CyberArk PAS Review

The ability to start the project, install and add the passwords in just a few days is valuable.


What is most valuable?

The most valuable feature is the password Vault which gives the administrator control over privileged accounts. The other components that are valuable are Private Session Manager, OPM, Viewfinity, and AIM, which came as an add-on to the organisation's needs. The ability to start the project, install and add the passwords in just a few days brings a big advantage for CyberArk.

How has it helped my organization?

The client can see all the users sessions through PSM, and can protect the applications on servers using AIM. Also, the Privileged Threat Assessment helps the organisation to see all the account risks, including accounts not managed by CyberArk, and accounts/machines with unusual behavior, etc.

What needs improvement?

The DNA scan should be able to scan Unix machines for privileged accounts.

For how long have I used the solution?

PIM tested in the last 2 years.

What was my experience with deployment of the solution?

We didn't have any issues with the deployment.

What do I think about the stability of the solution?

The product is very stable.

What do I think about the scalability of the solution?

I didn't have any issues with the stability. I usually recommend the client to increase the system requirements with 10%.

How are customer service and technical support?

Customer Service:

Customer service is OK in Romania.

Technical Support:

I had direct contact with the local team and they are OK.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

Straightforward when you have the use cases and a SoW. Usually you follow the Installation Manual, and perform the after-installation tests, and you are sure that everything is OK. The only issue I had was with the anti-virus that was left on the server and that deleted some PSM files. You must always double-check the prerequisites, as you can have some surprises with the GPO that overrides your settings.

What about the implementation team?

I was part of the implementation team with support from the vendor.

Which other solutions did I evaluate?

We also looked at BalaBit Shell Control Box.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementation partner with CyberArk.
2 visitors found this review helpful
4 Comments
author avatarRodney Dapilmoto
TOP 5LEADERBOARDReal User

We have CyberArk PAS implemented within our company for the past 5 months now and getting accustomed to the daily operational tasks involved with administering the application. We are running ours in an HA implementation running on VMware with Windows 2012 R2 servers. One of the biggest hurdles we had to get over was the configuration of the Vault Servers to use SHA-2 (SHA-256) security certificates. We are using RSA (RADIUS) two-factor authentication for end users to use CyberArk.

author avatarBirzu Alexandru-Adrian
TOP 20Consultant

Did you try the 9.7 version? CyberArk changed the HA configuration for windows server 2012 R2, and they use their proprietary Secured Cluster Vault. With this version MS Cluster will not be supported with Windows 2012. They will keep the old clustering system only for Windows 2008. Maybe this mode helps your security policies.

author avatarTanmay Kaushal
Consultant

Hi,
Currently I am facing an issue in CyberArk HA with MS Clustering. Issue is that node 1 services are going down automatically and node 2 is taking time to come up. Due to this delay DR server also get active and then conflicting with node 2 EPV. During initial investigation I saw that there is timed out issue occurring between DC's and EPV's. I further investigating it however i am also seeking some help if any one had this issue before.

author avatarOrlee Gillis
Consultant

Tanmay, have you been able to make progress in your investigations of how to solve the difficulties you've been having with MS Clustering?

Guest