No more typing reviews! Try our Samantha, our new voice AI agent.
Muamer Riza Gani - PeerSpot reviewer
Assistant Vice President for Cyber Security Project at a financial services firm with 1,001-5,000 employees
Real User
Sep 9, 2022
Plenty of features, scalable, and responsive support
Pros and Cons
  • "All of the features of CyberArk Privileged Access Manager are valuable."
  • "One of the benefits of using CyberArk Privileged Access Manager is we have an audit trail that fits the requirements of our organization and we are more secure using the features of the solution, such as investigating and tracking."
  • "The initial setup of CyberArk Privileged Access Manager difficulty depends on the environment that you are implementing it into. However, it typically is simple."
  • "However, there is still room for improvement."

What is our primary use case?

We are using CyberArk Privileged Access Manager for securing access to the host or the server. The solution has the capability to record activity on the server, rotate the passwords, kick out an active user, and complete an action if suspicious activity is triggered on the server. We typically only use the solution for accessing the target server and for password rotations.

How has it helped my organization?

One of the benefits of using CyberArk Privileged Access Manager is we have an audit trail that fits the requirements of our organization and we are more secure using the features of the solution, such as investigating and tracking.

What is most valuable?

All of the features of CyberArk Privileged Access Manager are valuable.

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for approximately six months.

Buyer's Guide
Idira Privileged Access Manager
July 2026
Learn what your peers think about Idira Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,836 professionals have used our research since 2012.

What do I think about the stability of the solution?

CyberArk Privileged Access Manager is stable.

What do I think about the scalability of the solution?

The scalability of CyberArk Privileged Access Manager is very good.

We have approximately 300 users using the solution.

How are customer service and support?

The partner support we have in Indonesia is fast and responsive to our needs. They are available if we are facing a problem. However, there is still room for improvement.

I rate the support from CyberArk Privileged Access Manager an eight out of ten.

Which solution did I use previously and why did I switch?

I was previously using MEGA HOPEX.

How was the initial setup?

The initial setup of CyberArk Privileged Access Manager difficulty depends on the environment that you are implementing it into. However, it typically is simple.

I rate the initial setup of CyberArk Privileged Access Manager a five out of ten.

What about the implementation team?

We use a third party to do the implementation of the solution. We purchased preventive and corrective maintenance from our partner.

What's my experience with pricing, setup cost, and licensing?

There are additional features added to our CyberArk Privileged Access Manager license. For example, features that allow us to integrate into various kinds of platforms.

What other advice do I have?

I would recommend this solution to others. It has great value and it ensures your environment is secure and it is most important in production. If your company is a financial institution it is a lot of times mandatory to have a solution similar to this in operation because of cyber security concerns. We need to have preventive or professional action and one of those elements is to have a secure platform.

I rate CyberArk Privileged Access Manager an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Jan Strnad - PeerSpot reviewer
Security Architect at AutoCont CZ a. s.
Reseller
Jul 30, 2022
Protects accounts and has a password rotation feature that thwarts hackers; technical support was good
Pros and Cons
  • "What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users."
  • "For me, CyberArk Privileged Access Manager is the best product, and even Gartner says the same."
  • "In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution. Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations. In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows."

What is our primary use case?

We use CyberArk Privileged Access Manager for our customers who want to monitor and protect the access from the vendor side or the partner side. These customers want to cover external users who want to gain access.

What is most valuable?

What I found most valuable in CyberArk Privileged Access Manager is the Session Manager as it allows you to split the connection between the administrator site and the target site. I also found the Password Manager valuable as it lets you rotate the passwords of privileged users.

What needs improvement?

In the beginning, CyberArk Privileged Access Manager didn't have a multifactor authentication feature, so that was an area for improvement, but now it's part of the solution.

Having just one console for two CyberArk products would be good, particularly for the CyberArk Privileged Access Manager and the CyberArk Endpoint Privilege Manager, with the latter being a product for endpoint management that supports the workstations and allows you to manage workstations.

In the next update of CyberArk Privileged Access Manager, it would be good to have a local agent where you can manage all users and processes, and have an agent on the servers such as Linux and Windows.

For how long have I used the solution?

I've been working with CyberArk Privileged Access Manager for four years.

What do I think about the stability of the solution?

CyberArk Privileged Access Manager is a stable solution.

What do I think about the scalability of the solution?

CyberArk Privileged Access Manager is easy to scale. You can divide the solution into different parts and connect them, then you can add a new feature, a new appliance, or a new system. The solution works.

How are customer service and support?

In terms of the technical support for CyberArk Privileged Access Manager, I sometimes contact the service engineer in this region. I also have access to the support portal which I use in some issues, but it's not so often. I found the technical support team very professional and I would rate support for CyberArk Privileged Access Manager five out of five.

How was the initial setup?

The initial setup for CyberArk Privileged Access Manager was complex because, in the beginning, you must get the information from the customer such as how he wants to install it, how he wants to protect privileged accounts, how password rotation would work, etc., before you can install the solution.

The time it takes to deploy CyberArk Privileged Access Manager depends on several factors such as how many admins a customer has, how many devices, and the types of devices, for example, does the customer have servers such as Windows or Linux, some other network solution, or some applications, etc.? It could take between ten, fifteen, or one hundred days. My company needs to analyze at the beginning to define how long the process will take.

On a scale of one to five, with one being complex and five being very easy, I would rate the initial setup for CyberArk Privileged Access Manager four out of five.

What's my experience with pricing, setup cost, and licensing?

I'm a technician so I don't handle the licensing for CyberArk Privileged Access Manager, but I know that the price for the core license is about €140 per year. There's another type of license, the external vendor license, and that's about €600 and you can manage twenty devices. From what I know, the price for one device in a subscription is about €65 per year.

You can buy the CyberArk Endpoint Privilege Manager too, or you can buy some other application or application license with CyberArk Privileged Access Manager, but all other features, such as the Analytics Server is included in the basic CyberArk license. With WALLIX, you need to buy separate licenses for the features.

Which other solutions did I evaluate?

I've evaluated WALLIX, apart from CyberArk Privileged Access Manager.

CyberArk Privileged Access Manager is a global solution that applies to all customers, from small scale to enterprise businesses, but the solution has a little bit more servers that you need for the installation. WALLIX, on the other hand, is just one appliance that focuses on small-scale customers. Its deployment is much easier because you just install one appliance with all the features inside. Deployment is easier with WALLIX versus CyberArk Privileged Access Manager which has a complex deployment. In the end, CyberArk Privileged Access Manager has more features that you can define or set up, while WALLIX has some limitations.

What other advice do I have?

I'm working for a company that sells privileged access management solutions, including CyberArk Privileged Access Manager.

The version of the solution which I'm dealing with is an old version. Most of the deployment is on-premises, but my company will start cloud deployment for CyberArk Privileged Access Manager as well.

My company resells, implements, and also provides support for CyberArk Privileged Access Manager for the customers.

The solution requires upgrading regularly, and if there's a new system or application, you need to set it up for privileged access management on CyberArk Privileged Access Manager, so maintenance is important. Currently, in my company, five people work with the solution where there are about two hundred devices with fifty administrators. In the beginning, CyberArk Privileged Access Manager was for large-sized businesses. Nowadays, it's also used by medium-sized businesses.

I would recommend CyberArk Privileged Access Manager to others looking into implementing it because it's very important to protect privileged accounts in the company and do password rotation, so the hackers won't have a chance to detect and find the real passwords in the system. You can also use CyberArk Privileged Access Manager to protect external users and the admins from the direct connection to the server and after that, you can see what the users and admins do because the system makes video recordings and session logs. It's important to see what the admins do from time to time.

For me, CyberArk Privileged Access Manager is the best product, and even Gartner says the same, so I would rate it a ten out of ten.

My company is a partner and reseller of CyberArk Privileged Access Manager.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Buyer's Guide
Idira Privileged Access Manager
July 2026
Learn what your peers think about Idira Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,836 professionals have used our research since 2012.
reviewer1628910 - PeerSpot reviewer
Consultant at a recruiting/HR firm with 10,001+ employees
Real User
Jul 29, 2022
Reliable and great for securing environments but could be more user-friendly
Pros and Cons
  • "The solution is scalable."
  • "The main, most valuable aspect is its capability to secure our environment."
  • "It can be made user-friendly, in the sense of the console is pretty outdated."

What is our primary use case?

CyberArk is for Privileged Access Management, so we secure our privileged accounts using CyberArk.

What is most valuable?

The main, most valuable aspect is its capability to secure our environment. That's the main reason why we are using it.

What needs improvement?

It can be made user-friendly, in the sense of the console is pretty outdated. They could add more enhancements, et cetera.

They could add more built-in connection components to support various other application platforms. The built-in connection components available are mostly not fit for our purpose. We need to do additional customization to make it work.

For how long have I used the solution?

I’ve used the solution for almost two years.

What do I think about the stability of the solution?

Stability is fine so far, other than a couple of phishes every once in a while.

What do I think about the scalability of the solution?

25 people are using the solution.

The solution is scalable. It’s on the cloud, which makes it simple.

How are customer service and support?

We have enterprise support from the vendors.

The response time could be a bit better. Some people don’t have the access to be able to jump in right away. Sometimes we need someone from the development team who has access to help.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I’ve never had experience with any other vendors.

How was the initial setup?

The initial setup was not that straightforward. However, we had vendor support, and we were able to fix all the issues.

It took us almost a month to deploy the solution.

I’d rate the solution a three out of five in terms of ease of setup.

In terms of maintenance, some of the components are not in the cloud, so we handle these aspects ourselves. We have a dedicated team for it.

What about the implementation team?

We initiated the setup with the help of the vendor.

What's my experience with pricing, setup cost, and licensing?

I don’t deal with the licensing. That said, my understanding is that it is on the higher side.

When we need enhancements, we do have to pay more.

What other advice do I have?

We are CyberArk partners. I’m a consultant.

We’re always using the most up-to-date solution version, as we are utilizing the cloud.

We use it mostly to secure our privileged accounts. We don't actively use any other products of CyberArk.

I’d recommend the solution. It’s ideal for smaller organizations.

I would rate it seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Salif Bereh - PeerSpot reviewer
Consultant at a consultancy with 10,001+ employees
Real User
Mar 9, 2022
Remote desktop manager can register connections, making it easy to connect to machines through the virtual IP
Pros and Cons
  • "All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information."
  • "CyberArk is one of the best PAM solutions and one of the most expensive, but it works better than the others, so the pricing is fair."
  • "The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments."

What is our primary use case?

There are many possible use cases, but in general, CyberArk permits users to target machines and rotate their passwords, and to record decisions. It is used to create security through PTA and to forward Vault logs and investigate events. It also enables users to access passwords in dev code without actually knowing the passwords. There are a lot of advantages to CyberArk.

As a consultant, I have seen a lot of CyberArk configurations. Sometimes we use the CyberArk Cluster Vaults with one DR. I also worked for a company that used only one vault, without a cluster, but they switched data centers when there was an incident.

How has it helped my organization?

I used to be a Windows and Linux administrator before I used CyberArk. The difference is that now it is simple for me to connect to my target machines. I can add them to my favorites, making access to the servers simple. 

CyberArk enables confidentiality. The passwords are stored in a fully secured Vault. If you want, you can access target machines without using PVWA. If you act as a remote desktop manager, you can register your connections and connect your target machines through the virtual IP and easily connect to your machines. Your connections and commands would all be registered to the Vault.

What is most valuable?

All the features of CyberArk are useful for me, but the biggest one is that CyberArk has logs for all the features. That is important when there is a problem. You know where to look and you have the information. In cyber security, the most important aspect is information.

Another valuable feature is that if you don't have access to a machine, you can see the machine in CyberArk. It's the management capabilities that CyberArk enables for a company that are very useful.

Other useful features are optional, such as recording decisions or rotating passwords.

What needs improvement?

The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments. 

CyberArk, as a solution, can easily adapt to a lot of environments, and you can add a lot of components to different zones, and that will work with the Vault. But not all the components, such as the PTA, can do so.

Also, it would be helpful if CyberArk added some features for monitoring machines when we access them. For example, they need to improve the PVWA. In general, when we don't use the PVWA, we don't have a lot of problems. For me, the PVWA is not perfect. I would like to see more features in the PVWA to administer our machines and to improve the transfer of data.

For how long have I used the solution?

I have been using CyberArk Privileged Access Manager for more than three years.

I have implemented and maintained CyberArk solutions for clients, including creating administration functionality, such as platforms and support for users, so that everybody has 24/7 access to the account. 

I have also been involved in enhancing the solution by installing useful components and testing them. I would help analyze if a component could be of interest to the client and then implement it in production.

In general, I would help maintain the solutions and make sure that everybody can access the accounts, and that password rotation works.

How are customer service and support?

I would rate WALLIX support at six out of ten, while CyberArk's support is a seven. The reason it's a seven is that we always have to send them the logs. Of course, we do get some response and they work on things, but sometimes we lose time on little tickets.

How would you rate customer service and support?

Neutral

How was the initial setup?

If you have some experience, it is not complex to implement CyberArk. For me, the preparation is more difficult than the installation. Because CyberArk uses binaries, if you add good information, it will work. But if you miss something at the preparation stage, like the opening of the flows that you need, of course, it will be difficult. I know how the solution works, so it's not difficult.

First, you have to install the Vaults, and after installing them you can add PVWA to access the information. After that, you can install the PSM and then the CPM for the rotation, and that's it.

The time it takes to implement depends on the environment. Sometimes we work with complex environments and we have to adapt and collect all the information that we will need. We need to look out how the machines should be set up for the installation. It really depends on the size of CyberArk you want to install, including how many computers will be onboarded to CyberArk. There are technical and functional variables.

What's my experience with pricing, setup cost, and licensing?

CyberArk is one of the best PAM solutions and one of the most expensive, but it works better than the others, so the pricing is fair.

Which other solutions did I evaluate?

I used to work on WALLIX Bastion, but CyberArk works better than WALLIX. WALLIX is a PAM solution, a French version, but when I was at another job I was a consultant on both WALLIX and CyberArk at the same time. That's when I saw that CyberArk is better.

It is simpler to upgrade the CyberArk environment and components than WALLIX. CyberArk has a user interface but WALLIX does not because WALLIX is installed on Linux while CyberArk is installed on Windows, making it user-friendly. Connecting is also simple with CyberArk. When a user connects to the PVWA, there aren't a lot of buttons. When users see the icon, they click "Connect" and connect. It is simple for them.

CyberArk can adapt easily to environments. For example, when we talk about connectors, CyberArk can easily connect to all the target machines these days. CyberArk can onboard network machines, Windows Servers, Linux servers, and Oracle Databases.

Web application passwords can be rotated. With its PSM and Selenium features, it enables the connection of a web application to CyberArk and rotation of passwords, so that it's not system accounts all the time. We can manage the web application accounts as well. CyberArk can also connect to the cloud.

What other advice do I have?

When you work on CyberArk, you have to have more than one skill set. You are not just a PAM consultant because you manage passwords for all kinds of systems. You have to have skills in Windows, Linux, databases, and security because you manage those kinds of accounts. If you don't have those kinds of prerequisites, you can't work with CyberArk.

I started working on CyberArk when it was version 10.x and at this moment it is at 12 and more. The interface has changed and a lot of features have been added over that time. It's a good solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Syed Javid - PeerSpot reviewer
Security Consultant at a financial services firm with 1,001-5,000 employees
Real User
Feb 2, 2022
Removes security threats and vulnerabilities from an organization in a secure way
Pros and Cons
  • "It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization."
  • "CyberArk is a solution to problems being faced by multiple companies and organizations, as it removes security threats and vulnerabilities from an organization in a secure way, and your credentials are handled in a secure way, so it solves this pain area in a company, and that is why I think they are one of the top tools."
  • "If you are an administrator or architect, then the solution is kind of complicated, as it is mostly focused on the end user. So, they need to also focus on the people who are implementing it."

What is our primary use case?

It is nothing but privileged access management. Most companies have servers, and for each server, they identify a generic ID to login. For example, if someone is an administrator, they will be using that ID to log in. So, we need to manage those IDs in a common repository, and that is why we have CyberArk PAM. CyberArk PAM is nothing but a common repository used to store passwords and manage them.

Managing passwords is a pain area in any organization. By using this tool, we have a set of policies and emerging technology where we manage these passwords.

How has it helped my organization?

It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization.

We have connected all the endpoints in our organization's servers. This has been an improvement. We are trying to connect any new servers being added into the organization to CyberArk PAM.

What is most valuable?

When it comes to PAM, it is always about compliance. It has a feature that enables you to access the password in a very secure way using encryption. You also need multiple approvals. For example, if you have access to CyberArk, it doesn't mean that you have access to the server. So, whenever you try to access that server, a request will go to your manager. Once he approves the request, only then will you be able to access the server. These are a few of the features that I like about this solution.

CyberArk PAM provides ease of access based on how they have designed it. It is clearly defined where you have to go and what you have to do. If you are an end user, it is very easy to use and provides a comfort level.

What needs improvement?

CyberArk PAM is able to find all pending servers that can be integrated, but we cannot get this as a report. We can only see the list of servers on CyberArk PAM. This is a problem that could be improved.

If you are an administrator or architect, then the solution is kind of complicated, as it is mostly focused on the end user. So, they need to also focus on the people who are implementing it.

For how long have I used the solution?

I started using CyberArk PAM in 2016, so it has been almost six to seven years. I started with version 9, and now it is currently on version 12. So, I have used multiple versions of CyberArk.

What do I think about the scalability of the solution?

Its scalability is good. It is available on-premise and they started having a cloud three or four years back.

Our environment is very small. We are managing around 2,000 users. Whereas, I have seen it managing users of 10,000 to 15,000 servers. We have around 30,000 users, and I have seen that kind of environment, though what I am currently managing is much less. When it comes to the Middle East, it is always regionally focused, it is not international. Our organization is specific to one country and not international.

How are customer service and support?

The technical support is from the US. The only problem is that they reply during their own time zone. It has been a bit difficult to reach them, but we get the answers, they are just a bit delayed.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously had Hitachi ID PAM. We switched to CyberArk because of the features and interface, where there is a bit of distinct difference between the two solutions. Though, the architecture is the same.

How was the initial setup?

When you do an implementation, it is always challenging internally. While the setup is very easy because they give you tools for installation, you have certain things that you need to keep in mind when you implement it in an organization. These things become a kind of a roadblock. Every time that something comes up that you need to enable from the organization's side, e.g., if you have to unlock a few things on the organization's side, you must go through a process and some teams might not allow you to go ahead with it.

The deployment took three to six months.

What about the implementation team?

For the deployment, we needed a solution architect, two consultants, and two people to work on the BAU. While it depends on your organization's size, we needed around five to 10 people to implement it. 

What was our ROI?

The ROI depends upon a company's capability to maximize the usage of this application. If you buy something, it is your responsibility to use it at an optimal level.

What's my experience with pricing, setup cost, and licensing?

Previously, the pricing was very meager. They started publicizing and advertising the solution, growing CyberArk, as an organization. They also changed their pricing with that growth, e.g., the pricier the product, the more people who will purchase it.

Which other solutions did I evaluate?

Bomgar was one of its competitors, now it is called BeyondTrust. Another competitor was Thycotic. 

While CyberArk PAM has survived, it needs to be more flexible. They are currently focusing on the solution's GUI, but rather than the GUI, they need to focus on the solution's internal aspects, e.g., making the steps a bit easier. There are too many things to focus on and be aware of. So, they need to streamline it in a way where it is more compact.

What other advice do I have?

You need to know the sizing of your company and not randomly use it, thinking you may need to use this solution in the future. You need to use most of the features, e.g., if you have 10 features, then your company should use at least seven features of CyberArk. If you are not going to use seven or more features, i.e., if it is below seven, you should not go for this tool.

We were using Secrets Manager for managing a few SSH files, but we are not using it anymore.

I would rate this solution as eight out of 10. CyberArk is a solution to problems being faced by multiple companies and organizations. It removes security threats and vulnerabilities from an organization in a secure way, and your credentials are handled in a secure way. Therefore, it solves this pain area in a company, and that is why I think they are one of the top tools.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Security Advisory Services (SAS) Business Growth Lead for Iberia at a computer software company with 10,001+ employees
Real User
Jan 3, 2022
Protects servers from inappropriate access and ransomware
Pros and Cons
  • "It is a single tool that isolates possible kinds of malware. You get lateral movement blocking and auditing information, e.g., you know who is doing what. You are getting protections from the service as well as a useful environment. All your admins can easily go in and out of your company while accessing your servers in a secure way, even if they are working abroad."
  • "It provides the broadest point of view for privileged access management solutions in the market."
  • "They are sometimes not flexible with things. For instance, from one day to another, there might be something that had been done years ago by CyberArk, then they say, "We do not support that." You then have to initiate a complaint and start working with them. Things might become complicated and months pass while you are working with them. Usually, they are good and fast, but sometimes they seem to be blocked with problems, e.g., you will suddenly be working with another team instead of the team that you were working with the day before."

What is our primary use case?

We mainly use it to protect servers from inappropriate access and ransomware.

We started with on-prem solutions years ago. Our most recent implementations were done in data centers and the cloud. However, we are not in the cloud for CyberArk.

How has it helped my organization?

It is a really valuable tool. From the very beginning of my career in cybersecurity, I found that CyberArk is one of the best solutions that I could recommend to our customers. While it is usually seen as an access and identity management solution, it is a cybersecurity and cyber defense tool from my colleague's and my point of view.

It is a single tool that isolates possible kinds of malware. You get lateral movement blocking and auditing information, e.g., you know who is doing what. You are getting protections from the service as well as a useful environment. All your admins can easily go in and out of your company while accessing your servers in a secure way, even if they are working abroad.

What is most valuable?

One of the best points is that it gives you full control for all the use cases in your infrastructure, in terms of servers, applications, social networks, batch processes, etc. 

It gives you the ability to know what is happening, who is executing everything, and recover that information over time. Everything is recorded there. This is useful, not only for auditing proposes, but for admins and users. This also helps with troubleshooting. For instance, an application or system starts failing at 4:30 in the morning on a Sunday. Usually, the first questions that you ask yourself is, "What changed at 4:30? What has happened? Who was touching that server?" WIth CyberArk, you have the ability to search for that information and find it in minutes. It is really useful for troubleshooting.

The PPA from CyberArk provides a lot of information about access and allows for possible detection of fraudulent use or different tries of accessing, even for family Internet users. Thus, it gives you another source of information regarding risk.

We are using Secrets Manager with some of our customers. We are using it mainly for containers and DevOps. This secure access is really important, and becoming more important every day. We are constantly moving customers to the cloud. Every day, containers are more important for our customers as they extend into microservices, etc. 

The possibility to integrate with the DevOps cycle is vital right now. Sometimes, containers are deployed while some clients have them very protected. They have a lot of things with Panorama, Microsoft, etc. That is a risk because you are deploying things quickly, along with errors and other things that you are developing. So, having to use hard-coded passwords here would be a big mistake. 

Secrets Manager accelerates a lot of the possibilities and simplifies the process, since development teams just need to use credentials. When they arrive on a project, there are new people or resources in their development teams. Thanks to CyberArk, they just need to manage their identities to have access to everything. They don't need to receive credentials nor search for them. They have everything the day that they start working.

We find it easy to use CyberArk PAM to implement least privilege entitlements. We usually do some interviews at the very beginning with different teams to understand their real needs. We define saves and different AV groups for the kind of users that we are going to prepare. Then, the process to assign permissions to different groups is really easy and straightforward. If you want to change or reduce access, that can be easily changed at any moment.

For how long have I used the solution?

I have been using it for more than 10 years.

What do I think about the stability of the solution?

In the last year, it has been a very stable platform.

What do I think about the scalability of the solution?

Scalability is fantastic. It has been really easy to scale. In fact, most of our customers who start, or have doubts about how to start, we propose to them, "Well, if you are not sure or don't have the budget right now, you can start with a small deployment, then we will grow." It easily grows and you can add components. 

Other customers have started with a small CPD deployment, then replicated. We put high availability on another CPD. It is really good for public clouds.

We have some customer environments that are over 10,000 servers as well as some environments with more than 50,000 managed identities.

How are customer service and support?

I would rate their technical support as eight out of 10. They are usually really good and quick about answering any questions that you raise. However, they are sometimes not flexible with things. For instance, from one day to another, there might be something that had been done years ago by CyberArk, then they say, "We do not support that." You then have to initiate a complaint and start working with them. Things might become complicated and months pass while you are working with them. Usually, they are good and fast, but sometimes they seem to be blocked with problems, e.g., you will suddenly be working with another team instead of the team that you were working with the day before.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have been working with CyberArk and with the CyberArk teams for years. They have been able to adapt the solutions that they have developed or bought. They have grown a lot with the acquisition of different companies. They have been able to adapt them, make them valuable, and helpful.

How was the initial setup?

The initial setup is straightforward because we have a lot of experience with it. While there are a lot of components, I don't find it difficult.

A deployment can typically be done in less than a week, but it does depend on the environment.

We have developed our own methodology for the implementation and deployment of CyberArk. We put the final users at the center of their strategy. One of the things that we have found that fails when deploying a PAM solution is that everyone focuses on the tool. CyberArk works and we know the tool is there, so we just focus on how the different groups are working with their servers, applications, etc. We focus on adapting the deployment in a way that does not disrupt their jobs. We try to be non-disruptive and not change the way users work.

We adapt the solution to already existing workflow processes, tools, accesses, etc. This is one of the best parts of CyberArk. It provides a lot of flexibility to adapt.

What's my experience with pricing, setup cost, and licensing?

The main problem for the tool is its licensing. I work for a really big company. When you try to develop this as a service, usually you work with leverage teams who are formed with dozens of members. You might dedicate one FTE, or less, for something, e.g., an antivirus administrator. You might have half an FTE's effort dedicated to administering the antivirus, but then you have a team of about 30 users who might access that ticket. The problem is that CyberArk eliminated the possibility of concurrent users years ago. This is a big problem for companies who work with leverage teams.

You need to pay for everyone. 40 licenses are used by 20 or 30 people. This is a big problem because licenses are not precisely cheap.

Which other solutions did I evaluate?

It provides the broadest point of view for privileged access management solutions in the market. We have tested several other proposals and tools for our customers and ourselves. There is a huge difference with using CyberArk.

We evaluated CA PAM and another solution. The main difference is that they cover just a part of the solution. They promise the solution will be very simple to deploy because they only have a simple appliance. However, they are actually really difficult to deploy for an entire project as well as give you value. We have experienced a lot of support and integration problems. You need to do a lot of things by yourself. Whereas, in CyberArk, you have plenty of plugins and developed material in the marketplace. 

This is the big difference at the moment. When you are deploying, it seems like a very simple project, and the other solutions will tell you, "Well, it's just an appliance," and then it becomes a nightmare. Whereas, CyberArk does what it does. You need to deploy several servers, but it works.

From time to time, people in the market are like, "Wow, it was born as a cloud-native solution." Sometimes, this is real and means something, but usually it is mostly a marketing thing. Why would we ignore all a solution's previous experience just for something born in the cloud? Most of the IT solutions that we use in the cybersecurity market are not born in the cloud. For instance, if you go with Securonix or Sentinel, there is a huge difference in the way they were conceived and the way they were born. Just because something is cloud-native or new doesn't mean that it is good. I wouldn't go for something that is cloud-native, just because it is.

What other advice do I have?

I would rate CyberArk as nine out of 10. I won't give the 10 because I have my problems with the licensing. However, the solution is completely recommendable and a must-have in every environment.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Information Security Leader at a government with 10,001+ employees
Real User
Dec 22, 2021
Helps us quickly adapt and secure modern technology through integrations with solutions that we are moving toward or already had
Pros and Cons
  • "We also use CyberArk’s Secrets Manager. Because AWS is the biggest area for us, we have accounts in AWS that are being rotated by CyberArk. We also have a manual process for the most sensitive of our AWS accounts, like root accounts. We've used Secrets Manager on those and that has resulted in a significant risk reduction, as well."
  • "It provides a one-stop shop for the majority of our administrators to get the privileged access they need."
  • "If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone."

What is our primary use case?

We use it to control privileged access within the environment, including domain admins and server admins.

We're using the CyberArk Privilege Cloud version, which is the PaaS.

How has it helped my organization?

It provides a one-stop shop for the majority of our administrators to get the privileged access they need. It has enabled us to reduce risk as well, and that is the largest benefit that we've encountered through the solution. We've reduced the number of admins in our environment significantly.

It provides an automated and unified approach for securing access across environments, including hybrid, multi-cloud, RPA, and DevOps, as well as for SaaS applications. For what we're using it for, it's doing all of that seamlessly in one place. It helps us to quickly adapt and secure modern technology, and that's another reason we chose CyberArk. They already had integrations with solutions that we were either moving toward or that we already had. We weren't going to have to do them as customizations.

The ability, with Secrets Manager, to secure secrets and credentials for mission-critical applications means people don't have to go searching for them. They know where they are—they're in CyberArk—so they don't have to go to a separate place. They have one identity to manage, which is their single sign-on identity. From there, they can go into CyberArk to get the access they need. That's an area that has been very helpful. And from a risk perspective, the multifactor authentication to get to those accounts has also been awesome. That helps us to be in compliance, as well as secure.

What is most valuable?

The Privileged Session Manager has been the most useful feature because we're able to pull back information on how an account is used and a session is run. We're also able to pull training sessions and do reviews of what types of access have been used.

We also use CyberArk’s Secrets Manager. Because AWS is the biggest area for us, we have accounts in AWS that are being rotated by CyberArk. We also have a manual process for the most sensitive of our AWS accounts, like root accounts. We've used Secrets Manager on those and that has resulted in a significant risk reduction, as well. There's a lot to it, but from a high level, we've been able to get some things under control that would have been difficult otherwise.

For DevOps, we've integrated some automation with CyberArk to be able to onboard those systems. There are some native tools like the CFTs that we're using with CyberArk to get CyberArk deployed automatically to them.

It also gives us a single pane of glass to manage and secure identities across multiple environments; a single view with all of the accounts. It's super important for us to be able to see all of that in one place and have that one-stop shop with access to different environments. We have lots of domains because a lot of acquisitions have happened. It's important for us to be able to manage all of those environments with one solution and we do have that capability with CyberArk.

For how long have I used the solution?

I've been using CyberArk Privileged Access Manager at this company for two years, and all together for the past six years.

What do I think about the stability of the solution?

The stability is great. We haven't had problems with it.

What do I think about the scalability of the solution?

The scalability is very good. I'm surprised they keep as many logs and video recordings as they do on their side. But scalability hasn't been a problem. If we wanted to scale up, we could certainly do so. All we would have to do is add more servers on our side, with our PSMs (Privileged Session Managers). The way the solution is built out, you can expand it elastically pretty easily.

We have around 400 users right now who are mostly in IT. There are developers, database administrators, as well as our Active Directory enterprise teams, and some of our cloud implementation and infrastructure teams. We have some in incident response people, from information security, who use it as well.

We're looking to expand it in the coming year. We've already started that expansion. It's the developers we're targeting next and there are a lot of them. We're looking at a couple of hundred more users within a year.

How are customer service and support?

If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone. I would rate their support at eight out of 10, whereas the rest of the solution is a nine or 10.

From a technical support perspective, they've been really good. There has just been a little bit of trouble with the database stuff, but that's because ours is a very aggressive deployment. Sometimes, when working with support, they aren't as aggressive as we are.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've used Thycotic and Hitachi HiPAM, and we've used some custom in-house build solutions.

The reason we switched is that Thycotic opened up the door to that possibility when we talked about pricing. The price came out to be something similar to what we were spending. We were basically going to have to redeploy the whole Thycotic solution to get what we needed, and that opened it up for us to evaluate the landscape.

How was the initial setup?

There were some complexities about the setup, but deploying a solution like this is going to be complex, no matter what solution you go with. CyberArk did an excellent job of making sure that we had everything we needed. They had checklists and the prerequisites we had to do before we got to the next steps. Although it was complex, they were complex "knowns," and we were able to get everything organized fairly easily.

Our initial deployment took about two weeks.

We broke the deployment into four phases. The first phase was called Rapid Risk Reduction, and with that we were getting our domain admins under control, where we went with domain admin, server admin, and link admin. A part of that was the server administrators and Linux administrators. All of that was part of a very short-term goal that we had. 

Phase two was called risk reduction, where we were focused on Microsoft SQL, the database administrators, and Oracle Database administrators. It also included bringing in some infrastructure support as well. 

Phase three was enterprise-grade security, and with that we've been pushing the network tools and AWS admins, along with some other controls. 

And our last phase, which we've just recently started on, is one where we are going to be pushing hard to get developers onboarded into CyberArk. There are a whole lot of little details that go along with all of that. The initial auto onboarding happened in phase three, but we also have auto onboarding that we're looking to roll out across a larger group.

We implement least privilege entitlements as well. We started out from a high level of not going the least privilege route and, rather, we locked things down in a way that they were managed, at least. Then we started knocking down the least privileged path. You have to start somewhere, and least privilege is not going to be the first option, out of the gate. You're going to have to take stepping stones to the best practices. And that's what we've done. We took this large amount of high-risk access and brought it into CyberArk and then pulled access away over time and have been making things more granular, when it comes to access to the systems. The access within the systems, within CyberArk, is absolutely granular and we have been very granular with that from the beginning.

For maintenance of it we need about one and a half people. My team supports it and, while one full-time person is probably enough to support the solution, my team is split up. The general operations of CyberArk are what take up the most time. The actual running of the solution, from an engineering perspective, is very lightweight; it's hardly anything.

What about the implementation team?

We did not use a third party for the deployment.

Which other solutions did I evaluate?

We started doing some comparisons of different tools and that's why we ended up switching to CyberArk, after discussions with both Thycotic and CyberArk. When looking at the capabilities, we ended up moving towards CyberArk. We felt it was a more mature solution and that some of the connectivity and reporting was done in a way that we would prefer, for a company of our size.

Thycotic is a good tool. A lot of IT people already understand the structure of how it runs. The upgradability is nice as well. You can just click an "upgrade" button and it upgrades the solution for you. The cons of Thycotic include the way that the recorded sessions are done. In addition, proxy server connections were not available. Maybe they are now, but at the time we were building out custom connectors and we had to go through a third party to get those developed. It was very bad and every step of the way was like pulling teeth. That really soured our relationship with them a bit because we couldn't seem to execute with that solution. When we started talking with them about what we needed it to do to make things easier, they ended up recommending a full redeploy. That's not ideal under any circumstances for anyone. That's why we took a step back and evaluated other solutions.

With CyberArk, some of the pros were that their sales team and engineers were very quick to come in and help us understand exactly what we needed. The deployment timeframe was  also much shorter. We didn't have to work through a third party, as we would have had to with Thycotic. And the type of relationship we've had with CyberArk is one that I wish we had with other vendors we use. They've been phenomenal working with us.

What other advice do I have?

CyberArk's abilities are amazing. We're just starting to hit some limits, but we're able to get through the majority of them. Some of the database stuff is a little bit more involved. The other things, like cloud and all of the Linux and Windows, have not been a problem at all. It's not that the database stuff is a problem, but it's just more complex.

If you want to talk about CyberArk providing an automated and unified approach for securing access for all types of identity, "all types" is a strong claim. I wouldn't ascribe "all types" of identities to anything. But for everything that we're doing with it, it has been a great tool and it's doing that for us.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1741323 - PeerSpot reviewer
Cybersecurity Engineer at a healthcare company with 10,001+ employees
Real User
Dec 20, 2021
Provides better security and control over our accounts and saves time in onboarding new employees
Pros and Cons
  • "The automatic rotation of credentials is probably the most useful feature."
  • "CyberArk is good as a technology partner for ensuring that we maintain a strong security posture throughout our digital transformation."
  • "It should be easy to use for non-technical people. Its interface can be a bit difficult. Some parts of its interface are not very intuitive. Some of the controls are hidden, and instead of having a screen with all the controls for that account on it, you have to use menus and other similar things."
  • "It should be easy to use for non-technical people. Its interface can be a bit difficult."

What is our primary use case?

We are mostly rotating passwords and using PSM for remote connections.

How has it helped my organization?

It provides us with better security and control over our accounts.

It provides an automated and unified approach for securing access for all types of identities. This approach is important for us. The more things we have that can be automated, the easier it is to get things done.

It gives a single pane of glass to manage and secure human and machine identities across environments, which is important for us.

It saves time when it comes to onboarding new employees and providing them secure access to SaaS apps and IT systems. It probably saves a couple of hours.

What is most valuable?

The automatic rotation of credentials is probably the most useful feature.

What needs improvement?

It should be easy to use for non-technical people. Its interface can be a bit difficult. Some parts of its interface are not very intuitive. Some of the controls are hidden, and instead of having a screen with all the controls for that account on it, you have to use menus and other similar things.

Its documentation could be better. Some of the documentation lacks details for people who aren't super technical.

For how long have I used the solution?

I have been using this solution for about six years.

What do I think about the stability of the solution?

It is stable. We never had any hiccups that were caused by CyberArk.

What do I think about the scalability of the solution?

It is easily scalable. In terms of usage, it is being used by all of IT. We have over 500 users utilizing the solution. We're always adding new people and features, so its usage is increasing every day. We plan to implement more types of accounts. 

How are customer service and support?

Their technical support is good, but some of their documentation lacks details for people who aren't super technical. I would rate them an eight out of 10.

Which solution did I use previously and why did I switch?

Other than the regular Password Manager, they didn't have any real solution. They chose to look into CyberArk because it is a good security practice to have accounts automatically rotate and secure remote connections.

How was the initial setup?

It is pretty complex, but they have professional services to help with that. It is complex because of all the security around it, all the hardening, and getting everything set up to communicate with each other. I am not sure about the duration of the initial deployment because I wasn't on the team then.

In terms of maintenance, it doesn't require a lot of people. Maintenance is just keeping up with patches. It is pretty stable and doesn't require a lot.

What about the implementation team?

We used CyberArk's professional services. They were good, and they helped get everything set up. They also helped do upgrades.

What's my experience with pricing, setup cost, and licensing?

It is in line with its competitors, but all such solutions cost too much money.

What other advice do I have?

It is a good choice. I'm not sure if they're the market leader or not, but they seem to have the biggest footprint. I know there are a couple of competitors, but I've never used them. The other two that I know about are not as widely used, so there is a bigger community for support for CyberArk, and there is also CyberArk's support.

CyberArk is good as a technology partner for ensuring that we maintain a strong security posture throughout our digital transformation. It is a needed platform to have.

Given my experience with CyberArk PAM, to a colleague at another company who says, “We want to solve cloud security challenges with born-in-the-cloud security solutions as opposed to legacy solutions that have been adapted to the cloud," I would say that CyberArk is a good option for the cloud. That's because you don't have to worry about maintenance, and all the integrations are already in place. The different accounts that CyberArk can integrate with are already in place.

It doesn't really give a single pane of glass to manage and secure identities across multiple environments. It only gives visibility into CyberArk and how the accounts are working there. If something is wrong with an account, sometimes, you have to check other tools, such as Active Directory, or permissions.

We don't use CyberArk’s Cloud Entitlements Manager and Secrets Manager. We use CyberArk PAM to implement least privilege entitlements, and it is neither easy nor difficult to implement them. It is somewhere in the middle. The adoption of least privilege entitlements by using CyberArk PAM is also somewhere in the middle. If users aren't really technical, they would have problems with it.

It provides consistent controls to enable secure access, manage secrets, and implement least privilege at scale across our environment. It is somewhat user-friendly for people to just rotate passwords. Its interface can be a bit difficult.

I would rate it an eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
IT Manager at a tech services company with 10,001+ employees
Real User
Nov 30, 2023
Integrates with privileged threat analytics and gives alerts on login risks, risky behaviors, and other risk signs
Pros and Cons
  • "I found it valuable that CyberArk Privileged Access Manager can be integrated with PTA (privileged threat analytics), and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature. Another good feature is the CPM (central password manager) because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain."
  • "What could be improved in CyberArk Privileged Access Manager is the licensing model. It should be more flexible in terms of the users. Currently, it's based on the number of users, but many users only log in once in four months or once in five months. It would be great if the licensing model could be modified based on user needs. We even have users who have not logged in even once."

What is our primary use case?

Our main use cases for CyberArk Privileged Access Manager are privileged access management and privileged session management. Another use case of the solution is password rotation.

How has it helped my organization?

CyberArk Privileged Access Manager improved our organization by identifying the owners of the service accounts. Each service account should be associated with an owner because without an owner, that account becomes an orphan account that nobody can take ownership of, so this means nobody would know what that account is doing. When we brought in CyberArk Privileged Access Manager, it helped us have a roadmap that allowed account ownership and account onboarding. CyberArk Privileged Access Manager gave us a roadmap, a plan to follow, and a guide on how to manage privileged access, and this is very important because we don't want privileged access to be compromised or breached.

Realizing the benefits of CyberArk Privileged Access Manager was a long journey. It was not an easy journey. It was a long journey to put things in place and get them onboarded because not all applications were compatible. It took six months to a year at least, to start the process properly.

The applications which were in Active Directory were easy, for example, it was easy to onboard the accounts and rotate the passwords because that meant only running scheduled tasks. There were a few accounts, however, where the applications weren't compatible with password rotation, particularly old applications or legacy applications that would break if the passwords were changed. To get all those sorted and to get all those in place, and explain what those changes were, took a lot of time, but for accounts that were just running scheduled tasks or services, those were onboarded easily and had their passwords rotated, particularly those which had identified owners.

What is most valuable?

One of the features I found valuable in CyberArk Privileged Access Manager is privileged session management. It's a feature that allows you to record the session, so if there's a risk, that risk can be highlighted.

I also found it valuable that CyberArk Privileged Access Manager can be integrated with PTA, and this means that it will tell you if there's a risk to the logins and signs of risk and if risky behavior is observed. It's a good feature.

Another good feature is the CPM because it helps you rotate the passwords automatically without involving the admins. It can go and update the scheduled tasks and the services. At the same time, if there's an application where it cannot do all of these, CPM will trigger an automatic email to the application owners, telling them that they should go ahead and change the password. This allows you to manage the account password that CyberArk cannot manage, which helps mitigate the risk of old passwords, where the password gets compromised, and also allows you to manage the security of the domain.

Integration is also a valuable feature of CyberArk Privileged Access Manager. It has an application access module function that allows you to integrate and manage applications, including BOT accounts. It also allows you to manage ServiceNow and many other applications.

What needs improvement?

What could be improved in CyberArk Privileged Access Manager is the licensing model. It should be more flexible in terms of the users. Currently, it's based on the number of users, but many users only log in once in four months or once in five months. It would be great if the licensing model could be modified based on user needs. We even have users who have not logged in even once.

Another area for improvement in CyberArk Privileged Access Manager is the release of vulnerability patches because they don't release it for all versions. They would say: "Okay, you should upgrade it to this point. The patches are available", but sometimes it is not feasible to do an upgrade instantly for any environment, because it has to go through the change management process and also have other application dependencies. If that can be sorted out, that would be nice.

For how long have I used the solution?

I've been using CyberArk Privileged Access Manager for around seven years now.

What do I think about the stability of the solution?

CyberArk Privileged Access Manager is a stable solution.

What do I think about the scalability of the solution?

CyberArk Privileged Access Manager is deployed on-premises in the company, so I'm unable to comment on scalability, but they do have a software as a service model, so that's scalable.

How are customer service and support?

Technical support for CyberArk Privileged Access Manager is responsive. As for their timelines for completing tickets, it would depend on the process. Sometimes it takes them less time to respond, and sometimes it takes them longer. They have different levels of support, so if level one is not able to resolve it, they escalate the issue in due time to the next level of support. They're mostly able to help.

On a scale of one to ten, with ten being the best, I'm giving their support an eight. There's always room for improvement, and in their case, in terms of support, what they could improve is their response time, especially their response to business-critical activities or issues.

Which solution did I use previously and why did I switch?

The company was probably using LockBox before using CyberArk Privileged Access Manager, but I'm not sure about that.

How was the initial setup?

Installing CyberArk Privileged Access Manager was easy. It's only the firewall you need to introduce into the environment that takes time, particularly if you're doing an on-premises model.

What was our ROI?

I saw a return on investment from using CyberArk Privileged Access Manager. It's a good privilege access management solution and identity and access management solution as a whole. It's a really good product.

The solution was definitely implemented because it saves you time and money, for example, access management and privileged access management are now automated when in the past, those processes were done manually. The new feature CyberArk DNA was also given free of charge, so that DNA tool can scan the environment for all the vulnerable accounts for password hash attacks, for accounts where the passwords were not changed. That definitely saves time, because that type of scanning would be very difficult for someone to do manually, and the report that comes out of that scan is very objective.

What's my experience with pricing, setup cost, and licensing?

I'm not involved in the purchase of the CyberArk Privileged Access Manager licenses, so I'm unable to comment.

Which other solutions did I evaluate?

I was not part of the evaluation process.

What other advice do I have?

I recently switched jobs, so I was working with CyberArk Privileged Access Manager in my previous organization, and also using it in my current organization. I'm using version 12.2 of the solution.

In terms of maintenance, it can be monitored through SCOM Monitoring, but the vault is standalone. CyberArk Privileged Access Manager can enable SNMP Traps so that the vault can be monitored automatically and it can trigger an incident to the ticketing tool the teams are using. It has the ability for automated monitoring.

My advice to others looking into implementing CyberArk Privileged Access Manager is to know their network properly. If they're doing an on-premises deployment, they should know their network properly, and they should first audit their environment in terms of the accounts they're going to manage on CyberArk Privileged Access Manager. They should also assign the owners and assign everything beforehand to help make implementation faster.

I'm rating CyberArk Privileged Access Manager nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Chris V - PeerSpot reviewer
Senior Information Security Engineer at Optum
Real User
Sep 4, 2023
Great password management, API password retrieval functionality and Rest API retrieval
Pros and Cons
  • "The most valuable aspects of the solution include password management and Rest API retrieval of vaulted credentials."
  • "The solution needs better features for end users to manage their own whitelisting for API retrieval."

What is our primary use case?

We primarily use the product as part of the growing security posture of the company.

How has it helped my organization?

The solution provided password management and API password retrieval functionality. 

What is most valuable?

The most valuable aspects of the solution include password management and Rest API retrieval of vaulted credentials. 

What needs improvement?

The solution needs better features for end users to manage their own whitelisting for API retrieval. 

For how long have I used the solution?

I've used the solution for over a decade. 

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Idira Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Idira Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.