CyberArk Privileged Access Manager Review

It verifies accounts on a regular basis. It reconciles the account if it has been checked out and used.


What is most valuable?

Account discovery, account rotation, and account management features make it a well-rounded application.

Account discovery allows for auto-detection to search for new accounts in a specific environment such as an LDAP domain. This allows CyberArk to automatically vault workstations, heightened IDs, servers, and other accounts. Once the account is automatically vaulted, the system then manages the account by verifying the account on a regular basis or reconciling the account if it has been checked out and used. The settings for the window that account is using is configurable to the type of account being used.

CyberArk is constantly coming up with new ways to perform auditing, bulk loading accounts, quicker access between accounts and live connections, as well as different ways to monitor account usage and look for outliers.

As companies move further toward a “least privilege” account structure, CyberArk sets the bar for heightened account management.

How has it helped my organization?

In the past, standard practice was to assign role-based rights to standard accounts. Moving away from this structure allows us to require that all heightened access accounts be “checked out” and only operate within a set window. CyberArk analytics provide real-time monitoring to ensure accounts are only used by the correct people at the correct time.

What needs improvement?

Like any software, improvements and upgrades are a necessity. As CyberArk is used by many Fortune 100 and Global 2000 companies, they offer custom solutions that need to be continuously improved as the company changes. I am looking forward to new ways to utilize accounts within the current CyberArk system allowing a more seamless flow for technicians.

For how long have I used the solution?

I have used it for 19 months.

What do I think about the stability of the solution?

Beyond the servers and security devices necessary to run CyberArk, it maintains surprisingly few dependencies. It is capable of secure hardening with the capacity for multiple failovers that can exist and work without the use of LDAPs or external databases. CyberArk has been the most stable platform I have ever worked on and our redundancies allow for 100% uptime.

What do I think about the scalability of the solution?

Scalability has not been a problem. I have worked on multiple improvements and increases, as we continuously increase the number of domains and types of accounts CyberArk manages. There is not currently an end in sight for the number and types of accounts we are adding.

How are customer service and technical support?

CyberArk technical support is top notch. They provide ticketing and immediate escalation of issues, as well as direct resources for more immediate problems. CyberArk R&D has also provided valued updates to custom applications we use internally.

Which solution did I use previously and why did I switch?

With data breaches and ransomware becoming the standard that companies now face, a more elegant solution was desired from standard network and physical security. Accounts that can be found or socially engineered out of people has been a long-standing tradition for criminals and bored teenagers. Reducing the window any account can be used provides a more secure network.

How was the initial setup?

Setting up and learning a new platform is always a complex undertaking. This is why CyberArk provides local hands-on support to get the system set up and the company’s techs trained. The base setup will differ from company to company, based on their immediate needs and what they wish to accomplish immediately. Heightened IDs, local workstation IDs, off-network server accounts, service IDs… the list goes on and on.

What's my experience with pricing, setup cost, and licensing?

There are a handful of options out there providing similar services. However, none of them are as far along or provide as much stability and innovation as CyberArk. Pricing and licensing are going to depend on a great many factors and can be split up from when the system is originally implemented, and upgrades and new software down the line. All that being said, the money in question was not a deterrent in picking CyberArk for our solution.

Which other solutions did I evaluate?

We have tested a great deal of products, many of which are being used in the company for various other purposes; Avecto, Dell, Thycotic, to name a few. Centrify was the other primary system that we really carefully reviewed. In the end, the features and interface of CyberArk won out.

What other advice do I have?

CyberArk is an innovative set of tools that are easily learned. Getting deeper into the product allows for a great deal of complex settings that can be learned via high level implementation guides as well as a CyberArk certification.

Which version of this solution are you currently using?

9.7
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More CyberArk Privileged Access Manager reviews from users
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,189 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest
2 Comments

author avatarRodney Dapilmoto
Top 10LeaderboardReal User

Can you share how to setup auto detection with Accounts Discovery in an environment using LDAP authentication?

author avatarit_user519366 (Information Security Advisor at a insurance company with 1,001-5,000 employees)
Vendor

Account discovery as opposed to system (servers, workstations) discovery is a little more complex. This functionality comes down to scripting. Set up scripts that search your chosen domains looking for heightened accounts. To automatically add new accounts, your script will need to match the heightened account to the bind account used in the login domain. Then search for current safes, and either update them or create them. System Discovery is a simple setting in CyberArk that can be configured as you go.