No more typing reviews! Try our Samantha, our new voice AI agent.
Aakash Chakraborty - PeerSpot reviewer
IEM Consultant at iC Consult GmbH
MSP
Aug 9, 2022
Bug-free, reliable, and pretty straightforward
Pros and Cons
  • "It is a scalable product."
  • "The solution is stable and reliable."
  • "I would love them to improve their UI customizing features."
  • "They should allow further customization as it's really hard to do any further customizations over CyberArk."

What is our primary use case?

Privileged Access Management is basically used to just keep track and log. We have to provision those accesses. If a newcomer comes, they have to be identified to ensure they are the correct users. So for those, there is a web implementation where there are some products that you can order, then they're approved. Depending on that mechanism, it's been decided, oh, this is a valid user. That's how it's been managed.

How has it helped my organization?

Privileged Access Management in CyberArk is one of the very first features that was implemented as part of Privileged Access Management. Then came Endpoint Manage and finally the Password Vault. From the very beginning, once Identity Access Management as a service started, with Dell One Identity Manager as the first service. Then came CyberArk. I don't think there is an additional benefit that it has brought. It's sort of an essential commodity in the entire Identity Access Management infrastructure.

What is most valuable?

For me, Privileged Access Manager and One Identity sort of merge together. For me, the best part of CyberArk is Password Vault and Endpoint, basically. If you ask me what's there that, it's that everything is pretty straightforward. There is no confusion. It's a pretty straightforward application to work on.

It is a scalable product.

The solution is stable. 

What needs improvement?

They should allow further customization as it's really hard to do any further customizations over CyberArk. We do have a wrapper of customization. However, it's very difficult, especially their web implementation. That's one thing I would say they can improve. With Angular and everything on the market, they still have their in-house web implementation tool, which is sort of a headache. 

I would love them to improve their UI customizing features. 

You simply cannot install the demo UI in every customer, basically. They would always ask for something to make their UI look a little different -  simple things like their logo or some sort of additional information pertaining to their particular customer. Even doing the smallest of changes takes a lot to do. 

Buyer's Guide
Idira Privileged Access Manager
July 2026
Learn what your peers think about Idira Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,836 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is stable and reliable. 

I haven't been faced with intermittent bugs like I do on One Identity.

With CyberArk, we rarely get those situations. It's a very, very stable software. You rarely need to raise any bug or service request with them.

What do I think about the scalability of the solution?

It's pretty scalable. Although we haven't increased our infrastructure once, we have installed the latest version. Even then, adding other infrastructure items into the portfolio is not a big deal once you have done the initial installation.

Our organization is more than 30,000 to 35,000 people. However, only a handful of them are entitled to Privileged Access Management. There might be only 5,000 users. It is used quite extensively.

Which solution did I use previously and why did I switch?

It sort of was implemented with One Identity Manager when Identity Access Management came into the picture. In early times when there was simply Excel as an identity access manager, and then there was nothing basically. Once there was the onset of proper identity access management without in-house custom tools or proper streamlining process, this solution was added. Initially, One Identity was sort of used as a Privileged Access Management also. However, soon they realized that it lacked in a lot of places for Privileged Access Management. That's when we went to CyberArk. That was way before my time.

How was the initial setup?

I have been part of the initial implementation. However, the day-to-day operational tasks are being handled by a different team.

I was part of a migrational project. When I joined this organization, they were just migrating from the last stable version to the present stable version. It was pretty straightforward. There was, in my organization at least, documentation that was a bit more thorough to follow. That helped me a lot.

The implementation takes quite some time. Even in production, we have to instantiate the service. We had to take a special weekend, which means downtime since this is a critical application. Therefore, moving this takes some time. It's not that there are glitches and all. It's such a heavy application that requires moving so many things. For us, it took around nine to nine and a half hours roughly to deploy. This is considering if I take off all the in-between stoppages and breaks.

Privileged Access Management is a complex topic. I won't say that any of the tools are straightforward. That said, if you are thorough, then it's pretty straightforward for people who are in this industry.

I'd rate the setup process a four out of five in terms of ease of implementation.

What other advice do I have?

With every security tool, new users learning by themselves is a bit difficult since the material isn't openly released. It's released if you have a partnership or if you pay for the software. That makes learning the tool a bit difficult. If you are interested in learning, the only thing is to get a job in that field. If your company is using it, it's like learning by doing. That's the only way you can learn about this product.

I'd rate the solution eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
reviewer1706796 - PeerSpot reviewer
Security Lead at a insurance company with 1,001-5,000 employees
Real User
Nov 18, 2021
Its architecture is much more secure compared to competitors
Pros and Cons
  • "We've written over a hundred custom connectors ourselves that allow us to do all types of privileged session management for various applications. On top of that, the rest of the API-based central credential providers allow us to get away from credentials that may be hard-coded in the script or some application."
  • "Overall, as a partner in our digital transformation, CyberArk has been great."
  • "Many of the infrastructure folks who use the product dislike it because it complicates their workflow. They get a little less control, and they have to go through a specific solution. It proactively logs in for them, which obfuscates some of the issues that they may be troubleshooting."
  • "Many of the infrastructure folks who use the product dislike it because it complicates their workflow."

What is our primary use case?

CyberArk's Privileged Access Management solution covers a whole range of features, like privileged web access, private vault, privileged session manager rights for a session in isolation, privileged threat analytics for analytics, and private sessions. We also use CyberArk's Application Access Manager, which includes their credential providers, such as agents and run servers. Then there is a central credential provider, which is API-based credential retrieval, and DAP or Conjur. This is more of a DevOps model for credential provisioning. We also have the Central Policy Manager, which rotates the credentials associated with unprivileged or servers accounts. It's a huge environment. 

Those are all the different functions we use. We initially purchased CyberArk for privileged access manager and session isolation of privileged users. By privileged users, I mean main admins, global admins, and preps like Azure or Office 365. Our initial use case was to manage those users who could drastically impact the environment if their credentials were compromised.

After we purchased the product, we had a third party on it. They suggested we also leverage CyberArk as part of the platform for managing service accounts, i.e. go out and proactively rotate credentials that are running or ordering services. That's another kind of big use case that we started implementing a couple of years. It's long work. It is tough to do, there's a lot of cases where it just doesn't work right, but overall it's been pretty valuable.

How has it helped my organization?

From a security perspective, CyberArk PAM gives us a lot of control and visibility into what our privileged users are doing. In terms of securing our cloud-native apps, we're just getting into deploying things to Azure, AWS, etc., and DAP brings a lot of value to that because it is cloud-agnostic credential retrieval. Azure has their key vaults, and AWS has their version if you are a multi-cloud solution. CyberArk's Secrets Manager, or DAP, brings a lot of value because you only have to learn how to integrate your apps with one solution that can be deployed across multiple clouds. 

I will say that CyberArk is struggling with some of the cloud integrations. For instance, Azure has a native identity solution, and Microsoft keeps causing issues with their ability to identify the hosts calling back. Some cloud providers are trying to lock CyberArk and other tools out of their environment and force you to use their native one. With that said, I don't use the other functions. I don't use the containerization Kubernetes integration or anything like that. We're not at that point yet. One of my significant concerns about investing a lot of time in CyberArk Conjur or DAP solution is that Microsoft seems to be trying to push them out of that space, and if they do that, then all of that work is null and void.

What is most valuable?

In our initial use case, we found CyberArk's privileged session management functionality to be incredibly flexible. It's challenging to write these plug-ins, but if you have somebody with a development background, you can write all sorts of custom connections to support different functional applications. We've written over a hundred custom connectors ourselves that allow us to do all types of privileged session management for various applications. On top of that, the rest of the API-based central credential providers allow us to get away from credentials that may be hard-coded in the script or some application. 

What needs improvement?

CyberArk's web console isn't in a great state. Over the last three years, if not more, it has been transitioning from what they call the "classic UI" to its modern interface. However, there are a lot of features that you can only use in the classic interface. Hence, each version seems to put more makeup on the modern interface, but all of the complex functionality you need is still in the classic UI. 

I'm not sure they've figured out how to transition, and they're kind of in a weird state. So, while CyberArk has made strides, the web interface is painful, particularly as an administrator, because you have to bounce between these different user interfaces. It is an incredibly complex solution that requires at least a dedicated employee or more to maintain it, support it, and understand it thoroughly. If you don't have that, it's just not the right solution for you because it is very complicated. 

Many of the infrastructure folks who use the product dislike it because it complicates their workflow. They get a little less control, and they have to go through a specific solution. It proactively logs in for them, which obfuscates some of the issues that they may be troubleshooting. And I think some of the consumers aren't big fans of the product. Also, I feel that in the last year or so, CyberArk has been pushing very hard for customers to go to their cloud solution. It doesn't have the same flexibility as the on-premise version, which is problematic because that's where I see a lot of value in the solution.

For how long have I used the solution?

I've been using CyberArk PAM for about four years now.

How are customer service and support?

CyberArk support isn't the worst, but it's certainly not the best. I'd give it a six out of 10. They were responsive. After you submit a ticket, you get the typical response. You gather all the logs and send them, and then they do some analysis. They typically send you back to get more specific logs, so it's a standard support experience. I would not say it's great, but it is not terrible either.

Overall, as a partner in our digital transformation, CyberArk has been great. The technology adds a lot of value, but they're also very much engaged and concerned. The customer success manager very much wants to make sure we're getting value out of the tool. I guess my only concern there is that they are pushing very heavily for customers to switch to their new cloud solutions that may or may not fit our needs or expectations. I am worried that they're going to push even harder. For example, CyberArk might start offering features only available in the cloud solution that would make our future somewhat tenuous depending on what's going on. So my only hangup is that they're pushing cloud solutions that I don't think are very mature yet.

How would you rate customer service and support?

Neutral

How was the initial setup?

The environment's architecture is very complex, depending on your use cases, and I'm talking about CyberArk as a whole. Their past solution — their AM solution — and all of the other solutions bundled together are straightforward, and it all needs to work together. Depending on your use case and the connected components you need to have or build, you must learn a lot. So, it's not as simple a thing to deploy — at least on-premise. It isn't straightforward. Our environment comprises 20 to 30 servers that we had to spin up and connect. Disaster recovery has to be thoroughly vetted, discussed, and documented because as you onboard and manage those privileged accounts, you need a way to get to them if something goes wrong.

It took about a month to get the product running and several months to onboard users. And when we start talking about Application Access Manager, that's ongoing, and I think that'll probably be ongoing for a very long time. We were targeting our specific use cases, so we started with interactive users. The whole idea was to restrict, manage, and monitor those interactive users. Our rollout proceeded from the most privileged users to the less privileged users. Then we started targeting service accounts and that kind of stuff. So it was a phased approach from highest risk to lowest risk to lower risk.

CyberArk PAM requires a lot of maintenance. Right now, we have about one and a half people, but I would say we need to add several more people to do a better job and add a lot of functionality. It requires a lot of maintenance and monitoring. They've relied on many different Microsoft features to secure the privileged session manager. It requires a lot of tuning, monitoring, and managing those solutions. They use AppLocker to restrict and isolate these running sessions, and AppLocker breaks all the time, so you have to go in and troubleshoot why it's broken and tweak it. That could mean adding a new rule or updating an application. It is a lot of maintenance, depending on your use case. But then again, we have gone very hard into privileged session management and developed over a hundred custom connectors. Another customer might deploy RDP and call it a day, drastically reducing maintenance.

What was our ROI?

If you ask me the ROI, I'm not sure I could give you an exact number. Security tools are pretty tricky when it comes to that. But if you're adopting a risk-based approach, this substantially reduces risk. It brought a lot of visibility and allowed us to monitor all of our privileged users, so it is valuable from the perspective of KPI, modern solutions, and risk reduction. If we were to score this on an internal risk review, our previous risk would rank four out of five, and we've lowered this to a low severity risk.

What's my experience with pricing, setup cost, and licensing?

CyberArk had just changed switched their licensing model to perpetual licenses when we purchased, including the whole PAM Suite. Before we bought it, they were licensing each function individually, which got complicated and very expensive. When we decided to buy it, it was much more straightforward and still quite expensive, but it brings a lot of value and risk reduction to the organization. 

In the last year or so, it's my understanding that they have switched from a perpetual licensing model to pushing companies to a subscription-based model. I have not dealt with this yet, so I'm not sure my feedback on licensing would be too valuable because they've moved away from the license type we purchased.

Which other solutions did I evaluate?

This was our first foray into the PAM space. We did a proof of concept evaluating three different solutions, so CyberArk was the clear winner. I don't want to speak ill of any other solutions, but I will say that CyberArk's architecture was much more secure. Other competing solutions may leverage an agent that is installed on your local machine and runs your privileged applications locally, leaving a lot to be desired from a security perspective. 

CyberArk uses remote desktop gateways similar to Microsoft's RDS functionality, and it abstracts that privileged application from your workstation. So even if you're compromised, a malicious actor on your laptop or workstation would not be able to get to that privileged application. This was very valuable to us. Other solutions did not have that functionality.

What other advice do I have?

As it stands today, I would rate CyberArk PAM nine out of 10. However, I'm concerned about the future of the platform. While I've had nothing but great experiences so far, I have concerns about how they've been pushing that cloud solution in the last year and a half. I feel like they're going to pressure us to move to the cloud even though they're not mature enough in the cloud. 

Rather than create a cloud-native version, they've migrated their on-premise solution to the cloud, but they don't allow cloud customers to access the backend, which I recommend all the time as an on-premise user. Instead, you have to submit a support ticket and have their support do things on your behalf, which delays your ability to work with the tool. Furthermore, they may not be willing to make the modifications you want because it would affect their ability to impact the solution consistently. CyberArk designed the on-premise version to be incredibly flexible, and I have never found a use case where I can't do the work I want to do. Their cloud model discards a lot of that flexibility, which is where I see a lot of value, so I have concerns about the future of the tool.

Also, I'd like to point out that service account management is incredibly hard, particularly in a company that's been around for a while. Any company looking to adopt service account management needs to know that it's not as easy as vendors make it sound. Many things don't work right out of the box, so the most important lesson we've learned is to calibrate the expectations of senior management when it comes to service account management because it is a lot harder than anybody thinks. You're likely to break things in the process of trying to manage these accounts. 

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Idira Privileged Access Manager
July 2026
Learn what your peers think about Idira Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,836 professionals have used our research since 2012.
Security Engineer at ITAM
Real User
Jul 4, 2024
Helps to store password and do authentication
Pros and Cons
  • "We have the identity provider for all the authentication processes. However, sometimes, we need access to different applications for customers or clients that are not integrated into the identity provider. For these, we need to store a password to gain access. For example, we use the CyberArk Password Vault for third-party services. This vault needs to be shared with many people in our company."
  • "The main challenge was integrating with in-house IT and business applications, which are not standard. We needed to create special updates for that kind of integration."

What is our primary use case?

We have the identity provider for all the authentication processes. However, sometimes, we need access to different applications for customers or clients that are not integrated into the identity provider. For these, we need to store a password to gain access. For example, we use the CyberArk Password Vault for third-party services. This vault needs to be shared with many people in our company. 

This allows us to store passwords and create privileged access for some users without them needing to know the password. The system inputs the password into the endpoint URLs they use for authentication, but the users never see the password. This is crucial because people may leave the company, posing a high risk. If we had integrated it into the identity provider, we would have policies for active directory users but not for users outside the company.

For example, our development teams need to connect to databases, systems, and cloud services during development. The developers don’t get access to third-party services. We use the solution to manage this access. The application being developed and deployed integrates with CyberArk Password Vault services.

What needs improvement?

The main challenge was integrating with in-house IT and business applications, which are not standard. We needed to create special updates for that kind of integration.

For how long have I used the solution?

I have been working with the product for three to four years. 

What do I think about the scalability of the solution?

The solution is 99 percent scalable. 

How are customer service and support?

Sometimes, support is not easy because you need to share the company's architecture. Maybe they are on time, but they don't understand the specifics we're talking about. Communication can be an issue, especially when speaking with people whose first language isn't English. There can be difficulties with understanding and making sense of conversations. So, outsourcing support can sometimes be challenging.

How would you rate customer service and support?

Neutral

How was the initial setup?

CyberArk Enterprise Password Vault's deployment is complex. 

What other advice do I have?

I have been working with the new services and don't see any additional issues at this hour. The key requirement is to have people who understand not only the tool but also the concepts and how to view it from an architectural perspective. 

One problem is that people may not know how to work with the tool, and another is that they don't understand the concepts. So, I think focusing on proof of concepts is good. For example, what I do at first is request information for identity providers and key management services.

I rate the overall solution a nine out of ten. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Korneliusz Lis - PeerSpot reviewer
CyberSecurity Service Support Specialist at Integrity Partners
User
Aug 23, 2023
Good password management with good integrations and security capabilities
Pros and Cons
  • "I like the integrations for external applications."
  • "The Vault's disaster recovery features need improvement."

What is our primary use case?

The primary use case and the most used functionality of CyberArk PAM is managing privileged access (an easy way to pass permissions to specific servers to specific users granularly) and password management (an automated solution that manages password validity, expiration, etc.). PSM gives a possibility to set all connections secure and it is possible to re-trace actions made by users during such sessions. It is a good tool for extending usage to new end targets sometimes even out of the box.

How has it helped my organization?

CyberArk PAM ended a scenario where several dozens or even hundreds of privileged accounts had the same password or administrators had passwords written down on sticky notes. 

I have experience with onboarding thousands of accounts - mostly Windows, Unix, and network devices. I have developed (customized based on defaults) password management plugins for Unix systems and network devices.

What is most valuable?

I like the integrations for external applications. There are actually infinite possibilities of systems to integrate with - you would just need to have more time to do that. It is not an easy job, yet really valuable. I am not an expert on that, however, I try every day to be better and better. I have the support of other experienced engineers I work with so there is always someone to ask if I face any problems. End-customers sometimes have really customized needs and ideas for PSM-related usage.

What needs improvement?

The Vault's disaster recovery features need improvement. There is no possibility to automatically manage Vault's roles and for some customers, it is not an easy topic to understand.

I noticed that CyberArk changed a little in terms of the documentation about disaster recovery failover and failback scenarios. Still, it is a big field for CyberArk developers. Logically it is an easy scenario to understand - yet not for everyone, surely.

For how long have I used the solution?

I've used the solution for around five years. I have been using CyberArk PAM as an end customer for three years. For another two, I work as a CyberArk support specialist.

What do I think about the stability of the solution?

Stability is overall good. However, there are many error messages that are like false-positive - they do not produce any issue yet logs are full of information.

What do I think about the scalability of the solution?

The scaling has been mostly positive. It seems not hard to scale it up.

How are customer service and support?

Sometimes it is hard to understand the capabilities, limitations, etc. They try to help with that.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've never used another solution that would have the same or similar capabilities.

How was the initial setup?

The initial setup can be complex. It is important to go really carefully step-by-step with instructions. When you do that, you can be 100% sure everything will work well.

What about the implementation team?

When I was an end-customer I recall using a vendor for the implementation and support. Now, I am a vender and therefore I do it by myself.

What's my experience with pricing, setup cost, and licensing?

Licensing may sometimes seem a little complicated. A good partner from CyberArk can work it out.

Which other solutions did I evaluate?

Unfortunately, I have not participated in evaluating other options.

What other advice do I have?

Overall, I am really glad I worked with CyberArk for five years.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Just like I said above - I work as a CyberArk Support Specialist mostly. My company is an integrator of cybersecurity services such as CyberArk. We also use CyberArk PAM as a product inside our organization. But still - I am a real user and this review is based on my own experience and options. I think my review is really valuable because I have sight on this product either as a end-customer and a support.
PeerSpot user
Alex Lozikoff - PeerSpot reviewer
Business Development Manager at Softprom by ERC
Real User
Jun 13, 2023
Ensures the security of privileged accounts and very stable solution
Pros and Cons
  • "It is an extremely scalable solution."
  • "There is room for improvement in the pricing model."

What is our primary use case?

The main use case is the protection of privileged accounts. We also use it for multi-factor authentication and single sign-on.

How has it helped my organization?

Now we feel assured that all our privileged accounts are well protected. Our admins don't know passwords and don't enter them manually. This eliminates the risk of interception and account hijacking.

What is most valuable?

First of all, CyberArk offers great flexibility. Throughout our years of experience, we haven't found any system that we couldn't connect with CyberArk. We have many web management consoles, and it's no problem to connect to them using custom connectors.

Moreover, it's a highly customizable solution. If you know how to do it, you can customize it as you want.

What needs improvement?

There is room for improvement in the pricing model. From a technical point of view, there are no issues. Support could be faster, though. We have mentioned that better support from CyberArk would be beneficial.

So, support could be faster, and pricing can be improved.

For how long have I used the solution?

We have been using it for our needs and sharing it for over ten years. Currently, we use version 12.

What do I think about the stability of the solution?

It is a very stable solution. I would rate the stability a ten out of ten. If you can read the manual and avoid making mistakes, it's very stable.

What do I think about the scalability of the solution?

It is an extremely scalable solution. I would rate the scalability a ten out of ten. In our organization, there are ten CyberArk users; they all are system administrators. 

How are customer service and support?

The customer service and support could be better. The response time could be better. 

How would you rate customer service and support?

Neutral

How was the initial setup?

I would rate my experience with the initial setup a four out of ten, one being difficult and ten being easy. It's a modular system. To run CyberArk, you need to deploy several different services, set them up, and configure the interactions. It's not a solution in one box.

The initial setup is not very complex, but I would say it's not very simple, either.

What about the implementation team?

We have deployed CyberArk in both environments. We have several working calls in the cloud and some parts on-premises. The initial deployment takes about two days. 

What was our ROI?

Our main technical task was to reduce security risks, which we accomplished with CyberArk.

What's my experience with pricing, setup cost, and licensing?

I would rate CyberArk's pricing a nine out of ten, with one being cheap and ten being expensive. It's one of the most expensive solutions in the market, but it's worth it.

What other advice do I have?

I would suggest finding a qualified partner. Don't try to install and configure it on your own. Instead, seek a certified CyberArk partner. It will save a lot of time and stress.

Overall, I would rate the solution a nine out of ten. It's very good, but there are still areas for improvement, like any other product. 

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Meo Ist - PeerSpot reviewer
Senior Product Manager and Technology Consultant at Barikat
Reseller
Apr 4, 2023
Helps to keep password safe and is good for cybersecurity
Pros and Cons
  • "The tool has safe vaults. We keep our passwords in the Vault. The tool’s recording feature is also valuable for us."
  • "The tool needs to improve its usage and interface. They need to have a modern and useful interface. I want the product to improve its integration capabilities as well since some of the integration features do not work always."

What is our primary use case?

We use the solution for cybersecurity and regulation.

What is most valuable?

The tool has safe vaults. We keep our passwords in the Vault. The tool’s recording feature is also valuable for us.

What needs improvement?

The tool needs to improve its usage and interface. They need to have a modern and useful interface. I want the product to improve its integration capabilities as well since some of the integration features do not work always.

For how long have I used the solution?

I have been using the solution for five years.

What do I think about the stability of the solution?

The solution is a stable product.

What do I think about the scalability of the solution?

The product is scalable. You can manage 100,000 scripts or 1000 secrets with the solution.

How are customer service and support?

I would rate the tool’s support an eight out of ten. The tech support is good and not complex. You can escalate the problems easily.

How was the initial setup?

If you do not have prior experience, then the tool’s setup is complex. It has a complex installation process. You need to do pre-configuration correctly. The deployment takes around two to three days to complete. One experienced person is enough for the deployment.

What's my experience with pricing, setup cost, and licensing?

The product’s pricing is feasible for enterprise customers. The pricing is expensive for smaller businesses. You need to pay additional costs for service implementation and local support.

What other advice do I have?

I would rate the product a ten out of ten. We recommend this product for enterprise customers. The tool’s pricing and operation are a problem for small customers. They need to opt for Software as a Service. Companies need to install this product since they have a lot of accounts and passwords.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
reviewer2139282 - PeerSpot reviewer
Senior Security Consultant at a computer software company with 5,001-10,000 employees
Consultant
Mar 31, 2023
It helps our clients have full confidence in their security
Pros and Cons
  • "With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent"
  • "PAM could be more user-friendly and CyberArk could update the documentation to include more real-world examples. You have to learn it yourself through trial and error. In particular, the online documentation should have more information about troubleshooting."

What is our primary use case?

I'm a security solutions architect. I design solutions and hand them over to the client once they're implemented. We educate the users on how the solution works or turn it over to our managed services department

CyberArk PAM is an identity management solution used to manage privileged accounts on domains and local servers, including admin accounts in Windows environments and root users in Unix. 

How has it helped my organization?

With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent secure against attacks if you have all the right policies in place.

What needs improvement?

PAM could be more user-friendly and CyberArk could update the documentation to include more real-world examples. You have to learn it yourself through trial and error. In particular, the online documentation should have more information about troubleshooting.

For how long have I used the solution?

I have used CyberArk PAM for two years. 

What do I think about the stability of the solution?

CyberArk PAM is stable.

What do I think about the scalability of the solution?

CyberArk PAM is scalable. Managing 80,000 accounts is almost as easy as managing a thousand. 

How are customer service and support?

CyberArk has a solid community. It's easy to get support and feedback from the forums. However, it can be difficult to access official technical support if you don't have a CyberArk certification because they have a process to limit unnecessary calls. You get excellent support once you're certified. 

How was the initial setup?

Deploying CyberARK is complicated, but it is relatively easy for me because I have excellent scripts for implementing the prerequisites. It might be challenging for the average end user. It would be ideal to educate them in a demo environment because hard to explain this to a user without them. I would need to build an environment to show them. A simulated lab environment is one thing CyberArk PAM lacks.

We set up the prerequisites and discover the privileged accounts in the environment. CyberArk has a tool that scans the servers and detects accounts. This works best in a Microsoft environment. It's more difficult without Active Directory because you have to rely on the information the customer provides. You can begin the onboarding process once you've identified the accounts. 

It takes a month to set up the prerequisites and two or three days to install CyberArk PAM. Once it is deployed, it takes eight months to a year to tie up some loose ends. You may need to identify some accounts that you missed. The total time depends on the size and complexity of the user's environment. If you've configured everything correctly, it's simple to maintain. 

What was our ROI?

The ROI for CyberArk PAM is difficult to measure because the benefit is a reduction in risk. If CyberArk can eliminate most of the customer's security risks, then it's worth what they paid. 

What's my experience with pricing, setup cost, and licensing?

CyberArk isn't cheap, but it's the best. You have to pay for quality. 

What other advice do I have?

I rate CyberArk Privileged Access Manager 10 out of 10. CyberArk is the leader in Gartner's quadrant. I tell my customers that they need to be 100 percent secure—99 percent isn't good enough. The top hackers will exploit that 1 percent hole, and you're finished. You need 100 percent, or else you're wasting your money.  

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer. Integrator
PeerSpot user
Technical Manager at Gulf IT
Reseller
Oct 20, 2022
Lots of features with a great performance and the ability to expand
Pros and Cons
  • "Performance-wise, it is excellent."
  • "CyberArk has the biggest number of features available when you compare it to other PAN solutions like BeyondTrust, Thycotic, and Delinea."
  • "Sometimes the infrastructure team is hesitant to provide more resources."

What is our primary use case?

The concern on our end was separating the components, including the password storage component, and having everything completely separated. 

What is most valuable?

The scalability is very easy.

The most valuable aspect was being to be able to manage it through multiple mediums. We can manage it through its command line interface, web view, and directly logging into the digital environment with permission. You have multiple mediums. You don't have to give direct access to the world every time you want to limit what admins should do and what they should not do.

CyberArk has the biggest number of features available when you compare it to other PAN solutions like BeyondTrust, Thycotic, and Delinea. They tend to have a lot of separate components.

Performance-wise, it is excellent. 

What needs improvement?

The components of their web view, policy manager, and session manager, most of them are separated. We need something which can unify those components into a single appliance. Sometimes the infrastructure team is hesitant to provide more resources. 

They have a lot of out-of-the-box integrations with a lot of other products. However, I would want them to bring on some kind of similar platform. If they can bring up the SSO on-prem, that would be ideal, as they don't have those things on-premises. They only provide that for the cloud. If they can do that, it would actually help a lot of us and keep us from trying to acquire multiple technologies for solutions.

For how long have I used the solution?

I've used the solution for six or seven years at this point. 

What do I think about the stability of the solution?

We are very stringent on the performance metrics and would rate the solution very high. It's stable. 

What do I think about the scalability of the solution?

We found that scalability was much easier in CyberArk. In BeyondTrust, scalability required purchasing extra virtual machines every time we wanted to scale it up. However, in CyberArk, we don't need to purchase extra components. It comes along with the line.

Currently, we have around 78 to 80 admins, and there are around 200 underlying accounts. 

Which solution did I use previously and why did I switch?

We previously used BeyondTrust.

Which other solutions did I evaluate?

I haven't compared it to Thycotic yet, however, from what I have read, it looks like CyberArk is better. I've also looked into Delinea.

What other advice do I have?

We are reselling the solution to customers.

I'd rate the solution nine out of ten. It's quite a good product.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer.
PeerSpot user
Iordanidis Iordanis - PeerSpot reviewer
Procurement Manager at OTE Group
Reseller
Oct 13, 2022
Easy to set up and fairly priced with helpful support
Pros and Cons
  • "We found the initial setup to be easy."
  • "This is a stable, reasonably priced product, and it has good security features as well."
  • "We would, of course, always prefer it if the pricing was cheaper."

What is most valuable?

The product is fairly priced. 

It's stable.

The solution is scalable. 

People are quite satisfied with the way it's working and the support we receive. 

The security is good. 

The interface is fine, although I'm not directly using it too much. 

We found the initial setup to be easy.

What needs improvement?

We would, of course, always prefer it if the pricing was cheaper. 

For how long have I used the solution?

I've been using the solution for four or five years. 

What do I think about the stability of the solution?

It's stable. There are no bugs or glitches. It's reliable. It does not crash or freeze. 

What do I think about the scalability of the solution?

We have more than 100 people on the solution right now. 20 to 30 are likely admins. 

The solution is scalable. We can increase licenses as needed. 

How are customer service and support?

Technical support has been helpful and responsive. We are happy with their support. 

Which solution did I use previously and why did I switch?

I can't speak to what solutions, if any, we used previously. 

How was the initial setup?

The solution is very simple and straightforward. It's not complex at all. 

What's my experience with pricing, setup cost, and licensing?

I know that CyberArk is now changing the pricing model to subscription-based. My understanding is renewals will be done on the subscription-based models. The pricing is reasonable. We pay annually.

The costs depend on if you were talking about the access of internal or external users. There is also an extra external fee for supporting the licensing.

What other advice do I have?

We are end-users and customers. 

This is a stable, reasonably priced product. It has good security features as well. Since we received the renewal request, it's been working very well. 

I'd rate the product eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Furqan Ahmed - PeerSpot reviewer
Network Engineer at Pronet
Real User
Sep 29, 2022
Works well and is easy to set up but support needs a faster response time
Pros and Cons
  • "The solution is stable."
  • "The session manager is the most critical part of CyberArk's PAM solution and it works perfectly well."
  • "The support services could act faster when people reach out to resolve issues."

What is our primary use case?

It is a PAM solution, in which we provide privileged access to CyberArk and the users who are using to try to access their devices. They onboard on the CyberArk and then, whenever they need to access the devices, they get access to CyberArk which means they have to log in on CyberArk.

What is most valuable?

The models as a whole are great. I'm not sure if I can pull out specific features. I like that if we execute the user can't access their devices. If you remove the session manager, the user can't access their devices. It helps ensure we can protect our organization and data. The session manager is the most critical part of CyberArk's PAM solution. 

It works perfectly well. 

The solution is pretty easy to set up. 

The solution is stable.

It's scalable. 

What needs improvement?

The support services could act faster when people reach out to resolve issues. 

For how long have I used the solution?

I've been using the solution for the last two years. 

What do I think about the stability of the solution?

It's a stable product. 

We have deployed CyberArk for two years, and so far, we haven't received any issues regarding any bugs or anything like that. We haven't faced any issues. There are some challenges regarding user access. We have to explain to users who are not familiar with the PAM solution what to do, however, regarding stability, or regarding bugs we haven't faced any issues.

What do I think about the scalability of the solution?

It's a scalable product. For example, in my scenario, the deployment that I have done, if I want to scale it up or if I want to extend it, I can easily add the next module in that. There are no challenges regarding scalability.

I have only one deployment in Pakistan. It is at one of the largest banks in Pakistan here which has thousands of users on CyberArk.

How are customer service and support?

Technical support is good. I haven't faced any issues. If you're looking at the response time, I will say that it's quite a long wait. 

How was the initial setup?

The setup process of CyberArk is quite typical. Once you understand the process, it is very easy for you. That said, for a newbie, it may be a bit difficult. For example, for the PSM module, we have to make changes in the registry of the devices. You have to collaborate with your system team to make a configuration. I can get complex. That said, once you know, it's very easy.

What about the implementation team?

I have been through the process of implementing the solution for clients. 

What's my experience with pricing, setup cost, and licensing?

The licensing can be yearly or over a couple of years. Support needs to be renewed every year. 

What other advice do I have?

We have four models which we are using. 

The first one has a wall that which we have deployed on the particular server. The next one is the CPM which is the Central Policy Manager through which we enforce the password policy and password rotation policies. 

I'd recommend the solution to others. 

We have conducted a POC in Pakistan on multiple sites with different customers. CyberArk is a quite typical product and can be a bit expensive, so it's a good idea to try it out first and make sure it is what you need.

I'd rate the solution seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Buyer's Guide
Download our free Idira Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Idira Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.