We just raised a $30M Series A: Read our story

CyberArk Endpoint Privilege Manager OverviewUNIXBusinessApplication

CyberArk Endpoint Privilege Manager is #28 ranked solution in endpoint security software. IT Central Station users give CyberArk Endpoint Privilege Manager an average rating of 8 out of 10. CyberArk Endpoint Privilege Manager is most commonly compared to BeyondTrust Endpoint Privilege Management:CyberArk Endpoint Privilege Manager vs BeyondTrust Endpoint Privilege Management. The top industry researching this solution are professionals from a computer software company, accounting for 27% of all views.
What is CyberArk Endpoint Privilege Manager?

CyberArk Endpoint Privilege Manager enables organizations to enforce least privilege policies for business and administrative users, as well as control applications to reduce the attack surface without halting productivity. The solution helps organizations revoke everyday local administrator privileges from business users while seamlessly elevating privileges when required by trusted applications. CyberArk Endpoint Privilege Manager also enables security teams to enforce granular least privilege policies for IT administrators, helping organizations effectively segregate duties on Windows servers. Complementing these privilege controls, the solution also delivers application controls, which are designed to manage and control which applications are permitted to run on endpoints and servers and prevent malicious applications from penetrating the environment.

CyberArk Endpoint Privilege Manager is also known as Viewfinity.

CyberArk Endpoint Privilege Manager Buyer's Guide

Download the CyberArk Endpoint Privilege Manager Buyer's Guide including reviews and more. Updated: November 2021

CyberArk Endpoint Privilege Manager Customers

Clearstream, McKesson, Boston Childrens Hospital

CyberArk Endpoint Privilege Manager Video

Pricing Advice

What users are saying about CyberArk Endpoint Privilege Manager pricing:
  • "Pricing depends on how many devices you use. Right now, on-premise, it costs us a little, but it's worth it. It seems like the cloud solution is much more expensive. We got this solution one year ago, and it's like we bought the solution, and now they are not going to support it on-premise anymore. We are in the implementation phase, and we missed this, and we already paid for the licenses. This is wasted time from my perspective, and CyberArk should be more customer-friendly."
  • "I think that it was in the range of $200,000 that had to get approved."

CyberArk Endpoint Privilege Manager Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
WarranGrin
Enterprise Cyber Security Advisor at a energy/utilities company with 5,001-10,000 employees
Real User
Top 20
Enables us to see how users use their access and lock down things that aren't appropriate

Pros and Cons

  • "It has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know."
  • "We have had some major issues with the tool, but we have worked with the R&D teams and we have worked with support. There is room for improvement, especially on response times. But they're working on it and they're doing the best they can."

How has it helped my organization?

Day-to-day, normally when administrative access is required for a user, they have a UAC prompt that comes up and they have to click yes or no. When we whitelist an application, it automatically elevates, so it's one less click for the user. It's improving efficiency and it's making it easier for them, at the end of the day.

The tool has great functionality in reducing risk in the environment, especially if an endpoint is compromised. It reduces pass-the-hash and same-account harvesting. And if something were to happen, we would be able to report on that right away and let the SOC know.

In terms of removing local admin credentials on the endpoint and the effect on the size of the attack surface in our organization, it has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know.

We have also been able to reduce the number of local admins. We originally scoped out to only have a certain number of licenses for the software and we have reduced it significantly from what we thought we would need, purely based on a policy perspective and who actually really needs some administrative access.

What is most valuable?

With conventional local administrative access, you have no insight into how users are using that access. With Endpoint Privilege Manager, we have the ability to see how they're using that and then lock down things that aren't appropriate or are not allowed in our company.

At scale, in an enterprise environment, it's very easy to start installing agents on multiple workstations. So if we need to deploy to several thousand more workstations, we will have the ability to do that.

So far, there are a lot of integrations we are using. We are sending logs to a SIEM. We are working with AD to make sure that we are provisioning roles properly at that point. That's where we've left it.

What needs improvement?

If we look at the Privilege Management Inbox, we get a lot of information on what's happening right then and now. But if we would able to filter it down based on a role group or an AD group to say, "Give me all the actions run by this specific AD group," it would be very easy to scope out access for different roles.

What do I think about the stability of the solution?

Overall, the ability on the endpoint is very good for the user. It can be used online and offline. As for the administrative console, there's room for improvement and that is something we've already escalated. We've worked with the R&D teams to address those issues.

What do I think about the scalability of the solution?

Scaling is easy. If you want to put it out on more endpoints, if you need thousands of more workstations, it's very easy to do. CyberArk has easy guidelines on how you should be sizing your infrastructure.  

How are customer service and technical support?

Overall, I would rate technical support at seven out of 10. We have had some major issues with the tool, but we have worked with the R&D teams and we have worked with support. There is room for improvement, especially on response times. But they're working on it and they're doing the best they can.

Which solution did I use previously and why did I switch?

We did not have a previous solution. However, we knew that there is a large attack surface in the event that we were to be compromised or fished. We knew that there was a vulnerability and we said, "Okay, we want to get it in front of this so we're not Equifax or CapitalOne or something like that."

How was the initial setup?

It was a pretty straightforward setup. CyberArk does support the documentation for it. We did customize it a little bit more for high-availability. If a server were to go down, we can automatically switch. So overall, it's quite easy to set up, but you can always customize a little bit more.

What was our ROI?

I don't think I could quantify ROI, to be honest. Reducing risk is always something that is going to cost you. But when it comes to share price, stock price, etc., if a breach were to occur that would have huge implications.

What other advice do I have?

If you're going to implement Endpoint Privilege Manager, don't just give everybody EPM and think you're done with it. Spend the time, engineer it, think about it from a project perspective, and deploy it with the concept of least privilege. Really spend the time to make sure it's deployed correctly and all the processes are established so it's smooth sailing from there on in.

Overall, I would rate this product at 8.5 out of 10. The product does exactly what we need it to do. However, we do need a little bit more action and response time with regards to support.

In terms of the effect working with CyberArk has had on my career, it has really put my name on the map with regards to the whole CSO world and IT security, as well as from our company-wide, holistic perspective. People come to me; they know me as the person who will solve problems. Usually, things are very difficult, but at the end of the day, we'll find a solution and implement it. From that perspective, it's giving me a lot more opportunities.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PM
IT Security Service Specialist at a manufacturing company with 10,001+ employees
Real User
Top 20
An endpoint security solution with a useful admin rights management feature, but performance could be better

Pros and Cons

  • "I like that you can remove the admin rights from the user's computer and have control over the environment. That means you can delete the local admins and grant them proper privileges with the console. So, they will get proper permissions for applications they need, but we don't have to do it. In the domain where we don't have control, the user can only do specified actions, but not all of them."
  • "Performance could be better. We have a couple of problems with CyberArk right now. One of the problems is performance in our environment. Support also takes a long time to respond. If the user already has local admin rights, then I can't collect any events in the console from this device. There are also some options in CyberArk that are not working properly, and are not helpful in this case. I can't collect any information to create a proper policy for the device. I have to investigate everything manually, or even disable the local admin from the device. I can collect the events only after this, and it's very time consuming. In my case, it's a waste of resources."

What is our primary use case?

We use CyberArk Endpoint Privilege Manager mainly for privilege management.

How has it helped my organization?

It's helped us manage our security processes. Our main goal is to have more specified permissions for the users and to take back control of the environment. Because local admins are used globally, there isn't much control in the environment. But with this, we can know what's going on and report it properly.

What is most valuable?

I like that you can remove the admin rights from the user's computer and have control over the environment. That means you can delete the local admins and grant them proper privileges with the console. So, they will get proper permissions for applications they need, but we don't have to do it. In the domain where we don't have control, the user can only do specified actions, but not all of them.

What needs improvement?

Performance could be better. We have a couple of problems with CyberArk right now. One of the problems is performance in our environment. Support also takes a long time to respond.

If the user already has local admin rights, then I can't collect any events in the console from this device. There are also some options in CyberArk that are not working properly, and are not helpful in this case. 

I can't collect any information to create a proper policy for the device. I have to investigate everything manually, or even disable the local admin from the device. I can collect the events only after this, and it's very time consuming. In my case, it's a waste of resources.

For how long have I used the solution?

I have been dealing CyberArk Endpoint Privilege Manager for about one year.

What do I think about the stability of the solution?

It's not a stable solution because you have to restart the server once a week. However, we didn't experience any problems on the end-user computers, only with the servers. 

What do I think about the scalability of the solution?

The solution is scalable, but it requires a lot of work. We have tens of thousands of devices. Overall, it's nearly applied on every device. But when we're talking about something like 30,000 devices, it's hard to manage. 

When it comes to the global configuration, we are right now in the deployment stage, and it will take a lot of time. It also takes a lot of work from our side to implement it appropriately. It's not as easy as just installing it, and it works. It has to be done step by step.

How are customer service and technical support?

I'm not satisfied with technical support. In my previous experience, we were waiting a couple of days for their response. We're having this problem for a couple of months now, and the problem is still not solved. You also need some training to create a support ticket, and I have to pay for this. From my perspective, this is like stealing.

How was the initial setup?

The initial setup depends on the configuration you want. CyberArk is pretty flexible, so you can do it around multiple configurations. If you want to get your environment in a pretty simple setup, then it's quite easy. If you want to do much more, then there's a lot to work on. But overall, it's pretty easy to manage.

What's my experience with pricing, setup cost, and licensing?

Pricing depends on how many devices you use. Right now, on-premise, it costs us a little, but it's worth it. It seems like the cloud solution is much more expensive. We got this solution one year ago, and it's like we bought the solution, and now they are not going to support it on-premise anymore. We are in the implementation phase, and we missed this, and we already paid for the licenses. This is wasted time from my perspective, and CyberArk should be more customer-friendly.

What other advice do I have?

I would advise poential users to instantly look for a solution in the cloud if they want to go with CyberArk. Don't get the on-premise version.

I'm not satisfied with the EPM, and I'm just looking to see if there's any other solution that we can get. This is also because CyberArk is ending support for on-premise solutions in 2023. So, in our case, we will have to move to the cloud, and the cloud is much more expensive than just using the solution we have right now.

On a scale from one to ten, I would give CyberArk Endpoint Privilege Manager a six.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about CyberArk Endpoint Privilege Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,136 professionals have used our research since 2012.
PS
Enterprise Architect at a tech services company with 11-50 employees
Real User
Top 10
Supports dynamically-generated keys, it's stable, and has automatic lifecylce management

Pros and Cons

  • "The most valuable feature is that it does lifecycle management and that it will change to whatever the end target is."
  • "It's an old product and has many areas that can be improved."

What is our primary use case?

Because we are dealing with personal health information, we have had to setup up a security broker for admin access in and out of the accounts.

They wanted to have a break-glass solution in case there was a problem with the multi-factor authentication or any other issues.

We chose to use CyberArk for their failover abilities. If the Multi-factor authentication fails then you can still log in and it has a second factor that authenticates.  

It gives them the break glass option that they needed.

What is most valuable?

The most valuable feature is that it does lifecycle management and that it will change to whatever the end target is. For example, you can go into Azure AD, a backup directory, or a set of Google cloud platforms.

It will do lifecycle management on the keys. It makes it so that you won't have to ever have a standard key. 

It's generating dynamically keys and you can enforce policy easier.

As you start adjusting your key lengths and everything further, you can adjust them all in a single day.

What needs improvement?

It's an old product and has many areas that can be improved.

They are having to purchase Centrify to get a Linux client session that is authenticated against Active Directory. 

If you wanted to log in and use your ID credentials into Linux boxes, the solution that worked was not CyberArk, it was Centrify. They had to purchase two different products to do the same thing.

The interface is not great, but good.

In the next release, I would like to see a Linux Client added.

For how long have I used the solution?

I have been using CyberArk Endpoint Privilege Manager, since the early 2000s.

We are using the latest version.

What do I think about the stability of the solution?

It's a stable solution.

What do I think about the scalability of the solution?

CyberArk Endpoint Privilege Management is scalable.

We have 1200 users in our organization.

How are customer service and technical support?

Technical support is fine, they are better than what they used to be.

How was the initial setup?

The initial setup is complex because you are dealing with federated credentials across multiple authentication protocols.

What about the implementation team?

We did not use a vendor or reseller. I am there as a consultant.

What's my experience with pricing, setup cost, and licensing?

I think that it was in the range of $200,000  that had to get approved. That may have been for the whole three to five years for the project length.

What other advice do I have?

I basically am trying to drive their digital transformation and do the overall build a mass data network for their data strategy. Building out different APIs and different things. 

Building out a blockchain security framework to allow HIPAA compliance where you can go in at the portability of their data to pull in and out without creating an issue with the payers.

I would recommend this solution depending on what the business needs are. I'm a big proponent for keeping things simple and trying to avoid unneeded complexity.

The company demanded certain things and only wanted to do it one way, and the way they wanted to do is what we got stuck with.

The API mobilities are there, they exist and they are okay, but as a framework and in total is worrisome because it's not a stateless application.

It doesn't appear to be moving forward. It's still a type of software-oriented architecture instead of moving to microservices, where it could be stateless. If it were stateless, and it failed during a password change, you would see it as a failure and go back to the original password.

I think that they have a lot of work to do to get there.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ED
Network Security & Data Management Admin at Digitaltrack
Reseller
Top 10
Review about CyberArk Endpoint Privilege Manager

Pros and Cons

  • "The department management aspect of the solution is the most valuable aspect."
  • "Technical support is slow to respond when we run into issues."

What is our primary use case?

We are implementing this product to control the Privilege account. For example, from a Cyber Privilege account, we just want to know what the user is doing and how to control it. We use it for security and monitoring.

What is most valuable?

The department management aspect of the solution is the most valuable aspect. 

The screen the color options are very good. 

The solution does a good job of assisting with the monitoring of users. 

Basic integrations of users are very straightforward. It's easy to assign them the rules, et cetera.

What needs improvement?

Technical support is slow to respond when we run into issues.

We haven't really faced too many issues so far. There are some small issues here and there, however, it hasn't been anything major.

We've faced some delays in tax reporting.

When you're trying to integrate the other products, there are some workarounds which we have to do. We'd like the integration of security to be easier. 

We expected it to be very easy for the people who are deploying and managing the product, however, that isn't necessarily the case.

For how long have I used the solution?

We've only been dealing with the solution for about a year or so. It's a somewhat recent addition to the company.

What do I think about the stability of the solution?

The product has a very stable history. I've not heard of any issues. There doesn't seem to be problems with bugs or glitches. It doesn't crash or freeze. Any issue we've had has been extremely minor. It's reliable.

What do I think about the scalability of the solution?

The solution is scalable, even though we have had some difficulties here and there. We had a client who purchased an extra 50 licenses and we faced some complications around that, however, it did end up working out just fine in the end. 

How are customer service and technical support?

Technical support does not cause us issues. They are supporting us just fine. Presently, they are very good. 

That said, reaching them is a bit of a problem. It's complicated. It can take a lot of time. I don't know where the delay is happening, or why, yet, often, when we reach out, we have trouble. 

Otherwise, they are very good and very capable. We are mostly satisfied with their level of support.

How was the initial setup?

I did not handle the installation myself. I have done one recently, however, I did it with the assistance of our distributor. As I've only ever done one implementation personally, it's hard to comment on the process. I'm still quite new to it. 

What about the implementation team?

We can implement the solution for our clients. I myself have recently handled my first implementation, and I did that with the help of our distributor.

What's my experience with pricing, setup cost, and licensing?

I'm more on the technical side. I don't typically deal with the pricing of products. I can't speak to the licensing, how it works, or how much it costs. That's handled by a different team. 

Which other solutions did I evaluate?

We have tried other products. We have tried, for example, BeyondTrust, and the MicroFocus Time Solution. However, neither was what we expected and therefore we need up coming back to CyberArk. 

What other advice do I have?

We are resellers and an implementor of the solution.

I'd rate the solution at a nine out of ten.

Product-wise we don't face that many issues, and basic integration of users and assigning them the rules and other stuff like that is, compared to other options, very straightforward. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate
Buyer's Guide
Download our free CyberArk Endpoint Privilege Manager Report and get advice and tips from experienced pros sharing their opinions.