CyberArk PAS Room for Improvement

Core Analyst/ Server Admin at a comms service provider with 1,001-5,000 employees
Things that they were speaking about, here at the Impact 2018 conference, are things that we've already been looking it. They have been on our radar, things like OPM. We're beginning to use PSMP a little bit ourselves. We already have that implemented, but we haven't been using it a lot. The number one thing might be OPM, that we're looking at, that we think might help us in our business, but we haven't implemented them yet. There are so many options that are currently available, and there are already efforts, projects within CyberArk, that they're working on right now, that I haven't really had time to think beyond what they're already offering. There are so many things that they have that we're not using yet, that we haven't licensed yet. There is a lot of stuff out there that we could take on that we haven't yet for various reasons, including budgeting. It's always the need to do a cost-benefit and then doing a business case to management and convincing them that it's something that would be good for us and that it's worth spending the money on. Right now, it's just trying to implement what's out there and use some of those tools that would give us the most bang for the buck. View full review »
Security Architect at a healthcare company with 10,001+ employees
One of the things that I have been wanting is that we use the Privileged Threat Analytics (PTA) solution, and it is a complete standalone solution, but they will be integrating it into the vault and into the PVWA. So, we will have that singular place to see everything, which for us is great because it's one less thing to log into and one less thing that you feel like you have to jump over to get a piece of information. Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together. View full review »
Information security engineer/ business owner
We had an issue with the Copy feature. Of course when we do the password rotation we restrict users' ability to show a copy of their passwords for some cases, and in other cases they actually need that ability, but we would prefer them to copy to the clipboard and then paste it where it needs to go - as opposed to showing and it typing it somewhere and you have the whole pass the hash situation going. But apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it. Then there is the failed authentication now. I don't know if that was a glitch or if that was an update, because I know sometimes you don't really want to tell a person when their account has been suspended because if I'm a hacker, maybe I'm just thinking I have the wrong password. When the account is locked you don't actually want them to know the account is suspended. However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up. So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended," because normally we would be told that the account is suspended. They would take a screenshot of the error and it would say, 'Hey, user is suspended, station is suspended for user so-and-so." It doesn't say that anymore. So now it just says "Failed authentication." And that could be because they might not be in the right groups in Active Directory, they might not have RSA. It could be so many different things, where before, they would be able to say, "Yeah, I'm suspended." And we could say, "Okay, we can fix that in two minutes." We just log in to PrivateArk and enable your account and you're fine. Now we're saying, "Maybe we should check PrivateArk first, just in case," to make sure you're not suspended. It's going to be a whole rabbit hole that we fall into, simply because we're not given that information upfront. In terms of future releases, I would love to be a partner again and get a temporary license that I can put back in my home lab because my license expired. I would like to play with 10.4. I want to see it and feel it out and see if I can break it because my rule of thumb is, if I can break it, I can fix it. That is one of the things I like about CyberArk, especially over CA PAM, because with CA PAM you get no view into the back-end on how it's configured and how it's built and how it works. With CyberArk, they literally give you everything you need and say, "Hey, this is your puppy. Raise it how you want." You get to see the programming and you get to configure and everything. I've broken several environments, but I'm pretty good at fixing them now because I know how I broke them. View full review »
Learn what your peers think about CyberArk PAS. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
426,653 professionals have used our research since 2012.
Founder at GoTab IT Risk Services
CyberArk has captured the individual privileged access space well. They've captured the application-to-application and DEVOPS space quite well.. They should continue to invest in optimizing the services, and help companies drive down risk associated with application based passwords, as this is an industry that is being closely watched by external regulators. CyberArk continues to stay close to the industry and are always looking for ways to improve their products and service offerings accordingly. There are 3 areas that I would call out, that CyberArk should continue to focus on: 1) Continue to help organizations understand how they align their strategies and roadmaps to industry trends and the overall cybersecurity threat landscape. 2) Continue to help the industry innovate on talent , and position customers to be more successful in supporting their CyberArk implementations. 3) Continue to help customers understand the Risk reduction capabilities and scorecards associated with their deployments. Initiatives like the CyberArk Blueprint will help enable enable informed customers. View full review »
Corporate Vice President at a insurance company with 10,001+ employees
We work with CyberArk's customer success team and we work with its engineering team back in Israel. We've been doing things on CyberArk which a lot of its customers, we know, have not been doing. The one place where we found that this product really needs to improve is the cloud. Simple integrations don't exist, even today. We don't have anything specific on CyberArk for managing, SaaS products, SaaS vendors, SaaS credentials. I understand it's a vendor-based thing and that they have to coordinate with the other vendors to be able to do that, and there are integrations coming, but these are the major places where CyberArk definitely needs to invest some more time. Because this is what the future is. You're not going to have a lot of on-prem applications. Most stuff is going to the cloud. View full review »
Rahsaan Knights
Information Security Analyst III at a healthcare company with 10,001+ employees
I want some of the things which are glitching out there for me to be fixed. I have heard that there is something in the works, that they will be putting a feature in the help desk where they will have a message board now. So, I could communicate with other people who are having the same problems and pull their issues, this way I don't have to bother support all the time. Also, people can vote. They can vote on the most important issues, and CyberArk will prioritize them next, really listening to the customer. That is pretty cool. One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening. However, they are coming close to a solution. It has been an issue for a while. I heard that this is one of the top priorities that they're working on. View full review »
Associate Director of IAM at INTL FCStone Inc.
We're pretty excited about Alero, the third-party access management. As a small company we lean on vendors quite a bit and we do that in multiple areas. That's going to be a big one for us. It's just gone from beta to production. It's one of those things that's on our roadmap, but being so new to the toolset, we're just growing into the tool. We're not quite there yet. View full review »
Senior server administrator at a financial services firm with 1,001-5,000 employees
My list of enhancement requests on the portal is quite extensive. My goal as a system administrator is to enable people to do their jobs more easily, more efficiently. So, I'm looking for ways to enable people to leverage the security posture in CyberArk, and still be able to do their jobs. Better yet, to be able to do their jobs more easily, and that's exactly what I've been finding. There are a lot of ways that CyberArk is able to be used to give people access to things that they normally wouldn't be able to access, in a secure fashion, but there are still some roadblocks in the way there. I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides. View full review »
Sack Pephirom
Senior Security Engineer at a financial services firm with 1,001-5,000 employees
There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution. The new PVWA is great. I actually saw some of the newer functionalities, and the look and feel looks great so far. It is just a matter of getting us there. We need to be able to upgrade the environment. They have been able to get the functionalities I was looking for on some of the latest releases. View full review »
IT Security Analyst at a mining and metals company with 10,001+ employees
It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile. There are competitors that have mobile apps which do the same thing. Mobile browsing is just not there with CyberArk. This might be out of scope for CyberArk, but LastPass is an example of personal credential management. It would be cool if we could give personalized solutions to people, even if it is stored in the cloud. We have an enterprise solution, but we don't have a personalized one. It would be nice to have it all under one umbrella. View full review »
CyberArk Consultant at a hospitality company with 10,001+ employees
As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel. View full review »
Associate Vice President & Head of Apps Support at a tech services company with 10,001+ employees
I think that the connectors, the integration pieces, the integration to ticketing system. This is something which is not meeting our requirements via out-of-the-box solutions, so we have to look for a customized solution, that could be improved. Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server. Additional features: We are looking at the connectors. The connectors to be more robust and provide more flexibility for out-of-the-box implication. View full review »
Je’rid Mccormick
Associate Engineer I at COUNTRY Financial
More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet. I would like to see that to be more of a one-on-one transition, and be fully built. View full review »
Master software engineer at a financial services firm with 10,001+ employees
I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine. Then you could go back in through your native clients and connect to that machine. Also, to have that built out to include not just Unix targets but anything you'd want to connect to. View full review »
Identity and Access Management Engineer at a energy/utilities company with 10,001+ employees
Some of the additional features that we are looking at are in the Conjur product. So, CyberArk has some of the features we want covered either by utilizing Conjur's features or by integrating Conjur directing into the CyberArk tool. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines. View full review »
Director Information Security at a insurance company with 501-1,000 employees
Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up. View full review »
Cyber Security Manager at a hospitality company with 10,001+ employees
The user interface was a previous problem that has been overcome. View full review »
Eve Pasqua
Threat Protection Architect at a financial services firm with 1,001-5,000 employees
CyberArk lacks the following functions for a better IAM like solution: - Provision accounts for systems and directories. - Create access to the systems. - Monitor if any new account has been created into the system. - Better GUI for the end-user and also for administrators. The learning curve is quite long and requires lots of training for good usage. - More automated process for account provisioning into CyberArk. For example when a new DB is created. - Better documentation with more examples for the configuration files and API/REST integration. View full review »
Eli Galindo
Data Security Analyst II at a financial services firm with 5,001-10,000 employees
One of the main things that could be improved would be filtering accounts on the main page and increasing the functionality of the filters. There are some filters on the side which are very specific, but I feel there could be more. For example, I want to look at accounts which are not working within a specific safe all at the same time. View full review »
Principal entity management engineer at a retailer with 10,001+ employees
I think it pretty much covers a lot of the privileged identity space, things that other vendors are not thinking about. I think they are doing a very good job. I don't have any suggestions. View full review »
Rodney Dapilmoto
Systems Admin Analyst 3 at CPS Energy
I would like to see a product enhancement with the Secure Connect feature. Today, there is no functionality to create "Accounts" using Secure Connect to permanently store a user's working tab. It is a tedious manual process of entering host IP information and user credentials to a privileged target system. Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use. It’s a manual process of entering information all the time. Unless, you are working with accounts already stored in “Safes”. View full review »
Technical consultant at a healthcare company with 1,001-5,000 employees
CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well. View full review »
Song Ye
Senior System Engineer at a transportation company with 10,001+ employees
I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy. Even with exporting and importing, this will help. View full review »
IT Security at a manufacturing company with 10,001+ employees
PSM: I am going to go back to my company and push for it a little bit more within our groups, because I know that my counterpart has brought it up a number of times in the past. It has been getting blocked, but I have a couple of other paths that we can pursue so we can try to get it, at least, in our infrastructure and tested. View full review »
Stephen Brittain
Security Analyst at a insurance company with 1,001-5,000 employees
We would like to expand the usage of the auto discovery accounts feed, then on our end, tie in the REST API for automation. View full review »
IT Security Specialist I at a healthcare company with 1,001-5,000 employees
The interface on version 9 looks old. I am excited for version 10 because of the interface and design are good, and it is easier to use. View full review »
User at Liberty Global
We are aware that in 10.6, the "just in time" access has been created. I would like to see this developed further. View full review »
Senior Associate at a consultancy with 10,001+ employees
There was a functionality of the solution that was missing. I had noticed it in BeyondTrust, but not in this solution. But, recently they have incorporated something similar. View full review »
Dan Hines
Senior Technologist at a retailer with 1,001-5,000 employees
Make it easier to deploy. In 10.4, we did it with the cloud and could actually script the installs. View full review »
Kevin Elwell
Security Analyst at a retailer with 10,001+ employees
I like that they have continued with the RESTful API and the ability to leverage automation. I would like to see that continue. I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool. View full review »
Ashish Pandey
Technical Manager at a tech services company with 10,001+ employees
The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs. View full review »
Information Security Engineer at a international affairs institute with 1,001-5,000 employees
The AIM providers registration process could be easier and could allow re-registration. Also, some sort of policies for assigning access rights and safe ownership would be useful for deployment automation. We're seeing difficulties with hosts requiring 2FA, and we need to better cover them with PSM and PSMP. View full review »
Lead Consultant at a tech services company with 10,001+ employees
From what I see, like the out of the box password management features, or you can pay the tax forms, which I will write log, can become extensive. For example, we have right now 45 to 50 platforms to tell that were out of the box, like Cyber Optics 200 out of the box connectors, so if we can just put those also into out of the box so that the pros do not have to retell everything to what they think the comp manager of Cyber Optics representative. Apart from that, if we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature. View full review »
Principal Consultant, IAM Projects at a tech services company with 201-500 employees
The usual workload on the system is sometimes delayed by CyberArk. So, any major work is getting delayed, and may take twice the amount of time that it usually does. For instance, if there's a password change of an account it will take time because you have to log in, then authenticate, and this is followed by delays. It becomes cumbersome and frustrating. View full review »
Jack Gammon
Security Analyst at a financial services firm with 5,001-10,000 employees
The web access piece needs improvement. We have version 9.5 or 9.9.5, and now we have to upgrade to version 10. View full review »
IT Support Specialist / Project Lead at a energy/utilities company with 10,001+ employees
Better search functionality in the EPM console. It becomes difficult to search lengthy policies for specific items. Additionally, some of the windows sizes cannot be manipulated to allow a better user experience. View full review »
Je’rid Mccormick
Associate Engineer I at COUNTRY Financial
* More functions could be added to the REST API feature. * The ability to list all users and list providers would be helpful. View full review »
Senior Manager - Privileged Access Management at a tech services company with 10,001+ employees
Multi-tenancy vaults should really have the same release cycle as single tenancy vaults; this will enable us to meet even more customer demand. We are striving to be at least on the latest release minus 1 (n-1) and for us to run both Single and Multi-Tenant core systems the difference in release cycles will result in a wide gap. Considering the considerable changes including user interface we have seen recently, the one concern is that we may end up with users having different interfaces to deal with different customers. View full review »
Senior IT Security Engineer at a insurance company with 5,001-10,000 employees
A greater number of out-of-the-box integrations with other vendors: They are working on it, but more is better! View full review »
Snr Technical Consultant at a tech services company with 10,001+ employees
Privileged Threat Analytics (PTA) that can function in more that one AD domain at a time. The recent enhancement that allows resilience in PTA is great, but operation in more than one domain is required as many organizations have multiple AD domains. Even if it’s just prod and test or PPE split, you still want to know what’s going on in it. View full review »
José Luis Llorente Rey
Senior Specialist Identity System Support at Roche
* We would like to have more flexibility in the RBAC model and have more options to define who should have access to what, not only based on safe membership. * In addition, the user interface could be improved. When a team manages thousands of accounts, advanced filters are very valuable to search the accounts. View full review »
Gautam Mishra
IT Analyst at a tech services company with 10,001+ employees
We have found with the recent upgrade a lot of issues we had with the connection have been resolved. View full review »
Sumit Batabyal
Security Team Lead at a tech services company with 10,001+ employees
Over the past seven years, I have seen a lot of ups and downs with the product, but now I am happy with the version that we are using now. View full review »
User with 10,001+ employees
The product should be improved in order to support more platforms. It will be awesome if google cloud API keys are being supported like AWS and Azure. View full review »
Vice President - Cyber Security at a tech services company with 10,001+ employees
One limitation is that we are not able to put this into a decentralized mode. View full review »
Identity and Access Management Analyst at a financial services firm with 1,001-5,000 employees
As we have not yet moved to the core licensing model, we don't have the benefit of PSM and a few other things that were not previously included. View full review »
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Functionality to enable drive mappings to platforms and default connectors without the need to use AutoIt. View full review »
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
The native PSM components are really good, however, if you have to apply environmental tweaks to an application launch, custom AutoIt scripts are needed. Options for specifying drive mappings or script execution without the need for AutoIt based scripting in the native components would be good. View full review »
Learn what your peers think about CyberArk PAS. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
426,653 professionals have used our research since 2012.