Policy Manager to provide policy programmable password change management automation, which can be configured either globally, or by using the individual PlatformIDs which limits the effect of human error on a nationwide implementation of network devices that are remotely co-located and not readily accessible.
The implementation of the PSM proxy has reduced the specific risk of "insider attacks" on our domain controllers and SLDAP servers by eliminating direct user login by an open secure connection on the user's behalf without ever revealing the privileged credentials.
View full review »AS
Asheesh Sahu
Team Lead at Flash.co
The AI capabilities, including advanced threat detection features, are very helpful for us. They reduce human effort and errors, allowing us to quickly identify and respond to threats. This solution scales up our IT environment and resolves almost every issue that poses a threat to our organization.
View full review »Our implementation is air-gapped from the outside world, and as such, we utilize a completely on-prem solution. Our highest risk is from privileged insiders, and CyberArk's answer to this challenge was the implementation of a Privileged Session Manager (PSM). With PSM, we were able to secure, control, and more importantly, monitor privileged access to highly critical network servers by using PSM to manage accounts and create detailed session audits and video recordings of all IT administrator privileged sessions on our most critical servers. The established sessions on the target systems are fully isolated and the privileged account credentials are never exposed to the end-users or their client applications and devices.
View full review »The most valuable feature of this tool is the password rotation feature. Another vital feature of the solution is the Safe feature, which acts as a container. Only accounts included within the Safe can access a particular server.
The solution allows the distinguished use of PSM and PSMP for a Windows and Linux server, respectively. The tool makes all session recordings compulsory and cannot be tampered with. It also eliminates hard-coded credentials and supports demand-based applications.
CyberArk is very popular and provides a lot of features compared to competitors' PAM tools, which is why many customers are migrating to CyberArk's Privileged Access Manager.
The most valuable feature of the solution stems from the fact that it's the best in the market. I haven't seen any other PAM solutions better than CyberArk Enterprise Password Vault.
I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault.
The second most useful feature is the monitoring of your privileged sessions. So you have an audit trail, where any privileged access session has to be authorized, and you have access to all the relevant monitoring controls.
View full review »The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis.
The session isolation reduces the risk of exposure of the credentials and applying simpler network controls.
Web access allows the introduction of location-aware controlled access so that different locations can only access the data that is allowed to be retrieved from their sites allowing centralisation but fulfilling the regional requirements.
View full review »Credential rotation automation combined with privileged session management are great aspects of the solution. It enables highly complex passwords that the end user never knows or sees. We have some use cases where administrative users will log in to highly privileged systems using a one-time use secret and immediately following their administrative session the password is rotated
The ability to develop and deploy applications with no stored secrets is very valuable. This keeps code repositories free of secrets and application authentication is centrally controlled and monitored.
View full review »TD
Bruce P
IT Manager at BCBS of MI
I find value in notifications from CyberArk when passwords fail verification and have other issues. Investigation of these issues often uncovers other issues. The way safe security is handled is outstanding and makes it easy to provide safe access to those who need it and deny safe access to those who should not have it.
Another valuable feature is the agentless architecture of the product. Using native processes to manage passwords and not having to install and update agents is a huge plus.
View full review »AS
Américo Silva
System Administrator at Porto Editora
The password protection itself is the most important feature. It's something we didn't have before.
Moreover, the interface is intuitive. It is clear and user-friendly.
For our organization, the most valuable features of CyberArk PAM are:
- Credential Management. The automation of the retrieval and injection of credentials into sessions, and automation of password rotation.
- Session Recording. It gives us the possibility to record privileged user sessions for auditing and compliance purposes.
- Ease of integration. CyberArk can by integrated with multiple systems and applications.
- The possibility of using Multi Factor Authentication (MFA) which increases security
- Reporting module. This allows us to generate reports based on session activity
The most valuable features of CyberArk Enterprise Password Vault are password rotations and password encryptions.
CyberArk Enterprise Password Vault has a lot of enterprise-level features compared to other PAM products. It's a well-known product, and its implementation is very easy. The solution has good documentation compared to other products. CyberArk Enterprise Password Vault is legitimate software that releases patches as per vulnerability.
First of all, CyberArk offers great flexibility. Throughout our years of experience, we haven't found any system that we couldn't connect with CyberArk. We have many web management consoles, and it's no problem to connect to them using custom connectors.
Moreover, it's a highly customizable solution. If you know how to do it, you can customize it as you want.
View full review »SS
Shad Smith
Technical Architect at a tech vendor with 10,001+ employees
Password management is a great feature, as all passwords are changed more frequently. This can be scheduled in line with a specific policy requirement or each time the credentials are returned to the pool for reuse and are always compliant with the password policy however long or complicated the policy states that they need to be.
Another great feature is the Privileged Threat Analytics (PTA) as this can stop a session based on prescribed risk and bring it to an end or pause it pending approval to proceed.
View full review »TM
Tasfamichael Mijena
Manager at OIB
The most valuable feature of the solution is session recording.
View full review »PG
Paweł Gawryś
Senior IT Systems Administrator at a financial services firm with 10,001+ employees
The most valuable features of CyberArk Privileged Access Management (PAM) are its granular access controls and just-in-time (JIT) access provisioning. These features ensure that only authorized users have elevated privileges and access to critical systems. JIT access reduces the attack surface by granting privileges only when needed, minimizing exposure to potential threats.
Additionally, robust auditing and real-time monitoring capabilities enhance security by tracking privileged activities, aiding in threat detection and compliance. PAM's ability to seamlessly integrate into existing infrastructures and streamline workflows further adds operational efficiency, making it an indispensable tool for modern cybersecurity.
View full review »The most important feature is the password rotation and recording to align with customer security requirements.
The reporting and auditing functions allow us to provide evidence-based accounting to customers or security personnel when or if required. Being able to prove that "it does what it says on the tin" is a very key selling point or point scorer in project and planning sessions.
The marketplace default connectors are constantly evolving and simplifying administration. In the case of one not being available then the majority of additional requests can be catered for with some clever AutoIT scripting.
View full review »CyberArk is a good and adaptive solution. It is easy to adopt and install. It is easy for every use case.
View full review »KD
Keith Dughi
Network Engineer at CalSTRS
We like it for the ability to automatically change passwords. At least for my group, that's the best thing.
It's really good.
The digital vault is great. It protects our passwords and manages those passwords and changing periods.
There is some third-party access to our system's recording process. It's very, very important for us and we're glad they allow it.
It is a robust product. It's very stable and reliable.
The solution can scale well.
View full review »TF
reviewer092752
Cyber Security Senior Consultant at Ernst & Young
New features are being added in every release, and there are few releases a year.
Enhancement requests can be submitted by the community and are taken into consideration by the company.
View full review »CyberArk has a lot of modules, such as Enterprise Password Vault, which is the heart of the solution and needs to be up and running at any time. Privileged accounts and session recordings get stored inside the vault itself.
Likewise, we can configure high availability for the vault, like an active/passive or an active/active configuration. Replication disaster recovery is also supported.
CyberArk is also capable of rotating the credentials for a lot of endpoints. It has the CPM plugins by default for password management, Windows and Linux, as well as databases like Oracle and MS SQL, and can also rotate to some network devices like Cisco 9000.
We have Privileged Access Management, a general server between the user's and the target's machine. All of the sessions go from that server to the target endpoints. Once the end user disconnects the session, the session recordings and live monitoring will be uploaded to the vault. That recording will be stored for 180 days for auditing.
Another component is Privileged Threat Analytics. It detects any threats on target machines. For example, an end user might connect to a Linux endpoint and try to run privileged commands. Those commands are customizable and can be defined in the PTA as well. Whenever those users run those particular commands on the target, the PTA will report suspicious activity and report to security admins in the organization via mail or even on the web portal. We have a separate tab for security.
Within security events, these particular suspicious activities will be detected as threats and attain a risk score, "This is the user who connected to this particular target and ran these particular commands or applications."
CyberArk has a remote access solution called CyberArk Remote Access Alero. CyberArk also supports HTML gateways so that users can connect from outside the network without a VPN connection.
The solution has many advantages, such as the user interfaces and remote app features when using local applications when sessions are getting established over RDP, SSH, database, and web browsers. It is easy for administration as well.
View full review »The password rotation and cyber gateway have been quite useful. It's a solution that allows you to search for passwords for your servers and accounts. This is the most feature power.
The solution is quite stable.
It is scalable on the cloud.
CyberArk is one of the greatest platforms. It supports lots of requirements in the privileged access management area.
From a configuration point of view, it is not very straightforward as per the deployment. The configuration is typical. However, when it comes to the integration piece, it has flawless integrations with lots of applications, whether it is out-of-the-box or customized. It supports any number of platforms.
The company is very keen on looking at new applications to build out-of-the-box plugins. The support for the privileged single sign-on configurations with the application is excellent.
Security-wise, the security is unbeatable compared to any other tool in the industry. They have a vault concept. They consider it similar to a bank vault. This is where they keep all the privileged admins' passwords. That particular vault has seven layers of security, which are unbreakable. It basically cannot be hacked. It cannot be hijacked.
If something goes wrong, for example, if the vault is destroyed, your data is still protected. You can easily revive your data from that particular vault. It's a great capability. The security is excellent. It is very, very tight here. They support one signal protocol kind of communication with the internal products.
Where your password will be residing that is protected by a seven-layer of security. It has a web interface hosted on an IAS server on Windows. It has a CPM called central password management, which will do the password rotation. That is sitting on one other server. It has a session manager, which provides the single sign-on mechanism, privileged single sign-on mechanism, or automatic single sign-on to log into any infrastructure servers and applications. These are the four core products, and they integrate with each other and they integrate on one single port.
If you try to intrude on the system or any hackers try to intrude the system, they will not be able to do that as the communication through this port is entirely encrypted. They will not be able to revive the data in real-time. It's a great security feature.
It supports hybrid deployments as well. It supports single standalone deployments for high availability with different kinds of deployment structures or topologies. This is a growing trend in the market.
MM
Miguel Angel Muñoz
Security Advisory Services (SAS) Business Growth Lead for Iberia at a computer software company with 10,001+ employees
One of the best points is that it gives you full control for all the use cases in your infrastructure, in terms of servers, applications, social networks, batch processes, etc.
It gives you the ability to know what is happening, who is executing everything, and recover that information over time. Everything is recorded there. This is useful, not only for auditing proposes, but for admins and users. This also helps with troubleshooting. For instance, an application or system starts failing at 4:30 in the morning on a Sunday. Usually, the first questions that you ask yourself is, "What changed at 4:30? What has happened? Who was touching that server?" WIth CyberArk, you have the ability to search for that information and find it in minutes. It is really useful for troubleshooting.
The PPA from CyberArk provides a lot of information about access and allows for possible detection of fraudulent use or different tries of accessing, even for family Internet users. Thus, it gives you another source of information regarding risk.
We are using Secrets Manager with some of our customers. We are using it mainly for containers and DevOps. This secure access is really important, and becoming more important every day. We are constantly moving customers to the cloud. Every day, containers are more important for our customers as they extend into microservices, etc.
The possibility to integrate with the DevOps cycle is vital right now. Sometimes, containers are deployed while some clients have them very protected. They have a lot of things with Panorama, Microsoft, etc. That is a risk because you are deploying things quickly, along with errors and other things that you are developing. So, having to use hard-coded passwords here would be a big mistake.
Secrets Manager accelerates a lot of the possibilities and simplifies the process, since development teams just need to use credentials. When they arrive on a project, there are new people or resources in their development teams. Thanks to CyberArk, they just need to manage their identities to have access to everything. They don't need to receive credentials nor search for them. They have everything the day that they start working.
We find it easy to use CyberArk PAM to implement least privilege entitlements. We usually do some interviews at the very beginning with different teams to understand their real needs. We define saves and different AV groups for the kind of users that we are going to prepare. Then, the process to assign permissions to different groups is really easy and straightforward. If you want to change or reduce access, that can be easily changed at any moment.
View full review »In our initial use case, we found CyberArk's privileged session management functionality to be incredibly flexible. It's challenging to write these plug-ins, but if you have somebody with a development background, you can write all sorts of custom connections to support different functional applications. We've written over a hundred custom connectors ourselves that allow us to do all types of privileged session management for various applications. On top of that, the rest of the API-based central credential providers allow us to get away from credentials that may be hard-coded in the script or some application.
View full review »The tool has safe vaults. We keep our passwords in the Vault. The tool’s recording feature is also valuable for us.
View full review »AI
AslamImroze
Technical Manager at Gulf IT
The scalability is very easy.
The most valuable aspect was being to be able to manage it through multiple mediums. We can manage it through its command line interface, web view, and directly logging into the digital environment with permission. You have multiple mediums. You don't have to give direct access to the world every time you want to limit what admins should do and what they should not do.
CyberArk has the biggest number of features available when you compare it to other PAN solutions like BeyondTrust, Thycotic, and Delinea. They tend to have a lot of separate components.
Performance-wise, it is excellent.
View full review »The product is fairly priced.
It's stable.
The solution is scalable.
People are quite satisfied with the way it's working and the support we receive.
The security is good.
The interface is fine, although I'm not directly using it too much.
We found the initial setup to be easy.
View full review »All of the features of CyberArk Privileged Access Manager are valuable.
View full review »CyberArk's best aspect is it lets you store the password, and it allows you to connect to those connected systems' passwords. For example, there is an AD in your organization, and you have stored the AD password. Say you want to change the AD password; you just have to change it in CyberArk. CyberArk itself will change the password in the connected system. That's one nice feature they have introduced in the latest features.
View full review »For me, Privileged Access Manager and One Identity sort of merge together. For me, the best part of CyberArk is Password Vault and Endpoint, basically. If you ask me what's there that, it's that everything is pretty straightforward. There is no confusion. It's a pretty straightforward application to work on.
It is a scalable product.
The solution is stable.
View full review »All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information.
Another valuable feature is that if you don't have access to a machine, you can see the machine in CyberArk. It's the management capabilities that CyberArk enables for a company that are very useful.
Other useful features are optional, such as recording decisions or rotating passwords.
View full review »When it comes to PAM, it is always about compliance. It has a feature that enables you to access the password in a very secure way using encryption. You also need multiple approvals. For example, if you have access to CyberArk, it doesn't mean that you have access to the server. So, whenever you try to access that server, a request will go to your manager. Once he approves the request, only then will you be able to access the server. These are a few of the features that I like about this solution.
CyberArk PAM provides ease of access based on how they have designed it. It is clearly defined where you have to go and what you have to do. If you are an end user, it is very easy to use and provides a comfort level.
View full review »NM
Nigel Miller
Information Security Leader at a government with 10,001+ employees
The Privileged Session Manager has been the most useful feature because we're able to pull back information on how an account is used and a session is run. We're also able to pull training sessions and do reviews of what types of access have been used.
We also use CyberArk’s Secrets Manager. Because AWS is the biggest area for us, we have accounts in AWS that are being rotated by CyberArk. We also have a manual process for the most sensitive of our AWS accounts, like root accounts. We've used Secrets Manager on those and that has resulted in a significant risk reduction, as well. There's a lot to it, but from a high level, we've been able to get some things under control that would have been difficult otherwise.
For DevOps, we've integrated some automation with CyberArk to be able to onboard those systems. There are some native tools like the CFTs that we're using with CyberArk to get CyberArk deployed automatically to them.
It also gives us a single pane of glass to manage and secure identities across multiple environments; a single view with all of the accounts. It's super important for us to be able to see all of that in one place and have that one-stop shop with access to different environments. We have lots of domains because a lot of acquisitions have happened. It's important for us to be able to manage all of those environments with one solution and we do have that capability with CyberArk.
DS
Deepak Sahani
Senior Manager, Cyber Security at OPTIV
Previously, we used to share passwords for service and normal admin accounts among team members. However, since we started managing it through the product, we've transitioned to individual admin accounts or implemented dual control for shared accounts. With dual control, exclusive checking and checkout options are available, and passwords are not stored in clear text anywhere in the credentials.
The solution's most valuable features are automatic password rotation, privilege manager, and secret manager. Previously, IT personnel had admin rights on their regular accounts, allowing them to log in to domain controllers. However, this posed a security risk as compromised accounts could grant unauthorized access to domain controllers. To mitigate this risk, we implemented separate DA accounts for IT staff. These DA accounts were restricted from logging in to domain controllers and did not have associated email addresses. They were dedicated AD accounts solely for accessing domain controllers, and the solution handled their management.
Previously, manually rotating admin credentials was a time-consuming task. However, implementing the tool's automatic password management feature has made this process easier. We've configured defined policies within the solution to dictate when these credentials should be changed.
View full review »RB
Rohan Basu
IT Manager at a tech services company with 10,001+ employees
One of the features I found valuable in CyberArk Privileged Access Manager is privileged session management. It's a feature that allows you to record the session, so if there's a risk, that risk can be highlighted.
I also found it valuable that CyberArk Privileged Access Manager can be integrated with PTA, and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature.
Another good feature is the CPM because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain.
Integration is also a valuable feature of CyberArk Privileged Access Manager. It has an application access module function that allows you to integrate and manage applications, including BOT accounts. It also allows you to manage ServiceNow and many other applications.
View full review »The most valuable aspects of the solution include password management and Rest API retrieval of vaulted credentials.
View full review »I like the integrations for external applications. There are actually infinite possibilities of systems to integrate with - you would just need to have more time to do that. It is not an easy job, yet really valuable. I am not an expert on that, however, I try every day to be better and better. I have the support of other experienced engineers I work with so there is always someone to ask if I face any problems. End-customers sometimes have really customized needs and ideas for PSM-related usage.
View full review »I like everything about it. It's secure and reliable. I especially appreciate that it's locked down and only allows access to authorized components.
View full review »The solution is able to rotate the credentials and session recording. CyberArk has the ability to change the credentials on every platform.
View full review »The models as a whole are great. I'm not sure if I can pull out specific features. I like that if we execute the user can't access their devices. If you remove the session manager, the user can't access their devices. It helps ensure we can protect our organization and data. The session manager is the most critical part of CyberArk's PAM solution.
It works perfectly well.
The solution is pretty easy to set up.
The solution is stable.
It's scalable.
View full review »SB
Swapna-Bommarajupet
IEM tower manager at Capgemini
The password vault and session monitoring are useful.
View full review »What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users.
View full review »The main, most valuable aspect is its capability to secure our environment. That's the main reason why we are using it.
View full review »Creating policies and the password rotation feature have been valuable. We don't have to memorize our password for the ADM account.
Security wise, it's really safe. The password expires within six to eight hours, so no one can get that password from us. Other users can't log in without our credentials, and also, the ADM account password will automatically rotate.
It's really user-friendly as well.
View full review »The logs and reporting features are impressive.
View full review »The automatic rotation of credentials is probably the most useful feature.
View full review »MK
Mateusz Kordeusz
IT Manager at a financial services firm with 1,001-5,000 employees
The PAM feature is the most valuable. It helps us to automate our jobs and administrative tasks.
It also gives us a lot of features for compliance. Using this type of software is required by Polish law in finance and business in Poland.
We use CyberArk’s Secrets Manager to secure and manage secrets and credentials for mission-critical applications. The newest GUI is much better than the older version. Now, it is quite good.
CyberArk PAM provides an automated and unified approach for securing access to all types of identities that we use. This is very important to us.
View full review »AD
Alexander Djuraev
Sales Engineer at Softprom by ERC
The solution's most valuable features are one-time password and exclusive access.
View full review »DK
DharmendraKumar1
Senior Manager Cybersecurity at LTI - Larsen & Toubro Infotech
CyberArk Privileged Access Manager's main benefit is it provides secure access to our servers. There are features to capture the user activity, it provides video recording processing. If the users are logged in to the server, we can see what activities they are performing. It's a very nice tool for Privileged Access Management. They have plenty of useful services and the solution has fulfilled our needs.
View full review »It is one of the best solutions in the market. Ever since I started using this solution, there has not been any compromise when it comes to our lab.
View full review »The most valuable feature of CyberArk Enterprise Password Vault is the auto password recycling feature, which works this way: previous accounts which are managed by this solution get their password reset every time, based on our given parameters, e.g. every two days, every five days, every week, etc. You give CyberArk Enterprise Password Vault the number of days that you want the passwords to be changed, so users won't need to have their passwords written somewhere. They can just log on to the solution and retrieve the password. They may even be able to remotely connect to the devices that they want to connect to via the PSM function of CyberArk Enterprise Password Vault.
View full review »The automatic change of the password and Privileged Session Manager (PSM) are the most valuable features. With Privileged Session Manager, you can control the password management in a centralized way. You can activate these features in a session; the session isolation and recording. You apply the full intermediation principle. So, you must pass through CyberArk PAM to get access to the target system. You don't need to know the password, and everything that you do is registered and auditable. In this case, no one gets to touch the password directly. Also, you can implement detection and response behavior in case of a breach.
With CyberArk, you have a centralized store. With Privileged Session Manager, you can just look by the browser, looking through the name of the account, the name of the system, and the host name. In this case, you get the password and can then get through. Therefore, it is easier to get access to the system because it is easier to search the system for what you want using the user interface/browser of CyberArk. You also have an auditable action because the password is unknown to the administrator.
View full review »IS
IrmaShattuck
Program Manager at a recruiting/HR firm with 5,001-10,000 employees
I love how easily we could operate within Password Vault and get things done. It was almost effortless. After we went through the implementation phase, it did what was promised, and we did not have to call support. It was a flawless install. All of us had experience as well because we got our certifications. We'd worked with it for at least a year.
View full review »The most valuable feature is CyberArk DNA, which is an open-source tool used for scanning all servers, like Linux or Unix. We can get a very broad idea of the scope and picture of the servers as well as their predefined vulnerabilities, the service accounts running on them, and the dependent accounts running on those services. We get a very wide scope for all our servers and environments.
There are some other options like Privileged Threat Analytics (PTA), which is a threat analytics tool of CyberArk that detects violations or any abnormal activities done by users in the privileged solution. This tool is very unique, since other PAM program solutions don't have this. This makes CyberArk the unique provider of this feature in the market.
It is very easy to maintain passwords in the solution, instead of changing them manually or using other tools. So, it is a centralized location where we have accounts and passwords in a database based on our defined policies.
Product-wise, CyberArk is continuously improving. For the last two years, it has brought on new modules, like Alero and Cloud Entitlements Manager. Alero gives VPN-less access to the environment. So, there are many new things coming into the market from CyberArk. This shows us that it is improving its modules and technology.
We can integrate the solution with any other technologies. This is straightforward and mostly out-of-the-box.
For DevOps, we are using Conjur with a Dynamic Access Provider. We use those modules to make sure identities on other environments have been secured. For Azure and other cloud environments, we have out-of-box options where we can do some little configuration changes to get those identities secured. We have a process of managing these identities for RPA as well.
It has a centralized page where you can manage everything. This makes work easier. You don't have to remember different module URLs or browser applications. It is very easy to get all the secure identities of other environments into a single page, which is very important for us as it helps a lot in terms of operations, e.g., reduces management time. This is a single page where you can manage all accounts and onboard them to the CyberArk. You can then secure and see passwords from everywhere. So, there is a single pane of glass where you can manage all the identities across environments as well as across different types of identities.
We have a module called Endpoint Privilege Manager (EPM) that is used for the endpoint, managing the least privilege concept on Windows and Mac devices. We also have On-Demand Privilege Manager (OPM), which is used on UNIX and AIX machines. Using these modules, we can achieve the least privilege management on endpoints as well deploying on servers, if required.
View full review »CyberArk probably has probably the best vault on the market because of the multiple layered security and each password getting its own encryption. Each password gets individual encryption. By the time you are able to crack one of the passwords, it's already been changed a dozen times.
The attack surface on a CyberArk Vault is very nominal and in addition, CyberArk also has its own on-staff hackers where companies actually hire them to perform penetration testing, but within, inside the environment.
View full review »The integrations are the most valuable aspect of CyberArk Privileged Access Manager. The software offers pre-built integrations, and our team can also create custom connectors. This flexibility allows us to integrate with systems that we previously didn't consider integrating with, making it a significant advantage for us.
View full review »The password management feature is valuable.
View full review »We have found the core features of the product most valuable, such as password management, session recording and vaulting.
View full review »The most valuable features of CyberArk Enterprise Password Vault are password vaulting and automatic rotation of passwords after use.
View full review »RS
Renato Santos
Cyber security architect at a financial services firm with 10,001+ employees
The privileged support manager is the most valuable feature of CyberArk Enterprise Password Vault.
View full review »The feature I find most valuable is the password credential rotation.
View full review »The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so.
View full review »The most valuable feature is privileged session management.
View full review »I like the performance of CyberArk Enterprise Password Vault.
Definitely, it's a reliable solution.
It has a wide range of features. They are probably the widest range of features on the market. It is the main reason customers usually select this product.
This solution works very well, and the feedback from our customers is very good.
Integration is one of the strongest capabilities of this solution. There are hundreds of integrations that are ready to use. It is continuously growing, which is one of its strengths.
The interface is really user-friendly.
It's a highly flexible solution that can adapt to each customer's needs.
Another strength, for both performance and the security levels, is the segregation of the different rules of the solution.
View full review »It is useful for protecting passwords. If you need to do access security management, you can first use the CyberArk console, and after that, you can connect the firewall interface or firewall command line. Similarly, if you need to do an RDP session, you need to first log in to CyberArk before connecting to the Windows RDP session. This way, the admin doesn't know the password, and that password is changed immediately. To change the password, you first discover the old password in the network, and after that, you can change the password.
View full review »AT
ABHILASH TH
Managing Director at FOX DATA
Their legacy of more than 20 years is very valuable. It brings a lot of stability to the product and a wide variety of integration with the ecosystem. Because of these factors, it has also been very successful in deployment. So, the legacy and integration with other technologies make the PAM platform very stable and strong.
In terms of features, most of the other vendors are still focusing just on the privileged access management or session recording, but CyberArk has incorporated artificial intelligence to make PAM a more proactive system. They have implemented threat analytics into this, and there is also a lot of focus on domain controller production, Windows, LINUX Server, DOMAIN CONTROLLER protection etc. They have also further advanced it with the security on the cloud and DevOps environment.
They have a bundle licensing model, which really helps, unlike competitions complex licensing. Even though in our market, few customers have the perception that CyberArk is expensive as compared to some of the other new PAM providers, but in terms of overall value and as a bundling solution, it is affordable and also CyberArk is highly scalable platform.
View full review »It completely depends on the requirement. For some of the RPA robotic types of user identity, we prefer for it to happen in an automatic way, but some of them are highly critical, so we don't do it automatically. As for the end-user experience or expectation, if they want to change it at their end, they can do it.
View full review »The interface is very simple to use.
Security-wise, CyberyberArk is better than the other products.
View full review »In order to reduce the attack surface, the automated password change was pushed to the maximum. This way we know that no password is known or not for more than eight hours. It simplified the life of the operational teams because they do not need to take care of the secrets and keep their attention to maintain the infrastructure.
What also helped is the ability to constantly track who accessed which object. We took the opportunity to change our process in order to comply it. Now the activities can be done faster with better user experience.
View full review »KC
KunalChandel
Corporate Vice President at a insurance company with 10,001+ employees
PSM has been one of the most valuable features. We started on this journey a while back. Initially, when we did not have PSM, we started with AIM and that was our first use case. But an audit came along and we had to go towards something a little bit better and we had to migrate more applications. PSM came along and did exactly what we needed it to do. To take care of all the deficiencies that we had, PSM was the right thing to do.
View full review »DP
DavidPoints
Associate Director of IAM at INTL FCStone Inc.
Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control.
We're quite new with CyberArk. We've just installed it this past summer and we've taken off with the Microsoft tier model. Tier 0 is our domain admin accounts and our local admin accounts on some applications are specific to SOX requirements. That's been amazing. It's basic-use PAM, but it's been really fast and easy because of the DNA scan. We knew what was there and we were able to go find who owned those accounts. Step one, step two, step three are really easy.
View full review »JM
Je’rid Mccormick
Lead Automation Developer at COUNTRY Financial
AIM has been a great help in automating password retrieval which removes the need for hard-coded credentials. Hard-coded credentials are a risk to organizations as they are easy for attackers to target. Therefore less hard-coded credentials increase the security stance of the enterprise. We have greatly utilized the out-of-the-box usage automation like Windows Scheduled tasks and password config files. The reconcile feature is another must-have to give users the ability to not only change their password but to unlock it as well where needed.
View full review »The most valuable feature of CyberArk Privileged Access Manager is privileged threat analytics.
View full review »The most valuable feature of CyberArk Privileged Access Manager is the vault. I am satisfied with the interface and the documentation.
View full review »RD
Rodney Dapilmoto
Systems Admin Analyst 3 at CPS Energy
The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task.
Using the PSMP (Privileged Session Manager Proxy) makes it extremely convenient for UNIX Administrators to utilize their favorite SSH client software (i.e. SecureCRT or Putty) to connect to a privileged target without having to go through the PVWA web login.
View full review »In general, all CyberArk's features are very useful from a privileged account control point of view, and for session management and password rotation.
The biggest feature is the security of the overall solution. It's very secure. The vaulting technology and the number of security layers involved in the vault, where privileged accounts are actually stored, is the heart of the solution.
There are many other important features of CyberArk:
- Privileged Session Manager (PSM) connects you to the target platform.
- Password management (CPM) provides automatic password rotations, including password verification and reconciliation.
- Auditability, which means CyberArk keeps track of logs and audit trails, including session recording, which is another key feature.
The password management enables the rotation of passwords per an organization's policy. Passwords can be rotated after N number of hours or based on a particular day. It's a very key feature from a security point of view, because passwords are meant to be rotated very frequently. CyberArk does it very well with different plugins.
Password Vault's main advantage is its scalability. We constantly see huge enterprises implementing something like this, and the privileged session management is an excellent piece. You can kind of watch videos of whatever an admin has done. So, for example, if an admin doesn't check out their password and fires up a session on a machine, you can see playback. Scalability and those particular features are pretty valuable for monitoring your insider threat.
View full review »Password Vault's policy configuration is very good - when you receive an attack, you can segment the structure of the project in order to isolate parts or users.
View full review »CyberArk's GUI is user friendly.
View full review »AM
Anthony Mook
Senior Security Manager at SMU
It's not very different when compared with other products.
View full review »HT
Hichem TALEB-BENDIAB
CDO & Co-Founder at ELYTIK
This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.
View full review »The CyberArk solutions that have been the most valuable for my solution are the Discovery & Audit (DNA) and Privileged Threat Analytics (PTA) tools. CyberArk is a very important tool for my organization.
The setup was very easy for me.
View full review »I haven't really thought about anything that I want to use it for, that I couldn't use it for.
View full review »RN
Richard Nagygyörgy
Product Manager at a tech services company with 11-50 employees
The most valuable feature is Special Monitoring.
View full review »The technical support is good.
It's pretty good at recording actions taken within an environment.
View full review »Every aspect of the solution is very well integrated, and that gives comfort. It is a fail-safe kind of environment. I think that's the fail-safe feature makes customers comfortable because there are no non-integrable stuff or cures. For example, a vault would have its own anti-virus, its own application, its own operating system to stay hardened. It is absolutely hardened for it to be protected from the outside world.
View full review »The most valuable feature is the ability to delegate access to admins when they need it. It allows us to have some kind of proof on the approval process, rather than give people standing access on a full-time basis.
View full review »SS
Shad Smith
Technical Architect at a tech vendor with 10,001+ employees
Reducing the number of “admin” accounts by utilizing accounts that can be used by individuals with the same role, but only one at a time. When the accounts have been used, its password is changed (to something a user would have had to write down) before being made available for reuse. The passwords which are hidden from the users are not known, and thus can be long and complex, while only being used for a session before being changed.
View full review »BA
BridgitAmstrup
Cyber Security Manager at a hospitality company with 10,001+ employees
I like how thorough and complex it is. We have a solution, and it meets the needs that we need.
The most recent improvement with the user interface upgrade was really nice. It makes the end users very happy. It is way more intuitive. The information that they need to have is now available to them. So, I appreciate that as an update.
View full review »GO
GerryOwens
Founder at GoTab IT Risk Services
The most valuable features are its simplicity and the ease of implementation. When you think about privileged access management and the complexity of solving privileged access for those system administrators in your organization, CyberArk is a product that helps you simplify that problem and implement a standard set of security controls to protect the enterprise.
In terms of the products ability to manage Privileged Access control requirements at scale; scale is really a function of two influences, which would either be the size of your infrastructure, or the complexity of your organizations operating model for those that have privileged access to your infrastructure services. CyberArk scales quite readily across a large organization and through proper design and engineering is capable of expanding across a variety of use cases. Like any technology control implementation however, it is always important to ensure you review and optimize the organizations support operating model, in order to ensure that you have the most optimal design and implementation of CyberArk.
BZ
BrettZych
Identity and Access Management Advisor at a energy/utilities company with 5,001-10,000 employees
Service count rotation is probably one of my favorite features. Even though we're not using it right now, we're going to be using it in the future. The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now.
The solution's ability to manage all our access requirements at scale is interesting, actually. It does everything we need it to, and it's not a tool that I expected we would be using at this scale, as an enterprise-wide client. A little bit of history on that being that when we first started using it, it was a glorified password vault. It was a store. It was KeePass. So we really scaled it up and it's been a really interesting journey.
View full review »The most valuable feature is the special management. It records the activity and the actions that we use for auditing.
View full review »The most valuable feature is that it is flexible. It has many connectors. that have done well, the EPV and SSH sessions are all being recorded and everything works fine.
View full review »The solution is very complete. It has the most features on the market.
Session monitoring is excellent. It may be the solution's most valuable aspect.
The solution offers very good password protection.
It offers great integration with many products.
View full review »FP
FabioPericoli
Director / Engineer at Provincia
Our most valuable features would probably be password/key rotation, the SSH key manager, account discovery and quality of video recordings.
Security is the solution's most valuable feature. As far as I know, this solution is the most secure system of this class on the market today, even considering another management system like Fudo Security, which we also use. The integration capabilities are very good; it helps strengthen our overall security.
View full review »The features that we find most valuable are:
- Enterprise Password Vault
- Privilege Session Manager
- Application Manager
- Team Manager
These modules help us in locking down the credentials, rotating passwords automatically without us having to worry about it, isolation of servers from the user machine and availability of privileged session recordings for us to check on demand.
View full review »Automatic password management based on a strong password policy. Because still, many people choose not strong enough passwords for administrative accounts.
View full review »- Session recording
- Password rotation
The two main features are the CPM and the PSM. This is to make sure that the credentials are managed in a controlled manner and the sessions that are launched are set up in an isolated way.
View full review »- OTP
- Session recording
- Auditing
- It takes away all ambiguity around "known" admin accounts.
The vaulting technology as well as the privileged session management: Having the vaulting tech ensures that the credentials are secure, and PSM ensures that the end user can perform needed tasks without knowing or needing the credentials.
View full review »Shared-service accounts reducing the number of potential entry points as well as the ability to standardise our PAM across a diverse estate.
View full review »- Recordings
- Exclusive use, and
- OTP.
There can be no ambiguity: An account can only be in use by one single known user, and they have no knowledge of the password.
View full review »The most valuable features for us are the AIM and PSM because they helped us by reducing the number of secrets floating around.
View full review »There are several features we've found valuable. We're auto-discovering our new Windows servers, we're managing root in our Unix environment, and now we're pushing for SA password rotation this year.
View full review »- The visibility of what is being run and control of those applications.
- Limiting the unnecessary application users think they need, and producing security vulnerabilities.
JL
José Luis Llorente Rey
Senior Specialist Identity System Support at Roche
- Master policy: allows us to establish a security baseline for our privileged accounts.
- CPM: allows us to rotate passwords following the policy defined.
- PSM: allows us to provide isolated sessions to the customer with additional controls (real-time monitoring, session isolation, and session recording).
We can be connected to the target system and the PSM component comes into play. In addition, a true asset is the recordings the solution keeps.
View full review »DH
Dan Hines
Senior Technologist at a retailer with 1,001-5,000 employees
We are able to know who is accessing what and when; having accountability. That is the big thing.
View full review »DH
DanHines
Technologist - Specialty in Identity and Access Management at Sears Technology Services Incorporated
- Reporting and PSM I feel are the two biggest points for us. We provide our audit team with failed password reporting, safe membership, and privileged account inventory reporting.
- The DNA scan is very helpful and provides a security baseline for your environment. I highly recommend running a DNA scan on your environment.
VS
Varun_Sahu
Senior Associate at a consultancy with 10,001+ employees
The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out. It also provides flexibility and a comprehensive reporting. In terms of reporting, it can pull up to three types of reports and you can do some Excel work on those. Then, you will be able to find information that you were looking for. It is is the reporting by-laws, as well. Apart from this, it also has a lot of advanced components. It can extend the picture at the end of the productive scope.
View full review »HP
HimanshuPandey
Lead Consultant at a tech services company with 10,001+ employees
I really like the PTA (Privileged Threat Analytics). I find this the best feature.
View full review »RS
Randhir-Singh
Principal Consultant, IAM Projects at a tech services company with 201-500 employees
I find the threat analytics is an important feature. CyberArk can look at the log details, and analyze who is using the applications, which are their locations, and which are the IP locations from which they are accessing. This enables the solution to find the exact location the threat is emanating from. We really value this feature.
View full review »SB
Sumit Batabyal
Security Team Lead at a tech services company with 10,001+ employees
The most valuable feature to me is the recording feature. I can track all of the records, the commands, the server, any misguidance, etc.
View full review »AP
Ashish Pandey
Delivery Manager at Tech Mahindra Limited
The password reconciliation and its limitation with respect to access in target servers along with the end users apart from the import, which is already available. This helps our customers in their software requirement imports.
View full review »- It is very secure.
- The voice technology is very good.
- It is very simple to use.
The basic features are, themselves, highly useful. I was just saying to some CyberArk people that I came to understand fairly early on that CyberArk is not just an IT security or cybersecurity tool. It's also an administrator tool.
I had a fair number of systems where the passwords were not fully managed by CyberArk yet, and they were expiring every 30 or 45 days. I was able to get management turned on for those accounts. From an administrator perspective, I didn't have to go back into those systems and manually change those passwords anymore. CyberArk was taking that administrator task away from me and handling it, so it lightened the load on our administrative work.
It is a good security tool, but it's also a great administrator tool in that respect.
View full review »I feel like I love EPM more because it is a pretty sleek tool. I like how it manages everyone's accounts. It removes all the local admin accounts, and I like that part about EPM.
You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily.
View full review »RK
Rahsaan Knights
Information Security Analyst III at a healthcare company with 10,001+ employees
- I love the interface because it is colorful, easy to read, easy to see, and how easy it is to make policies.
- I love how we can make a policy that affects everybody instantly, which is great.
- I love the reporting features, so it is easy to see what we did.
I love the product overall, because it is great.
View full review »The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization.
View full review »We are able to rotate credentials and have privileged account access.
View full review »SP
Sack Pephirom
Senior Security Engineer at a financial services firm with 1,001-5,000 employees
- Ability to do workflow.
- Allows users to self-provision access to the accounts that they need.
We are using the VSM proxy solution. That's what we are mainly using. We will try to use the PTA and AIM in the future.
View full review »I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes which can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors.
And then, of course, the users have the ability to rotate those passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically.
PSM is pretty cool, but my favorite part is I get to secure your passwords that you get to use either with or without PSM.
View full review »Being able to automatically change usages, whenever the password is reconciled. However, we still have to educate the user community, because not all our users enter the usages.
View full review »The auditing and recording are incredible. Also, we have started using the AIM product to get rid of embedded passwords.
View full review »The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself.
View full review »Number one would be the company, CyberArk, itself. The support, the ongoing assistance that is there, the ongoing ideas that are out there from champions, and from the other community forums that are out there, is just phenomenal.
View full review »It has an automatic password rotation. We have so many accounts, and being such a large organization, it helps take a lot of maintenance off of our plates, as well as automating a lot of those features to help increase our security. Having this automation in place, it has really been beneficial for us.
We do use their AIM solution for application credentials.
Credential rotation. It's tops.
View full review »SY
Song Ye
Senior System Engineer at a transportation company with 10,001+ employees
- AIM
- CPM
JM
Je’rid Mccormick
Lead Automation Developer at COUNTRY Financial
The most valuable would be the REST API on top of PTA, which we do not have installed yet, but we are looking to install it moving forward in the future. What it enables us to do is if someone takes a privileged account and logs into a machine that we do not know about, it will alert us and log that they have logged in. It allows us to take that identify back and rotate the credentials, so we now own it instead of the intruder going out and using a rogue account.
View full review »JG
Jack Gammon
Security Analyst at a financial services firm with 5,001-10,000 employees
We are able to rotate privileged user passwords to eliminate fraudulent use.
View full review »EG
Eli Galindo
Data Security Analyst II at a financial services firm with 5,001-10,000 employees
The central password manager is the most valuable feature because the password is constantly changing. If an outsider threat came in and gained access to one of those passwords, they would not have access for long. That is critical and very important for the stability of our company.
View full review »SB
Stephen Brittain
Security Analyst at a insurance company with 1,001-5,000 employees
- Scalability
- Stability
- Usability
We are able to centrally manage credentials, touch applications, and rotate passwords.
I have some experience with the generator utility plugin. Although, we did plugins prior to the generator, manually installing them working with support. I do like the interface with the generator utility plugin, as it is very handy.
View full review »The support is good and quick. This is what we are paying for. We can try to implement something on our own end. However, when we need immediate support, because something is down, we usually get it within acceptable time frames.
View full review »The most valuable features would be:
- Ease of installation
- Support for every use case that we have come across.
- Application credentials: We have been able to manage them in CyberArk, whether they come as a custom plugin or straight out-of-the-box.
KE
Kevin Elwell
Security Analyst at a retailer with 10,001+ employees
The most valuable feature is the ability to manage many accounts and broker connections between devices without needing to know passwords.
It is a customizable product.
View full review »KK
Kishore Kumar
SAP CRM /C4C /SAP Hybris at ATOS
CPM, which helps keep the password policy up to date. which eventually helps to maintain the GDPR data security requirements for almost every client in Europe and elsewhere.
View full review »KR
karthikrajaraj
Technical Director at Unique Performance Techsoft Pvt Ltd
- Ability to provide native experience for users to login to privilege accounts. They do not need to go through a portal to access servers and accounts.
- Agentless solution which is easy to customise to any platform having network connectivity.
- Wide range of devices supported out-of-the-box.
- Easy to configure HA and DR options.
- Online training enables cost effective valuable training.
- Controlled access and rotation of credentials.
- The Vault offers great capabilities for structuring and accessing data.
- Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices.
- Privileged Session Manager is for provisioning, securing, and recording sessions.
Allows secure, logged access to highly sensitive servers and services.
View full review »EPV, as a whole, is very valuable to the company. However, the regulation of accounts is by far the most needed and valuable part of the application.
You can gradually implement CyberArk, starting with more easily attainable goals, such as basic vaulting and password rotation and build on that with additional modules, such as Privileged Session Manager and Application Identity Manager.
View full review »All of the features we use have helped our security posture in some way. All of these have their place in defining and supporting the security posture:
- Password management
- Session management
- Recording
- Access control.
EV
Eric Vanatta
Identity and Access Management System Administrator Sr. at a financial services firm with 1,001-5,000 employees
- Ease of use
- The auditing capabilities
- The great support of their customer success teams
The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.
View full review »JJ
John Lawren James
Global Privilege Access Management Technical Architect at a consultancy with 10,001+ employees
Session recording and key logging. We can track down not only who made a change, but exactly what they changed or did.
View full review »The product enables us manage passwords of highly privileged (service) accounts. These are not tied to a person, and they include a full audit trail and approval workflow functionality.
View full review »MV
Malhar Vora
CyberArk PAS Solution Professional | Project Manager at a tech services company with 10,001+ employees
All features of the CyberArk PAS solution are valuable.
The Digital Vault is one of the key components of the solution along with many other great benefits. The highly secured vault stores the privileged account passwords and data files using encryption. In version v9.7, CyberArk has introduced the Cluster Vault feature, which enhances high availability of the Vault server.
Other important features:
- Automatic password management
- Monitor, record, and control privileged sessions
- Flexible architecture
- Clientless product
- Custom plug-ins for managing privileged accounts and sessions
Password rotation, session recording & isolation and on-demand privileges.
View full review »Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment.
View full review »The password management component (CPM) is the most valuable. This enables companies to automate password management on target systems gaining a more secure access management approach.
Another major component is the PSM, which enables session recording and provides additional possibilities to securely connect to target devices.
View full review »PSM (Privilege Session Manager)
View full review »- The ability to isolate sessions to protect the target system.
- Automates password management to remove the human chain weakness.
- Creates a full audit chain to ensure privilege management is responsibly done
- Creates an environment in which privilege accounts are used, without exposing the password, on target systems.
- Performs privilege functions, without undue exposure, whilst maintaining the ability to audit, where anything suspicious, or unfortunate, may have occurred.
It is difficult to say what the valuable features are. I use all the different parts together to get the full power of CyberArk.
View full review »The combination of CPM and PSM resolves a lot of use cases.
View full review »- Ability to manage passwords for highly privileged, service accounts, which are not tied to a person
- The inclusion of a full audit trail
- Approval workflow functionality
The secured vault storage offers great capabilities for structuring and accessing data.
Central Password Manager is useful for agentless automated password management on endpoints.
Privileged Session Manager is good for provisioning, securing, and recording sessions to the endpoints.
View full review »- EPV: Enterprise Password Vault
- PSM: Privileged Session Manager
- AIM: Application Identity Manager
- The latest version of the product is mature and there is more functionality than we need.
TK
Tanmay Kaushal
Cyber Security Consultant at a tech services company with 10,001+ employees
- Client-less feature
- Flexible architecture support
- High level of customization for maximize utilization
- User friendly and Flexibility of multiple choice
- Adhere to Security Compliance
The proxy solution using PSM and PSMP is valuable. It gives leverage to reach out to servers which are NATed in separate networks and can be reached only by using a jump server.
View full review »Some of the valuable features are:
- The different server vault is used to store data with 7 layers of security for protecting the data.
- The Application Identity Management Module is also very useful and easy to handle.
- AutoIt scripting is useful to simulate single sign-on for thick and thin clients.
- Session recording
- Password and access management
AK
Ashish Khanal
Identity and Access Management Consultant at a tech services company with 10,001+ employees
The features that I value most are the PSM connect option, where an authorized user doesn't even require a password to open a session to perform their role. Another feature that I think is really valuable is being able to monitor a user's activity; there is always a log recording activities performed by the privileged accounts in CyberArk.
View full review »Auditing and control are the most valuable. You can control password management almost to the max, giving you, your users and your auditors great flexibility without compromising security.
The auditing and control is more valuable to the enterprise than to myself. Apparently one of the overseas offices was able to track and identify misuse of a privileged account. In addition, it is heavily used during the periodic user/account recertification process.
View full review »I think that one of the advantages of the CyberArk PAS suite is that it is modular. On top of the basics, you can implement modules to:
- Manage (verify, change and reset) privileged passwords and SSH keys
- Manage (isolate and monitor) privileged session to the different types of devices
- Control Applications (e.g., malware)
- Detect, e.g., backdoor use, unusual behavior, and Kerberos hacks of privileged accounts
- Avoid/remove hardcoded passwords in applications/scripts
- Implement the principle of least privilege
Even those components can extend their operational area by use of, e.g., plug-ins, making it possible to manage about any kind of privileged account or session.
View full review »Account discovery, account rotation, and account management features make it a well-rounded application.
Account discovery allows for auto-detection to search for new accounts in a specific environment such as an LDAP domain. This allows CyberArk to automatically vault workstations, heightened IDs, servers, and other accounts. Once the account is automatically vaulted, the system then manages the account by verifying the account on a regular basis or reconciling the account if it has been checked out and used. The settings for the window that account is using is configurable to the type of account being used.
CyberArk is constantly coming up with new ways to perform auditing, bulk loading accounts, quicker access between accounts and live connections, as well as different ways to monitor account usage and look for outliers.
As companies move further toward a “least privilege” account structure, CyberArk sets the bar for heightened account management.
View full review »The ability to create custom connector components is the most valuable feature of the product. Once the organisation matures in their privileged access strategy, CyberArk’s customisation capability allows you to target application-level access (e.g., web-based management consoles) as opposed to just the underlying operating system. The API allows operational efficiency improvements, through being able to programmatically provision accounts into the Vault.
View full review »I see the Auto IT integration as the most valuable feature.
View full review »As a security engineer, I mostly implement the Enterprise Password Vault Suite (Vault Server, Central Policy Manager, Password Vault Web Access) as this is the base upon which every additional component is built. I am using and implementing the additional components, such as the Privileged Session Manager and Application Identity Manager, more and more.
View full review »Every feature of this product - Password Management, Session Management and so on has its own value depending on different use cases, but I like:
- It's a clientless product and does not require any third-party product for any of its operations (Password Management, Privileged Session Management).
- For password and session management, it can integrate with any device/script with a password OOB or via a custom plugin.
- Compared to other products, CyberArk is extremely easy to install and configure.
- Password vaulting
- Granular commands profiling with OPM
EPV (Enterprise Password Vault) is the most valuable feature of the product to me. It is the core of the product, where it stores the passwords it needs to protect. It protects privileged IDs within a secure digital vault.
View full review »With the Privileged Session Manager, we can monitor sessions in real time and terminate the session if there's any unnecessary activity found. For example: We give access to user to access the server only to update patches, but if we find any activity not related to patch updates, we can terminate the session.
View full review »- Password management and accountability for Privileged accounts
- Identify, protect and monitor the usage of Privileged accounts
- Record and control privileged sessions on critical systems i.e. Windows, Unix, DBs
- Application credentials including SSH keys and hard-coded embedded passwords can be managed
- Control and monitor the commands super-users can run based on their role
- PTA is a security intelligence system that allows organizations to detect, alert, and respond to cyberattacks on privileged accounts.
The most valuable feature is the password Vault which gives the administrator control over privileged accounts. The other components that are valuable are Private Session Manager, OPM, Viewfinity, and AIM, which came as an add-on to the organisation's needs. The ability to start the project, install and add the passwords in just a few days brings a big advantage for CyberArk.
View full review »It has the ability to monitor privileged sessions.
View full review »The most valuable feature of this product is the Central Policy Manager. From the Operation and Security point of view a robot that can connect to destination machines, change passwords at fixed times, and put them in the vault, like a person, and therefore, is the best that you can ask for.
It combines more functionality in a single product and solve a lot of problem, from security to compliance.
View full review »Within the solution, I love the fact that everything is recorded. The configuration capabilities are great, too.
View full review »The accounts are maintained automatically. Hence, resource and administration costs are less.
View full review »While testing the functionality of PAM, we weren't merely conducting a standard PAM evaluation. We aimed to establish a connection and successfully received a response from the target PAM component.
Buyer's Guide
CyberArk Privileged Access Manager
July 2025

Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
860,632 professionals have used our research since 2012.