We performed a comparison between CyberArk Privileged Access Manager and Symantec Privileged Access Manager based on real PeerSpot user reviews.
Find out in this report how the two Privileged Access Management (PAM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."CyberArk Privileged Access Manager is stable."
"We've written over a hundred custom connectors ourselves that allow us to do all types of privileged session management for various applications. On top of that, the rest of the API-based central credential providers allow us to get away from credentials that may be hard-coded in the script or some application."
"It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization."
"You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily."
"The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself."
"I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors."
"You can easily manage more than 4000 accounts with one PSM."
"It is a robust product."
"You can do A2A integration. You can have your own script, which can then run outside of PA to retrieve the password and perform other tasks."
"Stability is solid as a rock."
"The RDP-gateway: For limiting which server an operator can access."
"For me, it is the robust API which is the most valuable feature. This allows for low maintenance costs and allows applications to automatically connect. This is great to automate security of the DevOps pipeline for shared secrets across environments. Also, being on Linux and a virtual appliance is great."
"We know we can scale up with what we have, and we probably will not need to buy any further appliances down the road."
"It gives you list of servers, so you can see which users have access to which servers. This is really useful, so we can make sure nobody is getting extra access than what is needed."
"Whoever built it from the ground up, they understand how an organization is laid out."
"We can enforce complicated password policies and very important frequent password changes."
"CyberArk has to continue to evolve with that threat landscape to make sure that they're still protecting those credentials that are owned by those that have privileged accounts in the firms."
"It's hard to find competent resellers/support."
"I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs.""
"The initial setup was somewhat complex."
"Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
"I think having a distributed architecture would certainly help this solution."
"The one place where we found that this product really needs to improve is the cloud. Simple integrations don't exist, even today. We don't have anything specific on CyberArk for managing, SaaS products, SaaS vendors, SaaS credentials. I understand it's a vendor-based thing and that they have to coordinate with the other vendors to be able to do that, and there are integrations coming. But these are the major places where CyberArk definitely needs to invest some more time."
"There were a lot of manual steps in the initial setup which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5."
"They need to have zero tier and active-active setup with zero minimum downtime, which they are working on it. "
"They need to do a little bit more on the mainframe side."
"We have to do a lot of manual work to automate features."
"They should include some assignments in the test environment to explore the product's features."
"It'd be great if you just stuck in your PIV card and Windows popped up, asked you for your password. You typed it in, then it remembered your credentials."
"What I hope happens with the new product CA PAM is to keep all the useful features that exist in PA, but what I’ve noticed with many new products is the UI gets polished but systems lags stability and performance or it adds additional complexity instead of simplifying the user experience."
"An improvement for this solution is that it should not be constantly based on user name and password. There should be a condition to edit and update your username."
"The service account management functionality needs to be extended to application pools, SQL database, PowerShell scripts, service account discovery, etc."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
More Symantec Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 41 reviews while Symantec Privileged Access Manager is ranked 18th in Privileged Access Management (PAM) with 3 reviews. CyberArk Privileged Access Manager is rated 8.8, while Symantec Privileged Access Manager is rated 7.8. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of Symantec Privileged Access Manager writes "Allows IT and consultants to access the infrastructure environment but needs more security and better support". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and One Identity Safeguard, whereas Symantec Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), BeyondTrust Endpoint Privilege Management, ARCON Privileged Access Management, Delinea Secret Server and VMware Identity Manager. See our CyberArk Privileged Access Manager vs. Symantec Privileged Access Manager report.
See our list of best Privileged Access Management (PAM) vendors.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.