Symantec Privileged Access Manager Reviews

If I remember correctly, it was the two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors. That was pretty huge for us.

Our organization does and uses cloud-based solutions. Those have to be very secure.

Specifically, administrative access needs to be highly secure. When people are accessing the production environment as administrators or as non-end users, they use CA Privileged Access Manager to be able to access it.

Trouble free installation and configuration and not even noticing that it's installed. There's too many steps involved in accessing the production network. Too many things you have to do to get on.

It'd be great if you just stuck in your PIV card and Windows popped up, asked you for your password. You typed it in, then it remembered your credentials.

For about 10 months.

There were some issues with stability.

From what I remember, people would complain that every 30 minutes to an hour or so, their connection would drop and they'd have to reconnect, but it wasn't clear whether that was a problem with the network we were working on or whether that was a problem with Privileged Access Manager.

We didn't run into any scale issues at all. The more people involved, the more it was able to handle.

Yeah, we worked with technology support. They were actually pretty helpful. The couple of problems we had, they were able to identify and help us resolve.

Yeah, we were using OpenVPN. We were using OpenVPN, and the biggest single reason was dual-factor authentication with PIV and CAC. That was the biggest single reason.

I did not personally do the setup. From what I remember, it took a couple of weeks for the security lead to do the work. That's not out of the question or a surprise with a security product, because just getting it operating usually takes a little bit, then getting it fine tuned takes a whole another round of work.

We looked at about a half a dozen, and this one came out to be the best one. We filtered down.

I would say, test it out in your environment, make sure it works out well. If it configures well, and then, assuming it works out fine, you're in good shape.

Access management and security compliance.

It started with the basic features, and gradually they added SCP, FTP, and also the API calls that helped us to meet the Automation at our end.

Role mapping, high availability, coverage of more important AWS data centers in Frankfurt.

I've used this solution for three years

It has been reliable down the line with new features and updates.

Yeah, it still does not support HA in Multi AZ subnets.

Yeah, it's great. I would give it a nine out of 10.

We selected it after the evaluation of multiple products.

It's easy to configure and with the help of their documentation, one can easily do that.

Yeah, this is an expensive product.

It's confidential.

I would say definitely to use it if you've got a high number of systems and are concern about security.

Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated.

The recording feature uses a proprietary format that is very light, even with high definition videos, allowing you to use very little hard drive space. This has proven very valuable when managing large amounts of sessions.

We are now able to record all technical support requests that require a remote control session, therefore accountability has risen reducing the amount of mistakes or errors.

Clients are also more confident that all activities are recorded and everyone is held accountable when asking for support being provided.

With the recently added feature that supports recording VNC sessions, we have been able to expand the session management to the IT personnel who prefer VNC for remote session management.

The support for other remote assistance tools would be excellent. Free included tools in Windows (Remote Assist) and Microsoft SCCM Configuration Manager (ConMgr Remote Control) allow companies to reduce the amount of RDP connections and expand the usage of the tools are frequently used by companies to provide technical support for remote assistance.

This could increase the amount of purchased licenses, with increasing growth of (remote) managed services (MSPs), and would also allow a company to demand that a provider use a tool such as CA PAM when providing remote assistance, in order to record evidence or increase accountability. Access to online training free of charge is also highly recommended.

Over two years.

Not in my experience. It has proven to be a very stable solution, even when it is run as a virtual appliance.

Not in my experience.

I have had a good experience because they have been able to resolve issues nine of 10 in a short period.

The cons are that you are rarely (if ever) able to talk to a technician when calling support. This is frustrating when the issues are critical or urgent.

This is much worse in out of office hours. At times, when the issues are complex, the resolution times has been longer than desired and the time in between contacts is also too long.

There is a lot of space to improve in this area.

No, I have looked at CyberArk, but never used it as a customer.

Session management is pretty straightforward as is the password management. We were able to get it up and running in no time. It might be a bit complex to follow the flow of creating the devices, users, and single sign on using the password vault, so that process could be simplified for those getting started with the solution.

Can’t say much. The prices are not low, but one can ask for a discount. It’s not the cheapest PAM solution.

Yes, CyberArk. We found it too complex and with more features than one would probably need.

If looking for a solution with privileged session management, great recording features with an integrated password vault and Single Sign-On that is pretty straightforward to implement out-of-the-box and does not overwhelm you with unnecessary features, it the best way to go.

It has space for improving the user interface and remote connection tools, but surely this is something that should be in their roadmap.

For me, it is the robust API which is the most valuable feature. This allows for low maintenance costs and allows applications to automatically connect. This is great to automate security of the DevOps pipeline for shared secrets across environments. Also, being on Linux and a virtual appliance is great.

Before we had a vaulting solution that had a manual provisioning of the DB and privileged accounts. Now, we can automate this provisioning through APIs which are easy to understand and implement.

I wish it could create local accounts on desktops. But, what I really want to do with it is automatically manage DevOps pipelines through tools like Docker/Puppet/Chef. It would manage shared secrets to the segregated environments. I am hoping that the API is helpful for this.

We have used it just for a PoC, but we are purchasing it soon. From going through the selection process, we felt CA PAM was the best option for our company.

CA technical support has been very responsive the past couple years. It has come a long way.

I have used ERPM, but it was difficult to upgrade the product. The structure of the vaulting policies was not conducive to Ally’s organization. Plus, it ran on Windows, which in our world you want to always go with a Linux solution, when possible.

In the PoC, it seems very easy to get started.

Don’t go with an agent model. Don’t go with a model that has you buying a thousand different parts. Go with PAM that gives you everything, or you’ll just be paying costs of implementing another tool that PAM would have just given you up front. PAM can monitor exponentially more devices than it competitors. This covers a large audit item for us.

We looked at CyberArk, BeyondTrust, ERPM and ObserveIT.

If you truly want to secure a DevOps world that is constantly changing the architecture and number of boxes, then you need CA PAM.

The password vault and access to the systems are the most valuable features. It meets with the objective of password vault with controlled access to systems.

There are no improvements as it never went live.

It lacks good logging capabilities and the reports are not customized. Also, there are security issues with the 'super' account.

I have tried to implement it for almost two years.

There were no stability issues experienced, but we never went live.

There were no scalability issues experienced, but we never went live.

Technical support is average. They took a long time to provide good answers, only recommended to upgrade SW version which in some environments is not an option and they don’t even know if that will fix the problem.

We were not using any other product before, although now we have changed to another cheaper solution.

The setup was not simple, design took a lot of time, and we had a consultant from CA.

It’s not a cheap solution. The increasing number of licenses are also expensive.

There are other cheaper solutions available in the market.

Gives us the ability to rotate passwords automatically in the vault, on in any interval, via a scheduled job or password view. This takes out the management of passwords from the user and CA PAM can control the password maintenance.

Without getting too specific, we are able to manage root account passwords on 1600+ Linux servers. Our users can transparently login with those credentials when needed.

The OOTB reporting functionality is lacking. The ability to view a simple breakdown of the various data. They offer an all or nothing solution that does work for my organization. We need to be able to distribute reports to various groups that have users working in CA PAM without showing them all the activity. However, there are APIs that can be utilized to make custom reports. The product is good and enhancements are coming to improve the product. Reporting is what is lacking in this version of the product.

We have used the product since September 2016.

At this point, there were no issues with stability.

At this point, there were no issues with scalability.

The technical support has be an essential part of our deployment. They are very responsive and work diligently to resolve the issues.

We didn’t have a previous solution.

We have ten appliances and the setup was straightforward. We had no issues setting up our infrastructure.

I was not involved in the negotiations of the product.

We started out with eight different products and wound up doing an RFP with four finalists, and CA PAM was one of them. The other three were BeyondTrust, CyberArk, and Hitachi ID.

My only advice is to make sure you perform a through PoC in your environment to make sure all aspects of the system work for you.

Some of the valuable features are safe access to company resources, quick, comprehensible, and intuitive management interface, and good integration capabilities. Control on targets could be extended through CA PAM Server Control component. It now includes an optional risk evaluation engine (CA Threat Analytics for Privileged Access Manager).

• Quick setup
• Support for different types of existing user stores
• Management automation through REST interface
• Integration with Identity Management solutions easily for automatic user provisioning.

I would like it to support more types of integration.

We have used this solution since CA acquired Xceedium.

There were no stability issues.

There were no scalability issues.

I would give technical support a rating of an eight out of 10.

Many customers switched to CA PAM, because the list of useful features quickly expands.

The deployment was very fast, as it is commonly deployed as a virtual appliance.

Contact the sales department.

We evaluated Hitachi ID PAM and IBM PIM.

Proceed!

Access control and Password Management, because almost every customer wants to protect and audit their server(s), as well as their credentials.

When a customer uses CA PAM, they can control who can access their server and what they do. So they feel more comfortable when using outsourced engineers to manage their assets.

Reporting, Logging, and support recording for Web App using Java.

Now, the reporting feature on CA PAM only shows the basic information in white-black table format. If I’m a customer, I like to see the reports with colorful charts and pictures.

About the Web App using Java:

Currently, CA PAM only can record and work with a Web Console that doesn't use Java. If a Web Console uses Java and has a pop-up, CA PAM can’t do a recording.

Over three years. I used it before CA acquired Xceedium.

The CA PAM appliance works stably. I didn’t see many errors related to stability.

Not yet.

I appreciate CA technical support. They respond quickly.

No, I didn’t.

Simple for me.

No, I didn’t.

The CA PAM product can help companies/organizations who looking are for Privilege Access Management. CA PAM is an industry leader; a powerful, easy to use solution.