CyberArk Privileged Account Security Review
The ability to start the project, install and add the passwords in just a few days is valuable.


Valuable Features

The most valuable feature is the password Vault which gives the administrator control over privileged accounts. The other components that are valuable are Private Session Manager, OPM, Viewfinity, and AIM, which came as an add-on to the organisation's needs. The ability to start the project, install and add the passwords in just a few days brings a big advantage for CyberArk.

Improvements to My Organization

The client can see all the users sessions through PSM, and can protect the applications on servers using AIM. Also, the Privileged Threat Assessment helps the organisation to see all the account risks, including accounts not managed by CyberArk, and accounts/machines with unusual behavior, etc.

Room for Improvement

The DNA scan should be able to scan Unix machines for privileged accounts.

Use of Solution

PIM tested in the last 2 years.

Deployment Issues

We didn't have any issues with the deployment.

Stability Issues

The product is very stable.

Scalability Issues

I didn't have any issues with the stability. I usually recommend the client to increase the system requirements with 10%.

Customer Service and Technical Support

Customer Service:

Customer service is OK in Romania.

Technical Support:

I had direct contact with the local team and they are OK.

Previous Solutions

No.

Initial Setup

Straightforward when you have the use cases and a SoW. Usually you follow the Installation Manual, and perform the after-installation tests, and you are sure that everything is OK. The only issue I had was with the anti-virus that was left on the server and that deleted some PSM files. You must always double-check the prerequisites, as you can have some surprises with the GPO that overrides your settings.

Implementation Team

I was part of the implementation team with support from the vendor.

Other Solutions Considered

We also looked at BalaBit Shell Control Box.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementation partner with CyberArk.
2 visitors found this review helpful

4 Comments

We have CyberArk PAS implemented within our company for the past 5 months now and getting accustomed to the daily operational tasks involved with administering the application. We are running ours in an HA implementation running on VMware with Windows 2012 R2 servers. One of the biggest hurdles we had to get over was the configuration of the Vault Servers to use SHA-2 (SHA-256) security certificates. We are using RSA (RADIUS) two-factor authentication for end users to use CyberArk.

Like (0)04 July 16
Birzu Alexandru-AdrianConsultantTOP 5POPULAR

Did you try the 9.7 version? CyberArk changed the HA configuration for windows server 2012 R2, and they use their proprietary Secured Cluster Vault. With this version MS Cluster will not be supported with Windows 2012. They will keep the old clustering system only for Windows 2008. Maybe this mode helps your security policies.

Like (0)04 July 16
Tanmay KaushalConsultant

Hi,
Currently I am facing an issue in CyberArk HA with MS Clustering. Issue is that node 1 services are going down automatically and node 2 is taking time to come up. Due to this delay DR server also get active and then conflicting with node 2 EPV. During initial investigation I saw that there is timed out issue occurring between DC's and EPV's. I further investigating it however i am also seeking some help if any one had this issue before.

Like (0)22 July 16
Orlee GillisCommunity Mgr

Tanmay, have you been able to make progress in your investigations of how to solve the difficulties you've been having with MS Clustering?

Like (0)06 October 16
Guest
Why do you like it?

Sign Up with Email