CyberArk PAS Pros and Cons
CyberArk PAS Pros
CyberArk is not just an IT security or cybersecurity tool. It's also an administrator tool. I had a fair number of systems where the passwords were not fully managed by CyberArk yet, and they were expiring every 30 or 45 days. I was able to get management turned on for those accounts. From an administrator perspective, I didn't have to go back into those systems and manually change those passwords anymore. CyberArk... lightened the load on our administrative work.View full review »
It has helped us with our adoption with other teams, and it has also helped us to integrate it at the ground level.
We have demoted a lot of domain admins and taken a lot of that away from people, giving it a shared account structure.View full review »
I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors.
The users have the ability to rotate passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically.
The fact that I can put my vault here in a central location on one net for example, and I'll have a CPM in California, a CPM in Texas, a CPM in New York, a CPM in Florida, and actually be able to grow with my company and not necessarily have to continue to grow my vault until I get to a certain number accounts - yet I can still manage everything across the country, if not the world - I love that. I love the flexibility and the capability of being able to pull those components out.View full review »
CyberArk is a very stable product and it's a stable product because it has a simple design and a simple architecture that allows you to leverage the economies of scale across the base of your infrastructure that you already have implemented. It doesn't really introduce any new complex pieces of infrastructure that would make it that much more difficult to scale.View full review »
When we started with RPA, there was a requirement that every credential and the bots themselves be protected through the PAM system. From the get-go, we've had CyberArk in the middle... We've got a pretty robust RPA implementation with our PAM platform. Users, bots, the credentials — everything is managed via our PAM solution.View full review »
We can make a policy that affects everybody instantly.
We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us.View full review »
Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control.View full review »
Because we now have the ability to grant access to management utilities like DNS Manager, Sequel Studio, and MMC, in a secure fashion, without system admins being required to continually reenter various passwords that are stored who knows where, it has really made the system admin's job much easier. It has made the PSM's job much easier. It has made the auditor's job and the security team's job and the access manager's job significantly easier, because we're able to move much more quickly toward a role-based access management system, and that is really streamlining the whole onboarding/offboarding management process.View full review »
It allows users to self-provision access to the accounts that they need.View full review »
We are utilizing CyberArk to secure applications, credentials, and endpoints.
On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need.View full review »
CyberArk PAS Cons
This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be better if they were a little more give-and-take upfront: "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful.View full review »
Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together.View full review »
We had an issue with the Copy feature... Apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it.
I don't know if "failed authentication" is a glitch or if that was an update... However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up. So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended." It doesn't say that anymore.
I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs."View full review »
CyberArk has to continue to evolve with that threat landscape to make sure that they're still protecting those credentials that are owned by those that have privileged accounts in the firms.View full review »
The one place where we found that this product really needs to improve is the cloud. Simple integrations don't exist, even today. We don't have anything specific on CyberArk for managing, SaaS products, SaaS vendors, SaaS credentials. I understand it's a vendor-based thing and that they have to coordinate with the other vendors to be able to do that, and there are integrations coming. But these are the major places where CyberArk definitely needs to invest some more time.View full review »
One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening.View full review »
It's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers.View full review »
I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides.View full review »
There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution.View full review »
It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile.
Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug.View full review »