We just raised a $30M Series A: Read our story

CyberArk Enterprise Password Vault OverviewUNIXBusinessApplication

CyberArk Enterprise Password Vault is #2 ranked solution in top Enterprise Password Managers. IT Central Station users give CyberArk Enterprise Password Vault an average rating of 8 out of 10. CyberArk Enterprise Password Vault is most commonly compared to HashiCorp Vault:CyberArk Enterprise Password Vault vs HashiCorp Vault. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
What is CyberArk Enterprise Password Vault?

CyberArk Enterprise Password Vault, a component of the CyberArk Privileged Access Manager Solution, is designed to discover, secure, rotate and control access to privileged account passwords used to access systems throughout the enterprise IT environment. The solution enables organizations to understand the scope of their privileged account risks and put controls in place to mitigate those risks. Flexible policies enable organizations to enforce granular privileged access controls, automate workflows and rotate passwords at a regular cadence without requiring manual IT effort. To demonstrate compliance, organizations can easily report on which users accessed what privileged accounts, when and why.

CyberArk Enterprise Password Vault Buyer's Guide

Download the CyberArk Enterprise Password Vault Buyer's Guide including reviews and more. Updated: November 2021

CyberArk Enterprise Password Vault Customers

AstraZeneca, Time, DBS, Novartis, Motorola, BT, pwc, Braun, Deloitte, Williams, Revlon, Belgacom, Barclays

Archived CyberArk Enterprise Password Vault Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
IkedeEbhole
Pre-sales Engineer at StarLink - Trusted Security Advisor
Real User
Storing User Passwords and Credentials, Facilitates auditing by recording activity

Pros and Cons

  • "The most valuable feature is the special management. It records the activity and the actions that we use for auditing."
  • "The stability depends on the infrastructure it is installed on, which is important because CyberArk does not have the hardware appliance."

What is our primary use case?

The primary use case is for storing user passwords and administration credentials.

I am the engineer for a company that sells this solution mostly to financial institutions. 

It is also useful for auditing and securing shared accounts or co-shared accounts.

What is most valuable?

The most valuable feature is the special management. It records the activity and the actions that we use for auditing.

What needs improvement?

The deployment architecture, the ability to locate and change credentials and the stability need to be improved. They need to install or include an appliance-based option, which CyberArk does not have.

The technical support can improve on the time that it takes to get a callback.

The integration is great but needs to be a bit more user-friendly.

Also, a feature with the ability to create password sync.

In the next release, I would like to see the following:

  • Availability on the cloud and the appliance.
  • More documentation for the setup. 
  • Simplify the deployment.
  • Continuous operation with this solution.
  • Simplify the infrastructure for better stability.
  • Increase the support for applications.
  • Invest in local on the ground staff in various regions.
  • The ability to search by the activities, especially for Windows Servers.
  • Improve the auditing capabilities for their searches.

For how long have I used the solution?

I have been using this solution for three years.

What do I think about the stability of the solution?

The stability depends on the infrastructure it is installed on, which is important because CyberArk does not have the hardware appliance.

What do I think about the scalability of the solution?

This solution is scalable. It scales very well, there are no issues.

How are customer service and technical support?

The technical support is good, there are no issues.

They know what to do when you call them, they are competent.

Sometimes they can take too long before getting back to you, which is something that can be improved.

Which solution did I use previously and why did I switch?

Previously I was using Centrify and One Identity. We switched because CyberArk has a lot of strength in my region. Some partners do not want to deploy CyberArk to their customers because they feel it will create competition when it comes to renewal. They don't want the price to be affected.

How was the initial setup?

The initial setup is complex. The architecture needs improvement in the documentation for the setup and the manageability.

If you have everything provided for you, it can take three to four hours to deploy this solution.

What's my experience with pricing, setup cost, and licensing?

I think that it might be cheaper than the other competitors in our region.

What other advice do I have?

I have learned that the deployment can be tricky. Always plan your deployment in phases.

Don't unload all of your privilege credentials at once, otherwise, you have an issue with the passwords. 

Always, have help available on standby when you are deploying this solution to prevent issues.

This solution is quite efficient. You don't always have to have your applications. If you are encrypting the server, you don't need the applications. You are required to do it on your workstation. The server will deliver that to you from the managing pack when you try to implement the sessions.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
GK
Consultant at a financial services firm with 5,001-10,000 employees
Consultant
Top 20
Stable, secured access solution with good flexibility

Pros and Cons

  • "The most valuable feature is that it is flexible. It has many connectors. that have done well, the EPV and SSH sessions are all being recorded and everything works fine."
  • "In the next release, they could simplify the setup and I would like some tasks added like file sharing. When a client connects to CyberArk and wants to put a file on the server, they cannot."

What is our primary use case?

The primary use case of this solution is for third-party developers that come into our infrastructure from VPN to connect. They are organizations that are outside of our organization.

How has it helped my organization?

Before CyberArk, our developers would connect from the VPN directly to the jump servers to get all of their access. We have removed the jump servers to connect to CyberArk.

The security has improved. We know who is accessing and what they are doing. The access is secure. 

CyberArk has increased our security.

What is most valuable?

The most valuable feature is that it is flexible. It has many connectors. that have done well, the EPV and SSH sessions are all being recorded and everything works fine.

What needs improvement?

This solution does not support the SQL Developer. We have to purchase separately from CyberArk and we have to ask them to develop it.

This solution is a bit complex compared to other solutions. The installation and administration are complex.

Some things can be done through the interface, but the whole installation process and upgrade process can be done with the installation script but it's complex.

This is too complex for some organizations that do not have a large scale.

In the next release, they could simplify the setup and I would like some tasks added like file sharing. When a client connects to CyberArk and wants to put a file on the server, they cannot.

I thought that the client would be able to drop a file onto the server and the file would be visible on the server.

I have to disable the connection to provide a copy and this is a security issue, and I closed this file to the client then he can't upload and files to us.

They need to come up with a way for the client to file share with CyberArk.

For how long have I used the solution?

I have been using this solution for six months.

What do I think about the stability of the solution?

This solution is stable. We have not had any issues.

What do I think about the scalability of the solution?

This solution is scalable but pricey.

There are fifty users and they are developers.

How are customer service and technical support?

I have not contacted technical support. I am not an engineer, I work for the bank and I have implemented this solution.

Which solution did I use previously and why did I switch?

Previously we used Fudo and jump servers with OTP. It is not the same, but from a security perspective, it is also quite good and less expensive.

How was the initial setup?

The initial setup is complex.

You need at least one engineer to manage the software. I must have dedicated people to administer it.

What about the implementation team?

We worked with integrators for the installation. The first step was the installation process and the hardening. This process took two weeks to implement.

The migration process was more complex and more time-consuming.

What's my experience with pricing, setup cost, and licensing?

This solution is expensive.

What other advice do I have?

My advice would be to compare with other products and if they don't want such a large solution they could try Fudo or a similar solution that is easier and can scale like CyberArk.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about CyberArk Enterprise Password Vault. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,136 professionals have used our research since 2012.
MariuszWalo
Presales Engineer/Network Security Technical Consultant at a tech services company with 51-200 employees
Consultant
Top 20
Good integration, excellent session monitoring and very good password protection

Pros and Cons

  • "Session monitoring is excellent. It may be the solution's most valuable aspect."
  • "The initial setup could be simplified. Right now, in comparison to its nearest competitors, it's quite complex."

What is most valuable?

The solution is very complete. It has the most features on the market.

Session monitoring is excellent. It may be the solution's most valuable aspect.

The solution offers very good password protection.

It offers great integration with many products.

What needs improvement?

The initial setup could be simplified. Right now, in comparison to its nearest competitors, it's quite complex.

For how long have I used the solution?

I've been using the solution for one year.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

The solution is easy to scale.

How are customer service and technical support?

I've never had to reach out to technical support.

How was the initial setup?

The initial setup is complex. You need to install many virtual machines. You must do many configurations. It's not just one machine to another; you'll also have to handle the configuration of independent machines as well.

What's my experience with pricing, setup cost, and licensing?

The price is higher than the competition, but if the customer wants the best product for their company, they won't mind the price.

We have a permanent license. Licensing is based on how man users you have, so the pricing varies according to the size of the company.

What other advice do I have?

We're a partner of CyberArk.

I'd rate the solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
FabioPericoli
Director / Engineer at Provincia
Real User
Top 5
Enables users to connect to a target machine without the need to know the privileged accounts' password

Pros and Cons

  • "Our most valuable features would probably be key rotation, the SKM or SSH key manager, and account discovery."
  • "I think they can improve account onboarding. For instance, you have to use the Password Vault utility, whereas in Thycotic I think there is a feature in the user interface that allows you to upload your account with an Excel file. So I'd like to have a similar thing in CyberArk."

What is our primary use case?

I have worked as a CyberArk SME, team leader, project manager in the financial industry. I've managed both the implementation and configuration of enterprise CyberArk infrastructures.

How has it helped my organization?

As an end-user within the organization, I can't and I don't need to know the passwords of privileged accounts as CyberArk is taking care of the password/SSH Keys management on the target machines. The solution provides this security without changing the end-user experience because they are able to use the end-user tool like putty or remote desktop connection even without passing through the CyberArk interface

What is most valuable?

Our most valuable features would probably be password/key rotation, the SSH key manager, account discovery and quality of video recordings.

What needs improvement?

I think they can add a new feature for the account onboarding like I've seen for another PAM tool: for instance they should give to the CyberArk administrator the chance to upload the accounts via the PVWA using a txt or an xls file.

For how long have I used the solution?

We've been using this solution for five years.

How was the initial setup?

If you don't know the product well, it might not be easy to set up, because CyberArk has several modules. You need to study it before to start to implement this solution. It's not like other PAM tools e.g.Thycotic, which is easy to set up, as it's just a web server with a database.

The deployment itself can take between one and two work weeks. The project, or configuration documents, however, must take more time. You cannot think about the infrastructure in one week. You have to prepare all the documents, understand the infrastructure you want, etc. It's the project management that takes more time.

What other advice do I have?

You have to analyze the target hosts that you have in your organization and understand what is the scope of your project. You have to make a very clear plan for the project and CyberArk infrastructure sizing. Then you have to do a very good job with the project management and collaborate with the privileged accounts stakeholders. With all that in mind, you can go ahead with CyberArk.

Be careful with the configuration. When you make changes and so on, be very careful to understand what you are doing. Plan and test what you are doing in a test environment before switching to production.

I would rate CyberArk as nine out of ten. Ten means that it's the best solution on the market and no one else compares to it.  However, before giving them a ten, they should do something related to the Password Vault utility. Maybe they should add some other features too. For me, it is one of the best tools on the market, so nine is enough for now.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
OZ
Lead Systems Architect at IT Specialist LLC
Real User
Top 20
Very good security, good scalability and a recently lowered pricing model

Pros and Cons

  • "Security is the solution's most valuable feature. As far as I know, this solution is the most secure system of this class on the market today, even considering another management system like Fudo Security, which we also use. The integration capabilities are very good; it helps strengthen our overall security."
  • "The solution is too big and complex for any businesses that are small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses."

What is our primary use case?

The primary use case of the solution is to gather privileged accounts from different systems and to contain privileged accounts in one secure place.

What is most valuable?

Security is the solution's most valuable feature. As far as I know, this solution is the most secure system of this class on the market today, even considering another management system like Fudo Security, which we also use. The integration capabilities are very good; it helps strengthen our overall security.

What needs improvement?

The interface and user experience could be improved. In comparison, in Fudo Security, items are very searchable and it's very comfortable to work with. CyberArk is not very good at that. It could be improved and it wouldn't be too complicated to do so. The solution is too big and complex for any business that is small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses.

For how long have I used the solution?

I've been using the solution for five to ten years.

What do I think about the scalability of the solution?

It's an enterprise-level solution. So long as you can afford it, you can scale.

How are customer service and technical support?

I've never had to reach out to technical support.

Which solution did I use previously and why did I switch?

We didn't really use a different solution. We use Fudo Security, but it's not for password management alone. It's more of an all-in-one solution. We still use it; it's cheap and it's a very simple solution in comparison to CyberArk.

How was the initial setup?

The initial setup is okay; I'd rate it seven out of ten in terms of ease of use compared to other solutions.

Many different things during installation are not straightforward. For example, it would be better to make some kind of pre-installed machine or virtual machine or to make it easy to deploy various ISO files. There are competitors that have just one machine and no infrastructure involved. It would also be better if they embedded the license or offered some free options.

Deployment took about a month.

What's my experience with pricing, setup cost, and licensing?

As far as I know, CyberArk changed its pricing policy for our region. Overall it was very expensive a few years ago, but now, just around a year ago, it became less expensive and it's easier for us to sell it.

What other advice do I have?

We use the on-premises deployment model.

In terms of advice, I'd suggest others follow the implementation carefully.

I'd rate the solution eight out of ten. It's not easy to install and it's got too many components which means it's not really suitable for small or medium-sized businesses.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user887514
User at a pharma/biotech company with 5,001-10,000 employees
Real User
Passwords are given out on a case by case basis so users don't need to worry about password sharing

Pros and Cons

  • "Thus far I can say technical support is excellent. We haven't had any issues or difficulties."
  • "To get it to a ten it should give other possibilities to select if you could follow the keystrokes. It should have a flexibility with things where people can use it a lot faster."

What is our primary use case?

Our primary use case of this solution is for elevated access.

How has it helped my organization?

The primary improvement to my organization is the fact that now the users are aware that: one, the work that they do will be recorded and so there will be an audit trail of what has happened; and then, two, we don't have to worry about people sharing passwords because they are given out on a case by case basis.

What is most valuable?

  • Session recording 
  • Password rotation

What needs improvement?

Some folks would like to have keystroke tracking and some would not. I guess if they could make that an option that might be interesting for certain organizations.

For how long have I used the solution?

One to three years.

What do I think about the scalability of the solution?

Scalability and stability are both excellent. We have around 250 users. All individuals with privilege to elevated access will be required to use this after a certain amount of time.

How are customer service and technical support?

Thus far technical support is excellent. We haven't had any issues or difficulties.

How was the initial setup?

The initial setup was pretty straightforward. Deployment took approximately six months. For the deployment, there was a group of about five to six individuals. For sustainment, we just have gotten into a training mode and we will have our support team giving them assistance.

What other advice do I have?

I would rate this solution a 9.5 out of ten. To get it to a ten it should give other possibilities to select if you could follow the keystrokes. It should have a flexibility with things in which people can use it a lot faster.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DanHines
Technologist - Specialty in Identity and Access Management at Sears Technology Services Incorporated
Real User
The DNA scan is very helpful and provides a security baseline for your environment

What is our primary use case?

  • This product provides accountability and audit trails for privileged account access. 
  • Automatic password rotation every 24 hours to adhere to our internal compliance guidelines.

How has it helped my organization?

  • It helped us in SOX, PCI, PII and HIPAA compliance. 
  • Accountability, as far as knowing who has access to what.

What is most valuable?

  • Reporting and PSM I feel are the two biggest points for us. We provide our audit team with failed password reporting, safe membership, and privileged account inventory reporting.
  • The DNA scan is very helpful and provides a security baseline for your environment. I highly recommend running a DNA scan on your environment.

What needs improvement?

  • Implementation documentation could use some improvement in a few areas. LDAP integration would be one area.
  • Providing a way to group accounts by application would be nice.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Kishore  Kumar
SAP CRM /C4C /SAP Hybris at ATOS
MSP
PSM enables after-hours monitoring, and CPM helps keep the password policy up to date

What is our primary use case?

This solution is used for managing all unmanaged and forgotten privileged accounts. DNA tool is amazing, far better than imaginable in previous years.

How has it helped my organization?

We are able to keep an eye on every move made by privileged accounts throughout the enterprises, and with PSM we have monitoring after hours.

What is most valuable?

CPM, which helps keep the password policy up to date. which eventually helps to maintain the GDPR data security requirements for almost every client in Europe and elsewhere. 

What needs improvement?

It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.

For how long have I used the solution?

More than five years.

What is our primary use case?

This solution is used for managing all unmanaged and forgotten privileged accounts. DNA tool is amazing, far better than imaginable in previous years.

How has it helped my organization?

We are able to keep an eye on every move made by privileged accounts throughout the enterprises, and with PSM we have monitoring after hours.

What is most valuable?

CPM, which helps keep the password policy up to date. which eventually helps to maintain the GDPR data security requirements for almost every client in Europe and elsewhere. 

What needs improvement?

It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user789450
User at a energy/utilities company with 1,001-5,000 employees
User
The ability to write your own connectors and plugins is invaluable as far as flexibility goes

What is our primary use case?

Vaulting of privileged credentials.  Used as a jump host solution.  We wanted to keep passwords from being exposed to end users and connect them seamlessly to their target devices.

How has it helped my organization?

Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened.

What is most valuable?

The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.

What needs improvement?

Enhanced PSM support for Java based applications. Easier to use bulk uploader tools (which are already being worked on).

For how long have I used the solution?

One to three years.

What is our primary use case?

  • Vaulting of privileged credentials. 
  • Used as a jump host solution. 
  • We wanted to keep passwords from being exposed to end users and connect them seamlessly to their target devices.

How has it helped my organization?

Our privileged accounts are now stored in a more secure location and lateral movement within the network have been lessened.

What is most valuable?

The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes.

What needs improvement?

  • Enhanced PSM support for Java based applications.
  • Easier to use bulk uploader tools (which are already being worked on).

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user531600
Advanced CyberArk Specialist at a tech services company with 1,001-5,000 employees
Consultant
Secured vault storage provides the capabilities for structuring and accessing data.

What is most valuable?

The secured vault storage offers great capabilities for structuring and accessing data.
Central Password Manager is useful for agentless automated password management on endpoints.

Privileged Session Manager is good for provisioning, securing, and recording sessions to the endpoints.

How has it helped my organization?

CyberArk provided an audit trail for all account operations, including session recordings for all activities performed with high privilege accounts. It also gave us the ability to define various access controls per group, enabling us to differentiate between internal and external IT staff accessing the accounts.

What needs improvement?

The product documentation could be a little more precise in certain aspects with clearer explanations for functionality limitations. New functionalities or discovered bugs take a little longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.

For how long have I used the solution?

I have been working with CyberArk solutions for 7 years already.

I was involved in many implementations, proofs of concept, operational and development activities. I have worked with or test all CyberArk releases since version 5.5.

What do I think about the stability of the solution?

Unfortunately, I did have some problems with stability caused by not following the recommended configurations. But the recommended configurations are very strict, and it is not always possible to implement in a corporate infrastructure. Interference with other applications can also cause problems with CyberArk components.

What do I think about the scalability of the solution?

We did not have any problems with scalability. Each component of the solution is highly scalable and enables us to quickly increase capacity.

How are customer service and technical support?

Customer Service:

Customer service is very responsive and they are willing to help you with any deployment decisions, production issues or just various questions you might have.

Technical Support:

The technical support was great. They were very responsive and eager to help. We were able to have professional communication and the involvement of all levels of technical personnel as needed.

Which solution did I use previously and why did I switch?

I used another solution before CyberArk and its limited functionalities were the main reason for switching. We chose CyberArk because of its great functionalities, the ability to be deployed granularly at a different scale for each function, and the ability to be deployed in a distributed infrastructure.

How was the initial setup?

The initial setup is straightforward if you prepare for it properly and test the major functionalities using the configurations that you’ll actually require before you use it in a production deployment.

CyberArk documentation contains a lot of information, so the hardest part is to choose the right setup and deployment strategy.

What's my experience with pricing, setup cost, and licensing?

Plan ahead regarding the licensing costs. You can get a better prices per license as the number of licenses increases. CyberArk is open to providing a test license so you can test any particular functionalities prior to buying the real license.

Which other solutions did I evaluate?

We evaluated ObserveIT and IBM’s Privileged Identity Manager solution, which was still under development back in the times. We chose CyberArk because of its flexible installations, so that it was able to cover most of the deployment scenarios we required.

What other advice do I have?

Study and test it first, before going wild in the production.

It is very easy to create a disaster in production with even the smallest changes.
CyberArk has great resiliency capabilities; use them wherever you can.

Disclosure: My company has a business relationship with this vendor other than being a customer: My current company is a partner with CyberArk for selling the product as a service.
it_user529902
Network Security Consultant at a comms service provider with 501-1,000 employees
Vendor
Session recording is a valuable feature. Better documentation of error codes would be helpful.

What is most valuable?

Session recording Password and access management

How has it helped my organization?

Increased security and visibility

What needs improvement?

Error messages are useless; better documentation of error codes would be helpful.

For how long have I used the solution?

I have used it for two years.

What do I think about the stability of the solution?

I encountered stability issues.

What do I think about the scalability of the solution?

I have not encountered any scalability issues.

How are customer service and technical support?

Due to meaningless error messages, it is not possible to repair non-trivial errors without support. However, with support, we solved every problem.

Which solution did I use previously and why did I switch?

I did not…

What is most valuable?

How has it helped my organization?

  • Increased security and visibility

What needs improvement?

Error messages are useless; better documentation of error codes would be helpful.

For how long have I used the solution?

I have used it for two years.

What do I think about the stability of the solution?

I encountered stability issues.

What do I think about the scalability of the solution?

I have not encountered any scalability issues.

How are customer service and technical support?

Due to meaningless error messages, it is not possible to repair non-trivial errors without support. However, with support, we solved every problem.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

You have to exactly follow the installation manual; otherwise, installation can crash with a non-solvable error.

Which other solutions did I evaluate?

Before choosing this product, I evaluated BalaBit and ObserveIT.

What other advice do I have?

You have to exactly follow the installation manual.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ashish Khanal
Identity and Access Management Consultant at a tech services company with 10,001+ employees
Real User
With the PSM connect option, authorized users do not need passwords to open a session. The user experience needs to be improved.

What is most valuable?

The features that I value most are the PSM connect option, where an authorized user doesn't even require a password to open a session to perform their role. Another feature that I think is really valuable is being able to monitor a user's activity; there is always a log recording activities performed by the privileged accounts in CyberArk.

How has it helped my organization?

This tool has definitely helped us manage all the privilege accounts, which mostly have access to the organization's crown-jewel data. Additionally, having a monitoring system puts extra visibility on these account's activities, so any irregular activity is highlighted and quickly escalated.

What needs improvement?

I think there can be improvement in providing information on how to develop connectors for various applications’ APIs.

Additionally, I think the user experience needs to improve. It's not very intuitive at the moment. An account could be more descriptive, and could have more attributes based on its functionality.

For how long have I used the solution?

I have used the product for almost a year. I have been part of the implementation project and post-release, supported account onboarding.

What do I think about the stability of the solution?

For the most part, there weren't many stability issue. Usually the issue persisted with system/application accounts, with the API and the object ref ID not being in sync.

What do I think about the scalability of the solution?

I didn't feel there were any scalability issues.

How are customer service and technical support?

Although I was part of business side of the team, and I only had interaction with internal engineering team, I found the internal engineering team very helpful and knowledgeable about the product and how it worked.

Which solution did I use previously and why did I switch?

We previously used a different solution, and then we updated it; we did not switch.

Which other solutions did I evaluate?

I am unable to comment on this, as I was not part of product evaluation team.

What other advice do I have?

My advice is that this tool does what it advertises. If your business/organization has crown-jewel data, this is the tool to use.

From a security standpoint, I find the tool very reliable and innovative. However, it could improve the user experience and become more intuitive. When the user experience becomes more intuitive, then I am willing to rate the product even higher.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user528927
Owner at a tech consulting company with 51-200 employees
Consultant
You can control password management. It provides flexibility and security.

What is most valuable?

Auditing and control are the most valuable. You can control password management almost to the max, giving you, your users and your auditors great flexibility without compromising security.

The auditing and control is more valuable to the enterprise than to myself. Apparently one of the overseas offices was able to track and identify misuse of a privileged account. In addition, it is heavily used during the periodic user/account recertification process.

How has it helped my organization?

Recertification of accounts and users, whereas previously 100s of accounts reside on devices, targets, applications, etc., now, due to using the vault and recertification, owners are in total control of their accounts and usage. Dual control forces owners to approve access to their safes and usage of passwords. The number of audit points regarding rogue accounts is falling dramatically.

What needs improvement?

Small things such as resizing pop-ups but mainly the reporting possibilities: These are quite poor in my honest opinion. If you really want custom reports you actually need to export data to an Access database and create your own queries and reports. The default reports are just that.

The reporting functionality is currently limited to default reports, listings and overviews. For more detailed and in-depth reports, you need to export the data to an external app such as Access or MS SQL. For example, if you need a report listing all safes, owners, members and accounts (like we do), you need to create a bespoke report. Ideally, in 2016, perhaps a graphic drag & drop reporting interface would be ideal.

For how long have I used the solution?

I have been using the product now for a little over four years from the support side.

What do I think about the stability of the solution?

No stability issues at all; we have a 24/7 standby and have yet to be called out on issues other than locked accounts. These are almost always user-related. We have had no downtime other than planned DR tests.

What do I think about the scalability of the solution?

I have not encountered any scalability issues; we have actually scaled down since the new releases. Where previously we had CPMs & PVWAs throughout the world, we now have load-balanced CPMs and PVWAs in just two locations.

How are customer service and technical support?

It can take time before you get a solution. Frequently, we have already solved it ourselves. CyberArk is re-arranging its support teams to improve communication with clients and to resolve cases quicker. As there is a release every six months, this might prove to be a challenge.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

The vaults are installed on dedicated servers and subsequently hardened in their own dedicated workgroup. In our organization, there was a heavy battle with Server Support, who refused the workgroup setup and demanded that the servers join a/the domain. Do not agree! The servers have to be separate from the general server population and have nothing installed except the vault. Nothing has access, so no MS updates, AV software, etc. It took a while to convince them.

Which other solutions did I evaluate?

Before choosing this product, I did not evaluate other options.

What other advice do I have?

Do not take it lightly. It takes a lot of hard work to analyse and implement. Involve the entire organization from the start. As you will be working with security teams, you might encounter a certain level of distrust (you are in their domain right?). Involve them, liaise frequently and get everyone onboard.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user506925
Senior Consultant (CyberArk) at a financial services firm with 10,001+ employees
Vendor
The Enterprise Password Vault protects privileged IDs within a secure digital vault.

What is most valuable?

EPV (Enterprise Password Vault) is the most valuable feature of the product to me. It is the core of the product, where it stores the passwords it needs to protect. It protects privileged IDs within a secure digital vault.

What needs improvement?

User friendliness and reporting: While the PVWA (Password Vault Web Access) provides a web console for the end user and administrator to access the solution, there is room for improvement. (E.g.: show tips when the mouse hovers over.) Reportingprovides very detailed information; however, it requires customization before it is presentable.

For how long have I used the solution?

I first got introduced to CyberArk around 2012.

What do I think about the stability of the solution?

No issue with stability. The solution provides an HA option.

What do I think about the scalability of the solution?

I would say there are scalability issues. After the solution is deployed, resizing it is difficult. Therefore, proper sizing at the planning stage is important.

How are customer service and technical support?

Technical support is excellent; one of the most knowledgeable and well-trained support staff.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was complex. A typical deployment will require at least two months of full-time planning. In a large deployment, it can be over six months.

Which other solutions did I evaluate?

Before choosing this product, I did not evaluate other options.

What other advice do I have?

A well-trained and experienced deployment team is critical. Sizing, safe design, and access management need to be discussed beforehand.

reason for not being a 10 is, there is always rooms for improvements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free CyberArk Enterprise Password Vault Report and get advice and tips from experienced pros sharing their opinions.