CyberArk Privileged Access Manager Primary Use Case

SatishIyer - PeerSpot reviewer
Assistant Vice President at a financial services firm with 10,001+ employees

I work with the infrastructure access team in my organization and we have CyberArk as a primary solution along with a number of components for Privileged Access Management (PAM) and monitoring within the privileged access sphere.

We began with CyberArk in 2018, when we procured the licenses for CyberArk and all its components including the PAM suite and Endpoint Privilege Management (EPM). Our management took a call and we had to do a proof of concept to evaluate the product and see what it was capable of. As a product owner, I had six months to complete this. We evaluated a few specific use cases and presented our findings of the CyberArk's capability to management around the end of the third month.

Since then, CyberArk's Privileged Access Management is still our central solution for the entire estate, including all our servers (Windows/Unix), databases, devices, and so on, with around 5,000 to 8,000 users globally. Essentially, all access is managed through Privileged Access Management. That said, I am not sure to what extent all of the findings were carried forward after our initial evaluation because a lot of changes have happened within the organization. Our overall threat assessment, criteria, and even the framework has changed, now leaning towards a Zero Trust kind of strategy.

For instance, even for the tools that are used within the Privileged Access Management suite, there is a tighter alignment towards enterprise architecture, and we currently have a highly-evolved enterprise architecture group from which everything is driven. Earlier, individual units would have had their own licenses to see what they can do with them, but now things are more closely aligned with the overall enterprise architecture strategy. Given this, some of CyberArk's tools such as EPM have somewhat dropped off from the list of our priorities.

As for how we have deployed CyberArk, it's currently all on-premises. We do have a roadmap for transformation to the cloud, but I am not sure what kind of place CyberArk will have in that, as it depends on the enterprise architect's view on the cloud transformation. We have had some discussions around what to do about the cloud portion of our assets (e.g. VMs and such), what kind of monitoring we need, and so on, and I think that, among other apps, Splunk will likely become part of our toolset when it comes to the cloud. I believe we are also evaluating CyberArk's Cloud Entitlements Manager on this roadmap.

View full review »
Jonathan Hawes - PeerSpot reviewer
CyberArk PAS Administrator at L3Harris Technologies

Within our organization, our security requirements, which are set by our customers, require CIS compliance. Those requirements mandated securing privileged passwords with encryption, both in transit and at rest. CyberArk PAM was selected as our solution, and CyberArk's Professional Services team conducted the initial installation and implementation. 

Three years later, I was tasked with implementing the product more fully, integrating more of the out-of-the-box privileged password change management automation features of the product within our environment.  

View full review »
Jonathan Hawes - PeerSpot reviewer
CyberArk PAS Administrator at L3Harris Technologies

Our primary use case is the scheduled password change management of Windows, Linux, and Cisco privileged local user passwords, as well as providing internal applications using the REST API credentials to access and maintain network elements.

Utilizing the CyberArk Password Vault DR implementation, we have a ready resource as a hedge against network issues caused by seasonal hurricanes through having a replicated DR vault in an out-of-state facility.

View full review »
Buyer's Guide
CyberArk Privileged Access Manager
March 2024
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Amandeep Singh - PeerSpot reviewer
Associate Manager at Wipro

It is for the lab. We just onboard all the privileged accounts and then try to make them compliant and provide access to end-users. We are CyberArk administrators, and our responsibility is to onboard the accounts and provide access to end-users so that there is no business impact and the users are able to connect to their target services.

I started with version 10.6, and now, the current version of CyberArk is 12.1. It is deployed on-prem, but in my lab, it is my virtual setup.

View full review »
reviewer0714174 - PeerSpot reviewer
CyberArk Product and Vendor Contract Manager at UBS Financial

We use CyberArk to secure the last resort accounts by introducing dual control approval, ticket validation, temporary access, and regular password rotation.

It also allows us to introduce location-aware access controls with multiple sites having access to specific location-protected content.

Finally, the session management capabilities allowed us to introduce delegated accounts to secure access to all sorts of devices in an easy way, but without losing the individual traceability. 

View full review »
TD
IT Manager at BCBS of MI

CyberArk PAM is used to secure passwords and remediate audit findings. CyberArk PAM is used to manage access to passwords, rotating these after use or on a regular basis, and verifying the passwords on the system match what is in the vault on a regular basis. Passwords are managed in this manner on both Linux and Windows servers.

View full review »
reviewer0275214 - PeerSpot reviewer
IT Manager at Genpact - Headstrong

In my organization, we are using CyberArk Privileged Access Manager to enhance the security of an organization's critical systems, mainly by securing privileged accounts (e.g. administrator passwords, SSH keys, and API tokens). 

We are also using Cyber-Ark for access control by ensuring that only authorized personnel can access privileged accounts and sensitive systems. 

very important for us is also Session Recording and Monitoring. We can record and monitor privileged user sessions in real time for auditing purposes. 

View full review »
RB
IT Manager at a tech services company with 10,001+ employees

Our main use cases for CyberArk Privileged Access Manager are privileged access management and privileged session management. Another use case of the solution is password rotation.

View full review »
reviewer907214 - PeerSpot reviewer
Director, CyberSecurity at Ashburn Consulting LLC

We use the solution for the full automation of tens of thousands of credentials across hundreds of different integrations. Our use case includes Windows, Linux, networks, security, storage, mainframe, and cloud (both Software as a Service and Azure platform based). In addition to the credential rotation, we use credential providers and privileged session management to greatly reduce the use of passwords in the environment. Users authenticate using MFA, Multi-Factor Authentication, and are able to access systems based on Role Bases authentication rules. 

View full review »
NM
Information Security Leader at a government with 10,001+ employees

We use it to control privileged access within the environment, including domain admins and server admins.

We're using the CyberArk Privilege Cloud version, which is the PaaS.

View full review »
PG
Senior IT Systems Administrator at a financial services firm with 10,001+ employees

In a large financial institution, CyberArk Privileged Access Management (PAM) plays a pivotal role in ensuring the security and integrity of sensitive financial data. With numerous systems, applications, and databases holding critical client information and transaction data, the institution faced the challenge of managing and protecting privileged accounts effectively.

The PAM solution was seamlessly integrated into the existing IT infrastructure. It introduced granular access controls, requiring all employees to log in with standard user accounts, regardless of their role. When a privileged action is required, the PAM system enables the temporary elevation of privileges through just-in-time (JIT) access, granting access only for the necessary time frame. This reduces the window of opportunity for potential cyber threats.

View full review »
reviewer990891 - PeerSpot reviewer
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees

We use the solution for privileged access to internal systems and multiple customer environments.

We have distributed PSM and CPM components throughout multiple sites and customer domains access over the VPN, with PSM load balancing handled via third-party hardware load balancers. 

Environment segregation and security are high on the criteria for the implemented solution, however, not at the overall expense of performance. 

We tend towards providing access to privileged admin applications direct from the PSM servers wherever suitable, yet offload additional workloads to siloed RDS collections if the need arises. 

View full review »
Chris V - PeerSpot reviewer
Senior Information Security Engineer at Optum

We primarily use the product as part of the growing security posture of the company.

View full review »
Alex Lozikoff - PeerSpot reviewer
Business Development Manager at Softprom by ERC

The main use case is the protection of privileged accounts. We also use it for multi-factor authentication and single sign-on.

View full review »
TF
Cyber Security Senior Consultant at Ernst & Young

It's a privileged access management tool so it helps in making sure that all privileged accounts are compliant.

View full review »
KD
Network Engineer at CalSTRS

We're in the process of rolling it out. We haven't finished our rollout yet. Most of my co-workers have been doing a lot of hands-on, and I haven't been the one with the most hands-on.

We're not in production yet. We're still in tests, but it will give us the ability to manage the privileged accounts. It'll make that a lot easier. One of the things that we've been having trouble with is that we haven't been changing the passwords on our service accounts, for instance, for a long time, because it is so difficult to do. That was one of the main reasons we started down this road. We decided we would also expand out into managing things like the local administrator accounts on our laptops, etc. We've started there with local administrator accounts because it is an easier thing to tackle, rather than doing the service accounts and all of that. We're going to start there, and then we'll move into service accounts, and then we're going to move into administrative accounts that are human-owned rather than service accounts. At this point, we're still dealing with the things related to local administrators.

I'm pretty sure we are using its latest version. In terms of deployment, we're split between an on-prem and public cloud setup.

View full review »
MM
Security Advisory Services (SAS) Business Growth Lead for Iberia at a computer software company with 10,001+ employees

We mainly use it to protect servers from inappropriate access and ransomware.

We started with on-prem solutions years ago. Our most recent implementations were done in data centers and the cloud. However, we are not in the cloud for CyberArk.

View full review »
Oluwajuwon Olorunlona - PeerSpot reviewer
Cyber Security Engineer at eprocessconsulting

We use it for other use cases, such as automating application authorization, managing files, and securing monetary accounts. We use it for managing privileged accounts.

View full review »
Hrushikesh Karambelkar - PeerSpot reviewer
Sri Privileged Access Management Architect at Edgile

The primary use case of the solution is mining the credentials on our Windows unique network.

View full review »
Meo Ist - PeerSpot reviewer
Senior Product Manager and Technology Consultant at Barikat

I use CyberArk as a password vault and session recordings and to connect the server sites. I use some critical systems if I can access them, including workflows and mechanisms. 

View full review »
Salif Bereh - PeerSpot reviewer
Consultant at a consultancy with 10,001+ employees

There are many possible use cases, but in general, CyberArk permits users to target machines and rotate their passwords, and to record decisions. It is used to create security through PTA and to forward Vault logs and investigate events. It also enables users to access passwords in dev code without actually knowing the passwords. There are a lot of advantages to CyberArk.

As a consultant, I have seen a lot of CyberArk configurations. Sometimes we use the CyberArk Cluster Vaults with one DR. I also worked for a company that used only one vault, without a cluster, but they switched data centers when there was an incident.

View full review »
reviewer988578 - PeerSpot reviewer
Snr Technical Consultant at a tech services company with 10,001+ employees

The solution is used to provide privileged access management to our datacentre environments, for anyone with admin rights with infrastructure or applications within the datacentres. Authentication to the solution in the PVWA (Password Vault Web Access) with onward connectivity via the PSM for Windows (PSM) as well as the PSM for SSH (PSMP). These provide the session isolation, audit, and session recording capabilities that CyberArk offers. The use of Privileged Threat Analytics (PTA) adds more control functionality to the solution.

View full review »
JA
Security Lead at a insurance company with 1,001-5,000 employees

CyberArk's Privileged Access Management solution covers a whole range of features, like privileged web access, private vault, privileged session manager rights for a session in isolation, privileged threat analytics for analytics, and private sessions. We also use CyberArk's Application Access Manager, which includes their credential providers, such as agents and run servers. Then there is a central credential provider, which is API-based credential retrieval, and DAP or Conjur. This is more of a DevOps model for credential provisioning. We also have the Central Policy Manager, which rotates the credentials associated with unprivileged or servers accounts. It's a huge environment. 

Those are all the different functions we use. We initially purchased CyberArk for privileged access manager and session isolation of privileged users. By privileged users, I mean main admins, global admins, and preps like Azure or Office 365. Our initial use case was to manage those users who could drastically impact the environment if their credentials were compromised.

After we purchased the product, we had a third party on it. They suggested we also leverage CyberArk as part of the platform for managing service accounts, i.e. go out and proactively rotate credentials that are running or ordering services. That's another kind of big use case that we started implementing a couple of years. It's long work. It is tough to do, there's a lot of cases where it just doesn't work right, but overall it's been pretty valuable.

View full review »
FD
Senior Security Consultant at a computer software company with 5,001-10,000 employees

I'm a security solutions architect. I design solutions and hand them over to the client once they're implemented. We educate the users on how the solution works or turn it over to our managed services department

CyberArk PAM is an identity management solution used to manage privileged accounts on domains and local servers, including admin accounts in Windows environments and root users in Unix. 

View full review »
AI
Technical Manager at Gulf IT

The concern on our end was separating the components, including the password storage component, and having everything completely separated. 

View full review »
Jan Strnad - PeerSpot reviewer
Security Architect at AutoCont CZ a. s.

We use CyberArk Privileged Access Manager for our customers who want to monitor and protect the access from the vendor side or the partner side. These customers want to cover external users who want to gain access.

View full review »
IB
Security Architect at a tech services company with 1,001-5,000 employees

We have clients that ask us to implement CyberArk PAM. There are two kinds:

  1. Greenfield installation and setup. 
  2. They already have CyberArk and want to extend their usage to protect different types of accounts and passwords.

CyberArk PAM protects privileged accounts and passwords. Privileged account means that those accounts have particular authorization that can span all the features of the system. For example, usually on network devices, they come out out-of-the-box with administrator accounts. Windows has an administrator account built-in so you need to protect that. Also, Active Directory has some accounts, like domain administrators, who can do whatever on the platform. These accounts are used for administration.

CyberArk stores and rotates the password/credential. They can rotate SSH keys as well. This protects the attack surface. By way of CyberArk, you can allow sessions, isolation, and recording. The main aim is to protect privileged accounts and their credentials.

I started with version 9.7, and now I am working with version 10.10, but the latest version is 12.

View full review »
DK
Manager at a financial services firm with 1,001-5,000 employees

I am using CyberArk Privileged Access Manager to protect our servers. It can be either a Windows or Linux Server. Additionally, we have some network devices, and databases, such as Oracle and MySQL Server being protected.

View full review »
Iordanidis Iordanis - PeerSpot reviewer
Procurement Manager at OTE Group

The solution helps our developers access internal systems. It also helps us in Privilege Access Management.

View full review »
Muamer Riza Gani - PeerSpot reviewer
Assistant Vice President for Cyber Security Project at a financial services firm with 1,001-5,000 employees

We are using CyberArk Privileged Access Manager for securing access to the host or the server. The solution has the capability to record activity on the server, rotate the passwords, kick out an active user, and complete an action if suspicious activity is triggered on the server. We typically only use the solution for accessing the target server and for password rotations.

View full review »
Syed Javid - PeerSpot reviewer
Security Consultant at a financial services firm with 1,001-5,000 employees

It is nothing but privileged access management. Most companies have servers, and for each server, they identify a generic ID to login. For example, if someone is an administrator, they will be using that ID to log in. So, we need to manage those IDs in a common repository, and that is why we have CyberArk PAM. CyberArk PAM is nothing but a common repository used to store passwords and manage them.

Managing passwords is a pain area in any organization. By using this tool, we have a set of policies and emerging technology where we manage these passwords.

View full review »
reviewer990921 - PeerSpot reviewer
IT Support Specialist / Project Lead at a energy/utilities company with 10,001+ employees

Used to allow the removal of local administrators from 12,000 endpoints and yet still allows users to have the applications they need with the proper permissions required.

View full review »
DH
Senior Technologist at a retailer with 1,001-5,000 employees

Primary use case is for compliance, SOX, PCI, HIPAA, and securing privileged access accounts. It seems to be performing well. We have had pretty good success with it.

We plan to utilize CyberArk to secure infrastructure and applications running in the cloud with AWS Management Console. We are testing it right now, so we hopefully it will be ready in about two months.

View full review »
VA
Consultant at a recruiting/HR firm with 10,001+ employees

CyberArk is for Privileged Access Management, so we secure our privileged accounts using CyberArk.

View full review »
ChaminiEllawala - PeerSpot reviewer
Identity and Access Management Engineer at Wiley Global Technology Pvt. Ltd.

We use this solution for the user ADM account onboarding process within our company. If they need server access, we create ADM accounts, and we onboard to CyberArk.

We use it also for the password protection process with other products. We can use this as a password wallet, and we create the password rotation in CyberArk.

We can grant access, check the system's health, and create policies for users.

View full review »
JP
Cybersecurity Engineer at a healthcare company with 10,001+ employees

We are mostly rotating passwords and using PSM for remote connections.

View full review »
MK
IT Manager at a financial services firm with 1,001-5,000 employees

In our company, CyberArk is used to manage passwords for IP use. We use CyberArk for managing and automatically changing passwords in our managed system and environment.

We use it for coding privileged sessions, but we also use another solution for that, and CyberArk is the backup for this.

We are using the latest version.

View full review »
HP
IT Security Specialist I at a healthcare company with 1,001-5,000 employees

I am a CyberArk admin. I manage everyone's PSA accounts, including EPM and PVWA.

It has been performing very nicely. We are on version 9.10. We are thinking of upgrading to 10.3 soon, hopefully. I don't want go to 10.4 since it just came out.

We are planning on utilizing CyberArk to secure application credentials and endpoints because of PAS. We do have a lot of accounts for developers, and we do manage a lot of passwords in the world.

Our company is not in the cloud yet. We are not that big. We are looking to move to it soon, as it is on our roadmap. By the end of the year or early next year, we are hoping to move CyberArk to the cloud.

View full review »
RK
Information Security Analyst III at a healthcare company with 10,001+ employees

It is used to manage the policies on our endpoint because we want to takeaway admin rights to protect our computers.

We have had our implementation issues. However, the software is light years ahead of its competitors. We have seen massive progress with the updates of the software. We have been doing pretty well with it in the time that we have been implementing it.

We are trying to manage the endpoints, but our company has been a long-time customer. We want to integrate the other products because EPM is not the only one. We do have PAS and AIM, but now it looks like CyberArk is moving towards integrating all of them into one thing, so they can all work together in one console. We would like to get there eventually. I can't wait to upgrade.

View full review »
SY
Senior System Engineer at a transportation company with 10,001+ employees

Our primary case is for AIM. We are a huge AIM customer, and we also do the shared account management.

We are looking into utilizing CyberArk's secure infrastructure and running application in the cloud for future usage.

View full review »
Furqan Ahmed - PeerSpot reviewer
Network Engineer at Pronet

It is a PAM solution, in which we provide privileged access to CyberArk and the users who are using to try to access their devices. They onboard on the CyberArk and then, whenever they need to access the devices, they get access to CyberArk which means they have to log in on CyberArk.

View full review »
Gaurav Gaurav - PeerSpot reviewer
Architect at a tech services company with 10,001+ employees

The solution is primarily for security and access control. 

It's used to ensure and protect the complete IT infrastructure administrative account and the administrators and limit them to do any particular activities on the server and record all the activities on the server. it's for auditing purposes and for forensic usage.

We use it o identify if somebody internally hits the organization or tries to intrude and try to do a data breach or try to steal the information or do some kind of internal hacking. That risk can be eliminated using the tool.

View full review »
YP
Threat Protection Architect at a consumer goods company with 10,001+ employees

Our primary use case is to control the technical accounts used in our DevOps environnment. The primary goal was to automate to the maximum all privileged accounts used by applications. It was a big issue because al dev guys were always using the same account/password couple. CyberArk is doing this for them transparently. Through time the scope was extended to all interactive users with the target to avoid them knowing the password. The automated password change was implemented to 99% of all accounts inside the company.

View full review »
Korneliusz Lis - PeerSpot reviewer
CyberSecurity Service Support Specialist at Integrity Partners

The primary use case and the most used functionality of CyberArk PAM is managing privileged access (an easy way to pass permissions to specific servers to specific users granularly) and password management (an automated solution that manages password validity, expiration, etc.). PSM gives a possibility to set all connections secure and it is possible to re-trace actions made by users during such sessions. It is a good tool for extending usage to new end targets sometimes even out of the box.

View full review »
CF
Principal Information Security Engineer/Lead Active Directory Architect at a healthcare company with 10,001+ employees

Our primary use case for the solution is to support privileged identities.

View full review »
Aakash Chakraborty - PeerSpot reviewer
IEM Consultant at iC Consult GmbH

Privileged Access Management is basically used to just keep track and log. We have to provision those accesses. If a newcomer comes, they have to be identified to ensure they are the correct users. So for those, there is a web implementation where there are some products that you can order, then they're approved. Depending on that mechanism, it's been decided, oh, this is a valid user. That's how it's been managed.

View full review »
VS
Senior Associate at a consultancy with 10,001+ employees

My primary use case for this solution is to prevent privileged access, privilege accounts, and to mark all of those for future ordering proposals. It is to limit their access.

View full review »
AP
Technical Manager at Tech Mahindra Limited

One of our customers is using the 9.5 version of the solution.

We personally use the product. We are implementing it and have a lot of involvement in its usage.

We use it primarily because we need to manage business accounts and reduce our inboxes.

View full review »
DM
Core Analyst/ Server Admin at a comms service provider with 1,001-5,000 employees

We use CyberArk to manage our privileged accounts, our passwords for our critical infrastructure. We have a lot of root administrator level accounts and other application and node accounts that are critical to our business. We use CyberArk to keep those rotated, keep them secure, in an encrypted environment giving us a lot more control and auditing capability.

We are not planning to utilize CyberArk to secure infrastructure for applications running in the cloud because, in our particular business, we like to keep things in-house. Although we have a very small use case scenario where we have one application published to a cloud service, for the vast majority of our infrastructure, we keep it in-house and manage it ourselves.

In terms of utilizing CyberArk's secure application credentials or endpoints, I'd have to think through what CyberArk means by "endpoints," exactly. We do some application management right now. We're mostly doing more server-router, switch, node. And we have some custom vendor nodes that are not your normal off-the-shelf things, that we're trying to get under management right now. As we move along and become more secure, we'll probably do more and more of the application management like that.

View full review »
SB
Security Analyst at a insurance company with 1,001-5,000 employees

We use it for all of our privileged accounts, local admin, domain admin, and application accounts. We use several of the product suites. We are using the EPV suite along with AIM, and we are looking into using Conjur right now. Overall, it has been a great product and helped out a lot with being able to manage privileged accounts.

We don't have a lot of stuff in the cloud right now, but as we move forward, this is why we are looking at Conjur. We would definitely use it for that and DevOps.

We have owned the product since version 6.5.

View full review »
JM
Lead Automation Developer at COUNTRY Financial

To securely manage privileged accounts within the enterprise and automate password compliance where possible. Bringing multiple account types all into a single central repository with an intuitive user interface has greatly improved our security standing. Instead of managing each account in its disparate location like Database, Active Directory, LDAP, and Mainframe, we can now do it from a single solution. This has enabled great strides in standardizations across account types for password and access management.

View full review »
JM
Lead Automation Developer at COUNTRY Financial

My primary use case for the product is essentially to secure our privileged accounts, and it's performing amazingly.

What it allows us to do is to rotate the credentials for privileged accounts. It ensures we understand where the accounts are being used and that they are staying compliant with our EISB Policy, which is a policy to change passwords. Thus, attackers find it harder to get in and steal an old password which is just sitting out on a system.

We utilize CyberArk secure infrastructure. We are moving towards applications in the cloud, but we do not currently have that. We are also utilizing CyberArk secure application credentials and endpoints.

View full review »
RD
Systems Admin Analyst 3 at CPS Energy

We use this solution for privileged systems access with a high emphasis on security. End users are required to go through a process of being vetted in our NERC environment in order to use the solution. This product has been used by my company for about five years now.

View full review »
KS
Information Security Administrator at a insurance company with 501-1,000 employees

I have been working with CyberArk for the past five years. I do installations, support, and presales.

We have installed the CyberArk solution and have been using it as a PAM solution.

The main reason for having the solution in place is to isolate and monitor all previous activities that have taken place within the organization. The second thing is to make sure all the previous accounts have been onboarded to the solution and accurately monitored as well as passwords have been managed as per the policies defined. The third thing is to make sure users are unaware of their previous account passwords. Those should be centrally stored and located in one of the solutions where we can manage them per our policy or ask users to raise a request for internal workflows on the solution, in case of any emergencies. The last thing is for managing the service account passwords.

View full review »
Maarten22 - PeerSpot reviewer
Works at Liberty Global

The main usage of our implementation is to limit the credentials exposure to our third-party teams. They are able to connect to the end-points in a secure and isolated manner without needing to know any end-point credentials.

View full review »
SP
Senior Security Engineer at a financial services firm with 1,001-5,000 employees

The main focus of using CyberArk was to replace our previous Excel spreadsheets, which contained all of our passwords. The reason that we brought it in was to replace them and meet certain audit requirements.

We are using CyberArk to secure applications for credentials and endpoints.

We are planning on utilizing CyberArk to secure infrastructure and applications running in the cloud. It is on our roadmap for next year.

View full review »
CH
Information security engineer/ business owner

The primary use case is, of course, that we do the EPV for password vaulting and security changing, and prior to version 10 we were excited and it functioned perfectly fine. There are a few glitches with version 10 that we are not really happy with, but the functionality itself still exists and it's working like it should.

We actually have our vaults in the cloud. I don't know if we have any applications in the cloud that we're planning on managing, yet. We're not really a big AIM shop just yet, so I don't know if we're planning on utilizing CyberArk to secure infrastructure applications running in the cloud.

We're looking forward to utilizing CyberArk to secure application credentials and endpoints, however right now we have three or four AIM licenses.

View full review »
KR
Identity and Access Management Engineer at a energy/utilities company with 10,001+ employees

The primary use case is for password credential management of privileged accounts. The product has performed very well, and we will continue to invest in this space because the CyberArk tools are working well for us.

We are using it to manage infrastructure and applications in the cloud, rotating credentials which are used for operating system logins and cloud console credentials.

View full review »
ProbalThakurta - PeerSpot reviewer
Senior Partner at a tech consulting company with 51-200 employees

CyberArk Privileged Access Manager is used for identity and privilege access management.

View full review »
BRUNO REYNAUD - PeerSpot reviewer
Information Security Engineer - Pre-sales at a tech services company with 11-50 employees

We currently employ CyberArk Privileged Access Management, which involves extremely complex processes for ensuring the secure management, verification, and guarantee of credentials. Implementing the professional installation tool represents another challenging aspect of this task.

View full review »
DR
IT Security at a manufacturing company with 10,001+ employees

We use it for service accounts and local accounts for the machine. We are basically using it to rotate passwords or reconciling passwords, as needed. We do have a number which get changed on a yearly basis (most do). Some get changed on a more frequent basis. Users go into the safes that they have access to or whatever account they need, and they pull it. That is our use case.

It is performing well. However, we need a bit more education for our user community because they are not using it to its capabilities.

We are interested in utilizing the CyberArk secure infrastructure or running applications in the cloud. We are actively implementing Conjur right now just on a test basis to see how it goes.

View full review »
MU
CyberArk Consultant at a hospitality company with 10,001+ employees

CyberArk is managing our privileged accounts: most of the service accounts, admin accounts, and all other privileged accounts on different platforms including Windows and Linux. A lot of databases have already been onboarded. At the moment we are working towards integrating, or implementing, the AIM product to make sure those hard-coded credentials are being managed by CyberArk, instead of being directly coded in.

The plan is to utilize CyberArk secure infrastructure applications running in the cloud, but we will definitely have to upgrade our knowledge. Conjur is one of the very important things we are currently considering, in addition to, of course, AWS and Azure. We have to get ourselves up to speed. So at the moment, we are setting up the platform, but eventually, that is what the goal is.

Currently, we are not using CyberArk secure application credentials and endpoints.

View full review »
NR
Security Architect at a healthcare company with 10,001+ employees

The primary use case is increasing security and our security posture at our company, helping to prevent any future breaches and secure as many privileged accounts as we can. We have a lot of use cases, so there is not really a primary one, other than just trying to increase our security and protect our most privileged accounts.

We do not have a large cloud presence as of yet, but like other organizations, we are starting to get into it. We have a fantastic adoption of CyberArk that extends all the way up through executive leadership. A lot of times, projects and proof of concepts that we want to go through are very well-received and well supported, even by our top leadership. Once we get to the point where we are ready to do that, I think we will have executive support, which is always incredibly important for these types of things. 

We are in healthcare, so we are a little bit behind everybody else in terms of adoption and going into these types of areas. We are a little bit behind others in terms of cloud, but we will definitely get there.

View full review »
JG
Security Analyst at a financial services firm with 5,001-10,000 employees

We use it to harden our passwords for privileged users. We also utilize CyberArk to secure application server credentials.

We plan to utilize CyberArk's secure infrastructure and applications running in the cloud. We have AWS now. That is our next avenue: To get in there and have that taken care of.

View full review »
EG
Data Security Analyst II at a financial services firm with 5,001-10,000 employees

Our primary use case is to secure privileged access. 

Right now, it is performing fairly well. We have had instances where we have had to work with the customer support to integrate a custom plugin and struggled a bit there. It took a bit longer than we expected, but it ended up working out. Most of our focus now is getting our systems into CyberArk, which has nothing to do with the CyberArk software. It is just being able to communicate with our internal team to get them in there. So far, we haven't had a problem with CyberArk.

View full review »
BW
Systems Admin II at a transportation company with 5,001-10,000 employees

Currently, we use PAS and EPM. Mainly, we did EPM last year to get rid of local admins on about 300 PCs.

We are looking into utilizing CyberArk to secure infrastructure in the cloud.

I have been in admin for two years. The company has probably had it for more than seven years.

View full review »
AM
Product Owner at a tech services company with 1,001-5,000 employees

The major use case for us is to securely release and manage passwords for non-personal accounts.

CyberArk provides an automated and unified approach for securing access across environments. It's a work in progress but that is the goal, for us, of implementing CyberArk. We want to provide a unified way to access all environments. We are in transition, like most big companies, into cloud solutions. So this is also something that is being discussed and analyzed. But that, overall, is the mission of CyberArk in our organization.

View full review »
SN
Director Information Security at a insurance company with 501-1,000 employees

Its performance is excellent. We have had multiple use cases: 

  • It is PSM, so as a jump box to our servers.
  • We use it as a primary mechanism for all our consultants and auditors to access our systems. So, they come in through a Citrix app, then it is used by PVWA to access all the servers.

We are currently using CyberArk to secure applications with credentials and endpoints.

We plan on utilizing CyberArk to secure infrastructure and applications running in the cloud going forward. We are looking into possibly AWS or Azure.

View full review »
KE
Security Analyst at a retailer with 10,001+ employees

The primary use case is for privileged account management. It is performing well.

We are currently using CyberArk for applications running in the cloud. We are also using them for DevOps. We have some new things that we are implementing, and are working non-stop to leverage these features.

In addition, we are using CyberArk to secure applications and endpoints. 

View full review »
Volodymir Kolisnyk - PeerSpot reviewer
Security specialist at Kavitech

CyberArk is a good, profitable, and most valuable solution.

View full review »
AT
Managing Director at FOX DATA

We are a system integrator. We are selling its latest version to customers who are new to PAM or are coming from an older PAM. 

View full review »
JL
Senior Specialist Identity System Support at Roche

We are using CyberArk to store credentials of privileged assets in a secure way. In addition, CyberArk helps us to meet our security policy effortlessly, defining the complexity of the passwords, rotation period, etc.

We are also using the Privileged Session Manager to provide remote access to servers with security controls in place (session isolated and recorded).

View full review »
it_user792432 - PeerSpot reviewer
Senior Consultant - Information Security Engineering at a financial services firm with 10,001+ employees

We proactively vault and manage all elevated accounts across multiple platforms. 

For especially sensitive business units, we additionally leverage Privilege Session Manager to provide transparent connection to targeted systems and record activities.

View full review »
AM
Senior Security Manager at SMU

We use this solution for ID purposes. When we remove a user from the server, we need a privileged ID password.

We are a University. It's a large organization.

View full review »
BA
Cyber Security Manager at a hospitality company with 10,001+ employees

So far, CyberArk has done everything that we've needed it to. We are growing and moving into the cloud. We have a pretty complex environment. Everything that we've needed it to do in terms of managing our privileged accounts, it has done.

View full review »
MS
Technical consultant at a healthcare company with 1,001-5,000 employees

We use it for all application IDs to onboard into CyberArk. So far, the performance is good because we have onboarded more than 40,000 accounts, and it's growing every day.

We plan to utilize CyberArk's secure infrastructure application running in the cloud. We are conducting workshops with CyberArk on this. So it is planned but not yet confirmed. We are not using CyberArk's secure application credentials and endpoints.

View full review »
MU
CyberArk Consultant at a hospitality company with 10,001+ employees

Managing and securing the access to the environment.

I have worked with CyberArk solutions/applications for more than three years.

I have completed several implementations, proofs of concept, operational, and development activities. I have also worked with or checked most CyberArk releases since version 8.7.

View full review »
EV
Identity and Access Management System Administrator Sr. at a financial services firm with 1,001-5,000 employees

CyberArk PAS is our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage.

View full review »
KL
Team Lead Information Security Control at a financial services firm with 5,001-10,000 employees

We are using CyberArk Privileged Access Manager because we have too many accounts and we need to manage them.

View full review »
reviewer990912 - PeerSpot reviewer
Senior Manager - Privileged Access Management at a tech services company with 10,001+ employees
  • PAM interface for staff to support customers which may include CyberArk solutions of their own.
  • Managing large environments with varied and diverse environments.
View full review »
BA
Principal entity management engineer at a retailer with 10,001+ employees

We are using this product for our privileged identities and account management. We have some accounts that we consider privileged, the ones that have access to systems, software, tools, and our database and files and folders, etc. We try to maintain these accounts safely and try to grant access to these systems securely. We try and manage other non-human accounts that are DBAs, DB accounts, etc., through CyberArk.

Another initiative for this was the PCA compliance that we wanted to meet.

We don't have many applications in the cloud, we are getting one or two now. So in the future, we plan to utilize CyberArk's secure infrastructure applications running in the cloud. It's on the roadmap. We are utilizing CyberArk's secure application credentials but not endpoints. I have only just learned about the Plugin Generator Utility, so I don't have experience with it yet. It's pretty cool. We intend to use it now.

View full review »
MW
Senior server administrator at a financial services firm with 1,001-5,000 employees

We use CyberArk to assist with implementing security solutions that our auditors require. It also assists us in giving secure, monitored, audited access to non-technical people who, because of their jobs, or because of the application, require direct access to servers.

We are utilizing CyberArk's secure application credentials and endpoints.

It is performing very well.

We're not planning to utilize CyberArk's secure infrastructure or applications running in the cloud because our industry is, for the present, barred from using cloud resources. We don't yet have experience using the Plugin Generator Utility and we are not using any of the other integrations available through CyberArk marketplace.

View full review »
it_user796542 - PeerSpot reviewer
Works at a financial services firm with 10,001+ employees

Our main use is for CyberArk to hold, maintain, and securely protect our TAP/NUID and "privileged access" accounts within the company.

View full review »
JJ
Global Privilege Access Management Technical Architect at a consultancy with 10,001+ employees

We are leveraging CyberArk to provide Windows server access management across our enterprise. All our staff is looking for access to a server and needs to use CyberArk.

View full review »
DD
Information Security Engineer at a international affairs institute with 1,001-5,000 employees

The main purpose of getting CyberArk was to control the use of the shared passwords. 

Secondly, we needed to take out the secrets from the applications' source code (database connection strings). 

Thirdly, we wanted to improve the network segmentation and reduce the number of firewall exceptions. We're doing that by assigning a PSM per network zone and limiting the exceptions to its connections.

View full review »
MM
IT Security Analyst at a mining and metals company with 10,001+ employees
  • Credential faulting
  • Credential management
  • Privilege session management
  • Secure file storage

We are utilizing CyberArk to secure applications, credentials, and endpoints.

The product is performing very well. It is a difficult product to implement into a large organization though. There is a lot of customization and a lot of hands on stuff, which is not just install and be done. This isn't bad, but it does require a lot of time. 

The value is probably the best of all of the other products which are offering the same services.

View full review »
it_user834369 - PeerSpot reviewer
Associate Vice President & Head of Apps Support at a tech services company with 10,001+ employees

Our primary use of CyberArk Privileged Access Manager is to bring control on to the privileged access. For a while, there were individual IDs having privileged access. We wanted to restrict that. We implemented the solution so that it can be more of internal control. We can have session recordings happening and reduce our attacks.

View full review »
AW
Identity and Access Management Analyst at a financial services firm with 1,001-5,000 employees

We use CyberArk to manage anything privileged including our admin IDs, AWS root credentials, service accounts, etc.

View full review »
HP
Lead Consultant at a tech services company with 10,001+ employees

Our primary use case for this solution is privileged threat management and session management.

View full review »
it_user514779 - PeerSpot reviewer
Project Manager at a tech services company with 10,001+ employees

We are using it for privileged access management.

View full review »
it_user801021 - PeerSpot reviewer
Princ. Info Security Analyst at a insurance company with 10,001+ employees

We use it all.

  • Privileged account access and management
  • Credential rotation
  • Access control
  • Privileged session recording
View full review »
reviewer991878 - PeerSpot reviewer
Senior IT Security Engineer at a insurance company with 5,001-10,000 employees

We are using the solution for privileged account management. (Rotation, session isolation, checkout, etc.)

View full review »
reviewer988578 - PeerSpot reviewer
Snr Technical Consultant at a tech services company with 10,001+ employees

Managing passwords to infrastructure and applications, keeping those accounts “safe,” and being able to audit their use.

View full review »
it_user871449 - PeerSpot reviewer
IT Analyst at a tech services company with 10,001+ employees

We have different privileged accounts in our enterprise. All of the application owners and the stakeholders want to store those accounts CyberArk privileged security, so they can connect to the target systems. It also allows for session recordings at the time of auditing.

View full review »
BB
Master software engineer at a financial services firm with 10,001+ employees

Primary use case is storing and rotating local domain admin credentials for Windows and Unix network devices.

We're using CyberArk secure application credentials and endpoints on a small scale and we're planning, for the future, to use CyberArk to secure infrastructure applications running in the cloud. We don't have experience using the Plugin Generator Utility.

It is performing pretty well for the most part. We have some issues with RADIUS authentication, some bugs with that. But, generally speaking, it works really well.

View full review »
KR
Technical Director at Unique Performance Techsoft Pvt Ltd

We provide privilege account security and consulting to our customers. Organisations that we work with use CyberArk Privileged Account Security to secure their privilege accounts, which are shared between users in the organisation. It provides automatic password management and provides the single sign-on experience to users for all privilege accounts (Windows - administrator, Linux - root, MS SQL - SA, Oracle - SYS, SSH keys, etc.).

It also provides DVR like recording for all privilege access and text-based recording to easily audit all privilege activities.

The new Privilege Threat Analytics platform provides proactive protection by suspending the user session when it detects an anomaly based on past user login and session activity details. In addition, we can configure the solution to detect scoring on all privilege sessions for easier audits.

The Application Identity Manager module helps to eliminate hard-coded passwords in the application and enables us to easily change database passwords.

View full review »
reviewer990891 - PeerSpot reviewer
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees

Privileged account access into customer environments.

View full review »
reviewer990891 - PeerSpot reviewer
Information Technology Specialist (Contract role) at a tech services company with 10,001+ employees

Primary use case: having privileged access management and ingress into customer networks and infrastructure.

View full review »
MV
Engineering Lead PAM with 10,001+ employees

The primary use case of CyberArk is controlling privileged access. It is good at providing various privileged access controls. The CyberArk use case can be implemented on various platforms.

Password rotation is another key use case. There are many integrations available on the CyberArk Marketplace, plugins and connectors with different technologies to be integrated with CyberArk to achieve this use case.

I've had an experience of deploying CyberArk in on-premise and in the cloud.

View full review »
JL
Presales Engineer at a tech services company with 51-200 employees

Our primary use case for this solution is business and client management. Our clients are mostly from the banking sector. 

View full review »
RS
Principal Consultant, IAM Projects at a tech services company with 201-500 employees

The primary use case is password management. 

View full review »
it_user635622 - PeerSpot reviewer
Vice President - Cyber Security at a tech services company with 10,001+ employees

We primarily use this product for privileged identity management, restricting privileged IDs, and governance. This is the primary function of the program, and what we expect from it within the broad business level.

View full review »
RN
Product Manager at a tech services company with 11-50 employees

I am a consultant. We are in the process of using this in our clients' companies.

View full review »
SB
Security Team Lead at a tech services company with 10,001+ employees

Our primary use case for this solution is it provides a security solution that includes password management. This defends against threats.

View full review »
KN
Junior Product Consultant at a tech services company with 501-1,000 employees

I primarily use the solution to record any actions taken on specific important targets. It allows management to look at actions and play them back to see what was done within the environment.

View full review »
reviewer1052523 - PeerSpot reviewer
Works with 10,001+ employees

It provides a tamper-proof solution for privileged accounts and third-party access to corporate assets.

View full review »
LT
Auditor de Sistemas y Procesos at a tech services company with 11-50 employees

We sell this solution to our partners. We are not currently using the application for our own use — we're consultants.

View full review »
Buyer's Guide
CyberArk Privileged Access Manager
March 2024
Learn what your peers think about CyberArk Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.