In terms of improvement, CyberArk Endpoint Privilege Manager can be better by making its UI more consistent. Right now, there is a mix of a new, user-friendly look and an older interface with some functions. This mix can confuse users and affect how smoothly everything works together. Making the interface more uniform would make things easier and more efficient for everyone.

CyberArk is a pretty heavy solution. There are a lot of moving components and a lot of things involved. The architecture itself is pretty heavy. When you look at products like BeyondTrust, it's not as heavy as CyberArk. That's the only thing. 

The setup can be somewhat complex. 

Most of it runs on Windows servers. Maintenance of those Windows servers and all that stuff is what is a little bit challenging.

Technical support could be better.

The solution could improve:

User experience and ease of use: The product needs a streamlined user interface; improvements to the user interface can enhance user experience and make the solution more intuitive to navigate.

Simplified policy configuration: Making the process of creating and managing policies more user-friendly can lead to better adoption and utilization.

Integration and compatibility: Enhanced Integrations, Improving compatibility with a wider range of operating systems, applications, and devices can broaden the solution's scope and effectiveness.

API and automation: Expanding API capabilities allows for more seamless integration into existing security workflows and automation processes.

Threat intelligence and analytics and advanced threat detection: Incorporating more advanced threat detection mechanisms can help in identifying and mitigating potential security breaches.

Analytics and reporting: Robust reporting and analytics features can provide insights into privilege usage, potential vulnerabilities, and overall security posture.

Performance and scalability: Enhancements in performance, such as reduced latency and faster policy enforcement, can contribute to a more efficient endpoint management process. Ensuring the solution can handle a large number of endpoints without sacrificing performance is crucial for enterprises of varying sizes.

We've sent requests to CyberArk for improvement. We've had issues around migration surrounding legacy to cloud ADs. The implementation process wasn't as straightforward as we had hoped. 

They need much better integration with Azure AD. 

It is expensive; however, it does offer good value compared to the competition. 

CyberArk's infrastructure is extensive. A cloud version has been introduced, when it was fully on-premises. You had to set up a separate environment for CyberArk, which incurred significant costs for the customer. Additionally, maintaining the infrastructure required dedicated resources, including on-call support outside of regular hours. If infrastructure went down, it left everyone in a difficult situation.

The product's threat protection and defense capabilities need enhancement. While there have been significant improvements in recent months, there's still a need for better identification and handling of real threats versus false alarms. It would be beneficial if the product could accurately detect and respond to genuine threats without generating false positives. This would allow organizations to rely more confidently on the product as a complete tool for application control and endpoint protection.

CyberArk meets clients' need very spot-on. It covers everything customers ask for.

As for improvements, honestly, the feedback's been really positive. I haven't heard any specific areas that need work.

A major factor for improvement would be the PAS, although they are improving on that part. Basically, the ease of installation and the configurations could be improved upon and are being adjusted. First of all, with a Windows machine, we have to follow very strict procedures for the installation of different components, specifically for Vault. And then you must just keep in mind all the policies that need to be there. In case there is any kind of limitation with respect to any kind of GPO policy being applied, then you have got different issues that you have to deal with it. You have to be very careful and intelligent. Otherwise, the whole platform might come down. They need to add more automation when it comes to onboarding and configurations so that the process is more practical. 

The installation process is pretty difficult. 

It's an expensive product. 

CyberArk Endpoint Privilege Manager is a perfect solution, but CyberArk Endpoint Privilege Manager for Linux has many issues. One issue I observed while using it is that it needs to synchronize from an agent to a cloud because the agent does not update configurations or settings from the cloud. When I change some settings on the cloud, the changes don't synchronize into the system, and the policies won't come back unless I reinstall all the services. This is an area for improvement in CyberArk Endpoint Privilege Manager.

Another area for improvement in CyberArk Endpoint Privilege Manager, specifically for Windows, is that there's no way for you to check credential theft from a text file, such as a notepad file. Suppose I have a text file that contains passwords, for instance. In that case, I'm doing an application configuration that needs a password. CyberArk Endpoint Privilege Manager won't be able to help you locate that file, which means there's still an opportunity for an attacker to look into that text file and steal the passwords.

You can leverage the CyberArk Application Access Manager with CyberArk Endpoint Privilege Manager, but that aspect also needs improvement.

An additional feature I want to see in CyberArk Endpoint Privilege Manager is XDR, where you can trace how an attack can happen on an endpoint, how traffic was initiated, or if a person tried to access your computer and whether he was denied or allowed. CyberArk Endpoint Privilege Manager should be able to track such activities. The solution should allow you to see a specific event ID and use it to correlate whatever activity the malicious person was trying to do.

We'd like the solution to work with AIX operating systems and custom distributions like Linux. 

We would prefer increased stability.

It is hard to deal with technical support if you are not certified. 

The price of the solution should improve.

CyberArk has some performance issues. For example, servers could not handle the solution when we first took CyberArk Endpoint Privilege Manager.

But to solve the problem, I first examine why the services take so much time to install. After that, I look at where we start the services. After that, if we need any patches there, I'll contact CyberArk.

It would be good if, based on an analysis of the user behavior from the logs we collect, we can see if a user has been accessing some other things. We need better reporting tools for those use cases.

It's an old product and has many areas that can be improved.

They are having to purchase Centrify to get a Linux client session that is authenticated against Active Directory. 

If you wanted to log in and use your ID credentials into Linux boxes, the solution that worked was not CyberArk, it was Centrify. They had to purchase two different products to do the same thing.

The interface is not great, but good.

In the next release, I would like to see a Linux Client added.

One area that has room for improvement is in managing the credentials for network devices. The solution works fine for servers running Windows 10, but it's not very functional or smooth in operation for servers running Linux and Unix operating systems. There could also be some improvement in integrating with a number of solutions. Though CyberArk keeps developing, improving, or increasing its integrations with other solutions, it could do better.

I would also like the initial setup to be easier because we have to engage the services of a partner when setting up the solution. Moreover, the documentation for setup is restricted to partners only. You can get training on the administration of the solution, but the setup and getting some support documents are reserved for partners only. If there were a better way to get this information out there or to make it more accessible, that would reduce the complexity of setting up the solution.

The solution can be improved by allowing computers or users to be excluded from policies because we currently can't do that. If you roll out an approach, you can target computers and users and can't exclude end users when targeting computers. So, for example, say you want to exclude administrators from a policy it will apply to everybody.

It cannot be on-prem. It is only cloud-based. Sometimes, that's a restriction in terms of usage.

I want to have the EPM platform on the same platform as PAM. I'd like not to have two different dashboards or two different consoles to manage the endpoint systems. Having a single platform for PAM and for EPM would actually help a lot.

If we look at the Privilege Management Inbox, we get a lot of information on what's happening right then and now. But if we would able to filter it down based on a role group or an AD group to say, "Give me all the actions run by this specific AD group," it would be very easy to scope out access for different roles.

Compared to other tools like Linux, this solution isn't as user-friendly. In the next release, CyberArk should add integration with PAM tools, blacklisting and whitelisting for applications, and adaptive MFA.

Performance could be better. We have a couple of problems with CyberArk right now. One of the problems is performance in our environment. Support also takes a long time to respond.

If the user already has local admin rights, then I can't collect any events in the console from this device. There are also some options in CyberArk that are not working properly, and are not helpful in this case. 

I can't collect any information to create a proper policy for the device. I have to investigate everything manually, or even disable the local admin from the device. I can collect the events only after this, and it's very time consuming. In my case, it's a waste of resources.

CyberArk Endpoint Privilege Manager is not suitable for the current situation because when you compare it to OTP, OTP is the strongest password solution. You can use it as a one-time password, but you have to log into the password manager itself and if you don't change your password, it will be the weakest link in the security. In OTP, you don't have that weakest link.

The price of the product is an area of concern where improvements are required. The product's price should be made more flexible.

The tool's UI could be better and more user-friendly.

The tool should be more user-friendly. 

The solution's pricing could be better.

Technical support is slow to respond when we run into issues.

We haven't really faced too many issues so far. There are some small issues here and there, however, it hasn't been anything major.

We've faced some delays in tax reporting.

When you're trying to integrate the other products, there are some workarounds which we have to do. We'd like the integration of security to be easier. 

We expected it to be very easy for the people who are deploying and managing the product, however, that isn't necessarily the case.

The solution can be complex to use at times.

CyberArk Endpoint Privilege Manager has a lot of integrated APIs. Some of them are outdated and could be improved.

What I would really like to see improved is the AIM (Application Identity Manager). I think that it could be simpler to use, and much more straight forward.

In terms of additional features, I cannot think of any that I would like to see implemented at the moment.

Some technical admins create crazy rules, which allow the staff to run anything they want. Currently I'm reviewing our Viewfinity rules and I have noticed different kinds of rules, such as permitting any installation from "download folder." I would suggest that Viewfinity add a new feature which refuses these rules.