Most Helpful Review
Find out what your peers are saying about CyberArk PAS vs. Palo Alto Networks VM-Series and other solutions. Updated: September 2019.
406,860 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
CyberArk has been easy for us to implement and the adoption has been good. We've been able to standardize a bunch of things. We've been able to standardize relatively easily with the use of the platforms and managing the policies.
CyberArk is a very stable product and it's a stable product because it has a simple design and a simple architecture that allows you to leverage the economies of scale across the base of your infrastructure that you already have implemented. It doesn't really introduce any new complex pieces of infrastructure that would make it that much more difficult to scale.
When we started with RPA, there was a requirement that every credential and the bots themselves be protected through the PAM system. From the get-go, we've had CyberArk in the middle... We've got a pretty robust RPA implementation with our PAM platform. Users, bots, the credentials — everything is managed via our PAM solution.
Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control.
The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task.
For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks.
There are no issues with scalability. Our clients are very happy to use the product.
We are maintaining compliance in PCI, SOX and HIPPA, which is a big thing. Auditors really like it, and it has made us stay compliant.
Embedding it into my application development lifecycle prevents data loss and business disruption, allowing the adoption to operate at the speed of my AWS Cloud.
It has a good performance which helps you with the stability of your virtual environment.
In AWS, Palo Alto provides us a better view than flow logs for network traffic.
App-ID and User-ID have repeatedly shown value in securing business critical systems.
It provides complete security posture from end-to-end. This has given us better visibility into what our security aspects are.
You already can scale it if you put it in Auto Scaling groups. If you put it in a load balancer, it should already be able to scale.
It allows us to see all our traffic to properly secure it and only allow what is needed through the firewall.
It offers a single pane of glass for all the different types of installations.
There is a bit of a learning curve, but it's a pretty complex solution.
CyberArk has to continue to evolve with that threat landscape to make sure that they're still protecting those credentials that are owned by those that have privileged accounts in the firms.
The one place where we found that this product really needs to improve is the cloud. Simple integrations don't exist, even today. We don't have anything specific on CyberArk for managing, SaaS products, SaaS vendors, SaaS credentials. I understand it's a vendor-based thing and that they have to coordinate with the other vendors to be able to do that, and there are integrations coming. But these are the major places where CyberArk definitely needs to invest some more time.
It's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers.
Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use.
Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server.
The initial setup of CyberArk is a challenge if you do not have prior experience with it.
Make it easier to deploy.
It can definitely improve on the performance.
It has to be more scalable for the deployment of VMs on the cloud.
I would like to see a more thorough QA process. We have had some difficulties from bugs in releases.
We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID.
The product could provide protection above Layer 3, which gets into the application layer and provides better visibility into those aspects of application security.
On the cloud side, they need to come up with more HA solutions to support the multi-region.
AWS doesn't integrate well with third-party firewalls.
I would like a way to do everything programmatically, or be able to copy the configs from different prices at different levels.
Pricing and Cost Advice
In comparison to other products on the market, CyberArk is a more costly product.
This solution is considered to be more expensive than others out there on the market today.
I do not have any opinions to add about the pricing of the product.
No, I do not have any advice on the price of the product.
Network and security licenses are currently being managed by other outsource vendors, so they are facing some type of problems in the digital aspect.
With reducing the privileged account access, there has been a huge improvement. They are now bringing more accounts on a little at a time.
If you are looking at implementing this solution, buy the training and go to it.
Our risk is definitely significantly lower. Also, our resources are low.
The pricing and licensing of this product on AWS should be from $1.28/hr or $4,500.00/yr. Then, it would be a good price for the performance that it delivers.
We used BYOL, because of the cost to own.
The pricing and licensing of this product on AWS for a three-year commitment is a great deal, if you can plan that far ahead.
Because the solution was getting deployed on AWS, it was the best place to go and it was available there.
One of the factors for selecting Palo Alto was they had flexible pricing. They had a pay-as-you-go model. Comparable to other products, such as Check Point, the price point was definitely a plus.
The pricing was expensive but it was comparable to the competition.
AWS is available as a AMI that you can purchase from the AWS Marketplace. Therefore, you need to purchase the licensing, since it is per AMI. Then, you deploy it on a regular EC2. Then, for on-premise, you can use both Palo Alto's software and hardware.
The price is not bad. They have a yearly renewal fee, and the pricing is exactly where we expect it to be.
out of 30 in Privileged Access Management
Average Words per Review
out of 48 in Firewalls
Average Words per Review
Compared 15% of the time.
Compared 9% of the time.
Compared 8% of the time.
Compared 27% of the time.
Compared 16% of the time.
Compared 8% of the time.
Also Known As
|CyberArk Privileged Access Security, CyberArk Privileged Account Security, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager, On-Demand Privileges Manager, Endpoint Privilege Manager|
|CyberArk||Palo Alto Networks|
CyberArk is the trusted expert in privileged account security. Designed from the ground up with a focus on security, CyberArk has developed a powerful, modular technology platform that provides the industry's most comprehensive Privileged Account Security Solution.
The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.
The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.
In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
Learn more about CyberArk PAS
Learn more about Palo Alto Networks VM-Series
|Rockwell Automation||Warren Rogers Associates|
Financial Services Firm28%
Software R&D Company31%
Comms Service Provider15%
Financial Services Firm9%
Software R&D Company34%
Comms Service Provider8%
Writing And Editing Position7%