How has it helped my organization?
Day-to-day, normally when administrative access is required for a user, they have a UAC prompt that comes up and they have to click yes or no. When we whitelist an application, it automatically elevates, so it's one less click for the user. It's improving efficiency and it's making it easier for them, at the end of the day.
The tool has great functionality in reducing risk in the environment, especially if an endpoint is compromised. It reduces pass-the-hash and same-account harvesting. And if something were to happen, we would be able to report on that right away and let the SOC know.
In terms of removing local admin credentials on the endpoint and the effect on the size of the attack surface in our organization, it has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know.
We have also been able to reduce the number of local admins. We originally scoped out to only have a certain number of licenses for the software and we have reduced it significantly from what we thought we would need, purely based on a policy perspective and who actually really needs some administrative access.
What is most valuable?
With conventional local administrative access, you have no insight into how users are using that access. With Endpoint Privilege Manager, we have the ability to see how they're using that and then lock down things that aren't appropriate or are not allowed in our company.
At scale, in an enterprise environment, it's very easy to start installing agents on multiple workstations. So if we need to deploy to several thousand more workstations, we will have the ability to do that.
So far, there are a lot of integrations we are using. We are sending logs to a SIEM. We are working with AD to make sure that we are provisioning roles properly at that point. That's where we've left it.
What needs improvement?
If we look at the Privilege Management Inbox, we get a lot of information on what's happening right then and now. But if we would able to filter it down based on a role group or an AD group to say, "Give me all the actions run by this specific AD group," it would be very easy to scope out access for different roles.
What do I think about the stability of the solution?
Overall, the ability on the endpoint is very good for the user. It can be used online and offline. As for the administrative console, there's room for improvement and that is something we've already escalated. We've worked with the R&D teams to address those issues.
What do I think about the scalability of the solution?
Scaling is easy. If you want to put it out on more endpoints, if you need thousands of more workstations, it's very easy to do. CyberArk has easy guidelines on how you should be sizing your infrastructure.
How are customer service and technical support?
Overall, I would rate technical support at seven out of 10. We have had some major issues with the tool, but we have worked with the R&D teams and we have worked with support. There is room for improvement, especially on response times. But they're working on it and they're doing the best they can.
Which solution did I use previously and why did I switch?
We did not have a previous solution. However, we knew that there is a large attack surface in the event that we were to be compromised or fished. We knew that there was a vulnerability and we said, "Okay, we want to get it in front of this so we're not Equifax or CapitalOne or something like that."
How was the initial setup?
It was a pretty straightforward setup. CyberArk does support the documentation for it. We did customize it a little bit more for high-availability. If a server were to go down, we can automatically switch. So overall, it's quite easy to set up, but you can always customize a little bit more.
What was our ROI?
I don't think I could quantify ROI, to be honest. Reducing risk is always something that is going to cost you. But when it comes to share price, stock price, etc., if a breach were to occur that would have huge implications.
What other advice do I have?
If you're going to implement Endpoint Privilege Manager, don't just give everybody EPM and think you're done with it. Spend the time, engineer it, think about it from a project perspective, and deploy it with the concept of least privilege. Really spend the time to make sure it's deployed correctly and all the processes are established so it's smooth sailing from there on in.
Overall, I would rate this product at 8.5 out of 10. The product does exactly what we need it to do. However, we do need a little bit more action and response time with regards to support.
In terms of the effect working with CyberArk has had on my career, it has really put my name on the map with regards to the whole CSO world and IT security, as well as from our company-wide, holistic perspective. People come to me; they know me as the person who will solve problems. Usually, things are very difficult, but at the end of the day, we'll find a solution and implement it. From that perspective, it's giving me a lot more opportunities.