We just raised a $30M Series A: Read our story

CyberArk Privileged Access Manager OverviewUNIXBusinessApplication

CyberArk Privileged Access Manager is the #1 ranked solution in our list of top User Activity Monitoring tools. It is most often compared to SailPoint IdentityIQ: CyberArk Privileged Access Manager vs SailPoint IdentityIQ

What is CyberArk Privileged Access Manager?

CyberArk is the trusted expert in privileged access management and a global leader Identity Security. Designed from the ground up with a focus on security, CyberArk has developed a powerful, modular technology platform that provides the industry's most comprehensive Privileged Account Security Solution.

CyberArk Privileged Access Manager is also known as CyberArk Privileged Access Security.

CyberArk Privileged Access Manager Buyer's Guide

Download the CyberArk Privileged Access Manager Buyer's Guide including reviews and more. Updated: October 2021

CyberArk Privileged Access Manager Customers

Rockwell Automation

Archived CyberArk Privileged Access Manager Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
it_user834369
Associate Vice President & Head of Apps Support at a tech services company with 10,001+ employees
Consultant
Excellent product for privileged access management and easy to implement

Pros and Cons

  • "For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks."
  • "Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server."

What is our primary use case?

Our primary use of CyberArk Privileged Access Manager is to bring control on to the privileged access. For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks.

How has it helped my organization?

There are two main ways CyberArk Privileged Access Manager Server Control has been helpful to us.

  1. Any administrator using his own or her own ID and password to connect to the server or the domain that has been removed and the credentials for accessing the domain or the servers has been locked down into the password wallet, the access to it is controlled now through that group. Now we know who has access and what kind of access. Also, we control access through tickets. Unless there is an approved ticket, an administrator cannot just log onto a server and make changes. In this way, we are ensuring that an attack cannot just steal somebody's ADID and get into the server and create problems.
  2. Through the application and team managers, we have removed the hardcoded user ID and password in our applications. Those are now in a password vault that is not known to anyone. The vault knows and changes the password, then connects the applications to the database.

What is most valuable?

The features that we find most valuable are:

  • Enterprise Password Vault
  • Privilege Session Manager
  • Application Manager
  • Team Manager

These modules help us in locking down the credentials, rotating passwords automatically without us having to worry about it, isolation of servers from the user machine and availability of privileged session recordings for us to check on demand.

What needs improvement?

I think that the connectors, the integration pieces, the integration to ticketing system. This is something which is not meeting our requirements via out-of-the-box solutions, so we have to look for a customized solution, that could be improved.

Integration with the ticketing system should allow any number of fields to be used for validation before allowing a user to be evaluated and able to access a server.

Additional features: We are looking at the connectors. The connectors to be more robust and provide more flexibility for out-of-the-box implication.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It's quite stable so we've not faced any problems so far and it's been working smoothly for us. Initially, there were some technical issues, disconnections happening, and the slowness was there, but we've been able to overcome those challenges. Now for the past 15, 20 days, it's been running smoothly.

What do I think about the scalability of the solution?

The software is scalable enough, so if we want to add more domains, we can just go ahead and do it. I don't see a challenge with that. There are a couple of other parts of the solution that we are not rolling out, but we'll be doing that.

How are customer service and technical support?

The support has been good. Turnaround times have been okay. They have not been immediate, but they do respond in a few hours, or in a day.

Which solution did I use previously and why did I switch?

We didn't have a previous solution at the time.

How was the initial setup?

AIM was a complex piece, but the install was straightforward. It took us around five months.

What about the implementation team?

We went with an implementation partner for the deployment which included a number of admins. Currently, there are around 60 users but they are going to be 150 plus in a month or so.

We want the implementation partner for supporting it for the next three months, and then we will make the call whether we want to continue with them or maybe our resources should be good enough internally to support it.

What's my experience with pricing, setup cost, and licensing?

The cost and licensing fees of the software are fairly reasonable.

Which other solutions did I evaluate?

There were a few competitors we evaluated like CA Technologies, Arcos, Oracle, and Microsoft.

What other advice do I have?

My advice would be to plan ahead of time. Put up the plan for all the modules that you are going to implement. Look at what the dependencies of those are and plan for those dependencies in advance, then start the project.

Especially where it is the application identity manager, the AIM part, which is not only dependent upon the implementation partner but also the customer dev team to make the changes.

That's what makes it critical to plan ahead, ensure all stakeholders' commitment of their time and support, then start the implementation.

I would rate it nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer1052523
User with 10,001+ employees
Real User
Automatic password management based on a strong password policy

What is our primary use case?

It provides a tamper-proof solution for privileged accounts and third-party access to corporate assets.

How has it helped my organization?

We have different teams that hire out consultants from various vendors. For those consultants, there was a challenge in providing access to our critical infrastructure. CyberArk PAS provides isolated and recorded sessions for third-party/outsourced admin access. 

What is most valuable?

Automatic password management based on a strong password policy. Because still, many people choose not strong enough passwords for administrative accounts.

What needs improvement?

The product should be improved in order to support more platforms. It will be awesome if google cloud API keys are being supported like AWS and Azure.

For how long have I used the solution?

One to three years.

What do I think about the scalability of the solution?

Pretty scalable in the sense of PSM and storage.

Which solution did I use previously and why did I switch?

No, we didn't use any.

Which other solutions did I evaluate?

Yes, there was a POC which took place among BeyondTrust, Thycotic and CyberArk.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
540,984 professionals have used our research since 2012.
Maarten22
User at Liberty Global
Real User
Third-party teams are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials

What is our primary use case?

The main usage of our implementation is to limit the credentials exposure to our third-party teams. They are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials.

How has it helped my organization?

Our third-party teams are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials. Besides this, end-points themselves are back in control when the passwords are managed by the CPM.

What is most valuable?

The two main features are the CPM and the PSM. This is to make sure that the credentials are managed in a controlled manner and the sessions that are launched are set up in an isolated way.

What needs improvement?

We are aware that in 10.6, the "just in time" access has been created. I would like to see this developed further.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The vault is almost a set-and-forget solution. Once the vault has been installed and configured, not much needs to be done in there apart from the occasional upgrade.

What do I think about the scalability of the solution?

The environment is very easy to scale out. Especially running the CPM and PSM components in a load balanced virtual environment gives you the flexibility to quickly expand the environment.

How are customer service and technical support?

This has been excellent for me. They always replied quickly, and most of the time the issue was resolved. The only downside — as soon as a ticket goes to the R&D engineers, you will have to wait a bit.

Which solution did I use previously and why did I switch?

We did not use a PAM product before this.

How was the initial setup?

The initial setup (for a UAT environment) was straightforward. During the planning of the PROD environment, it became a little more tricky with different network segments and method for accessing the environment itself.

What about the implementation team?

We had a combination of in-house (with training), vendor (CyberArk) and third-party vendor. The third-party vendor Computacenter helped us with creating some design and documentation. I would not recommend this third-party to other people as they did not fully work with us and listen to our requirements.

What was our ROI?

We are still rolling out in our environment which makes the ROI difficult to calculate.

What's my experience with pricing, setup cost, and licensing?

Make sure to use the latest licensing model as that will give you most of the "cool" features to work with.

What other advice do I have?

One of the most important aspects is to ensure that the business is behind the solution. CyberArk suite will only work well if all users adopt the system.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer990891
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Consultant
Takes away all ambiguity around "known" admin accounts

What is our primary use case?

Privileged account access into customer environments.

How has it helped my organization?

A higher level of password rotation and usage auditing.

What is most valuable?

OTP Session recording Auditing It takes away all ambiguity around "known" admin accounts.

What needs improvement?

The native PSM components are really good, however, if you have to apply environmental tweaks to an application launch, custom AutoIt scripts are needed.  Options for specifying drive mappings or script execution without the need for AutoIt based scripting in the native components would be good.

What is our primary use case?

Privileged account access into customer environments.

How has it helped my organization?

A higher level of password rotation and usage auditing.

What is most valuable?

  • OTP
  • Session recording
  • Auditing
  • It takes away all ambiguity around "known" admin accounts.

What needs improvement?

The native PSM components are really good, however, if you have to apply environmental tweaks to an application launch, custom AutoIt scripts are needed. 

Options for specifying drive mappings or script execution without the need for AutoIt based scripting in the native components would be good.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer991878
Senior IT Security Engineer at a insurance company with 5,001-10,000 employees
User
Having the vaulting tech ensures that the credentials are secure

What is our primary use case?

We are using the solution for privileged account management. (Rotation, session isolation, checkout, etc.)

How has it helped my organization?

Accounts are managed, passwords change frequently, and we have better audit logs! When something happens, there is a better chance you can determine the who/what/where/when/why of the situation.

What is most valuable?

The vaulting technology as well as the privileged session management: Having the vaulting tech ensures that the credentials are secure, and PSM ensures that the end user can perform needed tasks without knowing or needing the credentials.

What needs improvement?

A greater number of out-of-the-box integrations with other vendors: They are working on it, but more is better!

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Rock solid! I would say it is, set it and forget it, but the vendor keeps on top of upgrades and enhancements.

What do I think about the scalability of the solution?

It seems to work well for any size of organization, or any size of deployment in my experience.  

How was the initial setup?

Pretty straightforward, a lot of time will be spent on the initial engineering phase where you determine how you want to use the solution, naming requirements, admin accounts, etc.

What's my experience with pricing, setup cost, and licensing?

As with everything, try before you buy. Get a trial licence, set up a demo environment and see if it meets the use case for your enterprise.  

Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer990912
Senior Manager - Privileged Access Management at a tech services company with 10,001+ employees
Real User
Has the ability to standardize our PAM across a diverse estate

What is our primary use case?

  • PAM interface for staff to support customers which may include CyberArk solutions of their own.
  • Managing large environments with varied and diverse environments.

How has it helped my organization?

Improved our user access and tracking, thereby safeguarding the organization and its customers. Being a user makes us a better reseller.

What is most valuable?

Shared-service accounts reducing the number of potential entry points as well as the ability to standardise our PAM across a diverse estate.

What needs improvement?

Multi-tenancy vaults should really have the same release cycle as single tenancy vaults; this will enable us to meet even more customer demand. We are striving to be at least on the latest release minus 1 (n-1) and for us to run both Single and Multi-Tenant core systems the difference in release cycles will result in a wide gap. Considering the considerable changes including user interface we have seen recently, the one concern is that we may end up with users having different interfaces to deal with different customers. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Very stable with no own goals in three years.

What do I think about the scalability of the solution?

Scalability is very good.

How are customer service and technical support?

We get excellent feedback from customer service, irrespective of the level of issues raised.

Which solution did I use previously and why did I switch?

Yes, we decided to change to CyberArk in line with our strategic intent to provide as safe a central and customer environment as possible.

How was the initial setup?

Initial setup was complex and time-consuming but the later versions are a lot faster to implement.

What about the implementation team?

We implemented through in-house specialists.

What's my experience with pricing, setup cost, and licensing?

Standardised offerings that allow for customer-specific flexibility.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer990891
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees
Consultant
Auditing and recording functionality has made compliance with customer requirements a much clearer and easily managed process

What is our primary use case?

Primary use case: having privileged access management and ingress into customer networks and infrastructure.

How has it helped my organization?

The auditing and recording functionality along with stringent password-change policies and one-time password use has made compliance with customer requirements a much clearer and easily managed process.

What is most valuable?

Recordings Exclusive use, and  OTP.  There can be no ambiguity: An account can only be in use by one single known user, and they have no knowledge of the password.

What needs improvement?

Functionality to enable drive mappings to platforms and default connectors without the need to use AutoIt.

What is our primary use case?

Primary use case: having privileged access management and ingress into customer networks and infrastructure.

How has it helped my organization?

The auditing and recording functionality along with stringent password-change policies and one-time password use has made compliance with customer requirements a much clearer and easily managed process.

What is most valuable?

  • Recordings
  • Exclusive use, and 
  • OTP. 

There can be no ambiguity: An account can only be in use by one single known user, and they have no knowledge of the password.

What needs improvement?

Functionality to enable drive mappings to platforms and default connectors without the need to use AutoIt.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DD
Information Security Engineer at a international affairs institute with 1,001-5,000 employees
User
Helps control use of shared passwords and the practice of sharing passwords disappeared completely

What is our primary use case?

The main purpose of getting CyberArk was to control the use of the shared passwords. 

Secondly, we needed to take out the secrets from the applications' source code (database connection strings). 

Thirdly, we wanted to improve the network segmentation and reduce the number of firewall exceptions. We're doing that by assigning a PSM per network zone and limiting the exceptions to its connections.

How has it helped my organization?

The practice of sharing passwords disappeared completely and the most sensitive application is using the AIM to retrieve database passwords for all its users.

We're still struggling with the use of RDP through PSMs.

What is most valuable?

The most valuable features for us are the AIM and PSM because they helped us by reducing the number of secrets floating around.

What needs improvement?

The AIM providers registration process could be easier and could allow re-registration. Also, some sort of policies for assigning access rights and safe ownership would be useful for deployment automation. We're seeing difficulties with hosts requiring 2FA, and we need to better cover them with PSM and PSMP.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I am very impressed with the stability, but I still need to convince some colleagues.

What do I think about the scalability of the solution?

Scalability is rather good, we haven't reached any technical limitations yet.

How are customer service and technical support?

The support is always very responsive, accurate, and complete in their solutions. I've always had a personal contact that would know our setup and was able to concentrate on our specifics instead of pointing to a generic document on the support site.

Which solution did I use previously and why did I switch?

No, we haven't used any other solution.

How was the initial setup?

The initial setup was straightforward because its entire complexity was hidden by the CyberArk expert who guided the whole process.

What about the implementation team?

Our vendor's implementation team was stellar.

What was our ROI?

We haven't yet calculated the ROI.

What's my experience with pricing, setup cost, and licensing?

Attempt to minimize the AIM deployments as the license is expensive. Take a license for a test instance even if it might cost extra.

Which other solutions did I evaluate?

I cannot tell what other options were evaluated.

What other advice do I have?

Keep an eye on the cloud integrations and be ready for Conjur.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Je’rid Mccormick
Associate Engineer I at COUNTRY Financial
Real User
Has been a great help in automating password retrieval which removes the need for hard-coded credentials

What is our primary use case?

To securely manage privileged accounts within the enterprise and automate password compliance where possible.

How has it helped my organization?

CyberArk has enabled my organization to monitor and manage privileged accounts in a secure manner while also giving the ability to adhere to password compliance automatically. CyberArk has helped us to remove hard-coded credentials in applications and scripts.

What is most valuable?

AIM has been a great help in automating password retrieval which removes the need for hard-coded credentials. Hard-coded credentials are a risk to organizations as they are easy for attackers to target. Therefore less hard-coded credentials increase the security stance of the enterprise.

What needs improvement?

  • More functions could be added to the REST API feature. 
  • The ability to list all users and list providers would be helpful.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

This solution is very stable with the ability of satellite vaults and HA.

What do I think about the scalability of the solution?

CyberArk is incredibly scalable. Make sure to check out the unlimited option.

How is customer service and technical support?

Excellent service and quick responses with engineers who understand the product.

What was our ROI?

For the time saved and security added, the benefit far outweighs the cost.

What's my experience with pricing, setup cost, and licensing?

Check out the unlimited model as it can save money and make for a more scalable solution depending on the size and needs of your organization.

Which other solutions did I evaluate?

Yes, my company did evaluate other options, but I was not with the company when this occurred.

What other advice do I have?

Contact the professional help for a demo, and you will not be disappointed. Even if you do not choose CyberArk, they can help identify current security gaps.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Identity and Access Management Analyst at a financial services firm with 1,001-5,000 employees
Real User
We're now able to start managing service accounts with AIM

What is our primary use case?

We use CyberArk to manage anything privileged including our admin IDs, AWS root credentials, service accounts, etc.

How has it helped my organization?

It's been a big win for us as we're now able to start managing service accounts with AIM. This is a big win, especially with our web hosting team.

What is most valuable?

There are several features we've found valuable. We're auto-discovering our new Windows servers, we're managing root in our Unix environment, and now we're pushing for SA password rotation this year.

What needs improvement?

As we have not yet moved to the core licensing model, we don't have the benefit of PSM and a few other things that were not previously included.

For how long have I used the solution?

One to three years.

What is our primary use case?

We use CyberArk to manage anything privileged including our admin IDs, AWS root credentials, service accounts, etc.

How has it helped my organization?

It's been a big win for us as we're now able to start managing service accounts with AIM. This is a big win, especially with our web hosting team.

What is most valuable?

There are several features we've found valuable. We're auto-discovering our new Windows servers, we're managing root in our Unix environment, and now we're pushing for SA password rotation this year.

What needs improvement?

As we have not yet moved to the core licensing model, we don't have the benefit of PSM and a few other things that were not previously included.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer990921
IT Support Specialist / Project Lead at a energy/utilities company with 10,001+ employees
Real User
Provides a more secure computing environment, allowing only approved programs to run securely

What is our primary use case?

Used to allow the removal of local administrators from 12,000 endpoints and yet still allows users to have the applications they need with the proper permissions required.

How has it helped my organization?

Users were removed from local administrators group on all desktop endpoints providing a more secure computing environment, allowing only those programs approved to run securely.

What is most valuable?

  • The visibility of what is being run and control of those applications.
  • Limiting the unnecessary application users think they need, and producing security vulnerabilities.

What needs improvement?

Better search functionality in the EPM console. It becomes difficult to search lengthy policies for specific items. Additionally, some of the windows sizes cannot be manipulated to allow a better user experience.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

The product is relatively stable, but as with most software, it has room for improvement.

What do I think about the scalability of the solution?

This solution is very scalable from what we have seen.

How are customer service and technical support?

Our experience with tech support has been positive with slight delays due to the location of some of the deep-level resources.

Which solution did I use previously and why did I switch?

No, we used no other services/software previous to EPM.

How was the initial setup?

Straightforward setup with a substantial learning curve to implement.

What about the implementation team?

We implemented in-house with the direction of a third-party.

What was our ROI?

Our ROI is currently being looked at.

What's my experience with pricing, setup cost, and licensing?

Setup, costs, and licensing are fairly straightforward and easy to navigate. Questions to the account manager typically resulted in the answers needed.

Which other solutions did I evaluate?

We looked at several different vendors and conducted detailed POCs on each to ensure we were getting what we needed.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
José Luis Llorente Rey
Senior Specialist Identity System Support at Roche
Real User
The master policy allows us to establish a security baseline for our privileged accounts

What is our primary use case?

We are using CyberArk to store credentials of privileged assets in a secure way. In addition, CyberArk helps us to meet our security policy effortlessly, defining the complexity of the passwords, rotation period, etc.

We are also using the Privileged Session Manager to provide remote access to servers with security controls in place (session isolated and recorded).

How has it helped my organization?

With CyberArk, we can meet our compliance requirements reducing security risks without introducing additional operational complexity. This is very valuable for our company because we have regular audits where we have to provide evidence about the use of our privileged accounts (password use, password rotation, etc.)

In addition, we have several third parties that need access to our infrastructure. CyberArk PAS helps us to provide this access in a quick and secure way.

What is most valuable?

  • Master policy: allows us to establish a security baseline for our privileged accounts.
  • CPM: allows us to rotate passwords following the policy defined.
  • PSM: allows us to provide isolated sessions to the customer with additional controls (real-time monitoring, session isolation, and session recording).

What needs improvement?

  • We would like to have more flexibility in the RBAC model and have more options to define who should have access to what, not only based on safe membership. 
  • In addition, the user interface could be improved. When a team manages thousands of accounts, advanced filters are very valuable to search the accounts.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
GM
IT Analyst at a tech services company with 10,001+ employees
Real User
Enables us to connect to the target system component and helps us with recordings

What is our primary use case?

We have different privileged accounts in our enterprise. All of the application owners and the stakeholders want to store those accounts CyberArk privileged security, so they can connect to the target systems. It also allows for session recordings at the time of auditing.

What is most valuable?

We can be connected to the target system and the PSM component comes into play. In addition, a true asset is the recordings the solution keeps.

What needs improvement?

We have found with the recent upgrade a lot of issues we had with the connection have been resolved.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

What is our primary use case?

We have different privileged accounts in our enterprise. All of the application owners and the stakeholders want to store those accounts CyberArk privileged security, so they can connect to the target systems. It also allows for session recordings at the time of auditing.

What is most valuable?

We can be connected to the target system and the PSM component comes into play. In addition, a true asset is the recordings the solution keeps.

What needs improvement?

We have found with the recent upgrade a lot of issues we had with the connection have been resolved.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

There are no issues with scalability. Our clients are very happy to use the product.

How is customer service and technical support?

Tech support is very quick to answer our request tickets. 

How was the initial setup?

It is necessary to use professional service for the setup of the solution. It is a challenge if you are not well-versed in CyberArk.

What's my experience with pricing, setup cost, and licensing?

In comparison to other products on the market, CyberArk is a more costly product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Dan Hines
Senior Technologist at a retailer with 1,001-5,000 employees
Real User
We are able to know who is accessing what and when; having accountability

Pros and Cons

  • "We are maintaining compliance in PCI, SOX and HIPPA, which is a big thing. Auditors really like it, and it has made us stay compliant."
  • "We are able to know who is accessing what and when; having accountability."
  • "Make it easier to deploy."

What is our primary use case?

Primary use case is for compliance, SOX, PCI, HIPAA, and securing privileged access accounts. It seems to be performing well. We have had pretty good success with it.

We plan to utilize CyberArk to secure infrastructure and applications running in the cloud with AWS Management Console. We are testing it right now, so we hopefully it will be ready in about two months.

How has it helped my organization?

We are maintaining compliance in PCI, SOX and HIPPA, which is a big thing. Auditors really like it, and it has made us stay compliant.

There is at least one place to go to for getting privileged accounts. Now, users have to go through the portal or go through CyberArk front-end, the PVWA, or we could use the OPM or PSMP. It has helped out quite a bit.

What is most valuable?

We are able to know who is accessing what and when; having accountability. That is the big thing.

What needs improvement?

Make it easier to deploy. In 10.4, we did it with the cloud and could actually script the installs.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It has been pretty stable. We had some issues before, but customer support has been helping us out quite a bit. 

We think we had some PSM issues, and that was the big problem we had. Basically, it had to be rebuilt.

What do I think about the scalability of the solution?

Scalability is impressive because you can set up clusters, so you can grow as your needs grow.

How is customer service and technical support?

Technical support has been excellent. They have been really good and knowledgeable. They come out and help us out. They have also helped us do our roadmapping.

We feel like we get the right person the right time that we call.

How was the initial setup?

The upgrading process was pretty straightforward. We had some issues with the platforms when we upgraded. That was probably on our part, maybe we missed something.

What about the implementation team?

The vendor was retained to implement our Cyberark rollout initially.

What was our ROI?

It keeps us from getting dinged by the compliance officers. Keeps us in compliance.

What's my experience with pricing, setup cost, and licensing?

Understand your needs prior to purchasing. Cyberark team will advise as well which is a plus.

What other advice do I have?

It does what it promised. It secures our platforms, haves the scalability, and it is just a solid product.

Know what you are getting into upfront. Work with IT to ensure you have buy-in from upper management, and work with them to get a roadmap to deploy. 

Most important criteria when selecting a vendor:

  • Reliability
  • Having good customer support.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user635622
Vice President - Cyber Security at a tech services company with 10,001+ employees
Consultant
This product is stable. But, we did encounter some issues with the decentralized mode of the product.

What is our primary use case?

We primarily use this product for privileged identity management, restricting privileged IDs, and governance. This is the primary function of the program, and what we expect from it within the broad business level.

What needs improvement?

One limitation is that we are not able to put this into a decentralized mode.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

This solution is quite stable.

What do I think about the scalability of the solution?

We have no issues with scalability.

How is customer service and technical support?

The tech support is decent. 

How was the initial setup?

It takes a while to adapt to the product.

What's my experience with pricing, setup cost,

What is our primary use case?

We primarily use this product for privileged identity management, restricting privileged IDs, and governance. This is the primary function of the program, and what we expect from it within the broad business level.

What needs improvement?

One limitation is that we are not able to put this into a decentralized mode.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

This solution is quite stable.

What do I think about the scalability of the solution?

We have no issues with scalability.

How is customer service and technical support?

The tech support is decent. 

How was the initial setup?

It takes a while to adapt to the product.

What's my experience with pricing, setup cost, and licensing?

I do not have experience with the pricing or licensing of this product.

What other advice do I have?

I think having a distributed architecture would certainly help this solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
VS
Senior Associate at a consultancy with 10,001+ employees
Consultant
The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out.

Pros and Cons

  • "The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out."
  • "There was a functionality of the solution that was missing. I had noticed it in Beyond Trust, but not in this solution. But, recently they have incorporated something similar."

What is our primary use case?

My primary use case for this solution is to prevent privileged access, privilege accounts, and to mark all of those for future ordering proposals. It is to limit their access.

What is most valuable?

The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out. It also provides flexibility and a comprehensive reporting. In terms of reporting, it can pull up to three types of reports and you can do some Excel work on those. Then, you will be able to find information that you were looking for. It is is the reporting by-laws, as well. Apart from this, it also has a lot of advanced components. It can extend the picture at the end of the productive scope.

What needs improvement?

There was a functionality of the solution that was missing. I had noticed it in BeyondTrust, but not in this solution. But, recently they have incorporated something similar.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is a stable solution for our needs.

What do I think about the scalability of the solution?

The scalability provided by this solution is a lot better than some of the other available products on the market.

How is customer service and technical support?

The technical support has been tremendous. They try to resolve the issue as soon as possible, but sometimes I would expect them to engage an L3 level of support at the very first moment, as for priority, but they take a bit longer. 

How was the initial setup?

Sometimes, when we install their product, the BFN (Bridge to Future Networks) to the component manager, we have issues. When we install this component in high ability mode, and the load balancer, then sometimes that creates different problems. Sometimes, to find the issue we actually, even if one of the component goes down, get notifications easily. That is not an issue, but to rectify the issue, sometimes it takes longer than I would like, you know. When it goes for a higher ability mode for the component then it makes our work a little a cumbersome.

What's my experience with pricing, setup cost, and licensing?

This solution is considered to be more expensive than others out there on the market today.

Which other solutions did I evaluate?

I have previous experience with BeyondTrust. And, there are other products, such as Lieberman and Arcos, which are being used in the Indian market because of its cost effectiveness.

What other advice do I have?

CyberArk has vast trust across the globe. People who've used CyberArk usually don't go back and change the product, unless it is a cost issue. If it is a cost issue, I must suggest BeyondTrust as a cost-effective solution for similar services.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
HP
Lead Consultant at a tech services company with 10,001+ employees
Reseller
I like the PTA (Privileged Threat Analytics) of this solution.

Pros and Cons

  • "I really like the PTA (Privileged Threat Analytics). I find this the best feature."
  • "If we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature."
  • "Tech support staff can be more proactive."

What is our primary use case?

Our primary use case for this solution is privileged threat management and session management.

How has it helped my organization?

I have an affinity towards CyberArk. I find that it works out-of-the-box, as a product.

What is most valuable?

I really like the PTA (Privileged Threat Analytics). I find this the best feature.

What needs improvement?

From what I see, like the out of the box password management features, or you can pay the tax forms, which I will write log, can become extensive. For example, we have right now 45 to 50 platforms to tell that were out of the box, like Cyber Optics 200 out of the box connectors, so if we can just put those also into out of the box so that the pros do not have to retell everything to what they think the comp manager of Cyber Optics representative. Apart from that, if we could have some kind of out-of-the box feature that you can simply say "no" so they don't have to go into a development mode, that would a really helpful feature.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I would not say there is a stability issue. There are quite a few bugs, which I have discovered in versions 10.1 and 10.2, but I believe that was rectified out of scalability.

What do I think about the scalability of the solution?

I have no scalability issues at the present time.

How is customer service and technical support?

I believe the tech support staff can be more proactive. Right now, I have booked a ticket with tech support for an issue, and I have labeled the ticket "moderate priority." The response from tech support was at best, an answer within three to four days. I believe that is too much time, and can be shortened.

How was the initial setup?

It's straightforward, I mean probably who for 11 years of experience is quite straightforward, but maybe for a newbie, it could be complex.

What's my experience with pricing, setup cost, and licensing?

I do not have any opinions to add about the pricing.

What other advice do I have?

I think if the industry could work together on TSM connectors, this would be a cutting-age change.

Disclosure: My company has a business relationship with this vendor other than being a customer: I am a reseller.
RS
Principal Consultant, IAM Projects at a tech services company with 201-500 employees
Consultant
The threat analytics is an important feature. This is a robust product.

Pros and Cons

  • "The threat analytics is an important feature."
  • "The usual workload is sometimes delayed by the solution."

What is our primary use case?

The primary use case is password management. 

What is most valuable?

I find the threat analytics is an important feature. CyberArk can look at the log details, and analyze who is using the applications, which are their locations, and which are the IP locations from which they are accessing. This enables the solution to find the exact location the threat is emanating from. We really value this feature.

What needs improvement?

The usual workload on the system is sometimes delayed by CyberArk. So, any major work is getting delayed, and may take twice the amount of time that it usually does. For instance, if there's a password change of an account it will take time because you have to log in, then  authenticate, and this is followed by delays. It becomes cumbersome and frustrating.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is a stable product. 

What do I think about the scalability of the solution?

The scalability of the solution is good. We expanded, and we found the biggest part was a bit unfomfortable in terms of product. They are designing, leveraging the features so greater different markets are joined. On the ground it was difficult initially.

How is customer service and technical support?

I found techincal support is adequate. The Indian team is not so good. They are OK with helping, but not all of the engineers are entirely experienced. 

How was the initial setup?

The initial setup was OK. If I set up one box, one automation, one machine, within one program, it is O. But, if I have multiple locations in Japan, China, Asia, Singapore, and the like, I will have some trouble. I have faced this problem in the past. 

What's my experience with pricing, setup cost, and licensing?

It is quite costly. The license is a concern for some of the clients. 

Which other solutions did I evaluate?

I have previous experience with Oracle in the past. There is an ease of use with Oracle, because it is small and not very complex. You can wrap your work in a single day with Oracle. In comparison, the API is quite small with CyberArk. But, the product itself is so robust.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sumit Batabyal
Security Team Lead at a tech services company with 10,001+ employees
Real User
This product helps us complete financial audits. It is a nice solution.

What is our primary use case?

Our primary use case for this solution is it provides a security solution that includes password management. This defends against threats.

What is most valuable?

The most valuable feature to me is the recording feature. I can track all of the records, the commands, the server, any misguidance, etc.

What needs improvement?

Over the past seven years, I have seen a lot of ups and downs with the product, but now I am happy with the version that we are using now. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I have no issues with stability. 

What do I think about the scalability of the solution?

It is scalable. We have added new equipment, and this solution has been relevant.  …

What is our primary use case?

Our primary use case for this solution is it provides a security solution that includes password management. This defends against threats.

What is most valuable?

The most valuable feature to me is the recording feature. I can track all of the records, the commands, the server, any misguidance, etc.

What needs improvement?

Over the past seven years, I have seen a lot of ups and downs with the product, but now I am happy with the version that we are using now. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I have no issues with stability. 

What do I think about the scalability of the solution?

It is scalable. We have added new equipment, and this solution has been relevant. 

How is customer service and technical support?

They are very helpful for us whenever we have any questions. 

What's my experience with pricing, setup cost, and licensing?

No, I do not have any advice on the price of the product. It is a great product that I recommend to others. 

Which other solutions did I evaluate?

I did not consider any other options. 

What other advice do I have?

This product is helpful for financial auditing needs, as well.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AP
Technical Manager at a tech services company with 10,001+ employees
Reseller
It helps our customers in their software requirement imports

Pros and Cons

  • "It helps our customers in their software requirement imports."
  • "The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs."
  • "Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations."

What is our primary use case?

One of our customers is using the 9.5 version of the solution.

We personally use the product. We are implementing it and have a lot of involvement in its usage.

We use it primarily because we need to manage business accounts and reduce our inboxes.

How has it helped my organization?

It has improved the way our company functions on the basis that they're expanding, and the SDDC management solution and the decision to bring on security licenses under the system umbrella, then has passwords and the system management be a requirement in the coming quarters. We are already doing a small PoC with the relevant themes of the natural habits of the security teams. 

What is most valuable?

The password reconciliation and its limitation with respect to access in target servers along with the end users apart from the import, which is already available. This helps our customers in their software requirement imports.

What needs improvement?

The lead product has a slow process. There are some reports and requirements from CyberArk which are not readily available as an applicable solution. We have made consistent management requests in the logs.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is stable. They have had subsequent releases with patches for bugs. 

What do I think about the scalability of the solution?

With respect to scalability, it depends upon how much scalability you need in the moment. 

How are customer service and technical support?

There is not seamless stability in the support. Sometimes, we don't have any level of support which is required when something critical happens.

Which solution did I use previously and why did I switch?

We were using the Centrify solution for managing UNIX apart from CyberArk. However, the scope of the Centrify solution is not as wide as the CyberArk solution.

How was the initial setup?

Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations. 

What was our ROI?

Eventually, the licensing cost benefit doesn't happen or maximize the customer's profit.

What's my experience with pricing, setup cost, and licensing?

Network and security licenses are currently being managed by other outsource vendors, so they are facing some type of problems in the digital aspect. 

Recently, there has been some new licensing guidelines which have come up since 2018 related to installation by technicians. However, we had our solution installed in 2015. 

What other advice do I have?

Work off your roadmap for implementation.

We recommend CyberArk solutions.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
it_user514779
Project Manager at a tech services company with 10,001+ employees
Consultant
It is secure and simple to use

What is our primary use case?

We are using it for privileged access management.

What is most valuable?

It is very secure.  The voice technology is very good. It is very simple to use.

For how long have I used the solution?

More than five years.

What do I think about the scalability of the solution?

We haven't had issues with scalability.

How are customer service and technical support?

We have good support from support. They are very helpful.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The initial setup was somewhat complex, but we received help from the product support team with the installation.

What's my experience with pricing, setup cost, and licensing?

The product is costly…

What is our primary use case?

We are using it for privileged access management.

What is most valuable?

  • It is very secure. 
  • The voice technology is very good.
  • It is very simple to use.

For how long have I used the solution?

More than five years.

What do I think about the scalability of the solution?

We haven't had issues with scalability.

How are customer service and technical support?

We have good support from support. They are very helpful.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The initial setup was somewhat complex, but we received help from the product support team with the installation.

What's my experience with pricing, setup cost, and licensing?

The product is costly due to its active management features.

What other advice do I have?

The product is the best in the market at the moment.

I would recommend the product for sales learning. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DM
Core Analyst/ Server Admin at a comms service provider with 1,001-5,000 employees
Real User
Gives us the security of all credentials in one place and lightens our administrative load

Pros and Cons

  • "CyberArk is not just an IT security or cybersecurity tool. It's also an administrator tool. I had a fair number of systems where the passwords were not fully managed by CyberArk yet, and they were expiring every 30 or 45 days. I was able to get management turned on for those accounts. From an administrator perspective, I didn't have to go back into those systems and manually change those passwords anymore. CyberArk... lightened the load on our administrative work."
  • "This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be better if they were a little more give-and-take upfront: "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful."

What is our primary use case?

We use CyberArk to manage our privileged accounts, our passwords for our critical infrastructure. We have a lot of root administrator level accounts and other application and node accounts that are critical to our business. We use CyberArk to keep those rotated, keep them secure, in an encrypted environment giving us a lot more control and auditing capability.

We are not planning to utilize CyberArk to secure infrastructure for applications running in the cloud because, in our particular business, we like to keep things in-house. Although we have a very small use case scenario where we have one application published to a cloud service, for the vast majority of our infrastructure, we keep it in-house and manage it ourselves.

In terms of utilizing CyberArk's secure application credentials or endpoints, I'd have to think through what CyberArk means by "endpoints," exactly. We do some application management right now. We're mostly doing more server-router, switch, node. And we have some custom vendor nodes that are not your normal off-the-shelf things, that we're trying to get under management right now. As we move along and become more secure, we'll probably do more and more of the application management like that.

How has it helped my organization?

It has given us a common environment where all of our critical infrastructure credentials can be stored. From the pure usability and administrative perspective, I can't imagine doing what we do without it. And we're a fairly small business. We don't have 10,000 servers or 5,000 systems to manage. Still, the smaller the business, the smaller the company, the smaller the number of support people you have. So we still end up with a lot of people having to do a lot of work. 

I would say the security, having all the credentials in one place, having a two-factor login to the system available to us, which we use, and then that administrative aspect of it, being able to lighten our administrative load, so once we hand over certain things to CyberArk, that administrative work is done by CyberArk and not by us anymore. It enables us to get a lot more done with a smaller crew.

The first thing that pops into my head is, when you're dealing with some old-school people who have been around our business for many, many decades, who are accustomed to writing down passwords on pieces of paper on their desk, getting those people off of the desktop and into an encrypted environment, that alone, is an enormous improvement.

We literally had people, just a few years ago, who would have pieces of paper written with everything - address, username, password - sitting in plain sight on their desktop that the janitor at night could come in and see laying on their desk. Just within the last few years, I've even seen higher-level people who have the little sticky note out on their desktops, on top of their screen, with credentials. It's all electronic but, still, you get to their desktop or you look over their shoulder and you see everything.

Going from that to having an encrypted environment, that alone was a huge improvement. Working with a lot of people who have been around the business for a long time, who have more of an old-school mentality, getting those credentials moved into a more secure environment and getting them rotated automatically, that's a huge improvement by itself.

What is most valuable?

The basic features are, themselves, highly useful. I was just saying to some CyberArk people that I came to understand fairly early on that CyberArk is not just an IT security or cybersecurity tool. It's also an administrator tool.

I had a fair number of systems where the passwords were not fully managed by CyberArk yet, and they were expiring every 30 or 45 days. I was able to get management turned on for those accounts. From an administrator perspective, I didn't have to go back into those systems and manually change those passwords anymore. CyberArk was taking that administrator task away from me and handling it, so it lightened the load on our administrative work.

It is a good security tool, but it's also a great administrator tool in that respect.

What needs improvement?

Things that they were speaking about, here at the Impact 2018 conference, are things that we've already been looking it. They have been on our radar, things like OPM. We're beginning to use PSMP a little bit ourselves. We already have that implemented, but we haven't been using it a lot. The number one thing might be OPM, that we're looking at, that we think might help us in our business, but we haven't implemented them yet.

There are so many options that are currently available, and there are already efforts, projects within CyberArk, that they're working on right now, that I haven't really had time to think beyond what they're already offering. There are so many things that they have that we're not using yet, that we haven't licensed yet. There is a lot of stuff out there that we could take on that we haven't yet for various reasons, including budgeting.

It's always the need to do a cost-benefit and then doing a business case to management and convincing them that it's something that would be good for us and that it's worth spending the money on.

Right now, it's just trying to implement what's out there and use some of those tools that would give us the most bang for the buck.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Stability is very, very good. We did have a minor incident. It could have been a major incident. The customer support people were spot on in getting us back in order pretty quickly. I think it's a little bug in the version that we're at. That's one of the reasons we need to upgrade right now. We're just trying to decide which version we want to upgrade to before we pull the trigger.

Beyond that, as far as stability and reliability, there really haven't been any major issues. We've had one little incident. We got it mitigated within a very short amount of time thanks to, on that day, really good, quick tech support from CyberArk. And beyond that, it's been a very stable and reliable system. There hasn't been any other downtime that I can point to and say it was CyberArk's fault.

I painted myself into the corner a couple of times, and had to jump through some hoops to get myself back out; those were my fault, a lack of experience.

For the most part, over the two and a half years we've used it, we've just had that one little incident that caused us a little bit of concern. Like I said, it was mitigated very quickly and didn't cause a huge storm within the company and didn't have a huge impact that particular day, fortunately.

What do I think about the scalability of the solution?

We haven't scaled it up much since we took it on. From everything I've seen, I think scalability should be excellent. You can spin up as many component servers as you need to get the job done. Obviously, at some point, licensing is going to come into that. I don't see how scalability would be any kind of problem for anyone. I think you can make it as big or as little as you need it to be.

How are customer service and technical support?

This is coming from a person who spent two-and-a-half years in customer support, so I do have a certain amount of empathy towards customer support people and the challenges they deal with. It depends on who you get on the other end of the phone. When you call in, you may get the young lady that I got the day we had that major issue. She very quickly found exactly what we needed to do and told us how to do it, and we got the problem settled.

I've had other situations on much more minor issues, like how to configure this or how to make that work and I haven't had as good an experience on all of those. Sometimes I do, sometimes I don't. I think it depends more on who you get rather than on the company in general. Some support reps are always going to be better than others.

I've only had a very small number of experiences with them. When I have an issue like that, I don't just open up a ticket and then leave it alone until they get back with me. I usually go back and continue to dig for a solution. About half the time, I find my own solution anyway. But I don't think it was commonly the case that they were not attempting to get back with me.

Sometimes they didn't always offer, for the less critical issues perhaps, a quick, easy, how-to-implement it solution. This is probably a common thing, but they do ask for a lot of log files, a lot of information. They ask you to provide a lot of information to them before they're willing to give you anything at all upfront. It would be nice if they did a little bit of more give and take upfront of, "Well, why don't you try one or two or three of these common sense things, the first things that pop up on the radar on this type of issue, and see if any of them help? And we'll take the information that you gather and we'll go in the meantime." 

Instead of throwing it all in your lap to go and collect a whole huge collection of data to bring them before they give you anything, perhaps it would be better if they were a little more give-and-take upfront of, "Why don't you try these couple of things while we take your log files and stuff and go research them?" A little bit of that might be more helpful.

Which solution did I use previously and why did I switch?

We were using KeePass before we got CyberArk, and I can't imagine trying to manage the number of accounts and credentials we have today, and the number of systems, with something like KeePass. It would be a nightmare.

We switched because of the scale of where we were going. All of our infrastructure passwords, prior to three-and-a-half years ago, were decentralized. The people who worked on a particular system managed the passwords for that system in their own particular way. There was no across-the-board system. There was no standard regarding these having to be encrypted versus those. Everybody came up with their own way of handling that. We tried to implement some standards during the years leading up, but they were not mandatory. So people ended up just doing what they wanted to do.

Now, with CyberArk, there is a mandate from upper management that we all use this tool. All the credentials go into it and they are all encrypted. Eventually, everything, 100 percent or as near 100 percent as we can get it, will be under full management.

In terms of criteria for selecting a vendor, from my perspective, I like to be able to find someone who can speak to me on a somewhat technical level and help me work through technical issues. But I also want them to give me a vision of things, the roadmap or other products and other things that are available, without getting too much of a marketing pitchor sales pitch. I don't mind a little bit of that. I know that's important. But at the same time, I don't just want a slick sales presentation. I want to know the technical end of how does this really work? I want to be able to have some vision as to how we might implement that. Not just what it can do for us, but how would we actually go through the machinery, go through the work, to make it work for us.

It's always good to have a vendor that can provide resources, that can speak to someone like me on a technical level, and that can help me work through issues, whether it's lack of experience or just lack of knowledge in a certain area; a vendor that can help me work through some of those situations and get me to where I need to be.

How was the initial setup?

I went through the proof of concept and then I also went through the initial install of our infrastructure. For our company, I've probably done 80 to 90 percent of the work in CyberArk myself.

The implementation was fairly straightforward. We had a really good implementation engineer. He did a really good job. Of course, every individual brings his own kind of approach to things. They give you insight and then you run into someone else that gives you a little different perspective. It surprised me how straightforward some of the setup is. I've experienced some things since then that lead me to think it is something that CyberArk is constantly improving on: How to implement new installs or upgrades and make them better and easier.

For instance, there was one system that, when we first installed in 2016, we were told upfront that this was not an easy system to spin up and get working. We had made an attempt at it and failed. A year later, I installed it by myself from the documentation and it went as smoothly as could be, no problems. They had improved it over that year to the point where just about anybody could do it.

Which other solutions did I evaluate?

The team that I'm on, we weren't leading up the investigative part. Our security group did that. They're the ones who brought CyberArk to us and said, "This is the one we're going to go with." There was actually another entity within our corporate parent company that had already been using it for about nine months before we did. We adopted it from there. Since then, another entity has adopted it as well.

What other advice do I have?

One big piece of advice I would give is: Don't ignore user acceptance. If you want people to use CyberArk, you have to pay attention to user acceptance. If your users hate it, then your entire experience is going to be an uphill battle, when you're trying to get people to actually use the tool. It doesn't matter how good the tool is, it doesn't matter how well it does password management. It doesn't matter how well it does all these other things. If your users hate it, you're going to have an uphill struggle with the people that you need to be on your side. You've got to get user acceptance right.

Now, you can't completely sacrifice all those other things just for user acceptance, I'm not saying that. But you have got to keep user acceptance up there, alongside everything else. It's got to be a hand-in-hand thing as you go along, so don't ignore user acceptance. Spend some time doing it.

I tend to shy away from giving anybody a 10 out of 10. I would rate it at about eight out of 10, a pretty high rating. Anything could be improved, and certainly, CyberArk is not immune to that. But I think it's a good tool.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
HP
IT Security Specialist I at a healthcare company with 1,001-5,000 employees
Real User
You can write different types of policies for custom business needs

Pros and Cons

  • "You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily."
  • "The interface on version 9 looks old."

What is our primary use case?

I am a CyberArk admin. I manage everyone's PSA accounts, including EPM and PVWA.

It has been performing very nicely. We are on version 9.10. We are thinking of upgrading to 10.3 soon, hopefully. I don't want go to 10.4 since it just came out.

We are planning on utilizing CyberArk to secure application credentials and endpoints because of PAS. We do have a lot of accounts for developers, and we do manage a lot of passwords in the world.

Our company is not in the cloud yet. We are not that big. We are looking to move to it soon, as it is on our roadmap. By the end of the year or early next year, we are hoping to move CyberArk to the cloud.

How has it helped my organization?

It has removed the local admin rights. It is safe and improving well. 

Also, everyone doesn't have passwords to certain applications because of PAS, which is managing the passwords world-wide. So, it is more secure.

Our overall security posture is pretty good, but there is always more to improve upon.

What is most valuable?

I feel like I love EPM more because it is a pretty sleek tool. I like how it manages everyone's accounts. It removes all the local admin accounts, and I like that part about EPM.

You can write different types of policies for custom business needs or any developer needs. If they need certain functions allocated, they can be customized easily.

What needs improvement?

The interface on version 9 looks old. I am excited for version 10 because of the interface and design are good, and it is easier to use.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is pretty stable because we have not moved to the new version. When it comes out, we don't want to go to the newest version the right away because we do not know if it is stable or not. We do not want to put it in the production yet, so we want to wait until the next one comes out, then we go from there.

We have not had any downtime with the product. No issues yet.

What do I think about the scalability of the solution?

It is pretty scalable. It should meet our needs in the future.

How is customer service and technical support?

They are extremely knowledgeable. Sometimes I asked a question, and their first reply is the answer. Then, I have them close the ticket. I feel like I am getting the right person.

How was the initial setup?

I was not involved in the initial setup.

What other advice do I have?

If you want more security, get CyberArk.

I used the new plugin generator utility here in the lab. Right now, it is manual, and the plugin is very easy to use. It is amazing.

Most important criteria when selecting a vendor: I prefer better tech support, because I love the CyberArk support. I want support like that everywhere with all my vendors.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
RK
Information Security Analyst III at a healthcare company with 10,001+ employees
Real User
We can make a policy that affects everybody instantly

Pros and Cons

  • "We can make a policy that affects everybody instantly."
  • "We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us."
  • "One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening."

What is our primary use case?

It is used to manage the policies on our endpoint because we want to takeaway admin rights to protect our computers.

We have had our implementation issues. However, the software is light years ahead of its competitors. We have seen massive progress with the updates of the software. We have been doing pretty well with it in the time that we have been implementing it.

We are trying to manage the endpoints, but our company has been a long-time customer. We want to integrate the other products because EPM is not the only one. We do have PAS and AIM, but now it looks like CyberArk is moving towards integrating all of them into one thing, so they can all work together in one console. We would like to get there eventually. I can't wait to upgrade.

How has it helped my organization?

We are stripping administrative rights, and we have implemented a special ID to help folks that lose administrative rights. Maybe it broke something, so while we design policies and try to get them where they need to be, they will have this ID in the meantime. CyberArk is able to protect both of these things while we move forward in this.

The software is insanely robust. You can do whatever you want. If you want to put your own logo on the pop-up, then you can do it. You want to change the color to pink, yellow or brown, then you can do it. You can do whatever you want with this thing. This leads to people getting lost on what they want to do, but for those who have a great plan with a clear, concise idea of where their organization is going and what they want to accomplish, it is there to help you.

Where a lot of people might struggle is with the actual environment, and where to begin. The software builds on top of that. You have to have a solid foundation. You will learn that as you work through the product, but you will also see how great and powerful the product is.

With computer security, administrative rights is probably the number one thing that comes to mind. This is a software that will allow people to still use their Google Chrome, Adobe, and Facebook. They can do what they need to do, but it still keeps them protected. That is what is so great about the product, we can sell it to people as, "We are not trying to stop you. We want to enable you, but we want to be safe too. It's there to do that." 

What is most valuable?

  • I love the interface because it is colorful, easy to read, easy to see, and how easy it is to make policies. 
  • I love how we can make a policy that affects everybody instantly, which is great. 
  • I love the reporting features, so it is easy to see what we did.

I love the product overall, because it is great.

What needs improvement?

I want some of the things which are glitching out there for me to be fixed. I have heard that there is something in the works, that they will be putting a feature in the help desk where they will have a message board now. So, I could communicate with other people who are having the same problems and pull their issues, this way I don't have to bother support all the time. Also, people can vote. They can vote on the most important issues, and CyberArk will prioritize them next, really listening to the customer. That is pretty cool.

One of our current issues is a publishing issue. If we whitelist Google Chrome, all the events of Google Chrome should be gone. It is not happening. However, they are coming close to a solution. It has been an issue for a while. I heard that this is one of the top priorities that they're working on.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

This is where we have had some woes with this software. Part of it is in our environment, and what we built it in as far as our database server. We met the requirements and it had some issues. The software is still growing and getting better. It is not 100 percent there yet, but even so, there is nothing in comparison to the product. It is too robust. It offers too many features that nothing else does. You might as well deal with it. You are going to deal with implementation and memory issues regardless that we had on the SQL Server, etc.

Part of this will come from your personal environment, but CyberArk has done a great job with it. However, they still have a ways to go. One thing I really like with every upgrade, they listen to the people. If you are saying this needs to be fixed, they listen. They usually put it in the upgrade, so that is cool.

What do I think about the scalability of the solution?

There are growing pains from integrating a software which allows you to do anything, and you could do anything but it is based on your environment. The software can do whatever it wants, but it is going to be reactive to your environment. Everyone will have a different experience. 

If this was a perfect world, you had a clean active directory environment, your SCCM solution was fantastic, and there were no firewall issues, the product would deploy. No problem. Read everything, and you are good to go.

I could definitely understand. It is like designing the program for how it should work, then dealing with real life scenarios. You talk to any company here, and everyone's active directory is a mess. That is where you are trying to get your data from. That is where you struggle sometimes. However, the software is great. The Dev guys are on it as far as upgrades, etc.

If they keep upgrading the software, they are going to be around for a long-time. We are a long-time customer. We have multiple products, and they are going towards the right direction because if we own three or four of their products, then we can meld them all into one and they all work together, which is great.

How are customer service and technical support?

In the beginning (early 2017), we had some issues. We would have a discrepancy in what user support was telling us. From mid-last year until now, it has been absolutely spectacular. They have key people who are very good, and I speak extremely highly of them. They are excellent, very professional with a lot of knowledge.

Which solution did I use previously and why did I switch?

We did not have a previous solution, because we have always had admin rights. In fact, we did a proof of concept in CyberArk, version 1.

We needed something to manage the endpoint and to be able to empower the user. By far from not only a user's perspective on what they would be able to accomplish, but from the person who has to design the policies, it was the best. It was like working in MS-DOS compared to Windows 10. 

How was the initial setup?

We had an educational and technical guide for the entire setup process. I also had CyberArk with me on the phone.

What about the implementation team?

I designed the solution. Because they knew that this is a solution that no one had really seen before, they made sure they had somebody onsite throughout the entire implementation.

What was our ROI?

We have accomplished our security goals. We have two-factor authenticated and vaulted our important accounts, so people can't just steal stuff from us. That is pretty important. We are protecting ourselves the right way.

Which other solutions did I evaluate?

Avecto was the competitor. They integrated with McAfee ePO, which was our endpoint solution at the time. Unfortunately, it was not as robust as I thought it would be. I didn't like it. I felt like the product relied too much on McAfee to do what it needed to do. Whereas, CyberArk was a standalone client which was way more robust.

The competition was utilizing a product that we are getting rid of in two weeks.

What other advice do I have?

Get on implementing it today. Be patient. Test a lot. Deploy slowly.

It has places to go. I see the potential. It is getting there, but it has room to grow. If you compare this product with anything else as far as an endpoint solution, there is nothing which even compares.

We have implemented the new plugin generator utility already. I trained the help desk. It is really easy. Instead of having to fix it myself, the service desk will receive a one-time code to help the customer immediately, so they do not have to wait. I will receive a ticket to make a long-term policy. It is a perfect system.

Most important criteria when selecting a vendor: communication.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
MS
Technical consultant at a healthcare company with 1,001-5,000 employees
Consultant
Gives us the flexibility to integrate with other technologies and applications

Pros and Cons

  • "The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization."
  • "CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well."

What is our primary use case?

We use it for all application IDs to onboard into CyberArk. So far, the performance is good because we have onboarded more than 40,000 accounts, and it's growing every day.

We plan to utilize CyberArk's secure infrastructure application running in the cloud. We are conducting workshops with CyberArk on this. So it is planned but not yet confirmed. We are not using CyberArk's secure application credentials and endpoints.

How has it helped my organization?

Previously, we didn't have any password rotation policy for application IDs. Once we implemented CyberArk, we created a policy. It's good to rotate the passwords every two weeks. That is the biggest value for us.

It gives us one place to store the keys to the kingdom, so if there is any breach we know where it is and what to do.

What is most valuable?

The flexibility of integrating with other technologies is important because of a lot of applications - a lot of COTS products - are not supported when we are bringing the application IDs. The CyberArk platform provides a lot of opportunities to do customization.

What needs improvement?

CyberArk has a lot on the privileged access side but they have to concentrate more on the application side as well.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

So far, we haven't seen any major hurdles. We haven't had any downtime because of CyberArk.

What do I think about the scalability of the solution?

I would rate scalability at seven or eight out of 10. There is a need to improve the usage on for the consumer side. I hope in the upcoming product, the version may fulfill this.

How are customer service and technical support?

Technical support is good but the problem is when we are using the application side. The support people have a security background, so they may not know the application technology, so it's a challenge right now. Once they understand, then they make progress but, until then, we have to educate them.

Which solution did I use previously and why did I switch?

Before CyberArk we had a number of solutions, CA and IBM products, but CyberArk meets our requirements regarding application password management.

How was the initial setup?

I was involved in the initial setup and I actually used CyberArk's Professional Services. It was straightforward. We didn't have any hurdles during the setup.

What was our ROI?

It's very hard to quantify because previously we didn't have anything like this. You can imagine, there was a policy not to rotate the passwords, but now after implementing CyberArk, every two weeks we are rotating the password without business impact, so that is the biggest ROI, even though we cannot quantify it.

Which other solutions did I evaluate?

We evaluated Thycotic and one other.

What other advice do I have?

If you want to use it as an application password management cloud solution, think about it not as a security person but as an application person. If CyberArk does not meet your requirements, it has a way to meet them through customization.

Our most important criteria when selecting a vendor include scalability and stability as well meeting our security requirements for applications

From the application perspective, I would rate it at eight out of 10 because it's very easy to use and stable.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
BW
Systems Admin II at a transportation company with 5,001-10,000 employees
Real User
Lessens the risk with privileged access

Pros and Cons

  • "We are able to rotate credentials and have privileged account access."
  • "Lessens the risk with privileged access."

    What is our primary use case?

    Currently, we use PAS and EPM. Mainly, we did EPM last year to get rid of local admins on about 300 PCs.

    We are looking into utilizing CyberArk to secure infrastructure in the cloud.

    I have been in admin for two years. The company has probably had it for more than seven years.

    How has it helped my organization?

    • Lessens the risk with privileged access.
    • As far as EPM, mitigating the risk of local admins on PCs.

    What is most valuable?

    We are able to rotate credentials and have privileged account access.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It is very stable. We have had no downtime.

    What do I think about the scalability of the solution?

    It is meeting our needs now, and will still meet our needs in the future.

    How are customer service and technical support?

    For the most part, technical support is very knowledgeable. Sometimes, you get the one person whom you might have to push back on a little more. With PAS, they escalate our problems in due time, not so much with EPM.

    Which solution did I use previously and why did I switch?

    We did not previously use another solution.

    How was the initial setup?

    I was part of the initial setup with EPM. It was straightforward during the PoC. Once we rolled it out to users, it got a little more complex.

    What about the implementation team?

    CyberArk helped with the implementation. 

    We did not get the EPM training, so we were just flying by the seat of our pants and going with it. For the most part, we were able to figure stuff out, but some stuff gave us a little run for our money.

    What was our ROI?

    With reducing the privileged account access, there has been a huge improvement. They are now bringing more accounts on a little at a time.

    What other advice do I have?

    Do it now. Don't wait.

    Any other issues that we may have come up with, they have always been there to help assist and get us back on the right track. They don't just give you the product, then wipe their hands.

    We just got an upgrade to version 10.4, as we went from 9.2 to 9.9.5 last year. This was a major improvement for us, going to 10.4 with the different dashboards and PTA built-in and PTA on the credential rotation. They are starting to integrate all the different components.

    Most important criteria when selecting a vendor:

    • Ease of access.
    • They are with you going through any problems that may arise. 
    • Good support.
    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Sack Pephirom
    Senior Security Engineer at a financial services firm with 1,001-5,000 employees
    Real User
    Allows users to self-provision access to the accounts that they need

    Pros and Cons

    • "It allows users to self-provision access to the accounts that they need."
    • "There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution."

    What is our primary use case?

    The main focus of using CyberArk was to replace our previous Excel spreadsheets, which contained all of our passwords. The reason that we brought it in was to replace them and meet certain audit requirements.

    We are using CyberArk to secure applications for credentials and endpoints.

    We are planning on utilizing CyberArk to secure infrastructure and applications running in the cloud. It is on our roadmap for next year.

    How has it helped my organization?

    It allows me to create my custom CPMs more easily and quickly without having to code everything. It helps me build a lot of these codes, so it makes it easier for me to create custom CPMs and PSMs.

    It allows us to be able to manage a third-party which is not natively supported by CyberArk. If there are certain legacy applications which are so old that CyberArk does not support them out-of-the-box, it allows me to be able to create custom connections and be able to manage those accounts.

    What is most valuable?

    • Ability to do workflow.
    • Allows users to self-provision access to the accounts that they need.

    What needs improvement?

    There is some stuff that we still have not fully integrated, which is our AIM solution. We are having all types of issues with it. I have been working with Level 3 support on it, but otherwise, from a functionality perspective, everything has been working except for the AIM solution.

    The new PVWA is great. I actually saw some of the newer functionalities, and the look and feel looks great so far. It is just a matter of getting us there. We need to be able to upgrade the environment. They have been able to get the functionalities I was looking for on some of the latest releases.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    Stability is pretty good. I have not had any issues with it.

    What do I think about the scalability of the solution?

    Scalability is pretty good. I have not had any issues with it. It should meet my company's needs in the future.

    How are customer service and technical support?

    For what I was using technical support for, they were really knowledgeable. They were able to resolve the issues that we had. I have not had any problems with them, though it took them a bit of time. A lot of times, they did not escalate it right away, not until three or four tries, then they did escalate it to Level 2, possibly even Level 3 support.

    Which solution did I use previously and why did I switch?

    We were previously using Excel spreadsheets. We changed because of audit requirements, but a lot of times it will due to usability. We understand that having our password in a spreadsheet is a huge vulnerability, so it is one of the things that made us look for a solution to manage those credentials, and create automated workflows around it for audit requirements.

    How was the initial setup?

    The initial setup was pretty straightforward. I think the implementation only took a couple of days.

    What about the implementation team?

    We had someone from the CyberArk team helping us with the implementation.

    What was our ROI?

    One of the processes that we have defined is called a Fire ID process, where to be able to get a Fire ID. It requires a user to call the help desk. The help desk will create a ticket, then contact the employee's managers to get approval, and then provide them with an account. That process, in some cases, can take hours.

    With CyberArk, it allows us to streamline and create a workflow which allows them to automatically log into CyberArk, grab the credentials that they want, and it automatically sends their approval to their manager, who can click a couple buttons, approve, and the user is able to get their credentials. That process went from hours to now just minutes.

    Which other solutions did I evaluate?

    We looked at Leiberman, and also at Thycotic Secret Server.

    One main things that stood out about CyberArk would be the actual user interface. CyberArk's interface was better than the other two, and their price points were fairly similar. The usability and functionality were similar, so we looked at it from a user standpoint (the front-end of the tool), and CyberArk came out on top.

    What other advice do I have?

    My advice is to have the necessary resources to fully implement this. Don't just bring it in and let it sit. It needs to have the resources with a fully dedicated team to be able to get this functional. Otherwise, it will be sitting there not being fully utilized. There are a lot of functionalities that require a lot of resources to get it up and running.

    I have been using the new plugin generator utility for about a year. I took a PSM Connection course this past summer. I have been using it ever since.

    Most important criteria when selecting a vendor: 

    1. It will be usability of the product. I want to make sure that when we have the product, we can quickly use it and have a full understanding of it without all the hoops that we need to jump through just to be able to understand what that system looks like or how it works. 
    2. The next thing will be support. How will they be able to support the system? Do they have a good support staff who will be able to help us get through an implementation? 

    Those are the two main things I look for: the usability and supportability of the tools.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    BA
    Principal entity management engineer at a retailer with 10,001+ employees
    Real User
    The ability to record sessions through PSM makes people more careful about what they do

    What is our primary use case?

    We are using this product for our privileged identities and account management. We have some accounts that we consider privileged, the ones that have access to systems, software, tools, and our database and files and folders, etc. We try to maintain these accounts safely and try to grant access to these systems securely. We try and manage other non-human accounts that are DBAs, DB accounts, etc., through CyberArk.

    Another initiative for this was the PCA compliance that we wanted to meet.

    We don't have many applications in the cloud, we are getting one or two now. So in the future, we plan to utilize CyberArk's secure infrastructure applications running in the cloud. It's on the roadmap. We are utilizing CyberArk's secure application credentials but not endpoints. I have only just learned about the Plugin Generator Utility, so I don't have experience with it yet. It's pretty cool. We intend to use it now.

    How has it helped my organization?

    One way it has improved the organization is we now have restricted access for all users to go through CyberArk. It has also enforced firewall restrictions across other places so they don't go through other means, they go through CyberArk. That brings in compliance and their account is now two-factored, so that is more compliant with PCI regulations.

    The way it manages privileged accounts and managed access to privileged systems such that, right now, we are recording every session through PSM and people are more aware that the session is recorded, and they're more careful with what they do.

    What is most valuable?

    We are using the VSM proxy solution. That's what we are mainly using. We will try to use the PTA and AIM in the future.

    What needs improvement?

    I think it pretty much covers a lot of the privileged identity space, things that other vendors are not thinking about. I think they are doing a very good job. I don't have any suggestions.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    We have not had any stability issues so far. We have not had any serious downtime. We do see performance issues with PSM which gets very busy, and we just keep scaling the number of PSMs. When many people log in at the same time, we have some issues with connecting through PSM. We doubled our PSM software and it's better now.

    What do I think about the scalability of the solution?

    It's pretty scalable. Like I said, we just doubled our servers. If there are more users logging in, we'll probably go for a greater number of servers again.

    How is customer service and technical support?

    Technical support is pretty responsive and knowledgeable. We do get the right person.

    What other advice do I have?

    Others have spoken a lot about security hygiene and I believe that's where you should start.

    l would rate CyberArk at nine out of 10. The way for it to get to a 10 is with a lot of features, the amount of cost involved in buying the product, and the PSM proxy issue that we've been facing.

    In terms of important criteria when working with a vendor one thing is, as we said, getting to the right person. We go to support only if there is a critical situation where we are not able to solve it. Getting to the right person at the right time, and getting the issues resolved in a timely fashion is what we are looking for.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    CH
    Information security engineer/ business owner
    Real User
    I love the ability to customize passwords for mainframes, for example, which are limited to eight characters

    Pros and Cons

    • "I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes that can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors."
    • "The users have the ability to rotate passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically."
    • "The fact that I can put my vault here in a central location on one net for example, and I'll have a CPM in California, a CPM in Texas, a CPM in New York, a CPM in Florida, and actually be able to grow with my company and not necessarily have to continue to grow my vault until I get to a certain number accounts - yet I can still manage everything across the country, if not the world - I love that. I love the flexibility and the capability of being able to pull those components out."
    • "We had an issue with the Copy feature... Apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it."
    • "I don't know if "failed authentication" is a glitch or if that was an update... However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up. So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended." It doesn't say that anymore."
    • "I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs.""

    What is our primary use case?

    The primary use case is, of course, that we do the EPV for password vaulting and security changing, and prior to version 10 we were excited and it functioned perfectly fine. There are a few glitches with version 10 that we are not really happy with, but the functionality itself still exists and it's working like it should.

    We actually have our vaults in the cloud. I don't know if we have any applications in the cloud that we're planning on managing, yet. We're not really a big AIM shop just yet, so I don't know if we're planning on utilizing CyberArk to secure infrastructure applications running in the cloud.

    We're looking forward to utilizing CyberArk to secure application credentials and endpoints, however right now we have three or four AIM licenses.

    How has it helped my organization?

    It increases the security posture across the entire enterprise because it's not only helping to secure those infrastructure accounts but it's also helping to secure our user accounts as well.

    It requires a lot more auditing and monitoring and checks. So if you don't have the right approvals, you can't get the credentials you need to do what you need to do. So if you don't have authorization, of course you can't get them anyway. In total, it's making the environment more secure. The security posture is a lot better.

    What is most valuable?

    I love the ability to customize the passwords: the forbidden characters, the length of the password, the number of capital, lowercase, and special characters. You can customize the password so that it tailor fits, for example, mainframes which can't have more than eight characters. You can say, "I want a random password that doesn't have these special characters, but it is exactly eight characters," so that it doesn't throw errors. 

    And then, of course, the users have the ability to rotate those passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically.

    PSM is pretty cool, but my favorite part is I get to secure your passwords that you get to use either with or without PSM.

    What needs improvement?

    We had an issue with the Copy feature. Of course when we do the password rotation we restrict users' ability to show a copy of their passwords for some cases, and in other cases they actually need that ability, but we would prefer them to copy to the clipboard and then paste it where it needs to go - as opposed to showing and it typing it somewhere and you have the whole pass the hash situation going. But apparently, in version 10, that Copy feature does not work. You actually have to click Show and then copy the password from within Show and then paste it. We've had a million tickets and we had to figure out a workaround to it. 

    Then there is the failed authentication now. I don't know if that was a glitch or if that was an update, because I know sometimes you don't really want to tell a person when their account has been suspended because if I'm a hacker, maybe I'm just thinking I have the wrong password. When the account is locked you don't actually want them to know the account is suspended. However, since we are the CyberArk support within our organization, we need to know that the password is suspended and we won't know that unless we have the ITA log up.

    So when a user calls and says, "Hey, I'm locked out of CyberArk, I can't get into CyberArk," we have to go through all of these other troubleshooting steps because the first thing we don't think of right now is, "The account is suspended," because normally we would be told that the account is suspended. They would take a screenshot of the error and it would say, 'Hey, user is suspended, station is suspended for user so-and-so." It doesn't say that anymore. So now it just says "Failed authentication." And that could be because they might not be in the right groups in Active Directory, they might not have RSA. It could be so many different things, where before, they would be able to say, "Yeah, I'm suspended." And we could say, "Okay, we can fix that in two minutes." We just log in to PrivateArk and enable your account and you're fine. Now we're saying, "Maybe we should check PrivateArk first, just in case," to make sure you're not suspended. It's going to be a whole rabbit hole that we fall into, simply because we're not given that information upfront.

    In terms of future releases, I would love to be a partner again and get a temporary license that I can put back in my home lab because my license expired. I would like to play with 10.4. I want to see it and feel it out and see if I can break it because my rule of thumb is, if I can break it, I can fix it. That is one of the things I like about CyberArk, especially over CA PAM, because with CA PAM you get no view into the back-end on how it's configured and how it's built and how it works. With CyberArk, they literally give you everything you need and say, "Hey, this is your puppy. Raise it how you want." You get to see the programming and you get to configure and everything. I've broken several environments, but I'm pretty good at fixing them now because I know how I broke them.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    Prior to version 10, I was gung-ho CyberArk. I wish we would have waited until version 10.7 as opposed to 10.3. But for the most part it's stable, it's just that there are glitches in the matrix right now. We'll have to work those out.

    What do I think about the scalability of the solution?

    I have worked with both CyberArk and what was formerly Xceedium and is now CA PAM, and in my opinion, I'm gung-ho CyberArk. CA PAM is not scalable like that at all. I love the fact that the different components can be installed in multitude or in singularity on different servers.

    I understand the concept of it being an appliance, and technically it is an appliance because of how CyberArk hardens everything. But the fact that I can put my vault here in a central location on one net for example, and I'll have a CPM in California, a CPM in Texas, a CPM in New York, a CPM in Florida, and actually be able to grow with my company and not necessarily have to continue to grow my vault until I get to a certain number accounts - yet I can still manage everything across the country, if not the world - I love that. I love the flexibility and the capability of being able to pull those components out.

    How are customer service and technical support?

    I'm not a fan of technical support with CyberArk. It's like jumping through red tape and hoops. Quite frankly, it's almost like when you call CyberArk you get the Help Desk or the level-one. I'm a level-one. I got the CCD, I know how to do the initial troubleshooting. When I call CyberArk it's because I can't figure the problem out. So I need a level-two, three, four. I don't need you to tell me, "Hey, open a ticket and then give me logs."

    I would like to say, "Can I get a WebEx please? Can you just look at this because I can tell you exactly what I did and how I did it, and then I just need you to help me fix it, because we've been doing this for about 30 minutes now, and when it gets to an hour it's going to start costing my customers money. So can we fix this today rather than tomorrow?" I'm not the biggest fan of tech support.

    Which solution did I use previously and why did I switch?

    I have had experience with CA PAM. That's the only other password vaulting technology that I've used so far. I've used SailPoint IdentityIQ, but that's not really password vaulting. Apparently, there is a partnership growing that allows you to provision CyberArk through SailPoint, which I worked on with the CDM project - and it was a headache last year. So I'm excited about the new CM technology that they have that's allowing for that integration, but other than that, I haven't really done much.

    How was the initial setup?

    I have done several installations for the CDM contract of CyberArk and I've done several upgrades as well.

    The installation is as straightforward as it comes. There are some glitches, but it's not with CyberArk, it's with the environment that I'm installing in. In that environment they don't ever follow directions, so we have to get there and say, "We need you to rebuild your vault because you did it from an image and not from the CD, and it's not supposed to have any GPOs, it's not supposed to be on the domain. CyberArk tells you this in their paperwork. We told you this." But, of course, they don't listen. We get there and they spend a day telling us, "Hey, we have to rebuild our server." And we say, "Okay, well thanks for those eight hours. I appreciate it."

    What was our ROI?

    The biggest return on investment would be the security itself. I've seen ethical hackers that attempted to infiltrate a component or a department in the agency and they were stopped at the gate. They tried every which way they could and they just couldn't get the passwords they needed to get to the elevated accounts to get to where they wanted to go. So it was just great to see CyberArk in action.

    What other advice do I have?

    Do your research. That would be my biggest advice. CyberArk is a great tool. However, it is not the only tool that does what it does and, in some cases, for a lot of people, other passport vaulting tools are more toward what they would need in their environment.

    I would give CyberArk an eight out of 10, and the two missing points would probably be mostly because of technical support. I would love to actually get the support that I asked for. I would love to actually get the help that I'm asking you for as opposed to you telling me, "Yes, I can help you. I need you to fill out these papers and jump through that hoop and then cut a cartwheel and rub your belly while you pat your head at the same time." If it wasn't for that, it would be more towards a 10.

    My most important criteria when selecting a vendor are

    • credibility
    • functionality.
    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    DR
    IT Security at a manufacturing company with 10,001+ employees
    Real User
    It gives us the capability to rotate passwords

    Pros and Cons

    • "It gives us the capability to rotate passwords."
    • "There were a lot of manual steps in the initial setup which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5."
    • "We need a bit more education for our user community because they are not using it to its capabilities."

    What is our primary use case?

    We use it for service accounts and local accounts for the machine. We are basically using it to rotate passwords or reconciling passwords, as needed. We do have a number which get changed on a yearly basis (most do). Some get changed on a more frequent basis. Users go into the safes that they have access to or whatever account they need, and they pull it. That is our use case.

    It is performing well. However, we need a bit more education for our user community because they are not using it to its capabilities.

    We are interested in utilizing the CyberArk secure infrastructure or running applications in the cloud. We are actively implementing Conjur right now just on a test basis to see how it goes.

    How has it helped my organization?

    It gives us the capability to rotate passwords. That is the biggest thing. We do not want them being stagnant so every service account that we have needs to be rotated at least once a year.

    What is most valuable?

    Being able to automatically change usages, whenever the password is reconciled. However, we still have to educate the user community, because not all our users enter the usages.

    What needs improvement?

    PSM: I am going to go back to my company and push for it a little bit more within our groups, because I know that my counterpart has brought it up a number of times in the past. It has been getting blocked, but I have a couple of other paths that we can pursue so we can try to get it, at least, in our infrastructure and tested.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It has been stable. We have not had too many issues with it or any downtime.

    What do I think about the scalability of the solution?

    It should be able to meet our needs going forward. I don't foresee us leveraging thousands more accounts than we already do. I think it will be fine.

    How was the initial setup?

    I have done many upgrades on many different systems and applications. It was more of a difficult upgrade path only because there were a lot of small things which could have been done if it were prepackaged into scripts inside the executable during the installation. For example, it automatically stops services so it can do the upgrade. 

    There were a lot of manual steps which could have been automated. I read the 10.4 release that was sent out about a month or two ago, and I saw the steps required for upgrade have been reduced by about 90%. That was a big thing for me, but I still haven't seen that yet because we have not upgrade past 9.9.5.

    What was our ROI?

    The ROI on this is just being able to rotate on a 365 day schedule the passwords.

    What other advice do I have?

    Educate the user community once you get it actively deployed and set up a strict policy on it.

    Most important criteria when selecting a vendor:

    • Good reputation for technical support
    • Product that does what it is supposed to do.
    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    SN
    Director Information Security at a insurance company with 501-1,000 employees
    Real User
    It has helped from an auditing perspective identify who has access to privileged accounts

    Pros and Cons

    • "It has helped from an auditing perspective identify who has access to privileged accounts."
    • "It provides an accountability to the individuals who are using it, knowing that it is audited and tracked."
    • "We utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs."
    • "Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up."

    What is our primary use case?

    Its performance is excellent. We have had multiple use cases: 

    • It is PSM, so as a jump box to our servers.
    • We use it as a primary mechanism for all our consultants and auditors to access our systems. So, they come in through a Citrix app, then it is used by PVWA to access all the servers.

    We are currently using CyberArk to secure applications with credentials and endpoints.

    We plan on utilizing CyberArk to secure infrastructure and applications running in the cloud going forward. We are looking into possibly AWS or Azure.

    How has it helped my organization?

    • It has helped from an auditing perspective identify who has access to privileged accounts.
    • We are able to now track who is accessing systems. 
    • It provides an accountability to the individuals who are using it, knowing that it is audited and tracked.

    It has become one of the primary components that we have. We also utilize PTA, and we are now integrating that into our risk management program so we can identify the uses of the vault which are outside of the norm, e.g., people accessing after hours. It has reduced the amount of time that we are looking through logs and audit logs.

    What is most valuable?

    The auditing and recording are incredible. Also, we have started using the AIM product to get rid of embedded passwords.

    What needs improvement?

    Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It is very stable. We have never had any downtime; no issues. We worked with support on several upgrades, and are looking forward to the 10.x upgrade.

    What do I think about the scalability of the solution?

    We have no issues with scalability. We are using it in a pretty wide environment. We also use it in our business continuity environment with no issues.

    How are customer service and technical support?

    I evaluate the technical support very highly. Although, the individuals who we worked with were very technical. If they did not know something, they pulled in somebody right away. 

    Also, one of the best attributes is the customer success team. We found great value in working with customer success and their team.

    If there are defects or issues, over the years, CyberArk management has listened to them and resolved those issues. Not many organizations respond to their customer feedback as well as CyberArk has.

    Which solution did I use previously and why did I switch?

    We did not have a previous solution. We have always used CyberArk. 

    From a risk landscape, we knew that privilege accounts were where attackers were going, doing lateral movements. These are keys of the kingdom which protect those, and that is why we focused in this area.

    How was the initial setup?

    The initial setup was very complex. There were a lot of manual process. Over the years, we have seen a significant transition in the installation scripts, the setup, and the custom capabilities. So, CyberArk has come a long way since the beginning.

    The upgrade processes have also improved.

    What was our ROI?

    We now know where our privileged accounts are and how to manage them. So, it is more from an exposure standpoint.

    Which other solutions did I evaluate?

    No.

    What other advice do I have?

    Take your time. It is not a quick hit, where I am going to put it in today and be done. It is a process. The cyber hygiene program is a crucial aspect of how to implement this successfully.

    I do have experience with the new plugin generator utility. We have been using it for a short period of time. It is not fully in production yet, but it seems to be quite good.

    Most important criteria when selecting a vendor: Technical ability, not only in the product, but in the industry as a whole. This helps set CyberArk apart. They are not only experts in their product, but they are experts in the industry, including Red Team capabilities. They are gearing their product towards the defending of what the active exploits are, not something that has been done in the past.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    ITCS user
    CyberArk Consultant at a hospitality company with 10,001+ employees
    Consultant
    Preemptively helps us detect major threats and vulnerabilities and to address them

    Pros and Cons

    • "The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself."
    • "As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel."

    What is our primary use case?

    CyberArk is managing our privileged accounts: most of the service accounts, admin accounts, and all other privileged accounts on different platforms including Windows and Linux. A lot of databases have already been onboarded. At the moment we are working towards integrating, or implementing, the AIM product to make sure those hard-coded credentials are being managed by CyberArk, instead of being directly coded in.

    The plan is to utilize CyberArk secure infrastructure applications running in the cloud, but we will definitely have to upgrade our knowledge. Conjur is one of the very important things we are currently considering, in addition to, of course, AWS and Azure. We have to get ourselves up to speed. So at the moment, we are setting up the platform, but eventually, that is what the goal is.

    Currently, we are not using CyberArk secure application credentials and endpoints.

    How has it helped my organization?

    It helps us in identifying and detecting the major threats and vulnerabilities and to make sure those vulnerabilities are addressed before something bad happens. It is more of a preemptive solution, to take care of our weaknesses and overcome them.

    We have been continuously monitoring, reporting, and observing where we were a few years ago, or a few months ago, and where we are now. There is continuous improvement in our security posture and that is where the satisfaction is. The solution is really doing what it is supposed to be doing, helping us to improve our security.

    What is most valuable?

    The most important feature is managing the credentials and implementing those policies which rotate the credentials. Session Manager is also key in not letting the users have access to those credentials. Instead, CyberArk actually manages everything by itself.

    What needs improvement?

    As a customer, I might need a plugin for a specific product, or an application, and CyberArk might have already worked with some other client on it. There has to be some platform where it is available for everybody else to go and grab it, instead of my having to reinvent the wheel.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    So far it has been absolutely wonderful. Of course, the initial glitches, the initial testing, the adjustments in implementation are there. It takes a lot of effort but, once it was all set and it started doing its processes, I haven't seen any concerns or issues.

    We haven't had any post-implementation downtime at all, because we have our infrastructure set up in a way that we have active-passive standby on the CPMs. We have PVWAs in a load-balanced environment, we have multiple PSMs in a load-balanced environment as well. They compliment each other, so even if there is work or maintenance happening on one of the components, the other component is there to provide support, and ongoing access to all the users, without having any downtime.

    What do I think about the scalability of the solution?

    The scalability is definitely very powerful. We did upgrade it, migrate it, a couple of times in the past. Previously I was involved in migrations and, of course, adding more resources, or more accounts - onboarding. It has been amazing.

    How is customer service and technical support?

    Occasionally when we are doing a new integration, or run into issues we are not able to fix by ourselves, we use technical support. Escalations have been done, and the support has been absolutely outstanding.

    How was the initial setup?

    For the initial setup, where there are out-of-the-box plugins, it is pretty straightforward. But when we start going into a more advanced level, where a new plugin has to be developed, or the connection component has to be developed, there is a bit of a complexity. But again, nothing too complex, nothing which cannot be achieved.

    What was our ROI?

    Technically, just managing all those privileged accounts and securing our environment, we feel it is much more secure than it was before. So the ROI it is definitely working out.

    What other advice do I have?

    Take this solution over any other solution. In fact, I have personally brought a couple of my old colleagues with a technical background into this product line so that most of them are now certified on CyberArk and working in the same environment as well. 

    Without doubt CyberArk is a 10 out of 10. From my experience, the kind of work I have done with this solution, it's absolutely amazing. It has the capabilities to secure the environment, which is the most important part. Anytime we hear any news of breaches elsewhere, that's when we say, "Hey, they should have done something, implemented the solution before they were hit." Once they are hit, they run around and try to fix the problems. But CyberArk, it's an amazing solution.

    When it comes to selecting or working with a vendor, our most important criteria are access to support, what level of support is available, how fast the turnaround can be. The executives or the account team have to be very accessible to us, so if we need to implement a new product or new integration we should at least be able to get hold of the people who can guide us in the right direction.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    MW
    Senior server administrator at a financial services firm with 1,001-5,000 employees
    Real User
    Significantly decreases the amount of time our teams spend mitigating security issues

    Pros and Cons

    • "Because we now have the ability to grant access to management utilities like DNS Manager, Sequel Studio, and MMC, in a secure fashion, without system admins being required to continually reenter various passwords that are stored who knows where, it has really made the system admin's job much easier. It has made the PSM's job much easier. It has made the auditor's job and the security team's job and the access manager's job significantly easier, because we're able to move much more quickly toward a role-based access management system, and that is really streamlining the whole onboarding/offboarding management process."
    • "I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides."

    What is our primary use case?

    We use CyberArk to assist with implementing security solutions that our auditors require. It also assists us in giving secure, monitored, audited access to non-technical people who, because of their jobs, or because of the application, require direct access to servers.

    We are utilizing CyberArk's secure application credentials and endpoints.

    It is performing very well.

    We're not planning to utilize CyberArk's secure infrastructure or applications running in the cloud because our industry is, for the present, barred from using cloud resources. We don't yet have experience using the Plugin Generator Utility and we are not using any of the other integrations available through CyberArk marketplace.

    How has it helped my organization?

    Because we now have the ability to grant access to management utilities like DNS Manager, Sequel Studio, and MMC, in a secure fashion, without system admins being required to continually reenter various passwords that are stored who knows where, it has really made the system admin's job much easier. It has made the PSM's job much easier. It has made the auditor's job and the security team's job and the access manager's job significantly easier, because we're able to move much more quickly toward a role-based access management system, and that is really streamlining the whole onboarding/offboarding management process.

    CyberArk is the key technology around which we have built our security management solution. We chose it four years ago to assist with password management, and it has grown to where it is managing the entire security posture of the company at this point.

    What is most valuable?

    Number one would be the company, CyberArk, itself. The support, the ongoing assistance that is there, the ongoing ideas that are out there from champions, and from the other community forums that are out there, is just phenomenal.

    What needs improvement?

    My list of enhancement requests on the portal is quite extensive.

    My goal as a system administrator is to enable people to do their jobs more easily, more efficiently. So, I'm looking for ways to enable people to leverage the security posture in CyberArk, and still be able to do their jobs. Better yet, to be able to do their jobs more easily, and that's exactly what I've been finding. There are a lot of ways that CyberArk is able to be used to give people access to things that they normally wouldn't be able to access, in a secure fashion, but there are still some roadblocks in the way there. I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It is very stable. We started off on version 7, moved to 8, to 9, and now we're moving to 10, and each revision has brought about an increase in confidence and stability.

    What do I think about the scalability of the solution?

    It is very scalable for an organization of our size, and I have talked with other CyberArk administrators running worldwide enterprises with CyberArk.

    How is customer service and technical support?

    The tech support for CyberArk is definitely one of the best I've used, and I've been in IT for 35 years.

    How was the initial setup?

    I wasn't involved in the initial setup but I am involved in upgrade processing. Now, it is very straightforward. When we did the first major upgrade, it was very complex and required Professional Services for two weeks. Since we made it to version 9, the upgrades have been as simple as you could possibly hope for.

    What was our ROI?

    The amount of time that the security team spends mitigating risk has gone down. The amount of time that the server team spends managing security issues, mitigating security issues, has gone down tremendously.

    What other advice do I have?

    My advice to a colleague would be: First, don't allow the security team to be the driving force. It has to be the server team that implements it, that is the driving force behind it, and the for that reason is there is always animosity between the people who are there to enforce security and the people who are there to get a job done.

    When you are on the enforcement team, you are dictating to the people who are trying to get a job done, "Here is something that I'm going to put in your way to make it harder for you to get your job done." Regardless of what happens, that's the way it comes across. Going to the server team saying, 'I've got a solution that's going to make our lives easier, and oh, by the way, it's also going to be more secure," you have a much easier time selling it, much lower push-back, because you're one of them.

    Second, you've got to have buy-in before you pull the trigger. You can't just force it on them: "Oh, we just took away all your admin rights." You have to give them a new solution, let them prove to themselves that this solution works, that it does exactly what they need, and that it really is easier. Now, when you revoke the rights that they've had for probably decades, there is much less push-back.

    In terms of selecting or working with a vendor, our most important criterion is the ability to connect with a vendor that not only gives us the solution we need but can also work with us to customize exactly what we need.

    I would rate CyberArk a nine out of 10 for two reasons: 

    1. there is always room for growth
    2. there are still gaps in what the solution provides.

    It's not complete across the board. If it were, it would be a 10. But I do see its potential to eventually reach that.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    NR
    Security Architect at a healthcare company with 10,001+ employees
    Real User
    We demoted a lot of domain admins taking a lot of that away from people, giving it a shared account structure

    Pros and Cons

    • "It has helped us with our adoption with other teams, and it has also helped us to integrate it at the ground level."
    • "We have demoted a lot of domain admins and taken a lot of that away from people, giving it a shared account structure."
    • "Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together."

    What is our primary use case?

    The primary use case is increasing security and our security posture at our company, helping to prevent any future breaches and secure as many privileged accounts as we can. We have a lot of use cases, so there is not really a primary one, other than just trying to increase our security and protect our most privileged accounts.

    We do not have a large cloud presence as of yet, but like other organizations, we are starting to get into it. We have a fantastic adoption of CyberArk that extends all the way up through executive leadership. A lot of times, projects and proof of concepts that we want to go through are very well-received and well supported, even by our top leadership. Once we get to the point where we are ready to do that, I think we will have executive support, which is always incredibly important for these types of things. 

    We are in healthcare, so we are a little bit behind everybody else in terms of adoption and going into these types of areas. We are a little bit behind others in terms of cloud, but we will definitely get there.

    How has it helped my organization?

    Right out of the gate, three years ago, we secured all of our Windows Servers and all of our local administrator accounts. We followed that with all of their root accounts for our Unix servers. We were able to greatly increase our posture with local accounts. Then, we went through domain admins and reduced the landscape and password age of those accounts. We have demoted a lot of domain admins and taken a lot of that away from people, giving it a shared account structure. This has worked well for us to be able to protect our most sensitive assets. We call them crown jewels. It has been important to be able to do that, and CyberArk has allowed us to do that, which has been great.

    We have tightly integrated CyberArk into a lot of our different processes. Our security organization is massive. We have a lot of different teams and different things moving. Not only have we integrated this into our identity access management team, so onboarding and offboarding, but we also have integrated it in our threat management side where they do security configuration reviews before we have applications go live. We require these accounts that operate those particular solutions to be vaulted immediately. We have implemented them into a lot of our policies, standards, and processes. It has helped us with our adoption with other teams, and it has also helped us to integrate it at the ground level.

    What is most valuable?

    It has an automatic password rotation. We have so many accounts, and being such a large organization, it helps take a lot of maintenance off of our plates, as well as automating a lot of those features to help increase our security. Having this automation in place, it has really been beneficial for us.

    We do use their AIM solution for application credentials.

    What needs improvement?

    One of the things that I have been wanting is that we use the Privileged Threat Analytics (PTA) solution, and it is a complete standalone solution, but they will be integrating it into the vault and into the PVWA. So, we will have that singular place to see everything, which for us is great because it's one less thing to log into and one less thing that you feel like you have to jump over to get a piece of information. Having a centralized place to manage the solution has been something that I have always wanted, and they are starting to understand that and bring things back together.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    It is phenomenal. We have three data centers across the United States. This was last year or the year before, we had one of our data centers altogether go out, and a very large amount of our critical applications went down. CyberArk stayed up the entire time. We had redundancy in another data center and we had disaster recovery plans already set up and ready to go. In that time, when everything was so hectic and everybody was scrambling, trying to get the data center back up and available, they were able to access the privileged credentials that they needed because our solution remained up and available.

    This was a huge for us. To have the users of the system feel that it is stable, trustworthy, and dependable. We have had great success with the disaster recovery functionality that we have with CyberArk vault. We test it frequently, and it is stable for us. We have been very pleased with the stability of the solution.

    What do I think about the scalability of the solution?

    So far, it has been fantastic. We are a very large organization. We have approximately 110,000 employees and almost 20,000 accounts vaulted, where there is a lot of room for us to continue to grow. Even at the scale that we are at now, it has never had any kind of issues. We have never had any issues with deploying additional things. We do have some room to grow in some of our components servers if we need those, but everything that we have stood up so far has been operating flawlessly. We have not had any issues with our scale. It has been great.

    How are customer service and technical support?

    We have contacted them less frequently as we have become more familiar with the solution. A lot of times now engaging technical support is more for sanity checks, and saying, “Are we doing this right or are we missing anything?” We have utilized them and have had pretty good success with having them help us with particular issues.

    When we have called them, it has been something which has been a challenge for us. We generally get to the right person. Sometimes it takes us a bit of time and some further explanation to say, “This isn't exactly what we're asking." Then, we need to pull in somebody more technical or a next level of escalation. 

    The customer success team has been monumental in helping us get the right people involved. If we log a support ticket, for example, and we are at a point in our maturity and our understanding of the solution that Tier 1 support is usually not what we need. We have done a lot of our own checks and troubleshooting, and we are able to say, "Here is all the stuff that we've done. We need the next level of support."

    The customer success team has been monumental in pulling in the right people and helping us get to the right people on that side rather than working with the support person and saying, “We pulled this person in.” Sometimes, it is pulling in the solution manager or the team lead for that solution and getting to the top of that team almost immediately. We have had great feedback. The customer success team has been at the center of helping us get to that point.

    Which solution did I use previously and why did I switch?

    We did not use another solution before CyberArk.

    The big thing that was a catalyst for us to look at CyberArk was the Anthem breach that happened back in 2014 or 2015. Being a healthcare organization, our executive leadership realized that we are a big company. We are not immune to these sorts of attacks either. We have got to get something in place. Being best of breed, we turned to CyberArk for that. Again, it has been a fantastic partnership, and has both ways; we've been able to help them. They have been able to help us quite a bit as well. 

    How was the initial setup?

    The initial setup was straightforward. We did have an implementation engineer from CyberArk who walked through it with us. He guided us through the process. Even though the documentation is straightforward, there is a lot there to do with a lot of different components which make it up. In and of itself, there are a lot of moving parts, but having that implementation engineer onsite, helping us walk through it helped us be very successful quickly. We also had the same experience when we went through upgrades where we contracted with professional services to help us. They have always had someone out there who guided us through it, either onsite or remotely. We have had both instances and both have been very successful.

    What about the implementation team?

    I was the primary engineer and lead engineer who stood up the entire solution. I was both solution architect at that time, as well as the solution engineer. I have since moved into the architect role and have backfilled my position. However, I was there at the very beginning and did all of the initial setup.

    What was our ROI?

    The first year that we were standing up CyberArk, our organization did an annual pen testing. In one of our organizations, where we didn't have CyberArk deployed yet, they were able to escalate privileges and get all the way to a domain controller, and go all the way that an attacker would be able to. The next year that they did their annual pen testing, after we had deployed in that same region, they basically got stopped almost immediately, and they were never able to escalate their privileges. We stopped the pen test in their tracks because of the solution being in place.

    While that may not have a dollar amount because it was just a test, it gives us a lot of peace of mind. Of course, we can't always say that it is impossible for somebody to get in. Someone is going to eventually get in, that is bound to happen. Knowing that we have the solution in place and reducing that threat landscape as much as we have, has been phenomenal for us, at least from an intrinsic value standpoint.

    Which other solutions did I evaluate?

    We did not evaluate other solutions. We automatically went with CyberArk.

    What other advice do I have?

    CyberArk is a fantastic solution. They understand what the industry is trending towards. They are able to meet that very quickly. Being in healthcare, we are a little bit behind the times and we follow people a little further behind (for example, the financial sector has been doing all this stuff for so long). However, healthcare, as an industry, is always a few steps behind because we are clinical and have to support a lot of different clinicians, physicians, and regulations, which sometimes makes us move more slowly. Just having this has been huge for us.

    One of the things which has differentiated us from other customers from CyberArk is we have been tremendously successful in rolling out different implementations. There are a lot of clients whom I have talked to personally who have bought the solution, but have never implemented it, or they have been met with a lot of struggles or a lot of uphill battles with their staff and adoption. My best advice would be to start out and find the quick wins, the low-hanging fruit; these things you can provide to your organization to have them understand and see the same value that you are seeing as you are implementing.

    I am familiar with the the new plugin generator utility. I have not used it because I think it is a newer version than what we have, but I am excited about it. I am looking forward to utilizing it. It is similar to what they have for their PSM solution. They have some new web services framework, so they do not have to use the AutoIt tool because it takes a long time to create plugins today. Like the plugin creation utility, it will allow us to take a whole lot of time off of our turnaround to be able to provide some of these connection components.

    Most important criteria when selecting a vendor: Because we have so many applications and solutions across our organization, interoperability is a big thing. I am in charge of CyberArk, as well as Duo, who we use for our two-factor, and having that integration point or the ability to integrate with these solutions is huge for us. As we try to standardize across all of our different organizations, which is very difficult in our industry, what we offer for a particular solution rather than having 30 different iterations of different applications, has been huge for us. Standardization and integration is a huge point for choosing a vendor.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    BB
    Master software engineer at a financial services firm with 10,001+ employees
    Real User
    Improves security by having credentials locked down and rotated regularly

    Pros and Cons

    • "Provides improved security around having your credentials locked down and rotated regularly."
    • "I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine."
    • "When something comes out, it's generally airtight and works as advertised. However, sometimes they are a little bit slow to keep up with what's coming out. In 2017, for example, they released support for Windows Server 2016, which had been out for a year or so."
    • "The scalability, sometimes, is lacking. It works really well for more static environments... But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up."

    What is our primary use case?

    Primary use case is storing and rotating local domain admin credentials for Windows and Unix network devices.

    We're using CyberArk secure application credentials and endpoints on a small scale and we're planning, for the future, to use CyberArk to secure infrastructure applications running in the cloud. We don't have experience using the Plugin Generator Utility.

    It is performing pretty well for the most part. We have some issues with RADIUS authentication, some bugs with that. But, generally speaking, it works really well.

    How has it helped my organization?

    The benefit is knowing where your accesses are, who has access to what. Additionally, obviously, it provides improved security around having your credentials locked down and rotated regularly.

    What is most valuable?

    Credential rotation. It's tops.

    What needs improvement?

    I'd like to see a more expansive SSH tunneling situation through PSMP. Right now you have an account that exists in the vault and you say, "I want to create a tunnel using this account." I'd like to see something that is not account-based where I could say, "I want to create a tunnel to this machine over here," and then authenticate through the PSMP and then your tunnel is set up. You wouldn't need to then authenticate to a machine. Then you could go back in through your native clients and connect to that machine. Also, to have that built out to include not just Unix targets but anything you'd want to connect to.

    What do I think about the stability of the solution?

    The stability, overall, is really good, outside of some of the RADIUS problems that we're having. Generally, it is very good.

    What do I think about the scalability of the solution?

    The scalability, sometimes, is lacking. It works really well for more static environments. I've been at places that had a really static environment and it works really well. You've got X number of CPMs and X number of PVWAs in your vault and everything gets up and going and it's smooth sailing. But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up.

    How is customer service and technical support?

    Technical support actually works really well. From time to time there can be some issues as far as SLAs go. Sometimes results will be on the back end of an SLA, which is still fair. It seems like you're complaining that it's "one to three days" and it's three as opposed to one, which is an unfair criticism. 

    Generally, everybody is pretty knowledgeable. They're pretty upfront when it needs to be passed off to somebody else. That usually happens in a pretty timely manner.

    How was the initial setup?

    I have been involved in the initial setup elsewhere. It's actually really straightforward, depending on what you're trying to do. If you have a simpler environment, to set up a PVWA and to set up a vault, is straightforward. It's all pretty much there in the guide. Sometimes the documentation gets a little bit out of sync, where things aren't exactly as they should be but it's always really close. Generally, the documentation is good and straightforward.

    What was our ROI?

    I'm not the right person to answer questions about ROI for our organization.

    What other advice do I have?

    Engage with Professional Services, not just for help with, "Here are the buttons to click," because they've been really helpful as far as how we would want to implement things.

    Our most important criteria when selecting or working with a vendor, outside of the product being good, are reliability and timeliness of response. Those are the two big things. I think CyberArk does a pretty good job on these.

    I rate CyberArk at eight out of 10. I think the solution, as released, is usually very good. When something comes out, it's generally airtight and works as advertised. However, sometimes they are a little bit slow to keep up with what's coming out. In 2017, for example, they released support for Windows Server 2016, which had been out for a year or so. There is probably some tradeoff that is required to keep things so airtight, by holding back a little bit. But that would be my one criticism: It's slow to keep up, sometimes, with updates.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Song Ye
    Senior System Engineer at a transportation company with 10,001+ employees
    Real User
    We were able to secure all the server root passwords and admin for Windows

    Pros and Cons

    • "CyberArk has allowed us to get the credentials and passwords out of hard-coded property files."
    • "On the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us."
    • "I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy."

    What is our primary use case?

    Our primary case is for AIM. We are a huge AIM customer, and we also do the shared account management.

    We are looking into utilizing CyberArk's secure infrastructure and running application in the cloud for future usage.

    How has it helped my organization?

    CyberArk has allowed us to get the credentials and passwords out of hard-coded property files. This is why we went with AIM in the beginning. Then, on the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us.

    It helps us with our SOX's controls and meeting new client directives.

    What is most valuable?

    • AIM
    • CPM

    What needs improvement?

    I would like to see is the policy export and import. When we expend, we do not want to just hand do a policy. Even with exporting and importing, this will help.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    So far, so good. We have not had any downtime. We do not want to jinx it.

    What do I think about the scalability of the solution?

    We think it is good. That is why we moved to it.

    How is customer service and technical support?

    We open the cases. We have made phone calls. We have engaged the professional services and the consulting services to help us move on.

    They are mostly up to par. Sometimes, they are a hindrance, when you know you have been through the issue again, and they want to gather the same log files, start from the basics, and we already know we are past that. 

    Sometimes, we just need a Level 2 person instead of starting with a Level 1 person, or we need a higher level of support on an issue right away.

    We are a long-time customers, so we know what we are doing. The turnover might be an issue, because the support people are not local, or something. Therefore, it takes overnight to receive an answer back. We are hoping we can get local support. Though, recently it is getting better.

    We did have one serious case, where our support person and everybody needed a vacation, then took a vacation day, but our leadership needed us to stay on top of the case. It was a day or two where we didn't get any feedback. It would have been nice to know that they were going to be off. They had to hurry and quickly to get somebody assigned to the case. That was probably our only experience there.

    What about the implementation team?

    Our solution architects, and some of the people on that side, did the PoC and the initially implementation. Then, they handed it off to us.

    What was our ROI?

    There is a lot of return of our investment related to SOX compliance.

    What other advice do I have?

    I would recommend the product. 

    We have done a lot of customer referrals for CyberArk. It is good. It fits our needs, and there is not anything else out in the market that can match it.

    Most important criteria when selecting a vendor: 

    • Good support.
    • Meeting the each of the requirements.
    • Usability of the product.
    • Ease of implementation.
    • Not a lot of customization; you can get it right out-of-the-box and run with it.
    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Je’rid Mccormick
    Associate Engineer I at COUNTRY Financial
    Real User
    It enables us to secure accounts and make sure they are compliant

    Pros and Cons

    • "It enables us to secure accounts and make sure they are compliant."
    • "They just released Marketplace, and they are constantly releasing updates to the components and adding new components, like Conjur. This is something that we ran into with Secret Server and DevOps, so it is already scalable, but becoming more so in the future."
    • "More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet."

    What is our primary use case?

    My primary use case for the product is essentially to secure our privileged accounts, and it's performing amazingly.

    What it allows us to do is to rotate the credentials for privileged accounts. It ensures we understand where the accounts are being used and that they are staying compliant with our EISB Policy, which is a policy to change passwords. Thus, attackers find it harder to get in and steal an old password which is just sitting out on a system.

    We utilize CyberArk secure infrastructure. We are moving towards applications in the cloud, but we do not currently have that. We are also utilizing CyberArk secure application credentials and endpoints.

    How has it helped my organization?

    The benefits are the way it allows us to secure accounts, but also be agile with providing privileged usage to our users. It is performing quite well, because it allows us to basically do what the user wants us to do, but in a secure manner. So, everyone is happy. Most of all, we don't have any breaches.

    It enables us to secure accounts and make sure they are compliant. Then, when the accounts are not compliant, it gives us the data so we can reach out to account owners, and say, "Your accounts aren't within our ESP policy. We need you to become compliant." This allows us to not only secure them, but keep track of what accounts are moving out of that secure boundary.

    What is most valuable?

    The most valuable would be the REST API on top of PTA, which we do not have installed yet, but we are looking to install it moving forward in the future. What it enables us to do is if someone takes a privileged account and logs into a machine that we do not know about, it will alert us and log that they have logged in. It allows us to take that identify back and rotate the credentials, so we now own it instead of the intruder going out and using a rogue account.

    What needs improvement?

    More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet. I would like to see that to be more of a one-on-one transition, and be fully built.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It is very stable. We are going to upgrade by the end of this year, if not early next year, to the most recent version 10.12.

    What do I think about the scalability of the solution?

    The scalability is incredible. They just released Marketplace, and they are constantly releasing updates to the components and adding new components, like Conjur. This is something that we ran into with Secret Server and DevOps, so it is already scalable, but becoming more so in the future.

    How is customer service and technical support?

    The technical support is wonderful. We get the right person. They answer very quickly, giving us solutions which actually work. If we can't get a solution from them right away, we can tap into the community with the tools that they have given us, and work with people from other companies who have already solved the same issue.

    How was the initial setup?

    I was involved in the upgrading processes, but not the initial setup. Upgrading is lengthy, because we have quite a few components, but it is definitely straightforward.

    What was our ROI?

    It has started new projects at our organization. So, we can see where our current landscape is for our privileged accounts, then we try to make them more secure.

    What other advice do I have?

    Try a demo, if you can. Make it a hands-on with some of the components and see what they offer you.

    I have used other privileged account management tools in the past. This, by far, outranks them as far as features and usability. The integrations on top of that as well. 

    Each new product that our company buys, we turn to CyberArk, and they are say, "Yes, we integrate with that."

    I have used the new generator utility plugin once, so not extensive experience, but I have used it. It does work.

    Most important criteria when selecting a vendor: They integrate with CyberArk.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    JG
    Security Analyst at a financial services firm with 5,001-10,000 employees
    Real User
    Give us the ability to rotate privileged user passwords to eliminate fraudulent use

    Pros and Cons

    • "We are able to rotate privileged user passwords to eliminate fraudulent use."
    • "If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network."
    • "The web access piece needs improvement. We have version 9.5 or 9.9.5, and now we have to upgrade to version 10."

    What is our primary use case?

    We use it to harden our passwords for privileged users. We also utilize CyberArk to secure application server credentials.

    We plan to utilize CyberArk's secure infrastructure and applications running in the cloud. We have AWS now. That is our next avenue: To get in there and have that taken care of.

    How has it helped my organization?

    If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network.

    It keeps us from having to fight with passwords or groups which are not getting onboard with the program.

    What is most valuable?

    We are able to rotate privileged user passwords to eliminate fraudulent use.

    What needs improvement?

    The web access piece needs improvement. We have version 9.5 or 9.9.5, and now we have to upgrade to version 10. 

    For how long have I used the solution?

    Less than one year.

    What do I think about the stability of the solution?

    Stability is rock solid.

    What do I think about the scalability of the solution?

    Scalability should not be an issue with us. Our implementation team sized it real well when we received it. We are a younger installation, so we have a long way to go. We have not seen the top end yet.

    How is customer service and technical support?

    The technical support is great. They are very responsive.

    How was the initial setup?

    I was not involved in the initial setup.

    What other advice do I have?

    CyberArk is the best out there. Their product makes our privileged access management so much easier.

    For privilege access management, there is really no choice but to implement this or a similar solution. It is the last bastion that companies have. Firewalls used to be the perimeter and the place to be. Nowadays, intruders can walk through the perimeter (the firewall). So, we have to get on the inside and get it tied down. They are not very many people playing in this market. CyberArk is on the top, so there should not be any reason not to go with it.

    Most important criteria when selecting a vendor:

    • Best of breed
    • Top quality support organization.
    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Eli Galindo
    Data Security Analyst II at a financial services firm with 5,001-10,000 employees
    Real User
    It hardens access and makes the organization more secure, therefore reducing chances of a breach

    Pros and Cons

    • "The central password manager is the most valuable feature because the password is constantly changing. If an outsider threat came in and gained access to one of those passwords, they would not have access for long."
    • "The product is for hardening access and making the organization more secure, therefore reducing chances of a breach."
    • "One of the main things that could be improved would be filtering accounts on the main page and increasing the functionality of the filters. There are some filters on the side which are very specific, but I feel there could be more."

    What is our primary use case?

    Our primary use case is to secure privileged access. 

    Right now, it is performing fairly well. We have had instances where we have had to work with the customer support to integrate a custom plugin and struggled a bit there. It took a bit longer than we expected, but it ended up working out. Most of our focus now is getting our systems into CyberArk, which has nothing to do with the CyberArk software. It is just being able to communicate with our internal team to get them in there. So far, we haven't had a problem with CyberArk.

    How has it helped my organization?

    The product is for hardening access and making the organization more secure, therefore reducing chances of a breach. That is the most beneficial to any company, avoiding any type of data loss which will reflect negatively on your company. Once that happens, you are frowned upon, and nobody wants that.

    It plays a huge role in enhancing our organization's privileged access and security hygiene. We are using it for most of our open systems, like Windows and Unix. Our plan is to integrate it with our entire internal network. 

    What is most valuable?

    The central password manager is the most valuable feature because the password is constantly changing. If an outsider threat came in and gained access to one of those passwords, they would not have access for long. That is critical and very important for the stability of our company.

    What needs improvement?

    One of the main things that could be improved would be filtering accounts on the main page and increasing the functionality of the filters. There are some filters on the side which are very specific, but I feel there could be more. For example, I want to look at accounts which are not working within a specific safe all at the same time.

    What do I think about the stability of the solution?

    So far, so good with stability. We have done a couple disaster recovery exercises with CyberArk, and they have gone according to plan.

    What do I think about the scalability of the solution?

    We have not gotten to scalability yet, because we are still working on integrating our systems. We have a very minute portion of it. 

    So, scalability will come afterwards, once we have everything there and we understand how much capacity we have used. As of now, scalability has not been an issue.

    The product should meet our needs in the future.

    How is customer service and technical support?

    The technical support is good at communicating. I learned a lot yesterday about how to figure out a support case quicker by helping them help you, and by giving them as much information as you can. In the past, I have not done that as well as I could have.

    How was the initial setup?

    I was not involved in the initial setup.

    What was our ROI?

    Not applicable.

    Which other solutions did I evaluate?

    I do not have much experience with other solutions, so I don't think I can adequately compare and contrast it with others.

    What other advice do I have?

    CyberArk is on top of its game. The product has worked well for our company.

    If you are looking at implementing this solution, buy the training and go to it. If you do not train, it is hard to understand it. It is hard to pick it up by cross-training with other people. You really want to start off strong.

    Most important criteria when evaluating a technical solution:

    Be brutally honest about all the factors that go into the solution that you are looking for (buyer) and what the solution can offer (seller).

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    SB
    Security Analyst at a insurance company with 1,001-5,000 employees
    Real User
    We are able to centrally manage credentials, touch applications, and rotate passwords

    Pros and Cons

    • "It has the ability to scale out. We have scaled out quite a bit with our product and use of it to get to multiple locations and businesses, so it has the breadth to do that."
    • "We are able to centrally manage credentials, touch applications, and rotate passwords."
    • "We would like to expand the usage of the auto discovery accounts feed, then on our end, tie in the REST API for automation."
    • "As they grow, the technical support is having growing pains. One of the things is just being able to get somebody on the phone sometimes."

    What is our primary use case?

    We use it for all of our privileged accounts, local admin, domain admin, and application accounts. We use several of the product suites. We are using the EPV suite along with AIM, and we are looking into using Conjur right now. Overall, it has been a great product and helped out a lot with being able to manage privileged accounts.

    We don't have a lot of stuff in the cloud right now, but as we move forward, this is why we are looking at Conjur. We would definitely use it for that and DevOps.

    We have owned the product since version 6.5.

    How has it helped my organization?

    We are utilizing CyberArk to secure application credentials and endpoints using AIM. We have a big project this year to try to secure a lot of application accounts using AIM.

    It is helping to centralize control over credentials. It gets a lot of privileged accounts off endpoints and rotates them, so they are not out in the open.

    What is most valuable?

    • Scalability
    • Stability
    • Usability

    We are able to centrally manage credentials, touch applications, and rotate passwords.

    I have some experience with the generator utility plugin. Although, we did plugins prior to the generator, manually installing them working with support. I do like the interface with the generator utility plugin, as it is very handy.

    What needs improvement?

    We would like to expand the usage of the auto discovery accounts feed, then on our end, tie in the REST API for automation.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It is very stable. We have not had any issues. There is a lot of redundancy that you can build into the product, so it's a very solid product.

    What do I think about the scalability of the solution?

    It has the ability to scale out. We have scaled out quite a bit with our product and use of it to get to multiple locations and businesses, so it has the breadth to do that.

    How are customer service and technical support?

    The technical support does a good job. Sometimes, it takes you a little bit to get to the right person. As they grow, they are having growing pains. One of the things is just being able to get somebody on the phone sometimes. Besides that, usually if you put in a ticket, you get a response back quickly. However, overall, they have a good, solid group. 

    Which solution did I use previously and why did I switch?

    We were not using a different solution before CyberArk.

    What other advice do I have?

    One of the biggest factors when dealing with this field/area in privileged accounts is you have to have executive support from the top down. Push for this, because trying to get different business units or groups to implement this product is very hard if you don't have upper level management support.

    Most important criteria when selecting a vendor: 

    • Stability of the product.
    • The customer service interface: Someone who can work with you on the product and understand what your needs are.
    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    MM
    IT Security Analyst at a mining and metals company with 10,001+ employees
    Real User
    We are utilizing it to secure applications, credentials, and endpoints

    Pros and Cons

    • "We are utilizing CyberArk to secure applications, credentials, and endpoints."
    • "On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need."
    • "It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile."
    • "Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug."

    What is our primary use case?

    • Credential faulting
    • Credential management
    • Privilege session management
    • Secure file storage

    We are utilizing CyberArk to secure applications, credentials, and endpoints.

    The product is performing very well. It is a difficult product to implement into a large organization though. There is a lot of customization and a lot of hands on stuff, which is not just install and be done. This isn't bad, but it does require a lot of time. 

    The value is probably the best of all of the other products which are offering the same services.

    How has it helped my organization?

    Having the keys securely locked helps drive policy. We can say what policy is, then we can point to the solution which provides it. Having that availability is strong in a large enterprise, especially in a global enterprise where there is a lot of different cultures and people do not want to hand off their privilege, rights, or workflows. Having that all set up and making it easier for them takes a lot of the stress off of our job.

    We are implementing PSM right now. It is providing a secured workflow substitute where people would go in and check out their passwords. They want to use it instead of having passwords, similar to Guard Check. 

    You go in because you need a key. You get the key, and you are accountable for that key while you have it. You open the door, do your work, close it, and return the key. People get that analogy, and it is awesome.

    We are in the basics, like Windows, Unix, and databases. We do plan on getting everything eventually managed. It is just a lot of customization and time to get it fully matured.

    What is most valuable?

    The support is good and quick. This is what we are paying for. We can try to implement something on our own end. However, when we need immediate support, because something is down, we usually get it within acceptable time frames.

    What needs improvement?

    It is web-based, but other competitors have apps. We need to get there. It is just smoother to have an app. You don't have all the bugs from having a browser, and people like them better, since you can get to them via mobile. There are competitors that have mobile apps which do the same thing. Mobile browsing is just not there with CyberArk. 

    This might be out of scope for CyberArk, but LastPass is an example of personal credential management. It would be cool if we could give personalized solutions to people, even if it is stored in the cloud. We have an enterprise solution, but we don't have a personalized one. It would be nice to have it all under one umbrella.

    What do I think about the stability of the solution?

    Stability is a huge concern right now. We are on a version which is very unstable. We have to upgrade to stabilize it. It is fine, but the problem is we have to hire CyberArk to do the upgrade. This costs money, and it is their bug. Our management is very upset about it.

    CyberArk has been helping out, and it has been okay. However, the stability is definitely a concern, because with PSM, it becomes more critical to have it up. All of a sudden you have to have PSM up to be able to do your work.

    The stability issues started when we upgraded from 9.7 to 9.95. Then, we were told during one of our cases that there was a bug in our new version and the only solution was to upgrade.

    What do I think about the scalability of the solution?

    The scalability is big. We are a large company, and there are only a few companies that can scale so well.

    How are customer service and technical support?

    We use their technical support all the time. It is a little slow to start a case. Then, once you get through that door (Level 1), it does escalate appropriately.

    On the customer accounts side, our account managers are responsive. If you ask them, they will get you whomever you need.

    Which solution did I use previously and why did I switch?

    Since I started, it has always been CyberArk.

    What was our ROI?

    I can't say we have an ROI. Our CIO is not about measuring profit from our security stuff. Our risk is definitely significantly lower. Also, our resources are low.

    What other advice do I have?

    Start small and don't try to overwhelm your scope. Do small steps and get them completed. Take notes, document, then scale out. Go from high risk out instead of trying to get everything in, then fixing it.

    One of my homework assignments at CyberArk Impact is to find out more about how to utilize CyberArk to secure infrastructure or applications running in the cloud.

    We have a lot of the out-of-the-box plugins with one custom plugin, but we are still new to using them.

    Most important criteria when selecting a vendor

    Age of the company, because we do not want to be first to market. We want to hear about it from other people. How is the sales rep is communicating. Whether it is more of a sales pitch or if it is a genuine concern for our security.

    Then, make sure our vision is lined up with the product. We want to get our bang for the buck

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    KR
    Identity and Access Management Engineer at a energy/utilities company with 10,001+ employees
    Real User
    Ability to manage application credentials whether they come as a custom plugin or straight out-of-the-box

    Pros and Cons

    • "The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used)."
    • "We have been able to manage application credentials in CyberArk, whether they come as a custom plugin or straight out-of-the-box."
    • "Some of the additional features that we are looking at are in the Conjur product. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines."

    What is our primary use case?

    The primary use case is for password credential management of privileged accounts. The product has performed very well, and we will continue to invest in this space because the CyberArk tools are working well for us.

    We are using it to manage infrastructure and applications in the cloud, rotating credentials which are used for operating system logins and cloud console credentials.

    How has it helped my organization?

    We have a lot of privileged accounts with a lot of administrators. The only way to have a good handle on the inventory of accounts, and have some type of controls around who has access to the accounts, is to have a tool like CyberArk.

    The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used). This helps our security posture. We also look at other privileged accounts, which are used by overlooked applications, and this provides a benefit to the company. 

    What is most valuable?

    The most valuable features would be:

    • Ease of installation
    • Support for every use case that we have come across.
    • Application credentials: We have been able to manage them in CyberArk, whether they come as a custom plugin or straight out-of-the-box.

    What needs improvement?

    Some of the additional features that we are looking at are in the Conjur product. So, CyberArk has some of the features we want covered either by utilizing Conjur's features or by integrating Conjur directing into the CyberArk tool. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    Stability is great, especially as the product matures. I have been using CyberArk since version 4. We currently are using version 9 in our production environment, and are looking to deploy version 10. Version 9 is very stable compared to the previous versions. 

    What do I think about the scalability of the solution?

    Scalability is great. We have no problems. 

    We have a very large, diverse, global environment, and we have not run into any scalability issues. 

    How is customer service and technical support?

    Technical support is very good. We have had a technical account manager (TAM) in the past, and have worked directly with her as our primary source. However, we also contact other people in the support environment, and they know the product well and are always willing to help out.

    How was the initial setup?

    I did an initial installation at another company. It was pretty straightforward. 

    What about the implementation team?

    CyberArk offered to help with designing the architecture. Once we got all those pieces sorted out, the implementation was easy.

    What was our ROI?

    I don't know if anyone has done a true number analysis, but we do see the following:

    • The amount of time that people used to spend maintaining credentials;
    • The amount of time that used to be utilized for audit purposes and who had which accounts at any point in time.

    There is ROI on the actions above because the amount of time that it took to do these tasks has been significantly cut.

    What other advice do I have?

    If you are starting from scratch with the product, you should take a good inventory of your accounts to know what is in the scope. Start off with the password management aspect of it, but also look into things that provide session management, SSH key, and rotation. These are some of the basic things a new company using privileged access should look for.

    CyberArk is always willing to take feedback from the customer and are looking for ways to improve. There are all types of programs within CyberArk to take that feedback and incorporate it into their product.

    I have experience using quite a few of the plugins, but I am not familiar with the new generator utility plugin.

    The most important criteria when selecting a vendor: They need to understand our environment. We have a very complex environment at a very large scale. They need to show that they have a product which can meet the needs of a large organization like ours, and find solutions from old legacy environments to everything through the cloud.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    KE
    Security Analyst at a retailer with 10,001+ employees
    Real User
    We can manage many accounts and broker connections between devices without needing to know passwords

    Pros and Cons

    • "We know when passwords will be expiring so we can force users to change their passwords, as well as requiring specific password requirements for length, complexity, etc."
    • "Technical support has been very responsive in navigating challenges. It is very easy to open a ticket."
    • "I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool."

    What is our primary use case?

    The primary use case is for privileged account management. It is performing well.

    We are currently using CyberArk for applications running in the cloud. We are also using them for DevOps. We have some new things that we are implementing, and are working non-stop to leverage these features.

    In addition, we are using CyberArk to secure applications and endpoints. 

    How has it helped my organization?

    We know when passwords will be expiring so we can force users to change their passwords, as well as requiring specific password requirements for length, complexity, etc.

    Our security goal would be to keep people from putting the passwords in text files, do online shares, etc. This gives us more granular control.

    What is most valuable?

    The most valuable feature is the ability to manage many accounts and broker connections between devices without needing to know passwords.

    It is a customizable product.

    What needs improvement?

    I like that they have continued with the RESTful API and the ability to leverage automation. I would like to see that continue. 

    I would like easier integrations for creating an online dashboard that executives would look at or are able to run reports from the tool.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    The stability has been very good.

    What do I think about the scalability of the solution?

    The scalability has been good, and will meet our needs in five year's time.

    How are customer service and technical support?

    Technical support has been very responsive in navigating challenges. It is very easy to open a ticket.

    Which solution did I use previously and why did I switch?

    We were previously using HPM.

    How was the initial setup?

    It was complex. Because at that point. I had only recently joined the security team. I was told, "Here's a share with the files. Go install this."

    What was our ROI?

    I don't know that we are able to measure that at this point, other than no data breaches.

    What other advice do I have?

    Make sure you have a development or QA environment.

    I did training today on the new plugin generator utility.

    I would rate it about a nine for ease of use and deployment. They are continuously improving the product. It works great, and there is a lot of documentation available.

    Most important criteria when selecting a vendor: Longevity and length of time in the business. Not that there is anything wrong with startups, but these folks have been out there with a proven track record. We talk to other people, look at the reports, etc.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    karthikrajaraj
    Technical Director at Unique Performance Techsoft Pvt Ltd
    Real User
    Top 20Leaderboard
    Anomaly detection and prevention for all privilege accounts

    Pros and Cons

    • "Automatic password management, which will automatically change passwords based on compliance requirements."
    • "DVR like video recording and text-based recording for easier audits."
    • "This product needs professional consulting services to onboard accounts effectively based user profiles."

    What is our primary use case?

    We provide privilege account security and consulting to our customers. Organisations that we work with use CyberArk Privileged Account Security to secure their privilege accounts, which are shared between users in the organisation. It provides automatic password management and provides the single sign-on experience to users for all privilege accounts (Windows - administrator, Linux - root, MS SQL - SA, Oracle - SYS, SSH keys, etc.).

    It also provides DVR like recording for all privilege access and text-based recording to easily audit all privilege activities.

    The new Privilege Threat Analytics platform provides proactive protection by suspending the user session when it detects an anomaly based on past user login and session activity details. In addition, we can configure the solution to detect scoring on all privilege sessions for easier audits.

    The Application Identity Manager module helps to eliminate hard-coded passwords in the application and enables us to easily change database passwords.

    How has it helped my organization?

    1. Automatic password management, which will automatically change passwords based on compliance requirements.
    2. DVR like video recording and text-based recording for easier audits.
    3. Easily scan the network for all privilege accounts and has an easier onboarding process.
    4. SSH key management
    5. Command level restriction for all SSH-based devices.
    6. Anomaly detection and prevention for all privilege accounts.
    7. Integration with ticketing tools and SIEM solutions.

    What is most valuable?

    1. Ability to provide native experience for users to login to privilege accounts. They do not need to go through a portal to access servers and accounts.
    2. Agentless solution which is easy to customise to any platform having network connectivity.
    3. Wide range of devices supported out-of-the-box.
    4. Easy to configure HA and DR options.
    5. Online training enables cost effective valuable training.

    What needs improvement?

    This product needs professional consulting services to onboard accounts effectively based user profiles.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    No issues.

    What do I think about the scalability of the solution?

    No issues.

    How are customer service and technical support?

    Excellent customer support.

    Which solution did I use previously and why did I switch?

    We did not previously use another solution.

    How was the initial setup?

    The setup is very straightforward.

    What's my experience with pricing, setup cost, and licensing?

    The cost is high compared to other products, but CyberArk provides all the features bundled. This is compared to other vendors who provide them as a different license for each functionality.

    Which other solutions did I evaluate?

    At present, we are only focusing on CyberArk for privilege account security. Comparing it to other providers, Cyberark provides a more user-friendly environment with many more features and benefits.

    What other advice do I have?

    I have used and deployed it in various environments so far. It really covers all the use cases provided by the customer.

    Disclosure: My company has a business relationship with this vendor other than being a customer: We are certified Gold partners for CyberArk and implemented this solution for a customer from various industry verticals.
    ITCS user
    CyberArk Consultant at a hospitality company with 10,001+ employees
    Consultant
    Helped us to identify, store, protect, and monitor usage of privileged accounts

    Pros and Cons

    • "CyberArk has helped us to identify, store, protect, and monitor the usage of privileged accounts."
    • "The Vault offers great capabilities for structuring and accessing data."
    • "Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices."
    • "Online help needs to be looked into with live agent support."
    • "The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots."
    • "New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections."

    What is our primary use case?

    Managing and securing the access to the environment.

    I have worked with CyberArk solutions/applications for more than three years.

    I have completed several implementations, proofs of concept, operational, and development activities. I have also worked with or checked most CyberArk releases since version 8.7.

    How has it helped my organization?

    Much stricter rotation of credentials.

    Unmanaged and highly privileged accounts increase risks that can be exploited. The security controls defined by the organization require protection of the privileged account passwords. CyberArk has helped us to identify, store, protect, and monitor the usage of privileged accounts.

    What is most valuable?

    • Controlled access and rotation of credentials.
    • The Vault offers great capabilities for structuring and accessing data. 
    • Central Password Manager is useful for agentless automated password management through AD integration as well as endpoints for different devices.
    • Privileged Session Manager is for provisioning, securing, and recording sessions.

    What needs improvement?

    • The product documentation has to be more precise in certain aspects with explanations for functionality limitations along with reference material or screenshots. 
    • New functionalities and discovered bugs take longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.
    • Online help also needs to be looked into with live agent support.

    For how long have I used the solution?

    One to three years.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    it_user585702
    Senior Consultant at a tech services company with 5,001-10,000 employees
    MSP
    Allows secure, logged access to highly sensitive servers and services

    Pros and Cons

    • "Allows secure, logged access to highly sensitive servers and services."
    • "​It's hard to find competent resellers/support."
    • "Initial setup is complex. Lots of architecture, lots of planning, and lots of education and training are needed."
    • "it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs."

    How has it helped my organization?

    It has made things more complex, but has eliminated the possibility of Pass The Hash.

    What is most valuable?

    Allows secure, logged access to highly sensitive servers and services.

    What needs improvement?

    Perhaps by design, but it manages creds based on Organizational Units. That is, a "safe" is limited to specific OUs. That makes for very elaborate OU structure, or you risk exposing too many devices by putting most of them in fewer OUs.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    No scalability issues.

    What do I think about the scalability of the solution?

    Yes. The OU limitations, noted above.

    How is customer service and technical support?

    It's hard to find competent resellers/support.

    How was the initial setup?

    Complex. Lots of architecture, lots of planning, and lots of education and training are needed. Technically, roll-out isn’t bad. It’s the support, training, education, philosophy, and integration within existing ways of doing things that are challenging.

    What other advice do I have?

    I’m a consultant. I help implement and train others on how to use it in a highly secure environment.

    I’d give it a nine out of 10. It is very, very secure.

    Plan for major culture change, especially in non-progressive shops. This is a necessary evil to endure for the sake of real security.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    it_user796542
    User at a financial services firm with 10,001+ employees
    Real User
    Securely protects our TAP/NUID and privileged access accounts within the company

    Pros and Cons

    • "The regulation of accounts is by far the most needed and valuable part of the application."
    • "Helped us meet our standards and requirements to help us comply with industry standards and banking regulations."
    • "Securely protects our TAP/NUID and privileged access accounts within the company."

      What is our primary use case?

      Our main use is for CyberArk to hold, maintain, and securely protect our TAP/NUID and "privileged access" accounts within the company.

      How has it helped my organization?

      For audit and risk purposes, CyberArk EPV has helped us meet our standards and requirements to help us comply with industry standards and banking regulations. Reports and other quick audit checks make this possible.

      What is most valuable?

      EPV, as a whole, is very valuable to the company. However, the regulation of accounts is by far the most needed and valuable part of the application.

      What needs improvement?

      Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product.

      For how long have I used the solution?

      Less than one year.
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      ITCS user
      Senior Consultant - Information Security Engineering at a financial services firm with 10,001+ employees
      Consultant
      Can provide transparent connection to targeted systems and record activities

      Pros and Cons

      • "Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials."
      • "You can gradually implement CyberArk, starting with more easily attainable goals."

        What is our primary use case?

        We proactively vault and manage all elevated accounts across multiple platforms. 

        For especially sensitive business units, we additionally leverage Privilege Session Manager to provide transparent connection to targeted systems and record activities.

        How has it helped my organization?

        Rather than multiple tools for maintaining regulatory compliance around passwords and privileged accounts, we have centralized as much as possible with CyberArk. This is now a one stop shop for end users to access their elevated credentials.

        What is most valuable?

        You can gradually implement CyberArk, starting with more easily attainable goals, such as basic vaulting and password rotation and build on that with additional modules, such as Privileged Session Manager and Application Identity Manager.

        What needs improvement?

        While in the past, administration required several tools and multiple screens/options in those products, v10 is moving towards a single pane of glass with common functions easily found and information regarding privileged accounts given to users in plain, easy to understand terms, now enhanced with graphics.

        For how long have I used the solution?

        Three to five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        ITCS user
        Princ. Info Security Analyst at a insurance company with 10,001+ employees
        Real User
        Ensures accounts are managed according to corporate policies

        Pros and Cons

        • "Ensures accounts are managed according to corporate policies."
        • "It takes people out of the machine work of ensuring credentials remain up-to-date, and handles connection brokering such that human usage and credential management remain independent."
        • "It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill."

        What is our primary use case?

        We use it all.

        • Privileged account access and management
        • Credential rotation
        • Access control
        • Privileged session recording

        How has it helped my organization?

        CyberArk PAS helps ensure accounts are managed according to corporate policies. In short, it takes people out of the machine work of ensuring credentials remain up-to-date, and handles connection brokering such that human usage and credential management remain independent.

        What is most valuable?

        All of the features we use have helped our security posture in some way. All of these have their place in defining and supporting the security posture:

        • Password management
        • Session management
        • Recording
        • Access control.

        What needs improvement?

        Overall, I think it is a fantastic product, when used as designed and intended.

        One of its biggest downfalls is also one of its biggest strengths. It is easily customized, and that customization makes it very easy to start trying to shoehorn the solution into roles it was never intended to fill.

        For how long have I used the solution?

        More than five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        Eric Vanatta
        Identity and Access Management System Administrator Sr. at a financial services firm with 1,001-5,000 employees
        Real User
        Increased our insight into how privileged accounts are being used and distributed within our footprint

        What is our primary use case?

        CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage.

        How has it helped my organization?

        The CyberArk PAS has greatly increased our insight into how privileged accounts are being used and distributed within our footprint.

        What is most valuable?

        Ease of use The auditing capabilities The great support of their customer success teams

        What needs improvement?

        Areas the product could be improved are in some of the reporting capabilities and how the reports are configured.

        For how long have I used the solution?

        One to three years.

        What is our primary use case?

        CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage.

        How has it helped my organization?

        The CyberArk PAS has greatly increased our insight into how privileged accounts are being used and distributed within our footprint.

        What is most valuable?

        • Ease of use
        • The auditing capabilities
        • The great support of their customer success teams

        What needs improvement?

        Areas the product could be improved are in some of the reporting capabilities and how the reports are configured.

        For how long have I used the solution?

        One to three years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        John Lawren James
        Global Privilege Access Management Technical Architect at a consultancy with 10,001+ employees
        Consultant
        All access to our servers, by both staff and vendors, is monitored and recorded

        What is our primary use case?

        We are leveraging CyberArk to provide Windows server access management across our enterprise. All our staff is looking for access to a server and needs to use CyberArk.

        How has it helped my organization?

        CyberArk has resulted in a massive increase in our security footprint. All access to our servers, by both staff and vendors, is monitored and recorded.

        What is most valuable?

        Session recording and key logging. We can track down not only who made a change, but exactly what they changed or did.

        What needs improvement?

        The current user interface is a little dated. However, I hear there are changes coming in the next version.  There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself. …

        What is our primary use case?

        We are leveraging CyberArk to provide Windows server access management across our enterprise. All our staff is looking for access to a server and needs to use CyberArk.

        How has it helped my organization?

        CyberArk has resulted in a massive increase in our security footprint. All access to our servers, by both staff and vendors, is monitored and recorded.

        What is most valuable?

        Session recording and key logging. We can track down not only who made a change, but exactly what they changed or did.

        What needs improvement?

        The current user interface is a little dated. However, I hear there are changes coming in the next version. 

        There is a learning curve when it comes to planning out the deployment strategy, but once it is defined, it runs itself.

        For how long have I used the solution?

        More than five years.
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user620580
        Security Engineer at a tech services company with 51-200 employees
        Consultant
        Enables us to manage passwords of highly privileged accounts.

        What is most valuable?

        The product enables us manage passwords of highly privileged (service) accounts. These are not tied to a person, and they include a full audit trail and approval workflow functionality.

        How has it helped my organization?

        Management of these accounts is typically required to prevent abuse and gain control of this.

        What needs improvement?

        Perhaps improve the user registry integration. It is already fine, but a bit atypical.

        My experience with the product was with older versions, so this may not represent the actual case anymore. In essence, user registry integration is atypical in the sense that the product creates a copy of the user inside the product itself (to accommodate for license seat counting, I guess).

        Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt the vendor considers this an issue, though.

        For how long have I used the solution?

        I have used this for three years, including the implementation of the product

        What do I think about the stability of the solution?

        There were no issues with stability.

        What do I think about the scalability of the solution?

        There were no issues with scalability.

        How is customer service and technical support?

        Technical support is OK. The product is not very difficult to install, but there are some considerations that need to be taken into account. Tech support is very well aware of this.

        How was the initial setup?

        The initial setup was simple. It is windows based and leverages installation wizards to perform installation. Also, sufficient documentation exists to guide the setup procedure.

        What's my experience with pricing, setup cost, and licensing?

        Look well at the user base and frequency of use. A lot of licensing models exist, but having this clear will immediately indicate what fits best.

        As for pricing, I cannot comment.

        Which other solutions did I evaluate?

        We did not evaluate other solutions.

        What other advice do I have?

        Make sure that the organization is ready and willing to adopt this, as the typical business cases cannot be addressed by the product alone.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CyberArk business partner.
        Malhar Vora
        CyberArk PAS Solution Professional | Project Manager at a tech services company with 10,001+ employees
        Consultant
        Top 20Leaderboard
        Provides automatic password management. We can monitor, record, and control sessions.

        What is most valuable?

        All features of the CyberArk PAS solution are valuable.

        The Digital Vault is one of the key components of the solution along with many other great benefits. The highly secured vault stores the privileged account passwords and data files using encryption. In version v9.7, CyberArk has introduced the Cluster Vault feature, which enhances high availability of the Vault server.

        Other important features:

        • Automatic password management
        • Monitor, record, and control privileged sessions
        • Flexible architecture
        • Clientless product
        • Custom plug-ins for managing privileged accounts and sessions

        How has it helped my organization?

        Unmanaged, highly privileged accounts increase risks that can be exploited by attackers. The security controls defined by the organization require protection of the privileged account passwords. CyberArk helps organizations to identify, store, protect, and monitor the usage of privileged accounts.

        What needs improvement?

        An immediate improvement was the implementation of security controls to protect, control and monitor privileged accounts through CyberArk solution.

        For how long have I used the solution?

        I have used CyberArk for over two and a half years.

        What do I think about the stability of the solution?

        It’s a very stable product. I haven’t encountered any stability issues.

        What do I think about the scalability of the solution?

        I haven’t encountered any scalability issues. All the components are scalable.

        How are customer service and technical support?

        I would give technical support a rating of 4.5/5.

        Which solution did I use previously and why did I switch?

        This is the first PAM product that I have used.

        How was the initial setup?

        The initial installation was straightforward. The configuration or integration can be complex depending on the requirements, design, and infrastructure of the organization.

        What's my experience with pricing, setup cost, and licensing?

        The pricing and licensing depend on many factors and on the components considered for implementation.

        What other advice do I have?

        The PAM solution brings cultural change and adds a layer to the way IT administrators access the privileged accounts before implementing the PAM tool. A great, valuable product like CyberArk requires good planning and time to implement all the features.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user685299
        IT Security Specialist at a tech services company with 11-50 employees
        Consultant
        Password rotation, session recording & isolation and on-demand privileges.

        Pros and Cons

        • "Password rotation, session recording & isolation and on-demand privileges."
        • "For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products."

        What is most valuable?

        Password rotation, session recording & isolation and on-demand privileges.

        What needs improvement?

        For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products.

        What do I think about the stability of the solution?

        No

        What do I think about the scalability of the solution?

        No

        How is customer service and technical support?

        Very good.

        How was the initial setup?

        Basic setup is pretty straightforward, but to fully utilise the product it can get complicated as it ties in with a lot of other products. Suggest a phased installation so staff can adjust to new processes.

        What's my experience with pricing, setup cost, and licensing?

        It can be an expensive product. I Suggest only licensing basics to begin with and as need arises, start to license extensions (AIM, etc.) during next phase of implementation.

        Which other solutions did I evaluate?

        Centrify and Lieberman ERPM.

        What other advice do I have?

        CyberArk offers extensive training, utilise it. Also their support staff are very good and can assist with everything.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user685302
        Technical Lead at a tech services company with 10,001+ employees
        Consultant
        ​Enterprise Password Vault, Privilege Session Manager & Application Identity Management have been very useful for our client environment.​

        Pros and Cons

        • "Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment."
        • "Performance of PIM could be better and intended for usability as well as security."

        How has it helped my organization?

        Its features like detailed audit and reporting, automated workflows, granulated privileged access controls, automated password rotation, and centralized and secure storage have helped us in developing a secure environment for customers, along with audit and compliance coverage.

        What is most valuable?

        Enterprise Password Vault, Privilege Session Manager, and Application Identity Management have been very useful for our client environment.

        What needs improvement?

        Performance of PIM could be better and intended for usability as well as security. Another point is that the free trials should be in place for all components so that PoC could be made easy.

        What do I think about the stability of the solution?

        No.

        What do I think about the scalability of the solution?

        No.

        How are customer service and technical support?

        Technical support is quite efficient and they always provide a timely response.

        Which solution did I use previously and why did I switch?

        Haven’t use any solution prior to CyberArk.

        How was the initial setup?

        As this was new product, there were some small challenges in understanding but the setup was straightforward.

        What's my experience with pricing, setup cost, and licensing?

        As our deployment was not so large, our client was happy with the pricing and licensing.

        Which other solutions did I evaluate?

        Yes, we did a research and chose CyberArk above all due to its components that were suitable to our environment.

        What other advice do I have?

        Proper implementation and prior study of product will give you efficient results. Organizations looking for a product that can provide proper paper trail for risk and compliance audits should certainly give it a try because the product's auditing and reporting capabilities are really bliss.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user677688
        CyberArk Consultant at a comms service provider with 10,001+ employees
        Vendor
        The password management component (CPM) is the most valuable. The installation manual is quite straightforward and extensive.

        Pros and Cons

        • "It enables companies to automate password management on target systems gaining a more secure access management approach."
        • "The current interface doesn't scale that well, and has some screens still in the old layout."

        How has it helped my organization?

        Implementing CyberArk is not only "rolling out" a tool. It also will force the company to have a good look at the access management strategy, improve security processes and clean data. Implementation of CyberArk will increase the insight the company has in their access management implementation.

        What is most valuable?

        The password management component (CPM) is the most valuable. This enables companies to automate password management on target systems gaining a more secure access management approach.

        Another major component is the PSM, which enables session recording and provides additional possibilities to securely connect to target devices.

        What needs improvement?

        Allthough it's highly configurable, the user interface could use a do-over. The current interface doesn't scale that well, has some screens still in the old layout, while others are in the new ones and consistency in layout between pages sometimes is an issue. As I understand, this is scheduled for version 10.

        What do I think about the stability of the solution?

        If there are stability issues, most of the time this relates to the companies infrastructure.

        What do I think about the scalability of the solution?

        CyberArk is highly scalable. Depending on the companies infrastructure, the size of the CyberArk implementation can become quite large.

        How are customer service and technical support?

        I rate support 7/10. Technical knowledge of the support staff is good. Sometimes it is a lengthy process to get to the actual answer you require. One the one hand, that is because lots of information is required (logs, settings, reports, etc.). On the other hand, the support crew sometimes answers on questions that we did not ask.

        Which solution did I use previously and why did I switch?

        We did not have a previous solution.

        How was the initial setup?

        The installation manual is quite straightforward and extensive. There also is an implementation manual to support the function implementation. The installation requires specific hardware which sometimes might not fit the standards within an organisation. Over the last few years the documentation has improved hugely. Of course, there is always room for improvement, but I guess this is one of the better ones in the IT field.

        What's my experience with pricing, setup cost, and licensing?

        I do not have anything to do with pricing.

        Which other solutions did I evaluate?

        I was not involved in the acquisition process, but I know that sometimes a Hitachi solution is considered.

        What other advice do I have?

        Do a detailed assessment of your requirements before you invest. Map the requirements to the functionality and go just that step deeper in the assessment of whether the tool fits your needs. Keep in mind that, although CyberArk is highly configurable and provides lots of functionality, it still is an out-of-the-box solution and customization is limited in some ways.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user674070
        Senior Technical Trainer at a tech services company with 501-1,000 employees
        Consultant
        Improves the privilege account security in the organization. I would like to see improvement in the custom connector.

        Pros and Cons

        • "PSM (Privilege Session Manager."
        • "I would like to see improvement in the custom connector for integration with different devices."

        How has it helped my organization?

        This product helps to improve the privilege account security in the organization. Privilege accounts were involved in all the breaches.

        What is most valuable?

        PSM (Privilege Session Manager)

        What needs improvement?

        I would like to see improvement in the custom connector for integration with different devices. Currently, it needs professional services and lots of time for out-of-the-box custom connectors.

        What do I think about the stability of the solution?

        There were no issues with stability. However, there were a few times when there were stability issues because the solution was deployed on a Windows platform.

        What do I think about the scalability of the solution?

        There were no issues with scalability.

        How are customer service and technical support?

        Technical support is average. They are not so great, because the first level support partner or distributor has to provide the support and customers cannot contact CyberArk support directly.

        Which solution did I use previously and why did I switch?

        We moved from version 8 to Version 9.

        How was the initial setup?

        The initial setup is a bit complex because it has lots of prerequisites and dependencies on Windows' features.

        What's my experience with pricing, setup cost, and licensing?

        It is not a cheap solution. It is expensive as compared with other solutions. However, it is one of the best solutions in their domain.

        Which other solutions did I evaluate?

        I worked in the CyberArk distribution company. However, I have seen that other products do not provide all the features that CyberArk can provide.

        What other advice do I have?

        For implementation, you will need professional services or other experts.

        Disclosure: My company has a business relationship with this vendor other than being a customer: My ex-company is the distributor of CyberArk.
        it_user674049
        Head of Technical Services at a tech services company with 51-200 employees
        Consultant
        Gives us the ability to isolate sessions to protect the target system.

        Pros and Cons

        • "Automates password management to remove the human chain weakness."
        • "The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA."

        How has it helped my organization?

        With the ability to better control access to systems and privileged accounts, we no longer need to manage privilege accounts per user. We are able to manage privilege accounts for the service, which is automatically managed by the CPM as part of the solution. Allowing access to systems by group membership, via safe access, makes controlling actual access much simpler than traditional mapping via the Active Directory.

        What is most valuable?

        • The ability to isolate sessions to protect the target system.
        • Automates password management to remove the human chain weakness.
        • Creates a full audit chain to ensure privilege management is responsibly done
        • Creates an environment in which privilege accounts are used, without exposing the password, on target systems.
        • Performs privilege functions, without undue exposure, whilst maintaining the ability to audit, where anything suspicious, or unfortunate, may have occurred.

        What needs improvement?

        The web interface has come a long way, but the PrivateArk client seems clunky and not intuitive. It could use an update to be brought up to speed with the usability of PVWA.

        Whilst the client is completely functional, it's been around for a long time and is reminiscent of XP, or even Windows 95. It could use an aesthetic update, with some of the wording and functions needing to be updated to be more representative of what is found in similar configuration from within the PVWA.

        To go into more detail- The old PrivateArk client is simply that, old. Looking at the recently released Cluster Manager quickly reminds us of that. Also, the way in which objects are handled within the old client is similar to how objects were handled in older versions of Windows. The PrivateArk client could do with easier to follow links to configuration items and the ability to perform searches and data relevant tasks in an easier to follow process, there may even be room for inclusion of the server management component (lightweight even) and cluster manager components to be made available via the same client, should permissions permit such. As much as the client remains stable and functional, I believe it is time for an update, even if only aesthetically.

        What do I think about the stability of the solution?

        Some improvements could be made to the PSM service. However, this could also be a problem with how Microsoft RDS functions, rather than the PSM services.

        What do I think about the scalability of the solution?

        This product scales amazingly well.

        How are customer service and technical support?

        Technical support works with customers and partners to resolve issues in a timely way.

        Which solution did I use previously and why did I switch?

        No previous solutions were used.

        How was the initial setup?

        The manual reads like a step-by-step guide. The installation, although complex, can be achieved by following the installation guide.

        What's my experience with pricing, setup cost, and licensing?

        I don’t work with pricing, but licensing is dependent on the needs and requirements of each customer.

        Which other solutions did I evaluate?

        We evaluated alternatives, but nothing compares.

        What other advice do I have?

        Make sure you understand your business objects and your technical objects. Plan to scale out to the entire organization, but start small, and grow organically.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Platinum Partner.Performanta, the global purple tribe, delivering the bedrock of quality managed cyber security services and consulting to our customers, enabling them to do business safely. With a consultative approach to people, process and technology, Performanta focuses on cyber security projects in line with adversarial, accidental and environmental business risk. We measure Governance, Risk and Compliance with a kill chain resilience and technology mapping service, Cyber Security Operations Centre (CSOC) technical support and products to deliver intelligence and customer value to ensure control over the threat landscape. Securing Your World, Together. 16 May, 2017: At the CyberArk Impact EMEA 2017 conference, Performanta received the winning award for ‘Best Solution Partner of the Year’ for UK/Ireland, which they describe as: “The Solution Partner of the Year award recognises Performanta, in region, as having made a significant contribution to the CyberArk business; they understand our offering, can articulate that well into the prospect and customer community and have proven themselves technically capable on a regular basis during the last 12 months.”
        it_user665142
        SD/Infr Coordinator at a computer software company with 201-500 employees
        Vendor
        We helped a telecom to migrate from a standard .XLS with accounts.

        Pros and Cons

        • "You can easily manage more than 4000 accounts with one PSM."
        • "I would like to see better usability for non-technical people."

        How has it helped my organization?

        The fact that there are more and more plugins developed make it easier for implementation.

        What is most valuable?

        It is difficult to say what the valuable features are. I use all the different parts together to get the full power of CyberArk.

        What needs improvement?

        I would like to see better usability for non-technical people. If you use the PVWA interface, I noticed that the end user would need some extra training. The portal doesn't navigate so easily, if you don't know it.

        With Facebook, for example, people find their way around easily. In PVWA, it takes some time to know how it works from an end-user point of view.

        What do I think about the stability of the solution?

        I did not encounter any issues with stability.

        What do I think about the scalability of the solution?

        There have been no issues with scalability. You can easily manage more than 4000 accounts with one PSM.

        How are customer service and technical support?

        I haven't needed any support yet, as it is well documented.

        Which solution did I use previously and why did I switch?

        We did not use a previous solution. Basically, we helped a telecom to migrate from a standard .XLS with accounts to CyberArk.

        How was the initial setup?

        The most difficult part was convincing the technical teams to use it.

        What's my experience with pricing, setup cost, and licensing?

        Pricing and licensing depend on the environment. First, make a good plan.

        What other advice do I have?

        Basically, build it up step-by-step, starting with the EPV of course :-).

        Disclosure: My company has a business relationship with this vendor other than being a customer: There is no business relationship in my current company. But my previous company, Devoteam, is officially the point of contact for Belgium.
        ITCS user
        Senior Consultant at a consultancy with 10,001+ employees
        Consultant
        The combination of CPM and PSM resolves a lot of use cases.

        Pros and Cons

        • "The combination of CPM and PSM resolves a lot of use cases."
        • "They can do a better job in the PSM space."

        How has it helped my organization?

        All the high privileged accounts are managed by CyberArk at a regular frequency. This mitigates the big risk that we had for passwords not changing forever.

        What is most valuable?

        The combination of CPM and PSM resolves a lot of use cases.

        What needs improvement?

        They can do a better job in the PSM space.

        What do I think about the stability of the solution?

        It has been pretty stable. No ongoing issues; only one-off, and CyberArk support has been pretty good for support.

        What do I think about the scalability of the solution?

        I can foresee some issues if we suddenly have to put thousands of passwords into CyberArk Vault. I know they have the password upload utility, but it has its limitations.

        How are customer service and technical support?

        Customer Service:

        Their support is pretty good and responsive.

        Technical Support:

        Their support is pretty good and responsive. Their L3 is in Israel, so sometimes it takes more time getting responses for complicated use cases.

        Which solution did I use previously and why did I switch?

        I did not previously use a different solution. I have always used CyberArk.

        How was the initial setup?

        I would rate initial setup as a medium complexity. They have good documentation, as well.

        What about the implementation team?

        I am from a vendor team that does the implementation.

        What's my experience with pricing, setup cost, and licensing?

        I was not involved in the pricing and licensing. I have an idea that it's on the higher side of the price scale.

        Which other solutions did I evaluate?

        Before choosing this product, we also evaluated Dell and NetIQ.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user620580
        Security Engineer at a tech services company with 51-200 employees
        Consultant
        Provides a full audit trail and approval workflow functionality.

        What is most valuable?

        • Ability to manage passwords for highly privileged, service accounts, which are not tied to a person
        • The inclusion of a full audit trail
        • Approval workflow functionality

        How has it helped my organization?

        Management of these accounts is typically required to prevent abuse and prove compliance.

        What needs improvement?

        Perhaps improve the user registry integration. User registry integration is atypical in the sense that the product creates a copy of the user inside the product itself. This is done to accommodate for license seat counting.

        Depending upon the size of the user base and license model, it may not allow new users to log in to the platform. I doubt that the vendor considers this an issue.

        For how long have I used the solution?

        I have used CyberArk for three years, including the implementation of the product.

        What do I think about the stability of the solution?

        I did not have stability issues.

        What do I think about the scalability of the solution?

        I did not have scalability issues.

        How is customer service and technical support?

        The product is not very difficult to install. However, there are some considerations that need to be taken into account. Technical support is very well aware of this.

        How was the initial setup?

        The setup was simple. It is Windows based and leverages installation wizards to perform the installation. Also, sufficient documentation exists to guide you through the setup procedure.

        What's my experience with pricing, setup cost, and licensing?

        Examine the user base and frequency of use. A lot of licensing models exist. However, having this clear will immediately indicate what fits best. As for pricing, I cannot comment.

        Which other solutions did I evaluate?

        We didn’t look at alternatives.

        What other advice do I have?

        Assure that the organization is ready and willing to adopt this. The typical business cases cannot be addressed by the product alone.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CyberArk business partner implementing for customers.
        it_user574734
        Technology Architect at a renewables & environment company with 51-200 employees
        Vendor
        Reduced the overhead to protect enterprise data from delays.

        What is most valuable?

        • EPV: Enterprise Password Vault
        • PSM: Privileged Session Manager
        • AIM: Application Identity Manager
        • The latest version of the product is mature and there is more functionality than we need.

        How has it helped my organization?

        • Improved security
        • Reduced the overhead to protect enterprise data from delays
        • Receives logs about all activities
        • Compliance with several standards

        For how long have I used the solution?

        I’m not the end-user. As a solutions architect (consultant), I designed and planned the solution in a very complex network environment.

        What do I think about the stability of the solution?

        We have not encountered any stability issues. After more than six years with my first CyberArk client, everything works great.

        What do I think about the scalability of the solution?

        We have not encountered any scalability issues. The solution was scaled right at the beginning of the project.

        How are customer service and technical support?

        We called technical support a few times and they came back to us very quickly. They fixed our problems very quickly. The problems were caused mainly by changes in the network.

        Which solution did I use previously and why did I switch?

        We did not use any previous solution.

        How was the initial setup?

        We were assisted for the initial setup by a CyberArk consultant for one week.

        What's my experience with pricing, setup cost, and licensing?

        A good architecture will help to gather the business requirements. You can then come up with the right sizing and licenses. If it is a large installation, implement in phases to become familiar with the products, and then purchase the licenses at the right time.

        Which other solutions did I evaluate?

        All other top solutions in the Gartner Magic Quadrant were evaluated and CyberArk came up as the best and most mature choice. I compared all solutions using my client business requirements and what the solutions offered to them on the top of the business requirements. The scope of the project became wider.

        What other advice do I have?

        I would recommend being well prepared. Do not improvise. Understand what you are doing. Take the time to read the technical documentation, and not just the marketing material, to understand CyberArk. It will not be a waste of time.

        Take the time to prepare, clean, and document all your privileged, services, and application accounts. Use the product for its intended design.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        Tanmay Kaushal
        Cyber Security Consultant at a tech services company with 10,001+ employees
        Consultant
        I can customize it to meet our customers' requirements. Password management is done automatically, and adheres to company compliance policies.

        What is most valuable?

        • Client-less feature
        • Flexible architecture support
        • High level of customization for maximize utilization
        • User friendly and Flexibility of multiple choice
        • Adhere to Security Compliance

        How has it helped my organization?

        This tool is in Leader's quadrant in Gartner Quadrant report. Not just because it has more features than other but also it improves the way organization function. CyberArk can be used as many as you can think of. Such Granular ways of utilizing parameters, features and restrict permissions that no other tool can grant you. This tool has always surprise me with its capability and features.

        What needs improvement?

        Since this tool major utilizing modules are PAM and PSM, hence AIM and OPM are least considered by client. Client is somehow reluctant to use these features. Yes, i do agree that these Modules are not that friendly but also CyberArk do not providing proper training on these modules. Reports are also one of the major concern, as it gives a very basic kind of reports. CyberArk must provide some graphical reports which can be customized as per client requirement. After all presentation does matter.

        For how long have I used the solution?

        I have been working with PIM solutions since Apr 2011 and I was introduced to CyberArk around four years ago. I started with version 7.2 and I’m now working with version 9.6. Other than this CyberArk, I had experience on Dell TPAM, CA PUPM, Arcos PAM, BeyondTrust PIM etc with some more expertise on Imperva SecureSphere, Guardium, Tripwire Enterprise, Novell Access Manager etc.

        What was my experience with deployment of the solution?

        Ofcourse, which deployment does not encountered any issue, however it depends upon your planning whether you are facing critical issues or just small hiccups. From my point of view, yes you need to plan it well, think from everyone prospective and also but most important it should be give ease of working not make end user frustrate. Understanding this tool and its utilization is more important in order to deploy it. Since the planning is not only limited to installation of CyberArk components but also it go beyond it such as GPO, AD Configuration, OU Setup, User usage, account management and so on. I face many issues during deployment and also after deployment. Plan it well before implementation.

        What do I think about the stability of the solution?

        Earlier in 9.0 version I faced some stability issues, yes there are some stability issues with CyberArk such as memory leakage, password unsync etc. These are some common problems but frustrating. In this version of CyberArk, memory leakage is a quite common and frequent issue which lend up access issue to end users.

        What do I think about the scalability of the solution?

        As I said above, you need to plan wisely before you implement it. You need to consider all prospects of this tool before implementation.

        How are customer service and technical support?

        Customer Service:

        CyberArk support is one of the best support I have ever seen. I worked on multiple tools and had a conversation with their customer support, CyberArk support is one of best one i have encountered with. They are very patient and calm. However sometime they are not much aware about the issue and could not provide the solution until it escalated to L3. It would give 8 out of 10 to CyberArk support.

        Technical Support:

        Refer to customer service. Technical support is 8/10.

        Which solution did I use previously and why did I switch?

        I started my career with Quest TPAM (now Dell TPAM) and also worked on BeyondTrust, CA PUPM, ARCOS, etc. BeyondTrust and ARCOS were introduced in market at that time. These tools are good but doesn't seems to be user friendly as CyberArk PAM. These solutions are bit complex to implement, configure and usage. Even if these tools have some good features which keeps them running in market but one feature in which all these tools are beaten up by CyberArk is User Friendly.

        Users are more confident in using CyberArk, more convenient in installing and deployment and easier to customize as per client requirement.

        How was the initial setup?

        Again, it completely depend upon your architecture design of CyberArk and planning. More complex Architecture leading to more complexity in implementation. Understand the Architecture, understand client requirement and only then design and implement. The sure shot guarantee of successful implementation is "Keep It Short and Simple".

        What about the implementation team?

        Initially, I took some help but have never got a chance to work with Vendor team. I use to implement CyberArk for my client based on their requirement. I still not consider myself as an expertise, as I am still learning this tool and it always surprise me, however I would rate myself on overall - 6 out of 10.

        What was our ROI?

        Learning, keep involve yourself in learning. This is best ROI you will get.

        What's my experience with pricing, setup cost, and licensing?

        Please contact your local CyberArk Sales support, they will better guide you.

        Which other solutions did I evaluate?

        In case of CyberArk, No .. Never.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user455391
        IT Admin at a tech company with 10,001+ employees
        Real User
        The proxy solution using PSM and PSMP gives leverage to reach out to servers which are NATed.

        What is most valuable?

        The proxy solution using PSM and PSMP is valuable. It gives leverage to reach out to servers which are NATed in separate networks and can be reached only by using a jump server.

        How has it helped my organization?

        Security has been improved. It has improved compliance and there is more control over the privileged users.

        What needs improvement?

        The performance of this product needs to be improved. When the number of privileged accounts increases, i.e., exceeds 2000, then the performance of the system reduces. The login slows down drastically and also the connection to the target system slows down. This is my observation and thus, the server sizing needs to be increased.

        For how long have I used the solution?

        I have used this solution for three years.

        What do I think about the stability of the solution?

        We have not encountered any stability issues so far.

        What do I think about the scalability of the solution?

        We have experienced some scalability issues, in terms of the performance.

        How are customer service and technical support?

        The technical support is good.

        Which solution did I use previously and why did I switch?

        Initially, we were using the CA ControlMinder. There were many issues with this solution, mainly in regards to no proxy solution and poor performance.

        How was the initial setup?

        The setup has a medium level of complexity.

        What's my experience with pricing, setup cost, and licensing?

        One should negotiate well.

        Which other solutions did I evaluate?

        We looked at other solutions such as CA PAM, Lieberman Software, Thycotic and ARCOS.

        What other advice do I have?

        This is the best product from its breed.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user551259
        Iam Engineer at a tech services company with 201-500 employees
        Consultant
        A different server vault is used to store data with several layers of security for protecting it.

        What is most valuable?

        Some of the valuable features are:

        • The different server vault is used to store data with 7 layers of security for protecting the data.
        • The Application Identity Management Module is also very useful and easy to handle.
        • AutoIt scripting is useful to simulate single sign-on for thick and thin clients.

        How has it helped my organization?

        It makes compliance of the organization with password management easy. This results in a handy auditing process and adheres to all risk compliance as well.

        What needs improvement?

        Some areas of improvement are:

        • PSM: It should be hosted on UNIX rather than on Windows. In such cases, no extra OS license needs to purchased at the client's end.
        • PVWA: The admin console should be in the Windows installer instead of a web application for admin users. It makes the work faster for admins; otherwise, it seems slow for the web interface.
        • PSMP: It looks a bit complex to deploy and maintain.
        • OPM: This module should be integrated with PrivateArk app.

        For how long have I used the solution?

        I have used this solution for three years.

        What do I think about the stability of the solution?

        CyberArk is quite stable and no issues have been exprienced on regards to stability.

        What do I think about the scalability of the solution?

        We have not encountered any scalability issues. It is very scalable with any requirements.

        How is customer service and technical support?

        I would give the technical support a 9/10 rating. It has superb technical support for U.S. clients.

        However, for Indian origin clients, i.e., for foreign clients, the support is poor thus I have rated it a 4/10.

        What's my experience with pricing, setup cost, and licensing?

        It is very expensive. They charge for every single thing they offer.

        Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a CyberArk reseller.
        it_user512265
        Consultant at a tech company with 1,001-5,000 employees
        Vendor
        It is modular, and each module can extend its operational area with plug-ins.

        What is most valuable?

        I think that one of the advantages of the CyberArk PAS suite is that it is modular. On top of the basics, you can implement modules to:

        • Manage (verify, change and reset) privileged passwords and SSH keys
        • Manage (isolate and monitor) privileged session to the different types of devices
        • Control Applications (e.g., malware)
        • Detect, e.g., backdoor use, unusual behavior, and Kerberos hacks of privileged accounts
        • Avoid/remove hardcoded passwords in applications/scripts
        • Implement the principle of least privilege

        Even those components can extend their operational area by use of, e.g., plug-ins, making it possible to manage about any kind of privileged account or session.

        How has it helped my organization?

        I see companies that already have thought about their privileged accounts, while others have not (to that extent). Implementing the CyberArk solution, it helps (and sometimes forces) these companies to think about their privileged accounts. Are they really needed? Who needs access to them? What kind of privileges do these accounts need (service accounts/log on accounts/etc.)? And so on. Thinking about these things helps customers to organize their data/privilege accounts in the CyberArk solution. It then helps the organizations to get control of their privileged accounts and to safely store and manage these, knowing that only the correct persons can access these accounts and that the different devices can only be managed via one central entry point to the datacenter.

        What needs improvement?

        With every version, I can see that the product wins on functionality and user experience. On the latter though, I hear from customers that on the UI level, things could be better. CyberArk continuously asks for feedback on the product (e.g., via support, yearly summits) from customers and partners, and hence, with version 10, they are addressing these remarks already.

        The web portal (and hence the user interface) has some legacy behavior:

        • Some pages are created for past-generation monitors. With current resolutions, filling the pages and resizing some elements on the pages could be handled better.
        • They are not consistent with the layout of different pages. Some have, let’s say, a Windows 7 look and feel, while others have the Windows 8 look and feel.

        Nevertheless, even with those remarks, it does what it is supposed to do.

        For how long have I used the solution?

        I’m working as a partner of CyberArk for about four years now. I started on version v7.1 (currently on v9.7) and I have served about 20 happy customers.

        What do I think about the stability of the solution?

        As no software is perfect, I don’t think it is any different with CyberArk. Their support, however, is able to tackle most of the problems. Sometimes patches are distributed. The CyberArk solution highly integrates with different platforms (Windows/Linux) and applications (AD, SIEM, email, etc.). So, not configuring it well can result in unexpected behavior. You need to consider the limitations of the platforms it is installed on, as well.

        What do I think about the scalability of the solution?

        As mentioned, one of the advantages of the CyberArk PAS suite is the modular build up; not only on covering the functional area, but also on size of your network/datacenter. If you, e.g., notice that the number of privileged accounts to manage increases, you can simply add an additional module/component that manages those passwords.

        How are customer service and technical support?

        Their support is good. It is split up into different areas (technical, implementation, etc.) and I always have a quick answer. And they go all the way for their customers.

        Which solution did I use previously and why did I switch?

        I saw customers using another product for their privileged accounts. Due to its limitations (e.g., on password and session management) and stability, they decided to switch to CyberArk.

        How was the initial setup?

        This question goes both ways; initial setup can be straightforward and it can become complex. The architecture in the network and installation of the software itself is pretty straightforward. Most of the modules/components are agentless. This makes it possible to install the solution in the datacenter without impacting any existing devices (no impact on running systems, and simplifying change and release management). Integrating the systems (privileged accounts) in the CyberArk solution can happen gradually.

        The flexibility of the product, on the other hand, has as a consequence that there is a lot to configure. Depending on the existing infrastructure and functional demands at the different organizations, care has to be taken to have a correct implementation.

        What's my experience with pricing, setup cost, and licensing?

        As far as pricing, personally, I’m not involved in the sales part. So, I cannot elaborate on this topic. For licensing, I can advise the same thing as mentioned elsewhere: Start small and gradually grow.

        Which other solutions did I evaluate?

        Before choosing this product, I did not evaluate other options (being a partner, not customer).

        What other advice do I have?

        The Privileged Account Security product is a suite. That means that the product consists of different components/modules that cover a particular functional area (check their website) on privileged accounts. Plugging in more of those components in the environment results in covering a greater part of that area. Of course, there is a common layer that is used by all components. This is the security layer that holds and protects the privileged accounts.

        Start small. Use first the basic components that, e.g., include password management. Gradually grow the number of components/modules/functional area to include, e.g., other types of accounts, session management, intrusion detection, end-point protection, etc. Having a project scope that is too large will make the step of using the solution too big. Make sure every stakeholder in the project is aware and let them gradually ‘grow’ with the product.

        Disclosure: My company has a business relationship with this vendor other than being a customer: My company has a partnership with CyberArk.
        it_user519366
        Information Security Advisor at a insurance company with 1,001-5,000 employees
        Vendor
        It verifies accounts on a regular basis. It reconciles the account if it has been checked out and used.

        What is most valuable?

        Account discovery, account rotation, and account management features make it a well-rounded application.

        Account discovery allows for auto-detection to search for new accounts in a specific environment such as an LDAP domain. This allows CyberArk to automatically vault workstations, heightened IDs, servers, and other accounts. Once the account is automatically vaulted, the system then manages the account by verifying the account on a regular basis or reconciling the account if it has been checked out and used. The settings for the window that account is using is configurable to the type of account being used.

        CyberArk is constantly coming up with new ways to perform auditing, bulk loading accounts, quicker access between accounts and live connections, as well as different ways to monitor account usage and look for outliers.

        As companies move further toward a “least privilege” account structure, CyberArk sets the bar for heightened account management.

        How has it helped my organization?

        In the past, standard practice was to assign role-based rights to standard accounts. Moving away from this structure allows us to require that all heightened access accounts be “checked out” and only operate within a set window. CyberArk analytics provide real-time monitoring to ensure accounts are only used by the correct people at the correct time.

        What needs improvement?

        Like any software, improvements and upgrades are a necessity. As CyberArk is used by many Fortune 100 and Global 2000 companies, they offer custom solutions that need to be continuously improved as the company changes. I am looking forward to new ways to utilize accounts within the current CyberArk system allowing a more seamless flow for technicians.

        For how long have I used the solution?

        I have used it for 19 months.

        What do I think about the stability of the solution?

        Beyond the servers and security devices necessary to run CyberArk, it maintains surprisingly few dependencies. It is capable of secure hardening with the capacity for multiple failovers that can exist and work without the use of LDAPs or external databases. CyberArk has been the most stable platform I have ever worked on and our redundancies allow for 100% uptime.

        What do I think about the scalability of the solution?

        Scalability has not been a problem. I have worked on multiple improvements and increases, as we continuously increase the number of domains and types of accounts CyberArk manages. There is not currently an end in sight for the number and types of accounts we are adding.

        How are customer service and technical support?

        CyberArk technical support is top notch. They provide ticketing and immediate escalation of issues, as well as direct resources for more immediate problems. CyberArk R&D has also provided valued updates to custom applications we use internally.

        Which solution did I use previously and why did I switch?

        With data breaches and ransomware becoming the standard that companies now face, a more elegant solution was desired from standard network and physical security. Accounts that can be found or socially engineered out of people has been a long-standing tradition for criminals and bored teenagers. Reducing the window any account can be used provides a more secure network.

        How was the initial setup?

        Setting up and learning a new platform is always a complex undertaking. This is why CyberArk provides local hands-on support to get the system set up and the company’s techs trained. The base setup will differ from company to company, based on their immediate needs and what they wish to accomplish immediately. Heightened IDs, local workstation IDs, off-network server accounts, service IDs… the list goes on and on.

        What's my experience with pricing, setup cost, and licensing?

        There are a handful of options out there providing similar services. However, none of them are as far along or provide as much stability and innovation as CyberArk. Pricing and licensing are going to depend on a great many factors and can be split up from when the system is originally implemented, and upgrades and new software down the line. All that being said, the money in question was not a deterrent in picking CyberArk for our solution.

        Which other solutions did I evaluate?

        We have tested a great deal of products, many of which are being used in the company for various other purposes; Avecto, Dell, Thycotic, to name a few. Centrify was the other primary system that we really carefully reviewed. In the end, the features and interface of CyberArk won out.

        What other advice do I have?

        CyberArk is an innovative set of tools that are easily learned. Getting deeper into the product allows for a great deal of complex settings that can be learned via high level implementation guides as well as a CyberArk certification.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user514596
        Security Technical Consultant at a tech services company with 10,001+ employees
        Consultant
        It allows you to target application-level access as opposed to just the underlying operating system.

        What is most valuable?

        The ability to create custom connector components is the most valuable feature of the product. Once the organisation matures in their privileged access strategy, CyberArk’s customisation capability allows you to target application-level access (e.g., web-based management consoles) as opposed to just the underlying operating system. The API allows operational efficiency improvements, through being able to programmatically provision accounts into the Vault.

        How has it helped my organization?

        It has improved our organization by being able to consolidate several privileged access technologies into a unified tool. Session recording and auditing capability, and approval workflows allow a high degree of control over the organisation’s privileged access requirements for compliance purposes.

        What needs improvement?

        • Authentication to the solution: Authentication to the PVWA utilises integration to IIS. Therefore, it is not as strong as desired.
        • Reporting capability and customisation: Reporting utilises predefined templates with limited customisation capability.

        For how long have I used the solution?

        I have used it for 15 months; approximately nine months in a large enterprise.

        What do I think about the stability of the solution?

        I have not encountered any stability issues.

        What do I think about the scalability of the solution?

        I have not encountered any scalability issues. The solution is fairly scalable. All presentation-level components are operable in highly available configurations.

        How are customer service and technical support?

        Technical support is 8/10; level of engagement depends on severity of problem.

        Which solution did I use previously and why did I switch?

        I did not previously use a different solution.

        How was the initial setup?

        Initial configuration is quite complex and takes a considerable amount of time. However, this depends on the management requirements of the organisation. An example of this is connectors to mainframes, which might require a degree of customisation and knowledge of how the password manager functions (and relevant training). Setup regarding installation is straightforward, as the provided guides are quite expansive and include several installation possibilities (e.g., standalone, HA, DR, etc.)

        What's my experience with pricing, setup cost, and licensing?

        Appropriately scope the organisation’s requirements to ensure licenses are not over-provisioned.

        Which other solutions did I evaluate?

        I was not part of the selection process.

        What other advice do I have?

        If an organisation has not utilised a PAM tool before, it is a large cultural change fundamentally in how a user works, and should be taken into consideration accordingly. The solution is complex depending on the requirements; therefore, the implementation should not be rushed and it should be tested appropriately.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user512235
        Sr. Technical Consultant at a tech company with 51-200 employees
        Vendor
        The integration of Auto IT provided the flexibility to add thick clients and websites. It is expensive and the professional service team charges for each and every thing.

        Valuable Features

        I see the Auto IT integration as the most valuable feature.

        Improvements to My Organization

        I have seen improvements compared to the older versions and the integration of Auto IT provided the flexibility to add thick clients and websites.

        Room for Improvement

        Session recording search capability has to be improved. It should include more platforms for password management. It should include more thick client integrations.

        Use of Solution

        I used it for almost six years.

        Stability Issues

        There is dependency on Windows tasks and if any AD GPO changes are pushed, it affects the system and stops working.

        Scalability Issues

        I have not encountered any scalability issues. The product scales as the organisation grows.

        Customer Service and Technical Support

        Technical support from the vendor is the worst and that is one reason I stopped using CyberArk.

        Initial Setup

        The initial setup is not so complex, but CyberArk does require more servers for a full-fledged installation.

        Pricing, Setup Cost and Licensing

        The solution is costly and the licensing is very complex.

        Other Solutions Considered

        I was using CyberArk for more than six years and I have now switched to ARCOS. I was impressed with ARCOS because of the following reasons:

        • Cost-effective solution
        • Fewer servers required
        • Flexibility, performance
        • More features
        • Simple licensing
        • Good support

        I evaluated other solutions such as Leiberman, ManageEngine, TPAM, and Xceedium.

        ARCOS seems to be very promising and cost effective. Also, ARCOS doesn’t have a traditional jump server concept, which saves the customer from spending more on hardware. The licensing is very simple (number of admins & target IPs), where most of the features are available by default with the basic license.

        Other Advice

        CyberArk architecture is good and more secure, but I see the solution as expensive. Support is the worst; CyberArkstaff is not supportive, their professional service team charges for each and every thing.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We were the distributor for Cyber Ark.
        ITCS user
        Security Expert at SecurIT
        Consultant
        I see a lot of security issues are addressed by the solution. For example, audit issues for privileged accounts.

        What is most valuable?

        As a security engineer, I mostly implement the Enterprise Password Vault Suite (Vault Server, Central Policy Manager, Password Vault Web Access) as this is the base upon which every additional component is built. I am using and implementing the additional components, such as the Privileged Session Manager and Application Identity Manager, more and more.

        How has it helped my organization?

        When implementing CyberArk, I see that a lot of security issues are addressed by the solution. For example, audit issues for privileged (non-personal) accounts, which have a sufficient amount of impact on the organization when being compromised or misused.

        A major benefit next to the auditing capabilities is the secure storage of the accounts in questions. CyberArk has the most extensive hardening and encryption techniques I have seen in a product, with equal intentions.

        Additionally, CyberArk can reduce the attack surface of these accounts by retaining the privileged accounts (protecting the credentials) within a secure environment only to be accessed through a secured proxy server (Privileged Session Manager). What I have also seen is that the Privileged Session Manager can aid in the adoption of CyberArk within an organization as it allows the end user to keep using his personal way of working (e.g., Remote Desktop Manager, Customized Putty).

        Another burden that organizations have is the need to manage hard-coded credentials. CyberArk also has a solution for this, allowing the credentials to be stored in the vault, where they can be retrieved by a script or applications through the execution of a command instead of hard-coding the credentials. There is also a solution available for accounts used in Windows scheduled tasks, services and more.

        The last generic, relatively new improvement for customers is the ability to monitor and identify the usage of the accounts managed by the suite. By using Privileged Threat Analytics, you can match the usage of CyberArk against the actual (logon) events retrieved from the corporate SIEM. Next to this, PTA profiles privileged account usage to discover malicious patterns such as different IP addresses or usage of an account on an unusual day. This is a very useful practice to gain an enhanced view on these privileged accounts and can eventually limit the impact of any malicious usage because of early detection.

        What needs improvement?

        In every product, there is room for improvement. Within CyberArk, I would like to see more support for personal accounts. It can be done right now, but I can imagine changing a few aspects would make this easier and more foolproof.

        Next to that, the REST API is not as capable as I would like. CyberArk is getting close, though.

        Lastly, I would love to see a password filler that can provide raw input (like a keyboard). There are scenarios where administrators do not have the ability to copy and paste a password from the clipboard. As typing over a long random password is a tricky job, a raw password filler would be a solution that could overcome this issue.

        For how long have I used the solution?

        I have been involved with CyberArk for three years now. During this period, I have designed, implemented and supported multiple CyberArk environments.

        What do I think about the stability of the solution?

        During the time that I have worked with CyberArk, I was able to conclude - based on experience and colleague stories - that this is one of the most stable products I have ever encountered. I have never seen any stability issue that was not related to a human error or a configuration issue.

        What do I think about the scalability of the solution?

        As far as I’m aware, we have not encountered any scalability issues. I have heard of some issues with the database of CyberArk when scaling to excessive amounts of entries, a long time ago. These issues have been fixed, as far as I know.

        In addition, it is possible to have issues with the Central Policy Manager when you configure it wrong.

        How are customer service and technical support?

        The technical support for our customers is primarily handled by ourselves, with CyberArk technical support to fall back to. I have seen great improvements in the quality of support over the years and they continue to do so. The response is fast and the quality is good.

        There is room for improvement in bug tracking. When a bug is confirmed, it is hard to track when or if it will be released in one of the future releases. As CyberArk is building an entire new support portal, I hope that this will be improved someday.

        Which solution did I use previously and why did I switch?

        My company did not previously use a different solution. My company has had CyberArk in their portfolio for more than 10 years now.

        How was the initial setup?

        Our company has set up a ‘generic’ and fast implementation plan based on our experiences and best practices. This plan provides a straightforward approach, which can be customized into a complex solution to suit every customer's needs.

        In general, the installation is quick, but the actual work is found in the process of onboarding new account(type)s as this requires a significant amount of communication and coordination.

        What's my experience with pricing, setup cost, and licensing?

        Try to create a good design with a CyberArk partner before you start thinking about licensing. Then, you will have a good view on the components needed to suit your environment from the start towards a fully mature environment.

        What other advice do I have?

        Do not think too big at the start.

        Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a certified CyberArk partner.
        ITCS user
        IT Security Consultant at a tech services company with 10,001+ employees
        Real User
        It is clientless, and does not require any third-party product for any of its operations.

        What is most valuable?

        Every feature of this product - Password Management, Session Management and so on has its own value depending on different use cases, but I like:

        • It's a clientless product and does not require any third-party product for any of its operations (Password Management, Privileged Session Management).
        • For password and session management, it can integrate with any device/script with a password OOB or via a custom plugin.
        • Compared to other products, CyberArk is extremely easy to install and configure.

        How has it helped my organization?

        Due to regular growth of an organization infrastructure, managing passwords within the organization becomes extremely difficult.

        In larger organizations with a large user and infrastructure base, it can be very difficult to ensure that the passwords for privileged accounts are changed according to the organization security policy. This can be especially true in case of local admins for Windows and Unix boxes. Unmanaged/neglected local admins accounts lead to a major security threat.

        Another major risk is to monitor activities and usages associated with privileged accounts to hold people accountable for their actions.

        CyberArk helps organizations to manage all the privileged account passwords (server or workstation) in a centralization location as per organizational security policies. It also helps to hold people accountable by controlling and managing password usage using privileged session management.

        Accountability is set up using CyberArk OOB temper-proof reports.

        What needs improvement?

        CyberArk has evolved a lot in the last 16 years and has nearly all the features required for effective operation. The only area for improvement is using a native client while connecting to the target device instead of the current method of using a web portal (PVWA). CyberArk seems to be working on this area and we expect these features in coming versions.

        It would be great if in the future CyberArk considers launching an installer for Unix-based OSs.

        For how long have I used the solution?

        I have been using this product since 2010.

        What do I think about the stability of the solution?

        In my seven years of experience with CyberArk products, I have never seen an unstable environment due to product functionality. It's always lack of proper planning, inexperience and faulty configuration that leads to an unstable environment.

        What do I think about the scalability of the solution?

        CyberArk can be horizontally and vertically scaled, if it is well thought out during panning phase. As an example, if an organization feels that they may need high availability of Vault servers (CyberArk’s centralized storage for passwords and audit data) in the foreseeable future, they should consider installing CyberArk Vault in cluster mode instead of standalone mode. One can't use a standalone vault as a cluster vault or convert a standalone vault to a cluster vault, but in terms of increasing the number of passwords and session recording, underlying hardware can be scale to achieve desired size.

        How are customer service and technical support?

        Three-year support (unlimited case and call support) is free with license purchase but I would say sometimes it's not sufficient to resolve the issues with this model.

        Nonetheless, CyberArk Profession Services is quite impressive, even though it's a costly affair.

        Which solution did I use previously and why did I switch?

        I was part of the PIM product evaluation team at my previous organization. I stayed with CyberArk because is it's extremely easy to implement, and very stable when implemented with well-thought-out planning and experience. It has all of the required features for a PIM product, it does not have dependencies on third-party products for it to function and it is clientless.

        How was the initial setup?

        Initial set up is super simple and if planned properly, can be installed within a couple of hours.

        What's my experience with pricing, setup cost, and licensing?

        I cannot comment much on this because CyberArk has different pricing for its partners or resellers, and might also vary according to size of procurement.

        Which other solutions did I evaluate?

        Before choosing this product, I also I evaluated NetIQ PIM, Dell TPAM, CA PIM and ARCOS.

        What other advice do I have?

        Invest as much as possible in the planning and design phase. Consider at least future three-year growth in password and user base such as growth in virtual environments, and size accordingly. Also consider requirements like high availability of vaults, PSM and other components.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user445038
        Cyber Security Supervisor at a tech company with 1,001-5,000 employees
        Vendor
        Sys/DB admins and third parties no longer need to have system credentials.

        What is most valuable?

        • Password vaulting
        • Granular commands profiling with OPM

        How has it helped my organization?

        • Sys/DB admins no longer need to have system credentials (and the same for third parties)
        • Access profiling
        • Request demands from domain groups

        What needs improvement?

        The management console has a lot of functionalities, but is a little bit complex to use.

        Customer support and technical support can be better, compared with the level of products.

        For how long have I used the solution?

        I have used it for one year.

        What do I think about the stability of the solution?

        I have not encountered any stability issues.

        What do I think about the scalability of the solution?

        I have not encountered any scalability issues, technically speaking. Issues with the licenses can occur; the pricing model is not easy to understand.

        How are customer service and technical support?

        Technical support is 7/10.

        Which solution did I use previously and why did I switch?

        I did not previously use a different solution.

        How was the initial setup?

        Initial setup was very easy. We started integrating systems and providing access to systems within few days.

        What's my experience with pricing, setup cost, and licensing?

        From my experience, for small environments, the subscription licensing model is very cheap.

        Which other solutions did I evaluate?

        We also evaluate other solutions in the Magic Quadrant for PAM solutions.

        What other advice do I have?

        Before defining the solution’s architecture, clearly define your requirements and the kind of systems in scope. Some systems/device can be integrated out-of-the-box, others need customization.

        Plus: easy to deploy, highly customizable
        Minus: a little bit complex to integrate in large environment, complex rules/customization takes time

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        ITCS user
        Technical Manager, System Division at a tech services company with 501-1,000 employees
        Consultant
        We can monitor sessions in real time. If there's any unnecessary activity, we can terminate the session.

        What is most valuable?

        With the Privileged Session Manager, we can monitor sessions in real time and terminate the session if there's any unnecessary activity found. For example: We give access to user to access the server only to update patches, but if we find any activity not related to patch updates, we can terminate the session.

        How has it helped my organization?

        Actually my company/previous company does not use this product, but we sold it to our customer. This product helped our customer manage their privileged accounts. It’s easier to them to manage and control the privileged accounts.

        What needs improvement?

        It needs more plugin connectors for all devices. CyberArk currently can manage or make it easier to manage about 80% of our total devices. The rest still need R&D to develop the plugin. If CyberArk had more plugin connectors, the customer would not need to raise plugin development requests for several devices and CyberArk could easily connect to these devices.

        What I mean with CyberArk needing to improve plugin connector is that currently CyberArk is able to manage almost all devices (server, network devices, security devices etc.) which are more than 80% of all devices. In my experience device such as IBM OS/390 and Cisco TACACS still need custom plugin connectors developed by CyberArk R&D.

        If CyberArk IS able manage more than 95% from total devices it would help the customer to using it without raising a support ticket to create a plugin connector. CyberArk will more easier to manage all devices with no compromise

        For how long have I used the solution?

        I used this solution from mid-2013 until mid-2015.

        What do I think about the stability of the solution?

        So far, it is stable.

        What do I think about the scalability of the solution?

        This product is scales easily.

        How are customer service and technical support?

        Technical support is good. They have good technical teams around the world including southeast Asia.

        Which solution did I use previously and why did I switch?

        Most customers using a different solution switch to CyberArk because CyberArk is more user-friendly than its competitors and have more plugins compared to the others.

        How was the initial setup?

        Initial setup was actually easier.

        What's my experience with pricing, setup cost, and licensing?

        Start small.

        Which other solutions did I evaluate?

        Yes, we evaluate other options. The issue was about price, stability, scalability and the development of this product to ensure support.

        What other advice do I have?

        Contact the local distributor for help.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user497118
        Senior Executive Information Security at a manufacturing company with 10,001+ employees
        Vendor
        It helps us proactively protect, detect and respond to in-progress cyberattacks before they strike vital systems and compromise sensitive data.

        Valuable Features

        • Password management and accountability for Privileged accounts
        • Identify, protect and monitor the usage of Privileged accounts
        • Record and control privileged sessions on critical systems i.e. Windows, Unix, DBs
        • Application credentials including SSH keys and hard-coded embedded passwords can be managed
        • Control and monitor the commands super-users can run based on their role
        • PTA is a security intelligence system that allows organizations to detect, alert, and respond to cyberattacks on privileged accounts.

        Improvements to My Organization

        Privileged accounts represent the largest security vulnerability an organization faces today. Most organisations are not aware of the total number of privilege accounts.

        Compromising privilege accounts leads to various breaches. With this growing threat, organisations need controls put in place to proactively protect, detect and respond to in-progress cyberattacks before they strike vital systems and compromise sensitive data.

        On implementing the CyberArk PIM solution, we are able to achieve this goal. Now, we are aware of the total privileged accounts in our enterprise. These are securely stored and managed by the Vault. The end users need not remember passwords for these accounts to use them.

        E.g.: A Unix Admin who has to login to a Unix server using the "root" account needs to log in to CyberArk and search for the root account, click Connect and he can perform all of his activities. We can enforce a command list on this account, monitor his activities and also get to know who has used this root account. The access to this account can also be restricted. The user does not have to remember any credentials.

        Room for Improvement

        Integration of this tool with SAML is a problem, as there is a bug. We’d like to be able to integrate AWS accounts in CyberArk.

        Use of Solution

        I have been using this solution for the past three years. I have implemented this solution for various clients from banking and pharmaceutical companies.

        Stability Issues

        I have not really encountered any issues with stability.

        Scalability Issues

        I have not encountered any scalability issues.

        Customer Service and Technical Support

        I rate technical support 9/10, very good.

        Initial Setup

        Straightforward, easy-to-install setup.

        Pricing, Setup Cost and Licensing

        It is expensive.

        Other Solutions Considered

        Before we chose CyberArk, we evaluated ARCOS.

        Other Advice

        Go ahead and use CyberArk. Request a demo.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        ITCS user
        ITSM & AntiFraud Consultant with 51-200 employees
        Consultant
        The ability to start the project, install and add the passwords in just a few days is valuable.

        What is most valuable?

        The most valuable feature is the password Vault which gives the administrator control over privileged accounts. The other components that are valuable are Private Session Manager, OPM, Viewfinity, and AIM, which came as an add-on to the organisation's needs. The ability to start the project, install and add the passwords in just a few days brings a big advantage for CyberArk.

        How has it helped my organization?

        The client can see all the users sessions through PSM, and can protect the applications on servers using AIM. Also, the Privileged Threat Assessment helps the organisation to see all the account risks, including accounts not managed by CyberArk, and accounts/machines with unusual behavior, etc.

        What needs improvement?

        The DNA scan should be able to scan Unix machines for privileged accounts.

        For how long have I used the solution?

        PIM tested in the last 2 years.

        What was my experience with deployment of the solution?

        We didn't have any issues with the deployment.

        What do I think about the stability of the solution?

        The product is very stable.

        What do I think about the scalability of the solution?

        I didn't have any issues with the stability. I usually recommend the client to increase the system requirements with 10%.

        How are customer service and technical support?

        Customer Service:

        Customer service is OK in Romania.

        Technical Support:

        I had direct contact with the local team and they are OK.

        Which solution did I use previously and why did I switch?

        No.

        How was the initial setup?

        Straightforward when you have the use cases and a SoW. Usually you follow the Installation Manual, and perform the after-installation tests, and you are sure that everything is OK. The only issue I had was with the anti-virus that was left on the server and that deleted some PSM files. You must always double-check the prerequisites, as you can have some surprises with the GPO that overrides your settings.

        What about the implementation team?

        I was part of the implementation team with support from the vendor.

        Which other solutions did I evaluate?

        We also looked at BalaBit Shell Control Box.

        Disclosure: My company has a business relationship with this vendor other than being a customer: Implementation partner with CyberArk.
        it_user225765
        IT Security Engineer at a tech services company with 51-200 employees
        Consultant
        The user interface needs some work, however, our security has improved.

        What is most valuable?

        It has the ability to monitor privileged sessions.

        How has it helped my organization?

        Our security has improved since implementing CyberArk.

        What needs improvement?

        The user interface needs to be improved. It could be done by getting the GUI to work with other programs from within internet browsers out of box.

        For how long have I used the solution?

        I've used it for one year.

        What was my experience with deployment of the solution?

        No issues encountered.

        What do I think about the stability of the solution?

        No issues encountered.

        What do I think about the scalability of the solution?

        No issues encountered.

        How are customer service and technical support?

        Customer Service: It's good. Technical Support: It's good.

        Which solution did I use

        What is most valuable?

        It has the ability to monitor privileged sessions.

        How has it helped my organization?

        Our security has improved since implementing CyberArk.

        What needs improvement?

        The user interface needs to be improved. It could be done by getting the GUI to work with other programs from within internet browsers out of box.

        For how long have I used the solution?

        I've used it for one year.

        What was my experience with deployment of the solution?

        No issues encountered.

        What do I think about the stability of the solution?

        No issues encountered.

        What do I think about the scalability of the solution?

        No issues encountered.

        How are customer service and technical support?

        Customer Service:

        It's good.

        Technical Support:

        It's good.

        Which solution did I use previously and why did I switch?

        I didn't use a previous solution.

        How was the initial setup?

        It was straightforward as the documentation was rather clear. This made the implementation simple.

        What about the implementation team?

        I implemented myself.

        Which other solutions did I evaluate?

        I didn't evaluate any other options.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        ITCS user
        Senior Manager of System Security at a tech services company with 51-200 employees
        Consultant
        ​The most valuable feature of this product is the Central Policy Manager but CyberArk can be improved in all areas

        What is most valuable?

        The most valuable feature of this product is the Central Policy Manager. From the Operation and Security point of view a robot that can connect to destination machines, change passwords at fixed times, and put them in the vault, like a person, and therefore, is the best that you can ask for.

        It combines more functionality in a single product and solve a lot of problem, from security to compliance.

        How has it helped my organization?

        It has improved many parts of the organization. From the security and audit perspective, we're now fully aware of who accessed data and from where they accessed it. This helped us with regulatory compliance. We've improved our level of security in many typically-unsafe environments, such as domains.

        What needs improvement?

        I think that this product can be improved in all the areas. The details usually are important as the funcionallity. So I think that understanding the request from the customer CyberArk, as is already doing, can improve day by day his product.

        For how long have I used the solution?

        I have used Cyber-Ark PAS since 2008, so thid is the seventh year that I will be working with it.

        What was my experience with deployment of the solution?

        Usually not. The biggest problem was the incompatibility or non-default installation of an OS to be managed by the Central Policy Manager.

        What do I think about the stability of the solution?

        Never encountered any problems with stability.

        What do I think about the scalability of the solution?

        Never encountered any problems with scalability. The Vault, Central Policy Manager, Password Vault Web Access, Privileged Session Manager and Application Identity Management architecture are designed to support scalability.

        How are customer service and technical support?

        Customer Service:

        It's improved over the years and now is very fast and efficient. We've got a very good Italian customer service.

        Technical Support:

        Very high level of technical support. Fast and organized.

        Which solution did I use previously and why did I switch?

        Never used a different solution.

        How was the initial setup?

        The initial setup is really fast, simple and straightforward. It consist of a simple Windows installation (next-next type) for any component. The only requirement is to do the installation step by step following a list of components to do beforehand.

        What about the implementation team?

        I work in a vendor team, and we installed the product in a large company.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        Buyer's Guide
        Download our free CyberArk Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.