CyberArk PAS Valuable Features

Core Analyst/ Server Admin at a comms service provider with 1,001-5,000 employees
The basic features are, themselves, highly useful. I was just saying to some CyberArk people that I came to understand fairly early on that CyberArk is not just an IT security or cybersecurity tool. It's also an administrator tool. I had a fair number of systems where the passwords were not fully managed by CyberArk yet, and they were expiring every 30 or 45 days. I was able to get management turned on for those accounts. From an administrator perspective, I didn't have to go back into those systems and manually change those passwords anymore. CyberArk was taking that administrator task away from me and handling it, so it lightened the load on our administrative work. It is a good security tool, but it's also a great administrator tool in that respect. View full review »
Security Architect at a healthcare company with 10,001+ employees
It has an automatic password rotation. We have so many accounts, and being such a large organization, it helps take a lot of maintenance off of our plates, as well as automating a lot of those features to help increase our security. Having this automation in place, it has really been beneficial for us. We do use their AIM solution for application credentials. View full review »
Information security engineer/ business owner
I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes which can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors. And then, of course, the users have the ability to rotate those passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically. PSM is pretty cool, but my favorite part is I get to secure your passwords that you get to use either with or without PSM. View full review »
Learn what your peers think about CyberArk PAS. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
426,653 professionals have used our research since 2012.
Founder at GoTab IT Risk Services
The most valuable features are its simplicity and the ease of implementation. When you think about privileged access management and the complexity of solving privileged access for those system administrators in your organization, CyberArk is a product that helps you simplify that problem and implement a standard set of security controls to protect the enterprise. In terms of the products ability to manage Privileged Access control requirements at scale; scale is really a function of two influences, which would either be the size of your infrastructure, or the complexity of your organizations operating model for those that have privileged access to your infrastructure services. CyberArk scales quite readily across a large organization and through proper design and engineering is capable of expanding across a variety of use cases. Like any technology control implementation however, it is always important to ensure you review and optimize the organizations support operating model, in order to ensure that you have the most optimal design and implementation of CyberArk. View full review »
Corporate Vice President at a insurance company with 10,001+ employees
PSM has been one of the most valuable features. We started on this journey a while back. Initially, when we did not have PSM, we started with AIM and that was our first use case. But an audit came along and we had to go towards something a little bit better and we had to migrate more applications. PSM came along and did exactly what we needed it to do. To take care of all the deficiencies that we had, PSM was the right thing to do. View full review »
Rahsaan Knights
Information Security Analyst III at a healthcare company with 10,001+ employees
* I love the interface because it is colorful, easy to read, easy to see, and how easy it is to make policies. * I love how we can make a policy that affects everybody instantly, which is great. * I love the reporting features, so it is easy to see what we did. I love the product overall, because it is great. View full review »
Associate Director of IAM at INTL FCStone Inc.
Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control. We're quite new with CyberArk. We've just installed it this past summer and we've taken off with the Microsoft tier model. Tier 0 is our domain admin accounts and our local admin accounts on some applications are specific to SOX requirements. That's been amazing. It's basic-use PAM, but it's been really fast and easy because of the DNA scan. We knew what was there and we were able to go find who owned those accounts. Step one, step two, step three are really easy. View full review »
Senior server administrator at a financial services firm with 1,001-5,000 employees
Number one would be the company, CyberArk, itself. The support, the ongoing assistance that is there, the ongoing ideas that are out there from champions, and from the other community forums that are out there, is just phenomenal. View full review »
Sack Pephirom
Senior Security Engineer at a financial services firm with 1,001-5,000 employees
* Ability to do workflow. * Allows users to self-provision access to the accounts that they need. View full review »
IT Security Analyst at a mining and metals company with 10,001+ employees
The support is good and quick. This is what we are paying for. We can try to implement something on our own end. However, when we need immediate support, because something is down, we usually get it within acceptable time frames. View full review »
CyberArk Consultant at a hospitality company with 10,001+ employees
The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself. View full review »
Associate Vice President & Head of Apps Support at a tech services company with 10,001+ employees
The features that we find most valuable are: * Enterprise Password Vault * Privilege Session Manager * Application Manager * Team Manager These modules help us in locking down the credentials, rotating passwords automatically without us having to worry about it, isolation of servers from the user machine and availability of privileged session recordings for us to check on demand. View full review »
Je’rid Mccormick
Associate Engineer I at COUNTRY Financial
The most valuable would be the REST API on top of PTA, which we do not have installed yet, but we are looking to install it moving forward in the future. What it enables us to do is if someone takes a privileged account and logs into a machine that we do not know about, it will alert us and log that they have logged in. It allows us to take that identify back and rotate the credentials, so we now own it instead of the intruder going out and using a rogue account. View full review »
Master software engineer at a financial services firm with 10,001+ employees
Credential rotation. It's tops. View full review »
Identity and Access Management Engineer at a energy/utilities company with 10,001+ employees
The most valuable features would be: * Ease of installation * Support for every use case that we have come across. * Application credentials: We have been able to manage them in CyberArk, whether they come as a custom plugin or straight out-of-the-box. View full review »
Director Information Security at a insurance company with 501-1,000 employees
The auditing and recording are incredible. Also, we have started using the AIM product to get rid of embedded passwords. View full review »
Cyber Security Manager at a hospitality company with 10,001+ employees
I like how thorough and complex it is. We have a solution, and it meets the needs that we need. The most recent improvement with the user interface upgrade was really nice. It makes the end users very happy. It is way more intuitive. The information that they need to have is now available to them. So, I appreciate that as an update. View full review »
Eve Pasqua
Threat Protection Architect at a financial services firm with 1,001-5,000 employees
In order to reduce the attack surface, the automated password change was pushed to the maximum. This way we know that no password is known or not for more than eight hours. It simplified the life of the operational teams because they do not need to take care of the secrets and keep their attention to maintain the infrastructure. What also helped is the ability to constantly track who accessed which object. We took the opportunity to change our process in order to comply it. Now the activities can be done faster with better user experience. View full review »
Eli Galindo
Data Security Analyst II at a financial services firm with 5,001-10,000 employees
The central password manager is the most valuable feature because the password is constantly changing. If an outsider threat came in and gained access to one of those passwords, they would not have access for long. That is critical and very important for the stability of our company. View full review »
Principal entity management engineer at a retailer with 10,001+ employees
We are using the VSM proxy solution. That's what we are mainly using. We will try to use the PTA and AIM in the future. View full review »
Rodney Dapilmoto
Systems Admin Analyst 3 at CPS Energy
The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task. Using the PSMP (Privileged Session Manager Proxy) makes it extremely convenient for UNIX Administrators to utilize their favorite SSH client software (i.e. SecureCRT or Putty) to connect to a privileged target without having to go through the PVWA web login. View full review »
Technical consultant at a healthcare company with 1,001-5,000 employees
The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization. View full review »
Song Ye
Senior System Engineer at a transportation company with 10,001+ employees
IT Security at a manufacturing company with 10,001+ employees
Being able to automatically change usages, whenever the password is reconciled. However, we still have to educate the user community, because not all our users enter the usages. View full review »
Stephen Brittain
Security Analyst at a insurance company with 1,001-5,000 employees
* Scalability * Stability * Usability We are able to centrally manage credentials, touch applications, and rotate passwords. I have some experience with the generator utility plugin. Although, we did plugins prior to the generator, manually installing them working with support. I do like the interface with the generator utility plugin, as it is very handy. View full review »
IT Security Specialist I at a healthcare company with 1,001-5,000 employees
I feel like I love EPM more because it is a pretty sleek tool. I like how it manages everyone's accounts. It removes all the local admin accounts, and I like that part about EPM. You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily. View full review »
User at Liberty Global
The two main features are the CPM and the PSM. This is to make sure that the credentials are managed in a controlled manner and the sessions that are launched are set up in an isolated way. View full review »
Senior Associate at a consultancy with 10,001+ employees
The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out. It also provides flexibility and a comprehensive reporting. In terms of reporting, it can pull up to three types of reports and you can do some Excel work on those. Then, you will be able to find information that you were looking for. It is is the reporting by-laws, as well. Apart from this, it also has a lot of advanced components. It can extend the picture at the end of the productive scope. View full review »
Dan Hines
Senior Technologist at a retailer with 1,001-5,000 employees
We are able to know who is accessing what and when; having accountability. That is the big thing. View full review »
Kevin Elwell
Security Analyst at a retailer with 10,001+ employees
The most valuable feature is the ability to manage many accounts and broker connections between devices without needing to know passwords. It is a customizable product. View full review »
Systems Admin II at a transportation company with 5,001-10,000 employees
We are able to rotate credentials and have privileged account access. View full review »
Ashish Pandey
Technical Manager at a tech services company with 10,001+ employees
The password reconciliation and its limitation with respect to access in target servers along with the end users apart from the import, which is already available. This helps our customers in their software requirement imports. View full review »
Information Security Engineer at a international affairs institute with 1,001-5,000 employees
The most valuable features for us are the AIM and PSM because they helped us by reducing the number of secrets floating around. View full review »
Lead Consultant at a tech services company with 10,001+ employees
I really like the PTA (Privileged Threat Analytics). I find this the best feature. View full review »
Principal Consultant, IAM Projects at a tech services company with 201-500 employees
I find the threat analytics is an important feature. CyberArk can look at the log details, and analyze who is using the applications, which are their locations, and which are the IP locations from which they are accessing. This enables the solution to find the exact location the threat is emanating from. We really value this feature. View full review »
Jack Gammon
Security Analyst at a financial services firm with 5,001-10,000 employees
We are able to rotate privileged user passwords to eliminate fraudulent use. View full review »
IT Support Specialist / Project Lead at a energy/utilities company with 10,001+ employees
* The visibility of what is being run and control of those applications. * Limiting the unnecessary application users think they need, and producing security vulnerabilities. View full review »
Je’rid Mccormick
Associate Engineer I at COUNTRY Financial
AIM has been a great help in automating password retrieval which removes the need for hard-coded credentials. Hard-coded credentials are a risk to organizations as they are easy for attackers to target. Therefore less hard-coded credentials increase the security stance of the enterprise. View full review »
Senior Manager - Privileged Access Management at a tech services company with 10,001+ employees
Shared-service accounts reducing the number of potential entry points as well as the ability to standardise our PAM across a diverse estate. View full review »
Senior IT Security Engineer at a insurance company with 5,001-10,000 employees
The vaulting technology as well as the privileged session management: Having the vaulting tech ensures that the credentials are secure, and PSM ensures that the end user can perform needed tasks without knowing or needing the credentials. View full review »
Snr Technical Consultant at a tech services company with 10,001+ employees
Reducing the number of “admin” accounts by utilizing accounts that can be used by individuals with the same role, but only one at a time. When the accounts have been used, its password is changed (to something a user would have had to write down) before being made available for reuse. The passwords which are hidden from the users are not known, and thus can be long and complex, while only being used for a session before being changed. View full review »
José Luis Llorente Rey
Senior Specialist Identity System Support at Roche
* Master policy: allows us to establish a security baseline for our privileged accounts. * CPM: allows us to rotate passwords following the policy defined. * PSM: allows us to provide isolated sessions to the customer with additional controls (real-time monitoring, session isolation, and session recording). View full review »
Gautam Mishra
IT Analyst at a tech services company with 10,001+ employees
We can be connected to the target system and the PSM component comes into play. In addition, a true asset is the recordings the solution keeps. View full review »
Sumit Batabyal
Security Team Lead at a tech services company with 10,001+ employees
The most valuable feature to me is the recording feature. I can track all of the records, the commands, the server, any misguidance, etc. View full review »
User with 10,001+ employees
Automatic password management based on a strong password policy. Because still, many people choose not strong enough passwords for administrative accounts. View full review »
Project Manager at a tech services company with 10,001+ employees
* It is very secure. * The voice technology is very good. * It is very simple to use. View full review »
Identity and Access Management Analyst at a financial services firm with 1,001-5,000 employees
There are several features we've found valuable. We're auto-discovering our new Windows servers, we're managing root in our Unix environment, and now we're pushing for SA password rotation this year. View full review »
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
* Recordings * Exclusive use, and * OTP. There can be no ambiguity: An account can only be in use by one single known user, and they have no knowledge of the password. View full review »
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
* OTP * Session recording * Auditing * It takes away all ambiguity around "known" admin accounts. View full review »
Learn what your peers think about CyberArk PAS. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
426,653 professionals have used our research since 2012.