We performed a comparison between CyberArk Endpoint Privilege Manager and CyberArk Privileged Access Manager based on real PeerSpot user reviews.
Find out in this report how the two Privileged Access Management (PAM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."CyberArk Endpoint Privilege Manager is very easy to manage, which I like. The solution also has a dashboard where you can see which software is suspicious, which I find valuable."
"I like that you can remove the admin rights from the user's computer and have control over the environment. That means you can delete the local admins and grant them proper privileges with the console. So, they will get proper permissions for applications they need, but we don't have to do it. In the domain where we don't have control, the user can only do specified actions, but not all of them."
"This is the number one product for privilege account security."
"We were able to reduce the number of privileged accounts by 50%, which helped to simplify our privileged access management environment."
"The feature called PTA, which stands for Privileged Threat Analytics keeps track of what admins are doing and works with Centimeters. If something fishy is going on with a user's credentials, it alerts the security team so they can act fast. Plus, it automates stuff like resetting credentials or blocking users. So, if there's a potential hack, CyberArk can change passwords and lock out users in a snap. It also gives you a heads-up if anything unusual is going on with server activities, like someone creating new users with uncontrolled credentials."
"The product is very flexible"
"It has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know."
"CyberArk Endpoint Privilege Manager (EPM) 's most valuable feature is its ability to manage user application privileges and protect against ransomware attacks by controlling access to specific files and applications."
"You can easily manage more than 4000 accounts with one PSM."
"We are able to rotate privileged user passwords to eliminate fraudulent use."
"With CyberArk, you can be fully confident that your existing accounts are secure. You will be 100 percent"
"The voice technology is very good."
"It takes people out of the machine work of ensuring credentials remain up-to-date, and handles connection brokering such that human usage and credential management remain independent."
"Securely protects our TAP/NUID and privileged access accounts within the company."
"I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault."
"Allows secure, logged access to highly sensitive servers and services."
"The solution's pricing could be better."
"We have had some major issues with the tool, but we have worked with the R&D teams and we have worked with support. There is room for improvement, especially on response times. But they're working on it and they're doing the best they can."
"They need much better integration with Azure AD."
"Performance could be better. We have a couple of problems with CyberArk right now. One of the problems is performance in our environment. Support also takes a long time to respond. If the user already has local admin rights, then I can't collect any events in the console from this device. There are also some options in CyberArk that are not working properly, and are not helpful in this case. I can't collect any information to create a proper policy for the device. I have to investigate everything manually, or even disable the local admin from the device. I can collect the events only after this, and it's very time consuming. In my case, it's a waste of resources."
"The product needs a streamlined user interface; improvements to the user interface can enhance user experience and make the solution more intuitive to navigate."
"The tool should be more user-friendly."
"It cannot be on-prem. It is only cloud-based. Sometimes, that's a restriction in terms of usage."
"The installation process is pretty difficult."
"This product needs professional consulting services to onboard accounts effectively based user profiles."
"When I was a component owner for PAM's Privileged Threat Analytics (PTA) component, what I wanted was a clear mapping to the MITRE ATT&CK framework, a framework which has a comprehensive list of use cases. We reached out to the vendor and asked them how much coverage they have of the uses cases found on MITRE, which would have given us a better view of things while I was the product owner. Unfortunately they did not have the capability of mapping onto MITRE's framework at that time."
"Report creation could be improved. The policies could be more customized."
"It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile."
"Overall what I would really love to see is the third-party PAS reporter tool pulled more into the overall solution, ideally as its own deployable component service installation package."
"The PTA could be improved. Currently, companies often have multiple domains and sometimes it's difficult to implement CyberArk in this kind of infrastructure. For example, you can add CPM (Central Policy Manager) and PSM (Privileged Session Manager and PVWA (Password Vault Web Access) for access, but if you want to add PTA (Privileged Threat Analysis) to scan Vault logs, it is difficult because this component may be adding multiple domain environments."
"The support services could act faster when people reach out to resolve issues."
"The product could be easier to use. More work needs to be done on this aspect; it is not good enough yet. It also takes up a lot of server space. Sometimes we need to use up to seven servers."
More CyberArk Endpoint Privilege Manager Pricing and Cost Advice →
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Endpoint Privilege Manager is ranked 6th in Privileged Access Management (PAM) with 28 reviews while CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 144 reviews. CyberArk Endpoint Privilege Manager is rated 8.2, while CyberArk Privileged Access Manager is rated 8.8. The top reviewer of CyberArk Endpoint Privilege Manager writes "Offers integrated solutions and expands its capabilities through strategic acquisitions". On the other hand, the top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". CyberArk Endpoint Privilege Manager is most compared with Microsoft Defender for Endpoint, BeyondTrust Endpoint Privilege Management, CrowdStrike Falcon, Tanium and Cortex XDR by Palo Alto Networks, whereas CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and F5 BIG-IP Access Policy Manager (APM). See our CyberArk Endpoint Privilege Manager vs. CyberArk Privileged Access Manager report.
See our list of best Privileged Access Management (PAM) vendors.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.