Coming October 25: PeerSpot Awards will be announced! Learn more

CyberArk Privileged Access Manager OverviewUNIXBusinessApplication

CyberArk Privileged Access Manager is #1 ranked solution in top User Activity Monitoring tools and top Privileged Access Management (PAM) tools. PeerSpot users give CyberArk Privileged Access Manager an average rating of 8.2 out of 10. CyberArk Privileged Access Manager is most commonly compared to Cisco ISE (Identity Services Engine): CyberArk Privileged Access Manager vs Cisco ISE (Identity Services Engine). CyberArk Privileged Access Manager is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
CyberArk Privileged Access Manager Buyer's Guide

Download the CyberArk Privileged Access Manager Buyer's Guide including reviews and more. Updated: October 2022

What is CyberArk Privileged Access Manager?

CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

Benefits of CyberArk Privileged Access Manager

Some of CyberArk Privileged Access Manager’s benefits include:

  • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
  • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
  • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

Reviews from Real Users

CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

CyberArk Privileged Access Manager was previously known as CyberArk Privileged Access Security.

CyberArk Privileged Access Manager Customers

Rockwell Automation

Archived CyberArk Privileged Access Manager Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Threat Protection Architect at a consumer goods company with 10,001+ employees
Real User
Top 10
Guarantees the password is known by no one or for a maximum of eight hours
Pros and Cons
  • "The risk of lost password and forbidden access to resources has been drastically reduced which increased the security level for the entire company,"
  • "It needs better documentation with more examples for the configuration files and API/REST integration"

What is our primary use case?

Our primary use case is to control the technical accounts used in our DevOps environnment. The primary goal was to automate to the maximum all privileged accounts used by applications. It was a big issue because al dev guys were always using the same account/password couple. CyberArk is doing this for them transparently. Through time the scope was extended to all interactive users with the target to avoid them knowing the password. The automated password change was implemented to 99% of all accounts inside the company.

How has it helped my organization?

Before the CyberArk implementation passwords were never changed and known by everyone. We were also not able to track who is supposed to have access to what and who did what. With the successful CyberArk implementation, we are able now to:

- Guarantee the password is known by no one or for a maximum of eight hours.

- Full visibility about who is doing what.

- Full control about who is supposed to access what.

The risk of lost password and forbidden access to resources has been drastically reduced which increased the security level for the entire company,

What is most valuable?

In order to reduce the attack surface, the automated password change was pushed to the maximum. This way we know that no password is known or not for more than eight hours. It simplified the life of the operational teams because they do not need to take care of the secrets and keep their attention to maintain the infrastructure.

What also helped is the ability to constantly track who accessed which object. We took the opportunity to change our process in order to comply it. Now the activities can be done faster with better user experience.

What needs improvement?

CyberArk lacks the following functions for a better IAM like solution:

- Provision accounts for systems and directories.

- Create access to the systems.

- Monitor if any new account has been created into the system.

- Better GUI for the end-user and also for administrators. The learning curve is quite long and requires lots of training for good usage.

- More automated process for account provisioning into CyberArk. For example when a new DB is created.

- Better documentation with more examples for the configuration files and API/REST integration.

Buyer's Guide
CyberArk Privileged Access Manager
October 2022
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,162 professionals have used our research since 2012.

For how long have I used the solution?

I have been using CyberArk PAS for eight years.

What do I think about the stability of the solution?

The stability is very good. We never had any crash in eight years.

What do I think about the scalability of the solution?

Scalability is good because of the big variety of modules. Except for the redundancy which is quite limited with the not live replication. Also, the speed is quite slow for application accounts.

How are customer service and support?

Very good always reactive. The commercial part was more difficult.

How was the initial setup?

The initial setup is complex because it requires a clear company structure which was not the case. Technically also CyberArk is hard to address at the start because of its technical complexity and abilities.

What about the implementation team?

In house. Very good.

What was our ROI?

Not calculated. Users and administrators more happy than before which is the best RIO.

What's my experience with pricing, setup cost, and licensing?

CyberArk is quite expensive and they should have a better pricing model.

Which other solutions did I evaluate?

BeyondTrust, Hitachi ID, CA.

What other advice do I have?

Hard to implement and to get acceptance from the users and management. But when installed the solution is rock solid.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer988578 - PeerSpot reviewer
Snr Technical Consultant at a tech services company with 10,001+ employees
Consultant
Reduces the number of “admin” accounts by utilizing accounts that can be used by individuals with the same role

What is our primary use case?

Managing passwords to infrastructure and applications, keeping those accounts “safe,” and being able to audit their use.

How has it helped my organization?

The audit capabilities include video so that not only keystrokes but also mouse clicks are captured. This provides safety and reassurance for anyone working in our infrastructure. 

What is most valuable?

Reducing the number of “admin” accounts by utilizing accounts that can be used by individuals with the same role, but only one at a time. When the accounts have been used, its password is changed (to something a user would have had to write down) before being made available for reuse. The passwords which are hidden from the users are not known, and thus can be long and complex, while only being used for a session before being changed.

What needs improvement?

Privileged Threat Analytics (PTA) that can function in more that one AD domain at a time. The recent enhancement that allows resilience in PTA is great, but operation in more than one domain is required as many organizations have multiple AD domains. Even if it’s just prod and test or PPE split, you still want to know what’s going on in it.

For how long have I used the solution?

Three to five years.

Which solution did I use previously and why did I switch?

No Previous PAM solution used.

Which other solutions did I evaluate?

Yes, based on Gartner

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer988578 - PeerSpot reviewer
reviewer988578Snr Technical Consultant at a tech services company with 10,001+ employees
Consultant

With the accounts being used in CyberArk being made available for “exclusive use” it can only be used by one person at a time. When the account is checked back in at the end of a session, the password is then changed before being made available for use by another person.

Buyer's Guide
CyberArk Privileged Access Manager
October 2022
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,162 professionals have used our research since 2012.
BridgitAmstrup - PeerSpot reviewer
Cyber Security Manager at a hospitality company with 10,001+ employees
Real User
Improved our processes in terms of efficiency when it comes to creating accounts
Pros and Cons
  • "CyberArk has been easy for us to implement and the adoption has been good. We've been able to standardize a bunch of things. We've been able to standardize relatively easily with the use of the platforms and managing the policies."
  • "There is a bit of a learning curve, but it's a pretty complex solution."

What is our primary use case?

So far, CyberArk has done everything that we've needed it to. We are growing and moving into the cloud. We have a pretty complex environment. Everything that we've needed it to do in terms of managing our privileged accounts, it has done.

How has it helped my organization?

We have been able to really transform how all of our sysadmins manage all our infrastructure. Before, it was like the Wild West. Everybody was way over privileged and had access to everything all the time. Now, we finally have everybody into least privileged and auditing through PSM, which has been fantastic. We also have implemented dual control and just-in-time. So, it's moved the ability to manage a lot of our privileged users to where we need them to be.

CyberArk has been easy for us to implement and the adoption has been good. We've been able to standardize a bunch of things. We've been able to standardize relatively easily with the use of the platforms and managing the policies.

What is most valuable?

I like how thorough and complex it is. We have a solution, and it meets the needs that we need.

The most recent improvement with the user interface upgrade was really nice. It makes the end users very happy. It is way more intuitive. The information that they need to have is now available to them. So, I appreciate that as an update.

What needs improvement?

The user interface was a previous problem that has been overcome. 

What do I think about the stability of the solution?

We have implemented our own redundancy into the product. That has worked for us very well.

What do I think about the scalability of the solution?

We have been able to find a nice process for implementing CyberArk in terms of user adoption and onboarding. It's been pretty slick, and it works very well for us.

Which solution did I use previously and why did I switch?

We were lucky to have a board of directors who really embraced security. With their support, we were able to establish the need for a PAM solution. 

How was the initial setup?

When we originally implemented CyberArk, we did so incorrectly. With the help of CyberArk Professional Services, we were able to reorganize, reinstall, and upgrade within a week, then apply best practices to the implementation of CyberArk. So, I would say that it took us about a week to get setup correctly.

At first, the integration of CyberArk into our IT environment was a bit rough. People didn't want to give up the rights and privileges that they had. But, we were able to show them how easy it was for them. We even layered in multi-factor authentication to access the accounts that they needed, which were privileges for appropriate functions. Once we were able to show them how they could quickly and smoothly get the access that they needed, it was not a bad thing, as they found out.

What was our ROI?

The return of investment for the CyberArk implementation within our organization has come from the reduction of risk. That is a little tricky to quantify, but it's definitely there. 

We have improved our processes in terms of efficiency when it comes to creating accounts, managing the privileged ones and providing the correct access at the right time.

Which other solutions did I evaluate?

After evaluating several vendors, we found that CyberArk met our needs.

What other advice do I have?

I would rate CyberArk an eight point five on a scale of one to 10 because it has done everything that we have asked of it. There is a bit of a learning curve, but it's a pretty complex solution. They do have ways to make it easier, but it's easy to fall down the rabbit hole when you're going into a deep dive. However, if you follow the trail, you will find some pretty cool stuff.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
GerryOwens - PeerSpot reviewer
Founder at GoTab IT Risk Services
Real User
Provides simplicity and ease of implementation for the right level of security controls
Pros and Cons
  • "CyberArk is a very stable product and it's a stable product because it has a simple design and a simple architecture that allows you to leverage the economies of scale across the base of your infrastructure that you already have implemented. It doesn't really introduce any new complex pieces of infrastructure that would make it that much more difficult to scale."
  • "CyberArk has to continue to evolve with that threat landscape to make sure that they're still protecting those credentials that are owned by those that have privileged accounts in the firms."

How has it helped my organization?

From an industry perspective, you continue to see the headlines in the media about how bad actors have been able to take advantage of weak policies and security controls around access management within companies.  In these cases, the focus has been around employees that can access the most sensitive information, or have access to the very controls that operate and protect the firm.  Products like CyberArk, that provide controls for privileged access, have helped mitigate the threat of taking over those accounts that have the greatest amount of risk to an organization, particularly for those who are system administrators and have the highest powers in being able to access all levels of the technology infrastructure.

When it comes to the product's ability to standardize security and reduce risk across the entire enterprise, standardization is all about simplifying the complexity of IT threats and risks and it's all about the standardization of the controls that you have in place. If you have a product set that enables you to provide security, and it is consistently applied across a specific user base, then you have standardization which drives both enhanced security through the privileged access controls, and efficiency through the standardization of your operating model.

Availability is an interesting challenge, but it is part of an IT Risk Strategy.  When it comes to Cybersecurity, Privileged Access control is the ability to manage IT risk associated with the most powerful access to your infrastructure services.  This IT Risk can manifest itself as compromised information, manipulated data, or disruption of your IT based services. A Privileged Access Security product reduces the threat of stolen credentials and account takeovers of those profiles that would have the power to take down your enterprise.   Therefore, it not only reduces the risk to your firm, but also drastically improves availability. 

What is most valuable?

The most valuable features are its simplicity and the ease of implementation. When you think about privileged access management and the complexity of solving privileged access for those system administrators in your organization, CyberArk is a product that helps you simplify that problem and implement a standard set of security controls to protect the enterprise.  

In terms of the products ability to manage Privileged Access control requirements at scale; scale is really a function of two influences, which would either be the size of your infrastructure, or the complexity of your organizations operating model for those that have privileged access to your infrastructure services.  CyberArk scales quite readily across a large organization and through proper design and engineering is capable of expanding across a variety of use cases.  Like any technology control implementation however, it is always important to ensure you review and optimize the organizations support operating model, in order to ensure that you have the most optimal design and implementation of CyberArk.  

What needs improvement?

CyberArk has captured the individual privileged access space well. They've captured the application-to-application and DEVOPS space quite well.. They should continue to invest in optimizing the services, and help companies drive down risk associated with application based passwords, as this is an industry that is being closely watched by external regulators. 

CyberArk continues to stay close to the industry and are always looking for ways to improve  their products and service offerings accordingly.  There are 3 areas that I would call out, that CyberArk should continue to focus on:

1) Continue to help organizations understand how they align their strategies and roadmaps to industry trends and the overall cybersecurity threat landscape. 

2) Continue to help the industry innovate on talent , and position customers to be more successful in supporting their CyberArk implementations. 

3) Continue to help customers understand the Risk reduction capabilities and scorecards associated with their deployments.  Initiatives like the CyberArk Blueprint will help enable enable informed customers. 

What do I think about the stability of the solution?

The perceived stability of CyberArk is quite dependent on the complexity of the environment it is implemented in, and the overall design of the infrastructure, including both PSM and Vault technologies.  As an infrastructure it is quite stable; however, in complex network infrastructure environments, sporadic network disruptions could create issues accessing the various CyberArk network devices.

What do I think about the scalability of the solution?

Scalability is a function of both technology growth, and integration capability.  CyberArk has not only continued to advance the infrastructure robustness of their software solutions, but through the C3 alliance they have also created integration opportunities with other IT Security and Access Mgmt products that allow companies to provide a full ecosystem of IT controls within their organizations.    This also provides an opportunity for companies to consider best of breed products, like CyberArk, and not have to restrict their decisions to a small set of technology tools that do not provide comprehensive Privileged Access Services.

How are customer service and technical support?

CyberArk is a growing company and their technical support has continued to grow and mature across the organization. The one thing I'll say that CyberArk has been able to do is to continue to keep in touch with its customers and look into areas where there's opportunity to continue improving their technical support across the organization. CyberArk works with an integrated model: They have integrators within firms that will implement the product. But at some point, you always need to refer back to the software owners of the product to make sure that you're comfortable that what you've designed and implemented is in keeping with what their blueprint would have recommended in the first place. In addition, their technical support has continued to mature and grow to help customers become successful in their deployments.

How was the initial setup?

What is complex is privileged access management. When companies look at implementing a software solution for privileged access management, if they actually haven't looked at the complexities of privileged access within their own organization — and I'm speaking more in terms of the business processes for that type of access across the organization — then any software tool is going to look complex because it's not going to solve the problem.

If a firm focuses on understanding their existing Privileged Access operating model, the inherent business processes, and the risk & pervasiveness of Privileged Access across their enterprise, then they will be better positioned to understand the business problem they need to solve.  CyberArk will then become a capability that enables them to solve their IT Risk issues with privileged access, and capitalize on the efficiencies with their new operating model.  The complexity seldom ever lies in the technology. It always lies in how well it integrates with the business processes that the firm is trying to solve as part of its deployment.

What's my experience with pricing, setup cost, and licensing?

Privileged Access Management is a business transformation program.  It forces business to look at their overall operating model for system administrative and application based access, and develop a strategy that reduces risk overall to the enterprise. Once this strategy is completed, and a new operating model is conceived, CyberArk software and services becomes a very effective series of controls that enable the business to secure the most sensitive access to services, and allows the organization to operate within their risk tolerance. 

Far too often companies will treat the CyberArk product set as a software implementation, that becomes overly complex and evolves into a multi-year program. This is due in part to the legacies of technology programs, where the implementation will force business to rethink their operating model, and therefore delays, scope changes and cost of overall program becomes associated with the software implementation initiative. This is a consequence of positioning a Privileged Access program as a security software implementation, and not a true business transformation initiative. 

While CyberArk continues to adjust its licensing costs and continues to look at the comparisons in the industry and the ability to effectively and affordably help companies and firms solve their privileged access problems, companies also have to look at the overall cost of what a privileged access program means to their firm, and what shareholder value they gain as a result of implementing those types of products or services or business processes. In that context, they should start to look at what the comparison is against the software that they're using to enable those very controls they're trying to implement.

Which other solutions did I evaluate?

I've spent some time with BeyondTrust. I've spent some time with Centrify. I've had their products in for different instances and different purposes. They play an interesting concentric role in some of the areas that they focus on, but I wouldn't say I have one-to-one experience in other product sets.

What other advice do I have?

CyberArk continues to innovate, as they refine strategies based on industry research and trends in the cyber security landscape, and incorporate the necessary updates to both their roadmaps as well as their product sets. The creation of the customer implementation roadmap, acquisition of Conjur for DEVOPS and the development of  Alero to address 3rd party secured access, are examples of product innovation to address  emerging risks within the  industry.  

I would rate CyberArk 8 our of 10;  although I do remain impressed with their existing set of product offerings, their cyber security roadmap & strategy, and their overall corporate philosophy, I do feel it is necessary for them to ensure they remain vigilant and maintain pace with an evolving cyber industry.  Significant disruption in the technology industry brought on by advancements in Machine Learning / AI, commoditization of cyber attack tools, and rapid deployment of IoT based technologies, summon the need to ensure companies do not become complacent in the agility of their security tools.

I have several passions. One of the passions I've always had is in organizational transformation and leadership. A second is really around the space for identity and access management. CyberArk has allowed me to continue, even after I've retired from the industry after 35 years, to still live that passion through their customers. I've been given the opportunity to provide some keynotes around organizational transformation. It's an exciting industry to be in and CyberArk has allowed me the benefit of still continuing to enjoy that experience.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
ABHILASH TH - PeerSpot reviewer
ABHILASH THManaging Director at FOX DATA
Top 5LeaderboardReseller

Valuable review

KunalChandel - PeerSpot reviewer
Corporate Vice President at a insurance company with 10,001+ employees
Real User
PSM has taken care of all the deficiencies that we had
Pros and Cons
  • "When we started with RPA, there was a requirement that every credential and the bots themselves be protected through the PAM system. From the get-go, we've had CyberArk in the middle... We've got a pretty robust RPA implementation with our PAM platform. Users, bots, the credentials — everything is managed via our PAM solution."
  • "The one place where we found that this product really needs to improve is the cloud. Simple integrations don't exist, even today. We don't have anything specific on CyberArk for managing, SaaS products, SaaS vendors, SaaS credentials. I understand it's a vendor-based thing and that they have to coordinate with the other vendors to be able to do that, and there are integrations coming. But these are the major places where CyberArk definitely needs to invest some more time."

How has it helped my organization?

An example of one of the ways CyberArk has benefited our company is one of the simplest. And this one is something that a lot of companies struggle with: domain administrators and server administrators. These are among the top accounts that most companies need to protect. As part of our deployment, we decided to go with these first when we deployed PSM.

What we found out was that there's always that friction with operational teams where they don't want to do this kind of work because it is another thing they have to do. But once the product was deployed and we were able to give them all the tools that they have today, and they did not have to go through attestations and audits anymore and, when team members were coming in and leaving, all they had to do was put in a ServiceNow request to complete all the work, it was just something so different for them that all that friction just went away. It was one of those simplest things, but one of the biggest things that you can do in your company to protect it.

I don't know if CyberArk really helps with meeting our availability requirements, but it definitely helps a lot with managing the accounts and managing the credentials. Availability? It helps to an extent. If there is an event of some sort, yes, you can always go back and look at the logs and you can figure out through recordings what happened. But it's more about manageability than availability.

In addition, when we started with RPA, there was a requirement that every credential and the bots themselves be protected through the PAM system. From the get-go, we've had CyberArk in the middle. We use standard products for RPA and all credentials are managed through CyberArk. All bots are protected via CyberArk, through PSM, and also through CCP calls. We've got a pretty robust RPA implementation with our PAM platform. Users, bots, the credentials — everything is managed via our PAM solution. From a cost perspective, this was something that was a requirement, so cost was never really an issue here.

The solution's ability to secure robots’ privileged access is pretty good. We've been able to secure our bots. In fact, we take care of our bots right from a development environment, using our development instances. So when our developers are building the scripts around those bots, they're already aware of what's going to happen when things finally go into production. Obviously, the level of security doesn't need to be the same, but we do it through the complete lifecycle.

What is most valuable?

PSM has been one of the most valuable features. We started on this journey a while back. Initially, when we did not have PSM, we started with AIM and that was our first use case. But an audit came along and we had to go towards something a little bit better and we had to migrate more applications. PSM came along and did exactly what we needed it to do. To take care of all the deficiencies that we had, PSM was the right thing to do.

What needs improvement?

We work with CyberArk's customer success team and we work with its engineering team back in Israel. We've been doing things on CyberArk which a lot of its customers, we know, have not been doing.

The one place where we found that this product really needs to improve is the cloud. Simple integrations don't exist, even today. We don't have anything specific on CyberArk for managing SaaS products, SaaS vendors, and SaaS credentials. I understand it's a vendor-based thing and that they have to coordinate with the other vendors to be able to do that, and there are integrations coming, but these are the major places where CyberArk definitely needs to invest some more time. Because this is what the future is. You're not going to have a lot of on-prem applications. Most stuff is going to the cloud.

What do I think about the stability of the solution?

Not every product is 100 percent stable. CyberArk does have some issues once in a while. But the core product, the vault system, has been extremely stable. We haven't had a single problem since we got this thing deployed, and it's been more than six years now. We've not had a single problem with the vault. 

Related to the software, there are other things that can cause problems. You could have clusters going down or you could have issues with hardware, but the product itself has been very stable. 

There are the usual quirks you have sometimes with PSM, but it's been a very stable product for what we need it to be.

What do I think about the scalability of the solution?

In terms of the product's ability to manage all our access requirements at scale, about 80 percent of it can be managed. There is no product in the market which can say, "We can do 100 percent, we can do everything." Or, they say that they can, but when it comes to it, it doesn't really happen. But with CyberArk, we've had the benefit of it being a little scalable, plus very easy to configure for the different use cases we have. So we can cover around 80 percent. But then we have to put some compensating controls around the other 20 percent.

It has scaled for our use cases. We built it according to the very large specification and it has scaled. It has done exactly what we need it to do. We've not yet had a performance issue to date.

How are customer service and technical support?

We've had good relationships with their technical department. My team usually does more engineering. We work with CyberArk's customer success team more often than the regular technical support. My operations team usually deals more with tech support.

When it has really come down to major issues, if we've ever had a Sev 1, they've been on point. They have picked up the phone, they've called us and they've helped us.

Which solution did I use previously and why did I switch?

We did not use a different product. We had an in-built vaulting system for managing our own credentials. We've been a CyberArk customer for a while. We had the document vault. Privileged Access had just come out and CyberArk was one of the easiest choices we could make at that time. That's how we decided to go with it.

How was the initial setup?

The initial setup was not straightforward. The very first setup that we did was specifically for AIM, which was obviously simpler. We had an in-built vault which we replaced with the AIM setup. 

Our PSM setup was very complex. We had about 450 applications that we had to onboard over a period of one year, and we had to remove close to 16,000 accounts. It was a very complicated setup. We built close to 35 different connection components to get this product in.

What was our ROI?

The total cost of ownership, over credentials, is definitely something that goes down if you have a vaulting system. But if you have deployed it correctly, that's the only time you can get that. We've definitely seen some improvements. There are additional costs associated with getting every application onboarded, but in the long run, it keeps the company secure and I don't think you can put a price on that.

What other advice do I have?

We use the solution with AWS. In fact, we set up a custom setup for AWS. We worked with the CyberArk engineering team to get it working, to come up with a custom solution to integrate our AWS EC2 instances. There were some limitations, as I mentioned earlier, with how the product integrates with AWS, so we had to make some major changes to how the integration works. As far as monitoring is concerned, it's standard CyberArk monitoring. We don't see anything specific to AWS, as far as the monitoring is concerned. This is the one place where CyberArk can improve.

Privileged access management is one part of IM. Anything that goes through has to get approved through the IM team, and our product of choice for privilege access is CyberArk. When we decided to go to the cloud, this was the natural choice because this was the product that the enterprise uses. We've had challenges. We've had to customize the product to meet our requirements. It might not be the same for every customer because our requirements are a little unique. But it eventually worked out. We've been able to meet most of our use cases.

CyberArk is an eight out of 10. It can do a lot. But there is definitely scope for improvement.

I come from the IM world, but I was more into access management. CyberArk was just one of those products which was thrust on me. Now I'm head of privileged access management, so CyberArk has been pretty good for me, going from the access management space to privileged access management. It's definitely had an impact on my career.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
DavidPoints - PeerSpot reviewer
Associate Director of IAM at INTL FCStone Inc.
Real User
DNA scan makes it fast and easy to find out who owns accounts
Pros and Cons
  • "Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control."
  • "It's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers."

How has it helped my organization?

We're a small IT shop of a few hundred people and the company has only a couple of thousand employees. We had some SharePoint workflows that people had used to get access via submitting a ticket. We had updated those processes by using some DevOps, some JAMS jobs that run in Azure, and they were breaking frequently. We have gotten people to understand now that they can just go to CyberArk. They don't have to submit a ticket, they don't have to go through a workflow, they don't have to put in the right server name or wait for an approval. It's just there. People really like that.

The solution standardizes security and reduces risk-access across the company. It's what the solution does. It's just a requirement. Standardizing access is taking away the "onesie-twosies." With the DNA scan, you're running a full report of everything on all your servers that you're targeting, or all the servers period, and finding those onesie-twosies accounts and getting rid of them. Standardizing and making local accounts on the servers, accounts that have least privilege and that don't have access to anything else, and giving people only that access when they log onto a box; that's pretty cool standardization.

In terms of being able to have a quick win using the solution, we were given a ridiculous deadline to meet an external customer requirement to have privileged access management in place within a couple of months. That was to include signing the purchase order, getting it installed, and having it up day one to take in what we thought were 17 servers. Actually, we found out it was 53 and, two weeks after we had it running, we found out there were upwards of 60 to 70 servers. Getting all those servers in, the accounts in place, by the deadline — even just installing it — was all an immediate win. People said it couldn't be done.

What is most valuable?

Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control.

We're quite new with CyberArk. We've just installed it this past summer and we've taken off with the Microsoft tier model. Tier 0 is our domain admin accounts and our local admin accounts on some applications are specific to SOX requirements. That's been amazing. It's basic-use PAM, but it's been really fast and easy because of the DNA scan. We knew what was there and we were able to go find who owned those accounts. Step one, step two, step three are really easy.

What needs improvement?

We're pretty excited about Alero, the third-party access management. As a small company we lean on vendors quite a bit and we do that in multiple areas. That's going to be a big one for us. It's just gone from beta to production. It's one of those things that's on our roadmap, but being so new to the toolset, we're just growing into the tool. We're not quite there yet.

What do I think about the stability of the solution?

The product has been around forever. In a way, it's a bit old-school. I came from a Windows Server environment, so I get how it's built. It's INI files, it's apps that run on Windows Servers. I'm sure there are other ways that it runs, such as in the cloud as well. There are other directions. But the base of the product is old-school. It just works. So the stability is there. My new engineers can do the install, they can understand how it works. It's quite stable.

What do I think about the scalability of the solution?

In terms of scaling, we're not there yet. We have a number of offices, we're a small company but we're spread globally and we're installing servers in Brazil. We also have servers in London, so we can scale geographically quite easily because it's applications running on servers. There's also a DR capability, having those vaults where needed, so we can scale that way.

There are a lot of new things coming out about endpoints, and third-party management is going to be big. We can scale geographically and we can scale outside of our borders and that's going to be cool.

Which solution did I use previously and why did I switch?

We had no PAM program when I came to this company.

How was the initial setup?

The initial setup is very straightforward. It's well-documented. We sought to have external advisors and third-party consultants help, in addition to CyberArk's help, because we had such tight deadlines. We were installing multiple environments with a turnaround in weeks and had to complete the training at the same time. Junior engineers were coming in and they could walk through it. We found out that it's almost self-doable. But that's probably not advised in any solution. The help was appreciated but it's straight-away easy.

Which other solutions did I evaluate?

In a previous life, I worked with TPAM, Quest products, and Safeguard. We evaluated five different toolsets when it came to my new role here — all the major players. The last two were Quest and CyberArk and I had a strong relationship with both groups. A lot of it came down to dollars and cents, but CyberArk also had that marketplace that told us that we could do certain things out-of-the-box. That was very important to us, enabling us to get stakeholders' buy-in: strategic alliances within our customers or the companies that we own. We got them bought-in to the idea that they were going to be using this tool. It came down to the marketplace.

What other advice do I have?

I'd never ever rate anything a 10. I'd probably never rate anything a one. I'd rate CyberArk as 7.5 out of 10. We actually did surveys of all the people that saw all the demos of all the new solutions we looked at. CyberArk was a seven or eight consistently, from all the people who watched it. The benefit of it is it's stable, it's old-school, it just works. The downside is that it's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers. Those are the highs and lows. It could be amazing if it all ran in the cloud, but that wouldn't be possible.

I started as a PAM engineer eight years ago. Learning PAM and understanding how it protects people and being the liaison who needs to take passwords away from engineers is really tough. But it put me in a good spot. I grew from a PAM engineer to an identity engineer to identity team lead to identity manager. Within the last year-and-a-half, I came into this company because of a PAM role. They hired me as an identity manager because I knew PAM and because I had a relationship; I was working on bringing CyberArk in as part of my previous role and they wanted me to come in and do that same evaluation here. So knowing CyberArk got me my job and, within three months, they said, "We don't need just one team like this doing these assessments. We need multiple teams. So you're an associate director." I said, "Thanks, I don't want to do that. I just want to play with PAM."

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user834369 - PeerSpot reviewer
Associate Vice President & Head of Apps Support at a tech services company with 10,001+ employees
Consultant
Excellent product for privileged access management and easy to implement
Pros and Cons
  • "For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks."
  • "Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server."

What is our primary use case?

Our primary use of CyberArk Privileged Access Manager is to bring control on to the privileged access. For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks.

How has it helped my organization?

There are two main ways CyberArk Privileged Access Manager Server Control has been helpful to us.

  1. Any administrator using his own or her own ID and password to connect to the server or the domain that has been removed and the credentials for accessing the domain or the servers has been locked down into the password wallet, the access to it is controlled now through that group. Now we know who has access and what kind of access. Also, we control access through tickets. Unless there is an approved ticket, an administrator cannot just log onto a server and make changes. In this way, we are ensuring that an attack cannot just steal somebody's ADID and get into the server and create problems.
  2. Through the application and team managers, we have removed the hardcoded user ID and password in our applications. Those are now in a password vault that is not known to anyone. The vault knows and changes the password, then connects the applications to the database.

What is most valuable?

The features that we find most valuable are:

  • Enterprise Password Vault
  • Privilege Session Manager
  • Application Manager
  • Team Manager

These modules help us in locking down the credentials, rotating passwords automatically without us having to worry about it, isolation of servers from the user machine and availability of privileged session recordings for us to check on demand.

What needs improvement?

I think that the connectors, the integration pieces, the integration to ticketing system. This is something which is not meeting our requirements via out-of-the-box solutions, so we have to look for a customized solution, that could be improved.

Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server.

Additional features: We are looking at the connectors. The connectors to be more robust and provide more flexibility for out-of-the-box implication.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It's quite stable so we've not faced any problems so far and it's been working smoothly for us. Initially, there were some technical issues, disconnections happening, and the slowness was there, but we've been able to overcome those challenges. Now for the past 15, 20 days, it's been running smoothly.

What do I think about the scalability of the solution?

The software is scalable enough, so if we want to add more domains, we can just go ahead and do it. I don't see a challenge with that. There are a couple of other parts of the solution that we are not rolling out, but we'll be doing that.

How are customer service and technical support?

The support has been good. Turnaround times have been okay. They have not been immediate, but they do respond in a few hours, or in a day.

Which solution did I use previously and why did I switch?

We didn't have a previous solution at the time.

How was the initial setup?

AIM was a complex piece, but the install was straightforward. It took us around five months.

What about the implementation team?

We went with an implementation partner for the deployment which included a number of admins. Currently, there are around 60 users but they are going to be 150 plus in a month or so.

We want the implementation partner for supporting it for the next three months, and then we will make the call whether we want to continue with them or maybe our resources should be good enough internally to support it.

What's my experience with pricing, setup cost, and licensing?

The cost and licensing fees of the software are fairly reasonable.

Which other solutions did I evaluate?

There were a few competitors we evaluated like CA Technologies, Arcos, Oracle, and Microsoft.

What other advice do I have?

My advice would be to plan ahead of time. Put up the plan for all the modules that you are going to implement. Look at what the dependencies of those are and plan for those dependencies in advance, then start the project.

Especially where it is the application identity manager, the AIM part, which is not only dependent upon the implementation partner but also the customer dev team to make the changes.

That's what makes it critical to plan ahead, ensure all stakeholders' commitment of their time and support, then start the implementation.

I would rate it nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1052523 - PeerSpot reviewer
User with 10,001+ employees
Real User
Automatic password management based on a strong password policy

What is our primary use case?

It provides a tamper-proof solution for privileged accounts and third-party access to corporate assets.

How has it helped my organization?

We have different teams that hire out consultants from various vendors. For those consultants, there was a challenge in providing access to our critical infrastructure. CyberArk PAS provides isolated and recorded sessions for third-party/outsourced admin access. 

What is most valuable?

Automatic password management based on a strong password policy. Because still, many people choose not strong enough passwords for administrative accounts.

What needs improvement?

The product should be improved in order to support more platforms. It will be awesome if google cloud API keys are being supported like AWS and Azure.

For how long have I used the solution?

One to three years.

What do I think about the scalability of the solution?

Pretty scalable in the sense of PSM and storage.

Which solution did I use previously and why did I switch?

No, we didn't use any.

Which other solutions did I evaluate?

Yes, there was a POC which took place among BeyondTrust, Thycotic and CyberArk.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Maarten22 - PeerSpot reviewer
User at Liberty Global
Real User
Third-party teams are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials

What is our primary use case?

The main usage of our implementation is to limit the credentials exposure to our third-party teams. They are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials.

How has it helped my organization?

Our third-party teams are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials. Besides this, end-points themselves are back in control when the passwords are managed by the CPM.

What is most valuable?

The two main features are the CPM and the PSM. This is to make sure that the credentials are managed in a controlled manner and the sessions that are launched are set up in an isolated way.

What needs improvement?

We are aware that in 10.6, the "just in time" access has been created. I would like to see this developed further.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The vault is almost a set-and-forget solution. Once the vault has been installed and configured, not much needs to be done in there apart from the occasional upgrade.

What do I think about the scalability of the solution?

The environment is very easy to scale out. Especially running the CPM and PSM components in a load balanced virtual environment gives you the flexibility to quickly expand the environment.

How are customer service and technical support?

This has been excellent for me. They always replied quickly, and most of the time the issue was resolved. The only downside — as soon as a ticket goes to the R&D engineers, you will have to wait a bit.

Which solution did I use previously and why did I switch?

We did not use a PAM product before this.

How was the initial setup?

The initial setup (for a UAT environment) was straightforward. During the planning of the PROD environment, it became a little more tricky with different network segments and method for accessing the environment itself.

What about the implementation team?

We had a combination of in-house (with training), vendor (CyberArk) and third-party vendor. The third-party vendor Computacenter helped us with creating some design and documentation. I would not recommend this third-party to other people as they did not fully work with us and listen to our requirements.

What was our ROI?

We are still rolling out in our environment which makes the ROI difficult to calculate.

What's my experience with pricing, setup cost, and licensing?

Make sure to use the latest licensing model as that will give you most of the "cool" features to work with.

What other advice do I have?

One of the most important aspects is to ensure that the business is behind the solution. CyberArk suite will only work well if all users adopt the system.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer990891 - PeerSpot reviewer
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Consultant
Takes away all ambiguity around "known" admin accounts

What is our primary use case?

Privileged account access into customer environments.

How has it helped my organization?

A higher level of password rotation and usage auditing.

What is most valuable?

  • OTP
  • Session recording
  • Auditing
  • It takes away all ambiguity around "known" admin accounts.

What needs improvement?

The native PSM components are really good, however, if you have to apply environmental tweaks to an application launch, custom AutoIt scripts are needed. 

Options for specifying drive mappings or script execution without the need for AutoIt based scripting in the native components would be good.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer991878 - PeerSpot reviewer
Senior IT Security Engineer at a insurance company with 5,001-10,000 employees
User
Having the vaulting tech ensures that the credentials are secure

What is our primary use case?

We are using the solution for privileged account management. (Rotation, session isolation, checkout, etc.)

How has it helped my organization?

Accounts are managed, passwords change frequently, and we have better audit logs! When something happens, there is a better chance you can determine the who/what/where/when/why of the situation.

What is most valuable?

The vaulting technology as well as the privileged session management: Having the vaulting tech ensures that the credentials are secure, and PSM ensures that the end user can perform needed tasks without knowing or needing the credentials.

What needs improvement?

A greater number of out-of-the-box integrations with other vendors: They are working on it, but more is better!

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Rock solid! I would say it is, set it and forget it, but the vendor keeps on top of upgrades and enhancements.

What do I think about the scalability of the solution?

It seems to work well for any size of organization, or any size of deployment in my experience.  

How was the initial setup?

Pretty straightforward, a lot of time will be spent on the initial engineering phase where you determine how you want to use the solution, naming requirements, admin accounts, etc.

What's my experience with pricing, setup cost, and licensing?

As with everything, try before you buy. Get a trial licence, set up a demo environment and see if it meets the use case for your enterprise.  

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer990912 - PeerSpot reviewer
Senior Manager - Privileged Access Management at a tech services company with 10,001+ employees
Real User
Has the ability to standardize our PAM across a diverse estate

What is our primary use case?

  • PAM interface for staff to support customers which may include CyberArk solutions of their own.
  • Managing large environments with varied and diverse environments.

How has it helped my organization?

Improved our user access and tracking, thereby safeguarding the organization and its customers. Being a user makes us a better reseller.

What is most valuable?

Shared-service accounts reducing the number of potential entry points as well as the ability to standardise our PAM across a diverse estate.

What needs improvement?

Multi-tenancy vaults should really have the same release cycle as single tenancy vaults; this will enable us to meet even more customer demand. We are striving to be at least on the latest release minus 1 (n-1) and for us to run both Single and Multi-Tenant core systems the difference in release cycles will result in a wide gap. Considering the considerable changes including user interface we have seen recently, the one concern is that we may end up with users having different interfaces to deal with different customers. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Very stable with no own goals in three years.

What do I think about the scalability of the solution?

Scalability is very good.

How are customer service and technical support?

We get excellent feedback from customer service, irrespective of the level of issues raised.

Which solution did I use previously and why did I switch?

Yes, we decided to change to CyberArk in line with our strategic intent to provide as safe a central and customer environment as possible.

How was the initial setup?

Initial setup was complex and time-consuming but the later versions are a lot faster to implement.

What about the implementation team?

We implemented through in-house specialists.

What's my experience with pricing, setup cost, and licensing?

Standardised offerings that allow for customer-specific flexibility.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer990891 - PeerSpot reviewer
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Consultant
Auditing and recording functionality has made compliance with customer requirements a much clearer and easily managed process

What is our primary use case?

Primary use case: having privileged access management and ingress into customer networks and infrastructure.

How has it helped my organization?

The auditing and recording functionality along with stringent password-change policies and one-time password use has made compliance with customer requirements a much clearer and easily managed process.

What is most valuable?

  • Recordings
  • Exclusive use, and 
  • OTP. 

There can be no ambiguity: An account can only be in use by one single known user, and they have no knowledge of the password.

What needs improvement?

Functionality to enable drive mappings to platforms and default connectors without the need to use AutoIt.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Security Engineer at a international affairs institute with 1,001-5,000 employees
User
Helps control use of shared passwords and the practice of sharing passwords disappeared completely

What is our primary use case?

The main purpose of getting CyberArk was to control the use of the shared passwords. 

Secondly, we needed to take out the secrets from the applications' source code (database connection strings). 

Thirdly, we wanted to improve the network segmentation and reduce the number of firewall exceptions. We're doing that by assigning a PSM per network zone and limiting the exceptions to its connections.

How has it helped my organization?

The practice of sharing passwords disappeared completely and the most sensitive application is using the AIM to retrieve database passwords for all its users.

We're still struggling with the use of RDP through PSMs.

What is most valuable?

The most valuable features for us are the AIM and PSM because they helped us by reducing the number of secrets floating around.

What needs improvement?

The AIM providers registration process could be easier and could allow re-registration. Also, some sort of policies for assigning access rights and safe ownership would be useful for deployment automation. We're seeing difficulties with hosts requiring 2FA, and we need to better cover them with PSM and PSMP.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I am very impressed with the stability, but I still need to convince some colleagues.

What do I think about the scalability of the solution?

Scalability is rather good, we haven't reached any technical limitations yet.

How are customer service and technical support?

The support is always very responsive, accurate, and complete in their solutions. I've always had a personal contact that would know our setup and was able to concentrate on our specifics instead of pointing to a generic document on the support site.

Which solution did I use previously and why did I switch?

No, we haven't used any other solution.

How was the initial setup?

The initial setup was straightforward because its entire complexity was hidden by the CyberArk expert who guided the whole process.

What about the implementation team?

Our vendor's implementation team was stellar.

What was our ROI?

We haven't yet calculated the ROI.

What's my experience with pricing, setup cost, and licensing?

Attempt to minimize the AIM deployments as the license is expensive. Take a license for a test instance even if it might cost extra.

Which other solutions did I evaluate?

I cannot tell what other options were evaluated.

What other advice do I have?

Keep an eye on the cloud integrations and be ready for Conjur.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Je’rid Mccormick - PeerSpot reviewer
Associate Engineer I at COUNTRY Financial
Real User
Has been a great help in automating password retrieval which removes the need for hard-coded credentials

What is our primary use case?

To securely manage privileged accounts within the enterprise and automate password compliance where possible.

How has it helped my organization?

CyberArk has enabled my organization to monitor and manage privileged accounts in a secure manner while also giving the ability to adhere to password compliance automatically. CyberArk has helped us to remove hard-coded credentials in applications and scripts.

What is most valuable?

AIM has been a great help in automating password retrieval which removes the need for hard-coded credentials. Hard-coded credentials are a risk to organizations as they are easy for attackers to target. Therefore less hard-coded credentials increase the security stance of the enterprise.

What needs improvement?

  • More functions could be added to the REST API feature. 
  • The ability to list all users and list providers would be helpful.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

This solution is very stable with the ability of satellite vaults and HA.

What do I think about the scalability of the solution?

CyberArk is incredibly scalable. Make sure to check out the unlimited option.

How is customer service and technical support?

Excellent service and quick responses with engineers who understand the product.

What was our ROI?

For the time saved and security added, the benefit far outweighs the cost.

What's my experience with pricing, setup cost, and licensing?

Check out the unlimited model as it can save money and make for a more scalable solution depending on the size and needs of your organization.

Which other solutions did I evaluate?

Yes, my company did evaluate other options, but I was not with the company when this occurred.

What other advice do I have?

Contact the professional help for a demo, and you will not be disappointed. Even if you do not choose CyberArk, they can help identify current security gaps.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Identity and Access Management Analyst at a financial services firm with 1,001-5,000 employees
Real User
We're now able to start managing service accounts with AIM

What is our primary use case?

We use CyberArk to manage anything privileged including our admin IDs, AWS root credentials, service accounts, etc.

How has it helped my organization?

It's been a big win for us as we're now able to start managing service accounts with AIM. This is a big win, especially with our web hosting team.

What is most valuable?

There are several features we've found valuable. We're auto-discovering our new Windows servers, we're managing root in our Unix environment, and now we're pushing for SA password rotation this year.

What needs improvement?

As we have not yet moved to the core licensing model, we don't have the benefit of PSM and a few other things that were not previously included.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer990921 - PeerSpot reviewer
IT Support Specialist / Project Lead at a energy/utilities company with 10,001+ employees
Real User
Provides a more secure computing environment, allowing only approved programs to run securely

What is our primary use case?

Used to allow the removal of local administrators from 12,000 endpoints and yet still allows users to have the applications they need with the proper permissions required.

How has it helped my organization?

Users were removed from local administrators group on all desktop endpoints providing a more secure computing environment, allowing only those programs approved to run securely.

What is most valuable?

  • The visibility of what is being run and control of those applications.
  • Limiting the unnecessary application users think they need, and producing security vulnerabilities.

What needs improvement?

Better search functionality in the EPM console. It becomes difficult to search lengthy policies for specific items. Additionally, some of the windows sizes cannot be manipulated to allow a better user experience.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

The product is relatively stable, but as with most software, it has room for improvement.

What do I think about the scalability of the solution?

This solution is very scalable from what we have seen.

How are customer service and technical support?

Our experience with tech support has been positive with slight delays due to the location of some of the deep-level resources.

Which solution did I use previously and why did I switch?

No, we used no other services/software previous to EPM.

How was the initial setup?

Straightforward setup with a substantial learning curve to implement.

What about the implementation team?

We implemented in-house with the direction of a third-party.

What was our ROI?

Our ROI is currently being looked at.

What's my experience with pricing, setup cost, and licensing?

Setup, costs, and licensing are fairly straightforward and easy to navigate. Questions to the account manager typically resulted in the answers needed.

Which other solutions did I evaluate?

We looked at several different vendors and conducted detailed POCs on each to ensure we were getting what we needed.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
José Luis Llorente Rey - PeerSpot reviewer
Senior Specialist Identity System Support at Roche
Real User
The master policy allows us to establish a security baseline for our privileged accounts

What is our primary use case?

We are using CyberArk to store credentials of privileged assets in a secure way. In addition, CyberArk helps us to meet our security policy effortlessly, defining the complexity of the passwords, rotation period, etc.

We are also using the Privileged Session Manager to provide remote access to servers with security controls in place (session isolated and recorded).

How has it helped my organization?

With CyberArk, we can meet our compliance requirements reducing security risks without introducing additional operational complexity. This is very valuable for our company because we have regular audits where we have to provide evidence about the use of our privileged accounts (password use, password rotation, etc.)

In addition, we have several third parties that need access to our infrastructure. CyberArk PAS helps us to provide this access in a quick and secure way.

What is most valuable?

  • Master policy: allows us to establish a security baseline for our privileged accounts.
  • CPM: allows us to rotate passwords following the policy defined.
  • PSM: allows us to provide isolated sessions to the customer with additional controls (real-time monitoring, session isolation, and session recording).

What needs improvement?

  • We would like to have more flexibility in the RBAC model and have more options to define who should have access to what, not only based on safe membership. 
  • In addition, the user interface could be improved. When a team manages thousands of accounts, advanced filters are very valuable to search the accounts.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user871449 - PeerSpot reviewer
IT Analyst at a tech services company with 10,001+ employees
Real User
Enables us to connect to the target system component and helps us with recordings

What is our primary use case?

We have different privileged accounts in our enterprise. All of the application owners and the stakeholders want to store those accounts CyberArk privileged security, so they can connect to the target systems. It also allows for session recordings at the time of auditing.

What is most valuable?

We can be connected to the target system and the PSM component comes into play. In addition, a true asset is the recordings the solution keeps.

What needs improvement?

We have found with the recent upgrade a lot of issues we had with the connection have been resolved.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

There are no issues with scalability. Our clients are very happy to use the product.

How is customer service and technical support?

Tech support is very quick to answer our request tickets. 

How was the initial setup?

It is necessary to use professional service for the setup of the solution. It is a challenge if you are not well-versed in CyberArk.

What's my experience with pricing, setup cost, and licensing?

In comparison to other products on the market, CyberArk is a more costly product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Dan Hines - PeerSpot reviewer
Senior Technologist at a retailer with 1,001-5,000 employees
Real User
We are able to know who is accessing what and when; having accountability
Pros and Cons
  • "We are maintaining compliance in PCI, SOX and HIPPA, which is a big thing. Auditors really like it, and it has made us stay compliant."
  • "We are able to know who is accessing what and when; having accountability."
  • "Make it easier to deploy."

What is our primary use case?

Primary use case is for compliance, SOX, PCI, HIPAA, and securing privileged access accounts. It seems to be performing well. We have had pretty good success with it.

We plan to utilize CyberArk to secure infrastructure and applications running in the cloud with AWS Management Console. We are testing it right now, so we hopefully it will be ready in about two months.

How has it helped my organization?

We are maintaining compliance in PCI, SOX and HIPPA, which is a big thing. Auditors really like it, and it has made us stay compliant.

There is at least one place to go to for getting privileged accounts. Now, users have to go through the portal or go through CyberArk front-end, the PVWA, or we could use the OPM or PSMP. It has helped out quite a bit.

What is most valuable?

We are able to know who is accessing what and when; having accountability. That is the big thing.

What needs improvement?

Make it easier to deploy. In 10.4, we did it with the cloud and could actually script the installs.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It has been pretty stable. We had some issues before, but customer support has been helping us out quite a bit. 

We think we had some PSM issues, and that was the big problem we had. Basically, it had to be rebuilt.

What do I think about the scalability of the solution?

Scalability is impressive because you can set up clusters, so you can grow as your needs grow.

How is customer service and technical support?

Technical support has been excellent. They have been really good and knowledgeable. They come out and help us out. They have also helped us do our roadmapping.

We feel like we get the right person the right time that we call.

How was the initial setup?

The upgrading process was pretty straightforward. We had some issues with the platforms when we upgraded. That was probably on our part, maybe we missed something.

What about the implementation team?

The vendor was retained to implement our Cyberark rollout initially.

What was our ROI?

It keeps us from getting dinged by the compliance officers. Keeps us in compliance.

What's my experience with pricing, setup cost, and licensing?

Understand your needs prior to purchasing. Cyberark team will advise as well which is a plus.

What other advice do I have?

It does what it promised. It secures our platforms, haves the scalability, and it is just a solid product.

Know what you are getting into upfront. Work with IT to ensure you have buy-in from upper management, and work with them to get a roadmap to deploy. 

Most important criteria when selecting a vendor:

  • Reliability
  • Having good customer support.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user635622 - PeerSpot reviewer
Vice President - Cyber Security at a tech services company with 10,001+ employees
Consultant
This product is stable. But, we did encounter some issues with the decentralized mode of the product.

What is our primary use case?

We primarily use this product for privileged identity management, restricting privileged IDs, and governance. This is the primary function of the program, and what we expect from it within the broad business level.

What needs improvement?

One limitation is that we are not able to put this into a decentralized mode.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

This solution is quite stable.

What do I think about the scalability of the solution?

We have no issues with scalability.

How is customer service and technical support?

The tech support is decent. 

How was the initial setup?

It takes a while to adapt to the product.

What's my experience with pricing, setup cost, and licensing?

I do not have experience with the pricing or licensing of this product.

What other advice do I have?

I think having a distributed architecture would certainly help this solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Associate at a consultancy with 10,001+ employees
Real User
The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out.
Pros and Cons
  • "The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out."
  • "There was a functionality of the solution that was missing. I had noticed it in Beyond Trust, but not in this solution. But, recently they have incorporated something similar."

What is our primary use case?

My primary use case for this solution is to prevent privileged access, privilege accounts, and to mark all of those for future ordering proposals. It is to limit their access.

What is most valuable?

The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out. It also provides flexibility and a comprehensive reporting. In terms of reporting, it can pull up to three types of reports and you can do some Excel work on those. Then, you will be able to find information that you were looking for. It is is the reporting by-laws, as well. Apart from this, it also has a lot of advanced components. It can extend the picture at the end of the productive scope.

What needs improvement?

There was a functionality of the solution that was missing. I had noticed it in BeyondTrust, but not in this solution. But, recently they have incorporated something similar.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is a stable solution for our needs.

What do I think about the scalability of the solution?

The scalability provided by this solution is a lot better than some of the other available products on the market.

How is customer service and technical support?

The technical support has been tremendous. They try to resolve the issue as soon as possible, but sometimes I would expect them to engage an L3 level of support at the very first moment, as for priority, but they take a bit longer. 

How was the initial setup?

Sometimes, when we install their product, the BFN (Bridge to Future Networks) to the component manager, we have issues. When we install this component in high ability mode, and the load balancer, then sometimes that creates different problems. Sometimes, to find the issue we actually, even if one of the component goes down, get notifications easily. That is not an issue, but to rectify the issue, sometimes it takes longer than I would like, you know. When it goes for a higher ability mode for the component then it makes our work a little a cumbersome.

What's my experience with pricing, setup cost, and licensing?

This solution is considered to be more expensive than others out there on the market today.

Which other solutions did I evaluate?

I have previous experience with BeyondTrust. And, there are other products, such as Lieberman and Arcos, which are being used in the Indian market because of its cost effectiveness.

What other advice do I have?

CyberArk has vast trust across the globe. People who've used CyberArk usually don't go back and change the product, unless it is a cost issue. If it is a cost issue, I must suggest BeyondTrust as a cost-effective solution for similar services.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Lead Consultant at a tech services company with 10,001+ employees
Reseller
I like the PTA (Privileged Threat Analytics) of this solution.
Pros and Cons
  • "I really like the PTA (Privileged Threat Analytics). I find this the best feature."
  • "If we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature."
  • "Tech support staff can be more proactive."

What is our primary use case?

Our primary use case for this solution is privileged threat management and session management.

How has it helped my organization?

I have an affinity towards CyberArk. I find that it works out-of-the-box, as a product.

What is most valuable?

I really like the PTA (Privileged Threat Analytics). I find this the best feature.

What needs improvement?

From what I see, like the out of the box password management features, or you can pay the tax forms, which I will write log, can become extensive. For example, we have right now 45 to 50 platforms to tell that were out of the box, like Cyber Optics 200 out of the box connectors, so if we can just put those also into out of the box so that the pros do not have to retell everything to what they think the comp manager of Cyber Optics representative. Apart from that, if we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I would not say there is a stability issue. There are quite a few bugs, which I have discovered in versions 10.1 and 10.2, but I believe that was rectified out of scalability.

What do I think about the scalability of the solution?

I have no scalability issues at the present time.

How is customer service and technical support?

I believe the tech support staff can be more proactive. Right now, I have booked a ticket with tech support for an issue, and I have labeled the ticket "moderate priority." The response from tech support was at best, an answer within three to four days. I believe that is too much time, and can be shortened.

How was the initial setup?

It's straightforward, I mean probably who for 11 years of experience is quite straightforward, but maybe for a newbie, it could be complex.

What's my experience with pricing, setup cost, and licensing?

I do not have any opinions to add about the pricing.

What other advice do I have?

I think if the industry could work together on TSM connectors, this would be a cutting-age change.

Disclosure: My company has a business relationship with this vendor other than being a customer: I am a reseller.
PeerSpot user
Principal Consultant, IAM Projects at a tech services company with 201-500 employees
Consultant
The threat analytics is an important feature. This is a robust product.
Pros and Cons
  • "The threat analytics is an important feature."
  • "The usual workload is sometimes delayed by the solution."

What is our primary use case?

The primary use case is password management. 

What is most valuable?

I find the threat analytics is an important feature. CyberArk can look at the log details, and analyze who is using the applications, which are their locations, and which are the IP locations from which they are accessing. This enables the solution to find the exact location the threat is emanating from. We really value this feature.

What needs improvement?

The usual workload on the system is sometimes delayed by CyberArk. So, any major work is getting delayed, and may take twice the amount of time that it usually does. For instance, if there's a password change of an account it will take time because you have to log in, then  authenticate, and this is followed by delays. It becomes cumbersome and frustrating.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is a stable product. 

What do I think about the scalability of the solution?

The scalability of the solution is good. We expanded, and we found the biggest part was a bit unfomfortable in terms of product. They are designing, leveraging the features so greater different markets are joined. On the ground it was difficult initially.

How is customer service and technical support?

I found techincal support is adequate. The Indian team is not so good. They are OK with helping, but not all of the engineers are entirely experienced. 

How was the initial setup?

The initial setup was OK. If I set up one box, one automation, one machine, within one program, it is O. But, if I have multiple locations in Japan, China, Asia, Singapore, and the like, I will have some trouble. I have faced this problem in the past. 

What's my experience with pricing, setup cost, and licensing?

It is quite costly. The license is a concern for some of the clients. 

Which other solutions did I evaluate?

I have previous experience with Oracle in the past. There is an ease of use with Oracle, because it is small and not very complex. You can wrap your work in a single day with Oracle. In comparison, the API is quite small with CyberArk. But, the product itself is so robust.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sumit Batabyal - PeerSpot reviewer
Security Team Lead at a tech services company with 10,001+ employees
Real User
This product helps us complete financial audits. It is a nice solution.

What is our primary use case?

Our primary use case for this solution is it provides a security solution that includes password management. This defends against threats.

What is most valuable?

The most valuable feature to me is the recording feature. I can track all of the records, the commands, the server, any misguidance, etc.

What needs improvement?

Over the past seven years, I have seen a lot of ups and downs with the product, but now I am happy with the version that we are using now. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I have no issues with stability. 

What do I think about the scalability of the solution?

It is scalable. We have added new equipment, and this solution has been relevant. 

How is customer service and technical support?

They are very helpful for us whenever we have any questions. 

What's my experience with pricing, setup cost, and licensing?

No, I do not have any advice on the price of the product. It is a great product that I recommend to others. 

Which other solutions did I evaluate?

I did not consider any other options. 

What other advice do I have?

This product is helpful for financial auditing needs, as well.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Technical Manager at a tech services company with 10,001+ employees
Reseller
It helps our customers in their software requirement imports
Pros and Cons
  • "It helps our customers in their software requirement imports."
  • "The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs."
  • "Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations."

What is our primary use case?

One of our customers is using the 9.5 version of the solution.

We personally use the product. We are implementing it and have a lot of involvement in its usage.

We use it primarily because we need to manage business accounts and reduce our inboxes.

How has it helped my organization?

It has improved the way our company functions on the basis that they're expanding, and the SDDC management solution and the decision to bring on security licenses under the system umbrella, then has passwords and the system management be a requirement in the coming quarters. We are already doing a small PoC with the relevant themes of the natural habits of the security teams. 

What is most valuable?

The password reconciliation and its limitation with respect to access in target servers along with the end users apart from the import, which is already available. This helps our customers in their software requirement imports.

What needs improvement?

The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is stable. They have had subsequent releases with patches for bugs. 

What do I think about the scalability of the solution?

With respect to scalability, it depends upon how much scalability you need in the moment. 

How are customer service and technical support?

There is not seamless stability in the support. Sometimes, we don't have any level of support which is required when something critical happens.

Which solution did I use previously and why did I switch?

We were using the Centrify solution for managing UNIX apart from CyberArk. However, the scope of the Centrify solution is not as wide as the CyberArk solution.

How was the initial setup?

Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations. 

What was our ROI?

Eventually, the licensing cost benefit doesn't happen or maximize the customer's profit.

What's my experience with pricing, setup cost, and licensing?

Network and security licenses are currently being managed by other outsource vendors, so they are facing some type of problems in the digital aspect. 

Recently, there has been some new licensing guidelines which have come up since 2018 related to installation by technicians. However, we had our solution installed in 2015. 

What other advice do I have?

Work off your roadmap for implementation.

We recommend CyberArk solutions.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
it_user514779 - PeerSpot reviewer
Project Manager at a tech services company with 10,001+ employees
Real User
It is secure and simple to use

What is our primary use case?

We are using it for privileged access management.

What is most valuable?

  • It is very secure. 
  • The voice technology is very good.
  • It is very simple to use.

For how long have I used the solution?

More than five years.

What do I think about the scalability of the solution?

We haven't had issues with scalability.

How are customer service and technical support?

We have good support from support. They are very helpful.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The initial setup was somewhat complex, but we received help from the product support team with the installation.

What's my experience with pricing, setup cost, and licensing?

The product is costly due to its active management features.

What other advice do I have?

The product is the best in the market at the moment.

I would recommend the product for sales learning. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Core Analyst/ Server Admin at a comms service provider with 1,001-5,000 employees
Real User
Gives us the security of all credentials in one place and lightens our administrative load
Pros and Cons
  • "CyberArk is not just an IT security or cybersecurity tool. It's also an administrator tool. I had a fair number of systems where the passwords were not fully managed by CyberArk yet, and they were expiring every 30 or 45 days. I was able to get management turned on for those accounts. From an administrator perspective, I didn't have to go back into those systems and manually change those passwords anymore. CyberArk... lightened the load on our administrative work."
  • "This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be better if they were a little more give-and-take upfront: "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful."

What is our primary use case?

We use CyberArk to manage our privileged accounts, our passwords for our critical infrastructure. We have a lot of root administrator level accounts and other application and node accounts that are critical to our business. We use CyberArk to keep those rotated, keep them secure, in an encrypted environment giving us a lot more control and auditing capability.

We are not planning to utilize CyberArk to secure infrastructure for applications running in the cloud because, in our particular business, we like to keep things in-house. Although we have a very small use case scenario where we have one application published to a cloud service, for the vast majority of our infrastructure, we keep it in-house and manage it ourselves.

In terms of utilizing CyberArk's secure application credentials or endpoints, I'd have to think through what CyberArk means by "endpoints," exactly. We do some application management right now. We're mostly doing more server-router, switch, node. And we have some custom vendor nodes that are not your normal off-the-shelf things, that we're trying to get under management right now. As we move along and become more secure, we'll probably do more and more of the application management like that.

How has it helped my organization?

It has given us a common environment where all of our critical infrastructure credentials can be stored. From the pure usability and administrative perspective, I can't imagine doing what we do without it. And we're a fairly small business. We don't have 10,000 servers or 5,000 systems to manage. Still, the smaller the business, the smaller the company, the smaller the number of support people you have. So we still end up with a lot of people having to do a lot of work. 

I would say the security, having all the credentials in one place, having a two-factor login to the system available to us, which we use, and then that administrative aspect of it, being able to lighten our administrative load, so once we hand over certain things to CyberArk, that administrative work is done by CyberArk and not by us anymore. It enables us to get a lot more done with a smaller crew.

The first thing that pops into my head is, when you're dealing with some old-school people who have been around our business for many, many decades, who are accustomed to writing down passwords on pieces of paper on their desk, getting those people off of the desktop and into an encrypted environment, that alone, is an enormous improvement.

We literally had people, just a few years ago, who would have pieces of paper written with everything - address, username, password - sitting in plain sight on their desktop that the janitor at night could come in and see laying on their desk. Just within the last few years, I've even seen higher-level people who have the little sticky note out on their desktops, on top of their screen, with credentials. It's all electronic but, still, you get to their desktop or you look over their shoulder and you see everything.

Going from that to having an encrypted environment, that alone was a huge improvement. Working with a lot of people who have been around the business for a long time, who have more of an old-school mentality, getting those credentials moved into a more secure environment and getting them rotated automatically, that's a huge improvement by itself.

What is most valuable?

The basic features are, themselves, highly useful. I was just saying to some CyberArk people that I came to understand fairly early on that CyberArk is not just an IT security or cybersecurity tool. It's also an administrator tool.

I had a fair number of systems where the passwords were not fully managed by CyberArk yet, and they were expiring every 30 or 45 days. I was able to get management turned on for those accounts. From an administrator perspective, I didn't have to go back into those systems and manually change those passwords anymore. CyberArk was taking that administrator task away from me and handling it, so it lightened the load on our administrative work.

It is a good security tool, but it's also a great administrator tool in that respect.

What needs improvement?

Things that they were speaking about, here at the Impact 2018 conference, are things that we've already been looking it. They have been on our radar, things like OPM. We're beginning to use PSMP a little bit ourselves. We already have that implemented, but we haven't been using it a lot. The number one thing might be OPM, that we're looking at, that we think might help us in our business, but we haven't implemented them yet.

There are so many options that are currently available, and there are already efforts, projects within CyberArk, that they're working on right now, that I haven't really had time to think beyond what they're already offering. There are so many things that they have that we're not using yet, that we haven't licensed yet. There is a lot of stuff out there that we could take on that we haven't yet for various reasons, including budgeting.

It's always the need to do a cost-benefit and then doing a business case to management and convincing them that it's something that would be good for us and that it's worth spending the money on.

Right now, it's just trying to implement what's out there and use some of those tools that would give us the most bang for the buck.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Stability is very, very good. We did have a minor incident. It could have been a major incident. The customer support people were spot on in getting us back in order pretty quickly. I think it's a little bug in the version that we're at. That's one of the reasons we need to upgrade right now. We're just trying to decide which version we want to upgrade to before we pull the trigger.

Beyond that, as far as stability and reliability, there really haven't been any major issues. We've had one little incident. We got it mitigated within a very short amount of time thanks to, on that day, really good, quick tech support from CyberArk. And beyond that, it's been a very stable and reliable system. There hasn't been any other downtime that I can point to and say it was CyberArk's fault.

I painted myself into the corner a couple of times, and had to jump through some hoops to get myself back out; those were my fault, a lack of experience.

For the most part, over the two and a half years we've used it, we've just had that one little incident that caused us a little bit of concern. Like I said, it was mitigated very quickly and didn't cause a huge storm within the company and didn't have a huge impact that particular day, fortunately.

What do I think about the scalability of the solution?

We haven't scaled it up much since we took it on. From everything I've seen, I think scalability should be excellent. You can spin up as many component servers as you need to get the job done. Obviously, at some point, licensing is going to come into that. I don't see how scalability would be any kind of problem for anyone. I think you can make it as big or as little as you need it to be.

How are customer service and technical support?

This is coming from a person who spent two-and-a-half years in customer support, so I do have a certain amount of empathy towards customer support people and the challenges they deal with. It depends on who you get on the other end of the phone. When you call in, you may get the young lady that I got the day we had that major issue. She very quickly found exactly what we needed to do and told us how to do it, and we got the problem settled.

I've had other situations on much more minor issues, like how to configure this or how to make that work and I haven't had as good an experience on all of those. Sometimes I do, sometimes I don't. I think it depends more on who you get rather than on the company in general. Some support reps are always going to be better than others.

I've only had a very small number of experiences with them. When I have an issue like that, I don't just open up a ticket and then leave it alone until they get back with me. I usually go back and continue to dig for a solution. About half the time, I find my own solution anyway. But I don't think it was commonly the case that they were not attempting to get back with me.

Sometimes they didn't always offer, for the less critical issues perhaps, a quick, easy, how-to-implement it solution. This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be nice if they did a little bit of more give and take upfront of, "Well, why don't you try one or two or three of these common sense things, the first things that pop up on the radar on this type of issue, and see if any of them help? And we'll take the information that you gather and we'll go in the meantime." 

Instead of throwing it all in your lap to go and collect a whole huge collection of data to bring them before they give you anything, perhaps it would be better if they were a little more give-and-take upfront of, "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful.

Which solution did I use previously and why did I switch?

We were using KeePass before we got CyberArk, and I can't imagine trying to manage the number of accounts and credentials we have today, and the number of systems, with something like KeePass. It would be a nightmare.

We switched because of the scale of where we were going. All of our infrastructure passwords, prior to three-and-a-half years ago, were decentralized. The people who worked on a particular system managed the passwords for that system in their own particular way. There was no across-the-board system. There was no standard regarding these having to be encrypted versus those. Everybody came up with their own way of handling that. We tried to implement some standards during the years leading up, but they were not mandatory. So people ended up just doing what they wanted to do.

Now, with CyberArk, there is a mandate from upper management that we all use this tool. All the credentials go into it and they are all encrypted. Eventually, everything, 100 percent or as near 100 percent as we can get it, will be under full management.

In terms of criteria for selecting a vendor, from my perspective, I like to be able to find someone who can speak to me on a somewhat technical level and help me work through technical issues. But I also want them to give me a vision of things, the roadmap or other products and other things that are available, without getting too much of a marketing pitchor sales pitch. I don't mind a little bit of that. I know that's important. But at the same time, I don't just want a slick sales presentation. I want to know the technical end of how does this really work? I want to be able to have some vision as to how we might implement that. Not just what it can do for us, but how would we actually go through the machinery, go through the work, to make it work for us.

It's always good to have a vendor that can provide resources, that can speak to someone like me on a technical level, and that can help me work through issues, whether it's lack of experience or just lack of knowledge in a certain area; a vendor that can help me work through some of those situations and get me to where I need to be.

How was the initial setup?

I went through the proof of concept and then I also went through the initial install of our infrastructure. For our company, I've probably done 80 to 90 percent of the work in CyberArk myself.

The implementation was fairly straightforward. We had a really good implementation engineer. He did a really good job. Of course, every individual brings his own kind of approach to things. They give you insight and then you run into someone else that gives you a little different perspective. It surprised me how straightforward some of the setup is. I've experienced some things since then that lead me to think it is something that CyberArk is constantly improving on: How to implement new installs or upgrades and make them better and easier.

For instance, there was one system that, when we first installed in 2016, we were told upfront that this was not an easy system to spin up and get working. We had made an attempt at it and failed. A year later, I installed it by myself from the documentation and it went as smoothly as could be, no problems. They had improved it over that year to the point where just about anybody could do it.

Which other solutions did I evaluate?

The team that I'm on, we weren't leading up the investigative part. Our security group did that. They're the ones who brought CyberArk to us and said, "This is the one we're going to go with." There was actually another entity within our corporate parent company that had already been using it for about nine months before we did. We adopted it from there. Since then, another entity has adopted it as well.

What other advice do I have?

One big piece of advice I would give is: Don't ignore user acceptance. If you want people to use CyberArk, you have to pay attention to user acceptance. If your users hate it, then your entire experience is going to be an uphill battle, when you're trying to get people to actually use the tool. It doesn't matter how good the tool is, it doesn't matter how well it does password management. It doesn't matter how well it does all these other things. If your users hate it, you're going to have an uphill struggle with the people that you need to be on your side. You've got to get user acceptance right.

Now, you can't completely sacrifice all those other things just for user acceptance, I'm not saying that. But you have got to keep user acceptance up there, alongside everything else. It's got to be a hand-in-hand thing as you go along, so don't ignore user acceptance. Spend some time doing it.

I tend to shy away from giving anybody a 10 out of 10. I would rate it at about eight out of 10, a pretty high rating. Anything could be improved, and certainly, CyberArk is not immune to that. But I think it's a good tool.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
AHMAD AL - PeerSpot reviewer
AHMAD ALMechanical at a financial services firm with 1,001-5,000 employees
Real User

A

See all 2 comments
IT Security Specialist I at a healthcare company with 1,001-5,000 employees
Real User
You can write different types of policies for custom business needs
Pros and Cons
  • "You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily."
  • "The interface on version 9 looks old."

What is our primary use case?

I am a CyberArk admin. I manage everyone's PSA accounts, including EPM and PVWA.

It has been performing very nicely. We are on version 9.10. We are thinking of upgrading to 10.3 soon, hopefully. I don't want go to 10.4 since it just came out.

We are planning on utilizing CyberArk to secure application credentials and endpoints because of PAS. We do have a lot of accounts for developers, and we do manage a lot of passwords in the world.

Our company is not in the cloud yet. We are not that big. We are looking to move to it soon, as it is on our roadmap. By the end of the year or early next year, we are hoping to move CyberArk to the cloud.

How has it helped my organization?

It has removed the local admin rights. It is safe and improving well. 

Also, everyone doesn't have passwords to certain applications because of PAS, which is managing the passwords world-wide. So, it is more secure.

Our overall security posture is pretty good, but there is always more to improve upon.

What is most valuable?

I feel like I love EPM more because it is a pretty sleek tool. I like how it manages everyone's accounts. It removes all the local admin accounts, and I like that part about EPM.

You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily.

What needs improvement?

The interface on version 9 looks old. I am excited for version 10 because of the interface and design are good, and it is easier to use.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is pretty stable because we have not moved to the new version. When it comes out, we don't want to go to the newest version the right away because we do not know if it is stable or not. We do not want to put it in the production yet, so we want to wait until the next one comes out, then we go from there.

We have not had any downtime with the product. No issues yet.

What do I think about the scalability of the solution?

It is pretty scalable. It should meet our needs in the future.

How is customer service and technical support?

They are extremely knowledgeable. Sometimes I asked a question, and their first reply is the answer. Then, I have them close the ticket. I feel like I am getting the right person.

How was the initial setup?

I was not involved in the initial setup.

What other advice do I have?

If you want more security, get CyberArk.

I used the new plugin generator utility here in the lab. Right now, it is manual, and the plugin is very easy to use. It is amazing.

Most important criteria when selecting a vendor: I prefer better tech support, because I love the CyberArk support. I want support like that everywhere with all my vendors.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Information Security Analyst III at a healthcare company with 10,001+ employees
Real User
We can make a policy that affects everybody instantly
Pros and Cons
  • "We can make a policy that affects everybody instantly."
  • "We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us."
  • "One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening."

What is our primary use case?

It is used to manage the policies on our endpoint because we want to takeaway admin rights to protect our computers.

We have had our implementation issues. However, the software is light years ahead of its competitors. We have seen massive progress with the updates of the software. We have been doing pretty well with it in the time that we have been implementing it.

We are trying to manage the endpoints, but our company has been a long-time customer. We want to integrate the other products because EPM is not the only one. We do have PAS and AIM, but now it looks like CyberArk is moving towards integrating all of them into one thing, so they can all work together in one console. We would like to get there eventually. I can't wait to upgrade.

How has it helped my organization?

We are stripping administrative rights, and we have implemented a special ID to help folks that lose administrative rights. Maybe it broke something, so while we design policies and try to get them where they need to be, they will have this ID in the meantime. CyberArk is able to protect both of these things while we move forward in this.

The software is insanely robust. You can do whatever you want. If you want to put your own logo on the pop-up, then you can do it. You want to change the color to pink, yellow or brown, then you can do it. You can do whatever you want with this thing. This leads to people getting lost on what they want to do, but for those who have a great plan with a clear, concise idea of where their organization is going and what they want to accomplish, it is there to help you.

Where a lot of people might struggle is with the actual environment, and where to begin. The software builds on top of that. You have to have a solid foundation. You will learn that as you work through the product, but you will also see how great and powerful the product is.

With computer security, administrative rights is probably the number one thing that comes to mind. This is a software that will allow people to still use their Google Chrome, Adobe, and Facebook. They can do what they need to do, but it still keeps them protected. That is what is so great about the product, we can sell it to people as, "We are not trying to stop you. We want to enable you, but we want to be safe too. It's there to do that." 

What is most valuable?

  • I love the interface because it is colorful, easy to read, easy to see, and how easy it is to make policies. 
  • I love how we can make a policy that affects everybody instantly, which is great. 
  • I love the reporting features, so it is easy to see what we did.

I love the product overall, because it is great.

What needs improvement?

I want some of the things which are glitching out there for me to be fixed. I have heard that there is something in the works, that they will be putting a feature in the help desk where they will have a message board now. So, I could communicate with other people who are having the same problems and pull their issues, this way I don't have to bother support all the time. Also, people can vote. They can vote on the most important issues, and CyberArk will prioritize them next, really listening to the customer. That is pretty cool.

One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening. However, they are coming close to a solution. It has been an issue for a while. I heard that this is one of the top priorities that they're working on.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

This is where we have had some woes with this software. Part of it is in our environment, and what we built it in as far as our database server. We met the requirements and it had some issues. The software is still growing and getting better. It is not 100 percent there yet, but even so, there is nothing in comparison to the product. It is too robust. It offers too many features that nothing else does. You might as well deal with it. You are going to deal with implementation and memory issues regardless that we had on the SQL Server, etc.

Part of this will come from your personal environment, but CyberArk has done a great job with it. However, they still have a ways to go. One thing I really like with every upgrade, they listen to the people. If you are saying this needs to be fixed, they listen. They usually put it in the upgrade, so that is cool.

What do I think about the scalability of the solution?

There are growing pains from integrating a software which allows you to do anything, and you could do anything but it is based on your environment. The software can do whatever it wants, but it is going to be reactive to your environment. Everyone will have a different experience. 

If this was a perfect world, you had a clean active directory environment, your SCCM solution was fantastic, and there were no firewall issues, the product would deploy. No problem. Read everything, and you are good to go.

I could definitely understand. It is like designing the program for how it should work, then dealing with real life scenarios. You talk to any company here, and everyone's active directory is a mess. That is where you are trying to get your data from. That is where you struggle sometimes. However, the software is great. The Dev guys are on it as far as upgrades, etc.

If they keep upgrading the software, they are going to be around for a long-time. We are a long-time customer. We have multiple products, and they are going towards the right direction because if we own three or four of their products, then we can meld them all into one and they all work together, which is great.

How are customer service and technical support?

In the beginning (early 2017), we had some issues. We would have a discrepancy in what user support was telling us. From mid-last year until now, it has been absolutely spectacular. They have key people who are very good, and I speak extremely highly of them. They are excellent, very professional with a lot of knowledge.

Which solution did I use previously and why did I switch?

We did not have a previous solution, because we have always had admin rights. In fact, we did a proof of concept in CyberArk, version 1.

We needed something to manage the endpoint and to be able to empower the user. By far from not only a user's perspective on what they would be able to accomplish, but from the person who has to design the policies, it was the best. It was like working in MS-DOS compared to Windows 10. 

How was the initial setup?

We had an educational and technical guide for the entire setup process. I also had CyberArk with me on the phone.

What about the implementation team?

I designed the solution. Because they knew that this is a solution that no one had really seen before, they made sure they had somebody onsite throughout the entire implementation.

What was our ROI?

We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us. That is pretty important. We are protecting ourselves the right way.

Which other solutions did I evaluate?

Avecto was the competitor. They integrated with McAfee ePO, which was our endpoint solution at the time. Unfortunately, it was not as robust as I thought it would be. I didn't like it. I felt like the product relied too much on McAfee to do what it needed to do. Whereas, CyberArk was a standalone client which was way more robust.

The competition was utilizing a product that we are getting rid of in two weeks.

What other advice do I have?

Get on implementing it today. Be patient. Test a lot. Deploy slowly.

It has places to go. I see the potential. It is getting there, but it has room to grow. If you compare this product with anything else as far as an endpoint solution, there is nothing which even compares.

We have implemented the new plugin generator utility already. I trained the help desk. It is really easy. Instead of having to fix it myself, the service desk will receive a one-time code to help the customer immediately, so they do not have to wait. I will receive a ticket to make a long-term policy. It is a perfect system.

Most important criteria when selecting a vendor: communication.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Technical consultant at a healthcare company with 1,001-5,000 employees
Consultant
Gives us the flexibility to integrate with other technologies and applications
Pros and Cons
  • "The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization."
  • "CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well."

What is our primary use case?

We use it for all application IDs to onboard into CyberArk. So far, the performance is good because we have onboarded more than 40,000 accounts, and it's growing every day.

We plan to utilize CyberArk's secure infrastructure application running in the cloud. We are conducting workshops with CyberArk on this. So it is planned but not yet confirmed. We are not using CyberArk's secure application credentials and endpoints.

How has it helped my organization?

Previously, we didn't have any password rotation policy for application IDs. Once we implemented CyberArk, we created a policy. It's good to rotate the passwords every two weeks. That is the biggest value for us.

It gives us one place to store the keys to the kingdom, so if there is any breach we know where it is and what to do.

What is most valuable?

The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization.

What needs improvement?

CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

So far, we haven't seen any major hurdles. We haven't had any downtime because of CyberArk.

What do I think about the scalability of the solution?

I would rate scalability at seven or eight out of 10. There is a need to improve the usage on for the consumer side. I hope in the upcoming product, the version may fulfill this.

How are customer service and technical support?

Technical support is good but the problem is when we are using the application side. The support people have a security background, so they may not know the application technology, so it's a challenge right now. Once they understand, then they make progress but, until then, we have to educate them.

Which solution did I use previously and why did I switch?

Before CyberArk we had a number of solutions, CA and IBM products, but CyberArk meets our requirements regarding application password management.

How was the initial setup?

I was involved in the initial setup and I actually used CyberArk's Professional Services. It was straightforward. We didn't have any hurdles during the setup.

What was our ROI?

It's very hard to quantify because previously we didn't have anything like this. You can imagine, there was a policy not to rotate the passwords, but now after implementing CyberArk, every two weeks we are rotating the password without business impact, so that is the biggest ROI, even though we cannot quantify it.

Which other solutions did I evaluate?

We evaluated Thycotic and one other.

What other advice do I have?

If you want to use it as an application password management cloud solution, think about it not as a security person but as an application person. If CyberArk does not meet your requirements, it has a way to meet them through customization.

Our most important criteria when selecting a vendor include scalability and stability as well meeting our security requirements for applications

From the application perspective, I would rate it at eight out of 10 because it's very easy to use and stable.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Systems Admin II at a transportation company with 5,001-10,000 employees
Real User
Lessens the risk with privileged access
Pros and Cons
  • "We are able to rotate credentials and have privileged account access."
  • "Lessens the risk with privileged access."

    What is our primary use case?

    Currently, we use PAS and EPM. Mainly, we did EPM last year to get rid of local admins on about 300 PCs.

    We are looking into utilizing CyberArk to secure infrastructure in the cloud.

    I have been in admin for two years. The company has probably had it for more than seven years.

    How has it helped my organization?

    • Lessens the risk with privileged access.
    • As far as EPM, mitigating the risk of local admins on PCs.

    What is most valuable?

    We are able to rotate credentials and have privileged account access.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It is very stable. We have had no downtime.

    What do I think about the scalability of the solution?

    It is meeting our needs now, and will still meet our needs in the future.

    How are customer service and technical support?

    For the most part, technical support is very knowledgeable. Sometimes, you get the one person whom you might have to push back on a little more. With PAS, they escalate our problems in due time, not so much with EPM.

    Which solution did I use previously and why did I switch?

    We did not previously use another solution.

    How was the initial setup?

    I was part of the initial setup with EPM. It was straightforward during the PoC. Once we rolled it out to users, it got a little more complex.

    What about the implementation team?

    CyberArk helped with the implementation. 

    We did not get the EPM training, so we were just flying by the seat of our pants and going with it. For the most part, we were able to figure stuff out, but some stuff gave us a little run for our money.

    What was our ROI?

    With reducing the privileged account access, there has been a huge improvement. They are now bringing more accounts on a little at a time.

    What other advice do I have?

    Do it now. Don't wait.

    Any other issues that we may have come up with, they have always been there to help assist and get us back on the right track. They don't just give you the product, then wipe their hands.

    We just got an upgrade to version 10.4, as we went from 9.2 to 9.9.5 last year. This was a major improvement for us, going to 10.4 with the different dashboards and PTA built-in and PTA on the credential rotation. They are starting to integrate all the different components.

    Most important criteria when selecting a vendor:

    • Ease of access.
    • They are with you going through any problems that may arise. 
    • Good support.
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Sack Pephirom - PeerSpot reviewer
    Senior Security Engineer at a financial services firm with 1,001-5,000 employees
    Real User
    Allows users to self-provision access to the accounts that they need
    Pros and Cons
    • "It allows users to self-provision access to the accounts that they need."
    • "There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution."

    What is our primary use case?

    The main focus of using CyberArk was to replace our previous Excel spreadsheets, which contained all of our passwords. The reason that we brought it in was to replace them and meet certain audit requirements.

    We are using CyberArk to secure applications for credentials and endpoints.

    We are planning on utilizing CyberArk to secure infrastructure and applications running in the cloud. It is on our roadmap for next year.

    How has it helped my organization?

    It allows me to create my custom CPMs more easily and quickly without having to code everything. It helps me build a lot of these codes, so it makes it easier for me to create custom CPMs and PSMs.

    It allows us to be able to manage a third-party which is not natively supported by CyberArk. If there are certain legacy applications which are so old that CyberArk does not support them out-of-the-box, it allows me to be able to create custom connections and be able to manage those accounts.

    What is most valuable?

    • Ability to do workflow.
    • Allows users to self-provision access to the accounts that they need.

    What needs improvement?

    There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution.

    The new PVWA is great. I actually saw some of the newer functionalities, and the look and feel looks great so far. It is just a matter of getting us there. We need to be able to upgrade the environment. They have been able to get the functionalities I was looking for on some of the latest releases.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    Stability is pretty good. I have not had any issues with it.

    What do I think about the scalability of the solution?

    Scalability is pretty good. I have not had any issues with it. It should meet my company's needs in the future.

    How are customer service and technical support?

    For what I was using technical support for, they were really knowledgeable. They were able to resolve the issues that we had. I have not had any problems with them, though it took them a bit of time. A lot of times, they did not escalate it right away, not until three or four tries, then they did escalate it to Level 2, possibly even Level 3 support.

    Which solution did I use previously and why did I switch?

    We were previously using Excel spreadsheets. We changed because of audit requirements, but a lot of times it will due to usability. We understand that having our password in a spreadsheet is a huge vulnerability, so it is one of the things that made us look for a solution to manage those credentials, and create automated workflows around it for audit requirements.

    How was the initial setup?

    The initial setup was pretty straightforward. I think the implementation only took a couple of days.

    What about the implementation team?

    We had someone from the CyberArk team helping us with the implementation.

    What was our ROI?

    One of the processes that we have defined is called a Fire ID process, where to be able to get a Fire ID. It requires a user to call the help desk. The help desk will create a ticket, then contact the employee's managers to get approval, and then provide them with an account. That process, in some cases, can take hours.

    With CyberArk, it allows us to streamline and create a workflow which allows them to automatically log into CyberArk, grab the credentials that they want, and it automatically sends their approval to their manager, who can click a couple buttons, approve, and the user is able to get their credentials. That process went from hours to now just minutes.

    Which other solutions did I evaluate?

    We looked at Leiberman, and also at Thycotic Secret Server.

    One main things that stood out about CyberArk would be the actual user interface. CyberArk's interface was better than the other two, and their price points were fairly similar. The usability and functionality were similar, so we looked at it from a user standpoint (the front-end of the tool), and CyberArk came out on top.

    What other advice do I have?

    My advice is to have the necessary resources to fully implement this. Don't just bring it in and let it sit. It needs to have the resources with a fully dedicated team to be able to get this functional. Otherwise, it will be sitting there not being fully utilized. There are a lot of functionalities that require a lot of resources to get it up and running.

    I have been using the new plugin generator utility for about a year. I took a PSM Connection course this past summer. I have been using it ever since.

    Most important criteria when selecting a vendor: 

    1. It will be usability of the product. I want to make sure that when we have the product, we can quickly use it and have a full understanding of it without all the hoops that we need to jump through just to be able to understand what that system looks like or how it works. 
    2. The next thing will be support. How will they be able to support the system? Do they have a good support staff who will be able to help us get through an implementation? 

    Those are the two main things I look for: the usability and supportability of the tools.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Principal entity management engineer at a retailer with 10,001+ employees
    Real User
    The ability to record sessions through PSM makes people more careful about what they do

    What is our primary use case?

    We are using this product for our privileged identities and account management. We have some accounts that we consider privileged, the ones that have access to systems, software, tools, and our database and files and folders, etc. We try to maintain these accounts safely and try to grant access to these systems securely. We try and manage other non-human accounts that are DBAs, DB accounts, etc., through CyberArk.

    Another initiative for this was the PCA compliance that we wanted to meet.

    We don't have many applications in the cloud, we are getting one or two now. So in the future, we plan to utilize CyberArk's secure infrastructure applications running in the cloud. It's on the roadmap. We are utilizing CyberArk's secure application credentials but not endpoints. I have only just learned about the Plugin Generator Utility, so I don't have experience with it yet. It's pretty cool. We intend to use it now.

    How has it helped my organization?

    One way it has improved the organization is we now have restricted access for all users to go through CyberArk. It has also enforced firewall restrictions across other places so they don't go through other means, they go through CyberArk. That brings in compliance and their account is now two-factored, so that is more compliant with PCI regulations.

    The way it manages privileged accounts and managed access to privileged systems such that, right now, we are recording every session through PSM and people are more aware that the session is recorded, and they're more careful with what they do.

    What is most valuable?

    We are using the VSM proxy solution. That's what we are mainly using. We will try to use the PTA and AIM in the future.

    What needs improvement?

    I think it pretty much covers a lot of the privileged identity space, things that other vendors are not thinking about. I think they are doing a very good job. I don't have any suggestions.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    We have not had any stability issues so far. We have not had any serious downtime. We do see performance issues with PSM which gets very busy, and we just keep scaling the number of PSMs. When many people log in at the same time, we have some issues with connecting through PSM. We doubled our PSM software and it's better now.

    What do I think about the scalability of the solution?

    It's pretty scalable. Like I said, we just doubled our servers. If there are more users logging in, we'll probably go for a greater number of servers again.

    How is customer service and technical support?

    Technical support is pretty responsive and knowledgeable. We do get the right person.

    What other advice do I have?

    Others have spoken a lot about security hygiene and I believe that's where you should start.

    l would rate CyberArk at nine out of 10. The way for it to get to a 10 is with a lot of features, the amount of cost involved in buying the product, and the PSM proxy issue that we've been facing.

    In terms of important criteria when working with a vendor one thing is, as we said, getting to the right person. We go to support only if there is a critical situation where we are not able to solve it. Getting to the right person at the right time, and getting the issues resolved in a timely fashion is what we are looking for.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Information security engineer/ business owner
    Real User
    I love the ability to customize passwords for mainframes, for example, which are limited to eight characters
    Pros and Cons
    • "I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors."
    • "The users have the ability to rotate passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically."
    • "The fact that I can put my vault here in a central location on one net for example, and I'll have a CPM in California, a CPM in Texas, a CPM in New York, a CPM in Florida, and actually be able to grow with my company and not necessarily have to continue to grow my vault until I get to a certain number accounts - yet I can still manage everything across the country, if not the world - I love that. I love the flexibility and the capability of being able to pull those components out."
    • "We had an issue with the Copy feature... Apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it."
    • "I don't know if "failed authentication" is a glitch or if that was an update... However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up. So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended." It doesn't say that anymore."
    • "I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs.""

    What is our primary use case?

    The primary use case is, of course, that we do the EPV for password vaulting and security changing, and prior to version 10 we were excited and it functioned perfectly fine. There are a few glitches with version 10 that we are not really happy with, but the functionality itself still exists and it's working like it should.

    We actually have our vaults in the cloud. I don't know if we have any applications in the cloud that we're planning on managing, yet. We're not really a big AIM shop just yet, so I don't know if we're planning on utilizing CyberArk to secure infrastructure applications running in the cloud.

    We're looking forward to utilizing CyberArk to secure application credentials and endpoints, however right now we have three or four AIM licenses.

    How has it helped my organization?

    It increases the security posture across the entire enterprise because it's not only helping to secure those infrastructure accounts but it's also helping to secure our user accounts as well.

    It requires a lot more auditing and monitoring and checks. So if you don't have the right approvals, you can't get the credentials you need to do what you need to do. So if you don't have authorization, of course you can't get them anyway. In total, it's making the environment more secure. The security posture is a lot better.

    What is most valuable?

    I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes which can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors. 

    And then, of course, the users have the ability to rotate those passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically.

    PSM is pretty cool, but my favorite part is I get to secure your passwords that you get to use either with or without PSM.

    What needs improvement?

    We had an issue with the Copy feature. Of course when we do the password rotation we restrict users' ability to show a copy of their passwords for some cases, and in other cases they actually need that ability, but we would prefer them to copy to the clipboard and then paste it where it needs to go - as opposed to showing and it typing it somewhere and you have the whole pass the hash situation going. But apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it. 

    Then there is the failed authentication now. I don't know if that was a glitch or if that was an update, because I know sometimes you don't really want to tell a person when their account has been suspended because if I'm a hacker, maybe I'm just thinking I have the wrong password. When the account is locked you don't actually want them to know the account is suspended. However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up.

    So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended," because normally we would be told that the account is suspended. They would take a screenshot of the error and it would say, 'Hey, user is suspended, station is suspended for user so-and-so." It doesn't say that anymore. So now it just says "Failed authentication." And that could be because they might not be in the right groups in Active Directory, they might not have RSA. It could be so many different things, where before, they would be able to say, "Yeah, I'm suspended." And we could say, "Okay, we can fix that in two minutes." We just log in to PrivateArk and enable your account and you're fine. Now we're saying, "Maybe we should check PrivateArk first, just in case," to make sure you're not suspended. It's going to be a whole rabbit hole that we fall into, simply because we're not given that information upfront.

    In terms of future releases, I would love to be a partner again and get a temporary license that I can put back in my home lab because my license expired. I would like to play with 10.4. I want to see it and feel it out and see if I can break it because my rule of thumb is, if I can break it, I can fix it. That is one of the things I like about CyberArk, especially over CA PAM, because with CA PAM you get no view into the back-end on how it's configured and how it's built and how it works. With CyberArk, they literally give you everything you need and say, "Hey, this is your puppy. Raise it how you want." You get to see the programming and you get to configure and everything. I've broken several environments, but I'm pretty good at fixing them now because I know how I broke them.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    Prior to version 10, I was gung-ho CyberArk. I wish we would have waited until version 10.7 as opposed to 10.3. But for the most part it's stable, it's just that there are glitches in the matrix right now. We'll have to work those out.

    What do I think about the scalability of the solution?

    I have worked with both CyberArk and what was formerly Xceedium and is now CA PAM, and in my opinion, I'm gung-ho CyberArk. CA PAM is not scalable like that at all. I love the fact that the different components can be installed in multitude or in singularity on different servers.

    I understand the concept of it being an appliance, and technically it is an appliance because of how CyberArk hardens everything. But the fact that I can put my vault here in a central location on one net for example, and I'll have a CPM in California, a CPM in Texas, a CPM in New York, a CPM in Florida, and actually be able to grow with my company and not necessarily have to continue to grow my vault until I get to a certain number accounts - yet I can still manage everything across the country, if not the world - I love that. I love the flexibility and the capability of being able to pull those components out.

    How are customer service and technical support?

    I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs."

    I would like to say, "Can I get a WebEx please? Can you just look at this because I can tell you exactly what I did and how I did it, and then I just need you to help me fix it, because we've been doing this for about 30 minutes now, and when it gets to an hour it's going to start costing my customers money. So can we fix this today rather than tomorrow?" I'm not the biggest fan of tech support.

    Which solution did I use previously and why did I switch?

    I have had experience with CA PAM. That's the only other password vaulting technology that I've used so far. I've used SailPoint IdentityIQ, but that's not really password vaulting. Apparently, there is a partnership growing that allows you to provision CyberArk through SailPoint, which I worked on with the CDM project - and it was a headache last year. So I'm excited about the new CM technology that they have that's allowing for that integration, but other than that, I haven't really done much.

    How was the initial setup?

    I have done several installations for the CDM contract of CyberArk and I've done several upgrades as well.

    The installation is as straightforward as it comes. There are some glitches, but it's not with CyberArk, it's with the environment that I'm installing in. In that environment they don't ever follow directions, so we have to get there and say, "We need you to rebuild your vault because you did it from an image and not from the CD, and it's not supposed to have any GPOs, it's not supposed to be on the domain. CyberArk tells you this in their paperwork. We told you this." But, of course, they don't listen. We get there and they spend a day telling us, "Hey, we have to rebuild our server." And we say, "Okay, well thanks for those eight hours. I appreciate it."

    What was our ROI?

    The biggest return on investment would be the security itself. I've seen ethical hackers that attempted to infiltrate a component or a department in the agency and they were stopped at the gate. They tried every which way they could and they just couldn't get the passwords they needed to get to the elevated accounts to get to where they wanted to go. So it was just great to see CyberArk in action.

    What other advice do I have?

    Do your research. That would be my biggest advice. CyberArk is a great tool. However, it is not the only tool that does what it does and, in some cases, for a lot of people, other passport vaulting tools are more toward what they would need in their environment.

    I would give CyberArk an eight out of 10, and the two missing points would probably be mostly because of technical support. I would love to actually get the support that I asked for. I would love to actually get the help that I'm asking you for as opposed to you telling me, "Yes, I can help you. I need you to fill out these papers and jump through that hoop and then cut a cartwheel and rub your belly while you pat your head at the same time." If it wasn't for that, it would be more towards a 10.

    My most important criteria when selecting a vendor are

    • credibility
    • functionality.
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    IT Security at a manufacturing company with 10,001+ employees
    Real User
    It gives us the capability to rotate passwords
    Pros and Cons
    • "It gives us the capability to rotate passwords."
    • "There were a lot of manual steps in the initial setup which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5."
    • "We need a bit more education for our user community because they are not using it to its capabilities."

    What is our primary use case?

    We use it for service accounts and local accounts for the machine. We are basically using it to rotate passwords or reconciling passwords, as needed. We do have a number which get changed on a yearly basis (most do). Some get changed on a more frequent basis. Users go into the safes that they have access to or whatever account they need, and they pull it. That is our use case.

    It is performing well. However, we need a bit more education for our user community because they are not using it to its capabilities.

    We are interested in utilizing the CyberArk secure infrastructure or running applications in the cloud. We are actively implementing Conjur right now just on a test basis to see how it goes.

    How has it helped my organization?

    It gives us the capability to rotate passwords. That is the biggest thing. We do not want them being stagnant so every service account that we have needs to be rotated at least once a year.

    What is most valuable?

    Being able to automatically change usages, whenever the password is reconciled. However, we still have to educate the user community, because not all our users enter the usages.

    What needs improvement?

    PSM: I am going to go back to my company and push for it a little bit more within our groups, because I know that my counterpart has brought it up a number of times in the past. It has been getting blocked, but I have a couple of other paths that we can pursue so we can try to get it, at least, in our infrastructure and tested.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It has been stable. We have not had too many issues with it or any downtime.

    What do I think about the scalability of the solution?

    It should be able to meet our needs going forward. I don't foresee us leveraging thousands more accounts than we already do. I think it will be fine.

    How was the initial setup?

    I have done many upgrades on many different systems and applications. It was more of a difficult upgrade path only because there were a lot of small things which could have been done if it were prepackaged into scripts inside the executable during the installation. For example, it automatically stops services so it can do the upgrade. 

    There were a lot of manual steps which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5.

    What was our ROI?

    The ROI on this is just being able to rotate on a 365 day schedule the passwords.

    What other advice do I have?

    Educate the user community once you get it actively deployed and set up a strict policy on it.

    Most important criteria when selecting a vendor:

    • Good reputation for technical support
    • Product that does what it is supposed to do.
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Director Information Security at a insurance company with 501-1,000 employees
    Real User
    It has helped from an auditing perspective identify who has access to privileged accounts
    Pros and Cons
    • "It has helped from an auditing perspective identify who has access to privileged accounts."
    • "It provides an accountability to the individuals who are using it, knowing that it is audited and tracked."
    • "We utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs."
    • "Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up."

    What is our primary use case?

    Its performance is excellent. We have had multiple use cases: 

    • It is PSM, so as a jump box to our servers.
    • We use it as a primary mechanism for all our consultants and auditors to access our systems. So, they come in through a Citrix app, then it is used by PVWA to access all the servers.

    We are currently using CyberArk to secure applications with credentials and endpoints.

    We plan on utilizing CyberArk to secure infrastructure and applications running in the cloud going forward. We are looking into possibly AWS or Azure.

    How has it helped my organization?

    • It has helped from an auditing perspective identify who has access to privileged accounts.
    • We are able to now track who is accessing systems. 
    • It provides an accountability to the individuals who are using it, knowing that it is audited and tracked.

    It has become one of the primary components that we have. We also utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs.

    What is most valuable?

    The auditing and recording are incredible. Also, we have started using the AIM product to get rid of embedded passwords.

    What needs improvement?

    Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It is very stable. We have never had any downtime; no issues. We worked with support on several upgrades, and are looking forward to the 10.x upgrade.

    What do I think about the scalability of the solution?

    We have no issues with scalability. We are using it in a pretty wide environment. We also use it in our business continuity environment with no issues.

    How are customer service and technical support?

    I evaluate the technical support very highly. Although, the individuals who we worked with were very technical. If they did not know something, they pulled in somebody right away. 

    Also, one of the best attributes is the customer success team. We found great value in working with customer success and their team.

    If there are defects or issues, over the years, CyberArk management has listened to them and resolved those issues. Not many organizations respond to their customer feedback as well as CyberArk has.

    Which solution did I use previously and why did I switch?

    We did not have a previous solution. We have always used CyberArk. 

    From a risk landscape, we knew that privilege accounts were where attackers were going, doing lateral movements. These are keys of the kingdom which protect those, and that is why we focused in this area.

    How was the initial setup?

    The initial setup was very complex. There were a lot of manual process. Over the years, we have seen a significant transition in the installation scripts, the setup, and the custom capabilities. So, CyberArk has come a long way since the beginning.

    The upgrade processes have also improved.

    What was our ROI?

    We now know where our privileged accounts are and how to manage them. So, it is more from an exposure standpoint.

    Which other solutions did I evaluate?

    No.

    What other advice do I have?

    Take your time. It is not a quick hit, where I am going to put it in today and be done. It is a process. The cyber hygiene program is a crucial aspect of how to implement this successfully.

    I do have experience with the new plugin generator utility. We have been using it for a short period of time. It is not fully in production yet, but it seems to be quite good.

    Most important criteria when selecting a vendor: Technical ability, not only in the product, but in the industry as a whole. This helps set CyberArk apart. They are not only experts in their product, but they are experts in the industry, including Red Team capabilities. They are gearing their product towards the defending of what the active exploits are, not something that has been done in the past.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    PeerSpot user
    CyberArk Consultant at a hospitality company with 10,001+ employees
    Real User
    Preemptively helps us detect major threats and vulnerabilities and to address them
    Pros and Cons
    • "The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself."
    • "As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel."

    What is our primary use case?

    CyberArk is managing our privileged accounts: most of the service accounts, admin accounts, and all other privileged accounts on different platforms including Windows and Linux. A lot of databases have already been onboarded. At the moment we are working towards integrating, or implementing, the AIM product to make sure those hard-coded credentials are being managed by CyberArk, instead of being directly coded in.

    The plan is to utilize CyberArk secure infrastructure applications running in the cloud, but we will definitely have to upgrade our knowledge. Conjur is one of the very important things we are currently considering, in addition to, of course, AWS and Azure. We have to get ourselves up to speed. So at the moment, we are setting up the platform, but eventually, that is what the goal is.

    Currently, we are not using CyberArk secure application credentials and endpoints.

    How has it helped my organization?

    It helps us in identifying and detecting the major threats and vulnerabilities and to make sure those vulnerabilities are addressed before something bad happens. It is more of a preemptive solution, to take care of our weaknesses and overcome them.

    We have been continuously monitoring, reporting, and observing where we were a few years ago, or a few months ago, and where we are now. There is continuous improvement in our security posture and that is where the satisfaction is. The solution is really doing what it is supposed to be doing, helping us to improve our security.

    What is most valuable?

    The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself.

    What needs improvement?

    As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    So far it has been absolutely wonderful. Of course, the initial glitches, the initial testing, the adjustments in implementation are there. It takes a lot of effort but, once it was all set and it started doing its processes, I haven't seen any concerns or issues.

    We haven't had any post-implementation downtime at all, because we have our infrastructure set up in a way that we have active-passive standby on the CPMs. We have PVWAs in a load-balanced environment, we have multiple PSMs in a load-balanced environment as well. They compliment each other, so even if there is work or maintenance happening on one of the components, the other component is there to provide support, and ongoing access to all the users, without having any downtime.

    What do I think about the scalability of the solution?

    The scalability is definitely very powerful. We did upgrade it, migrate it, a couple of times in the past. Previously I was involved in migrations and, of course, adding more resources, or more accounts - onboarding. It has been amazing.

    How is customer service and technical support?

    Occasionally when we are doing a new integration, or run into issues we are not able to fix by ourselves, we use technical support. Escalations have been done, and the support has been absolutely outstanding.

    How was the initial setup?

    For the initial setup, where there are out-of-the-box plugins, it is pretty straightforward. But when we start going into a more advanced level, where a new plugin has to be developed, or the connection component has to be developed, there is a bit of a complexity. But again, nothing too complex, nothing which cannot be achieved.

    What was our ROI?

    Technically, just managing all those privileged accounts and securing our environment, we feel it is much more secure than it was before. So the ROI it is definitely working out.

    What other advice do I have?

    Take this solution over any other solution. In fact, I have personally brought a couple of my old colleagues with a technical background into this product line so that most of them are now certified on CyberArk and working in the same environment as well. 

    Without doubt CyberArk is a 10 out of 10. From my experience, the kind of work I have done with this solution, it's absolutely amazing. It has the capabilities to secure the environment, which is the most important part. Anytime we hear any news of breaches elsewhere, that's when we say, "Hey, they should have done something, implemented the solution before they were hit." Once they are hit, they run around and try to fix the problems. But CyberArk, it's an amazing solution.

    When it comes to selecting or working with a vendor, our most important criteria are access to support, what level of support is available, how fast the turnaround can be. The executives or the account team have to be very accessible to us, so if we need to implement a new product or new integration we should at least be able to get hold of the people who can guide us in the right direction.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Senior server administrator at a financial services firm with 1,001-5,000 employees
    Real User
    Significantly decreases the amount of time our teams spend mitigating security issues
    Pros and Cons
    • "Because we now have the ability to grant access to management utilities like DNS Manager, Sequel Studio, and MMC, in a secure fashion, without system admins being required to continually reenter various passwords that are stored who knows where, it has really made the system admin's job much easier. It has made the PSM's job much easier. It has made the auditor's job and the security team's job and the access manager's job significantly easier, because we're able to move much more quickly toward a role-based access management system, and that is really streamlining the whole onboarding/offboarding management process."
    • "I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides."

    What is our primary use case?

    We use CyberArk to assist with implementing security solutions that our auditors require. It also assists us in giving secure, monitored, audited access to non-technical people who, because of their jobs, or because of the application, require direct access to servers.

    We are utilizing CyberArk's secure application credentials and endpoints.

    It is performing very well.

    We're not planning to utilize CyberArk's secure infrastructure or applications running in the cloud because our industry is, for the present, barred from using cloud resources. We don't yet have experience using the Plugin Generator Utility and we are not using any of the other integrations available through CyberArk marketplace.

    How has it helped my organization?

    Because we now have the ability to grant access to management utilities like DNS Manager, Sequel Studio, and MMC, in a secure fashion, without system admins being required to continually reenter various passwords that are stored who knows where, it has really made the system admin's job much easier. It has made the PSM's job much easier. It has made the auditor's job and the security team's job and the access manager's job significantly easier, because we're able to move much more quickly toward a role-based access management system, and that is really streamlining the whole onboarding/offboarding management process.

    CyberArk is the key technology around which we have built our security management solution. We chose it four years ago to assist with password management, and it has grown to where it is managing the entire security posture of the company at this point.

    What is most valuable?

    Number one would be the company, CyberArk, itself. The support, the ongoing assistance that is there, the ongoing ideas that are out there from champions, and from the other community forums that are out there, is just phenomenal.

    What needs improvement?

    My list of enhancement requests on the portal is quite extensive.

    My goal as a system administrator is to enable people to do their jobs more easily, more efficiently. So, I'm looking for ways to enable people to leverage the security posture in CyberArk, and still be able to do their jobs. Better yet, to be able to do their jobs more easily, and that's exactly what I've been finding. There are a lot of ways that CyberArk is able to be used to give people access to things that they normally wouldn't be able to access, in a secure fashion, but there are still some roadblocks in the way there. I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It is very stable. We started off on version 7, moved to 8, to 9, and now we're moving to 10, and each revision has brought about an increase in confidence and stability.

    What do I think about the scalability of the solution?

    It is very scalable for an organization of our size, and I have talked with other CyberArk administrators running worldwide enterprises with CyberArk.

    How is customer service and technical support?

    The tech support for CyberArk is definitely one of the best I've used, and I've been in IT for 35 years.

    How was the initial setup?

    I wasn't involved in the initial setup but I am involved in upgrade processing. Now, it is very straightforward. When we did the first major upgrade, it was very complex and required Professional Services for two weeks. Since we made it to version 9, the upgrades have been as simple as you could possibly hope for.

    What was our ROI?

    The amount of time that the security team spends mitigating risk has gone down. The amount of time that the server team spends managing security issues, mitigating security issues, has gone down tremendously.

    What other advice do I have?

    My advice to a colleague would be: First, don't allow the security team to be the driving force. It has to be the server team that implements it, that is the driving force behind it, and the for that reason is there is always animosity between the people who are there to enforce security and the people who are there to get a job done.

    When you are on the enforcement team, you are dictating to the people who are trying to get a job done, "Here is something that I'm going to put in your way to make it harder for you to get your job done." Regardless of what happens, that's the way it comes across. Going to the server team saying, 'I've got a solution that's going to make our lives easier, and oh, by the way, it's also going to be more secure," you have a much easier time selling it, much lower push-back, because you're one of them.

    Second, you've got to have buy-in before you pull the trigger. You can't just force it on them: "Oh, we just took away all your admin rights." You have to give them a new solution, let them prove to themselves that this solution works, that it does exactly what they need, and that it really is easier. Now, when you revoke the rights that they've had for probably decades, there is much less push-back.

    In terms of selecting or working with a vendor, our most important criterion is the ability to connect with a vendor that not only gives us the solution we need but can also work with us to customize exactly what we need.

    I would rate CyberArk a nine out of 10 for two reasons: 

    1. there is always room for growth
    2. there are still gaps in what the solution provides.

    It's not complete across the board. If it were, it would be a 10. But I do see its potential to eventually reach that.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Security Architect at a healthcare company with 10,001+ employees
    Real User
    We demoted a lot of domain admins taking a lot of that away from people, giving it a shared account structure
    Pros and Cons
    • "It has helped us with our adoption with other teams, and it has also helped us to integrate it at the ground level."
    • "We have demoted a lot of domain admins and taken a lot of that away from people, giving it a shared account structure."
    • "Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together."

    What is our primary use case?

    The primary use case is increasing security and our security posture at our company, helping to prevent any future breaches and secure as many privileged accounts as we can. We have a lot of use cases, so there is not really a primary one, other than just trying to increase our security and protect our most privileged accounts.

    We do not have a large cloud presence as of yet, but like other organizations, we are starting to get into it. We have a fantastic adoption of CyberArk that extends all the way up through executive leadership. A lot of times, projects and proof of concepts that we want to go through are very well-received and well supported, even by our top leadership. Once we get to the point where we are ready to do that, I think we will have executive support, which is always incredibly important for these types of things. 

    We are in healthcare, so we are a little bit behind everybody else in terms of adoption and going into these types of areas. We are a little bit behind others in terms of cloud, but we will definitely get there.

    How has it helped my organization?

    Right out of the gate, three years ago, we secured all of our Windows Servers and all of our local administrator accounts. We followed that with all of their root accounts for our Unix servers. We were able to greatly increase our posture with local accounts. Then, we went through domain admins and reduced the landscape and password age of those accounts. We have demoted a lot of domain admins and taken a lot of that away from people, giving it a shared account structure. This has worked well for us to be able to protect our most sensitive assets. We call them crown jewels. It has been important to be able to do that, and CyberArk has allowed us to do that, which has been great.

    We have tightly integrated CyberArk into a lot of our different processes. Our security organization is massive. We have a lot of different teams and different things moving. Not only have we integrated this into our identity access management team, so onboarding and offboarding, but we also have integrated it in our threat management side where they do security configuration reviews before we have applications go live. We require these accounts that operate those particular solutions to be vaulted immediately. We have implemented them into a lot of our policies, standards, and processes. It has helped us with our adoption with other teams, and it has also helped us to integrate it at the ground level.

    What is most valuable?

    It has an automatic password rotation. We have so many accounts, and being such a large organization, it helps take a lot of maintenance off of our plates, as well as automating a lot of those features to help increase our security. Having this automation in place, it has really been beneficial for us.

    We do use their AIM solution for application credentials.

    What needs improvement?

    One of the things that I have been wanting is that we use the Privileged Threat Analytics (PTA) solution, and it is a complete standalone solution, but they will be integrating it into the vault and into the PVWA. So, we will have that singular place to see everything, which for us is great because it's one less thing to log into and one less thing that you feel like you have to jump over to get a piece of information. Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    It is phenomenal. We have three data centers across the United States. This was last year or the year before, we had one of our data centers altogether go out, and a very large amount of our critical applications went down. CyberArk stayed up the entire time. We had redundancy in another data center and we had disaster recovery plans already set up and ready to go. In that time, when everything was so hectic and everybody was scrambling, trying to get the data center back up and available, they were able to access the privileged credentials that they needed because our solution remained up and available.

    This was a huge for us. To have the users of the system feel that it is stable, trustworthy, and dependable. We have had great success with the disaster recovery functionality that we have with CyberArk vault. We test it frequently, and it is stable for us. We have been very pleased with the stability of the solution.

    What do I think about the scalability of the solution?

    So far, it has been fantastic. We are a very large organization. We have approximately 110,000 employees and almost 20,000 accounts vaulted, where there is a lot of room for us to continue to grow. Even at the scale that we are at now, it has never had any kind of issues. We have never had any issues with deploying additional things. We do have some room to grow in some of our components servers if we need those, but everything that we have stood up so far has been operating flawlessly. We have not had any issues with our scale. It has been great.

    How are customer service and technical support?

    We have contacted them less frequently as we have become more familiar with the solution. A lot of times now engaging technical support is more for sanity checks, and saying, “Are we doing this right or are we missing anything?” We have utilized them and have had pretty good success with having them help us with particular issues.

    When we have called them, it has been something which has been a challenge for us. We generally get to the right person. Sometimes it takes us a bit of time and some further explanation to say, “This isn't exactly what we're asking." Then, we need to pull in somebody more technical or a next level of escalation. 

    The customer success team has been monumental in helping us get the right people involved. If we log a support ticket, for example, and we are at a point in our maturity and our understanding of the solution that Tier 1 support is usually not what we need. We have done a lot of our own checks and troubleshooting, and we are able to say, "Here is all the stuff that we've done. We need the next level of support."

    The customer success team has been monumental in pulling in the right people and helping us get to the right people on that side rather than working with the support person and saying, “We pulled this person in.” Sometimes, it is pulling in the solution manager or the team lead for that solution and getting to the top of that team almost immediately. We have had great feedback. The customer success team has been at the center of helping us get to that point.

    Which solution did I use previously and why did I switch?

    We did not use another solution before CyberArk.

    The big thing that was a catalyst for us to look at CyberArk was the Anthem breach that happened back in 2014 or 2015. Being a healthcare organization, our executive leadership realized that we are a big company. We are not immune to these sorts of attacks either. We have got to get something in place. Being best of breed, we turned to CyberArk for that. Again, it has been a fantastic partnership, and has both ways; we've been able to help them. They have been able to help us quite a bit as well. 

    How was the initial setup?

    The initial setup was straightforward. We did have an implementation engineer from CyberArk who walked through it with us. He guided us through the process. Even though the documentation is straightforward, there is a lot there to do with a lot of different components which make it up. In and of itself, there are a lot of moving parts, but having that implementation engineer onsite, helping us walk through it helped us be very successful quickly. We also had the same experience when we went through upgrades where we contracted with professional services to help us. They have always had someone out there who guided us through it, either onsite or remotely. We have had both instances and both have been very successful.

    What about the implementation team?

    I was the primary engineer and lead engineer who stood up the entire solution. I was both solution architect at that time, as well as the solution engineer. I have since moved into the architect role and have backfilled my position. However, I was there at the very beginning and did all of the initial setup.

    What was our ROI?

    The first year that we were standing up CyberArk, our organization did an annual pen testing. In one of our organizations, where we didn't have CyberArk deployed yet, they were able to escalate privileges and get all the way to a domain controller, and go all the way that an attacker would be able to. The next year that they did their annual pen testing, after we had deployed in that same region, they basically got stopped almost immediately, and they were never able to escalate their privileges. We stopped the pen test in their tracks because of the solution being in place.

    While that may not have a dollar amount because it was just a test, it gives us a lot of peace of mind. Of course, we can't always say that it is impossible for somebody to get in. Someone is going to eventually get in, that is bound to happen. Knowing that we have the solution in place and reducing that threat landscape as much as we have, has been phenomenal for us, at least from an intrinsic value standpoint.

    Which other solutions did I evaluate?

    We did not evaluate other solutions. We automatically went with CyberArk.

    What other advice do I have?

    CyberArk is a fantastic solution. They understand what the industry is trending towards. They are able to meet that very quickly. Being in healthcare, we are a little bit behind the times and we follow people a little further behind (for example, the financial sector has been doing all this stuff for so long). However, healthcare, as an industry, is always a few steps behind because we are clinical and have to support a lot of different clinicians, physicians, and regulations, which sometimes makes us move more slowly. Just having this has been huge for us.

    One of the things which has differentiated us from other customers from CyberArk is we have been tremendously successful in rolling out different implementations. There are a lot of clients whom I have talked to personally who have bought the solution, but have never implemented it, or they have been met with a lot of struggles or a lot of uphill battles with their staff and adoption. My best advice would be to start out and find the quick wins, the low-hanging fruit; these things you can provide to your organization to have them understand and see the same value that you are seeing as you are implementing.

    I am familiar with the the new plugin generator utility. I have not used it because I think it is a newer version than what we have, but I am excited about it. I am looking forward to utilizing it. It is similar to what they have for their PSM solution. They have some new web services framework, so they do not have to use the AutoIt tool because it takes a long time to create plugins today. Like the plugin creation utility, it will allow us to take a whole lot of time off of our turnaround to be able to provide some of these connection components.

    Most important criteria when selecting a vendor: Because we have so many applications and solutions across our organization, interoperability is a big thing. I am in charge of CyberArk, as well as Duo, who we use for our two-factor, and having that integration point or the ability to integrate with these solutions is huge for us. As we try to standardize across all of our different organizations, which is very difficult in our industry, what we offer for a particular solution rather than having 30 different iterations of different applications, has been huge for us. Standardization and integration is a huge point for choosing a vendor.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Master software engineer at a financial services firm with 10,001+ employees
    Real User
    Improves security by having credentials locked down and rotated regularly
    Pros and Cons
    • "Provides improved security around having your credentials locked down and rotated regularly."
    • "I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine."
    • "When something comes out, it's generally airtight and works as advertised. However, sometimes they are a little bit slow to keep up with what's coming out. In 2017, for example, they released support for Windows Server 2016, which had been out for a year or so."
    • "The scalability, sometimes, is lacking. It works really well for more static environments... But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up."

    What is our primary use case?

    Primary use case is storing and rotating local domain admin credentials for Windows and Unix network devices.

    We're using CyberArk secure application credentials and endpoints on a small scale and we're planning, for the future, to use CyberArk to secure infrastructure applications running in the cloud. We don't have experience using the Plugin Generator Utility.

    It is performing pretty well for the most part. We have some issues with RADIUS authentication, some bugs with that. But, generally speaking, it works really well.

    How has it helped my organization?

    The benefit is knowing where your accesses are, who has access to what. Additionally, obviously, it provides improved security around having your credentials locked down and rotated regularly.

    What is most valuable?

    Credential rotation. It's tops.

    What needs improvement?

    I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine. Then you could go back in through your native clients and connect to that machine. Also, to have that built out to include not just Unix targets but anything you'd want to connect to.

    What do I think about the stability of the solution?

    The stability, overall, is really good, outside of some of the RADIUS problems that we're having. Generally, it is very good.

    What do I think about the scalability of the solution?

    The scalability, sometimes, is lacking. It works really well for more static environments. I've been at places that had a really static environment and it works really well. You've got X number of CPMs and X number of PVWAs in your vault and everything gets up and going and it's smooth sailing. But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up.

    How is customer service and technical support?

    Technical support actually works really well. From time to time there can be some issues as far as SLAs go. Sometimes results will be on the back end of an SLA, which is still fair. It seems like you're complaining that it's "one to three days" and it's three as opposed to one, which is an unfair criticism. 

    Generally, everybody is pretty knowledgeable. They're pretty upfront when it needs to be passed off to somebody else. That usually happens in a pretty timely manner.

    How was the initial setup?

    I have been involved in the initial setup elsewhere. It's actually really straightforward, depending on what you're trying to do. If you have a simpler environment, to set up a PVWA and to set up a vault, is straightforward. It's all pretty much there in the guide. Sometimes the documentation gets a little bit out of sync, where things aren't exactly as they should be but it's always really close. Generally, the documentation is good and straightforward.

    What was our ROI?

    I'm not the right person to answer questions about ROI for our organization.

    What other advice do I have?

    Engage with Professional Services, not just for help with, "Here are the buttons to click," because they've been really helpful as far as how we would want to implement things.

    Our most important criteria when selecting or working with a vendor, outside of the product being good, are reliability and timeliness of response. Those are the two big things. I think CyberArk does a pretty good job on these.

    I rate CyberArk at eight out of 10. I think the solution, as released, is usually very good. When something comes out, it's generally airtight and works as advertised. However, sometimes they are a little bit slow to keep up with what's coming out. In 2017, for example, they released support for Windows Server 2016, which had been out for a year or so. There is probably some tradeoff that is required to keep things so airtight, by holding back a little bit. But that would be my one criticism: It's slow to keep up, sometimes, with updates.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Song Ye - PeerSpot reviewer
    Senior System Engineer at a transportation company with 10,001+ employees
    Real User
    We were able to secure all the server root passwords and admin for Windows
    Pros and Cons
    • "CyberArk has allowed us to get the credentials and passwords out of hard-coded property files."
    • "On the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us."
    • "I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy."

    What is our primary use case?

    Our primary case is for AIM. We are a huge AIM customer, and we also do the shared account management.

    We are looking into utilizing CyberArk's secure infrastructure and running application in the cloud for future usage.

    How has it helped my organization?

    CyberArk has allowed us to get the credentials and passwords out of hard-coded property files. This is why we went with AIM in the beginning. Then, on the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us.

    It helps us with our SOX's controls and meeting new client directives.

    What is most valuable?

    • AIM
    • CPM

    What needs improvement?

    I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy. Even with exporting and importing, this will help.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    So far, so good. We have not had any downtime. We do not want to jinx it.

    What do I think about the scalability of the solution?

    We think it is good. That is why we moved to it.

    How is customer service and technical support?

    We open the cases. We have made phone calls. We have engaged the professional services and the consulting services to help us move on.

    They are mostly up to par. Sometimes, they are a hindrance, when you know you have been through the issue again, and they want to gather the same log files, start from the basics, and we already know we are past that. 

    Sometimes, we just need a Level 2 person instead of starting with a Level 1 person, or we need a higher level of support on an issue right away.

    We are a long-time customers, so we know what we are doing. The turnover might be an issue, because the support people are not local, or something. Therefore, it takes overnight to receive an answer back. We are hoping we can get local support. Though, recently it is getting better.

    We did have one serious case, where our support person and everybody needed a vacation, then took a vacation day, but our leadership needed us to stay on top of the case. It was a day or two where we didn't get any feedback. It would have been nice to know that they were going to be off. They had to hurry and quickly to get somebody assigned to the case. That was probably our only experience there.

    What about the implementation team?

    Our solution architects, and some of the people on that side, did the PoC and the initially implementation. Then, they handed it off to us.

    What was our ROI?

    There is a lot of return of our investment related to SOX compliance.

    What other advice do I have?

    I would recommend the product. 

    We have done a lot of customer referrals for CyberArk. It is good. It fits our needs, and there is not anything else out in the market that can match it.

    Most important criteria when selecting a vendor: 

    • Good support.
    • Meeting the each of the requirements.
    • Usability of the product.
    • Ease of implementation.
    • Not a lot of customization; you can get it right out-of-the-box and run with it.
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Je’rid Mccormick - PeerSpot reviewer
    Associate Engineer I at COUNTRY Financial
    Real User
    It enables us to secure accounts and make sure they are compliant
    Pros and Cons
    • "It enables us to secure accounts and make sure they are compliant."
    • "They just released Marketplace, and they are constantly releasing updates to the components and adding new components, like Conjur. This is something that we ran into with Secret Server and DevOps, so it is already scalable, but becoming more so in the future."
    • "More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet."

    What is our primary use case?

    My primary use case for the product is essentially to secure our privileged accounts, and it's performing amazingly.

    What it allows us to do is to rotate the credentials for privileged accounts. It ensures we understand where the accounts are being used and that they are staying compliant with our EISB Policy, which is a policy to change passwords. Thus, attackers find it harder to get in and steal an old password which is just sitting out on a system.

    We utilize CyberArk secure infrastructure. We are moving towards applications in the cloud, but we do not currently have that. We are also utilizing CyberArk secure application credentials and endpoints.

    How has it helped my organization?

    The benefits are the way it allows us to secure accounts, but also be agile with providing privileged usage to our users. It is performing quite well, because it allows us to basically do what the user wants us to do, but in a secure manner. So, everyone is happy. Most of all, we don't have any breaches.

    It enables us to secure accounts and make sure they are compliant. Then, when the accounts are not compliant, it gives us the data so we can reach out to account owners, and say, "Your accounts aren't within our ESP policy. We need you to become compliant." This allows us to not only secure them, but keep track of what accounts are moving out of that secure boundary.

    What is most valuable?

    The most valuable would be the REST API on top of PTA, which we do not have installed yet, but we are looking to install it moving forward in the future. What it enables us to do is if someone takes a privileged account and logs into a machine that we do not know about, it will alert us and log that they have logged in. It allows us to take that identify back and rotate the credentials, so we now own it instead of the intruder going out and using a rogue account.

    What needs improvement?

    More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet. I would like to see that to be more of a one-on-one transition, and be fully built.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It is very stable. We are going to upgrade by the end of this year, if not early next year, to the most recent version 10.12.

    What do I think about the scalability of the solution?

    The scalability is incredible. They just released Marketplace, and they are constantly releasing updates to the components and adding new components, like Conjur. This is something that we ran into with Secret Server and DevOps, so it is already scalable, but becoming more so in the future.

    How is customer service and technical support?

    The technical support is wonderful. We get the right person. They answer very quickly, giving us solutions which actually work. If we can't get a solution from them right away, we can tap into the community with the tools that they have given us, and work with people from other companies who have already solved the same issue.

    How was the initial setup?

    I was involved in the upgrading processes, but not the initial setup. Upgrading is lengthy, because we have quite a few components, but it is definitely straightforward.

    What was our ROI?

    It has started new projects at our organization. So, we can see where our current landscape is for our privileged accounts, then we try to make them more secure.

    What other advice do I have?

    Try a demo, if you can. Make it a hands-on with some of the components and see what they offer you.

    I have used other privileged account management tools in the past. This, by far, outranks them as far as features and usability. The integrations on top of that as well. 

    Each new product that our company buys, we turn to CyberArk, and they are say, "Yes, we integrate with that."

    I have used the new generator utility plugin once, so not extensive experience, but I have used it. It does work.

    Most important criteria when selecting a vendor: They integrate with CyberArk.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Security Analyst at a financial services firm with 5,001-10,000 employees
    Real User
    Give us the ability to rotate privileged user passwords to eliminate fraudulent use
    Pros and Cons
    • "We are able to rotate privileged user passwords to eliminate fraudulent use."
    • "If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network."
    • "The web access piece needs improvement. We have version 9.5 or 9.9.5, and now we have to upgrade to version 10."

    What is our primary use case?

    We use it to harden our passwords for privileged users. We also utilize CyberArk to secure application server credentials.

    We plan to utilize CyberArk's secure infrastructure and applications running in the cloud. We have AWS now. That is our next avenue: To get in there and have that taken care of.

    How has it helped my organization?

    If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network.

    It keeps us from having to fight with passwords or groups which are not getting onboard with the program.

    What is most valuable?

    We are able to rotate privileged user passwords to eliminate fraudulent use.

    What needs improvement?

    The web access piece needs improvement. We have version 9.5 or 9.9.5, and now we have to upgrade to version 10. 

    For how long have I used the solution?

    Less than one year.

    What do I think about the stability of the solution?

    Stability is rock solid.

    What do I think about the scalability of the solution?

    Scalability should not be an issue with us. Our implementation team sized it real well when we received it. We are a younger installation, so we have a long way to go. We have not seen the top end yet.

    How is customer service and technical support?

    The technical support is great. They are very responsive.

    How was the initial setup?

    I was not involved in the initial setup.

    What other advice do I have?

    CyberArk is the best out there. Their product makes our privileged access management so much easier.

    For privilege access management, there is really no choice but to implement this or a similar solution. It is the last bastion that companies have. Firewalls used to be the perimeter and the place to be. Nowadays, intruders can walk through the perimeter (the firewall). So, we have to get on the inside and get it tied down. They are not very many people playing in this market. CyberArk is on the top, so there should not be any reason not to go with it.

    Most important criteria when selecting a vendor:

    • Best of breed
    • Top quality support organization.
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Eli Galindo - PeerSpot reviewer
    Data Security Analyst II at a financial services firm with 5,001-10,000 employees
    Real User
    It hardens access and makes the organization more secure, therefore reducing chances of a breach
    Pros and Cons
    • "The central password manager is the most valuable feature because the password is constantly changing. If an outsider threat came in and gained access to one of those passwords, they would not have access for long."
    • "The product is for hardening access and making the organization more secure, therefore reducing chances of a breach."
    • "One of the main things that could be improved would be filtering accounts on the main page and increasing the functionality of the filters. There are some filters on the side which are very specific, but I feel there could be more."

    What is our primary use case?

    Our primary use case is to secure privileged access. 

    Right now, it is performing fairly well. We have had instances where we have had to work with the customer support to integrate a custom plugin and struggled a bit there. It took a bit longer than we expected, but it ended up working out. Most of our focus now is getting our systems into CyberArk, which has nothing to do with the CyberArk software. It is just being able to communicate with our internal team to get them in there. So far, we haven't had a problem with CyberArk.

    How has it helped my organization?

    The product is for hardening access and making the organization more secure, therefore reducing chances of a breach. That is the most beneficial to any company, avoiding any type of data loss which will reflect negatively on your company. Once that happens, you are frowned upon, and nobody wants that.

    It plays a huge role in enhancing our organization's privileged access and security hygiene. We are using it for most of our open systems, like Windows and Unix. Our plan is to integrate it with our entire internal network. 

    What is most valuable?

    The central password manager is the most valuable feature because the password is constantly changing. If an outsider threat came in and gained access to one of those passwords, they would not have access for long. That is critical and very important for the stability of our company.

    What needs improvement?

    One of the main things that could be improved would be filtering accounts on the main page and increasing the functionality of the filters. There are some filters on the side which are very specific, but I feel there could be more. For example, I want to look at accounts which are not working within a specific safe all at the same time.

    What do I think about the stability of the solution?

    So far, so good with stability. We have done a couple disaster recovery exercises with CyberArk, and they have gone according to plan.

    What do I think about the scalability of the solution?

    We have not gotten to scalability yet, because we are still working on integrating our systems. We have a very minute portion of it. 

    So, scalability will come afterwards, once we have everything there and we understand how much capacity we have used. As of now, scalability has not been an issue.

    The product should meet our needs in the future.

    How is customer service and technical support?

    The technical support is good at communicating. I learned a lot yesterday about how to figure out a support case quicker by helping them help you, and by giving them as much information as you can. In the past, I have not done that as well as I could have.

    How was the initial setup?

    I was not involved in the initial setup.

    What was our ROI?

    Not applicable.

    Which other solutions did I evaluate?

    I do not have much experience with other solutions, so I don't think I can adequately compare and contrast it with others.

    What other advice do I have?

    CyberArk is on top of its game. The product has worked well for our company.

    If you are looking at implementing this solution, buy the training and go to it. If you do not train, it is hard to understand it. It is hard to pick it up by cross-training with other people. You really want to start off strong.

    Most important criteria when evaluating a technical solution:

    Be brutally honest about all the factors that go into the solution that you are looking for (buyer) and what the solution can offer (seller).

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Security Analyst at a insurance company with 1,001-5,000 employees
    Real User
    We are able to centrally manage credentials, touch applications, and rotate passwords
    Pros and Cons
    • "It has the ability to scale out. We have scaled out quite a bit with our product and use of it to get to multiple locations and businesses, so it has the breadth to do that."
    • "We are able to centrally manage credentials, touch applications, and rotate passwords."
    • "We would like to expand the usage of the auto discovery accounts feed, then on our end, tie in the REST API for automation."
    • "As they grow, the technical support is having growing pains. One of the things is just being able to get somebody on the phone sometimes."

    What is our primary use case?

    We use it for all of our privileged accounts, local admin, domain admin, and application accounts. We use several of the product suites. We are using the EPV suite along with AIM, and we are looking into using Conjur right now. Overall, it has been a great product and helped out a lot with being able to manage privileged accounts.

    We don't have a lot of stuff in the cloud right now, but as we move forward, this is why we are looking at Conjur. We would definitely use it for that and DevOps.

    We have owned the product since version 6.5.

    How has it helped my organization?

    We are utilizing CyberArk to secure application credentials and endpoints using AIM. We have a big project this year to try to secure a lot of application accounts using AIM.

    It is helping to centralize control over credentials. It gets a lot of privileged accounts off endpoints and rotates them, so they are not out in the open.

    What is most valuable?

    • Scalability
    • Stability
    • Usability

    We are able to centrally manage credentials, touch applications, and rotate passwords.

    I have some experience with the generator utility plugin. Although, we did plugins prior to the generator, manually installing them working with support. I do like the interface with the generator utility plugin, as it is very handy.

    What needs improvement?

    We would like to expand the usage of the auto discovery accounts feed, then on our end, tie in the REST API for automation.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It is very stable. We have not had any issues. There is a lot of redundancy that you can build into the product, so it's a very solid product.

    What do I think about the scalability of the solution?

    It has the ability to scale out. We have scaled out quite a bit with our product and use of it to get to multiple locations and businesses, so it has the breadth to do that.

    How are customer service and technical support?

    The technical support does a good job. Sometimes, it takes you a little bit to get to the right person. As they grow, they are having growing pains. One of the things is just being able to get somebody on the phone sometimes. Besides that, usually if you put in a ticket, you get a response back quickly. However, overall, they have a good, solid group. 

    Which solution did I use previously and why did I switch?

    We were not using a different solution before CyberArk.

    What other advice do I have?

    One of the biggest factors when dealing with this field/area in privileged accounts is you have to have executive support from the top down. Push for this, because trying to get different business units or groups to implement this product is very hard if you don't have upper level management support.

    Most important criteria when selecting a vendor: 

    • Stability of the product.
    • The customer service interface: Someone who can work with you on the product and understand what your needs are.
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    IT Security Analyst at a mining and metals company with 10,001+ employees
    Real User
    We are utilizing it to secure applications, credentials, and endpoints
    Pros and Cons
    • "We are utilizing CyberArk to secure applications, credentials, and endpoints."
    • "On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need."
    • "It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile."
    • "Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug."

    What is our primary use case?

    • Credential faulting
    • Credential management
    • Privilege session management
    • Secure file storage

    We are utilizing CyberArk to secure applications, credentials, and endpoints.

    The product is performing very well. It is a difficult product to implement into a large organization though. There is a lot of customization and a lot of hands on stuff, which is not just install and be done. This isn't bad, but it does require a lot of time. 

    The value is probably the best of all of the other products which are offering the same services.

    How has it helped my organization?

    Having the keys securely locked helps drive policy. We can say what policy is, then we can point to the solution which provides it. Having that availability is strong in a large enterprise, especially in a global enterprise where there is a lot of different cultures and people do not want to hand off their privilege, rights, or workflows. Having that all set up and making it easier for them takes a lot of the stress off of our job.

    We are implementing PSM right now. It is providing a secured workflow substitute where people would go in and check out their passwords. They want to use it instead of having passwords, similar to Guard Check. 

    You go in because you need a key. You get the key, and you are accountable for that key while you have it. You open the door, do your work, close it, and return the key. People get that analogy, and it is awesome.

    We are in the basics, like Windows, Unix, and databases. We do plan on getting everything eventually managed. It is just a lot of customization and time to get it fully matured.

    What is most valuable?

    The support is good and quick. This is what we are paying for. We can try to implement something on our own end. However, when we need immediate support, because something is down, we usually get it within acceptable time frames.

    What needs improvement?

    It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile. There are competitors that have mobile apps which do the same thing. Mobile browsing is just not there with CyberArk. 

    This might be out of scope for CyberArk, but LastPass is an example of personal credential management. It would be cool if we could give personalized solutions to people, even if it is stored in the cloud. We have an enterprise solution, but we don't have a personalized one. It would be nice to have it all under one umbrella.

    What do I think about the stability of the solution?

    Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug. Our management is very upset about it.

    CyberArk has been helping out, and it has been okay. However, the stability is definitely a concern, because with PSM, it becomes more critical to have it up. All of a sudden you have to have PSM up to be able to do your work.

    The stability issues started when we upgraded from 9.7 to 9.95. Then, we were told during one of our cases that there was a bug in our new version and the only solution was to upgrade.

    What do I think about the scalability of the solution?

    The scalability is big. We are a large company, and there are only a few companies that can scale so well.

    How are customer service and technical support?

    We use their technical support all the time. It is a little slow to start a case. Then, once you get through that door (Level 1), it does escalate appropriately.

    On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need.

    Which solution did I use previously and why did I switch?

    Since I started, it has always been CyberArk.

    What was our ROI?

    I can't say we have an ROI. Our CIO is not about measuring profit from our security stuff. Our risk is definitely significantly lower. Also, our resources are low.

    What other advice do I have?

    Start small and don't try to overwhelm your scope. Do small steps and get them completed. Take notes, document, then scale out. Go from high risk out instead of trying to get everything in, then fixing it.

    One of my homework assignments at CyberArk Impact is to find out more about how to utilize CyberArk to secure infrastructure or applications running in the cloud.

    We have a lot of the out-of-the-box plugins with one custom plugin, but we are still new to using them.

    Most important criteria when selecting a vendor

    Age of the company, because we do not want to be first to market. We want to hear about it from other people. How is the sales rep is communicating. Whether it is more of a sales pitch or if it is a genuine concern for our security.

    Then, make sure our vision is lined up with the product. We want to get our bang for the buck

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Identity and Access Management Engineer at a energy/utilities company with 10,001+ employees
    Real User
    Ability to manage application credentials whether they come as a custom plugin or straight out-of-the-box
    Pros and Cons
    • "The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used)."
    • "We have been able to manage application credentials in CyberArk, whether they come as a custom plugin or straight out-of-the-box."
    • "Some of the additional features that we are looking at are in the Conjur product. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines."

    What is our primary use case?

    The primary use case is for password credential management of privileged accounts. The product has performed very well, and we will continue to invest in this space because the CyberArk tools are working well for us.

    We are using it to manage infrastructure and applications in the cloud, rotating credentials which are used for operating system logins and cloud console credentials.

    How has it helped my organization?

    We have a lot of privileged accounts with a lot of administrators. The only way to have a good handle on the inventory of accounts, and have some type of controls around who has access to the accounts, is to have a tool like CyberArk.

    The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used). This helps our security posture. We also look at other privileged accounts, which are used by overlooked applications, and this provides a benefit to the company. 

    What is most valuable?

    The most valuable features would be:

    • Ease of installation
    • Support for every use case that we have come across.
    • Application credentials: We have been able to manage them in CyberArk, whether they come as a custom plugin or straight out-of-the-box.

    What needs improvement?

    Some of the additional features that we are looking at are in the Conjur product. So, CyberArk has some of the features we want covered either by utilizing Conjur's features or by integrating Conjur directing into the CyberArk tool. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    Stability is great, especially as the product matures. I have been using CyberArk since version 4. We currently are using version 9 in our production environment, and are looking to deploy version 10. Version 9 is very stable compared to the previous versions. 

    What do I think about the scalability of the solution?

    Scalability is great. We have no problems. 

    We have a very large, diverse, global environment, and we have not run into any scalability issues. 

    How is customer service and technical support?

    Technical support is very good. We have had a technical account manager (TAM) in the past, and have worked directly with her as our primary source. However, we also contact other people in the support environment, and they know the product well and are always willing to help out.

    How was the initial setup?

    I did an initial installation at another company. It was pretty straightforward. 

    What about the implementation team?

    CyberArk offered to help with designing the architecture. Once we got all those pieces sorted out, the implementation was easy.

    What was our ROI?

    I don't know if anyone has done a true number analysis, but we do see the following:

    • The amount of time that people used to spend maintaining credentials;
    • The amount of time that used to be utilized for audit purposes and who had which accounts at any point in time.

    There is ROI on the actions above because the amount of time that it took to do these tasks has been significantly cut.

    What other advice do I have?

    If you are starting from scratch with the product, you should take a good inventory of your accounts to know what is in the scope. Start off with the password management aspect of it, but also look into things that provide session management, SSH key, and rotation. These are some of the basic things a new company using privileged access should look for.

    CyberArk is always willing to take feedback from the customer and are looking for ways to improve. There are all types of programs within CyberArk to take that feedback and incorporate it into their product.

    I have experience using quite a few of the plugins, but I am not familiar with the new generator utility plugin.

    The most important criteria when selecting a vendor: They need to understand our environment. We have a very complex environment at a very large scale. They need to show that they have a product which can meet the needs of a large organization like ours, and find solutions from old legacy environments to everything through the cloud.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Security Analyst at a retailer with 10,001+ employees
    Real User
    We can manage many accounts and broker connections between devices without needing to know passwords
    Pros and Cons
    • "We know when passwords will be expiring so we can force users to change their passwords, as well as requiring specific password requirements for length, complexity, etc."
    • "Technical support has been very responsive in navigating challenges. It is very easy to open a ticket."
    • "I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool."

    What is our primary use case?

    The primary use case is for privileged account management. It is performing well.

    We are currently using CyberArk for applications running in the cloud. We are also using them for DevOps. We have some new things that we are implementing, and are working non-stop to leverage these features.

    In addition, we are using CyberArk to secure applications and endpoints. 

    How has it helped my organization?

    We know when passwords will be expiring so we can force users to change their passwords, as well as requiring specific password requirements for length, complexity, etc.

    Our security goal would be to keep people from putting the passwords in text files, do online shares, etc. This gives us more granular control.

    What is most valuable?

    The most valuable feature is the ability to manage many accounts and broker connections between devices without needing to know passwords.

    It is a customizable product.

    What needs improvement?

    I like that they have continued with the RESTful API and the ability to leverage automation. I would like to see that continue. 

    I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    The stability has been very good.

    What do I think about the scalability of the solution?

    The scalability has been good, and will meet our needs in five year's time.

    How are customer service and technical support?

    Technical support has been very responsive in navigating challenges. It is very easy to open a ticket.

    Which solution did I use previously and why did I switch?

    We were previously using HPM.

    How was the initial setup?

    It was complex. Because at that point. I had only recently joined the security team. I was told, "Here's a share with the files. Go install this."

    What was our ROI?

    I don't know that we are able to measure that at this point, other than no data breaches.

    What other advice do I have?

    Make sure you have a development or QA environment.

    I did training today on the new plugin generator utility.

    I would rate it about a nine for ease of use and deployment. They are continuously improving the product. It works great, and there is a lot of documentation available.

    Most important criteria when selecting a vendor: Longevity and length of time in the business. Not that there is anything wrong with startups, but these folks have been out there with a proven track record. We talk to other people, look at the reports, etc.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    karthikrajaraj - PeerSpot reviewer
    Technical Director at Unique Performance Techsoft Pvt Ltd
    Real User
    Anomaly detection and prevention for all privilege accounts
    Pros and Cons
    • "Automatic password management, which will automatically change passwords based on compliance requirements."
    • "DVR like video recording and text-based recording for easier audits."
    • "This product needs professional consulting services to onboard accounts effectively based user profiles."

    What is our primary use case?

    We provide privilege account security and consulting to our customers. Organisations that we work with use CyberArk Privileged Account Security to secure their privilege accounts, which are shared between users in the organisation. It provides automatic password management and provides the single sign-on experience to users for all privilege accounts (Windows - administrator, Linux - root, MS SQL - SA, Oracle - SYS, SSH keys, etc.).

    It also provides DVR like recording for all privilege access and text-based recording to easily audit all privilege activities.

    The new Privilege Threat Analytics platform provides proactive protection by suspending the user session when it detects an anomaly based on past user login and session activity details. In addition, we can configure the solution to detect scoring on all privilege sessions for easier audits.

    The Application Identity Manager module helps to eliminate hard-coded passwords in the application and enables us to easily change database passwords.

    How has it helped my organization?

    1. Automatic password management, which will automatically change passwords based on compliance requirements.
    2. DVR like video recording and text-based recording for easier audits.
    3. Easily scan the network for all privilege accounts and has an easier onboarding process.
    4. SSH key management
    5. Command level restriction for all SSH-based devices.
    6. Anomaly detection and prevention for all privilege accounts.
    7. Integration with ticketing tools and SIEM solutions.

    What is most valuable?

    1. Ability to provide native experience for users to login to privilege accounts. They do not need to go through a portal to access servers and accounts.
    2. Agentless solution which is easy to customise to any platform having network connectivity.
    3. Wide range of devices supported out-of-the-box.
    4. Easy to configure HA and DR options.
    5. Online training enables cost effective valuable training.

    What needs improvement?

    This product needs professional consulting services to onboard accounts effectively based user profiles.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    No issues.

    What do I think about the scalability of the solution?

    No issues.

    How are customer service and technical support?

    Excellent customer support.

    Which solution did I use previously and why did I switch?

    We did not previously use another solution.

    How was the initial setup?

    The setup is very straightforward.

    What's my experience with pricing, setup cost, and licensing?

    The cost is high compared to other products, but CyberArk provides all the features bundled. This is compared to other vendors who provide them as a different license for each functionality.

    Which other solutions did I evaluate?

    At present, we are only focusing on CyberArk for privilege account security. Comparing it to other providers, Cyberark provides a more user-friendly environment with many more features and benefits.

    What other advice do I have?

    I have used and deployed it in various environments so far. It really covers all the use cases provided by the customer.

    Disclosure: My company has a business relationship with this vendor other than being a customer: We are certified Gold partners for CyberArk and implemented this solution for a customer from various industry verticals.
    PeerSpot user
    PeerSpot user
    CyberArk Consultant at a hospitality company with 10,001+ employees
    Real User
    Helped us to identify, store, protect, and monitor usage of privileged accounts
    Pros and Cons
    • "CyberArk has helped us to identify, store, protect, and monitor the usage of privileged accounts."
    • "The Vault offers great capabilities for structuring and accessing data."
    • "Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices."
    • "Online help needs to be looked into with live agent support."
    • "The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots."
    • "New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections."

    What is our primary use case?

    Managing and securing the access to the environment.

    I have worked with CyberArk solutions/applications for more than three years.

    I have completed several implementations, proofs of concept, operational, and development activities. I have also worked with or checked most CyberArk releases since version 8.7.

    How has it helped my organization?

    Much stricter rotation of credentials.

    Unmanaged and highly privileged accounts increase risks that can be exploited. The security controls defined by the organization require protection of the privileged account passwords. CyberArk has helped us to identify, store, protect, and monitor the usage of privileged accounts.

    What is most valuable?

    • Controlled access and rotation of credentials.
    • The Vault offers great capabilities for structuring and accessing data. 
    • Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices.
    • Privileged Session Manager is for provisioning, securing, and recording sessions.

    What needs improvement?

    • The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots. 
    • New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.
    • Online help also needs to be looked into with live agent support.

    For how long have I used the solution?

    One to three years.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user585702 - PeerSpot reviewer
    Senior Consultant at a tech services company with 5,001-10,000 employees
    Real User
    Allows secure, logged access to highly sensitive servers and services
    Pros and Cons
    • "Allows secure, logged access to highly sensitive servers and services."
    • "​It's hard to find competent resellers/support."
    • "Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
    • "it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs."

    How has it helped my organization?

    It has made things more complex, but has eliminated the possibility of Pass The Hash.

    What is most valuable?

    Allows secure, logged access to highly sensitive servers and services.

    What needs improvement?

    Perhaps by design, but it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    No scalability issues.

    What do I think about the scalability of the solution?

    Yes. The OU limitations, noted above.

    How is customer service and technical support?

    It's hard to find competent resellers/support.

    How was the initial setup?

    Complex. Lots of architecture, lots of planning, and lots of education and training are needed. Technically, roll-out isn’t bad. It’s the support, training, education, philosophy, and integration within existing ways of doing things that are challenging.

    What other advice do I have?

    I’m a consultant. I help implement and train others on how to use it in a highly secure environment.

    I’d give it a nine out of 10. It is very, very secure.

    Plan for major culture change, especially in non-progressive shops. This is a necessary evil to endure for the sake of real security.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user796542 - PeerSpot reviewer
    User at a financial services firm with 10,001+ employees
    Real User
    Securely protects our TAP/NUID and privileged access accounts within the company
    Pros and Cons
    • "The regulation of accounts is by far the most needed and valuable part of the application."
    • "Helped us meet our standards and requirements to help us comply with industry standards and banking regulations."
    • "Securely protects our TAP/NUID and privileged access accounts within the company."

      What is our primary use case?

      Our main use is for CyberArk to hold, maintain, and securely protect our TAP/NUID and "privileged access" accounts within the company.

      How has it helped my organization?

      For audit and risk purposes, CyberArk EPV has helped us meet our standards and requirements to help us comply with industry standards and banking regulations. Reports and other quick audit checks make this possible.

      What is most valuable?

      EPV, as a whole, is very valuable to the company. However, the regulation of accounts is by far the most needed and valuable part of the application.

      What needs improvement?

      Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product.

      For how long have I used the solution?

      Less than one year.
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      PeerSpot user
      Senior Consultant - Information Security Engineering at a financial services firm with 10,001+ employees
      Consultant
      Can provide transparent connection to targeted systems and record activities
      Pros and Cons
      • "Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials."
      • "You can gradually implement CyberArk, starting with more easily attainable goals."

        What is our primary use case?

        We proactively vault and manage all elevated accounts across multiple platforms. 

        For especially sensitive business units, we additionally leverage Privilege Session Manager to provide transparent connection to targeted systems and record activities.

        How has it helped my organization?

        Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials.

        What is most valuable?

        You can gradually implement CyberArk, starting with more easily attainable goals, such as basic vaulting and password rotation and build on that with additional modules, such as Privileged Session Manager and Application Identity Manager.

        What needs improvement?

        While in the past, administration required several tools and multiple screens/options in those products, v10 is moving towards a single pane of glass with common functions easily found and information regarding privileged accounts given to users in plain, easy to understand terms, now enhanced with graphics.

        For how long have I used the solution?

        Three to five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        PeerSpot user
        Princ. Info Security Analyst at a insurance company with 10,001+ employees
        Real User
        Ensures accounts are managed according to corporate policies
        Pros and Cons
        • "Ensures accounts are managed according to corporate policies."
        • "It takes people out of the machine work of ensuring credentials remain up-to-date, and handles connection brokering such that human usage and credential management remain independent."
        • "It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill."

        What is our primary use case?

        We use it all.

        • Privileged account access and management
        • Credential rotation
        • Access control
        • Privileged session recording

        How has it helped my organization?

        CyberArk PAS helps ensure accounts are managed according to corporate policies. In short, it takes people out of the machine work of ensuring credentials remain up-to-date, and handles connection brokering such that human usage and credential management remain independent.

        What is most valuable?

        All of the features we use have helped our security posture in some way. All of these have their place in defining and supporting the security posture:

        • Password management
        • Session management
        • Recording
        • Access control.

        What needs improvement?

        Overall, I think it is a fantastic product, when used as designed and intended.

        One of its biggest downfalls is also one of its biggest strengths. It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill.

        For how long have I used the solution?

        More than five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        Eric Vanatta - PeerSpot reviewer
        Identity and Access Management System Administrator Sr. at a financial services firm with 1,001-5,000 employees
        Real User
        Increased our insight into how privileged accounts are being used and distributed within our footprint

        What is our primary use case?

        CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage.

        How has it helped my organization?

        The CyberArk PAS has greatly increased our insight into how privileged accounts are being used and distributed within our footprint.

        What is most valuable?

        • Ease of use
        • The auditing capabilities
        • The great support of their customer success teams

        What needs improvement?

        Areas the product could be improved are in some of the reporting capabilities and how the reports are configured.

        For how long have I used the solution?

        One to three years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        John Lawren James - PeerSpot reviewer
        Global Privilege Access Management Technical Architect at a consultancy with 10,001+ employees
        Real User
        All access to our servers, by both staff and vendors, is monitored and recorded

        What is our primary use case?

        We are leveraging CyberArk to provide Windows server access management across our enterprise. All our staff is looking for access to a server and needs to use CyberArk.

        How has it helped my organization?

        CyberArk has resulted in a massive increase in our security footprint. All access to our servers, by both staff and vendors, is monitored and recorded.

        What is most valuable?

        Session recording and key logging. We can track down not only who made a change, but exactly what they changed or did.

        What needs improvement?

        The current user interface is a little dated. However, I hear there are changes coming in the next version. 

        There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself.

        For how long have I used the solution?

        More than five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        Rodney Dapilmoto - PeerSpot reviewer
        Rodney DapilmotoSystems Admin Analyst 3 at CPS Energy
        Top 10Real User

        The UI has been completely revamped in Version 10. It has a differently look and feel. We will be looking to test it in our Development landscape and possibly go to Production towards the end of the year.

        it_user620580 - PeerSpot reviewer
        Security Engineer at a tech services company with 51-200 employees
        Consultant
        Enables us to manage passwords of highly privileged accounts.

        What is most valuable?

        The product enables us manage passwords of highly privileged (service) accounts. These are not tied to a person, and they include a full audit trail and approval workflow functionality.

        How has it helped my organization?

        Management of these accounts is typically required to prevent abuse and gain control of this.

        What needs improvement?

        Perhaps improve the user registry integration. It is already fine, but a bit atypical.

        My experience with the product was with older versions, so this may not represent the actual case anymore. In essence, user registry integration is atypical in the sense that the product creates a copy of the user inside the product itself (to accommodate for license seat counting, I guess).

        Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt the vendor considers this an issue, though.

        For how long have I used the solution?

        I have used this for three years, including the implementation of the product

        What do I think about the stability of the solution?

        There were no issues with stability.

        What do I think about the scalability of the solution?

        There were no issues with scalability.

        How is customer service and technical support?

        Technical support is OK. The product is not very difficult to install, but there are some considerations that need to be taken into account. Tech support is very well aware of this.

        How was the initial setup?

        The initial setup was simple. It is windows based and leverages installation wizards to perform installation. Also, sufficient documentation exists to guide the setup procedure.

        What's my experience with pricing, setup cost, and licensing?

        Look well at the user base and frequency of use. A lot of licensing models exist, but having this clear will immediately indicate what fits best.

        As for pricing, I cannot comment.

        Which other solutions did I evaluate?

        We did not evaluate other solutions.

        What other advice do I have?

        Make sure that the organization is ready and willing to adopt this, as the typical business cases cannot be addressed by the product alone.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CyberArk business partner.
        PeerSpot user
        Malhar Vora - PeerSpot reviewer
        CyberArk PAS Solution Professional | Project Manager at a tech services company with 10,001+ employees
        Consultant
        Provides automatic password management. We can monitor, record, and control sessions.

        What is most valuable?

        All features of the CyberArk PAS solution are valuable.

        The Digital Vault is one of the key components of the solution along with many other great benefits. The highly secured vault stores the privileged account passwords and data files using encryption. In version v9.7, CyberArk has introduced the Cluster Vault feature, which enhances high availability of the Vault server.

        Other important features:

        • Automatic password management
        • Monitor, record, and control privileged sessions
        • Flexible architecture
        • Clientless product
        • Custom plug-ins for managing privileged accounts and sessions

        How has it helped my organization?

        Unmanaged, highly privileged accounts increase risks that can be exploited by attackers. The security controls defined by the organization require protection of the privileged account passwords. CyberArk helps organizations to identify, store, protect, and monitor the usage of privileged accounts.

        What needs improvement?

        An immediate improvement was the implementation of security controls to protect, control and monitor privileged accounts through CyberArk solution.

        For how long have I used the solution?

        I have used CyberArk for over two and a half years.

        What do I think about the stability of the solution?

        It’s a very stable product. I haven’t encountered any stability issues.

        What do I think about the scalability of the solution?

        I haven’t encountered any scalability issues. All the components are scalable.

        How are customer service and technical support?

        I would give technical support a rating of 4.5/5.

        Which solution did I use previously and why did I switch?

        This is the first PAM product that I have used.

        How was the initial setup?

        The initial installation was straightforward. The configuration or integration can be complex depending on the requirements, design, and infrastructure of the organization.

        What's my experience with pricing, setup cost, and licensing?

        The pricing and licensing depend on many factors and on the components considered for implementation.

        What other advice do I have?

        The PAM solution brings cultural change and adds a layer to the way IT administrators access the privileged accounts before implementing the PAM tool. A great, valuable product like CyberArk requires good planning and time to implement all the features.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        it_user685299 - PeerSpot reviewer
        IT Security Specialist at a tech services company with 11-50 employees
        Consultant
        Password rotation, session recording & isolation and on-demand privileges.
        Pros and Cons
        • "Password rotation, session recording & isolation and on-demand privileges."
        • "For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products."

        What is most valuable?

        Password rotation, session recording & isolation and on-demand privileges.

        What needs improvement?

        For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products.

        What do I think about the stability of the solution?

        No

        What do I think about the scalability of the solution?

        No

        How is customer service and technical support?

        Very good.

        How was the initial setup?

        Basic setup is pretty straightforward, but to fully utilise the product it can get complicated as it ties in with a lot of other products. Suggest a phased installation so staff can adjust to new processes.

        What's my experience with pricing, setup cost, and licensing?

        It can be an expensive product. I Suggest only licensing basics to begin with and as need arises, start to license extensions (AIM, etc.) during next phase of implementation.

        Which other solutions did I evaluate?

        Centrify and Lieberman ERPM.

        What other advice do I have?

        CyberArk offers extensive training, utilise it. Also their support staff are very good and can assist with everything.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        SecArch3081 - PeerSpot reviewer
        SecArch3081IT Security Consultant and Platform Architect at a pharma/biotech company with 10,001+ employees
        Real User

        Have you assessed TPAM/Safeguard? (was a Dell product, now One Identity)

        it_user685302 - PeerSpot reviewer
        Technical Lead at a tech services company with 10,001+ employees
        Consultant
        ​Enterprise Password Vault, Privilege Session Manager & Application Identity Management have been very useful for our client environment.​
        Pros and Cons
        • "Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment."
        • "Performance of PIM could be better and intended for usability as well as security."

        How has it helped my organization?

        Its features like detailed audit and reporting, automated workflows, granulated privileged access controls, automated password rotation, and centralized and secure storage have helped us in developing a secure environment for customers, along with audit and compliance coverage.

        What is most valuable?

        Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment.

        What needs improvement?

        Performance of PIM could be better and intended for usability as well as security. Another point is that the free trials should be in place for all components so that PoC could be made easy.

        What do I think about the stability of the solution?

        No.

        What do I think about the scalability of the solution?

        No.

        How are customer service and technical support?

        Technical support is quite efficient and they always provide a timely response.

        Which solution did I use previously and why did I switch?

        Haven’t use any solution prior to CyberArk.

        How was the initial setup?

        As this was new product, there were some small challenges in understanding but the setup was straightforward.

        What's my experience with pricing, setup cost, and licensing?

        As our deployment was not so large, our client was happy with the pricing and licensing.

        Which other solutions did I evaluate?

        Yes, we did a research and chose CyberArk above all due to its components that were suitable to our environment.

        What other advice do I have?

        Proper implementation and prior study of product will give you efficient results. Organizations looking for a product that can provide proper paper trail for risk and compliance audits should certainly give it a try because the product's auditing and reporting capabilities are really bliss.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        it_user3396 - PeerSpot reviewer
        it_user3396Team Lead at Tata Consultancy Services
        Top 5Real User

        Cool review

        it_user677688 - PeerSpot reviewer
        CyberArk Consultant at a comms service provider with 10,001+ employees
        Real User
        The password management component (CPM) is the most valuable. The installation manual is quite straightforward and extensive.
        Pros and Cons
        • "It enables companies to automate password management on target systems gaining a more secure access management approach."
        • "The current interface doesn't scale that well, and has some screens still in the old layout."

        How has it helped my organization?

        Implementing CyberArk is not only "rolling out" a tool. It also will force the company to have a good look at the access management strategy, improve security processes and clean data. Implementation of CyberArk will increase the insight the company has in their access management implementation.

        What is most valuable?

        The password management component (CPM) is the most valuable. This enables companies to automate password management on target systems gaining a more secure access management approach.

        Another major component is the PSM, which enables session recording and provides additional possibilities to securely connect to target devices.

        What needs improvement?

        Allthough it's highly configurable, the user interface could use a do-over. The current interface doesn't scale that well, has some screens still in the old layout, while others are in the new ones and consistency in layout between pages sometimes is an issue. As I understand, this is scheduled for version 10.

        What do I think about the stability of the solution?

        If there are stability issues, most of the time this relates to the companies infrastructure.

        What do I think about the scalability of the solution?

        CyberArk is highly scalable. Depending on the companies infrastructure, the size of the CyberArk implementation can become quite large.

        How are customer service and technical support?

        I rate support 7/10. Technical knowledge of the support staff is good. Sometimes it is a lengthy process to get to the actual answer you require. One the one hand, that is because lots of information is required (logs, settings, reports, etc.). On the other hand, the support crew sometimes answers on questions that we did not ask.

        Which solution did I use previously and why did I switch?

        We did not have a previous solution.

        How was the initial setup?

        The installation manual is quite straightforward and extensive. There also is an implementation manual to support the function implementation. The installation requires specific hardware which sometimes might not fit the standards within an organisation. Over the last few years the documentation has improved hugely. Of course, there is always room for improvement, but I guess this is one of the better ones in the IT field.

        What's my experience with pricing, setup cost, and licensing?

        I do not have anything to do with pricing.

        Which other solutions did I evaluate?

        I was not involved in the acquisition process, but I know that sometimes a Hitachi solution is considered.

        What other advice do I have?

        Do a detailed assessment of your requirements before you invest. Map the requirements to the functionality and go just that step deeper in the assessment of whether the tool fits your needs. Keep in mind that, although CyberArk is highly configurable and provides lots of functionality, it still is an out-of-the-box solution and customization is limited in some ways.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        it_user674070 - PeerSpot reviewer
        Senior Technical Trainer at a tech services company with 501-1,000 employees
        Consultant
        Improves the privilege account security in the organization. I would like to see improvement in the custom connector.
        Pros and Cons
        • "PSM (Privilege Session Manager."
        • "I would like to see improvement in the custom connector for integration with different devices."

        How has it helped my organization?

        This product helps to improve the privilege account security in the organization. Privilege accounts were involved in all the breaches.

        What is most valuable?

        PSM (Privilege Session Manager)

        What needs improvement?

        I would like to see improvement in the custom connector for integration with different devices. Currently, it needs professional services and lots of time for out-of-the-box custom connectors.

        What do I think about the stability of the solution?

        There were no issues with stability. However, there were a few times when there were stability issues because the solution was deployed on a Windows platform.

        What do I think about the scalability of the solution?

        There were no issues with scalability.

        How are customer service and technical support?

        Technical support is average. They are not so great, because the first level support partner or distributor has to provide the support and customers cannot contact CyberArk support directly.

        Which solution did I use previously and why did I switch?

        We moved from version 8 to Version 9.

        How was the initial setup?

        The initial setup is a bit complex because it has lots of prerequisites and dependencies on Windows' features.

        What's my experience with pricing, setup cost, and licensing?

        It is not a cheap solution. It is expensive as compared with other solutions. However, it is one of the best solutions in their domain.

        Which other solutions did I evaluate?

        I worked in the CyberArk distribution company. However, I have seen that other products do not provide all the features that CyberArk can provide.

        What other advice do I have?

        For implementation, you will need professional services or other experts.

        Disclosure: My company has a business relationship with this vendor other than being a customer: My ex-company is the distributor of CyberArk.
        PeerSpot user
        it_user674049 - PeerSpot reviewer
        Head of Technical Services at a tech services company with 51-200 employees
        Consultant
        Gives us the ability to isolate sessions to protect the target system.
        Pros and Cons
        • "Automates password management to remove the human chain weakness."
        • "The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA."

        How has it helped my organization?

        With the ability to better control access to systems and privileged accounts, we no longer need to manage privilege accounts per user. We are able to manage privilege accounts for the service, which is automatically managed by the CPM as part of the solution. Allowing access to systems by group membership, via safe access, makes controlling actual access much simpler than traditional mapping via the Active Directory.

        What is most valuable?

        • The ability to isolate sessions to protect the target system.
        • Automates password management to remove the human chain weakness.
        • Creates a full audit chain to ensure privilege management is responsibly done
        • Creates an environment in which privilege accounts are used, without exposing the password, on target systems.
        • Performs privilege functions, without undue exposure, whilst maintaining the ability to audit, where anything suspicious, or unfortunate, may have occurred.

        What needs improvement?

        The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA.

        Whilst the client is completely functional, it's been around for a long time and is reminiscent of XP, or even Windows 95. It could use an aesthetic update, with some of the wording and functions needing to be updated to be more representative of what is found in similar configuration from within the PVWA.

        To go into more detail- The old PrivateArk client is simply that, old. Looking at the recently released Cluster Manager quickly reminds us of that. Also, the way in which objects are handled within the old client is similar to how objects were handled in older versions of Windows. The PrivateArk client could do with easier to follow links to configuration items and the ability to perform searches and data relevant tasks in an easier to follow process, there may even be room for inclusion of the server management component (lightweight even) and cluster manager components to be made available via the same client, should permissions permit such. As much as the client remains stable and functional, I believe it is time for an update, even if only aesthetically.

        What do I think about the stability of the solution?

        Some improvements could be made to the PSM service. However, this could also be a problem with how Microsoft RDS functions, rather than the PSM services.

        What do I think about the scalability of the solution?

        This product scales amazingly well.

        How are customer service and technical support?

        Technical support works with customers and partners to resolve issues in a timely way.

        Which solution did I use previously and why did I switch?

        No previous solutions were used.

        How was the initial setup?

        The manual reads like a step-by-step guide. The installation, although complex, can be achieved by following the installation guide.

        What's my experience with pricing, setup cost, and licensing?

        I don’t work with pricing, but licensing is dependent on the needs and requirements of each customer.

        Which other solutions did I evaluate?

        We evaluated alternatives, but nothing compares.

        What other advice do I have?

        Make sure you understand your business objects and your technical objects. Plan to scale out to the entire organization, but start small, and grow organically.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Platinum Partner.Performanta, the global purple tribe, delivering the bedrock of quality managed cyber security services and consulting to our customers, enabling them to do business safely. With a consultative approach to people, process and technology, Performanta focuses on cyber security projects in line with adversarial, accidental and environmental business risk. We measure Governance, Risk and Compliance with a kill chain resilience and technology mapping service, Cyber Security Operations Centre (CSOC) technical support and products to deliver intelligence and customer value to ensure control over the threat landscape. Securing Your World, Together. 16 May, 2017: At the CyberArk Impact EMEA 2017 conference, Performanta received the winning award for ‘Best Solution Partner of the Year’ for UK/Ireland, which they describe as: “The Solution Partner of the Year award recognises Performanta, in region, as having made a significant contribution to the CyberArk business; they understand our offering, can articulate that well into the prospect and customer community and have proven themselves technically capable on a regular basis during the last 12 months.”
        PeerSpot user
        it_user665142 - PeerSpot reviewer
        SD/Infr Coordinator at a computer software company with 201-500 employees
        Vendor
        We helped a telecom to migrate from a standard .XLS with accounts.
        Pros and Cons
        • "You can easily manage more than 4000 accounts with one PSM."
        • "I would like to see better usability for non-technical people."

        How has it helped my organization?

        The fact that there are more and more plugins developed make it easier for implementation.

        What is most valuable?

        It is difficult to say what the valuable features are. I use all the different parts together to get the full power of CyberArk.

        What needs improvement?

        I would like to see better usability for non-technical people. If you use the PVWA interface, I noticed that the end user would need some extra training. The portal doesn't navigate so easily, if you don't know it.

        With Facebook, for example, people find their way around easily. In PVWA, it takes some time to know how it works from an end-user point of view.

        What do I think about the stability of the solution?

        I did not encounter any issues with stability.

        What do I think about the scalability of the solution?

        There have been no issues with scalability. You can easily manage more than 4000 accounts with one PSM.

        How are customer service and technical support?

        I haven't needed any support yet, as it is well documented.

        Which solution did I use previously and why did I switch?

        We did not use a previous solution. Basically, we helped a telecom to migrate from a standard .XLS with accounts to CyberArk.

        How was the initial setup?

        The most difficult part was convincing the technical teams to use it.

        What's my experience with pricing, setup cost, and licensing?

        Pricing and licensing depend on the environment. First, make a good plan.

        What other advice do I have?

        Basically, build it up step-by-step, starting with the EPV of course :-).

        Disclosure: My company has a business relationship with this vendor other than being a customer: There is no business relationship in my current company. But my previous company, Devoteam, is officially the point of contact for Belgium.
        PeerSpot user
        PeerSpot user
        Senior Consultant at a consultancy with 10,001+ employees
        Consultant
        The combination of CPM and PSM resolves a lot of use cases.
        Pros and Cons
        • "The combination of CPM and PSM resolves a lot of use cases."
        • "They can do a better job in the PSM space."

        How has it helped my organization?

        All the high privileged accounts are managed by CyberArk at a regular frequency. This mitigates the big risk that we had for passwords not changing forever.

        What is most valuable?

        The combination of CPM and PSM resolves a lot of use cases.

        What needs improvement?

        They can do a better job in the PSM space.

        What do I think about the stability of the solution?

        It has been pretty stable. No ongoing issues; only one-off, and CyberArk support has been pretty good for support.

        What do I think about the scalability of the solution?

        I can foresee some issues if we suddenly have to put thousands of passwords into CyberArk Vault. I know they have the password upload utility, but it has its limitations.

        How are customer service and technical support?

        Customer Service:

        Their support is pretty good and responsive.

        Technical Support:

        Their support is pretty good and responsive. Their L3 is in Israel, so sometimes it takes more time getting responses for complicated use cases.

        Which solution did I use previously and why did I switch?

        I did not previously use a different solution. I have always used CyberArk.

        How was the initial setup?

        I would rate initial setup as a medium complexity. They have good documentation, as well.

        What about the implementation team?

        I am from a vendor team that does the implementation.

        What's my experience with pricing, setup cost, and licensing?

        I was not involved in the pricing and licensing. I have an idea that it's on the higher side of the price scale.

        Which other solutions did I evaluate?

        Before choosing this product, we also evaluated Dell and NetIQ.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        it_user620580 - PeerSpot reviewer
        Security Engineer at a tech services company with 51-200 employees
        Consultant
        Provides a full audit trail and approval workflow functionality.

        What is most valuable?

        • Ability to manage passwords for highly privileged, service accounts, which are not tied to a person
        • The inclusion of a full audit trail
        • Approval workflow functionality

        How has it helped my organization?

        Management of these accounts is typically required to prevent abuse and prove compliance.

        What needs improvement?

        Perhaps improve the user registry integration. User registry integration is atypical in the sense that the product creates a copy of the user inside the product itself. This is done to accommodate for license seat counting.

        Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt that the vendor considers this an issue.

        For how long have I used the solution?

        I have used CyberArk for three years, including the implementation of the product.

        What do I think about the stability of the solution?

        I did not have stability issues.

        What do I think about the scalability of the solution?

        I did not have scalability issues.

        How is customer service and technical support?

        The product is not very difficult to install. However, there are some considerations that need to be taken into account. Technical support is very well aware of this.

        How was the initial setup?

        The setup was simple. It is Windows based and leverages installation wizards to perform the installation. Also, sufficient documentation exists to guide you through the setup procedure.

        What's my experience with pricing, setup cost, and licensing?

        Examine the user base and frequency of use. A lot of licensing models exist. However, having this clear will immediately indicate what fits best. As for pricing, I cannot comment.

        Which other solutions did I evaluate?

        We didn’t look at alternatives.

        What other advice do I have?

        Assure that the organization is ready and willing to adopt this. The typical business cases cannot be addressed by the product alone.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CyberArk business partner implementing for customers.
        PeerSpot user
        it_user574734 - PeerSpot reviewer
        Technology Architect at a renewables & environment company with 51-200 employees
        Vendor
        Reduced the overhead to protect enterprise data from delays.

        What is most valuable?

        • EPV: Enterprise Password Vault
        • PSM: Privileged Session Manager
        • AIM: Application Identity Manager
        • The latest version of the product is mature and there is more functionality than we need.

        How has it helped my organization?

        • Improved security
        • Reduced the overhead to protect enterprise data from delays
        • Receives logs about all activities
        • Compliance with several standards

        For how long have I used the solution?

        I’m not the end-user. As a solutions architect (consultant), I designed and planned the solution in a very complex network environment.

        What do I think about the stability of the solution?

        We have not encountered any stability issues. After more than six years with my first CyberArk client, everything works great.

        What do I think about the scalability of the solution?

        We have not encountered any scalability issues. The solution was scaled right at the beginning of the project.

        How are customer service and technical support?

        We called technical support a few times and they came back to us very quickly. They fixed our problems very quickly. The problems were caused mainly by changes in the network.

        Which solution did I use previously and why did I switch?

        We did not use any previous solution.

        How was the initial setup?

        We were assisted for the initial setup by a CyberArk consultant for one week.

        What's my experience with pricing, setup cost, and licensing?

        A good architecture will help to gather the business requirements. You can then come up with the right sizing and licenses. If it is a large installation, implement in phases to become familiar with the products, and then purchase the licenses at the right time.

        Which other solutions did I evaluate?

        All other top solutions in the Gartner Magic Quadrant were evaluated and CyberArk came up as the best and most mature choice. I compared all solutions using my client business requirements and what the solutions offered to them on the top of the business requirements. The scope of the project became wider.

        What other advice do I have?

        I would recommend being well prepared. Do not improvise. Understand what you are doing. Take the time to read the technical documentation, and not just the marketing material, to understand CyberArk. It will not be a waste of time.

        Take the time to prepare, clean, and document all your privileged, services, and application accounts. Use the product for its intended design.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        Tanmay Kaushal - PeerSpot reviewer
        Cyber Security Consultant at a tech services company with 10,001+ employees
        Real User
        I can customize it to meet our customers' requirements. Password management is done automatically, and adheres to company compliance policies.

        What is most valuable?

        • Client-less feature
        • Flexible architecture support
        • High level of customization for maximize utilization
        • User friendly and Flexibility of multiple choice
        • Adhere to Security Compliance

        How has it helped my organization?

        This tool is in Leader's quadrant in Gartner Quadrant report. Not just because it has more features than other but also it improves the way organization function. CyberArk can be used as many as you can think of. Such Granular ways of utilizing parameters, features and restrict permissions that no other tool can grant you. This tool has always surprise me with its capability and features.

        What needs improvement?

        Since this tool major utilizing modules are PAM and PSM, hence AIM and OPM are least considered by client. Client is somehow reluctant to use these features. Yes, i do agree that these Modules are not that friendly but also CyberArk do not providing proper training on these modules. Reports are also one of the major concern, as it gives a very basic kind of reports. CyberArk must provide some graphical reports which can be customized as per client requirement. After all presentation does matter.

        For how long have I used the solution?

        I have been working with PIM solutions since Apr 2011 and I was introduced to CyberArk around four years ago. I started with version 7.2 and I’m now working with version 9.6. Other than this CyberArk, I had experience on Dell TPAM, CA PUPM, Arcos PAM, BeyondTrust PIM etc with some more expertise on Imperva SecureSphere, Guardium, Tripwire Enterprise, Novell Access Manager etc.

        What was my experience with deployment of the solution?

        Ofcourse, which deployment does not encountered any issue, however it depends upon your planning whether you are facing critical issues or just small hiccups. From my point of view, yes you need to plan it well, think from everyone prospective and also but most important it should be give ease of working not make end user frustrate. Understanding this tool and its utilization is more important in order to deploy it. Since the planning is not only limited to installation of CyberArk components but also it go beyond it such as GPO, AD Configuration, OU Setup, User usage, account management and so on. I face many issues during deployment and also after deployment. Plan it well before implementation.

        What do I think about the stability of the solution?

        Earlier in 9.0 version I faced some stability issues, yes there are some stability issues with CyberArk such as memory leakage, password unsync etc. These are some common problems but frustrating. In this version of CyberArk, memory leakage is a quite common and frequent issue which lend up access issue to end users.

        What do I think about the scalability of the solution?

        As I said above, you need to plan wisely before you implement it. You need to consider all prospects of this tool before implementation.

        How are customer service and technical support?

        Customer Service:

        CyberArk support is one of the best support I have ever seen. I worked on multiple tools and had a conversation with their customer support, CyberArk support is one of best one i have encountered with. They are very patient and calm. However sometime they are not much aware about the issue and could not provide the solution until it escalated to L3. It would give 8 out of 10 to CyberArk support.

        Technical Support:

        Refer to customer service. Technical support is 8/10.

        Which solution did I use previously and why did I switch?

        I started my career with Quest TPAM (now Dell TPAM) and also worked on BeyondTrust, CA PUPM, ARCOS, etc. BeyondTrust and ARCOS were introduced in market at that time. These tools are good but doesn't seems to be user friendly as CyberArk PAM. These solutions are bit complex to implement, configure and usage. Even if these tools have some good features which keeps them running in market but one feature in which all these tools are beaten up by CyberArk is User Friendly.

        Users are more confident in using CyberArk, more convenient in installing and deployment and easier to customize as per client requirement.

        How was the initial setup?

        Again, it completely depend upon your architecture design of CyberArk and planning. More complex Architecture leading to more complexity in implementation. Understand the Architecture, understand client requirement and only then design and implement. The sure shot guarantee of successful implementation is "Keep It Short and Simple".

        What about the implementation team?

        Initially, I took some help but have never got a chance to work with Vendor team. I use to implement CyberArk for my client based on their requirement. I still not consider myself as an expertise, as I am still learning this tool and it always surprise me, however I would rate myself on overall - 6 out of 10.

        What was our ROI?

        Learning, keep involve yourself in learning. This is best ROI you will get.

        What's my experience with pricing, setup cost, and licensing?

        Please contact your local CyberArk Sales support, they will better guide you.

        Which other solutions did I evaluate?

        In case of CyberArk, No .. Never.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        it_user455391 - PeerSpot reviewer
        IT Admin at a tech company with 10,001+ employees
        Real User
        The proxy solution using PSM and PSMP gives leverage to reach out to servers which are NATed.

        What is most valuable?

        The proxy solution using PSM and PSMP is valuable. It gives leverage to reach out to servers which are NATed in separate networks and can be reached only by using a jump server.

        How has it helped my organization?

        Security has been improved. It has improved compliance and there is more control over the privileged users.

        What needs improvement?

        The performance of this product needs to be improved. When the number of privileged accounts increases, i.e., exceeds 2000, then the performance of the system reduces. The login slows down drastically and also the connection to the target system slows down. This is my observation and thus, the server sizing needs to be increased.

        For how long have I used the solution?

        I have used this solution for three years.

        What do I think about the stability of the solution?

        We have not encountered any stability issues so far.

        What do I think about the scalability of the solution?

        We have experienced some scalability issues, in terms of the performance.

        How are customer service and technical support?

        The technical support is good.

        Which solution did I use previously and why did I switch?

        Initially, we were using the CA ControlMinder. There were many issues with this solution, mainly in regards to no proxy solution and poor performance.

        How was the initial setup?

        The setup has a medium level of complexity.

        What's my experience with pricing, setup cost, and licensing?

        One should negotiate well.

        Which other solutions did I evaluate?

        We looked at other solutions such as CA PAM, Lieberman Software, Thycotic and ARCOS.

        What other advice do I have?

        This is the best product from its breed.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        Rodney Dapilmoto - PeerSpot reviewer
        Rodney DapilmotoSystems Admin Analyst 3 at CPS Energy
        Top 10Real User

        The beauty of using the PSMP is that an end user can bypass logging through the PVWA and go directly to using their choice of terminal emulation for SSH (i.e. Putty or SecureCRT, etc.).

        See all 2 comments
        it_user551259 - PeerSpot reviewer
        Iam Engineer at a tech services company with 201-500 employees
        Consultant
        A different server vault is used to store data with several layers of security for protecting it.

        What is most valuable?

        Some of the valuable features are:

        • The different server vault is used to store data with 7 layers of security for protecting the data.
        • The Application Identity Management Module is also very useful and easy to handle.
        • AutoIt scripting is useful to simulate single sign-on for thick and thin clients.

        How has it helped my organization?

        It makes compliance of the organization with password management easy. This results in a handy auditing process and adheres to all risk compliance as well.

        What needs improvement?

        Some areas of improvement are:

        • PSM: It should be hosted on UNIX rather than on Windows. In such cases, no extra OS license needs to purchased at the client's end.
        • PVWA: The admin console should be in the Windows installer instead of a web application for admin users. It makes the work faster for admins; otherwise, it seems slow for the web interface.
        • PSMP: It looks a bit complex to deploy and maintain.
        • OPM: This module should be integrated with PrivateArk app.

        For how long have I used the solution?

        I have used this solution for three years.

        What do I think about the stability of the solution?

        CyberArk is quite stable and no issues have been exprienced on regards to stability.

        What do I think about the scalability of the solution?

        We have not encountered any scalability issues. It is very scalable with any requirements.

        How is customer service and technical support?

        I would give the technical support a 9/10 rating. It has superb technical support for U.S. clients.

        However, for Indian origin clients, i.e., for foreign clients, the support is poor thus I have rated it a 4/10.

        What's my experience with pricing, setup cost, and licensing?

        It is very expensive. They charge for every single thing they offer.

        Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a CyberArk reseller.
        PeerSpot user
        it_user512265 - PeerSpot reviewer
        Consultant at a tech company with 1,001-5,000 employees
        Vendor
        It is modular, and each module can extend its operational area with plug-ins.

        What is most valuable?

        I think that one of the advantages of the CyberArk PAS suite is that it is modular. On top of the basics, you can implement modules to:

        • Manage (verify, change and reset) privileged passwords and SSH keys
        • Manage (isolate and monitor) privileged session to the different types of devices
        • Control Applications (e.g., malware)
        • Detect, e.g., backdoor use, unusual behavior, and Kerberos hacks of privileged accounts
        • Avoid/remove hardcoded passwords in applications/scripts
        • Implement the principle of least privilege

        Even those components can extend their operational area by use of, e.g., plug-ins, making it possible to manage about any kind of privileged account or session.

        How has it helped my organization?

        I see companies that already have thought about their privileged accounts, while others have not (to that extent). Implementing the CyberArk solution, it helps (and sometimes forces) these companies to think about their privileged accounts. Are they really needed? Who needs access to them? What kind of privileges do these accounts need (service accounts/log on accounts/etc.)? And so on. Thinking about these things helps customers to organize their data/privilege accounts in the CyberArk solution. It then helps the organizations to get control of their privileged accounts and to safely store and manage these, knowing that only the correct persons can access these accounts and that the different devices can only be managed via one central entry point to the datacenter.

        What needs improvement?

        With every version, I can see that the product wins on functionality and user experience. On the latter though, I hear from customers that on the UI level, things could be better. CyberArk continuously asks for feedback on the product (e.g., via support, yearly summits) from customers and partners, and hence, with version 10, they are addressing these remarks already.

        The web portal (and hence the user interface) has some legacy behavior:

        • Some pages are created for past-generation monitors. With current resolutions, filling the pages and resizing some elements on the pages could be handled better.
        • They are not consistent with the layout of different pages. Some have, let’s say, a Windows 7 look and feel, while others have the Windows 8 look and feel.

        Nevertheless, even with those remarks, it does what it is supposed to do.

        For how long have I used the solution?

        I’m working as a partner of CyberArk for about four years now. I started on version v7.1 (currently on v9.7) and I have served about 20 happy customers.

        What do I think about the stability of the solution?

        As no software is perfect, I don’t think it is any different with CyberArk. Their support, however, is able to tackle most of the problems. Sometimes patches are distributed. The CyberArk solution highly integrates with different platforms (Windows/Linux) and applications (AD, SIEM, email, etc.). So, not configuring it well can result in unexpected behavior. You need to consider the limitations of the platforms it is installed on, as well.

        What do I think about the scalability of the solution?

        As mentioned, one of the advantages of the CyberArk PAS suite is the modular build up; not only on covering the functional area, but also on size of your network/datacenter. If you, e.g., notice that the number of privileged accounts to manage increases, you can simply add an additional module/component that manages those passwords.

        How are customer service and technical support?

        Their support is good. It is split up into different areas (technical, implementation, etc.) and I always have a quick answer. And they go all the way for their customers.

        Which solution did I use previously and why did I switch?

        I saw customers using another product for their privileged accounts. Due to its limitations (e.g., on password and session management) and stability, they decided to switch to CyberArk.

        How was the initial setup?

        This question goes both ways; initial setup can be straightforward and it can become complex. The architecture in the network and installation of the software itself is pretty straightforward. Most of the modules/components are agentless. This makes it possible to install the solution in the datacenter without impacting any existing devices (no impact on running systems, and simplifying change and release management). Integrating the systems (privileged accounts) in the CyberArk solution can happen gradually.

        The flexibility of the product, on the other hand, has as a consequence that there is a lot to configure. Depending on the existing infrastructure and functional demands at the different organizations, care has to be taken to have a correct implementation.

        What's my experience with pricing, setup cost, and licensing?

        As far as pricing, personally, I’m not involved in the sales part. So, I cannot elaborate on this topic. For licensing, I can advise the same thing as mentioned elsewhere: Start small and gradually grow.

        Which other solutions did I evaluate?

        Before choosing this product, I did not evaluate other options (being a partner, not customer).

        What other advice do I have?

        The Privileged Account Security product is a suite. That means that the product consists of different components/modules that cover a particular functional area (check their website) on privileged accounts. Plugging in more of those components in the environment results in covering a greater part of that area. Of course, there is a common layer that is used by all components. This is the security layer that holds and protects the privileged accounts.

        Start small. Use first the basic components that, e.g., include password management. Gradually grow the number of components/modules/functional area to include, e.g., other types of accounts, session management, intrusion detection, end-point protection, etc. Having a project scope that is too large will make the step of using the solution too big. Make sure every stakeholder in the project is aware and let them gradually ‘grow’ with the product.

        Disclosure: My company has a business relationship with this vendor other than being a customer: My company has a partnership with CyberArk.
        PeerSpot user
        it_user326337 - PeerSpot reviewer
        it_user326337Customer Success Manager at PeerSpot
        Consultant

        Which improvements are you waiting to see in the product's UI?

        it_user519366 - PeerSpot reviewer
        Information Security Advisor at a insurance company with 1,001-5,000 employees
        Vendor
        It verifies accounts on a regular basis. It reconciles the account if it has been checked out and used.

        What is most valuable?

        Account discovery, account rotation, and account management features make it a well-rounded application.

        Account discovery allows for auto-detection to search for new accounts in a specific environment such as an LDAP domain. This allows CyberArk to automatically vault workstations, heightened IDs, servers, and other accounts. Once the account is automatically vaulted, the system then manages the account by verifying the account on a regular basis or reconciling the account if it has been checked out and used. The settings for the window that account is using is configurable to the type of account being used.

        CyberArk is constantly coming up with new ways to perform auditing, bulk loading accounts, quicker access between accounts and live connections, as well as different ways to monitor account usage and look for outliers.

        As companies move further toward a “least privilege” account structure, CyberArk sets the bar for heightened account management.

        How has it helped my organization?

        In the past, standard practice was to assign role-based rights to standard accounts. Moving away from this structure allows us to require that all heightened access accounts be “checked out” and only operate within a set window. CyberArk analytics provide real-time monitoring to ensure accounts are only used by the correct people at the correct time.

        What needs improvement?

        Like any software, improvements and upgrades are a necessity. As CyberArk is used by many Fortune 100 and Global 2000 companies, they offer custom solutions that need to be continuously improved as the company changes. I am looking forward to new ways to utilize accounts within the current CyberArk system allowing a more seamless flow for technicians.

        For how long have I used the solution?

        I have used it for 19 months.

        What do I think about the stability of the solution?

        Beyond the servers and security devices necessary to run CyberArk, it maintains surprisingly few dependencies. It is capable of secure hardening with the capacity for multiple failovers that can exist and work without the use of LDAPs or external databases. CyberArk has been the most stable platform I have ever worked on and our redundancies allow for 100% uptime.

        What do I think about the scalability of the solution?

        Scalability has not been a problem. I have worked on multiple improvements and increases, as we continuously increase the number of domains and types of accounts CyberArk manages. There is not currently an end in sight for the number and types of accounts we are adding.

        How are customer service and technical support?

        CyberArk technical support is top notch. They provide ticketing and immediate escalation of issues, as well as direct resources for more immediate problems. CyberArk R&D has also provided valued updates to custom applications we use internally.

        Which solution did I use previously and why did I switch?

        With data breaches and ransomware becoming the standard that companies now face, a more elegant solution was desired from standard network and physical security. Accounts that can be found or socially engineered out of people has been a long-standing tradition for criminals and bored teenagers. Reducing the window any account can be used provides a more secure network.

        How was the initial setup?

        Setting up and learning a new platform is always a complex undertaking. This is why CyberArk provides local hands-on support to get the system set up and the company’s techs trained. The base setup will differ from company to company, based on their immediate needs and what they wish to accomplish immediately. Heightened IDs, local workstation IDs, off-network server accounts, service IDs… the list goes on and on.

        What's my experience with pricing, setup cost, and licensing?

        There are a handful of options out there providing similar services. However, none of them are as far along or provide as much stability and innovation as CyberArk. Pricing and licensing are going to depend on a great many factors and can be split up from when the system is originally implemented, and upgrades and new software down the line. All that being said, the money in question was not a deterrent in picking CyberArk for our solution.

        Which other solutions did I evaluate?

        We have tested a great deal of products, many of which are being used in the company for various other purposes; Avecto, Dell, Thycotic, to name a few. Centrify was the other primary system that we really carefully reviewed. In the end, the features and interface of CyberArk won out.

        What other advice do I have?

        CyberArk is an innovative set of tools that are easily learned. Getting deeper into the product allows for a great deal of complex settings that can be learned via high level implementation guides as well as a CyberArk certification.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        it_user519366 - PeerSpot reviewer
        it_user519366Information Security Advisor at a insurance company with 1,001-5,000 employees
        Vendor

        Account discovery as opposed to system (servers, workstations) discovery is a little more complex. This functionality comes down to scripting. Set up scripts that search your chosen domains looking for heightened accounts. To automatically add new accounts, your script will need to match the heightened account to the bind account used in the login domain. Then search for current safes, and either update them or create them. System Discovery is a simple setting in CyberArk that can be configured as you go.

        See all 2 comments
        it_user514596 - PeerSpot reviewer
        Security Technical Consultant at a tech services company with 10,001+ employees
        Consultant
        It allows you to target application-level access as opposed to just the underlying operating system.

        What is most valuable?

        The ability to create custom connector components is the most valuable feature of the product. Once the organisation matures in their privileged access strategy, CyberArk’s customisation capability allows you to target application-level access (e.g., web-based management consoles) as opposed to just the underlying operating system. The API allows operational efficiency improvements, through being able to programmatically provision accounts into the Vault.

        How has it helped my organization?

        It has improved our organization by being able to consolidate several privileged access technologies into a unified tool. Session recording and auditing capability, and approval workflows allow a high degree of control over the organisation’s privileged access requirements for compliance purposes.

        What needs improvement?

        • Authentication to the solution: Authentication to the PVWA utilises integration to IIS. Therefore, it is not as strong as desired.
        • Reporting capability and customisation: Reporting utilises predefined templates with limited customisation capability.

        For how long have I used the solution?

        I have used it for 15 months; approximately nine months in a large enterprise.

        What do I think about the stability of the solution?

        I have not encountered any stability issues.

        What do I think about the scalability of the solution?

        I have not encountered any scalability issues. The solution is fairly scalable. All presentation-level components are operable in highly available configurations.

        How are customer service and technical support?

        Technical support is 8/10; level of engagement depends on severity of problem.

        Which solution did I use previously and why did I switch?

        I did not previously use a different solution.

        How was the initial setup?

        Initial configuration is quite complex and takes a considerable amount of time. However, this depends on the management requirements of the organisation. An example of this is connectors to mainframes, which might require a degree of customisation and knowledge of how the password manager functions (and relevant training). Setup regarding installation is straightforward, as the provided guides are quite expansive and include several installation possibilities (e.g., standalone, HA, DR, etc.)

        What's my experience with pricing, setup cost, and licensing?

        Appropriately scope the organisation’s requirements to ensure licenses are not over-provisioned.

        Which other solutions did I evaluate?

        I was not part of the selection process.

        What other advice do I have?

        If an organisation has not utilised a PAM tool before, it is a large cultural change fundamentally in how a user works, and should be taken into consideration accordingly. The solution is complex depending on the requirements; therefore, the implementation should not be rushed and it should be tested appropriately.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        it_user512235 - PeerSpot reviewer
        Sr. Technical Consultant at a tech company with 51-200 employees
        Vendor
        The integration of Auto IT provided the flexibility to add thick clients and websites. It is expensive and the professional service team charges for each and every thing.

        Valuable Features

        I see the Auto IT integration as the most valuable feature.

        Improvements to My Organization

        I have seen improvements compared to the older versions and the integration of Auto IT provided the flexibility to add thick clients and websites.

        Room for Improvement

        Session recording search capability has to be improved. It should include more platforms for password management. It should include more thick client integrations.

        Use of Solution

        I used it for almost six years.

        Stability Issues

        There is dependency on Windows tasks and if any AD GPO changes are pushed, it affects the system and stops working.

        Scalability Issues

        I have not encountered any scalability issues. The product scales as the organisation grows.

        Customer Service and Technical Support

        Technical support from the vendor is the worst and that is one reason I stopped using CyberArk.

        Initial Setup

        The initial setup is not so complex, but CyberArk does require more servers for a full-fledged installation.

        Pricing, Setup Cost and Licensing

        The solution is costly and the licensing is very complex.

        Other Solutions Considered

        I was using CyberArk for more than six years and I have now switched to ARCOS. I was impressed with ARCOS because of the following reasons:

        • Cost-effective solution
        • Fewer servers required
        • Flexibility, performance
        • More features
        • Simple licensing
        • Good support

        I evaluated other solutions such as Leiberman, ManageEngine, TPAM, and Xceedium.

        ARCOS seems to be very promising and cost effective. Also, ARCOS doesn’t have a traditional jump server concept, which saves the customer from spending more on hardware. The licensing is very simple (number of admins & target IPs), where most of the features are available by default with the basic license.

        Other Advice

        CyberArk architecture is good and more secure, but I see the solution as expensive. Support is the worst; CyberArkstaff is not supportive, their professional service team charges for each and every thing.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We were the distributor for Cyber Ark.
        PeerSpot user
        PeerSpot user
        Security Expert at SecurIT
        Consultant
        I see a lot of security issues are addressed by the solution. For example, audit issues for privileged accounts.

        What is most valuable?

        As a security engineer, I mostly implement the Enterprise Password Vault Suite (Vault Server, Central Policy Manager, Password Vault Web Access) as this is the base upon which every additional component is built. I am using and implementing the additional components, such as the Privileged Session Manager and Application Identity Manager, more and more.

        How has it helped my organization?

        When implementing CyberArk, I see that a lot of security issues are addressed by the solution. For example, audit issues for privileged (non-personal) accounts, which have a sufficient amount of impact on the organization when being compromised or misused.

        A major benefit next to the auditing capabilities is the secure storage of the accounts in questions. CyberArk has the most extensive hardening and encryption techniques I have seen in a product, with equal intentions.

        Additionally, CyberArk can reduce the attack surface of these accounts by retaining the privileged accounts (protecting the credentials) within a secure environment only to be accessed through a secured proxy server (Privileged Session Manager). What I have also seen is that the Privileged Session Manager can aid in the adoption of CyberArk within an organization as it allows the end user to keep using his personal way of working (e.g., Remote Desktop Manager, Customized Putty).

        Another burden that organizations have is the need to manage hard-coded credentials. CyberArk also has a solution for this, allowing the credentials to be stored in the vault, where they can be retrieved by a script or applications through the execution of a command instead of hard-coding the credentials. There is also a solution available for accounts used in Windows scheduled tasks, services and more.

        The last generic, relatively new improvement for customers is the ability to monitor and identify the usage of the accounts managed by the suite. By using Privileged Threat Analytics, you can match the usage of CyberArk against the actual (logon) events retrieved from the corporate SIEM. Next to this, PTA profiles privileged account usage to discover malicious patterns such as different IP addresses or usage of an account on an unusual day. This is a very useful practice to gain an enhanced view on these privileged accounts and can eventually limit the impact of any malicious usage because of early detection.

        What needs improvement?

        In every product, there is room for improvement. Within CyberArk, I would like to see more support for personal accounts. It can be done right now, but I can imagine changing a few aspects would make this easier and more foolproof.

        Next to that, the REST API is not as capable as I would like. CyberArk is getting close, though.

        Lastly, I would love to see a password filler that can provide raw input (like a keyboard). There are scenarios where administrators do not have the ability to copy and paste a password from the clipboard. As typing over a long random password is a tricky job, a raw password filler would be a solution that could overcome this issue.

        For how long have I used the solution?

        I have been involved with CyberArk for three years now. During this period, I have designed, implemented and supported multiple CyberArk environments.

        What do I think about the stability of the solution?

        During the time that I have worked with CyberArk, I was able to conclude - based on experience and colleague stories - that this is one of the most stable products I have ever encountered. I have never seen any stability issue that was not related to a human error or a configuration issue.

        What do I think about the scalability of the solution?

        As far as I’m aware, we have not encountered any scalability issues. I have heard of some issues with the database of CyberArk when scaling to excessive amounts of entries, a long time ago. These issues have been fixed, as far as I know.

        In addition, it is possible to have issues with the Central Policy Manager when you configure it wrong.

        How are customer service and technical support?

        The technical support for our customers is primarily handled by ourselves, with CyberArk technical support to fall back to. I have seen great improvements in the quality of support over the years and they continue to do so. The response is fast and the quality is good.

        There is room for improvement in bug tracking. When a bug is confirmed, it is hard to track when or if it will be released in one of the future releases. As CyberArk is building an entire new support portal, I hope that this will be improved someday.

        Which solution did I use previously and why did I switch?

        My company did not previously use a different solution. My company has had CyberArk in their portfolio for more than 10 years now.

        How was the initial setup?

        Our company has set up a ‘generic’ and fast implementation plan based on our experiences and best practices. This plan provides a straightforward approach, which can be customized into a complex solution to suit every customer's needs.

        In general, the installation is quick, but the actual work is found in the process of onboarding new account(type)s as this requires a significant amount of communication and coordination.

        What's my experience with pricing, setup cost, and licensing?

        Try to create a good design with a CyberArk partner before you start thinking about licensing. Then, you will have a good view on the components needed to suit your environment from the start towards a fully mature environment.

        What other advice do I have?

        Do not think too big at the start.

        Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a certified CyberArk partner.
        PeerSpot user
        PeerSpot user
        IT Security Consultant at a tech services company with 10,001+ employees
        Real User
        It is clientless, and does not require any third-party product for any of its operations.

        What is most valuable?

        Every feature of this product - Password Management, Session Management and so on has its own value depending on different use cases, but I like:

        • It's a clientless product and does not require any third-party product for any of its operations (Password Management, Privileged Session Management).
        • For password and session management, it can integrate with any device/script with a password OOB or via a custom plugin.
        • Compared to other products, CyberArk is extremely easy to install and configure.

        How has it helped my organization?

        Due to regular growth of an organization infrastructure, managing passwords within the organization becomes extremely difficult.

        In larger organizations with a large user and infrastructure base, it can be very difficult to ensure that the passwords for privileged accounts are changed according to the organization security policy. This can be especially true in case of local admins for Windows and Unix boxes. Unmanaged/neglected local admins accounts lead to a major security threat.

        Another major risk is to monitor activities and usages associated with privileged accounts to hold people accountable for their actions.

        CyberArk helps organizations to manage all the privileged account passwords (server or workstation) in a centralization location as per organizational security policies. It also helps to hold people accountable by controlling and managing password usage using privileged session management.

        Accountability is set up using CyberArk OOB temper-proof reports.

        What needs improvement?

        CyberArk has evolved a lot in the last 16 years and has nearly all the features required for effective operation. The only area for improvement is using a native client while connecting to the target device instead of the current method of using a web portal (PVWA). CyberArk seems to be working on this area and we expect these features in coming versions.

        It would be great if in the future CyberArk considers launching an installer for Unix-based OSs.

        For how long have I used the solution?

        I have been using this product since 2010.

        What do I think about the stability of the solution?

        In my seven years of experience with CyberArk products, I have never seen an unstable environment due to product functionality. It's always lack of proper planning, inexperience and faulty configuration that leads to an unstable environment.

        What do I think about the scalability of the solution?

        CyberArk can be horizontally and vertically scaled, if it is well thought out during panning phase. As an example, if an organization feels that they may need high availability of Vault servers (CyberArk’s centralized storage for passwords and audit data) in the foreseeable future, they should consider installing CyberArk Vault in cluster mode instead of standalone mode. One can't use a standalone vault as a cluster vault or convert a standalone vault to a cluster vault, but in terms of increasing the number of passwords and session recording, underlying hardware can be scale to achieve desired size.

        How are customer service and technical support?

        Three-year support (unlimited case and call support) is free with license purchase but I would say sometimes it's not sufficient to resolve the issues with this model.

        Nonetheless, CyberArk Profession Services is quite impressive, even though it's a costly affair.

        Which solution did I use previously and why did I switch?

        I was part of the PIM product evaluation team at my previous organization. I stayed with CyberArk because is it's extremely easy to implement, and very stable when implemented with well-thought-out planning and experience. It has all of the required features for a PIM product, it does not have dependencies on third-party products for it to function and it is clientless.

        How was the initial setup?

        Initial set up is super simple and if planned properly, can be installed within a couple of hours.

        What's my experience with pricing, setup cost, and licensing?

        I cannot comment much on this because CyberArk has different pricing for its partners or resellers, and might also vary according to size of procurement.

        Which other solutions did I evaluate?

        Before choosing this product, I also I evaluated NetIQ PIM, Dell TPAM, CA PIM and ARCOS.

        What other advice do I have?

        Invest as much as possible in the planning and design phase. Consider at least future three-year growth in password and user base such as growth in virtual environments, and size accordingly. Also consider requirements like high availability of vaults, PSM and other components.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        Riyas Abdulkhader - PeerSpot reviewer
        Riyas AbdulkhaderSecurity Architect, InfoSec Consultant at Confidential ( Sensitive Industry)
        Real User

        New version 10.x had made the PAS Solution more graphical for the end users.
        Its uses the new gen CPMs and so can overcome the reconcile delays.
        Dashboard views also make it a bit enhanced.

        it_user445038 - PeerSpot reviewer
        Cyber Security Supervisor at a tech company with 1,001-5,000 employees
        Vendor
        Sys/DB admins and third parties no longer need to have system credentials.

        What is most valuable?

        • Password vaulting
        • Granular commands profiling with OPM

        How has it helped my organization?

        • Sys/DB admins no longer need to have system credentials (and the same for third parties)
        • Access profiling
        • Request demands from domain groups

        What needs improvement?

        The management console has a lot of functionalities, but is a little bit complex to use.

        Customer support and technical support can be better, compared with the level of products.

        For how long have I used the solution?

        I have used it for one year.

        What do I think about the stability of the solution?

        I have not encountered any stability issues.

        What do I think about the scalability of the solution?

        I have not encountered any scalability issues, technically speaking. Issues with the licenses can occur; the pricing model is not easy to understand.

        How are customer service and technical support?

        Technical support is 7/10.

        Which solution did I use previously and why did I switch?

        I did not previously use a different solution.

        How was the initial setup?

        Initial setup was very easy. We started integrating systems and providing access to systems within few days.

        What's my experience with pricing, setup cost, and licensing?

        From my experience, for small environments, the subscription licensing model is very cheap.

        Which other solutions did I evaluate?

        We also evaluate other solutions in the Magic Quadrant for PAM solutions.

        What other advice do I have?

        Before defining the solution’s architecture, clearly define your requirements and the kind of systems in scope. Some systems/device can be integrated out-of-the-box, others need customization.

        Plus: easy to deploy, highly customizable
        Minus: a little bit complex to integrate in large environment, complex rules/customization takes time

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        PeerSpot user
        Technical Manager, System Division at a tech services company with 501-1,000 employees
        Consultant
        We can monitor sessions in real time. If there's any unnecessary activity, we can terminate the session.

        What is most valuable?

        With the Privileged Session Manager, we can monitor sessions in real time and terminate the session if there's any unnecessary activity found. For example: We give access to user to access the server only to update patches, but if we find any activity not related to patch updates, we can terminate the session.

        How has it helped my organization?

        Actually my company/previous company does not use this product, but we sold it to our customer. This product helped our customer manage their privileged accounts. It’s easier to them to manage and control the privileged accounts.

        What needs improvement?

        It needs more plugin connectors for all devices. CyberArk currently can manage or make it easier to manage about 80% of our total devices. The rest still need R&D to develop the plugin. If CyberArk had more plugin connectors, the customer would not need to raise plugin development requests for several devices and CyberArk could easily connect to these devices.

        What I mean with CyberArk needing to improve plugin connector is that currently CyberArk is able to manage almost all devices (server, network devices, security devices etc.) which are more than 80% of all devices. In my experience device such as IBM OS/390 and Cisco TACACS still need custom plugin connectors developed by CyberArk R&D.

        If CyberArk IS able manage more than 95% from total devices it would help the customer to using it without raising a support ticket to create a plugin connector. CyberArk will more easier to manage all devices with no compromise

        For how long have I used the solution?

        I used this solution from mid-2013 until mid-2015.

        What do I think about the stability of the solution?

        So far, it is stable.

        What do I think about the scalability of the solution?

        This product is scales easily.

        How are customer service and technical support?

        Technical support is good. They have good technical teams around the world including southeast Asia.

        Which solution did I use previously and why did I switch?

        Most customers using a different solution switch to CyberArk because CyberArk is more user-friendly than its competitors and have more plugins compared to the others.

        How was the initial setup?

        Initial setup was actually easier.

        What's my experience with pricing, setup cost, and licensing?

        Start small.

        Which other solutions did I evaluate?

        Yes, we evaluate other options. The issue was about price, stability, scalability and the development of this product to ensure support.

        What other advice do I have?

        Contact the local distributor for help.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        it_user497118 - PeerSpot reviewer
        Senior Executive Information Security at a manufacturing company with 10,001+ employees
        Vendor
        It helps us proactively protect, detect and respond to in-progress cyberattacks before they strike vital systems and compromise sensitive data.

        Valuable Features

        • Password management and accountability for Privileged accounts
        • Identify, protect and monitor the usage of Privileged accounts
        • Record and control privileged sessions on critical systems i.e. Windows, Unix, DBs
        • Application credentials including SSH keys and hard-coded embedded passwords can be managed
        • Control and monitor the commands super-users can run based on their role
        • PTA is a security intelligence system that allows organizations to detect, alert, and respond to cyberattacks on privileged accounts.

        Improvements to My Organization

        Privileged accounts represent the largest security vulnerability an organization faces today. Most organisations are not aware of the total number of privilege accounts.

        Compromising privilege accounts leads to various breaches. With this growing threat, organisations need controls put in place to proactively protect, detect and respond to in-progress cyberattacks before they strike vital systems and compromise sensitive data.

        On implementing the CyberArk PIM solution, we are able to achieve this goal. Now, we are aware of the total privileged accounts in our enterprise. These are securely stored and managed by the Vault. The end users need not remember passwords for these accounts to use them.

        E.g.: A Unix Admin who has to login to a Unix server using the "root" account needs to log in to CyberArk and search for the root account, click Connect and he can perform all of his activities. We can enforce a command list on this account, monitor his activities and also get to know who has used this root account. The access to this account can also be restricted. The user does not have to remember any credentials.

        Room for Improvement

        Integration of this tool with SAML is a problem, as there is a bug. We’d like to be able to integrate AWS accounts in CyberArk.

        Use of Solution

        I have been using this solution for the past three years. I have implemented this solution for various clients from banking and pharmaceutical companies.

        Stability Issues

        I have not really encountered any issues with stability.

        Scalability Issues

        I have not encountered any scalability issues.

        Customer Service and Technical Support

        I rate technical support 9/10, very good.

        Initial Setup

        Straightforward, easy-to-install setup.

        Pricing, Setup Cost and Licensing

        It is expensive.

        Other Solutions Considered

        Before we chose CyberArk, we evaluated ARCOS.

        Other Advice

        Go ahead and use CyberArk. Request a demo.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        PeerSpot user
        ITSM & AntiFraud Consultant with 51-200 employees
        Consultant
        The ability to start the project, install and add the passwords in just a few days is valuable.

        What is most valuable?

        The most valuable feature is the password Vault which gives the administrator control over privileged accounts. The other components that are valuable are Private Session Manager, OPM, Viewfinity, and AIM, which came as an add-on to the organisation's needs. The ability to start the project, install and add the passwords in just a few days brings a big advantage for CyberArk.

        How has it helped my organization?

        The client can see all the users sessions through PSM, and can protect the applications on servers using AIM. Also, the Privileged Threat Assessment helps the organisation to see all the account risks, including accounts not managed by CyberArk, and accounts/machines with unusual behavior, etc.

        What needs improvement?

        The DNA scan should be able to scan Unix machines for privileged accounts.

        For how long have I used the solution?

        PIM tested in the last 2 years.

        What was my experience with deployment of the solution?

        We didn't have any issues with the deployment.

        What do I think about the stability of the solution?

        The product is very stable.

        What do I think about the scalability of the solution?

        I didn't have any issues with the stability. I usually recommend the client to increase the system requirements with 10%.

        How are customer service and technical support?

        Customer Service:

        Customer service is OK in Romania.

        Technical Support:

        I had direct contact with the local team and they are OK.

        Which solution did I use previously and why did I switch?

        No.

        How was the initial setup?

        Straightforward when you have the use cases and a SoW. Usually you follow the Installation Manual, and perform the after-installation tests, and you are sure that everything is OK. The only issue I had was with the anti-virus that was left on the server and that deleted some PSM files. You must always double-check the prerequisites, as you can have some surprises with the GPO that overrides your settings.

        What about the implementation team?

        I was part of the implementation team with support from the vendor.

        Which other solutions did I evaluate?

        We also looked at BalaBit Shell Control Box.

        Disclosure: My company has a business relationship with this vendor other than being a customer: Implementation partner with CyberArk.
        PeerSpot user
        it_user326337 - PeerSpot reviewer
        it_user326337Customer Success Manager at PeerSpot
        Consultant

        Tanmay, have you been able to make progress in your investigations of how to solve the difficulties you've been having with MS Clustering?

        See all 4 comments
        it_user225765 - PeerSpot reviewer
        IT Security Engineer at a tech services company with 51-200 employees
        Consultant
        The user interface needs some work, however, our security has improved.

        What is most valuable?

        It has the ability to monitor privileged sessions.

        How has it helped my organization?

        Our security has improved since implementing CyberArk.

        What needs improvement?

        The user interface needs to be improved. It could be done by getting the GUI to work with other programs from within internet browsers out of box.

        For how long have I used the solution?

        I've used it for one year.

        What was my experience with deployment of the solution?

        No issues encountered.

        What do I think about the stability of the solution?

        No issues encountered.

        What do I think about the scalability of the solution?

        No issues encountered.

        How are customer service and technical support?

        Customer Service:

        It's good.

        Technical Support:

        It's good.

        Which solution did I use previously and why did I switch?

        I didn't use a previous solution.

        How was the initial setup?

        It was straightforward as the documentation was rather clear. This made the implementation simple.

        What about the implementation team?

        I implemented myself.

        Which other solutions did I evaluate?

        I didn't evaluate any other options.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        Rodney Dapilmoto - PeerSpot reviewer
        Rodney DapilmotoSystems Admin Analyst 3 at CPS Energy
        Top 10Real User

        Being the primary administrator of CyberArk at my company, one of the biggest complaints I hear from end users is the user interface through the web browser. It has been recommended to use Internet Explorer for the PVWA, but we have found that Chrome and FireFox will also work for some end users. The ability to change the timeout value for the PVWA to remain in session also helps with customer experience and satisfaction. However, security requirements within your company will need to be taken into account when deciding how much time to allow the PVWA to remain in session.

        PeerSpot user
        Senior Manager of System Security at a tech services company with 51-200 employees
        Consultant
        ​The most valuable feature of this product is the Central Policy Manager but CyberArk can be improved in all areas

        What is most valuable?

        The most valuable feature of this product is the Central Policy Manager. From the Operation and Security point of view a robot that can connect to destination machines, change passwords at fixed times, and put them in the vault, like a person, and therefore, is the best that you can ask for.

        It combines more functionality in a single product and solve a lot of problem, from security to compliance.

        How has it helped my organization?

        It has improved many parts of the organization. From the security and audit perspective, we're now fully aware of who accessed data and from where they accessed it. This helped us with regulatory compliance. We've improved our level of security in many typically-unsafe environments, such as domains.

        What needs improvement?

        I think that this product can be improved in all the areas. The details usually are important as the funcionallity. So I think that understanding the request from the customer CyberArk, as is already doing, can improve day by day his product.

        For how long have I used the solution?

        I have used Cyber-Ark PAS since 2008, so thid is the seventh year that I will be working with it.

        What was my experience with deployment of the solution?

        Usually not. The biggest problem was the incompatibility or non-default installation of an OS to be managed by the Central Policy Manager.

        What do I think about the stability of the solution?

        Never encountered any problems with stability.

        What do I think about the scalability of the solution?

        Never encountered any problems with scalability. The Vault, Central Policy Manager, Password Vault Web Access, Privileged Session Manager and Application Identity Management architecture are designed to support scalability.

        How are customer service and technical support?

        Customer Service:

        It's improved over the years and now is very fast and efficient. We've got a very good Italian customer service.

        Technical Support:

        Very high level of technical support. Fast and organized.

        Which solution did I use previously and why did I switch?

        Never used a different solution.

        How was the initial setup?

        The initial setup is really fast, simple and straightforward. It consist of a simple Windows installation (next-next type) for any component. The only requirement is to do the installation step by step following a list of components to do beforehand.

        What about the implementation team?

        I work in a vendor team, and we installed the product in a large company.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        Buyer's Guide
        Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
        Updated: October 2022
        Buyer's Guide
        Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.