CyberArk PAS Room for Improvement

Core Analyst/ Server Admin at a comms service provider with 1,001-5,000 employees
Things that they were speaking about, here at the Impact 2018 conference, are things that we've already been looking it. They have been on our radar, things like OPM. We're beginning to use PSMP a little bit ourselves. We already have that implemented, but we haven't been using it a lot. The number one thing might be OPM, that we're looking at, that we think might help us in our business, but we haven't implemented them yet. There are so many options that are currently available, and there are already efforts, projects within CyberArk, that they're working on right now, that I haven't really had time to think beyond what they're already offering. There are so many things that they have that we're not using yet, that we haven't licensed yet. There is a lot of stuff out there that we could take on that we haven't yet for various reasons, including budgeting. It's always the need to do a cost-benefit and then doing a business case to management and convincing them that it's something that would be good for us and that it's worth spending the money on. Right now, it's just trying to implement what's out there and use some of those tools that would give us the most bang for the buck. View full review »
Security Architect at a healthcare company with 10,001+ employees
One of the things that I have been wanting is that we use the Privileged Threat Analytics (PTA) solution, and it is a complete standalone solution, but they will be integrating it into the vault and into the PVWA. So, we will have that singular place to see everything, which for us is great because it's one less thing to log into and one less thing that you feel like you have to jump over to get a piece of information. Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together. View full review »
Information security engineer/ business owner
We had an issue with the Copy feature. Of course when we do the password rotation we restrict users' ability to show a copy of their passwords for some cases, and in other cases they actually need that ability, but we would prefer them to copy to the clipboard and then paste it where it needs to go - as opposed to showing and it typing it somewhere and you have the whole pass the hash situation going. But apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it. Then there is the failed authentication now. I don't know if that was a glitch or if that was an update, because I know sometimes you don't really want to tell a person when their account has been suspended because if I'm a hacker, maybe I'm just thinking I have the wrong password. When the account is locked you don't actually want them to know the account is suspended. However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up. So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended," because normally we would be told that the account is suspended. They would take a screenshot of the error and it would say, 'Hey, user is suspended, station is suspended for user so-and-so." It doesn't say that anymore. So now it just says "Failed authentication." And that could be because they might not be in the right groups in Active Directory, they might not have RSA. It could be so many different things, where before, they would be able to say, "Yeah, I'm suspended." And we could say, "Okay, we can fix that in two minutes." We just log in to PrivateArk and enable your account and you're fine. Now we're saying, "Maybe we should check PrivateArk first, just in case," to make sure you're not suspended. It's going to be a whole rabbit hole that we fall into, simply because we're not given that information upfront. In terms of future releases, I would love to be a partner again and get a temporary license that I can put back in my home lab because my license expired. I would like to play with 10.4. I want to see it and feel it out and see if I can break it because my rule of thumb is, if I can break it, I can fix it. That is one of the things I like about CyberArk, especially over CA PAM, because with CA PAM you get no view into the back-end on how it's configured and how it's built and how it works. With CyberArk, they literally give you everything you need and say, "Hey, this is your puppy. Raise it how you want." You get to see the programming and you get to configure and everything. I've broken several environments, but I'm pretty good at fixing them now because I know how I broke them. View full review »
Find out what your peers are saying about CyberArk, BeyondTrust, CA (A Broadcom Company) and others in Privileged Access Management. Updated: September 2019.
371,062 professionals have used our research since 2012.
Rahsaan Knights
Information Security Analyst III at a healthcare company with 10,001+ employees
I want some of the things which are glitching out there for me to be fixed. I have heard that there is something in the works, that they will be putting a feature in the help desk where they will have a message board now. So, I could communicate with other people who are having the same problems and pull their issues, this way I don't have to bother support all the time. Also, people can vote. They can vote on the most important issues, and CyberArk will prioritize them next, really listening to the customer. That is pretty cool. One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening. However, they are coming close to a solution. It has been an issue for a while. I heard that this is one of the top priorities that they're working on. View full review »
Senior server administrator at a financial services firm with 1,001-5,000 employees
My list of enhancement requests on the portal is quite extensive. My goal as a system administrator is to enable people to do their jobs more easily, more efficiently. So, I'm looking for ways to enable people to leverage the security posture in CyberArk, and still be able to do their jobs. Better yet, to be able to do their jobs more easily, and that's exactly what I've been finding. There are a lot of ways that CyberArk is able to be used to give people access to things that they normally wouldn't be able to access, in a secure fashion, but there are still some roadblocks in the way there. I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides. View full review »
Sack Pephirom
Senior Security Engineer at a financial services firm with 1,001-5,000 employees
There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution. The new PVWA is great. I actually saw some of the newer functionalities, and the look and feel looks great so far. It is just a matter of getting us there. We need to be able to upgrade the environment. They have been able to get the functionalities I was looking for on some of the latest releases. View full review »
IT Security Analyst at a mining and metals company with 10,001+ employees
It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile. There are competitors that have mobile apps which do the same thing. Mobile browsing is just not there with CyberArk. This might be out of scope for CyberArk, but LastPass is an example of personal credential management. It would be cool if we could give personalized solutions to people, even if it is stored in the cloud. We have an enterprise solution, but we don't have a personalized one. It would be nice to have it all under one umbrella. View full review »
CyberArk Consultant at a hospitality company with 10,001+ employees
As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel. View full review »
Associate Vice President & Head of Apps Support at a tech services company with 10,001+ employees
I think that the connectors, the integration pieces, the integration to ticketing system. This is something which is not meeting our requirements via out-of-the-box solutions, so we have to look for a customized solution, that could be improved. Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server. Additional features: We are looking at the connectors. The connectors to be more robust and provide more flexibility for out-of-the-box implication. View full review »
Je’rid Mccormick
Associate Engineer I at a insurance company with 5,001-10,000 employees
More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet. I would like to see that to be more of a one-on-one transition, and be fully built. View full review »
Master software engineer at a financial services firm with 10,001+ employees
I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine. Then you could go back in through your native clients and connect to that machine. Also, to have that built out to include not just Unix targets but anything you'd want to connect to. View full review »
Identity and Access Management Engineer at a energy/utilities company with 10,001+ employees
Some of the additional features that we are looking at are in the Conjur product. So, CyberArk has some of the features we want covered either by utilizing Conjur's features or by integrating Conjur directing into the CyberArk tool. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines. View full review »
Director Information Security at a insurance company with 501-1,000 employees
Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up. View full review »
Eli Galindo
Data Security Analyst II at a financial services firm with 5,001-10,000 employees
One of the main things that could be improved would be filtering accounts on the main page and increasing the functionality of the filters. There are some filters on the side which are very specific, but I feel there could be more. For example, I want to look at accounts which are not working within a specific safe all at the same time. View full review »
Principal entity management engineer at a retailer with 10,001+ employees
I think it pretty much covers a lot of the privileged identity space, things that other vendors are not thinking about. I think they are doing a very good job. I don't have any suggestions. View full review »
Rodney Dapilmoto
Systems Admin Analyst 3 at CPS Energy
I would like to see a product enhancement with the Secure Connect feature. Today, there is no functionality to create "Accounts" using Secure Connect to permanently store a user's working tab. It is a tedious manual process of entering host IP information and user credentials to a privileged target system. Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use. It’s a manual process of entering information all the time. Unless, you are working with accounts already stored in “Safes”. View full review »
Song Ye
Senior System Engineer at a transportation company with 10,001+ employees
I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy. Even with exporting and importing, this will help. View full review »
Technical consultant at a healthcare company with 1,001-5,000 employees
CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well. View full review »
IT Security at a manufacturing company with 10,001+ employees
PSM: I am going to go back to my company and push for it a little bit more within our groups, because I know that my counterpart has brought it up a number of times in the past. It has been getting blocked, but I have a couple of other paths that we can pursue so we can try to get it, at least, in our infrastructure and tested. View full review »
Stephen Brittain
Security Analyst at a insurance company with 1,001-5,000 employees
We would like to expand the usage of the auto discovery accounts feed, then on our end, tie in the REST API for automation. View full review »
IT Security Specialist I at a healthcare company with 1,001-5,000 employees
The interface on version 9 looks old. I am excited for version 10 because of the interface and design are good, and it is easier to use. View full review »
User at a comms service provider with 10,001+ employees
We are aware that in 10.6, the "just in time" access has been created. I would like to see this developed further. View full review »
Senior Associate at a consultancy with 10,001+ employees
There was a functionality of the solution that was missing. I had noticed it in BeyondTrust, but not in this solution. But, recently they have incorporated something similar. View full review »
Dan Hines
Senior Technologist at a retailer with 1,001-5,000 employees
Make it easier to deploy. In 10.4, we did it with the cloud and could actually script the installs. View full review »
Technical Director at Unique Performance Techsoft Pvt Ltd
This product needs professional consulting services to onboard accounts effectively based user profiles. View full review »
Kevin Elwell
Security Analyst at a retailer with 10,001+ employees
I like that they have continued with the RESTful API and the ability to leverage automation. I would like to see that continue. I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool. View full review »
Ashish Pandey
Technical Manager at a tech services company with 10,001+ employees
The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs. View full review »
Information Security Engineer at a international affairs institute with 1,001-5,000 employees
The AIM providers registration process could be easier and could allow re-registration. Also, some sort of policies for assigning access rights and safe ownership would be useful for deployment automation. We're seeing difficulties with hosts requiring 2FA, and we need to better cover them with PSM and PSMP. View full review »
Lead Consultant at a tech services company with 10,001+ employees
From what I see, like the out of the box password management features, or you can pay the tax forms, which I will write log, can become extensive. For example, we have right now 45 to 50 platforms to tell that were out of the box, like Cyber Optics 200 out of the box connectors, so if we can just put those also into out of the box so that the pros do not have to retell everything to what they think the comp manager of Cyber Optics representative. Apart from that, if we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature. View full review »
Principal Consultant, IAM Projects at a tech services company with 201-500 employees
The usual workload on the system is sometimes delayed by CyberArk. So, any major work is getting delayed, and may take twice the amount of time that it usually does. For instance, if there's a password change of an account it will take time because you have to log in, then authenticate, and this is followed by delays. It becomes cumbersome and frustrating. View full review »
Jack Gammon
Security Analyst at a financial services firm with 5,001-10,000 employees
The web access piece needs improvement. We have version 9.5 or 9.9.5, and now we have to upgrade to version 10. View full review »
Je’rid Mccormick
Associate Engineer I at a insurance company with 5,001-10,000 employees
* More functions could be added to the REST API feature. * The ability to list all users and list providers would be helpful. View full review »
IT Support Specialist / Project Lead at a energy/utilities company with 10,001+ employees
Better search functionality in the EPM console. It becomes difficult to search lengthy policies for specific items. Additionally, some of the windows sizes cannot be manipulated to allow a better user experience. View full review »
Senior Manager - Privileged Access Management at a tech services company with 10,001+ employees
Multi-tenancy vaults should really have the same release cycle as single tenancy vaults; this will enable us to meet even more customer demand. We are striving to be at least on the latest release minus 1 (n-1) and for us to run both Single and Multi-Tenant core systems the difference in release cycles will result in a wide gap. Considering the considerable changes including user interface we have seen recently, the one concern is that we may end up with users having different interfaces to deal with different customers. View full review »
Senior IT Security Engineer at a insurance company with 5,001-10,000 employees
A greater number of out-of-the-box integrations with other vendors: They are working on it, but more is better! View full review »
José Luis Llorente Rey
Senior Specialist Identity System Support at a consultancy with 10,001+ employees
* We would like to have more flexibility in the RBAC model and have more options to define who should have access to what, not only based on safe membership. * In addition, the user interface could be improved. When a team manages thousands of accounts, advanced filters are very valuable to search the accounts. View full review »
Senior Consultant at a tech services company with 5,001-10,000 employees
Perhaps by design, but it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs. View full review »
Snr Technical Consultant at a tech services company with 10,001+ employees
Privileged Threat Analytics (PTA) that can function in more that one AD domain at a time. The recent enhancement that allows resilience in PTA is great, but operation in more than one domain is required as many organizations have multiple AD domains. Even if it’s just prod and test or PPE split, you still want to know what’s going on in it. View full review »
Gautam Mishra
IT Analyst at a tech services company with 10,001+ employees
We have found with the recent upgrade a lot of issues we had with the connection have been resolved. View full review »
CyberArk Consultant at a hospitality company with 10,001+ employees
* The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots. * New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections. * Online help also needs to be looked into with live agent support. View full review »
Sumit Batabyal
Security Team Lead at a tech services company with 10,001+ employees
Over the past seven years, I have seen a lot of ups and downs with the product, but now I am happy with the version that we are using now. View full review »
User with 10,001+ employees
The product should be improved in order to support more platforms. It will be awesome if google cloud API keys are being supported like AWS and Azure. View full review »
Todd Sherwin, CISSP
Senior Consultant - Information Security Engineering at a financial services firm with 10,001+ employees
While in the past, administration required several tools and multiple screens/options in those products, v10 is moving towards a single pane of glass with common functions easily found and information regarding privileged accounts given to users in plain, easy to understand terms, now enhanced with graphics. View full review »
Vice President - Cyber Security at a tech services company with 10,001+ employees
One limitation is that we are not able to put this into a decentralized mode. View full review »
Justin Williams
Princ. Info Security Analyst at a insurance company with 10,001+ employees
Overall, I think it is a fantastic product, when used as designed and intended. One of its biggest downfalls is also one of its biggest strengths. It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill. View full review »
John Lawren James
Global Privilege Access Management Technical Architect at a consultancy with 10,001+ employees
The current user interface is a little dated. However, I hear there are changes coming in the next version. There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself. View full review »
Identity and Access Management Analyst at a financial services firm with 1,001-5,000 employees
As we have not yet moved to the core licensing model, we don't have the benefit of PSM and a few other things that were not previously included. View full review »
User at a financial services firm with 10,001+ employees
Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product. View full review »
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Functionality to enable drive mappings to platforms and default connectors without the need to use AutoIt. View full review »
Eric Vanatta
Identity and Access Management System Administrator Sr. at a financial services firm with 1,001-5,000 employees
Areas the product could be improved are in some of the reporting capabilities and how the reports are configured. View full review »
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
The native PSM components are really good, however, if you have to apply environmental tweaks to an application launch, custom AutoIt scripts are needed. Options for specifying drive mappings or script execution without the need for AutoIt based scripting in the native components would be good. View full review »
Find out what your peers are saying about CyberArk, BeyondTrust, CA (A Broadcom Company) and others in Privileged Access Management. Updated: September 2019.
371,062 professionals have used our research since 2012.
Sign Up with Email