Based on my experience as a product owner, I would advise, firstly, to set up an enterprise security architecture as authority within the organization, and ensure that it is closely aligned with your business. Once that is set up, then the enterprise security architecture should determine the priorities of the business and, accordingly, you can lay out a roadmap and strategy.

From a product perspective, CyberArk may or may not fit into your organization based on what strategy you have detailed, or it may or may not fit your requirements. So I would definitely not recommend purchasing the tool first and then determining what to do with it next.

Regarding automation, we are adopting DevOps for the positives it brings, such as cost savings, efficiency, etc., yet there needs to be some checks and balances. Having a fully automated solution would require you to think through the security aspects very carefully. That is why alignment with the enterprise security architecture is of great importance when it comes to securing access across environments in an identity management solution.

CyberArk's PAM is based on the concept of identity, such that a user logs in with his or her identity. So whatever systems the user accesses, there is an audit trail that is tied back to that same identity. This can happen across multiple environments based on factors such as the separation of duties, where certain engineers may not be allowed access to certain areas of development. These checks and balances occur when we give access to those kinds of rules and permissions. There are some targets we have for automation, but if it's fully automated it wouldn't be all throughout our organization as we have found there are some pitfalls with full automation.

Now, when you bring the cloud into the picture, as with our own transformation roadmap, you can't just put a tool in front of you and then expect everything to fall into place from on-premises to the cloud. It does not work that way. You need to have a sound strategy from your enterprise security perspective and only then can you ensure that things will fall into place.

Concerning the UI, PAM has an administrative dashboard and everything, but from a monitoring perspective, we also rely on additional tools apart from what CyberArk offers. For least privilege and managing secrets, there's a tool from CyberArk for that, but I'm not sure we have any plans on using that solution.

Overall, I would rate CyberArk Privileged Access Management a seven out of ten.

The greatest issue that I experienced with the implementation of the CyberArk PAM solution was inter-departmental politics regarding change. To resolve this, I relied on the CyberArk Customer Success team to assist with developing a strategy to get all of the stakeholders to accept the changes. Every CyberArk administrator needs to spend time learning about their customer success team since their purpose is to assist with making sure you have the knowledge you need to make sure your implementation is successful.

The product takes some time to learn. That said, CyberArk Software offers both a customer success team as well as paid professional support to assist.  

The customer success team has always seemed to be in my corner when needed, bringing insight and assistance when I was unable to resolve some of my "self-created issues".

Use CyberArk professional services when needed. They are very knowledgeable and experienced which means engagements have a high success rate.

If you are using this solution for the first time, you need to be a little bit aware of Windows, Linux, and AD. Otherwise, it might be complex for you.

I would rate it a nine out of ten. 

I recently switched jobs, so I was working with CyberArk Privileged Access Manager in my previous organization, and also using it in my current organization. I'm using version 12.2 of the solution.

In terms of maintenance, it can be monitored through SCOM Monitoring, but the vault is standalone. CyberArk Privileged Access Manager can enable SNMP Traps so that the vault can be monitored automatically and it can trigger an incident to the ticketing tool the teams are using. It has the ability for automated monitoring.

My advice to others looking into implementing CyberArk Privileged Access Manager is to know their network properly. If they're doing an on-premises deployment, they should know their network properly, and they should first audit their environment in terms of the accounts they're going to manage on CyberArk Privileged Access Manager. They should also assign the owners and assign everything beforehand to help make implementation faster.

I'm rating CyberArk Privileged Access Manager nine out of ten.

CyberArk's abilities are amazing. We're just starting to hit some limits, but we're able to get through the majority of them. Some of the database stuff is a little bit more involved. The other things, like cloud and all of the Linux and Windows, have not been a problem at all. It's not that the database stuff is a problem, but it's just more complex.

If you want to talk about CyberArk providing an automated and unified approach for securing access for all types of identity, "all types" is a strong claim. I wouldn't ascribe "all types" of identities to anything. But for everything that we're doing with it, it has been a great tool and it's doing that for us.

I'd advise other users to take their time, measure twice, and cut once.

I would suggest finding a qualified partner. Don't try to install and configure it on your own. Instead, seek a certified CyberArk partner. It will save a lot of time and stress.

Overall, I would rate the solution a nine out of ten. It's very good, but there are still areas for improvement, like any other product. 

Before you get started, make sure that you know what it is that you're looking for from the product. That's one of the things that we went through. We had all of the groups involved, which included the Information Security Office, my team with the servers and the networks, and people who were managing the accounts. We all got together and submitted scenarios for what we wanted out of the product, and then we went to CyberArk and asked them how they were going to meet these needs, and they were able to meet pretty much every need. There were only one or two minor things that they couldn't manage, and those weren't that important. So, we were willing to go with it. I don't know if the other company was able to meet those either. My advice would be to make sure what it is that you want first before you go talk to them because they have a huge list of things that they can do for you, and you don't want to buy the things you don't need.

I would rate it an eight out of ten in terms of flexibility in everything because it does almost everything. The biggest drawback is because of the complexity, it is hard to manage. It is not impossible by any means, but it is not the simplest thing to manage. Cost-wise, it is not a cheap product, but it does a ton of things, and it does them well.

I would rate CyberArk as nine out of 10. I won't give the 10 because I have my problems with the licensing. However, the solution is completely recommendable and a must-have in every environment.

I'm not sure which version of the solution we're using. It's likely the latest version.

This is a fully secure product and integrates with a lot of different systems. I'd recommend the product to others. 

I'd rate the solution eight out of ten.

When you work on CyberArk, you have to have more than one skill set. You are not just a PAM consultant because you manage passwords for all kinds of systems. You have to have skills in Windows, Linux, databases, and security because you manage those kinds of accounts. If you don't have those kinds of prerequisites, you can't work with CyberArk.

I started working on CyberArk when it was version 10.x and at this moment it is at 12 and more. The interface has changed and a lot of features have been added over that time. It's a good solution.

Take advantage of the vendor's training or use a good partner to provide support and administration.

As it stands today, I would rate CyberArk PAM nine out of 10. However, I'm concerned about the future of the platform. While I've had nothing but great experiences so far, I have concerns about how they've been pushing that cloud solution in the last year and a half. I feel like they're going to pressure us to move to the cloud even though they're not mature enough in the cloud. 

Rather than create a cloud-native version, they've migrated their on-premise solution to the cloud, but they don't allow cloud customers to access the backend, which I recommend all the time as an on-premise user. Instead, you have to submit a support ticket and have their support do things on your behalf, which delays your ability to work with the tool. Furthermore, they may not be willing to make the modifications you want because it would affect their ability to impact the solution consistently. CyberArk designed the on-premise version to be incredibly flexible, and I have never found a use case where I can't do the work I want to do. Their cloud model discards a lot of that flexibility, which is where I see a lot of value, so I have concerns about the future of the tool.

Also, I'd like to point out that service account management is incredibly hard, particularly in a company that's been around for a while. Any company looking to adopt service account management needs to know that it's not as easy as vendors make it sound. Many things don't work right out of the box, so the most important lesson we've learned is to calibrate the expectations of senior management when it comes to service account management because it is a lot harder than anybody thinks. You're likely to break things in the process of trying to manage these accounts. 

I rate CyberArk Privileged Access Manager 10 out of 10. CyberArk is the leader in Gartner's quadrant. I tell my customers that they need to be 100 percent secure—99 percent isn't good enough. The top hackers will exploit that 1 percent hole, and you're finished. You need 100 percent, or else you're wasting your money.  

We are reselling the solution to customers.

I'd rate the solution nine out of ten. It's quite a good product.

I'm working for a company that sells privileged access management solutions, including CyberArk Privileged Access Manager.

The version of the solution which I'm dealing with is an old version. Most of the deployment is on-premises, but my company will start cloud deployment for CyberArk Privileged Access Manager as well.

My company resells, implements, and also provides support for CyberArk Privileged Access Manager for the customers.

The solution requires upgrading regularly, and if there's a new system or application, you need to set it up for privileged access management on CyberArk Privileged Access Manager, so maintenance is important. Currently, in my company, five people work with the solution where there are about two hundred devices with fifty administrators. In the beginning, CyberArk Privileged Access Manager was for large-sized businesses. Nowadays, it's also used by medium-sized businesses.

I would recommend CyberArk Privileged Access Manager to others looking into implementing it because it's very important to protect privileged accounts in the company and do password rotation, so the hackers won't have a chance to detect and find the real passwords in the system. You can also use CyberArk Privileged Access Manager to protect external users and the admins from the direct connection to the server and after that, you can see what the users and admins do because the system makes video recordings and session logs. It's important to see what the admins do from time to time.

For me, CyberArk Privileged Access Manager is the best product, and even Gartner says the same, so I would rate it a ten out of ten.

My company is a partner and reseller of CyberArk Privileged Access Manager.

Plan wisely and you will have a very good product. The approach should be modular and step by step. Start with the UNIX administrators, network device administrator, Windows administrator, and Active Directory administrator, then move onto more complex scenarios, like web server administrators, sub-administrators, etc. 

I would rate CyberArk PAM as nine out of 10. It could be more manageable.

We are end-users and customers. 

This is a stable, reasonably priced product. It has good security features as well. Since we received the renewal request, it's been working very well. 

I'd rate the product eight out of ten. 

We use the solution with AWS. In fact, we set up a custom setup for AWS. We worked with the CyberArk engineering team to get it working, to come up with a custom solution to integrate our AWS EC2 instances. There were some limitations, as I mentioned earlier, with how the product integrates with AWS, so we had to make some major changes to how the integration works. As far as monitoring is concerned, it's standard CyberArk monitoring. We don't see anything specific to AWS, as far as the monitoring is concerned. This is the one place where CyberArk can improve.

Privileged access management is one part of IM. Anything that goes through has to get approved through the IM team, and our product of choice for privilege access is CyberArk. When we decided to go to the cloud, this was the natural choice because this was the product that the enterprise uses. We've had challenges. We've had to customize the product to meet our requirements. It might not be the same for every customer because our requirements are a little unique. But it eventually worked out. We've been able to meet most of our use cases.

CyberArk is an eight out of 10. It can do a lot. But there is definitely scope for improvement.

I come from the IM world, but I was more into access management. CyberArk was just one of those products which was thrust on me. Now I'm head of privileged access management, so CyberArk has been pretty good for me, going from the access management space to privileged access management. It's definitely had an impact on my career.

I would advise others that requirements should be discussed properly with all the stakeholders to understand their expectations. Additionally, it is important to explore our tool limitations. We should more focus on solution designing.

I rate CyberArk Privileged Access Manager a nine out of ten.

CyberArk is an innovative set of tools that are easily learned. Getting deeper into the product allows for a great deal of complex settings that can be learned via high level implementation guides as well as a CyberArk certification.

Overall, I would rate the solution a ten out of ten.

I give the solution a ten out of ten.

For maintenance, we require one part-time architect and two operations people.

I recommend the solution to others.

I would recommend this solution to others. It has great value and it ensures your environment is secure and it is most important in production. If your company is a financial institution it is a lot of times mandatory to have a solution similar to this in operation because of cyber security concerns. We need to have preventive or professional action and one of those elements is to have a secure platform.

I rate CyberArk Privileged Access Manager an eight out of ten.

You need to know the sizing of your company and not randomly use it, thinking you may need to use this solution in the future. You need to use most of the features, e.g., if you have 10 features, then your company should use at least seven features of CyberArk. If you are not going to use seven or more features, i.e., if it is below seven, you should not go for this tool.

We were using Secrets Manager for managing a few SSH files, but we are not using it anymore.

I would rate this solution as eight out of 10. CyberArk is a solution to problems being faced by multiple companies and organizations. It removes security threats and vulnerabilities from an organization in a secure way, and your credentials are handled in a secure way. Therefore, it solves this pain area in a company, and that is why I think they are one of the top tools.

It does what it promised. It secures our platforms, haves the scalability, and it is just a solid product.

Know what you are getting into upfront. Work with IT to ensure you have buy-in from upper management, and work with them to get a roadmap to deploy. 

Most important criteria when selecting a vendor:

• Reliability
• Having good customer support.

We are CyberArk partners. I’m a consultant.

We’re always using the most up-to-date solution version, as we are utilizing the cloud.

We use it mostly to secure our privileged accounts. We don't actively use any other products of CyberArk.

I’d recommend the solution. It’s ideal for smaller organizations.

I would rate it seven out of ten.

If you can afford CyberArk Privileged Access Manager or you are looking 5 to 10 years in the future, it's a good investment. You will gain experience handling all these pieces using the one product. You can easily integrate with other products also.

You would have maintenance with other PAM products, and you won't with CyberArk. You can save that money by investing in a high quality product from the beginning itself.

Overall, I would rate CyberArk Privileged Access Manager at eight on a scale from one to ten.

It is a good choice. I'm not sure if they're the market leader or not, but they seem to have the biggest footprint. I know there are a couple of competitors, but I've never used them. The other two that I know about are not as widely used, so there is a bigger community for support for CyberArk, and there is also CyberArk's support.

CyberArk is good as a technology partner for ensuring that we maintain a strong security posture throughout our digital transformation. It is a needed platform to have.

Given my experience with CyberArk PAM, to a colleague at another company who says, “We want to solve cloud security challenges with born-in-the-cloud security solutions as opposed to legacy solutions that have been adapted to the cloud," I would say that CyberArk is a good option for the cloud. That's because you don't have to worry about maintenance, and all the integrations are already in place. The different accounts that CyberArk can integrate with are already in place.

It doesn't really give a single pane of glass to manage and secure identities across multiple environments. It only gives visibility into CyberArk and how the accounts are working there. If something is wrong with an account, sometimes, you have to check other tools, such as Active Directory, or permissions.

We don't use CyberArk’s Cloud Entitlements Manager and Secrets Manager. We use CyberArk PAM to implement least privilege entitlements, and it is neither easy nor difficult to implement them. It is somewhere in the middle. The adoption of least privilege entitlements by using CyberArk PAM is also somewhere in the middle. If users aren't really technical, they would have problems with it.

It provides consistent controls to enable secure access, manage secrets, and implement least privilege at scale across our environment. It is somewhat user-friendly for people to just rotate passwords. Its interface can be a bit difficult.

I would rate it an eight out of 10.

CyberArk is a good technology partner. They help us a lot with maintenance and our security process management.

I don't have experience in the cloud using CyberArk. However, for on-premises environments, it works very well. I recommend it. 

I would rate the solution as a nine out of 10. 

I'd never ever rate anything a 10. I'd probably never rate anything a one. I'd rate CyberArk as 7.5 out of 10. We actually did surveys of all the people that saw all the demos of all the new solutions we looked at. CyberArk was a seven or eight consistently, from all the people who watched it. The benefit of it is it's stable, it's old-school, it just works. The downside is that it's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers. Those are the highs and lows. It could be amazing if it all ran in the cloud, but that wouldn't be possible.

I started as a PAM engineer eight years ago. Learning PAM and understanding how it protects people and being the liaison who needs to take passwords away from engineers is really tough. But it put me in a good spot. I grew from a PAM engineer to an identity engineer to identity team lead to identity manager. Within the last year-and-a-half, I came into this company because of a PAM role. They hired me as an identity manager because I knew PAM and because I had a relationship; I was working on bringing CyberArk in as part of my previous role and they wanted me to come in and do that same evaluation here. So knowing CyberArk got me my job and, within three months, they said, "We don't need just one team like this doing these assessments. We need multiple teams. So you're an associate director." I said, "Thanks, I don't want to do that. I just want to play with PAM."

If you want more security, get CyberArk.

I used the new plugin generator utility here in the lab. Right now, it is manual, and the plugin is very easy to use. It is amazing.

Most important criteria when selecting a vendor: I prefer better tech support, because I love the CyberArk support. I want support like that everywhere with all my vendors.

Get on implementing it today. Be patient. Test a lot. Deploy slowly.

It has places to go. I see the potential. It is getting there, but it has room to grow. If you compare this product with anything else as far as an endpoint solution, there is nothing which even compares.

We have implemented the new plugin generator utility already. I trained the help desk. It is really easy. Instead of having to fix it myself, the service desk will receive a one-time code to help the customer immediately, so they do not have to wait. I will receive a ticket to make a long-term policy. It is a perfect system.

Most important criteria when selecting a vendor: communication.

I would recommend the product. 

We have done a lot of customer referrals for CyberArk. It is good. It fits our needs, and there is not anything else out in the market that can match it.

Most important criteria when selecting a vendor: 

• Good support.
  
• Meeting the each of the requirements.
• Usability of the product.
• Ease of implementation.
• Not a lot of customization; you can get it right out-of-the-box and run with it.

We have four models which we are using. 

The first one has a wall that which we have deployed on the particular server. The next one is the CPM which is the Central Policy Manager through which we enforce the password policy and password rotation policies. 

I'd recommend the solution to others. 

We have conducted a POC in Pakistan on multiple sites with different customers. CyberArk is a quite typical product and can be a bit expensive, so it's a good idea to try it out first and make sure it is what you need.

I'd rate the solution seven out of ten. 

I'm certified in CyberArk. Earlier, we worked with CyberArk as a partner. At this point, our contract is in a renewal state.

I'd rate the solution nine out of ten. 

It is a great product when it comes to security. From the security point of view, I would advise a new user to use this tool and deploy it in your environment since the security is unbeatable.

I rate this solution an eight out of ten. I would recommend having a proper plan before implementing this solution. It will be a smoother process if you jot down the granular execution level and get senior resources with hands-on experience.

I would rate CyberArk Privileged Access Security an eight out of ten. It is a good product.

Hard to implement and to get acceptance from the users and management. But when installed the solution is rock solid.

Overall, I am really glad I worked with CyberArk for five years.

I rate the solution a seven out of ten.

With every security tool, new users learning by themselves is a bit difficult since the material isn't openly released. It's released if you have a partnership or if you pay for the software. That makes learning the tool a bit difficult. If you are interested in learning, the only thing is to get a job in that field. If your company is using it, it's like learning by doing. That's the only way you can learn about this product.

I'd rate the solution eight out of ten.

CyberArk has vast trust across the globe. People who've used CyberArk usually don't go back and change the product, unless it is a cost issue. If it is a cost issue, I must suggest BeyondTrust as a cost-effective solution for similar services.

Work off your roadmap for implementation.

We recommend CyberArk solutions.

One big piece of advice I would give is: Don't ignore user acceptance. If you want people to use CyberArk, you have to pay attention to user acceptance. If your users hate it, then your entire experience is going to be an uphill battle, when you're trying to get people to actually use the tool. It doesn't matter how good the tool is, it doesn't matter how well it does password management. It doesn't matter how well it does all these other things. If your users hate it, you're going to have an uphill struggle with the people that you need to be on your side. You've got to get user acceptance right.

Now, you can't completely sacrifice all those other things just for user acceptance, I'm not saying that. But you have got to keep user acceptance up there, alongside everything else. It's got to be a hand-in-hand thing as you go along, so don't ignore user acceptance. Spend some time doing it.

I tend to shy away from giving anybody a 10 out of 10. I would rate it at about eight out of 10, a pretty high rating. Anything could be improved, and certainly, CyberArk is not immune to that. But I think it's a good tool.

One of the biggest factors when dealing with this field/area in privileged accounts is you have to have executive support from the top down. Push for this, because trying to get different business units or groups to implement this product is very hard if you don't have upper level management support.

Most important criteria when selecting a vendor: 

• Stability of the product.
• The customer service interface: Someone who can work with you on the product and understand what your needs are.

Contact the professional help for a demo, and you will not be disappointed. Even if you do not choose CyberArk, they can help identify current security gaps.

Try a demo, if you can. Make it a hands-on with some of the components and see what they offer you.

I have used other privileged account management tools in the past. This, by far, outranks them as far as features and usability. The integrations on top of that as well. 

Each new product that our company buys, we turn to CyberArk, and they are say, "Yes, we integrate with that."

I have used the new generator utility plugin once, so not extensive experience, but I have used it. It does work.

Most important criteria when selecting a vendor: They integrate with CyberArk.

The tool is robust and our IT team is happy with it. It provides you with strong security.

We are currently on version 9.10. We would like to upgrade to the latest version some time this year. There is currently a CyberArk Security Bulleting CA19-09 that addresses potential administrative manipulations within the PVWA and the Digital Vault. CyberArk has released patch 9.10.4 to address the PVWA and they are working on releasing a patch for the Vault Server.

Make sure your use cases are covered. Go for a small PoC, if possible, to make sure that all your use cases are covered and delivered per your expectations. Check whether the solution is on-prem or Azure and the resource utilization needed for implementation. For your IT expansions in future, check whether you will need any additional modules in future or if the existing ones will meet your future requirements.

With Secure Web Solutions, we could access any web applications from a PC. It was like a native tool where you could browse from your Chrome or any web applications, and the applications would be routed to the CyberArk where it was securing the web applications and access. However, this product was deprecated last year so it is no longer supported from CyberArk's point of view.

I would rate CyberArk PAM as nine out of 10.

CyberArk continues to innovate, as they refine strategies based on industry research and trends in the cyber security landscape, and incorporate the necessary updates to both their roadmaps as well as their product sets. The creation of the customer implementation roadmap, acquisition of Conjur for DEVOPS and the development of  Alero to address 3rd party secured access, are examples of product innovation to address  emerging risks within the  industry.  

I would rate CyberArk 8 our of 10;  although I do remain impressed with their existing set of product offerings, their cyber security roadmap & strategy, and their overall corporate philosophy, I do feel it is necessary for them to ensure they remain vigilant and maintain pace with an evolving cyber industry.  Significant disruption in the technology industry brought on by advancements in Machine Learning / AI, commoditization of cyber attack tools, and rapid deployment of IoT based technologies, summon the need to ensure companies do not become complacent in the agility of their security tools.

I have several passions. One of the passions I've always had is in organizational transformation and leadership. A second is really around the space for identity and access management. CyberArk has allowed me to continue, even after I've retired from the industry after 35 years, to still live that passion through their customers. I've been given the opportunity to provide some keynotes around organizational transformation. It's an exciting industry to be in and CyberArk has allowed me the benefit of still continuing to enjoy that experience.

One of the most important aspects is to ensure that the business is behind the solution. CyberArk suite will only work well if all users adopt the system.

My advice is to have the necessary resources to fully implement this. Don't just bring it in and let it sit. It needs to have the resources with a fully dedicated team to be able to get this functional. Otherwise, it will be sitting there not being fully utilized. There are a lot of functionalities that require a lot of resources to get it up and running.

I have been using the new plugin generator utility for about a year. I took a PSM Connection course this past summer. I have been using it ever since.

Most important criteria when selecting a vendor: 

1. It will be usability of the product. I want to make sure that when we have the product, we can quickly use it and have a full understanding of it without all the hoops that we need to jump through just to be able to understand what that system looks like or how it works. 
2. The next thing will be support. How will they be able to support the system? Do they have a good support staff who will be able to help us get through an implementation? 

Those are the two main things I look for: the usability and supportability of the tools.

Do your research. That would be my biggest advice. CyberArk is a great tool. However, it is not the only tool that does what it does and, in some cases, for a lot of people, other passport vaulting tools are more toward what they would need in their environment.

I would give CyberArk an eight out of 10, and the two missing points would probably be mostly because of technical support. I would love to actually get the support that I asked for. I would love to actually get the help that I'm asking you for as opposed to you telling me, "Yes, I can help you. I need you to fill out these papers and jump through that hoop and then cut a cartwheel and rub your belly while you pat your head at the same time." If it wasn't for that, it would be more towards a 10.

My most important criteria when selecting a vendor are

• credibility
• functionality.

If you are starting from scratch with the product, you should take a good inventory of your accounts to know what is in the scope. Start off with the password management aspect of it, but also look into things that provide session management, SSH key, and rotation. These are some of the basic things a new company using privileged access should look for.

CyberArk is always willing to take feedback from the customer and are looking for ways to improve. There are all types of programs within CyberArk to take that feedback and incorporate it into their product.

I have experience using quite a few of the plugins, but I am not familiar with the new generator utility plugin.

The most important criteria when selecting a vendor: They need to understand our environment. We have a very complex environment at a very large scale. They need to show that they have a product which can meet the needs of a large organization like ours, and find solutions from old legacy environments to everything through the cloud.

A team of five to six people would be sufficient to maintain 24/7 operations.

I would recommend reducing the fee for cancellations, but when it comes to cloud services, there are superior options available in the market.

I rate CyberArk Privileged Access Manager a seven out of ten.

Individuals who wish to utilize CyberArk should be cautious when selecting a partner to implement the solution, as proper architecture design is essential to ensure a streamlined and effective implementation.

I rate CyberArk Privileged Access Manager a nine out of ten.

Educate the user community once you get it actively deployed and set up a strict policy on it.

Most important criteria when selecting a vendor:

• Good reputation for technical support
• Product that does what it is supposed to do.

Take this solution over any other solution. In fact, I have personally brought a couple of my old colleagues with a technical background into this product line so that most of them are now certified on CyberArk and working in the same environment as well. 

Without doubt CyberArk is a 10 out of 10. From my experience, the kind of work I have done with this solution, it's absolutely amazing. It has the capabilities to secure the environment, which is the most important part. Anytime we hear any news of breaches elsewhere, that's when we say, "Hey, they should have done something, implemented the solution before they were hit." Once they are hit, they run around and try to fix the problems. But CyberArk, it's an amazing solution.

When it comes to selecting or working with a vendor, our most important criteria are access to support, what level of support is available, how fast the turnaround can be. The executives or the account team have to be very accessible to us, so if we need to implement a new product or new integration we should at least be able to get hold of the people who can guide us in the right direction.

CyberArk is a fantastic solution. They understand what the industry is trending towards. They are able to meet that very quickly. Being in healthcare, we are a little bit behind the times and we follow people a little further behind (for example, the financial sector has been doing all this stuff for so long). However, healthcare, as an industry, is always a few steps behind because we are clinical and have to support a lot of different clinicians, physicians, and regulations, which sometimes makes us move more slowly. Just having this has been huge for us.

One of the things which has differentiated us from other customers from CyberArk is we have been tremendously successful in rolling out different implementations. There are a lot of clients whom I have talked to personally who have bought the solution, but have never implemented it, or they have been met with a lot of struggles or a lot of uphill battles with their staff and adoption. My best advice would be to start out and find the quick wins, the low-hanging fruit; these things you can provide to your organization to have them understand and see the same value that you are seeing as you are implementing.

I am familiar with the the new plugin generator utility. I have not used it because I think it is a newer version than what we have, but I am excited about it. I am looking forward to utilizing it. It is similar to what they have for their PSM solution. They have some new web services framework, so they do not have to use the AutoIt tool because it takes a long time to create plugins today. Like the plugin creation utility, it will allow us to take a whole lot of time off of our turnaround to be able to provide some of these connection components.

Most important criteria when selecting a vendor: Because we have so many applications and solutions across our organization, interoperability is a big thing. I am in charge of CyberArk, as well as Duo, who we use for our two-factor, and having that integration point or the ability to integrate with these solutions is huge for us. As we try to standardize across all of our different organizations, which is very difficult in our industry, what we offer for a particular solution rather than having 30 different iterations of different applications, has been huge for us. Standardization and integration is a huge point for choosing a vendor.

CyberArk is the best out there. Their product makes our privileged access management so much easier.

For privilege access management, there is really no choice but to implement this or a similar solution. It is the last bastion that companies have. Firewalls used to be the perimeter and the place to be. Nowadays, intruders can walk through the perimeter (the firewall). So, we have to get on the inside and get it tied down. They are not very many people playing in this market. CyberArk is on the top, so there should not be any reason not to go with it.

Most important criteria when selecting a vendor:

• Best of breed
• Top quality support organization.

CyberArk is on top of its game. The product has worked well for our company.

If you are looking at implementing this solution, buy the training and go to it. If you do not train, it is hard to understand it. It is hard to pick it up by cross-training with other people. You really want to start off strong.

Most important criteria when evaluating a technical solution:

Be brutally honest about all the factors that go into the solution that you are looking for (buyer) and what the solution can offer (seller).

Do it now. Don't wait.

Any other issues that we may have come up with, they have always been there to help assist and get us back on the right track. They don't just give you the product, then wipe their hands.

We just got an upgrade to version 10.4, as we went from 9.2 to 9.9.5 last year. This was a major improvement for us, going to 10.4 with the different dashboards and PTA built-in and PTA on the credential rotation. They are starting to integrate all the different components.

Most important criteria when selecting a vendor:

• Ease of access.
• They are with you going through any problems that may arise. 
• Good support.

We only use it on-prem, but for someone who only wants to solve cloud security challenges with a born-in-the-cloud security solution, I would still tell them CyberArk is one of the potential solutions. I would also tell them to do their assessment because it costs a lot. So it depends on the scale of use and the use cases. It certainly has the most capabilities that could be of use, but it depends on whether you only have some small deployments in the cloud and on the size of the risks involved. For certain scenarios, I would say they should immediately go with CyberArk, and that they shouldn't bother with others' solutions. In other scenarios, I would say they should do a very thorough assessment of the market before they decide because there might be cheaper options that will be sufficient for them.

Take your time. It is not a quick hit, where I am going to put it in today and be done. It is a process. The cyber hygiene program is a crucial aspect of how to implement this successfully.

I do have experience with the new plugin generator utility. We have been using it for a short period of time. It is not fully in production yet, but it seems to be quite good.

Most important criteria when selecting a vendor: Technical ability, not only in the product, but in the industry as a whole. This helps set CyberArk apart. They are not only experts in their product, but they are experts in the industry, including Red Team capabilities. They are gearing their product towards the defending of what the active exploits are, not something that has been done in the past.

Make sure you have a development or QA environment.

I did training today on the new plugin generator utility.

I would rate it about a nine for ease of use and deployment. They are continuously improving the product. It works great, and there is a lot of documentation available.

Most important criteria when selecting a vendor: Longevity and length of time in the business. Not that there is anything wrong with startups, but these folks have been out there with a proven track record. We talk to other people, look at the reports, etc.

Do a detailed assessment of your requirements before you invest. Map the requirements to the functionality and go just that step deeper in the assessment of whether the tool fits your needs. Keep in mind that, although CyberArk is highly configurable and provides lots of functionality, it still is an out-of-the-box solution and customization is limited in some ways.

Go ahead and use CyberArk. Request a demo.

Overall, I rate the solution a nine out of ten.

I’m a consultant. I help implement and train others on how to use it in a highly secure environment.

I’d give it a nine out of 10. It is very, very secure.

Plan for major culture change, especially in non-progressive shops. This is a necessary evil to endure for the sake of real security.

I would rate CyberArk Privileged Access Security a six out of ten.

I would rate CyberArk an eight point five on a scale of one to 10 because it has done everything that we have asked of it. There is a bit of a learning curve, but it's a pretty complex solution. They do have ways to make it easier, but it's easy to fall down the rabbit hole when you're going into a deep dive. However, if you follow the trail, you will find some pretty cool stuff.

If you want to use it as an application password management cloud solution, think about it not as a security person but as an application person. If CyberArk does not meet your requirements, it has a way to meet them through customization.

Our most important criteria when selecting a vendor include scalability and stability as well meeting our security requirements for applications

From the application perspective, I would rate it at eight out of 10 because it's very easy to use and stable.

The PAM solution brings cultural change and adds a layer to the way IT administrators access the privileged accounts before implementing the PAM tool. A great, valuable product like CyberArk requires good planning and time to implement all the features.

Make sure you understand your business objects and your technical objects. Plan to scale out to the entire organization, but start small, and grow organically.

My advice to others is this solution can solve a lot of problems.

I rate CyberArk Privileged Access Manager a nine out of ten.

I would recommend this solution to others.

I rate CyberArk Privileged Access Manager a nine out of ten.

Others have spoken a lot about security hygiene and I believe that's where you should start.

l would rate CyberArk at nine out of 10. The way for it to get to a 10 is with a lot of features, the amount of cost involved in buying the product, and the PSM proxy issue that we've been facing.

In terms of important criteria when working with a vendor one thing is, as we said, getting to the right person. We go to support only if there is a critical situation where we are not able to solve it. Getting to the right person at the right time, and getting the issues resolved in a timely fashion is what we are looking for.

My advice to a colleague would be: First, don't allow the security team to be the driving force. It has to be the server team that implements it, that is the driving force behind it, and the for that reason is there is always animosity between the people who are there to enforce security and the people who are there to get a job done.

When you are on the enforcement team, you are dictating to the people who are trying to get a job done, "Here is something that I'm going to put in your way to make it harder for you to get your job done." Regardless of what happens, that's the way it comes across. Going to the server team saying, 'I've got a solution that's going to make our lives easier, and oh, by the way, it's also going to be more secure," you have a much easier time selling it, much lower push-back, because you're one of them.

Second, you've got to have buy-in before you pull the trigger. You can't just force it on them: "Oh, we just took away all your admin rights." You have to give them a new solution, let them prove to themselves that this solution works, that it does exactly what they need, and that it really is easier. Now, when you revoke the rights that they've had for probably decades, there is much less push-back.

In terms of selecting or working with a vendor, our most important criterion is the ability to connect with a vendor that not only gives us the solution we need but can also work with us to customize exactly what we need.

I would rate CyberArk a nine out of 10 for two reasons: 

1. there is always room for growth
2. there are still gaps in what the solution provides.

It's not complete across the board. If it were, it would be a 10. But I do see its potential to eventually reach that.

Keep an eye on the cloud integrations and be ready for Conjur.

CyberArk architecture is good and more secure, but I see the solution as expensive. Support is the worst; CyberArkstaff is not supportive, their professional service team charges for each and every thing.

Start small and don't try to overwhelm your scope. Do small steps and get them completed. Take notes, document, then scale out. Go from high risk out instead of trying to get everything in, then fixing it.

One of my homework assignments at CyberArk Impact is to find out more about how to utilize CyberArk to secure infrastructure or applications running in the cloud.

We have a lot of the out-of-the-box plugins with one custom plugin, but we are still new to using them.

Most important criteria when selecting a vendor

Age of the company, because we do not want to be first to market. We want to hear about it from other people. How is the sales rep is communicating. Whether it is more of a sales pitch or if it is a genuine concern for our security.

Then, make sure our vision is lined up with the product. We want to get our bang for the buck

Do not think too big at the start.

I would recommend CyberArk solution even for small customers, who have critical application and internet presence in their business. The licensing model support to start with even 5 privilege users, this really helps. We haven't experience Idaptive ( Identity Saas ) solution yet, however, it looks promising

I would rate CyberArk PAS a ten out of ten. They are sharp focused on privilege access security for more than 21 years. This highly remarkable.

My advice would be to plan ahead of time. Put up the plan for all the modules that you are going to implement. Look at what the dependencies of those are and plan for those dependencies in advance, then start the project.

Especially where it is the application identity manager, the AIM part, which is not only dependent upon the implementation partner but also the customer dev team to make the changes.

That's what makes it critical to plan ahead, ensure all stakeholders' commitment of their time and support, then start the implementation.

I would rate it nine out of ten.

I think if the industry could work together on TSM connectors, this would be a cutting-age change.

The product is the best in the market at the moment.

I would recommend the product for sales learning. 

The Privileged Account Security product is a suite. That means that the product consists of different components/modules that cover a particular functional area (check their website) on privileged accounts. Plugging in more of those components in the environment results in covering a greater part of that area. Of course, there is a common layer that is used by all components. This is the security layer that holds and protects the privileged accounts.

Start small. Use first the basic components that, e.g., include password management. Gradually grow the number of components/modules/functional area to include, e.g., other types of accounts, session management, intrusion detection, end-point protection, etc. Having a project scope that is too large will make the step of using the solution too big. Make sure every stakeholder in the project is aware and let them gradually ‘grow’ with the product.

If an organisation has not utilised a PAM tool before, it is a large cultural change fundamentally in how a user works, and should be taken into consideration accordingly. The solution is complex depending on the requirements; therefore, the implementation should not be rushed and it should be tested appropriately.

Contact the local distributor for help.

I would recommend being well prepared. Do not improvise. Understand what you are doing. Take the time to read the technical documentation, and not just the marketing material, to understand CyberArk. It will not be a waste of time.

Take the time to prepare, clean, and document all your privileged, services, and application accounts. Use the product for its intended design.

Engage with Professional Services, not just for help with, "Here are the buttons to click," because they've been really helpful as far as how we would want to implement things.

Our most important criteria when selecting or working with a vendor, outside of the product being good, are reliability and timeliness of response. Those are the two big things. I think CyberArk does a pretty good job on these.

I rate CyberArk at eight out of 10. I think the solution, as released, is usually very good. When something comes out, it's generally airtight and works as advertised. However, sometimes they are a little bit slow to keep up with what's coming out. In 2017, for example, they released support for Windows Server 2016, which had been out for a year or so. There is probably some tradeoff that is required to keep things so airtight, by holding back a little bit. But that would be my one criticism: It's slow to keep up, sometimes, with updates.

This is the best product from its breed.

I have used and deployed it in various environments so far. It really covers all the use cases provided by the customer.

Make sure that the organization is ready and willing to adopt this, as the typical business cases cannot be addressed by the product alone.

Assure that the organization is ready and willing to adopt this. The typical business cases cannot be addressed by the product alone.

It's a long journey and it needs to be set out in phases very well, starting with something small and gradually implementing PAM controls across whatever multiple technologies an organization uses. It's a long-term project to fully deploy and benefit from all of CyberArk's features. 

Rather than being about the product, it's more about the overall PAM journey that a company decides to take. It's a very complex world, integrating multiple applications within CyberArk. There are various technical complexities involved, not with CyberArk, but with the other products. 

But it's worthwhile. CyberArk does its job very well. All the components are very useful and the benefits are all evident. CyberArk is the number-one PAM solution.

This is a complete package that has a lot of the capabilities you would want in this type of solution but it is very expensive.

I rate CyberArk PAS a seven out of ten.

Proper implementation and prior study of product will give you efficient results. Organizations looking for a product that can provide proper paper trail for risk and compliance audits should certainly give it a try because the product's auditing and reporting capabilities are really bliss.

Invest as much as possible in the planning and design phase. Consider at least future three-year growth in password and user base such as growth in virtual environments, and size accordingly. Also consider requirements like high availability of vaults, PSM and other components.

Before defining the solution’s architecture, clearly define your requirements and the kind of systems in scope. Some systems/device can be integrated out-of-the-box, others need customization.

Plus: easy to deploy, highly customizable
Minus: a little bit complex to integrate in large environment, complex rules/customization takes time

I think having a distributed architecture would certainly help this solution.

Basically, build it up step-by-step, starting with the EPV of course :-).

I recommend this product. 

For those who are interested in using this product, you have to know your requirements and compare them with CyberArk to see if it is suitable for them and fits their budget.

I would rate this solution a nine out of ten.

This product is helpful for financial auditing needs, as well.

We're just users of the solution. We're customers. We aren't resellers or consultants. We don't have a business relationship with the solution.

I'm using the latest version of the solution.

I'd recommend the product to others.

Overall, we've been mostly happy with the solution. I'd rate it at an eight out of ten so far.

CyberArk offers extensive training, utilise it. Also their support staff are very good and can assist with everything.

For implementation, you will need professional services or other experts.

Overall, on a scale from one to ten, I would give CyberArk PAS a rating of ten.