CyberArk Privileged Access Manager Overview

CyberArk Privileged Access Manager is the #1 ranked solution in our list of top User Activity Monitoring tools. It is most often compared to BeyondTrust Endpoint Privilege Management: CyberArk Privileged Access Manager vs BeyondTrust Endpoint Privilege Management

What is CyberArk Privileged Access Manager?

CyberArk is the trusted expert in privileged access management and a global leader Identity Security. Designed from the ground up with a focus on security, CyberArk has developed a powerful, modular technology platform that provides the industry's most comprehensive Privileged Account Security Solution.

CyberArk Privileged Access Manager is also known as CyberArk Privileged Access Security.

CyberArk Privileged Access Manager Buyer's Guide

Download the CyberArk Privileged Access Manager Buyer's Guide including reviews and more. Updated: June 2021

CyberArk Privileged Access Manager Customers

Rockwell Automation

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
it_user834369
Associate Vice President & Head of Apps Support at a tech services company with 10,001+ employees
Consultant
Excellent product for privileged access management and easy to implement

What is our primary use case?

Our primary use of CyberArk Privileged Access Manager is to bring control on to the privileged access. For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks.

Pros and Cons

  • "For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks."
  • "Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server."

What other advice do I have?

My advice would be to plan ahead of time. Put up the plan for all the modules that you are going to implement. Look at what the dependencies of those are and plan for those dependencies in advance, then start the project. Especially where it is the application identity manager, the AIM part, which is not only dependent upon the implementation partner but also the customer dev team to make the changes. That's what makes it critical to plan ahead, ensure all stakeholders' commitment of their time and support, then start the implementation. I would rate it nine out of ten.
reviewer1052523
User with 10,001+ employees
Real User
Automatic password management based on a strong password policy

What is our primary use case?

It provides a tamper-proof solution for privileged accounts and third-party access to corporate assets.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
511,607 professionals have used our research since 2012.
Maarten22
User at Liberty Global
Real User
Third-party teams are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials

What is our primary use case?

The main usage of our implementation is to limit the credentials exposure to our third-party teams. They are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials.

What other advice do I have?

One of the most important aspects is to ensure that the business is behind the solution. CyberArk suite will only work well if all users adopt the system.
reviewer990891
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Consultant
Takes away all ambiguity around "known" admin accounts

What is our primary use case?

Privileged account access into customer environments.

How has it helped my organization?

A higher level of password rotation and usage auditing.

What is most valuable?

OTP Session recording Auditing It takes away all ambiguity around "known" admin accounts.

What needs improvement?

The native PSM components are really good, however, if you have to apply environmental tweaks to an application launch, custom AutoIt scripts are needed.  Options for specifying drive mappings or script execution without the need for AutoIt based scripting in the native components would be good.
reviewer991878
Senior IT Security Engineer at a insurance company with 5,001-10,000 employees
User
Having the vaulting tech ensures that the credentials are secure

What is our primary use case?

We are using the solution for privileged account management. (Rotation, session isolation, checkout, etc.)
reviewer990912
Senior Manager - Privileged Access Management at a tech services company with 10,001+ employees
Real User
Has the ability to standardize our PAM across a diverse estate

What is our primary use case?

* PAM interface for staff to support customers which may include CyberArk solutions of their own. * Managing large environments with varied and diverse environments.
reviewer990891
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Consultant
Auditing and recording functionality has made compliance with customer requirements a much clearer and easily managed process

What is our primary use case?

Primary use case: having privileged access management and ingress into customer networks and infrastructure.

How has it helped my organization?

The auditing and recording functionality along with stringent password-change policies and one-time password use has made compliance with customer requirements a much clearer and easily managed process.

What is most valuable?

Recordings Exclusive use, and  OTP.  There can be no ambiguity: An account can only be in use by one single known user, and they have no knowledge of the password.

What needs improvement?

Functionality to enable drive mappings to platforms and default connectors without the need to use AutoIt.
DD
Information Security Engineer at a international affairs institute with 1,001-5,000 employees
User
Helps control use of shared passwords and the practice of sharing passwords disappeared completely

What is our primary use case?

The main purpose of getting CyberArk was to control the use of the shared passwords. Secondly, we needed to take out the secrets from the applications' source code (database connection strings). Thirdly, we wanted to improve the network segmentation and reduce the number of firewall exceptions. We're doing that by assigning a PSM per network zone and limiting the exceptions to its connections.

What other advice do I have?

Keep an eye on the cloud integrations and be ready for Conjur.
Je’rid Mccormick
Associate Engineer I at COUNTRY Financial
Real User
Has been a great help in automating password retrieval which removes the need for hard-coded credentials

What is our primary use case?

To securely manage privileged accounts within the enterprise and automate password compliance where possible.

What other advice do I have?

Contact the professional help for a demo, and you will not be disappointed. Even if you do not choose CyberArk, they can help identify current security gaps.
ITCS user
Identity and Access Management Analyst at a financial services firm with 1,001-5,000 employees
Real User
We're now able to start managing service accounts with AIM

What is our primary use case?

We use CyberArk to manage anything privileged including our admin IDs, AWS root credentials, service accounts, etc.

How has it helped my organization?

It's been a big win for us as we're now able to start managing service accounts with AIM. This is a big win, especially with our web hosting team.

What is most valuable?

There are several features we've found valuable. We're auto-discovering our new Windows servers, we're managing root in our Unix environment, and now we're pushing for SA password rotation this year.

What needs improvement?

As we have not yet moved to the core licensing model, we don't have the benefit of PSM and a few other things that were not previously included.

For how long have I used the solution?

One to three years.
reviewer990921
IT Support Specialist / Project Lead at a energy/utilities company with 10,001+ employees
Real User
Provides a more secure computing environment, allowing only approved programs to run securely

What is our primary use case?

Used to allow the removal of local administrators from 12,000 endpoints and yet still allows users to have the applications they need with the proper permissions required.
José Luis Llorente Rey
Senior Specialist Identity System Support at Roche
Real User
The master policy allows us to establish a security baseline for our privileged accounts

What is our primary use case?

We are using CyberArk to store credentials of privileged assets in a secure way. In addition, CyberArk helps us to meet our security policy effortlessly, defining the complexity of the passwords, rotation period, etc. We are also using the Privileged Session Manager to provide remote access to servers with security controls in place (session isolated and recorded).
GM
IT Analyst at a tech services company with 10,001+ employees
Real User
Enables us to connect to the target system component and helps us with recordings

What is our primary use case?

We have different privileged accounts in our enterprise. All of the application owners and the stakeholders want to store those accounts CyberArk privileged security, so they can connect to the target systems. It also allows for session recordings at the time of auditing.

What is most valuable?

We can be connected to the target system and the PSM component comes into play. In addition, a true asset is the recordings the solution keeps.

What needs improvement?

We have found with the recent upgrade a lot of issues we had with the connection have been resolved.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

Dan Hines
Senior Technologist at a retailer with 1,001-5,000 employees
Real User
We are able to know who is accessing what and when; having accountability

What is our primary use case?

Primary use case is for compliance, SOX, PCI, HIPAA, and securing privileged access accounts. It seems to be performing well. We have had pretty good success with it. We plan to utilize CyberArk to secure infrastructure and applications running in the cloud with AWS Management Console. We are testing it right now, so we hopefully it will be ready in about two months.

Pros and Cons

  • "We are maintaining compliance in PCI, SOX and HIPPA, which is a big thing. Auditors really like it, and it has made us stay compliant."
  • "We are able to know who is accessing what and when; having accountability."
  • "Make it easier to deploy."

What other advice do I have?

It does what it promised. It secures our platforms, haves the scalability, and it is just a solid product. Know what you are getting into upfront. Work with IT to ensure you have buy-in from upper management, and work with them to get a roadmap to deploy. Most important criteria when selecting a vendor: * Reliability * Having good customer support.
it_user635622
Vice President - Cyber Security at a tech services company with 10,001+ employees
Consultant
This product is stable. But, we did encounter some issues with the decentralized mode of the product.

What is our primary use case?

We primarily use this product for privileged identity management, restricting privileged IDs, and governance. This is the primary function of the program, and what we expect from it within the broad business level.

What needs improvement?

One limitation is that we are not able to put this into a decentralized mode.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

This solution is quite stable.

What do I think about the scalability of the solution?

We have no issues with scalability.

How is customer service and technical support?

The tech support is decent. 

How was the initial setup?

It takes a while to adapt to the product.

What's my experience with pricing, setup cost,

VS
Senior Associate at a consultancy with 10,001+ employees
Consultant
The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out.

What is our primary use case?

My primary use case for this solution is to prevent privileged access, privilege accounts, and to mark all of those for future ordering proposals. It is to limit their access.

Pros and Cons

  • "The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out."
  • "There was a functionality of the solution that was missing. I had noticed it in Beyond Trust, but not in this solution. But, recently they have incorporated something similar."

What other advice do I have?

CyberArk has vast trust across the globe. People who've used CyberArk usually don't go back and change the product, unless it is a cost issue. If it is a cost issue, I must suggest BeyondTrust as a cost-effective solution for similar services.
HP
Lead Consultant at a tech services company with 10,001+ employees
Reseller
I like the PTA (Privileged Threat Analytics) of this solution.

What is our primary use case?

Our primary use case for this solution is privileged threat management and session management.

Pros and Cons

  • "I really like the PTA (Privileged Threat Analytics). I find this the best feature."
  • "If we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature."
  • "Tech support staff can be more proactive."

What other advice do I have?

I think if the industry could work together on TSM connectors, this would be a cutting-age change.
RS
Principal Consultant, IAM Projects at a tech services company with 201-500 employees
Consultant
The threat analytics is an important feature. This is a robust product.

What is our primary use case?

The primary use case is password management.

Pros and Cons

  • "The threat analytics is an important feature."
  • "The usual workload is sometimes delayed by the solution."
Sumit Batabyal
Security Team Lead at a tech services company with 10,001+ employees
Real User
This product helps us complete financial audits. It is a nice solution.

What is our primary use case?

Our primary use case for this solution is it provides a security solution that includes password management. This defends against threats.

What is most valuable?

The most valuable feature to me is the recording feature. I can track all of the records, the commands, the server, any misguidance, etc.

What needs improvement?

Over the past seven years, I have seen a lot of ups and downs with the product, but now I am happy with the version that we are using now. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I have no issues with stability. 

What do I think about the scalability of the solution?

It is scalable. We have added new equipment, and this solution has been relevant.  …
AP
Technical Manager at a tech services company with 10,001+ employees
Reseller
It helps our customers in their software requirement imports

What is our primary use case?

One of our customers is using the 9.5 version of the solution. We personally use the product. We are implementing it and have a lot of involvement in its usage. We use it primarily because we need to manage business accounts and reduce our inboxes.

Pros and Cons

  • "It helps our customers in their software requirement imports."
  • "The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs."
  • "Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations."

What other advice do I have?

Work off your roadmap for implementation. We recommend CyberArk solutions.
it_user514779
Project Manager at a tech services company with 10,001+ employees
Consultant
It is secure and simple to use

What is our primary use case?

We are using it for privileged access management.

What is most valuable?

It is very secure.  The voice technology is very good. It is very simple to use.

For how long have I used the solution?

More than five years.

What do I think about the scalability of the solution?

We haven't had issues with scalability.

How are customer service and technical support?

We have good support from support. They are very helpful.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The initial setup was somewhat complex, but we received help from the product support team with the installation.

What's my experience with pricing, setup cost, and licensing?

The product is costly…
DM
Core Analyst/ Server Admin at a comms service provider with 1,001-5,000 employees
Real User
Gives us the security of all credentials in one place and lightens our administrative load

What is our primary use case?

We use CyberArk to manage our privileged accounts, our passwords for our critical infrastructure. We have a lot of root administrator level accounts and other application and node accounts that are critical to our business. We use CyberArk to keep those rotated, keep them secure, in an encrypted environment giving us a lot more control and auditing capability. We are not planning to utilize CyberArk to secure infrastructure for applications running in the cloud because, in our particular business, we like to keep things in-house. Although we have a very small use case scenario where we have… more »

Pros and Cons

  • "CyberArk is not just an IT security or cybersecurity tool. It's also an administrator tool. I had a fair number of systems where the passwords were not fully managed by CyberArk yet, and they were expiring every 30 or 45 days. I was able to get management turned on for those accounts. From an administrator perspective, I didn't have to go back into those systems and manually change those passwords anymore. CyberArk... lightened the load on our administrative work."
  • "This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be better if they were a little more give-and-take upfront: "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful."

What other advice do I have?

One big piece of advice I would give is: Don't ignore user acceptance. If you want people to use CyberArk, you have to pay attention to user acceptance. If your users hate it, then your entire experience is going to be an uphill battle, when you're trying to get people to actually use the tool. It doesn't matter how good the tool is, it doesn't matter how well it does password management. It doesn't matter how well it does all these other things. If your users hate it, you're going to have an uphill struggle with the people that you need to be on your side. You've got to get user acceptance…
HP
IT Security Specialist I at a healthcare company with 1,001-5,000 employees
Real User
You can write different types of policies for custom business needs

What is our primary use case?

I am a CyberArk admin. I manage everyone's PSA accounts, including EPM and PVWA. It has been performing very nicely. We are on version 9.10. We are thinking of upgrading to 10.3 soon, hopefully. I don't want go to 10.4 since it just came out. We are planning on utilizing CyberArk to secure application credentials and endpoints because of PAS. We do have a lot of accounts for developers, and we do manage a lot of passwords in the world. Our company is not in the cloud yet. We are not that big. We are looking to move to it soon, as it is on our roadmap. By the end of the year or early next year… more »

Pros and Cons

  • "You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily."
  • "The interface on version 9 looks old."

What other advice do I have?

If you want more security, get CyberArk. I used the new plugin generator utility here in the lab. Right now, it is manual, and the plugin is very easy to use. It is amazing. Most important criteria when selecting a vendor: I prefer better tech support, because I love the CyberArk support. I want support like that everywhere with all my vendors.
RK
Information Security Analyst III at a healthcare company with 10,001+ employees
Real User
We can make a policy that affects everybody instantly

What is our primary use case?

It is used to manage the policies on our endpoint because we want to takeaway admin rights to protect our computers. We have had our implementation issues. However, the software is light years ahead of its competitors. We have seen massive progress with the updates of the software. We have been doing pretty well with it in the time that we have been implementing it. We are trying to manage the endpoints, but our company has been a long-time customer. We want to integrate the other products because EPM is not the only one. We do have PAS and AIM, but now it looks like CyberArk is moving towards… more »

Pros and Cons

  • "We can make a policy that affects everybody instantly."
  • "We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us."
  • "One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening."

What other advice do I have?

Get on implementing it today. Be patient. Test a lot. Deploy slowly. It has places to go. I see the potential. It is getting there, but it has room to grow. If you compare this product with anything else as far as an endpoint solution, there is nothing which even compares. We have implemented the new plugin generator utility already. I trained the help desk. It is really easy. Instead of having to fix it myself, the service desk will receive a one-time code to help the customer immediately, so they do not have to wait. I will receive a ticket to make a long-term policy. It is a perfect system…
MS
Technical consultant at a healthcare company with 1,001-5,000 employees
Consultant
Gives us the flexibility to integrate with other technologies and applications

What is our primary use case?

We use it for all application IDs to onboard into CyberArk. So far, the performance is good because we have onboarded more than 40,000 accounts, and it's growing every day. We plan to utilize CyberArk's secure infrastructure application running in the cloud. We are conducting workshops with CyberArk on this. So it is planned but not yet confirmed. We are not using CyberArk's secure application credentials and endpoints.

Pros and Cons

  • "The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization."
  • "CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well."

What other advice do I have?

If you want to use it as an application password management cloud solution, think about it not as a security person but as an application person. If CyberArk does not meet your requirements, it has a way to meet them through customization. Our most important criteria when selecting a vendor include scalability and stability as well meeting our security requirements for applications From the application perspective, I would rate it at eight out of 10 because it's very easy to use and stable.
BW
Systems Admin II at a transportation company with 5,001-10,000 employees
Real User
Lessens the risk with privileged access

What is our primary use case?

Currently, we use PAS and EPM. Mainly, we did EPM last year to get rid of local admins on about 300 PCs. We are looking into utilizing CyberArk to secure infrastructure in the cloud. I have been in admin for two years. The company has probably had it for more than seven years.

Pros and Cons

  • "We are able to rotate credentials and have privileged account access."
  • "Lessens the risk with privileged access."

    What other advice do I have?

    Do it now. Don't wait. Any other issues that we may have come up with, they have always been there to help assist and get us back on the right track. They don't just give you the product, then wipe their hands. We just got an upgrade to version 10.4, as we went from 9.2 to 9.9.5 last year. This was a major improvement for us, going to 10.4 with the different dashboards and PTA built-in and PTA on the credential rotation. They are starting to integrate all the different components. Most important criteria when selecting a vendor: * Ease of access. * They are with you going through any problems…
    Sack Pephirom
    Senior Security Engineer at a financial services firm with 1,001-5,000 employees
    Real User
    Allows users to self-provision access to the accounts that they need

    What is our primary use case?

    The main focus of using CyberArk was to replace our previous Excel spreadsheets, which contained all of our passwords. The reason that we brought it in was to replace them and meet certain audit requirements. We are using CyberArk to secure applications for credentials and endpoints. We are planning on utilizing CyberArk to secure infrastructure and applications running in the cloud. It is on our roadmap for next year.

    Pros and Cons

    • "It allows users to self-provision access to the accounts that they need."
    • "There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution."

    What other advice do I have?

    My advice is to have the necessary resources to fully implement this. Don't just bring it in and let it sit. It needs to have the resources with a fully dedicated team to be able to get this functional. Otherwise, it will be sitting there not being fully utilized. There are a lot of functionalities that require a lot of resources to get it up and running. I have been using the new plugin generator utility for about a year. I took a PSM Connection course this past summer. I have been using it ever since. Most important criteria when selecting a vendor: * It will be usability of the product. I…
    BA
    Principal entity management engineer at a retailer with 10,001+ employees
    Real User
    The ability to record sessions through PSM makes people more careful about what they do

    What is our primary use case?

    We are using this product for our privileged identities and account management. We have some accounts that we consider privileged, the ones that have access to systems, software, tools, and our database and files and folders, etc. We try to maintain these accounts safely and try to grant access to these systems securely. We try and manage other non-human accounts that are DBAs, DB accounts, etc., through CyberArk. Another initiative for this was the PCA compliance that we wanted to meet. We don't have many applications in the cloud, we are getting one or two now. So in the future, we plan to… more »

    What other advice do I have?

    Others have spoken a lot about security hygiene and I believe that's where you should start. l would rate CyberArk at nine out of 10. The way for it to get to a 10 is with a lot of features, the amount of cost involved in buying the product, and the PSM proxy issue that we've been facing. In terms of important criteria when working with a vendor one thing is, as we said, getting to the right person. We go to support only if there is a critical situation where we are not able to solve it. Getting to the right person at the right time, and getting the issues resolved in a timely fashion is what…
    CH
    Information security engineer/ business owner
    Real User
    I love the ability to customize passwords for mainframes, for example, which are limited to eight characters

    What is our primary use case?

    The primary use case is, of course, that we do the EPV for password vaulting and security changing, and prior to version 10 we were excited and it functioned perfectly fine. There are a few glitches with version 10 that we are not really happy with, but the functionality itself still exists and it's working like it should. We actually have our vaults in the cloud. I don't know if we have any applications in the cloud that we're planning on managing, yet. We're not really a big AIM shop just yet, so I don't know if we're planning on utilizing CyberArk to secure infrastructure applications… more »

    Pros and Cons

    • "I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors."
    • "The users have the ability to rotate passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically."
    • "The fact that I can put my vault here in a central location on one net for example, and I'll have a CPM in California, a CPM in Texas, a CPM in New York, a CPM in Florida, and actually be able to grow with my company and not necessarily have to continue to grow my vault until I get to a certain number accounts - yet I can still manage everything across the country, if not the world - I love that. I love the flexibility and the capability of being able to pull those components out."
    • "We had an issue with the Copy feature... Apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it."
    • "I don't know if "failed authentication" is a glitch or if that was an update... However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up. So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended." It doesn't say that anymore."
    • "I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs.""

    What other advice do I have?

    Do your research. That would be my biggest advice. CyberArk is a great tool. However, it is not the only tool that does what it does and, in some cases, for a lot of people, other passport vaulting tools are more toward what they would need in their environment. I would give CyberArk an eight out of 10, and the two missing points would probably be mostly because of technical support. I would love to actually get the support that I asked for. I would love to actually get the help that I'm asking you for as opposed to you telling me, "Yes, I can help you. I need you to fill out these papers and…
    DR
    IT Security at a manufacturing company with 10,001+ employees
    Real User
    It gives us the capability to rotate passwords

    What is our primary use case?

    We use it for service accounts and local accounts for the machine. We are basically using it to rotate passwords or reconciling passwords, as needed. We do have a number which get changed on a yearly basis (most do). Some get changed on a more frequent basis. Users go into the safes that they have access to or whatever account they need, and they pull it. That is our use case. It is performing well. However, we need a bit more education for our user community because they are not using it to its capabilities. We are interested in utilizing the CyberArk secure infrastructure or running… more »

    Pros and Cons

    • "It gives us the capability to rotate passwords."
    • "There were a lot of manual steps in the initial setup which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5."
    • "We need a bit more education for our user community because they are not using it to its capabilities."

    What other advice do I have?

    Educate the user community once you get it actively deployed and set up a strict policy on it. Most important criteria when selecting a vendor: * Good reputation for technical support * Product that does what it is supposed to do.
    SN
    Director Information Security at a insurance company with 501-1,000 employees
    Real User
    It has helped from an auditing perspective identify who has access to privileged accounts

    What is our primary use case?

    Its performance is excellent. We have had multiple use cases: * It is PSM, so as a jump box to our servers. * We use it as a primary mechanism for all our consultants and auditors to access our systems. So, they come in through a Citrix app, then it is used by PVWA to access all the servers. We are currently using CyberArk to secure applications with credentials and endpoints. We plan on utilizing CyberArk to secure infrastructure and applications running in the cloud going forward. We are looking into possibly AWS or Azure.

    Pros and Cons

    • "It has helped from an auditing perspective identify who has access to privileged accounts."
    • "It provides an accountability to the individuals who are using it, knowing that it is audited and tracked."
    • "We utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs."
    • "Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up."

    What other advice do I have?

    Take your time. It is not a quick hit, where I am going to put it in today and be done. It is a process. The cyber hygiene program is a crucial aspect of how to implement this successfully. I do have experience with the new plugin generator utility. We have been using it for a short period of time. It is not fully in production yet, but it seems to be quite good. Most important criteria when selecting a vendor: Technical ability, not only in the product, but in the industry as a whole. This helps set CyberArk apart. They are not only experts in their product, but they are experts in the…
    ITCS user
    CyberArk Consultant at a hospitality company with 10,001+ employees
    Consultant
    Preemptively helps us detect major threats and vulnerabilities and to address them

    What is our primary use case?

    CyberArk is managing our privileged accounts: most of the service accounts, admin accounts, and all other privileged accounts on different platforms including Windows and Linux. A lot of databases have already been onboarded. At the moment we are working towards integrating, or implementing, the AIM product to make sure those hard-coded credentials are being managed by CyberArk, instead of being directly coded in. The plan is to utilize CyberArk secure infrastructure applications running in the cloud, but we will definitely have to upgrade our knowledge. Conjur is one of the very important… more »

    Pros and Cons

    • "The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself."
    • "As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel."

    What other advice do I have?

    Take this solution over any other solution. In fact, I have personally brought a couple of my old colleagues with a technical background into this product line so that most of them are now certified on CyberArk and working in the same environment as well. Without doubt CyberArk is a 10 out of 10. From my experience, the kind of work I have done with this solution, it's absolutely amazing. It has the capabilities to secure the environment, which is the most important part. Anytime we hear any news of breaches elsewhere, that's when we say, "Hey, they should have done something, implemented the…
    MW
    Senior server administrator at a financial services firm with 1,001-5,000 employees
    Real User
    Significantly decreases the amount of time our teams spend mitigating security issues

    What is our primary use case?

    We use CyberArk to assist with implementing security solutions that our auditors require. It also assists us in giving secure, monitored, audited access to non-technical people who, because of their jobs, or because of the application, require direct access to servers. We are utilizing CyberArk's secure application credentials and endpoints. It is performing very well. We're not planning to utilize CyberArk's secure infrastructure or applications running in the cloud because our industry is, for the present, barred from using cloud resources. We don't yet have experience using the Plugin… more »

    Pros and Cons

    • "Because we now have the ability to grant access to management utilities like DNS Manager, Sequel Studio, and MMC, in a secure fashion, without system admins being required to continually reenter various passwords that are stored who knows where, it has really made the system admin's job much easier. It has made the PSM's job much easier. It has made the auditor's job and the security team's job and the access manager's job significantly easier, because we're able to move much more quickly toward a role-based access management system, and that is really streamlining the whole onboarding/offboarding management process."
    • "I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides."

    What other advice do I have?

    My advice to a colleague would be: First, don't allow the security team to be the driving force. It has to be the server team that implements it, that is the driving force behind it, and the for that reason is there is always animosity between the people who are there to enforce security and the people who are there to get a job done. When you are on the enforcement team, you are dictating to the people who are trying to get a job done, "Here is something that I'm going to put in your way to make it harder for you to get your job done." Regardless of what happens, that's the way it comes…
    NR
    Security Architect at a healthcare company with 10,001+ employees
    Real User
    We demoted a lot of domain admins taking a lot of that away from people, giving it a shared account structure

    What is our primary use case?

    The primary use case is increasing security and our security posture at our company, helping to prevent any future breaches and secure as many privileged accounts as we can. We have a lot of use cases, so there is not really a primary one, other than just trying to increase our security and protect our most privileged accounts. We do not have a large cloud presence as of yet, but like other organizations, we are starting to get into it. We have a fantastic adoption of CyberArk that extends all the way up through executive leadership. A lot of times, projects and proof of concepts that we want… more »

    Pros and Cons

    • "It has helped us with our adoption with other teams, and it has also helped us to integrate it at the ground level."
    • "We have demoted a lot of domain admins and taken a lot of that away from people, giving it a shared account structure."
    • "Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together."

    What other advice do I have?

    CyberArk is a fantastic solution. They understand what the industry is trending towards. They are able to meet that very quickly. Being in healthcare, we are a little bit behind the times and we follow people a little further behind (for example, the financial sector has been doing all this stuff for so long). However, healthcare, as an industry, is always a few steps behind because we are clinical and have to support a lot of different clinicians, physicians, and regulations, which sometimes makes us move more slowly. Just having this has been huge for us. One of the things which has…
    BB
    Master software engineer at a financial services firm with 10,001+ employees
    Real User
    Improves security by having credentials locked down and rotated regularly

    What is our primary use case?

    Primary use case is storing and rotating local domain admin credentials for Windows and Unix network devices. We're using CyberArk secure application credentials and endpoints on a small scale and we're planning, for the future, to use CyberArk to secure infrastructure applications running in the cloud. We don't have experience using the Plugin Generator Utility. It is performing pretty well for the most part. We have some issues with RADIUS authentication, some bugs with that. But, generally speaking, it works really well.

    Pros and Cons

    • "Provides improved security around having your credentials locked down and rotated regularly."
    • "I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine."
    • "When something comes out, it's generally airtight and works as advertised. However, sometimes they are a little bit slow to keep up with what's coming out. In 2017, for example, they released support for Windows Server 2016, which had been out for a year or so."
    • "The scalability, sometimes, is lacking. It works really well for more static environments... But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up."

    What other advice do I have?

    Engage with Professional Services, not just for help with, "Here are the buttons to click," because they've been really helpful as far as how we would want to implement things. Our most important criteria when selecting or working with a vendor, outside of the product being good, are reliability and timeliness of response. Those are the two big things. I think CyberArk does a pretty good job on these. I rate CyberArk at eight out of 10. I think the solution, as released, is usually very good. When something comes out, it's generally airtight and works as advertised. However, sometimes they are…
    Song Ye
    Senior System Engineer at a transportation company with 10,001+ employees
    Real User
    We were able to secure all the server root passwords and admin for Windows

    What is our primary use case?

    Our primary case is for AIM. We are a huge AIM customer, and we also do the shared account management. We are looking into utilizing CyberArk's secure infrastructure and running application in the cloud for future usage.

    Pros and Cons

    • "CyberArk has allowed us to get the credentials and passwords out of hard-coded property files."
    • "On the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us."
    • "I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy."

    What other advice do I have?

    I would recommend the product. We have done a lot of customer referrals for CyberArk. It is good. It fits our needs, and there is not anything else out in the market that can match it. Most important criteria when selecting a vendor: * Good support. * Meeting the each of the requirements. * Usability of the product. * Ease of implementation. * Not a lot of customization; you can get it right out-of-the-box and run with it.
    Je’rid Mccormick
    Associate Engineer I at COUNTRY Financial
    Real User
    It enables us to secure accounts and make sure they are compliant

    What is our primary use case?

    My primary use case for the product is essentially to secure our privileged accounts, and it's performing amazingly. What it allows us to do is to rotate the credentials for privileged accounts. It ensures we understand where the accounts are being used and that they are staying compliant with our EISB Policy, which is a policy to change passwords. Thus, attackers find it harder to get in and steal an old password which is just sitting out on a system. We utilize CyberArk secure infrastructure. We are moving towards applications in the cloud, but we do not currently have that. We are also… more »

    Pros and Cons

    • "It enables us to secure accounts and make sure they are compliant."
    • "They just released Marketplace, and they are constantly releasing updates to the components and adding new components, like Conjur. This is something that we ran into with Secret Server and DevOps, so it is already scalable, but becoming more so in the future."
    • "More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet."

    What other advice do I have?

    Try a demo, if you can. Make it a hands-on with some of the components and see what they offer you. I have used other privileged account management tools in the past. This, by far, outranks them as far as features and usability. The integrations on top of that as well. Each new product that our company buys, we turn to CyberArk, and they are say, "Yes, we integrate with that." I have used the new generator utility plugin once, so not extensive experience, but I have used it. It does work. Most important criteria when selecting a vendor: They integrate with CyberArk.
    JG
    Security Analyst at a financial services firm with 5,001-10,000 employees
    Real User
    Give us the ability to rotate privileged user passwords to eliminate fraudulent use

    What is our primary use case?

    We use it to harden our passwords for privileged users. We also utilize CyberArk to secure application server credentials. We plan to utilize CyberArk's secure infrastructure and applications running in the cloud. We have AWS now. That is our next avenue: To get in there and have that taken care of.

    Pros and Cons

    • "We are able to rotate privileged user passwords to eliminate fraudulent use."
    • "If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network."
    • "The web access piece needs improvement. We have version 9.5 or 9.9.5, and now we have to upgrade to version 10."

    What other advice do I have?

    CyberArk is the best out there. Their product makes our privileged access management so much easier. For privilege access management, there is really no choice but to implement this or a similar solution. It is the last bastion that companies have. Firewalls used to be the perimeter and the place to be. Nowadays, intruders can walk through the perimeter (the firewall). So, we have to get on the inside and get it tied down. They are not very many people playing in this market. CyberArk is on the top, so there should not be any reason not to go with it. Most important criteria when selecting a…
    Eli Galindo
    Data Security Analyst II at a financial services firm with 5,001-10,000 employees
    Real User
    It hardens access and makes the organization more secure, therefore reducing chances of a breach

    What is our primary use case?

    Our primary use case is to secure privileged access. Right now, it is performing fairly well. We have had instances where we have had to work with the customer support to integrate a custom plugin and struggled a bit there. It took a bit longer than we expected, but it ended up working out. Most of our focus now is getting our systems into CyberArk, which has nothing to do with the CyberArk software. It is just being able to communicate with our internal team to get them in there. So far, we haven't had a problem with CyberArk.

    Pros and Cons

    • "The central password manager is the most valuable feature because the password is constantly changing. If an outsider threat came in and gained access to one of those passwords, they would not have access for long."
    • "The product is for hardening access and making the organization more secure, therefore reducing chances of a breach."
    • "One of the main things that could be improved would be filtering accounts on the main page and increasing the functionality of the filters. There are some filters on the side which are very specific, but I feel there could be more."

    What other advice do I have?

    CyberArk is on top of its game. The product has worked well for our company. If you are looking at implementing this solution, buy the training and go to it. If you do not train, it is hard to understand it. It is hard to pick it up by cross-training with other people. You really want to start off strong. Most important criteria when evaluating a technical solution: Be brutally honest about all the factors that go into the solution that you are looking for (buyer) and what the solution can offer (seller).
    SB
    Security Analyst at a insurance company with 1,001-5,000 employees
    Real User
    We are able to centrally manage credentials, touch applications, and rotate passwords

    What is our primary use case?

    We use it for all of our privileged accounts, local admin, domain admin, and application accounts. We use several of the product suites. We are using the EPV suite along with AIM, and we are looking into using Conjur right now. Overall, it has been a great product and helped out a lot with being able to manage privileged accounts. We don't have a lot of stuff in the cloud right now, but as we move forward, this is why we are looking at Conjur. We would definitely use it for that and DevOps. We have owned the product since version 6.5.

    Pros and Cons

    • "It has the ability to scale out. We have scaled out quite a bit with our product and use of it to get to multiple locations and businesses, so it has the breadth to do that."
    • "We are able to centrally manage credentials, touch applications, and rotate passwords."
    • "We would like to expand the usage of the auto discovery accounts feed, then on our end, tie in the REST API for automation."
    • "As they grow, the technical support is having growing pains. One of the things is just being able to get somebody on the phone sometimes."

    What other advice do I have?

    One of the biggest factors when dealing with this field/area in privileged accounts is you have to have executive support from the top down. Push for this, because trying to get different business units or groups to implement this product is very hard if you don't have upper level management support. Most important criteria when selecting a vendor: * Stability of the product. * The customer service interface: Someone who can work with you on the product and understand what your needs are.
    MM
    IT Security Analyst at a mining and metals company with 10,001+ employees
    Real User
    We are utilizing it to secure applications, credentials, and endpoints

    What is our primary use case?

    * Credential faulting * Credential management * Privilege session management * Secure file storage We are utilizing CyberArk to secure applications, credentials, and endpoints. The product is performing very well. It is a difficult product to implement into a large organization though. There is a lot of customization and a lot of hands on stuff, which is not just install and be done. This isn't bad, but it does require a lot of time. The value is probably the best of all of the other products which are offering the same services.

    Pros and Cons

    • "We are utilizing CyberArk to secure applications, credentials, and endpoints."
    • "On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need."
    • "It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile."
    • "Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug."

    What other advice do I have?

    Start small and don't try to overwhelm your scope. Do small steps and get them completed. Take notes, document, then scale out. Go from high risk out instead of trying to get everything in, then fixing it. One of my homework assignments at CyberArk Impact is to find out more about how to utilize CyberArk to secure infrastructure or applications running in the cloud. We have a lot of the out-of-the-box plugins with one custom plugin, but we are still new to using them. Most important criteria when selecting a vendor Age of the company, because we do not want to be first to market. We want to…
    KR
    Identity and Access Management Engineer at a energy/utilities company with 10,001+ employees
    Real User
    Ability to manage application credentials whether they come as a custom plugin or straight out-of-the-box

    What is our primary use case?

    The primary use case is for password credential management of privileged accounts. The product has performed very well, and we will continue to invest in this space because the CyberArk tools are working well for us. We are using it to manage infrastructure and applications in the cloud, rotating credentials which are used for operating system logins and cloud console credentials.

    Pros and Cons

    • "The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used)."
    • "We have been able to manage application credentials in CyberArk, whether they come as a custom plugin or straight out-of-the-box."
    • "Some of the additional features that we are looking at are in the Conjur product. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines."

    What other advice do I have?

    If you are starting from scratch with the product, you should take a good inventory of your accounts to know what is in the scope. Start off with the password management aspect of it, but also look into things that provide session management, SSH key, and rotation. These are some of the basic things a new company using privileged access should look for. CyberArk is always willing to take feedback from the customer and are looking for ways to improve. There are all types of programs within CyberArk to take that feedback and incorporate it into their product. I have experience using quite a few…
    KE
    Security Analyst at a retailer with 10,001+ employees
    Real User
    We can manage many accounts and broker connections between devices without needing to know passwords

    What is our primary use case?

    The primary use case is for privileged account management. It is performing well. We are currently using CyberArk for applications running in the cloud. We are also using them for DevOps. We have some new things that we are implementing, and are working non-stop to leverage these features. In addition, we are using CyberArk to secure applications and endpoints.

    Pros and Cons

    • "We know when passwords will be expiring so we can force users to change their passwords, as well as requiring specific password requirements for length, complexity, etc."
    • "Technical support has been very responsive in navigating challenges. It is very easy to open a ticket."
    • "I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool."

    What other advice do I have?

    Make sure you have a development or QA environment. I did training today on the new plugin generator utility. I would rate it about a nine for ease of use and deployment. They are continuously improving the product. It works great, and there is a lot of documentation available. Most important criteria when selecting a vendor: Longevity and length of time in the business. Not that there is anything wrong with startups, but these folks have been out there with a proven track record. We talk to other people, look at the reports, etc.
    karthikrajaraj
    Technical Director at Unique Performance Techsoft Pvt Ltd
    Real User
    Top 20Leaderboard
    Anomaly detection and prevention for all privilege accounts

    What is our primary use case?

    We provide privilege account security and consulting to our customers. Organisations that we work with use CyberArk Privileged Account Security to secure their privilege accounts, which are shared between users in the organisation. It provides automatic password management and provides the single sign-on experience to users for all privilege accounts (Windows - administrator, Linux - root, MS SQL - SA, Oracle - SYS, SSH keys, etc.). It also provides DVR like recording for all privilege access and text-based recording to easily audit all privilege activities. The new Privilege Threat Analytics… more »

    Pros and Cons

    • "Automatic password management, which will automatically change passwords based on compliance requirements."
    • "DVR like video recording and text-based recording for easier audits."
    • "This product needs professional consulting services to onboard accounts effectively based user profiles."

    What other advice do I have?

    I have used and deployed it in various environments so far. It really covers all the use cases provided by the customer.
    ITCS user
    CyberArk Consultant at a hospitality company with 10,001+ employees
    Consultant
    Helped us to identify, store, protect, and monitor usage of privileged accounts

    What is our primary use case?

    Managing and securing the access to the environment. I have worked with CyberArk solutions/applications for more than three years. I have completed several implementations, proofs of concept, operational, and development activities. I have also worked with or checked most CyberArk releases since version 8.7.

    Pros and Cons

    • "CyberArk has helped us to identify, store, protect, and monitor the usage of privileged accounts."
    • "The Vault offers great capabilities for structuring and accessing data."
    • "Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices."
    • "Online help needs to be looked into with live agent support."
    • "The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots."
    • "New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections."
    it_user585702
    Senior Consultant at a tech services company with 5,001-10,000 employees
    MSP
    Allows secure, logged access to highly sensitive servers and services

    Pros and Cons

    • "Allows secure, logged access to highly sensitive servers and services."
    • "​It's hard to find competent resellers/support."
    • "Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
    • "it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs."

    What other advice do I have?

    I’m a consultant. I help implement and train others on how to use it in a highly secure environment. I’d give it a nine out of 10. It is very, very secure. Plan for major culture change, especially in non-progressive shops. This is a necessary evil to endure for the sake of real security.
    it_user796542
    User at a financial services firm with 10,001+ employees
    User
    Securely protects our TAP/NUID and privileged access accounts within the company

    What is our primary use case?

    Our main use is for CyberArk to hold, maintain, and securely protect our TAP/NUID and "privileged access" accounts within the company.

    Pros and Cons

    • "The regulation of accounts is by far the most needed and valuable part of the application."
    • "Helped us meet our standards and requirements to help us comply with industry standards and banking regulations."
    • "Securely protects our TAP/NUID and privileged access accounts within the company."
      ITCS user
      Senior Consultant - Information Security Engineering at a financial services firm with 10,001+ employees
      Consultant
      Can provide transparent connection to targeted systems and record activities

      What is our primary use case?

      We proactively vault and manage all elevated accounts across multiple platforms. For especially sensitive business units, we additionally leverage Privilege Session Manager to provide transparent connection to targeted systems and record activities.

      Pros and Cons

      • "Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials."
      • "You can gradually implement CyberArk, starting with more easily attainable goals."
        ITCS user
        Princ. Info Security Analyst at a insurance company with 10,001+ employees
        Real User
        Ensures accounts are managed according to corporate policies

        What is our primary use case?

        We use it all. * Privileged account access and management * Credential rotation * Access control * Privileged session recording

        Pros and Cons

        • "Ensures accounts are managed according to corporate policies."
        • "It takes people out of the machine work of ensuring credentials remain up-to-date, and handles connection brokering such that human usage and credential management remain independent."
        • "It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill."
        Eric Vanatta
        Identity and Access Management System Administrator Sr. at a financial services firm with 1,001-5,000 employees
        Real User
        Increased our insight into how privileged accounts are being used and distributed within our footprint

        What is our primary use case?

        CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage.

        How has it helped my organization?

        The CyberArk PAS has greatly increased our insight into how privileged accounts are being used and distributed within our footprint.

        What is most valuable?

        Ease of use The auditing capabilities The great support of their customer success teams

        What needs improvement?

        Areas the product could be improved are in some of the reporting capabilities and how the reports are configured.

        For how long have I used the solution?

        One to three years.
        John Lawren James
        Global Privilege Access Management Technical Architect at a consultancy with 10,001+ employees
        Consultant
        All access to our servers, by both staff and vendors, is monitored and recorded

        What is our primary use case?

        We are leveraging CyberArk to provide Windows server access management across our enterprise. All our staff is looking for access to a server and needs to use CyberArk.

        How has it helped my organization?

        CyberArk has resulted in a massive increase in our security footprint. All access to our servers, by both staff and vendors, is monitored and recorded.

        What is most valuable?

        Session recording and key logging. We can track down not only who made a change, but exactly what they changed or did.

        What needs improvement?

        The current user interface is a little dated. However, I hear there are changes coming in the next version.  There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself. …
        it_user620580
        Security Engineer at a tech services company with 51-200 employees
        Consultant
        Enables us to manage passwords of highly privileged accounts.

        What other advice do I have?

        Make sure that the organization is ready and willing to adopt this, as the typical business cases cannot be addressed by the product alone.
        Malhar Vora
        CyberArk PAS Solution Professional | Project Manager at a tech services company with 10,001+ employees
        Consultant
        Top 20Leaderboard
        Provides automatic password management. We can monitor, record, and control sessions.

        What other advice do I have?

        The PAM solution brings cultural change and adds a layer to the way IT administrators access the privileged accounts before implementing the PAM tool. A great, valuable product like CyberArk requires good planning and time to implement all the features.
        it_user685299
        IT Security Specialist at a tech services company with 11-50 employees
        Consultant
        Password rotation, session recording & isolation and on-demand privileges.

        Pros and Cons

        • "Password rotation, session recording & isolation and on-demand privileges."
        • "For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products."

        What other advice do I have?

        CyberArk offers extensive training, utilise it. Also their support staff are very good and can assist with everything.
        it_user685302
        Technical Lead at a tech services company with 10,001+ employees
        Consultant
        ​Enterprise Password Vault, Privilege Session Manager & Application Identity Management have been very useful for our client environment.​

        Pros and Cons

        • "Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment."
        • "Performance of PIM could be better and intended for usability as well as security."

        What other advice do I have?

        Proper implementation and prior study of product will give you efficient results. Organizations looking for a product that can provide proper paper trail for risk and compliance audits should certainly give it a try because the product's auditing and reporting capabilities are really bliss.
        it_user677688
        CyberArk Consultant at a comms service provider with 10,001+ employees
        Vendor
        The password management component (CPM) is the most valuable. The installation manual is quite straightforward and extensive.

        Pros and Cons

        • "It enables companies to automate password management on target systems gaining a more secure access management approach."
        • "The current interface doesn't scale that well, and has some screens still in the old layout."

        What other advice do I have?

        Do a detailed assessment of your requirements before you invest. Map the requirements to the functionality and go just that step deeper in the assessment of whether the tool fits your needs. Keep in mind that, although CyberArk is highly configurable and provides lots of functionality, it still is an out-of-the-box solution and customization is limited in some ways.
        it_user674070
        Senior Technical Trainer at a tech services company with 501-1,000 employees
        Consultant
        Improves the privilege account security in the organization. I would like to see improvement in the custom connector.

        Pros and Cons

        • "PSM (Privilege Session Manager."
        • "I would like to see improvement in the custom connector for integration with different devices."

        What other advice do I have?

        For implementation, you will need professional services or other experts.
        it_user674049
        Head of Technical Services at a tech services company with 51-200 employees
        Consultant
        Gives us the ability to isolate sessions to protect the target system.

        Pros and Cons

        • "Automates password management to remove the human chain weakness."
        • "The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA."

        What other advice do I have?

        Make sure you understand your business objects and your technical objects. Plan to scale out to the entire organization, but start small, and grow organically.
        it_user665142
        SD/Infr Coordinator at a computer software company with 201-500 employees
        Vendor
        We helped a telecom to migrate from a standard .XLS with accounts.

        Pros and Cons

        • "You can easily manage more than 4000 accounts with one PSM."
        • "I would like to see better usability for non-technical people."

        What other advice do I have?

        Basically, build it up step-by-step, starting with the EPV of course :-).
        ITCS user
        Senior Consultant at a consultancy with 10,001+ employees
        Consultant
        The combination of CPM and PSM resolves a lot of use cases.

        Pros and Cons

        • "The combination of CPM and PSM resolves a lot of use cases."
        • "They can do a better job in the PSM space."
        it_user620580
        Security Engineer at a tech services company with 51-200 employees
        Consultant
        Provides a full audit trail and approval workflow functionality.

        What other advice do I have?

        Assure that the organization is ready and willing to adopt this. The typical business cases cannot be addressed by the product alone.
        it_user574734
        Technology Architect at a renewables & environment company with 51-200 employees
        Vendor
        Reduced the overhead to protect enterprise data from delays.

        What other advice do I have?

        I would recommend being well prepared. Do not improvise. Understand what you are doing. Take the time to read the technical documentation, and not just the marketing material, to understand CyberArk. It will not be a waste of time. Take the time to prepare, clean, and document all your privileged, services, and application accounts. Use the product for its intended design.
        Tanmay Kaushal
        Cyber Security Consultant at a tech services company with 10,001+ employees
        Consultant
        I can customize it to meet our customers' requirements. Password management is done automatically, and adheres to company compliance policies.
        it_user455391
        IT Admin at a tech company with 10,001+ employees
        Real User
        The proxy solution using PSM and PSMP gives leverage to reach out to servers which are NATed.

        What other advice do I have?

        This is the best product from its breed.
        it_user551259
        Iam Engineer at a tech services company with 201-500 employees
        Consultant
        A different server vault is used to store data with several layers of security for protecting it.
        it_user512265
        Consultant at a tech company with 1,001-5,000 employees
        Vendor
        It is modular, and each module can extend its operational area with plug-ins.

        What other advice do I have?

        The Privileged Account Security product is a suite. That means that the product consists of different components/modules that cover a particular functional area (check their website) on privileged accounts. Plugging in more of those components in the environment results in covering a greater part of that area. Of course, there is a common layer that is used by all components. This is the security layer that holds and protects the privileged accounts. Start small. Use first the basic components that, e.g., include password management. Gradually grow the number of components/modules/functional…
        it_user519366
        Information Security Advisor at a insurance company with 1,001-5,000 employees
        Vendor
        It verifies accounts on a regular basis. It reconciles the account if it has been checked out and used.

        What other advice do I have?

        CyberArk is an innovative set of tools that are easily learned. Getting deeper into the product allows for a great deal of complex settings that can be learned via high level implementation guides as well as a CyberArk certification.
        it_user514596
        Security Technical Consultant at a tech services company with 10,001+ employees
        Consultant
        It allows you to target application-level access as opposed to just the underlying operating system.

        What other advice do I have?

        If an organisation has not utilised a PAM tool before, it is a large cultural change fundamentally in how a user works, and should be taken into consideration accordingly. The solution is complex depending on the requirements; therefore, the implementation should not be rushed and it should be tested appropriately.
        it_user512235
        Sr. Technical Consultant at a tech company with 51-200 employees
        Vendor
        The integration of Auto IT provided the flexibility to add thick clients and websites. It is expensive and the professional service team charges for each and every thing.

        What other advice do I have?

        CyberArk architecture is good and more secure, but I see the solution as expensive. Support is the worst; CyberArkstaff is not supportive, their professional service team charges for each and every thing.
        ITCS user
        Security Expert at SecurIT
        Consultant
        I see a lot of security issues are addressed by the solution. For example, audit issues for privileged accounts.

        What other advice do I have?

        Do not think too big at the start.
        ITCS user
        IT Security Consultant at a tech services company with 10,001+ employees
        Real User
        It is clientless, and does not require any third-party product for any of its operations.

        What other advice do I have?

        Invest as much as possible in the planning and design phase. Consider at least future three-year growth in password and user base such as growth in virtual environments, and size accordingly. Also consider requirements like high availability of vaults, PSM and other components.
        it_user445038
        Cyber Security Supervisor at a tech company with 1,001-5,000 employees
        Vendor
        Sys/DB admins and third parties no longer need to have system credentials.

        What other advice do I have?

        Before defining the solution’s architecture, clearly define your requirements and the kind of systems in scope. Some systems/device can be integrated out-of-the-box, others need customization. Plus: easy to deploy, highly customizable Minus: a little bit complex to integrate in large environment, complex rules/customization takes time
        ITCS user
        Technical Manager, System Division at a tech services company with 501-1,000 employees
        Consultant
        We can monitor sessions in real time. If there's any unnecessary activity, we can terminate the session.

        What other advice do I have?

        Contact the local distributor for help.
        it_user497118
        Senior Executive Information Security at a manufacturing company with 10,001+ employees
        Vendor
        It helps us proactively protect, detect and respond to in-progress cyberattacks before they strike vital systems and compromise sensitive data.

        What other advice do I have?

        Go ahead and use CyberArk. Request a demo.
        Birzu Alexandru-Adrian
        ITSM & AntiFraud Consultant with 51-200 employees
        Consultant
        The ability to start the project, install and add the passwords in just a few days is valuable.
        it_user225765
        IT Security Engineer at a tech services company with 51-200 employees
        Consultant
        The user interface needs some work, however, our security has improved.

        What is most valuable?

        It has the ability to monitor privileged sessions.

        How has it helped my organization?

        Our security has improved since implementing CyberArk.

        What needs improvement?

        The user interface needs to be improved. It could be done by getting the GUI to work with other programs from within internet browsers out of box.

        For how long have I used the solution?

        I've used it for one year.

        What was my experience with deployment of the solution?

        No issues encountered.

        What do I think about the stability of the solution?

        No issues encountered.

        What do I think about the scalability of the solution?

        No issues encountered.

        How are customer service and technical support?

        Customer Service: It's good. Technical Support: It's good.

        Which solution did I use

        ITCS user
        Senior Manager of System Security at a tech services company with 51-200 employees
        Consultant
        ​The most valuable feature of this product is the Central Policy Manager but CyberArk can be improved in all areas
        Buyer's Guide
        Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.