We just raised a $30M Series A: Read our story

CyberArk Enterprise Password Vault OverviewUNIXBusinessApplication

CyberArk Enterprise Password Vault is the #2 ranked solution in our list of top Enterprise Password Managers. It is most often compared to HashiCorp Vault: CyberArk Enterprise Password Vault vs HashiCorp Vault

What is CyberArk Enterprise Password Vault?

CyberArk Enterprise Password Vault, a component of the CyberArk Privileged Access Manager Solution, is designed to discover, secure, rotate and control access to privileged account passwords used to access systems throughout the enterprise IT environment. The solution enables organizations to understand the scope of their privileged account risks and put controls in place to mitigate those risks. Flexible policies enable organizations to enforce granular privileged access controls, automate workflows and rotate passwords at a regular cadence without requiring manual IT effort. To demonstrate compliance, organizations can easily report on which users accessed what privileged accounts, when and why.

CyberArk Enterprise Password Vault Buyer's Guide

Download the CyberArk Enterprise Password Vault Buyer's Guide including reviews and more. Updated: October 2021

CyberArk Enterprise Password Vault Customers

AstraZeneca, Time, DBS, Novartis, Motorola, BT, pwc, Braun, Deloitte, Williams, Revlon, Belgacom, Barclays

Pricing Advice

What users are saying about CyberArk Enterprise Password Vault pricing:
  • "CyberArk is very expensive and there are additional fees for add-ons."
  • "This solution is expensive."
  • "It's per-company, license-based."

CyberArk Enterprise Password Vault Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
GJ
PAM Architect at a tech services company with 11-50 employees
Real User
Top 5Leaderboard
Stable, good support, and secures each password with individual encryption

Pros and Cons

  • "CyberArk probably has probably the best vault on the market because of the multiple layered security and each password getting its own encryption."
  • "CyberArk has two disadvantages; the first is that it's insanely expensive and the other is it's very complex."

What is our primary use case?

I'm an integrator and we identify and provide performance discovery, and we select the best product for our clients.

We have users that are administrators in the environment, and we convert them into a shared account model. Many of the organizations have two accounts. One is a regular user account and the other gives them administrative rights.

CyberArk allows for a higher degree of segregation of duties, although CyberArk itself doesn't do that. You have to have knowledge of role-based access control and least privilege principles. It supports it, but you have to implement it.

There is also service recording, service accounts on Windows Systems, and Linux systems, to rotate their passwords.

You will find service accounts with passwords that are 5,000 to 8,000 days old, but not with CyberArk. It creates a very strong service to prevent attacks. 

When passwords don't change it makes them very vulnerable and allows attackers significant lateral mobility within an organization. It gives them the necessary time to scout the environment and choose what their attack will be, whether it's going to be a ransomware attack or a data exfiltration attack or if it's going to go in to cause defamation to the company like creating a denial of service to clients. Also, hacking their Facebook page or their Twitter page are common attacks.

What is most valuable?

CyberArk probably has probably the best vault on the market because of the multiple layered security and each password getting its own encryption. Each password gets individual encryption. By the time you are able to crack one of the passwords, it's already been changed a dozen times.

The attack surface on a CyberArk Vault is very nominal and in addition, CyberArk also has its own on-staff hackers where companies actually hire them to perform penetration testing, but within, inside the environment.

What needs improvement?

CyberArk has two disadvantages; the first is that it's insanely expensive and the other is it's very complex. 

That's the downside because CyberArk was not built organically. It was built systematically.

They're not built into the product. You have to shoehorn things in. You have to create programmatic interfaces to make things work, but that's why I said it's the most complex product.

CyberArk is still in the model of managing accounts and passwords. When you're logged in as a domain admin, you're leaving footprints everywhere you go. These footprints can be picked up and replicated. So, I think CyberArk is behind the curve in that area.

Customers are already having an issue with the cost of CyberArk and then you have to add another $100,000.00 to the bill for other application accounts.

I would like to see a more streamlined and built-in programmatic onboarding and offboarding process. Something a little bit less complex than what they're currently doing.

The price is the problem and also the architecture can be daunting because CyberArk really strongly encourages having hardware vaults. Most corporations are totally virtualized.

I use virtualized vaults on everything including the high availability configuration.

For how long have I used the solution?

I started using Cyber-Ark Enterprise Password Vault when they were on version five or six, they are now on 11.5 or 11.6. I have been using this solution for a total of 15 years.

What do I think about the stability of the solution?

CyberArk is very stable.

If there is a problem, or if a problem does occur, unless you know exactly what to do and how to diagnose it, you may not be able to find it because there are so many moving parts. However, a good administrator can usually diagnose a problem fairly rapidly.

They determine the root cause by performing a root cause analysis. Also, you should inform CyberArk because sometimes a fix might be required. CyberArk stopped performing single sign-on.

What do I think about the scalability of the solution?

CyberArk is very scalable. It's one of the things that I love and it's also one of the things that I hate about CyberArk.

For example, it's a standalone vault that is practically uncrackable. If you want to do a password rotation you need to have a central password manager. It's called a CPM.

If you want session recordings you have to have a PSM. They can be run on the same server, but eventually, the performance is going to be an extensive task. 

A CPM is performing verification on passwords continuously, and to start stacking server roles on top of each other. 

If you're a semi-vault in a small environment, with one server running CPM, PSM, and PDWA all on one box, it would be no problem with less than 10 administrators and only 70 servers.

With other small or larger organizations that have hundreds of servers rendering that capability or that flexibility, you would have to have a dedicated CPM and dedicated PDWAs, which is the administrator web interface.

For a medium-sized company where you want to do a session recording for all the administrator access, it will cause a problem. It will require multiple PSM servers and if you don't have a good administrator who documents the build process well, or they don't update it, then the problem shows when you build a new PSM. If they don't add all the applications to it then you're going to get an intermittent error across the low-balanced PFMs, where eight of the ten work, but two of them don't because they didn't install the SFQL agent. It's a very complex program, albeit very scalable.

If you're a multinational corporation, you can have your vault in one location and have PSMs distributed where the systems are in the data centers. Then, the PDWAs and the CPMs would be in the data centers and you would have the PDWAs where the user populations are. Rather than having one single appliance or one single box that does everything, you end up having boxes distributed all over. This means that they have to do synchronization and it works out very well most times.

We have small to large company clients. We have clients that have tens of thousands of administrative accounts and 1000 or so servers, to clients as small as having 70 servers with maybe only 750 to 1500 accounts.

How are customer service and technical support?

Technical support is awesome!

CyberArk has excellent technical support. They may not be timely. They're not quick, but they're great.

I would rate the technical support a ten out of ten.

You have to follow the ticket creation process, which is in your benefit because you need screenshots and logs to be able to diagnose the problem. If you do that, then CyberArk comes back with some incredible support help and in most times it's something that I would have never been able to figure out because the product is very complex and it has a lot of moving parts.

Which solution did I use previously and why did I switch?

I have not used any other solution previously. CyberArk is what I learned first.

How was the initial setup?

The initial setup was very complex. There are a lot of moving parts. The skillsets for some of the advanced features require administrators to know how to program in specific APIs. 

The complexity to implement is very high. On a scale of one to 10, it's a 9.5.

What's my experience with pricing, setup cost, and licensing?

CyberArk is very expensive and there are additional fees for add-ons.

What other advice do I have?

CyberArk Password Vault is probably the top vault on the market and Thycotic would be a close second.

CyberArk is not always suited for our clients but it is the best solution. Eight out of 10 organizations don't implement it. Just because you know CyberArk doesn't mean you understand it.

The SaaS solution is sound but the on-premises is primarily what I have worked on. I am CyberArk certified. When I started off several years ago, I got my CIS as PE. I was put into a security group in EDS. 

Network admins who work for the company have to be administrators, with high skill levels. 

Before implementing CyberArk, I would say do a very aggressive use case creation of everything that you're expecting the vault to do. The security architecture should be able to create high-level bulleted use cases. Security administration should be able to take it down to the next level of detail.

They will have to add Conjure, which is another license for CyberArk.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
BrettZych
Identity and Access Management Advisor at a energy/utilities company with 5,001-10,000 employees
Real User
Improves our ability to control, secure, and manage access across the enterprise

Pros and Cons

  • "Service count rotation is probably one of my favorite features... The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now."
  • "I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access."

How has it helped my organization?

It was originally just a glorified KeePass. We scaled it up to an enterprise-wide solution for all our IT support teams. In that way, it improves our ability to control, secure, and manage access across the enterprise for different support teams, whether it be IAM, Exchange, or server admin. It's been a really fantastic growth opportunity for me and for the company.

What is most valuable?

Service count rotation is probably one of my favorite features. Even though we're not using it right now, we're going to be using it in the future. The ability to automatically rotate any password I need to really helps with the entire enterprise strategy that we're pushing right now.

The solution's ability to manage all our access requirements at scale is interesting, actually. It does everything we need it to, and it's not a tool that I expected we would be using at this scale, as an enterprise-wide client. A little bit of history on that being that when we first started using it, it was a glorified password vault. It was a store. It was KeePass. So we really scaled it up and it's been a really interesting journey.

What needs improvement?

I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access.

What do I think about the stability of the solution?

Lately, due to an upgrade, it hasn't been as stable as we need it to be, but I don't think that's any fault of the product. I think it's the fault of just infrastructure as a whole.

However, in the past, the product has never been down. It's been incredibly stable. And in terms of interface and usage, it's actually been really stable. There haven't been any bugs or glitches or anything of the sort to impede me from doing my job.

What do I think about the scalability of the solution?

I didn't think we'd be here. However, it's incredibly scalable. We are able to use it in two different environments: one is IT and one is OT. And the scalability, as a whole, has been able to translate to an enterprise-wide process, so it's been really great to see. We're hoping that, should we acquire anything or divest something, it would be that easy to actually deal with it in terms of scalability.

How are customer service and technical support?

Technical support has been good, even great. They have come in and assisted us whenever we had issues. If there was ever an outage, they were already on the phone by the time we needed them. They've been doing a great job helping us out so far.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

What was our ROI?

We have seen ROI. Our adoption rate is way up. More teams are involved in using it. That alone stands as a return on investment when we have more adopters, more people using the tool, more people logging into the tool and utilizing its capabilities.

What other advice do I have?

Use the tool, but communicate with your user base. If you're not going to communicate with your user base, then you're dead in the water already. Don't force this on someone. Work with them in order to use it.

The product has delivered innovation with each update. When I first started, we weren't able to run scans and pull service-account information and reset those service accounts at any endpoint. That, as a whole, as I mentioned earlier, was my favorite feature of the product. That innovation alone is probably one of my favorites, and definitely something that deserves praise.

I would rate the product a nine because nobody gets a 10. It's been a fantastic product and it's been easy to use. The training courses involved have been great, so I would rate it a nine.

I wouldn't say CyberArk has been a huge impact on my career, but it's definitely played a role in helping me advance, in terms of being able to communicate with clients, utilizing my skill sets, both the technical and soft-skill use. It's allowed me to really branch out and see my growth through business liaison.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about CyberArk Enterprise Password Vault. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
543,089 professionals have used our research since 2012.
GK
Consultant at a financial services firm with 5,001-10,000 employees
Consultant
Top 20
Stable, secured access solution with good flexibility

Pros and Cons

  • "The most valuable feature is that it is flexible. It has many connectors. that have done well, the EPV and SSH sessions are all being recorded and everything works fine."
  • "In the next release, they could simplify the setup and I would like some tasks added like file sharing. When a client connects to CyberArk and wants to put a file on the server, they cannot."

What is our primary use case?

The primary use case of this solution is for third-party developers that come into our infrastructure from VPN to connect. They are organizations that are outside of our organization.

How has it helped my organization?

Before CyberArk, our developers would connect from the VPN directly to the jump servers to get all of their access. We have removed the jump servers to connect to CyberArk.

The security has improved. We know who is accessing and what they are doing. The access is secure. 

CyberArk has increased our security.

What is most valuable?

The most valuable feature is that it is flexible. It has many connectors. that have done well, the EPV and SSH sessions are all being recorded and everything works fine.

What needs improvement?

This solution does not support the SQL Developer. We have to purchase separately from CyberArk and we have to ask them to develop it.

This solution is a bit complex compared to other solutions. The installation and administration are complex.

Some things can be done through the interface, but the whole installation process and upgrade process can be done with the installation script but it's complex.

This is too complex for some organizations that do not have a large scale.

In the next release, they could simplify the setup and I would like some tasks added like file sharing. When a client connects to CyberArk and wants to put a file on the server, they cannot.

I thought that the client would be able to drop a file onto the server and the file would be visible on the server.

I have to disable the connection to provide a copy and this is a security issue, and I closed this file to the client then he can't upload and files to us.

They need to come up with a way for the client to file share with CyberArk.

For how long have I used the solution?

I have been using this solution for six months.

What do I think about the stability of the solution?

This solution is stable. We have not had any issues.

What do I think about the scalability of the solution?

This solution is scalable but pricey.

There are fifty users and they are developers.

How are customer service and technical support?

I have not contacted technical support. I am not an engineer, I work for the bank and I have implemented this solution.

Which solution did I use previously and why did I switch?

Previously we used Fudo and jump servers with OTP. It is not the same, but from a security perspective, it is also quite good and less expensive.

How was the initial setup?

The initial setup is complex.

You need at least one engineer to manage the software. I must have dedicated people to administer it.

What about the implementation team?

We worked with integrators for the installation. The first step was the installation process and the hardening. This process took two weeks to implement.

The migration process was more complex and more time-consuming.

What's my experience with pricing, setup cost, and licensing?

This solution is expensive.

What other advice do I have?

My advice would be to compare with other products and if they don't want such a large solution they could try Fudo or a similar solution that is easier and can scale like CyberArk.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PG
Technical Lead IMSS at a computer software company with 1,001-5,000 employees
Real User
Top 20
Create, request, access and manage privileged passwords

Pros and Cons

  • "It's highly secure and very flexible. It gives us all types of storage options and it gives us a high level of security."
  • "The only problem involves granting access to people who are authorized to view it."

What is our primary use case?

We use it for storing and rotating passwords.

Within our organization, a lot of people are using this solution for a lot of projects. We have already implemented CyberArk as a SaaS solution. We are not using the core parts, but we are using the software as a service for a project.

At my previous job, there was a team of seven people who were in charge of maintenance. Mostly analysts, senior analysts, and a technical lead used this solution. 

What is most valuable?

It completely depends on the requirement. For some of the RPA robotic types of user identity, we prefer for it to happen in an automatic way, but some of them are highly critical, so we don't do it automatically. As for the end-user experience or expectation, if they want to change it at their end, they can do it.

What needs improvement?

I don't see any problems because it's highly secure and very flexible. It gives us all types of storage options and it gives us a high level of security. From my experience, overall, I don't see many problems that need to be rectified.

The only problem involves granting access to people who are authorized to view it. This user management area is the most critical. We have to constantly check on that area and we have to review and give proper access. Nobody should have more access than they are authorized for.

For how long have I used the solution?

I have been using CyberArk Enterprise Password Vault for eight years.

What do I think about the scalability of the solution?

It's scalable at the component level. If you want to add some of the latest components, or if you want to implement biometrics or MFA, this solution can handle that — it's very easy to implement.

How are customer service and technical support?

The tech support is amazing. If you have any issues that you need help with, the CyberArk support team reaches out very quickly, depending on the criticality of the issue. If it's critical, they will reach out to you within hours.

The vendor support is really good.

How was the initial setup?

The initial setup is quite straightforward. These days they have an automatic script — It is much less time-consuming.

We used to do it manually which would take almost two to three hours in total.

What about the implementation team?

We did it in-house. I'm certified in CyberArk; I've also installed it for clients as well.

What's my experience with pricing, setup cost, and licensing?

The licensing plan is either six months or one year — it's not on a monthly basis.

Every company will have a different license fee, but ultimately, it comes down to how many users you want to manage and how many companies you want to support. If you want three CPMs, then you'll need licensing for three. It's per-company, license-based.

Which other solutions did I evaluate?

I am currently evaluating other solutions. A few of them do not support PTA. Some of them don't have DevOps properly managed. Others don't give you the DNE facility, which is free of charge with CyberArk.

What other advice do I have?

I would definitely recommend CyberArk Enterprise Password Vault.

On a scale from one to ten, I would give this solution a rating of eight.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
IkedeEbhole
Pre-sales Engineer at StarLink - Trusted Security Advisor
Real User
Top 20
Storing User Passwords and Credentials, Facilitates auditing by recording activity

Pros and Cons

  • "The most valuable feature is the special management. It records the activity and the actions that we use for auditing."
  • "The stability depends on the infrastructure it is installed on, which is important because CyberArk does not have the hardware appliance."

What is our primary use case?

The primary use case is for storing user passwords and administration credentials.

I am the engineer for a company that sells this solution mostly to financial institutions. 

It is also useful for auditing and securing shared accounts or co-shared accounts.

What is most valuable?

The most valuable feature is the special management. It records the activity and the actions that we use for auditing.

What needs improvement?

The deployment architecture, the ability to locate and change credentials and the stability need to be improved. They need to install or include an appliance-based option, which CyberArk does not have.

The technical support can improve on the time that it takes to get a callback.

The integration is great but needs to be a bit more user-friendly.

Also, a feature with the ability to create password sync.

In the next release, I would like to see the following:

  • Availability on the cloud and the appliance.
  • More documentation for the setup. 
  • Simplify the deployment.
  • Continuous operation with this solution.
  • Simplify the infrastructure for better stability.
  • Increase the support for applications.
  • Invest in local on the ground staff in various regions.
  • The ability to search by the activities, especially for Windows Servers.
  • Improve the auditing capabilities for their searches.

For how long have I used the solution?

I have been using this solution for three years.

What do I think about the stability of the solution?

The stability depends on the infrastructure it is installed on, which is important because CyberArk does not have the hardware appliance.

What do I think about the scalability of the solution?

This solution is scalable. It scales very well, there are no issues.

How are customer service and technical support?

The technical support is good, there are no issues.

They know what to do when you call them, they are competent.

Sometimes they can take too long before getting back to you, which is something that can be improved.

Which solution did I use previously and why did I switch?

Previously I was using Centrify and One Identity. We switched because CyberArk has a lot of strength in my region. Some partners do not want to deploy CyberArk to their customers because they feel it will create competition when it comes to renewal. They don't want the price to be affected.

How was the initial setup?

The initial setup is complex. The architecture needs improvement in the documentation for the setup and the manageability.

If you have everything provided for you, it can take three to four hours to deploy this solution.

What's my experience with pricing, setup cost, and licensing?

I think that it might be cheaper than the other competitors in our region.

What other advice do I have?

I have learned that the deployment can be tricky. Always plan your deployment in phases.

Don't unload all of your privilege credentials at once, otherwise, you have an issue with the passwords. 

Always, have help available on standby when you are deploying this solution to prevent issues.

This solution is quite efficient. You don't always have to have your applications. If you are encrypting the server, you don't need the applications. You are required to do it on your workstation. The server will deliver that to you from the managing pack when you try to implement the sessions.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
VS
Director at a tech services company with 11-50 employees
Reseller
Top 5Leaderboard
Every aspect of the solution is very well integrated and it is fail-safe

Pros and Cons

  • "Every aspect of the solution is very well integrated, and even that gives comfort. It is a fail-safe kind of environment."
  • "Having a cloud version would be very helpful. You have to invest a lot of money for the infrastructure hardware so the cloud version would help."

What is our primary use case?

There are threats that get opened because of the vulnerability of privileged access that says to directly put it in a vault.

What is most valuable?

Every aspect of the solution is very well integrated, and that gives comfort. It is a fail-safe kind of environment. I think that's the fail-safe feature makes customers comfortable because there are no non-integrable stuff or cures. For example, a vault would have its own anti-virus,  its own application, its own operating system to stay hardened. It is absolutely hardened for it to be protected from the outside world.

What needs improvement?

Having a cloud version would be very helpful. You have to invest a lot of money for the infrastructure hardware so the cloud version would help.

For how long have I used the solution?

My organization has been using this solution for a few years but I joined the company three months back.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

Our clients are large enterprises. It is easy to scale.

How are customer service and technical support?

Our customers contact us for any technical support, but we are able to sort out customer issues to a very large extent. We only had to connect with CyberArk at L-3 level or L-4 level. We are able to address most of our customer's issues. 

I would rate their support a nine out of ten. 

Which solution did I use previously and why did I switch?

We have had customers use a competitive product that CyberArk has replaced but it is not very common. It is not very easy to change your Privileged Access Management framework so easily.

CyberArk is fail-safe, it has a threat intelligence filter, and prevention threat attacks. That sets the product apart from others, and I think the other part is their ability to onboard a maximum number of resources like storage network, security, IoT devices, and RPAs. Its ability to pervasively onboard almost all critical privileges and resources across the organization is where it stands out in a really big way.

How was the initial setup?

I didn't implement it. I don't believe we've had any problems implementing it. I've never heard any issues. I'd say it's neutral.

What's my experience with pricing, setup cost, and licensing?

There are costs in addition to the standard licensing. There is an implementation fee. Those are additional fees and the customer has the annual maintenance, the software, and whole maintenance cost added to that. So there are additional costs besides this standard license.

What other advice do I have?

The most important phase is the discovery phase. Pay the most attention to that. Spend the most amount of time on the discovery phase, which is really the startup planning. The project becomes smoother. Book stricter guidelines on timelines and let there be a senior sponsor part of the project so that you are able to get milestones addressed quickly otherwise, these projects tend to drag longer.

In the next release, I would like to have the cloud option and all of the features that come with it. 

I would rate CyberArk a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
FabioPericoli
Director / Engineer at Provincia
Real User
Top 5Leaderboard
Enables users to connect to a target machine without the need to know the privileged accounts' password

Pros and Cons

  • "Our most valuable features would probably be key rotation, the SKM or SSH key manager, and account discovery."
  • "I think they can improve account onboarding. For instance, you have to use the Password Vault utility, whereas in Thycotic I think there is a feature in the user interface that allows you to upload your account with an Excel file. So I'd like to have a similar thing in CyberArk."

What is our primary use case?

I have worked as a CyberArk SME, team leader, project manager in the financial industry. I've managed both the implementation and configuration of enterprise CyberArk infrastructures.

How has it helped my organization?

As an end-user within the organization, I can't and I don't need to know the passwords of privileged accounts as CyberArk is taking care of the password/SSH Keys management on the target machines. The solution provides this security without changing the end-user experience because they are able to use the end-user tool like putty or remote desktop connection even without passing through the CyberArk interface

What is most valuable?

Our most valuable features would probably be password/key rotation, the SSH key manager, account discovery and quality of video recordings.

What needs improvement?

I think they can add a new feature for the account onboarding like I've seen for another PAM tool: for instance they should give to the CyberArk administrator the chance to upload the accounts via the PVWA using a txt or an xls file.

For how long have I used the solution?

We've been using this solution for five years.

How was the initial setup?

If you don't know the product well, it might not be easy to set up, because CyberArk has several modules. You need to study it before to start to implement this solution. It's not like other PAM tools e.g.Thycotic, which is easy to set up, as it's just a web server with a database.

The deployment itself can take between one and two work weeks. The project, or configuration documents, however, must take more time. You cannot think about the infrastructure in one week. You have to prepare all the documents, understand the infrastructure you want, etc. It's the project management that takes more time.

What other advice do I have?

You have to analyze the target hosts that you have in your organization and understand what is the scope of your project. You have to make a very clear plan for the project and CyberArk infrastructure sizing. Then you have to do a very good job with the project management and collaborate with the privileged accounts stakeholders. With all that in mind, you can go ahead with CyberArk.

Be careful with the configuration. When you make changes and so on, be very careful to understand what you are doing. Plan and test what you are doing in a test environment before switching to production.

I would rate CyberArk as nine out of ten. Ten means that it's the best solution on the market and no one else compares to it.  However, before giving them a ten, they should do something related to the Password Vault utility. Maybe they should add some other features too. For me, it is one of the best tools on the market, so nine is enough for now.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
OZ
Lead Systems Architect at IT Specialist LLC
Real User
Top 5
Very good security, good scalability and a recently lowered pricing model

Pros and Cons

  • "Security is the solution's most valuable feature. As far as I know, this solution is the most secure system of this class on the market today, even considering another management system like Fudo Security, which we also use. The integration capabilities are very good; it helps strengthen our overall security."
  • "The solution is too big and complex for any businesses that are small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses."

What is our primary use case?

The primary use case of the solution is to gather privileged accounts from different systems and to contain privileged accounts in one secure place.

What is most valuable?

Security is the solution's most valuable feature. As far as I know, this solution is the most secure system of this class on the market today, even considering another management system like Fudo Security, which we also use. The integration capabilities are very good; it helps strengthen our overall security.

What needs improvement?

The interface and user experience could be improved. In comparison, in Fudo Security, items are very searchable and it's very comfortable to work with. CyberArk is not very good at that. It could be improved and it wouldn't be too complicated to do so. The solution is too big and complex for any business that is small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses.

For how long have I used the solution?

I've been using the solution for five to ten years.

What do I think about the scalability of the solution?

It's an enterprise-level solution. So long as you can afford it, you can scale.

How are customer service and technical support?

I've never had to reach out to technical support.

Which solution did I use previously and why did I switch?

We didn't really use a different solution. We use Fudo Security, but it's not for password management alone. It's more of an all-in-one solution. We still use it; it's cheap and it's a very simple solution in comparison to CyberArk.

How was the initial setup?

The initial setup is okay; I'd rate it seven out of ten in terms of ease of use compared to other solutions.

Many different things during installation are not straightforward. For example, it would be better to make some kind of pre-installed machine or virtual machine or to make it easy to deploy various ISO files. There are competitors that have just one machine and no infrastructure involved. It would also be better if they embedded the license or offered some free options.

Deployment took about a month.

What's my experience with pricing, setup cost, and licensing?

As far as I know, CyberArk changed its pricing policy for our region. Overall it was very expensive a few years ago, but now, just around a year ago, it became less expensive and it's easier for us to sell it.

What other advice do I have?

We use the on-premises deployment model.

In terms of advice, I'd suggest others follow the implementation carefully.

I'd rate the solution eight out of ten. It's not easy to install and it's got too many components which means it's not really suitable for small or medium-sized businesses.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free CyberArk Enterprise Password Vault Report and get advice and tips from experienced pros sharing their opinions.