No more typing reviews! Try our Samantha, our new voice AI agent.
SatishIyer - PeerSpot reviewer
Assistant Vice President at a financial services firm with 10,001+ employees
Real User
Jul 6, 2022
Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK
Pros and Cons
  • "I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault."
  • "Since then, CyberArk's Privileged Access Management is still our central solution for the entire estate, including all our servers (Windows/Unix), databases, devices, and so on, with around 5,000 to 8,000 users globally."
  • "When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time."

What is our primary use case?

I work with the infrastructure access team in my organization and we have CyberArk as a primary solution along with a number of components for Privileged Access Management (PAM) and monitoring within the privileged access sphere.

We began with CyberArk in 2018, when we procured the licenses for CyberArk and all its components including the PAM suite and Endpoint Privilege Management (EPM). Our management took a call and we had to do a proof of concept to evaluate the product and see what it was capable of. As a product owner, I had six months to complete this. We evaluated a few specific use cases and presented our findings of the CyberArk's capability to management around the end of the third month.

Since then, CyberArk's Privileged Access Management is still our central solution for the entire estate, including all our servers (Windows/Unix), databases, devices, and so on, with around 5,000 to 8,000 users globally. Essentially, all access is managed through Privileged Access Management. That said, I am not sure to what extent all of the findings were carried forward after our initial evaluation because a lot of changes have happened within the organization. Our overall threat assessment, criteria, and even the framework has changed, now leaning towards a Zero Trust kind of strategy.

For instance, even for the tools that are used within the Privileged Access Management suite, there is a tighter alignment towards enterprise architecture, and we currently have a highly-evolved enterprise architecture group from which everything is driven. Earlier, individual units would have had their own licenses to see what they can do with them, but now things are more closely aligned with the overall enterprise architecture strategy. Given this, some of CyberArk's tools such as EPM have somewhat dropped off from the list of our priorities.

As for how we have deployed CyberArk, it's currently all on-premises. We do have a roadmap for transformation to the cloud, but I am not sure what kind of place CyberArk will have in that, as it depends on the enterprise architect's view on the cloud transformation. We have had some discussions around what to do about the cloud portion of our assets (e.g. VMs and such), what kind of monitoring we need, and so on, and I think that, among other apps, Splunk will likely become part of our toolset when it comes to the cloud. I believe we are also evaluating CyberArk's Cloud Entitlements Manager on this roadmap.

How has it helped my organization?

From a functional point of view, I would not have a concrete idea of how CyberArk has improved our organization because that information is better provided by someone from the operations team. Those kind of evaluations are typically done at a much higher level, probably at COO or a similar level, and they have a close alignment with the enterprise architecture group.

On a practical note, with CyberArk there is integration with your identity management system such that, when done properly, you can ensure that anyone from an administrator to production support personnel will gain the relevant access they need in good time. PAM offers integration with Active Directory, LDAP, and so on, and is fairly compliant with these kinds of approaches to identity.

What is most valuable?

I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault.

The second most useful feature is the monitoring of your privileged sessions. So you have an audit trail, where any privileged access session has to be authorized, and you have access to all the relevant monitoring controls.

What needs improvement?

When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time.

PTA is essentially the monitoring interface of the broker (e.g. Privileged Access Management, the Vault, CPM, PSM, etc.), and it's where you can capture your broker bypass and perform related actions. For this reason, we thought that this kind of mapping would be required, but CyberArk informed us that they did not have the capability we had in mind with regard to MITRE ATT&CK.

I am not sure what the situation is now, but it would definitely help to have that kind of alignment with one of the more well-known frameworks like MITRE. For CyberArk as a vendor, it would also help them to clearly spell out in which areas they have full functionality and in which ares they have partial or none. Of course, it also greatly benefits the customers when they're evaluating the product.

Buyer's Guide
Idira Privileged Access Manager
July 2026
Learn what your peers think about Idira Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,836 professionals have used our research since 2012.

For how long have I used the solution?

I've been using CyberArk Privileged Access Management since 2018.

What do I think about the stability of the solution?

CyberArk's PAM does what it's supposed to do, based on the interactions I've had with the folks from operations. There are the usual operational challenges, but it fulfills its basic purpose.

Stability assessments are conducted by a separate team that does risk assessments, so I don't have a lot of insight into this aspect, but considering that the product has been running for quite some time now and it's still the central solution for access management, I would reckon that it's a pretty stable product.

What do I think about the scalability of the solution?

There are different categories out there when it comes to scalability. In the case of bringing in new target systems, then sure, you can bring in what you need based on your licensing criteria. In terms of bringing in target systems which are not covered by the list of connectors that you have, this too is possible as there is scope for customization. Overall, I think it's fairly scalable and it does give decent support on the scalability front.

Our onboarding is progressing smoothly and at a steady pace. With the onboarding, you have new users coming on, and because it's a central solution, the rollout is global. There are even plans for extending the department in terms of increasing the redundancy of components, which is largely determined by operational performance reviews and so forth.

How are customer service and support?

In my personal experience as product owner assigned to various components, there have been challenges with the support at times. I would say that it has scope for improvement.

Which solution did I use previously and why did I switch?

I have used a similar solution, but it was closer to a desktop password manager kind of tool. It was made by IBM and it was something you could actually install on your desktop and manage your passwords around that.

Later on IBM developed the tool into something more enterprise-oriented, and it turned into what we would classify as a privileged access management solution. But otherwise, CyberArk was probably the first fully-fledged solution in this sphere that I have used.

How was the initial setup?

The initial part of the setup was quite good. When it came to Windows, we had success in the beginning stages, but later on we had to have a number of discussions with CyberArk with respect to the 'groups' nomenclature, as we wanted to have a very clear standard that could be used consistently throughout the organization.

The first iteration was mostly fast and easy, however at one point we realized that there was much more detailing needed to be done. So we went through another iteration with a more detailed design and came up with more comprehensive coverage of groups, or roles, as you might say. In total, I think it was around two years before the Windows part was comprehensively addressed, but after that, it was covered quite quickly. 

Before CyberArk's PAM, we had a legacy tool that was managing the privileged access for Windows and we had that decommissioned around this time, which was a victory of sorts.

What about the implementation team?

The first step of the implementation strategy was putting all the passwords in the vault, thereby securing them. We also had a tool called Application Identity Manager, which we used for mitigation of the hard-coded passwords. Only after the vault was in place alongside Application Identity Manager, were steps taken to deploy the PAM suite.

Back in 2015, we had about three or four full-time CyberArk Professional Services folks undertake an effort to implement it, but that project failed. All that was achieved was the central vault deployment, and I think they also had Application Identity Manager installed at the time, but nothing apart from that. So it didn't take off the way it was supposed to, possibly due to a misalignment with the top management and the enterprise architecture viewpoint. But later on, and toward the second half of 2016, things started picking up again and further steps were taken from 2017 onward to deploy the Privileged Access Management functionality.

Throughout the PAM deployment, there was a fairly large vendor team that we were working with. I reckon the vendor team size was around 45 to 50 people. Within the organization, there was another large team that was supporting with various roles, such as in engineering, architecture, operations, governance, and so on. In total, there were around 50 of the vendor's team and maybe 20 to 30 roles from within the organization. There were other layers of responsibility, such as the risk team, but all those were kind of on the outside of the deployment.

What was our ROI?

I don't have much access to the facts and figures surrounding ROI, but I would reckon that with the Zero Trust risk strategy that we have, the product does match some of our key challenges. For one, we have the vault solution, so the passwords are safe up there. And then we have brokering in place for some of the key platforms, so I would say that these positives, along with our strategy and roadmap, will decide the fate of the future of CyberArk within the organization.

What's my experience with pricing, setup cost, and licensing?

I'm aware that the organization had purchased licensing for almost all of CyberArk's solutions including licensing for PTA, EPM, and the Application Identity Manager. But when it comes to PSM, this is one of the components where there's an additional charge for any extra PSMs that you want to deploy. I believe that there's some rider where the vendor has a bit of leeway to, at times, charge a premium on whatever additional services you may require above the board.

What other advice do I have?

Based on my experience as a product owner, I would advise, firstly, to set up an enterprise security architecture as authority within the organization, and ensure that it is closely aligned with your business. Once that is set up, then the enterprise security architecture should determine the priorities of the business and, accordingly, you can lay out a roadmap and strategy.

From a product perspective, CyberArk may or may not fit into your organization based on what strategy you have detailed, or it may or may not fit your requirements. So I would definitely not recommend purchasing the tool first and then determining what to do with it next.

Regarding automation, we are adopting DevOps for the positives it brings, such as cost savings, efficiency, etc., yet there needs to be some checks and balances. Having a fully automated solution would require you to think through the security aspects very carefully. That is why alignment with the enterprise security architecture is of great importance when it comes to securing access across environments in an identity management solution.

CyberArk's PAM is based on the concept of identity, such that a user logs in with his or her identity. So whatever systems the user accesses, there is an audit trail that is tied back to that same identity. This can happen across multiple environments based on factors such as the separation of duties, where certain engineers may not be allowed access to certain areas of development. These checks and balances occur when we give access to those kinds of rules and permissions. There are some targets we have for automation, but if it's fully automated it wouldn't be all throughout our organization as we have found there are some pitfalls with full automation.

Now, when you bring the cloud into the picture, as with our own transformation roadmap, you can't just put a tool in front of you and then expect everything to fall into place from on-premises to the cloud. It does not work that way. You need to have a sound strategy from your enterprise security perspective and only then can you ensure that things will fall into place.

Concerning the UI, PAM has an administrative dashboard and everything, but from a monitoring perspective, we also rely on additional tools apart from what CyberArk offers. For least privilege and managing secrets, there's a tool from CyberArk for that, but I'm not sure we have any plans on using that solution.

Overall, I would rate CyberArk Privileged Access Management a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer0714174 - PeerSpot reviewer
CyberArk Product and Vendor Contract Manager at UBS Financial
Real User
Oct 1, 2023
Great session management, password management, and temporary access capabilities
Pros and Cons
  • "The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis."
  • "The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials."

What is our primary use case?

We use CyberArk to secure the last resort accounts by introducing dual control approval, ticket validation, temporary access, and regular password rotation.

It also allows us to introduce location-aware access controls with multiple sites having access to specific location-protected content.

Finally, the session management capabilities allowed us to introduce delegated accounts to secure access to all sorts of devices in an easy way, but without losing the individual traceability. 

How has it helped my organization?

It allows us to comply with the regulator requirements allowing us to operate in the different countries and to fulfil the security and compliance requirements.

In the end, it secures all the highly privileged accounts and protects the company from internal and external threat actors.

The solution is multifaceted and includes session management, password management, temporary access, ticketing validation, API access, single sign-on integration, load balancing, and high availability principles.

What is most valuable?

The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis.

The session isolation reduces the risk of exposure of the credentials and applying simpler network controls.

Web access allows the introduction of location-aware controlled access so that different locations can only access the data that is allowed to be retrieved from their sites allowing centralisation but fulfilling the regional requirements.

What needs improvement?

The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials.

The upgrade options are good but could be further simplified.

The high availability options could be improved, and the load distribution as well for both the vaults and the credentials managers.

The web interface should allow having multiple sites for location-aware access control within the same web server.

For how long have I used the solution?

I've used the solution for more than ten years.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Idira Privileged Access Manager
July 2026
Learn what your peers think about Idira Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,836 professionals have used our research since 2012.
Vishnu Ramachandra - PeerSpot reviewer
Security Engineer at Suraksha
Real User
Aug 31, 2023
A highly scalable PAM solution that needs to improve its GUI
Pros and Cons
  • "The most valuable feature of the solution stems from the fact that it's the best in the market. I haven't seen any other PAM solutions better than CyberArk Enterprise Password Vault."
  • "CyberArk Enterprise Password Vault's GUI has certain shortcomings that need improvement."

What is our primary use case?

My company uses CyberArk Enterprise Password Vault for privileged access management, a domain that the product fits under. CyberArk Enterprise Password Vault involves password rotations, recording of sessions, keystrokes, and securing sessions, which all come under the same category in the solution.

What is most valuable?

The most valuable feature of the solution stems from the fact that it's the best in the market. I haven't seen any other PAM solutions better than CyberArk Enterprise Password Vault.

What needs improvement?

CyberArk Enterprise Password Vault's GUI has certain shortcomings that need improvement.

For how long have I used the solution?

I have been using CyberArk Enterprise Password Vault for two years. I use the solution's latest version.

What do I think about the stability of the solution?

It is a stable solution, but sometimes its GUI lags if the load gets too much. If you try to click some buttons, responding will take five seconds instead of just responding immediately.

What do I think about the scalability of the solution?

It is a highly scalable solution.

My company has around 500 uses of the solution and 3,000 to 4,000 accounts, which can be scaled up to 10,000 or 15,000 accounts.

My company does not have plans to increase the usage of the solution.

How are customer service and support?

I am not an admirer of the product's technical support team. The product's technical support team doesn't know the product well enough to give customers suggestions, so they need to work on that part.

Which solution did I use previously and why did I switch?

BeyondTrust and LastPass were the two solutions I had used in the past.

How was the initial setup?

The initial setup of CyberArk Enterprise Password Vault is quite complicated, but if you follow the documentation, I don't think you should have any issues. The issues are only with the solution's support team and the GUI.

The initial deployment just takes about five days to a week if you have got all the network architecture right.

If you don't get the network architecture right, then the deployment could take two or three weeks.

For the deployment process, you should ensure you have some open IP ranges because CyberArk needs to talk to the cloud at its end, so you need to allow certain IPs to make certain connections, after which you need infrastructure and servers in place.

There is a Zip file for your environment, like an image you download from their website, which CyberArk's partners can access. Once you download the Zip file, there are a few scripts to run, and if the scripts run properly, your environment will be set up properly, after which you deploy the connector.

There is a need for an architect who is an expert in CyberArk and networking for the deployment and maintenance, along with one senior engineer.

What was our ROI?

The ROI for the solution is good because if you deploy the product, then you will not face any issues for five to ten years, especially if you manage it well.

What's my experience with pricing, setup cost, and licensing?

Payments have to be made on a yearly basis toward the licensing costs of the solution.

I would say that the solution is expensive because it's only preferred by the top-tier companies involved in banking or insurance who have no problem with budgets for their cybersecurity. A medium or small-sized company would prefer to use some other solution over CyberArk Enterprise Password Vault.

Which other solutions did I evaluate?

was not part of the evaluation process in my company. I wouldn't know why my company chose CyberArk Enterprise Password Vault over other products. I can say that I am comfortable with CyberArk Enterprise Password Vault.

What other advice do I have?

I recommend the solution to those planning to use it. I suggest that CyberArk's potential users invest in getting their own IT environments working perfectly before involving a team of CyberArk-certified engineers since it makes the process a lot easier. If you don't follow the aforementioned steps, then you will find yourself going back and forth to the product's support team, which will take you ages because they take time to respond.

I rate the overall solution a seven out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer907214 - PeerSpot reviewer
Director, CyberSecurity at ASHBURN CONSULTING LLC
User
Aug 22, 2023
Great credential rotation automation and privileged session management with helpful support
Pros and Cons
  • "The ability to develop and deploy applications with no stored secrets is very valuable."
  • "The greatest area of improvement is with the user interface of the Password Vault Web Access component."

What is our primary use case?

We use the solution for the full automation of tens of thousands of credentials across hundreds of different integrations. Our use case includes Windows, Linux, networks, security, storage, mainframe, and cloud (both Software as a Service and Azure platform based). In addition to the credential rotation, we use credential providers and privileged session management to greatly reduce the use of passwords in the environment. Users authenticate using MFA, Multi-Factor Authentication, and are able to access systems based on Role Bases authentication rules. 

How has it helped my organization?

The solution has improved security posture while greatly reducing administrative burden. We leverage CyberArk to deploy applications without the use of secrets.  

Applications authenticate securely to CyberArk using a combination of certificates and other extended application-identifying parameters to promote a secure DevSecOps environment.   

The extensibility of CyberArk has enabled us to develop custom integrations into Microsoft Azure leveraging KeyVault to synchronize on-premise and cloud secrets in a consistent hybrid credential management architecture.

What is most valuable?

Credential rotation automation combined with privileged session management are great aspects of the solution. It enables highly complex passwords that the end user never knows or sees. We have some use cases where administrative users will log in to highly privileged systems using a one-time use secret and immediately following their administrative session the password is rotated

The ability to develop and deploy applications with no stored secrets is very valuable. This keeps code repositories free of secrets and application authentication is centrally controlled and monitored.

What needs improvement?

The greatest area of improvement is with the user interface of the Password Vault Web Access component. The latest long-term support version of CyberArk (12.x)  still includes and still leverages the version 9.x UI in order to maintain some of the administrative functionality.   

The performance of the 9.x UI leaves much to be desired and there are still some administrative tasks that require the use of a thick "PrivateArk" client.   

Many improvements have been made over time, however, there is still work needed.

For how long have I used the solution?

I've used the solution for eight years.

What do I think about the stability of the solution?

The solution has been quite stable for many years and includes the functionality for clustering the multiple site replication, both of which we leverage for a high level of uptime.

What do I think about the scalability of the solution?

The solution is very scalable, however, with scale, there are certainly performance considerations.

How are customer service and support?

Support has been a mixed bag. First-level support has been extremely time-consuming to get to an escalation resource that can help us resolve our reported issue. In all fairness, we have a very experienced staff and generally only contact support for more complex issues. There have been improvements made over the years and the commitment to improving support. Still, there is work needed in that department.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did not previously use a different solution. 

How was the initial setup?

Setup depends on the complexity of the solution. A simple configuration could be up and running in a day.

What about the implementation team?

Our environment is run in-house by a contract team with expertise in CyberArk.  However, we do leverage the vendor for major upgrades and have used their technical account manager services in the past

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
IT Manager at BCBS of MI
Real User
Aug 22, 2023
Good notifications, solid support, and agentless architecture
Pros and Cons
  • "I find value in notifications from CyberArk when passwords fail verification and have other issues."
  • "The current interface is not very intuitive."

What is our primary use case?

CyberArk PAM is used to secure passwords and remediate audit findings. CyberArk PAM is used to manage access to passwords, rotating these after use or on a regular basis, and verifying the passwords on the system match what is in the vault on a regular basis. Passwords are managed in this manner on both Linux and Windows servers.

How has it helped my organization?

CyberArk PAM ensures that passwords on Linux servers are highly secure, regularly changed, and completely auditable. This saves enormous amounts of time when responding to audits and security concerns. And the scheduled verification of passwords ensures that passwords remain available when needed and stay secure. CyberArk has become the standard tool for password management.

What is most valuable?

I find value in notifications from CyberArk when passwords fail verification and have other issues. Investigation of these issues often uncovers other issues. The way safe security is handled is outstanding and makes it easy to provide safe access to those who need it and deny safe access to those who should not have it.  

Another valuable feature is the agentless architecture of the product. Using native processes to manage passwords and not having to install and update agents is a huge plus.

What needs improvement?

A more friendly and functionally complete user interface would be nice to have. The current interface is not very intuitive. It is somewhat clunky and difficult to navigate, and many times have to toggle between the somewhat underdeveloped new interface and the older classic UI. This state of basically having two interfaces is a prime opportunity for CyberArk to improve its product.

Also, it would be nice if the vaults could run on Linux instead of Windows.

For how long have I used the solution?

I have been working with CyberArk for more than ten years in various capacities ranging from end user to safe/vault administrator to application administrator.

What do I think about the stability of the solution?

The solution is incredibly stable.

What do I think about the scalability of the solution?

We have not run into any scaling issues.

How are customer service and support?

CyberArk support is pretty solid.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

The initial setup is more complex than simple, however, not daunting.

What about the implementation team?

We worked with the vendor team who were very knowledgeable during the implementation.

What's my experience with pricing, setup cost, and licensing?

The PAM product isn't low-cost, however, it is worth it. Go with a longer-term agreement to realize lower costs.

Which other solutions did I evaluate?

CyberArk PAM was chosen before I got involved so I am not aware of which other products were evaluated. However, we have never had to go back and review the decision to use CyberArk.

What other advice do I have?

Use CyberArk professional services when needed. They are very knowledgeable and experienced which means engagements have a high success rate.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
UmeshKumar4 - PeerSpot reviewer
Security Consultant at Ernst & Young
Real User
May 16, 2024
Offers password rotation and makes session recordings compulsory for data protection
Pros and Cons
  • "Password rotation is the most valuable feature"
  • "The solution should be able to mitigate internal threats"

What is our primary use case?

I use the solution mainly for credential tasks. For instance, if the company I work for has recent data stored in a privileged report and needs security from cyber attackers, CyberArk Privileged Access Manager is used. The solution helps provide access only to authorized users and rotate passwords every sixty or ninety days. CyberArk Privileged Access Manager also allows the configuration of the password either manually or automatically. 

In our organization, Privileged Session Managers (PSM) assist in recording sessions of a particular server using the solution. The product allows users to utilize different permissions, such as end-user, auditor, and administrator permissions. For CyberArk Privileged Access Manager, administrators have the major access to implement tasks like creating, changing, rotating the password and adding new users. 

What is most valuable?

The most valuable feature of this tool is the password rotation feature. Another vital feature of the solution is the Safe feature, which acts as a container. Only accounts included within the Safe can access a particular server. 

The solution allows the distinguished use of PSM and PSMP for a Windows and Linux server, respectively. The tool makes all session recordings compulsory and cannot be tampered with. It also eliminates hard-coded credentials and supports demand-based applications.  

CyberArk is very popular and provides a lot of features compared to competitors' PAM tools, which is why many customers are migrating to CyberArk's Privileged Access Manager. 

What needs improvement?

The solution should be able to completely mitigate internal threats. For instance, if an employee of a company saves the CyberArk passwords in a system, then another employee might be able to use it and log in, so there remains an internal threat when using the solution.  

The feature of giving user access through a Safe should be modified. The solution should allow users access directly through an account, and the Safe concept needs to be improved. 

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for the past two years. 

What do I think about the scalability of the solution?

In my organization, about ninety to one hundred people are using CyberArk Privileged Access Manager. 

How was the initial setup?

It's easy to setup and install CyberArk Privileged Access Manager. Multiple components need to be installed for the solution. Often, the PVWA, PSM, and CPM need to be installed. If an organization has a Linux account, then PSMP needs to be installed for using the solution. While installing the solution, the Vaults need to be defined, if it's a standalone Vault or a cluster Vault. A cluster Vault is mostly implemented for disaster recovery to replicate data when something happens to the main Vault. 

What's my experience with pricing, setup cost, and licensing?

CyberArk Privileged Access Manager comes at a high cost. But the solution is worth its price. 

What other advice do I have?

I would recommend the solution to others depending on their goals. If the aim is to protect an organization's data and use PAM, then one should use CyberArk Privileged Access Manager. If the goals include detecting malicious activity, onboarding privileged accounts, and maintaining data accounts, then an organization should adopt the solution.   

I have used the solution's session monitoring capabilities to monitor user activities. The solution's session monitoring feature can be useful for monitoring a user while the person logs in or performs other molecular activities.  

CyberArk Privileged Access Manager is difficult and time-consuming to learn in comparison to other IAM tools. There are multiple components, like the vault, that need to be understood before using the solution. But basic administrator tasks like onboarding accounts and rotating passwords will be easy for a beginner user of CyberArk Privileged Access Manager. A beginner-level user of the solution may face challenges with secret rotating, management and AIM handling.  

I would rate CyberArk Privileged Access Manager an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
System Administrator at Porto Editora
Real User
Top 5Leaderboard
Apr 20, 2024
Passwords are stored securely within the vault and eliminates the need for users to store passwords in less secure locations
Pros and Cons
  • "The password protection itself is the most important feature. It's something we didn't have before."
  • "The session monitoring and recording feature is also a good feature feature, but we're currently experiencing an issue with session monitoring not working correctly. We're working with CyberArk to resolve it. We aren't able to view active sessions or historical recordings of sessions."

What is our primary use case?

Primarily, I import accounts from our critical systems.  

How has it helped my organization?

Knowing that our passwords are stored securely within the vault has been a big improvement. It eliminates the need for users to store passwords in less secure locations.

We want to integrate it with our IT service management platform and our SOC solution, but that's a future project.

What is most valuable?

The password protection itself is the most important feature. It's something we didn't have before.

Moreover, the interface is intuitive. It is clear and user-friendly. 

What needs improvement?

The session monitoring and recording feature is also a good feature feature, but we're currently experiencing an issue with session monitoring not working correctly. We're working with CyberArk to resolve it.

We aren't able to view active sessions or historical recordings of sessions.

It is complex, which is something I know CyberArk is working on. They're trying to simplify certain administration tasks because a common critique is the level of complexity. But overall, we can do everything we need with it.

So, CyberArk could still focus on making it more user-friendly.

For how long have I used the solution?

I have been using it for a year. 

What do I think about the scalability of the solution?

So far, we haven't had any scalability problems.

We have around 50 licensed users – primarily administrators. We currently manage about 5,000 accounts with CyberArk.

How are customer service and support?

Sometimes, the initial response time is a bit slow, but once the customer service and support take on a case, they resolve issues quickly.

How would you rate customer service and support?

Positive

What about the implementation team?

CyberArk handled the primary setup tasks. We worked with a partner to implement additional components and now have the knowledge to manage the solution ourselves.

The implementation process took around eight months. 

What was our ROI?

There has been an ROI. 

We expect to see a full return on investment within the next three years. This was part of our long-term security plan.

What's my experience with pricing, setup cost, and licensing?

It is expensive, but the cost is justified considering the security it provides. Compared to other solutions, it is costly. We have not tried other solutions, but the price is high. 

We only license Password Vault.

Which other solutions did I evaluate?

My company evaluated another solution like Delinea but preferred CyberArk due to its robustness and flexibility.

I like its flexibility, while adding some complexity, allows us to fully customize the solution to our needs.

One of the main advantages is the way we can connect from outside. We use a portal that provides secure access to our systems without needing a VPN. We just scan a QR code, and we're connected. We do not need to use a password and we are in through the QR code scan. 

What other advice do I have?

I would recommend using it. Overall, I would rate the solution a nine out of ten.

It's a very complete solution for what we need.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer0275214 - PeerSpot reviewer
IT Manager at Genpact - Headstrong
MSP
Sep 14, 2023
Good reporting and MFA with easy integration capabilities
Pros and Cons
  • "CyberArk PAM can be easily automated."
  • "There should be more models and licensing plans for this software."

What is our primary use case?

In my organization, we are using CyberArk Privileged Access Manager to enhance the security of an organization's critical systems, mainly by securing privileged accounts (e.g. administrator passwords, SSH keys, and API tokens). 

We are also using Cyber-Ark for access control by ensuring that only authorized personnel can access privileged accounts and sensitive systems. 

very important for us is also Session Recording and Monitoring. We can record and monitor privileged user sessions in real time for auditing purposes. 

How has it helped my organization?

CyberArk Privileged Access Manager significantly improved our organization's security. Mainly, it has enhanced our ability to secure privileged accounts. Centralized management of identities ensures that credentials are stored securely. Also, the automated rotation of passwords reduces the risk of leaks.

The session recording feature adds great value and helps with auditing administrative activities.

CyberArk PAM can be easily automated, which saves a lot of time and administrative effort.

What is most valuable?

For our organization, the most valuable features of CyberArk PAM are:

  • Credential Management. The automation of the retrieval and injection of credentials into sessions, and automation of password rotation.
  • Session Recording. It gives us the possibility to record privileged user sessions for auditing and compliance purposes. 
  • Ease of integration. CyberArk can by integrated with multiple systems and applications.
  • The possibility of using Multi Factor Authentication (MFA) which increases security
  • Reporting module. This allows us to generate reports based on session activity

What needs improvement?

Cost management. There should be more models and licensing plans for this software. They should also be flexible, allowing you to purchase selected features at a favorable price.

User Experience. The current interface is OK, however, sometimes it is not very intuitive. There is also no possibility of advanced modification and adaptation to your own needs and requirements.

Performance. The performance of the application could be a bit better, especially in the case of remote sessions - delays in remote sessions can be annoying.

For how long have I used the solution?

I've used the solution for about five years. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Technical Architect at a tech vendor with 10,001+ employees
MSP
Top 5Leaderboard
Feb 25, 2025
Great password management and Privileged Threat Analytics with good auditing capabilities
Pros and Cons
  • "The product has allowed us to improve both the management and access to privileged credentials, while also creating a full audit trail of all activities happening within isolated sessions of all tasks and activities taking place within the solution."
  • "The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow."

What is our primary use case?

The solution is used to provide privileged access management to our datacentre environments, for anyone with admin rights with infrastructure or applications within the datacentres. Authentication to the solution in the PVWA (Password Vault Web Access) with onward connectivity via the PSM for Windows (PSM) as well as the PSM for SSH (PSMP). These provide the session isolation, audit, and session recording capabilities that CyberArk offers. The use of Privileged Threat Analytics (PTA) adds more control functionality to the solution.

How has it helped my organization?

The product has allowed us to improve both the management and access to privileged credentials, while also creating a full audit trail of all activities happening within isolated sessions of all tasks and activities taking place within the solution. 

This includes sessions via the solution and sessions to administer the solution itself. From a user perspective, we no longer need to try and create or remember complex passwords or have to be concerned about when they will change as the solution takes care of this and can and does populate these credentials for you so mistyping a complex password is a thing of the past.

What is most valuable?

Password management is a great feature, as all passwords are changed more frequently. This can be scheduled in line with a specific policy requirement or each time the credentials are returned to the pool for reuse and are always compliant with the password policy however long or complicated the policy states that they need to be. 

Another great feature is the Privileged Threat Analytics (PTA) as this can stop a session based on prescribed risk and bring it to an end or pause it pending approval to proceed.  

What needs improvement?

The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow. That said, it has been moving in the right direction with features becoming available in the v10 interface and some user features are available in both classic and v10 interfaces. I would love to see all the classic interface features moved into the v10 interface or available in both interfaces within the next version. 

For how long have I used the solution?

I've used the solution for about eight years.

What do I think about the stability of the solution?

The solution has been very stable.

What do I think about the scalability of the solution?

The solution performs well, however, based on the user base may require a sizable footprint.

How are customer service and support?

Support does vary depending on how critical your issue is and if it needs to be elevated to dev support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Our previous solution was not a PAM solution and these days you can't afford to not use one.

How was the initial setup?

The setup is not complicated when trained staff are used.

What about the implementation team?

We handled the initial setup in-house.

What's my experience with pricing, setup cost, and licensing?

Set-up costs can be minimized by controlling the number of applications that are made available within the solution. The newer licenses are per user and open up access to a suite of products, the best value, and security can be achieved by using more of the products.

Which other solutions did I evaluate?

We looked at other products like Delinia and Wallix.

What other advice do I have?

Take advantage of the vendor's training or use a good partner to provide support and administration.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Real User
Aug 23, 2023
A highly scalable solution with good features, like session recording
Pros and Cons
  • "The most valuable feature of the solution is session recording."
  • "There is a little bit of confusion in the implementation part, especially when one tries to understand the actual working of the product."

What is our primary use case?

My company uses CyberArk Enterprise Password Vault for our servers and when our IT partners try to access our mission critical systems. We have also integrated the product with software tools used for authentication purposes. Our company's IT uses LDAP credentials to log in to the PVWA application while also being able to use granted privileges on one or more servers.

What is most valuable?

The most valuable feature of the solution is session recording.

What needs improvement?

There is a little bit of confusion in the implementation part, especially when one tries to understand the actual working of the product. The ones involved in the implementation of the product did not show the people in our company how they work on the product. The aforementioned area can be considered for improvement.

For how long have I used the solution?

I have been using CyberArk Enterprise Password Vault for a year and six months. The product is used in my company. I use CyberArk Enterprise Password Vault Version 12.0. I am a customer of the product.

What do I think about the scalability of the solution?

It is a scalable solution.

We upgraded the solution even though we had subscribed to the product for ten years in our company. In our company, we wanted around 50 employees to be able to operate the solution.

How are customer service and support?

From my end, I have not used technical support. I don't know if my colleagues have faced any problems because of which they had to contact technical support.

How was the initial setup?

The implementation took place over a period of three months.

The solution is deployed on-premises.

What's my experience with pricing, setup cost, and licensing?

CyberArk Enterprise Password Vault is a very expensive product.

I believe that the charges for maintenance and support are already included in CyberArk Enterprise Password Vault's pricing policy.

What other advice do I have?

I will tell those planning to use the solution that it is a very expensive solution. Due to the cyber security constraints of the product, most of the companies are forced to update by paying money to CyberArk, which I feel is one of the problematic areas in the product. Feature-wise, it is a very good product.

I rate the overall product a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Idira Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Idira Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.