We were able to reduce the number of privileged accounts by 50%, which helped to simplify our privileged access management environment. 

We were able to automate the process of rotating privileged passwords, which saved us 100 hours of manual work each year. 

We were able to detect and block a number of unauthorized access attempts, which helped to prevent data breaches. 

We were able to meet the requirements of the PCI DSS, which helped to protect our customers' data.

With the solution, we met regulatory requirements. CyberArk has helped us to meet specific regulatory requirements for privileged access management. For example, CyberArk has helped us audit all privileged access to sensitive systems and data,

The solution reduces the stress of managing privileged accounts that log into servers and network devices. We're also looking to onboard service accounts, and the solution takes care of the rotation while meeting the password policy and auditing and recording user sessions. The solution manages privilege sessions. The solution is also part of a zero-trust architecture where we see what admin users do on the servers.

By securing our endpoints, we are preventing attackers from using the domain accounts we have that are administrative accounts. For example, your credentials are cached when you log into a Windows computer, so attackers look out for those, and if it's an admin account, it will be what they need. Another good thing about this product is that even if you have a local account, you can provision that account so that the password is unique on all computers. So if you have their account credentials on a single computer, it doesn't mean you can use that same account and password to log into another computer or workstation. It also prevents using any accounts to jump from one host to another or move laterally, which is another important one for us.

Day-to-day, normally when administrative access is required for a user, they have a UAC prompt that comes up and they have to click yes or no. When we whitelist an application, it automatically elevates, so it's one less click for the user. It's improving efficiency and it's making it easier for them, at the end of the day.

The tool has great functionality in reducing risk in the environment, especially if an endpoint is compromised. It reduces pass-the-hash and same-account harvesting. And if something were to happen, we would be able to report on that right away and let the SOC know.

In terms of removing local admin credentials on the endpoint and the effect on the size of the attack surface in our organization, it has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know.

We have also been able to reduce the number of local admins. We originally scoped out to only have a certain number of licenses for the software and we have reduced it significantly from what we thought we would need, purely based on a policy perspective and who actually really needs some administrative access.

It's helped us manage our security processes. Our main goal is to have more specified permissions for the users and to take back control of the environment. Because local admins are used globally, there isn't much control in the environment. But with this, we can know what's going on and report it properly.

Prior to using this solution, we did not know where our accounts were being created. The DNS scanning is a very good tool that allows us to manage existing accounts.

It identifies the original source, and all instances of malicious applications in the environment.