What is our primary use case?
Its performance is excellent. We have had multiple use cases:
- It is PSM, so as a jump box to our servers.
- We use it as a primary mechanism for all our consultants and auditors to access our systems. So, they come in through a Citrix app, then it is used by PVWA to access all the servers.
We are currently using CyberArk to secure applications with credentials and endpoints.
We plan on utilizing CyberArk to secure infrastructure and applications running in the cloud going forward. We are looking into possibly AWS or Azure.
How has it helped my organization?
- It has helped from an auditing perspective identify who has access to privileged accounts.
- We are able to now track who is accessing systems.
- It provides an accountability to the individuals who are using it, knowing that it is audited and tracked.
It has become one of the primary components that we have. We also utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs.
What is most valuable?
The auditing and recording are incredible. Also, we have started using the AIM product to get rid of embedded passwords.
What needs improvement?
Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
It is very stable. We have never had any downtime; no issues. We worked with support on several upgrades, and are looking forward to the 10.x upgrade.
What do I think about the scalability of the solution?
We have no issues with scalability. We are using it in a pretty wide environment. We also use it in our business continuity environment with no issues.
How are customer service and technical support?
I evaluate the technical support very highly. Although, the individuals who we worked with were very technical. If they did not know something, they pulled in somebody right away.
Also, one of the best attributes is the customer success team. We found great value in working with customer success and their team.
If there are defects or issues, over the years, CyberArk management has listened to them and resolved those issues. Not many organizations respond to their customer feedback as well as CyberArk has.
Which solution did I use previously and why did I switch?
We did not have a previous solution. We have always used CyberArk.
From a risk landscape, we knew that privilege accounts were where attackers were going, doing lateral movements. These are keys of the kingdom which protect those, and that is why we focused in this area.
How was the initial setup?
The initial setup was very complex. There were a lot of manual process. Over the years, we have seen a significant transition in the installation scripts, the setup, and the custom capabilities. So, CyberArk has come a long way since the beginning.
The upgrade processes have also improved.
What was our ROI?
We now know where our privileged accounts are and how to manage them. So, it is more from an exposure standpoint.
Which other solutions did I evaluate?
What other advice do I have?
Take your time. It is not a quick hit, where I am going to put it in today and be done. It is a process. The cyber hygiene program is a crucial aspect of how to implement this successfully.
I do have experience with the new plugin generator utility. We have been using it for a short period of time. It is not fully in production yet, but it seems to be quite good.
Most important criteria when selecting a vendor: Technical ability, not only in the product, but in the industry as a whole. This helps set CyberArk apart. They are not only experts in their product, but they are experts in the industry, including Red Team capabilities. They are gearing their product towards the defending of what the active exploits are, not something that has been done in the past.
Which version of this solution are you currently using?