What is our primary use case?
My primary use case for the product is essentially to secure our privileged accounts, and it's performing amazingly.
What it allows us to do is to rotate the credentials for privileged accounts. It ensures we understand where the accounts are being used and that they are staying compliant with our EISB Policy, which is a policy to change passwords. Thus, attackers find it harder to get in and steal an old password which is just sitting out on a system.
We utilize CyberArk secure infrastructure. We are moving towards applications in the cloud, but we do not currently have that. We are also utilizing CyberArk secure application credentials and endpoints.
How has it helped my organization?
The benefits are the way it allows us to secure accounts, but also be agile with providing privileged usage to our users. It is performing quite well, because it allows us to basically do what the user wants us to do, but in a secure manner. So, everyone is happy. Most of all, we don't have any breaches.
It enables us to secure accounts and make sure they are compliant. Then, when the accounts are not compliant, it gives us the data so we can reach out to account owners, and say, "Your accounts aren't within our ESP policy. We need you to become compliant." This allows us to not only secure them, but keep track of what accounts are moving out of that secure boundary.
What is most valuable?
The most valuable would be the REST API on top of PTA, which we do not have installed yet, but we are looking to install it moving forward in the future. What it enables us to do is if someone takes a privileged account and logs into a machine that we do not know about, it will alert us and log that they have logged in. It allows us to take that identify back and rotate the credentials, so we now own it instead of the intruder going out and using a rogue account.
What needs improvement?
More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet. I would like to see that to be more of a one-on-one transition, and be fully built.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It is very stable. We are going to upgrade by the end of this year, if not early next year, to the most recent version 10.12.
What do I think about the scalability of the solution?
The scalability is incredible. They just released Marketplace, and they are constantly releasing updates to the components and adding new components, like Conjur. This is something that we ran into with Secret Server and DevOps, so it is already scalable, but becoming more so in the future.
How is customer service and technical support?
The technical support is wonderful. We get the right person. They answer very quickly, giving us solutions which actually work. If we can't get a solution from them right away, we can tap into the community with the tools that they have given us, and work with people from other companies who have already solved the same issue.
How was the initial setup?
I was involved in the upgrading processes, but not the initial setup. Upgrading is lengthy, because we have quite a few components, but it is definitely straightforward.
What was our ROI?
It has started new projects at our organization. So, we can see where our current landscape is for our privileged accounts, then we try to make them more secure.
What other advice do I have?
Try a demo, if you can. Make it a hands-on with some of the components and see what they offer you.
I have used other privileged account management tools in the past. This, by far, outranks them as far as features and usability. The integrations on top of that as well.
Each new product that our company buys, we turn to CyberArk, and they are say, "Yes, we integrate with that."
I have used the new generator utility plugin once, so not extensive experience, but I have used it. It does work.
Most important criteria when selecting a vendor: They integrate with CyberArk.