We just raised a $30M Series A: Read our story

CyberArk Enterprise Password Vault OverviewUNIXBusinessApplication

CyberArk Enterprise Password Vault is the #2 ranked solution in our list of top Enterprise Password Managers. It is most often compared to HashiCorp Vault: CyberArk Enterprise Password Vault vs HashiCorp Vault

What is CyberArk Enterprise Password Vault?

CyberArk Enterprise Password Vault, a component of the CyberArk Privileged Access Manager Solution, is designed to discover, secure, rotate and control access to privileged account passwords used to access systems throughout the enterprise IT environment. The solution enables organizations to understand the scope of their privileged account risks and put controls in place to mitigate those risks. Flexible policies enable organizations to enforce granular privileged access controls, automate workflows and rotate passwords at a regular cadence without requiring manual IT effort. To demonstrate compliance, organizations can easily report on which users accessed what privileged accounts, when and why.

CyberArk Enterprise Password Vault Buyer's Guide

Download the CyberArk Enterprise Password Vault Buyer's Guide including reviews and more. Updated: October 2021

CyberArk Enterprise Password Vault Customers

AstraZeneca, Time, DBS, Novartis, Motorola, BT, pwc, Braun, Deloitte, Williams, Revlon, Belgacom, Barclays

Archived CyberArk Enterprise Password Vault Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
it_user887514
User at a pharma/biotech company with 5,001-10,000 employees
Real User
Passwords are given out on a case by case basis so users don't need to worry about password sharing

Pros and Cons

  • "Thus far I can say technical support is excellent. We haven't had any issues or difficulties."
  • "To get it to a ten it should give other possibilities to select if you could follow the keystrokes. It should have a flexibility with things where people can use it a lot faster."

What is our primary use case?

Our primary use case of this solution is for elevated access.

How has it helped my organization?

The primary improvement to my organization is the fact that now the users are aware that: one, the work that they do will be recorded and so there will be an audit trail of what has happened; and then, two, we don't have to worry about people sharing passwords because they are given out on a case by case basis.

What is most valuable?

  • Session recording 
  • Password rotation

What needs improvement?

Some folks would like to have keystroke tracking and some would not. I guess if they could make that an option that might be interesting for certain organizations.

For how long have I used the solution?

One to three years.

What do I think about the scalability of the solution?

Scalability and stability are both excellent. We have around 250 users. All individuals with privilege to elevated access will be required to use this after a certain amount of time.

How are customer service and technical support?

Thus far technical support is excellent. We haven't had any issues or difficulties.

How was the initial setup?

The initial setup was pretty straightforward. Deployment took approximately six months. For the deployment, there was a group of about five to six individuals. For sustainment, we just have gotten into a training mode and we will have our support team giving them assistance.

What other advice do I have?

I would rate this solution a 9.5 out of ten. To get it to a ten it should give other possibilities to select if you could follow the keystrokes. It should have a flexibility with things in which people can use it a lot faster.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DanHines
Technologist - Specialty in Identity and Access Management at Sears Technology Services Incorporated
Real User
The DNA scan is very helpful and provides a security baseline for your environment

What is our primary use case?

  • This product provides accountability and audit trails for privileged account access. 
  • Automatic password rotation every 24 hours to adhere to our internal compliance guidelines.

How has it helped my organization?

  • It helped us in SOX, PCI, PII and HIPAA compliance. 
  • Accountability, as far as knowing who has access to what.

What is most valuable?

  • Reporting and PSM I feel are the two biggest points for us. We provide our audit team with failed password reporting, safe membership, and privileged account inventory reporting.
  • The DNA scan is very helpful and provides a security baseline for your environment. I highly recommend running a DNA scan on your environment.

What needs improvement?

  • Implementation documentation could use some improvement in a few areas. LDAP integration would be one area.
  • Providing a way to group accounts by application would be nice.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about CyberArk Enterprise Password Vault. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
540,984 professionals have used our research since 2012.
Kishore  Kumar
SAP CRM /C4C /SAP Hybris at ATOS
MSP
PSM enables after-hours monitoring, and CPM helps keep the password policy up to date

What is our primary use case?

This solution is used for managing all unmanaged and forgotten privileged accounts. DNA tool is amazing, far better than imaginable in previous years.

How has it helped my organization?

We are able to keep an eye on every move made by privileged accounts throughout the enterprises, and with PSM we have monitoring after hours.

What is most valuable?

CPM, which helps keep the password policy up to date. which eventually helps to maintain the GDPR data security requirements for almost every client in Europe and elsewhere. 

What needs improvement?

It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.

For how long have I used the solution?

More than five years.

What is our primary use case?

This solution is used for managing all unmanaged and forgotten privileged accounts. DNA tool is amazing, far better than imaginable in previous years.

How has it helped my organization?

We are able to keep an eye on every move made by privileged accounts throughout the enterprises, and with PSM we have monitoring after hours.

What is most valuable?

CPM, which helps keep the password policy up to date. which eventually helps to maintain the GDPR data security requirements for almost every client in Europe and elsewhere. 

What needs improvement?

It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user789450
User at a energy/utilities company with 1,001-5,000 employees
User
The ability to write your own connectors and plugins is invaluable as far as flexibility goes

What is our primary use case?

Vaulting of privileged credentials.  Used as a jump host solution.  We wanted to keep passwords from being exposed to end users and connect them seamlessly to their target devices.

How has it helped my organization?

Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened.

What is most valuable?

The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.

What needs improvement?

Enhanced PSM support for Java based applications. Easier to use bulk uploader tools (which are already being worked on).

For how long have I used the solution?

One to three years.

What is our primary use case?

  • Vaulting of privileged credentials. 
  • Used as a jump host solution. 
  • We wanted to keep passwords from being exposed to end users and connect them seamlessly to their target devices.

How has it helped my organization?

Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened.

What is most valuable?

The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.

What needs improvement?

  • Enhanced PSM support for Java based applications.
  • Easier to use bulk uploader tools (which are already being worked on).

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user531600
Advanced CyberArk Specialist at a tech services company with 1,001-5,000 employees
Consultant
Secured vault storage provides the capabilities for structuring and accessing data.

What is most valuable?

The secured vault storage offers great capabilities for structuring and accessing data.
Central Password Manager is useful for agentless automated password management on endpoints.

Privileged Session Manager is good for provisioning, securing, and recording sessions to the endpoints.

How has it helped my organization?

CyberArk provided an audit trail for all account operations, including session recordings for all activities performed with high privilege accounts. It also gave us the ability to define various access controls per group, enabling us to differentiate between internal and external IT staff accessing the accounts.

What needs improvement?

The product documentation could be a little more precise in certain aspects with clearer explanations for functionality limitations. New functionalities or discovered bugs take a little longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.

For how long have I used the solution?

I have been working with CyberArk solutions for 7 years already.

I was involved in many implementations, proofs of concept, operational and development activities. I have worked with or test all CyberArk releases since version 5.5.

What do I think about the stability of the solution?

Unfortunately, I did have some problems with stability caused by not following the recommended configurations. But the recommended configurations are very strict, and it is not always possible to implement in a corporate infrastructure. Interference with other applications can also cause problems with CyberArk components.

What do I think about the scalability of the solution?

We did not have any problems with scalability. Each component of the solution is highly scalable and enables us to quickly increase capacity.

How are customer service and technical support?

Customer Service:

Customer service is very responsive and they are willing to help you with any deployment decisions, production issues or just various questions you might have.

Technical Support:

The technical support was great. They were very responsive and eager to help. We were able to have professional communication and the involvement of all levels of technical personnel as needed.

Which solution did I use previously and why did I switch?

I used another solution before CyberArk and its limited functionalities were the main reason for switching. We chose CyberArk because of its great functionalities, the ability to be deployed granularly at a different scale for each function, and the ability to be deployed in a distributed infrastructure.

How was the initial setup?

The initial setup is straightforward if you prepare for it properly and test the major functionalities using the configurations that you’ll actually require before you use it in a production deployment.

CyberArk documentation contains a lot of information, so the hardest part is to choose the right setup and deployment strategy.

What's my experience with pricing, setup cost, and licensing?

Plan ahead regarding the licensing costs. You can get a better prices per license as the number of licenses increases. CyberArk is open to providing a test license so you can test any particular functionalities prior to buying the real license.

Which other solutions did I evaluate?

We evaluated ObserveIT and IBM’s Privileged Identity Manager solution, which was still under development back in the times. We chose CyberArk because of its flexible installations, so that it was able to cover most of the deployment scenarios we required.

What other advice do I have?

Study and test it first, before going wild in the production.

It is very easy to create a disaster in production with even the smallest changes.
CyberArk has great resiliency capabilities; use them wherever you can.

Disclosure: My company has a business relationship with this vendor other than being a customer: My current company is a partner with CyberArk for selling the product as a service.
it_user529902
Network Security Consultant at a comms service provider with 501-1,000 employees
Vendor
Session recording is a valuable feature. Better documentation of error codes would be helpful.

What is most valuable?

Session recording Password and access management

How has it helped my organization?

Increased security and visibility

What needs improvement?

Error messages are useless; better documentation of error codes would be helpful.

For how long have I used the solution?

I have used it for two years.

What do I think about the stability of the solution?

I encountered stability issues.

What do I think about the scalability of the solution?

I have not encountered any scalability issues.

How are customer service and technical support?

Due to meaningless error messages, it is not possible to repair non-trivial errors without support. However, with support, we solved every problem.

Which solution did I use previously and why did I switch?

I did not…

What is most valuable?

How has it helped my organization?

  • Increased security and visibility

What needs improvement?

Error messages are useless; better documentation of error codes would be helpful.

For how long have I used the solution?

I have used it for two years.

What do I think about the stability of the solution?

I encountered stability issues.

What do I think about the scalability of the solution?

I have not encountered any scalability issues.

How are customer service and technical support?

Due to meaningless error messages, it is not possible to repair non-trivial errors without support. However, with support, we solved every problem.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

You have to exactly follow the installation manual; otherwise, installation can crash with a non-solvable error.

Which other solutions did I evaluate?

Before choosing this product, I evaluated BalaBit and ObserveIT.

What other advice do I have?

You have to exactly follow the installation manual.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ashish Khanal
Identity and Access Management Consultant at a tech services company with 10,001+ employees
Real User
With the PSM connect option, authorized users do not need passwords to open a session. The user experience needs to be improved.

What is most valuable?

The features that I value most are the PSM connect option, where an authorized user doesn't even require a password to open a session to perform their role. Another feature that I think is really valuable is being able to monitor a user's activity; there is always a log recording activities performed by the privileged accounts in CyberArk.

How has it helped my organization?

This tool has definitely helped us manage all the privilege accounts, which mostly have access to the organization's crown-jewel data. Additionally, having a monitoring system puts extra visibility on these account's activities, so any irregular activity is highlighted and quickly escalated.

What needs improvement?

I think there can be improvement in providing information on how to develop connectors for various applications’ APIs.

Additionally, I think the user experience needs to improve. It's not very intuitive at the moment. An account could be more descriptive, and could have more attributes based on its functionality.

For how long have I used the solution?

I have used the product for almost a year. I have been part of the implementation project and post-release, supported account onboarding.

What do I think about the stability of the solution?

For the most part, there weren't many stability issue. Usually the issue persisted with system/application accounts, with the API and the object ref ID not being in sync.

What do I think about the scalability of the solution?

I didn't feel there were any scalability issues.

How are customer service and technical support?

Although I was part of business side of the team, and I only had interaction with internal engineering team, I found the internal engineering team very helpful and knowledgeable about the product and how it worked.

Which solution did I use previously and why did I switch?

We previously used a different solution, and then we updated it; we did not switch.

Which other solutions did I evaluate?

I am unable to comment on this, as I was not part of product evaluation team.

What other advice do I have?

My advice is that this tool does what it advertises. If your business/organization has crown-jewel data, this is the tool to use.

From a security standpoint, I find the tool very reliable and innovative. However, it could improve the user experience and become more intuitive. When the user experience becomes more intuitive, then I am willing to rate the product even higher.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user528927
Owner at a tech consulting company with 51-200 employees
Consultant
You can control password management. It provides flexibility and security.

What is most valuable?

Auditing and control are the most valuable. You can control password management almost to the max, giving you, your users and your auditors great flexibility without compromising security.

The auditing and control is more valuable to the enterprise than to myself. Apparently one of the overseas offices was able to track and identify misuse of a privileged account. In addition, it is heavily used during the periodic user/account recertification process.

How has it helped my organization?

Recertification of accounts and users, whereas previously 100s of accounts reside on devices, targets, applications, etc., now, due to using the vault and recertification, owners are in total control of their accounts and usage. Dual control forces owners to approve access to their safes and usage of passwords. The number of audit points regarding rogue accounts is falling dramatically.

What needs improvement?

Small things such as resizing pop-ups but mainly the reporting possibilities: These are quite poor in my honest opinion. If you really want custom reports you actually need to export data to an Access database and create your own queries and reports. The default reports are just that.

The reporting functionality is currently limited to default reports, listings and overviews. For more detailed and in-depth reports, you need to export the data to an external app such as Access or MS SQL. For example, if you need a report listing all safes, owners, members and accounts (like we do), you need to create a bespoke report. Ideally, in 2016, perhaps a graphic drag & drop reporting interface would be ideal.

For how long have I used the solution?

I have been using the product now for a little over four years from the support side.

What do I think about the stability of the solution?

No stability issues at all; we have a 24/7 standby and have yet to be called out on issues other than locked accounts. These are almost always user-related. We have had no downtime other than planned DR tests.

What do I think about the scalability of the solution?

I have not encountered any scalability issues; we have actually scaled down since the new releases. Where previously we had CPMs & PVWAs throughout the world, we now have load-balanced CPMs and PVWAs in just two locations.

How are customer service and technical support?

It can take time before you get a solution. Frequently, we have already solved it ourselves. CyberArk is re-arranging its support teams to improve communication with clients and to resolve cases quicker. As there is a release every six months, this might prove to be a challenge.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

The vaults are installed on dedicated servers and subsequently hardened in their own dedicated workgroup. In our organization, there was a heavy battle with Server Support, who refused the workgroup setup and demanded that the servers join a/the domain. Do not agree! The servers have to be separate from the general server population and have nothing installed except the vault. Nothing has access, so no MS updates, AV software, etc. It took a while to convince them.

Which other solutions did I evaluate?

Before choosing this product, I did not evaluate other options.

What other advice do I have?

Do not take it lightly. It takes a lot of hard work to analyse and implement. Involve the entire organization from the start. As you will be working with security teams, you might encounter a certain level of distrust (you are in their domain right?). Involve them, liaise frequently and get everyone onboard.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user506925
Senior Consultant (CyberArk) at a financial services firm with 10,001+ employees
Vendor
The Enterprise Password Vault protects privileged IDs within a secure digital vault.

What is most valuable?

EPV (Enterprise Password Vault) is the most valuable feature of the product to me. It is the core of the product, where it stores the passwords it needs to protect. It protects privileged IDs within a secure digital vault.

What needs improvement?

User friendliness and reporting: While the PVWA (Password Vault Web Access) provides a web console for the end user and administrator to access the solution, there is room for improvement. (E.g.: show tips when the mouse hovers over.) Reportingprovides very detailed information; however, it requires customization before it is presentable.

For how long have I used the solution?

I first got introduced to CyberArk around 2012.

What do I think about the stability of the solution?

No issue with stability. The solution provides an HA option.

What do I think about the scalability of the solution?

I would say there are scalability issues. After the solution is deployed, resizing it is difficult. Therefore, proper sizing at the planning stage is important.

How are customer service and technical support?

Technical support is excellent; one of the most knowledgeable and well-trained support staff.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was complex. A typical deployment will require at least two months of full-time planning. In a large deployment, it can be over six months.

Which other solutions did I evaluate?

Before choosing this product, I did not evaluate other options.

What other advice do I have?

A well-trained and experienced deployment team is critical. Sizing, safe design, and access management need to be discussed beforehand.

reason for not being a 10 is, there is always rooms for improvements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free CyberArk Enterprise Password Vault Report and get advice and tips from experienced pros sharing their opinions.