CyberArk PAS Review

It is clientless, and does not require any third-party product for any of its operations.


Valuable Features

Every feature of this product - Password Management, Session Management and so on has its own value depending on different use cases, but I like:

  • It's a clientless product and does not require any third-party product for any of its operations (Password Management, Privileged Session Management).
  • For password and session management, it can integrate with any device/script with a password OOB or via a custom plugin.
  • Compared to other products, CyberArk is extremely easy to install and configure.

Improvements to My Organization

Due to regular growth of an organization infrastructure, managing passwords within the organization becomes extremely difficult.

In larger organizations with a large user and infrastructure base, it can be very difficult to ensure that the passwords for privileged accounts are changed according to the organization security policy. This can be especially true in case of local admins for Windows and Unix boxes. Unmanaged/neglected local admins accounts lead to a major security threat.

Another major risk is to monitor activities and usages associated with privileged accounts to hold people accountable for their actions.

CyberArk helps organizations to manage all the privileged account passwords (server or workstation) in a centralization location as per organizational security policies. It also helps to hold people accountable by controlling and managing password usage using privileged session management.

Accountability is set up using CyberArk OOB temper-proof reports.

Room for Improvement

CyberArk has evolved a lot in the last 16 years and has nearly all the features required for effective operation. The only area for improvement is using a native client while connecting to the target device instead of the current method of using a web portal (PVWA). CyberArk seems to be working on this area and we expect these features in coming versions.

It would be great if in the future CyberArk considers launching an installer for Unix-based OSs.

Use of Solution

I have been using this product since 2010.

Stability Issues

In my seven years of experience with CyberArk products, I have never seen an unstable environment due to product functionality. It's always lack of proper planning, inexperience and faulty configuration that leads to an unstable environment.

Scalability Issues

CyberArk can be horizontally and vertically scaled, if it is well thought out during panning phase. As an example, if an organization feels that they may need high availability of Vault servers (CyberArk’s centralized storage for passwords and audit data) in the foreseeable future, they should consider installing CyberArk Vault in cluster mode instead of standalone mode. One can't use a standalone vault as a cluster vault or convert a standalone vault to a cluster vault, but in terms of increasing the number of passwords and session recording, underlying hardware can be scale to achieve desired size.

Customer Service and Technical Support

Three-year support (unlimited case and call support) is free with license purchase but I would say sometimes it's not sufficient to resolve the issues with this model.

Nonetheless, CyberArk Profession Services is quite impressive, even though it's a costly affair.

Previous Solutions

I was part of the PIM product evaluation team at my previous organization. I stayed with CyberArk because is it's extremely easy to implement, and very stable when implemented with well-thought-out planning and experience. It has all of the required features for a PIM product, it does not have dependencies on third-party products for it to function and it is clientless.

Initial Setup

Initial set up is super simple and if planned properly, can be installed within a couple of hours.

Pricing, Setup Cost and Licensing

I cannot comment much on this because CyberArk has different pricing for its partners or resellers, and might also vary according to size of procurement.

Other Solutions Considered

Before choosing this product, I also I evaluated NetIQ PIM, Dell TPAM, CA PIM and ARCOS.

Other Advice

Invest as much as possible in the planning and design phase. Consider at least future three-year growth in password and user base such as growth in virtual environments, and size accordingly. Also consider requirements like high availability of vaults, PSM and other components.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 Comment
Riyas AbdulkhaderConsultant

New version 10.x had made the PAS Solution more graphical for the end users.
Its uses the new gen CPMs and so can overcome the reconcile delays.
Dashboard views also make it a bit enhanced.

14 June 18
Guest
Sign Up with Email