Symantec Privileged Access Manager Overview

What is Symantec Privileged Access Manager?

CA Privileged Access Manager is a simple-to-deploy, automated, proven solution for privileged access management in physical, virtual and cloud environments. It enhances security by protecting sensitive administrative credentials such as root and administrator passwords, controlling privileged user access, proactively enforcing policies and monitoring and recording privileged user activity across all IT resources.  It includes CA PAM Server Control (previously CA Privileged Identity Manager) for fine-grained protection of critical servers

Symantec Privileged Access Manager is also known as CA PAM, Xceedium Xsuite, CA Privileged Access Manager.

Buyer's Guide

Download the Privileged Access Management (PAM) Buyer's Guide including reviews and more. Updated: July 2021

Symantec Privileged Access Manager Customers

NEOVERA, Telesis, eSoft

Symantec Privileged Access Manager Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
CF
Senior Security Engineer at a comms service provider with 10,001+ employees
Real User
Reduces viral attacks on my website but the setup is complex

What is our primary use case?

It reduces the viral attacks on my website. It also allows certain users access to see what happens daily.

What is most valuable?

The password manager is a valuable feature. It saves time for the user. The users do not have to remember the password or change the password. It is a user-friendly solution.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability is very good. 

What do I think about the scalability of the solution?

There is enough power to support our whole organization and the scalability potential is very wide. We currently have between 50-100 users of the solution. 

How is customer service and technical support?

The tech support is good. They are very…
US
Solution Architect at a tech services company with 10,001+ employees
Consultant
More expensive than other solutions but the password vaulting and password management features are valuable

What is our primary use case?

We look to make sure that there are two HyperACCESS specifications:  Privileged managements: These are ordered to ensure that all the passwords assume one location so a user can enter and all their passwords are protected. Their passwords cannot be shared because they are rotated.  The odd user: This user has to go through the system and exercise a chair relay. This should be our Gateway for login. 

What is most valuable?

The most common features that I use are password vaulting and password management. 

What needs improvement?

I would like this solution to be simpler. It should have a one-click access that works together with AWS. 

For how long have I used the solution?

Less than one year.

What do I think about the scalability of the

Find out what your peers are saying about Broadcom, CyberArk, BeyondTrust and others in Privileged Access Management (PAM). Updated: July 2021.
522,946 professionals have used our research since 2012.
Balamurali P
Solution Architect at Tata Elxsi
Real User
The DB clustering is a really good benefit of this solution.

What is our primary use case?

My primary use case for this solution is for work in data center components. We use it with our data center devices.

Pros and Cons

  • "CA PAM is working well for us."
  • "The DB clustering is a really good benefit of using CA PAM."
  • "An improvement for this solution is that it should not be constantly based on user name and password. There should be a condition to edit and update your username."

What other advice do I have?

So when we are trying develop some particular portal, when you are looking with loop-back IP, connecting the backend by a loop-back IP, the response is coming by an actual IP - that's the portal design. Because it is redirecting multiple URLs, the portal designed like in such a way like it will take your input and redirect your many multiple URLs with the connection and respond back to your browser, but the browser always it comes back with the actual IP, not the loop-back IP. In this case, the CA PAM is working well for us.
AS
Security Consultant at a tech services company with 10,001+ employees
Consultant
One stop access for all things involving privileged access management

What is our primary use case?

* Privileged account management * Session management * Session recording * One stop access for all things involving privileged access management.

Pros and Cons

  • "We can enforce complicated password policies and very important frequent password changes."
  • "The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster."
  • "We experience stability issues after every patch upgrade. This is a place where CA needs to improve drastically."
  • "The service account management functionality needs to be extended to application pools, SQL database, PowerShell scripts, service account discovery, etc."

What other advice do I have?

Go for it if your key areas are password/session management of Windows/Unix/database. Be careful if you want to use this for service account management. There are some technical challenges while integrating the web-based console (security devices) for transparent login/single sign-on.
it_user572919
Architect at a comms service provider with 10,001+ employees
Video Review
Real User
We found the architecture to be scalable and very resilient. However, make sure the roadmap is responsive going forward.

Pros and Cons

  • "The key benefits are we improve our governance. We ensure we can build more trust in the way we run and operate our environment, and most of all is the accountability."
  • "One of the key things for us about the product is around its simplicity. Being able to put in the technology that allows the business to remove complexity and also allow the security improvements."
  • "We found that the architecture is scalable and very resilient."
  • "Bring more technology into the portfolio and being able to collapse those products into a much more integrated way."

What other advice do I have?

It is fairly mature in the world of what it have known as a vault. When you look in a wider context of how to bring it into an organization, it is not necessarily just the technology side. I would rate it from the technology side between a seven and an eight. Actually, how it becomes too much of an adopted technology in a much more wider industry, they are still around about a five to six, but it has to do with the vendor across the industry. Most important criteria when selecting a vendor: It is about really understanding what the security challenges are in the industry, but also being able…
it_user715158
Information Security Manager at United Parcel Service
Video Review
Real User
Stability is solid as a rock

Pros and Cons

  • "Stability is solid as a rock."
  • "We know we can scale up with what we have, and we probably will not need to buy any further appliances down the road."
  • "They need to do a little bit more on the mainframe side.​"

What other advice do I have?

Right out of the box, right now, I would say it is a solid eight. I think 10 is doable, and they are very close. We are still only a year out. We have only really done one platform, so I am kind of saving the nine and 10 for once we are fully deployed. Most important criteria when selecting a vendor: Support is a big deal. Reputation is great, but the support is what we use most. After the sale is over and the initial deployment is done, we need to work with support, and if support is not strong, then that hurts us. We can't get the product to be what we want it to be.
it_user779106
Information Security at ITG
Real User
The interface is very friendly, colorful, and bold

What is our primary use case?

I see it performing really well. It has a really good scalability attribute, where you can continuously keep dumping on new users and giving them only the access they need on the projects that they would view. It is very controlling and I really like that.

Pros and Cons

  • "Whoever built it from the ground up, they understand how an organization is laid out."
  • "The interface is very friendly, colorful, and bold."
  • "Instead of just giving passwords to the user based on job function, from auditing perspective, turn that cycle around. That would really help from an auditing standpoint."

What other advice do I have?

If your company has Windows, Unix, and Linux, and has accounts all over the place and you need to management it, look into CA now. I feel like I have to learn more about CA PAM, because there are a lot of questions I still have for the product and I do not know them yet. Most important criteria when selecting a vendor: technical support. Always having someone there who knows a lot about the product, but at the same time, they will be straight up with you about the difficulties. I really do like when people tell me, this is not working, and tell you straight off the bat. I really like that…
it_user778803
Program Manager at a financial services firm with 10,001+ employees
Real User
It will provide us with more security

What is our primary use case?

It is for all admins. We need to have a two-factor authentication. So for that, we are using the PAM, Privileged Access Manager product called Xceedium. We have just put it in QA, so it will go live in production by March or April.

Pros and Cons

  • "It will provide us with more security."
  • "It gives you list of servers, so you can see which users have access to which servers. This is really useful, so we can make sure nobody is getting extra access than what is needed."
  • "They need to have zero tier and active-active setup ​with zero minimum downtime, which they are working on it. ​"

What other advice do I have?

Depending on your requirements, you can compare different products and decide what you want. This product so far seems good to us. Most important criteria when selecting a vendor: Our use cases, all of them, should be validated: the product performance and how the product behaves. We do a full end-to-end PoC to make sure how the product performs. Basically making sure all of the use cases have been satisfied and each have a proactive active-active setup.
it_user715158
Information Security Manager at United Parcel Service
Real User
Transparent Logins Prevent Password Sharing Yet Reporting Is Limited.

Pros and Cons

  • "Transparent login for users of privileged IDs (Linux, Windows). This prevents sharing of the password because it is never seen."
  • "It's difficult to locate the reports, there are limits on what reports can be run from the GUI, and the report formats are lacking."

What other advice do I have?

Definitely do your homework. CA PAM was the best product for us but if you are strictly a mainframe shop you might like a different solution and similarly for a Windows only shop. For us we have all platforms (Windows, Linux, Unix, mainframe, databases, network devices, appliances) that need to be managed. This product was relatively simple to implement but again do your homework. Make sure you document your use cases, and I strongly recommend setting up a test environment before deploying into production. We were told to get ROI so we started with production and are now standing up a fully…
it_user713793
Citrix / Windows Administrator/PM at a government with 10,001+ employees
Vendor
The tool helps us manage local, domain, and service accounts. I would like to see improvements in the documentation.

What other advice do I have?

Be prepared to call tech support a lot because the documentation is almost worthless.
it_user712038
Business Coach & Consultant
Vendor
When people are accessing our production environment as administrators or as non-end users, they use CA Privileged Access Manager​ to be able to access it

Pros and Cons

  • "The two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors. That was pretty huge for us."
  • "It'd be great if you just stuck in your PIV card and Windows popped up, asked you for your password. You typed it in, then it remembered your credentials."

What other advice do I have?

I would say, test it out in your environment, make sure it works out well. If it configures well, and then, assuming it works out fine, you're in good shape.
it_user708468
Senior Engineer at a tech services company with 1,001-5,000 employees
Consultant
​It has been reliable down the line with new features and updates

What is most valuable?

Access management and security compliance.

How has it helped my organization?

It started with the basic features, and gradually they added SCP, FTP, and also the API calls that helped us to meet the Automation at our end.

What needs improvement?

Role mapping, high availability, coverage of more important AWS data centers in Frankfurt.

For how long have I used the solution?

I've used this solution for three years

What do I think about the stability of the solution?

It has been reliable down the line with new features and updates.

What do I think about the scalability of the solution?

Yeah, it still does not support HA in Multi AZ subnets.

How are customer service and technical support?

Yeah, it's great. I would give it a nine out of 10. …
it_user708474
Pre-Sales Engineer at a tech services company with 51-200 employees
Real User
It has proven to be a very stable solution, even when it is run as a virtual appliance

Pros and Cons

  • "Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated."
  • "The support for other remote assistance tools would be excellent. Free included tools in Windows (Remote Assist) and Microsoft SCCM Configuration Manager (ConMgr Remote Control) allow companies to reduce the amount of RDP connections and expand the usage of the tools are frequently used by companies to provide technical support for remote assistance."

What other advice do I have?

If looking for a solution with privileged session management, great recording features with an integrated password vault and Single Sign-On that is pretty straightforward to implement out-of-the-box and does not overwhelm you with unnecessary features, it the best way to go. It has space for improving the user interface and remote connection tools, but surely this is something that should be in their roadmap.
JO
Tech Lead at a financial services firm with 5,001-10,000 employees
Vendor
Automates the security of DevOps pipeline for the shared secrets across environments

Pros and Cons

  • "For me, it is the robust API which is the most valuable feature. This allows for low maintenance costs and allows applications to automatically connect. This is great to automate security of the DevOps pipeline for shared secrets across environments. Also, being on Linux and a virtual appliance is great."
  • "I wish it could create local accounts on desktops."

What other advice do I have?

If you truly want to secure a DevOps world that is constantly changing the architecture and number of boxes, then you need CA PAM.
it_user707193
IT Security & Compliance at a energy/utilities company with 1,001-5,000 employees
Vendor
It meets with the objective of password vault with controlled access to the systems

What other advice do I have?

There are other cheaper solutions available in the market.
it_user707178
Project Coordinator at a logistics company with 10,001+ employees
Vendor
Gives us the ability to rotate passwords automatically via a scheduled job or password view

What other advice do I have?

My only advice is to make sure you perform a through PoC in your environment to make sure all aspects of the system work for you.
it_user707196
Principal Consultant
Vendor
Some of the valuable features are safe access to company resources and an intuitive management interface

What other advice do I have?

Proceed!
it_user459162
Presale Engineer with 51-200 employees
Vendor
When a customer uses CA PAM, they can control who can access their server and what they do

What other advice do I have?

The CA PAM product can help companies/organizations who looking are for Privilege Access Management. CA PAM is an industry leader; a powerful, easy to use solution.
it_user531528
Security Consultant
Vendor
One of the most valuable items is the load balancing feature

What is most valuable?

One of the most valuable items is the load balancing feature.

What needs improvement?

The live session recording is still not in the features.

For how long have I used the solution?

We have used this solution for over a year.

What do I think about the stability of the solution?

There were no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

I would give technical support a rating of 7/10.

Which solution did I use previously and why did I switch?

This is the first solution.

How was the initial setup?

The setup is one of the advantages of CA PAM, as compared with the other solutions.

Which other solutions did I

it_user707184
Security and Governance Manager (Principal Director) at a tech services company with 201-500 employees
Real User
The solution has the capability to address hybrid eco-systems

What other advice do I have?

Have a good view of their role model and critical assets.
Renê Souza
Especialista em CA at a tech services company with 5,001-10,000 employees
Real User
It offers access control of privileged accounts

What is most valuable?

It offers access control of privileged accounts.

How has it helped my organization?

It has simplified and unified the access of the users to a single point of access. It grants access identity to privileged accounts.

What needs improvement?

I would like to see improvements in branding customization and multi-tenancy.

For how long have I used the solution?

We have been using this solution for six months

What do I think about the stability of the solution?

The solution is not implemented for end users, so we haven't had any problems so far.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

Technical support is very good.

Which solution did I use

it_user705717
Senior Systems Administrator at a tech company with 5,001-10,000 employees
Vendor
The most valuable feature is the keystroke tracking feature

What other advice do I have?

Make sure you can track enough CIs and have room for growth.
it_user705705
Finance at a tech services company with 10,001+ employees
Consultant
Have a test environment for testing any upgrades/patches first, before pushing it to production

What is most valuable?

Manager user/admin’s password, so it’s more secure and password will be changed on time.

What needs improvement?

When there’s new patches or upgrades, please test the new release well, so it won’t break the functional parts.

What do I think about the stability of the solution?

It’s very stable, unless we do some patches or upgrade, then it’ll break some functional parts.

What do I think about the scalability of the solution?

So far, no.

How are customer service and technical support?

So far, it's fair. Because sometimes, it takes me a few days/weeks to get attention.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

I didn’t get involved in the initial setup.

What's my experience with pricing, setup

it_user705702
IT Operations at a retailer with 10,001+ employees
Vendor
We did a PoC for a few, but chose CA PPM

What other advice do I have?

It is the best product for monitoring the recorded session of your IT admins and external consultants. RDP is best for Telnet and SSH devices password management.
it_user705735
IAM Architect at a tech services company with 5,001-10,000 employees
Real User
So far, we’re using the RDP-gateway and the “published application” features

Pros and Cons

  • "The RDP-gateway: For limiting which server an operator can access."
  • "I’m no fan of Java as an application front-end, as it tends to have issues depending on what browser one’s using."

What other advice do I have?

Make sure you have all your network needs mapped out prior to installation, as you have to add all needed networks to the virtual appliance prior to the first boot.
it_user705732
Ingeniero de servicios at a tech services company with 51-200 employees
Consultant
We administrate the platform in some clients and the results are very useful to control the access to privileged servers.Manager

What other advice do I have?

Well, that I recommend the product. It has a good interface and it’s easy to administrate.
it_user705711
System Support Analyst at a financial services firm with 10,001+ employees
Vendor
I like the fact that passwords are checked-in automatically. They shouldn’t compromise better looking UI with performance.

Pros and Cons

  • "You can do A2A integration. You can have your own script, which can then run outside of PA to retrieve the password and perform other tasks."
  • "What I hope happens with the new product CA PAM is to keep all the useful features that exist in PA, but what I’ve noticed with many new products is the UI gets polished but systems lags stability and performance or it adds additional complexity instead of simplifying the user experience."

What other advice do I have?

I think this product is no longer available. But if it is, I would recommend a full stress test before they even implement it. Make sure you can run it on the newest web or application servers.
it_user705714
Systems/Software Engineer at a tech vendor with 10,001+ employees
Vendor
Used for securing privileged accounts

What other advice do I have?

Make sure you are certified from the official CA course.
it_user705741
Sr. Oracle DBA at a government with 10,001+ employees
Vendor
One of the valuable features is the randomly generated password

What other advice do I have?

Make it easier to upgrade the software.
it_user705699
Consultor Senior TI y Seguridad de Datos at a tech services company
Consultant
The deployment was straightforward, the provisioning, too. In general, it's not complicated to work with this solution.

What other advice do I have?

Try the product.
Anton Purba
IT Security Consultant at a tech services company with 51-200 employees
Consultant
Some of the valuable features include session management and one step installation

What other advice do I have?

I’m very satisfied with the product.
it_user651831
Cloud SME
Vendor
The most valuable features are session manager, access manager, and credential manager. They don't offer multi-tenancy.

What other advice do I have?

If you are going for a multi-tenant deployment as an MSP, I would work with CA to see when that feature will be available. If the local end points are logged down with the Java versions, I would really tell them to pull out the HTML-file-based solution. The accessibility of this tool from the desktops is very, very difficult. Those are two big things for a use case. I would recommend them to make sure they validate that these things are rolled out and then use it. Other than those two issues, everything else is good. Asking me to rate the solution is a tough question, because the market…
it_user621030
User at a tech vendor with 10,001+ employees
Vendor
This product is for privileged access for a jump server using a PIV card.

What other advice do I have?

I think it's a good solution for anybody who is looking for a single sign-on implementation for administration of the servers. It's a straightforward solution. It has been in the federal space for quite some time. It has been part of our TRM.
it_user616500
Security Engineer
Vendor
Some of the valuable features are transparent login and cluster synchronization. There are a lot of gaps in the documentation.
it_user624780
Director, Managed Services - Analytics & Data Solutions at a tech services company with 51-200 employees
Consultant
We set a rule once, and it can be applied when we add new clients into our cloud environment.

What other advice do I have?

Make sure you fully vet out what is needed for the complete process, and understand what you need up front for the initial set and what will be added at what trigger points.
it_user621822
User
Vendor
Monitoring privileged users’ actions is valuable because of the possible impact of an insider breach incident.

What other advice do I have?

It is the best solution for managing privileged users.
it_user613575
Sr. Security Analyst at a retailer with 1,001-5,000 employees
Vendor
We have had the same core team supporting us over the years and they work with us through any issues.

What other advice do I have?

Get enough appliances for redundancy so if you lose one due to hardware or software issues, there is no impact to users. We use a VIP that directs all users to whichever appliance is available.
it_user589527
IT Infrastructure Manager at a tech services company
Consultant
Individual administrators have access to end points without needing to know passwords. We have had many complications during the implementation.

What other advice do I have?

When they came for the proof of concept, we only had access to the system itself. I couldn't try to understand the complexity of implementation or support or all the features that the solution would have to offer. I just saw the main features.
it_user595743
Cloud Solutions Architecture Manager at a tech services company with 501-1,000 employees
Consultant
The automated authentication is valuable. The demonstration and consideration portion does not work the best.

What other advice do I have?

Get as much training as possible.
it_user599001
Co Founder & Chief Operating Officer at a tech services company with 51-200 employees
Consultant
Passwords don't float around unchanged anymore. We can scale by just dropping in another appliance.

What other advice do I have?

I would say definitely get professionals that can help out. My company is in this space, and this is what we do for a living, so I don't think that it's a product that you want to go and try to implement on your own. Getting professional experience on your side for two or three weeks, or whatever it takes, to deploy the solution is well worth the investment.
it_user572856
Security Engineer at EarthLink
Video Review
Real User
In addition to helping with security, it also helps with how we audit which credentials are being used

What other advice do I have?

Rating: I would say probably a seven or an eight. As I said, the interface is not the easiest to navigate and it doesn't really have the discovery piece or fully baked discovery. Overall, the solution works and there's just multiple ways of doing things. You don't have to use the whole GUI interface to get your stuff in. There's ways of importing our credentials and what not through Excel spreadsheets and what not. It's really easy how the import/export mechanism works. I would definitely tell them [peers] to do an in-house proof of concept of the solution to make sure that solution works for…
it_user558579
IT Infrastructure Director at a construction company with 1,001-5,000 employees
Vendor
Session recording enhances the ability to regulate and control privileged access accounts.

What other advice do I have?

The only advice that I would give is to also consider some of the new pure Cloud-based offerings that are out. They weren't necessarily strong enough for us to consider when we were looking.
it_user558024
Director Of Information Security at a insurance company with 1,001-5,000 employees
Vendor
We can separate the management of accounts with and without elevated privileges. It integrates with our identity management system.

What other advice do I have?

I would say do your research. We did, and that's why I said there weren't any real competitors. There always; but in this space, I don't think so – not today.
it_user479766
CIO/Management Consultant at a tech company with 51-200 employees
Vendor
Privileged users see only those systems and access methods to which they’re expressly allowed access.

What other advice do I have?

I am a proponent of the product in many ways but most importantly, I believe a solid, well-thought-out strategy and solid architectural plan for the future needs to be the priority, not buying a product to fit the unknown.
it_user526257
Senior Solutions Architect, at a tech services company with 10,001+ employees
Consultant
It can wrap system connectivity information into its internal Java-based shell. Online Help is not detailed enough.
it_user351294
Technical Director at a tech services company with 51-200 employees
Consultant
It adds another layer of security from the basic OS security of Linux and Windows, although the rule management portion and reporting is very weak on its own.

What other advice do I have?

Definitely you have to go for a tested solution. This solution doesn’t have bugs, but you should follow CA’s messaging that it’s always good to deploy in small chunks. Applications have problems, and sometimes it’s a process. You just have to expand over time.
Buyer's Guide
Download our free Privileged Access Management (PAM) Report and find out what your peers are saying about Broadcom, CyberArk, BeyondTrust, and more!