We just raised a $30M Series A: Read our story

Symantec Privileged Access Manager OverviewUNIXBusinessApplication

What is Symantec Privileged Access Manager?

CA Privileged Access Manager is a simple-to-deploy, automated, proven solution for privileged access management in physical, virtual and cloud environments. It enhances security by protecting sensitive administrative credentials such as root and administrator passwords, controlling privileged user access, proactively enforcing policies and monitoring and recording privileged user activity across all IT resources.  It includes CA PAM Server Control (previously CA Privileged Identity Manager) for fine-grained protection of critical servers

Symantec Privileged Access Manager was previously known as CA PAM, Xceedium Xsuite, CA Privileged Access Manager.

Buyer's Guide

Download the Privileged Access Management (PAM) Buyer's Guide including reviews and more. Updated: December 2021

Symantec Privileged Access Manager Customers

NEOVERA, Telesis, eSoft

Symantec Privileged Access Manager Video

Archived Symantec Privileged Access Manager Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
CF
Senior Security Engineer at a comms service provider with 10,001+ employees
Reseller
Top 20
Reduces viral attacks on my website but the setup is complex

What is our primary use case?

It reduces the viral attacks on my website. It also allows certain users access to see what happens daily.

What is most valuable?

The password manager is a valuable feature. It saves time for the user. The users do not have to remember the password or change the password. It is a user-friendly solution.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability is very good. 

What do I think about the scalability of the solution?

There is enough power to support our whole organization and the scalability potential is very wide. We currently have between 50-100 users of the solution. 

How is customer service and technical support?

The tech support is good. They are very…

What is our primary use case?

It reduces the viral attacks on my website. It also allows certain users access to see what happens daily.

What is most valuable?

The password manager is a valuable feature. It saves time for the user. The users do not have to remember the password or change the password. It is a user-friendly solution.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability is very good. 

What do I think about the scalability of the solution?

There is enough power to support our whole organization and the scalability potential is very wide. We currently have between 50-100 users of the solution. 

How is customer service and technical support?

The tech support is good. They are very helpful.

How was the initial setup?

The setup was complex. It took one month and we needed collaboration between various different departments. We used a consultant to help us. We needed two people to integrate the solution and we currently employ one person for maintenance.

What's my experience with pricing, setup cost, and licensing?

It is reasonably priced.

What other advice do I have?

This solution is our gateway to access other servers. We plan to continue with this product as our company grows. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
US
Solution Architect at a tech services company with 10,001+ employees
Consultant
More expensive than other solutions but the password vaulting and password management features are valuable

What is our primary use case?

We look to make sure that there are two HyperACCESS specifications:  Privileged managements: These are ordered to ensure that all the passwords assume one location so a user can enter and all their passwords are protected. Their passwords cannot be shared because they are rotated.  The odd user: This user has to go through the system and exercise a chair relay. This should be our Gateway for login. 

What is most valuable?

The most common features that I use are password vaulting and password management. 

What needs improvement?

I would like this solution to be simpler. It should have a one-click access that works together with AWS. 

For how long have I used the solution?

Less than one year.

What do I think about the scalability of the

What is our primary use case?

We look to make sure that there are two HyperACCESS specifications: 

  1. Privileged managements: These are ordered to ensure that all the passwords assume one location so a user can enter and all their passwords are protected. Their passwords cannot be shared because they are rotated. 
  2. The odd user: This user has to go through the system and exercise a chair relay. This should be our Gateway for login. 

What is most valuable?

The most common features that I use are password vaulting and password management. 

What needs improvement?

I would like this solution to be simpler. It should have a one-click access that works together with AWS. 

For how long have I used the solution?

Less than one year.

What do I think about the scalability of the solution?

Scalability has been good. 

How are customer service and technical support?

We have received good support from the tech support team.

Which solution did I use previously and why did I switch?

We used IBM before.

How was the initial setup?

It was a challenge for our newer staff members to install. 

What's my experience with pricing, setup cost, and licensing?

It is more expensive than other solutions on the market.

Which other solutions did I evaluate?

We have been using IBM extensively because customers demand that we provide this option.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Broadcom, CyberArk, BeyondTrust and others in Privileged Access Management (PAM). Updated: December 2021.
554,529 professionals have used our research since 2012.
Balamurali P
Solution Architect at Tata Elxsi
Real User
The DB clustering is a really good benefit of this solution.

Pros and Cons

  • "CA PAM is working well for us."
  • "The DB clustering is a really good benefit of using CA PAM."
  • "An improvement for this solution is that it should not be constantly based on user name and password. There should be a condition to edit and update your username."

What is our primary use case?

My primary use case for this solution is for work in data center components. We use it with our data center devices. 

What is most valuable?

The DB clustering is a really good benefit of using CA PAM.

What needs improvement?

An improvement for this solution is that it should not be constantly based on user name and password. There should be a condition to edit and update your username. Also, it would be nice to have a single sign-on, but that particular portal doesn't allow any copy/paste.

In addition, I have an additional suggestion. I will give you a scenario. In regards to the licensing, I have some concerns. The NAS team, they want to have 24/7 support. The NAS team is the one actually using this CA PAM. So, the total count is some hundred members. But at other times, the login is 23 members. So it's like a batch. Every 7 hours there is a batch change, so every 7 hours 23 members will change. But when I ask for a licensing part, they are saying we have to take 100 license, not 23 license. Each time I have to ask for 100 licenses, even though I have only 23 members at a time using the solution. If there were any options for concurrent usage of a license, that would be a better option.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I find it is a stable product for our organization. But, we have had to do some debugging sessions occasionally.

Which solution did I use previously and why did I switch?

We have previous experience with CyberArk.

How was the initial setup?

The initial setup was easy and straightforward.

What's my experience with pricing, setup cost, and licensing?

I would prefer better licensing options for the 20-100 users we have at a given time. 

Which other solutions did I evaluate?

We also considered CyberArk.

What other advice do I have?

So when we are trying develop some particular portal, when you are looking with loop-back IP, connecting the backend by a loop-back IP, the response is coming by an actual IP - that's the portal design. Because it is redirecting multiple URLs, the portal designed like in such a way like it will take your input and redirect your many multiple URLs with the connection and respond back to your browser, but the browser always it comes back with the actual IP, not the loop-back IP.  In this case, the CA PAM is working well for us.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AS
Security Consultant at a tech services company with 10,001+ employees
Consultant
One stop access for all things involving privileged access management

Pros and Cons

  • "We can enforce complicated password policies and very important frequent password changes."
  • "The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster."
  • "We experience stability issues after every patch upgrade. This is a place where CA needs to improve drastically."
  • "The service account management functionality needs to be extended to application pools, SQL database, PowerShell scripts, service account discovery, etc."

What is our primary use case?

  • Privileged account management
  • Session management
  • Session recording
  • One stop access for all things involving privileged access management.

How has it helped my organization?

  • Earlier admins used to access critical system from their desktop, which was a security threat considering the wide variety of compromises happening on endpoint. Now, all the privileged access is tunneled through PAM.
  • With password management, we can enforce complicated password policies and very important frequent password changes, i.e., weekly.
  • Most importantly, we now have recordings for each and every privileged session which is used for auditing, compliance, and investigations.

What is most valuable?

Privileged account management for Windows (domain and local) and Unix.

What needs improvement?

Service account management is a key area where the product needs to develop. Currently, the product supports service account discovery, but only if the host name of the server is known. For unknown host names, it is still a dark area.

In comparison with Thycotic and CyberArk, the service account management functionality needs to be extended to application pools, SQL database, PowerShell scripts, service account discovery, etc.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We experience stability issues after every patch upgrade. This is a place where CA needs to improve drastically.

What do I think about the scalability of the solution?

The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster. It comes in four forms.

  1. Physical appliance
  2. Virtual instance
  3. AWS
  4. Azure (just launched).

How are customer service and technical support?

The technical support has improved a lot in last year with the advent of the European technical support team.

Which solution did I use previously and why did I switch?

No previous solution was used.

How was the initial setup?

Initial setup is very straightforward and ease to configure. It is similar to any appliance-based network security device.

What's my experience with pricing, setup cost, and licensing?

Pricing is fair compared to other top vendors, like CyberArk. The licensing is simple and scalable.

Which other solutions did I evaluate?

We did not evaluate any other solutions.

What other advice do I have?

Go for it if your key areas are password/session management of Windows/Unix/database.

Be careful if you want to use this for service account management.

There are some technical challenges while integrating the web-based console (security devices) for transparent login/single sign-on.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
it_user572919
Architect at a comms service provider with 10,001+ employees
Video Review
Real User
We found the architecture to be scalable and very resilient. However, make sure the roadmap is responsive going forward.

Pros and Cons

  • "The key benefits are we improve our governance. We ensure we can build more trust in the way we run and operate our environment, and most of all is the accountability."
  • "One of the key things for us about the product is around its simplicity. Being able to put in the technology that allows the business to remove complexity and also allow the security improvements."
  • "We found that the architecture is scalable and very resilient."
  • "Bring more technology into the portfolio and being able to collapse those products into a much more integrated way."

How has it helped my organization?

The key benefits are we improve our governance. We ensure we can build more trust in the way we run and operate our environment, and most of all is the accountability. Where things do go wrong from time to time, we are in a good position to ensure that we can recover quickly.

What is most valuable?

One of the key things for us about the product is around its simplicity. Being able to put in the technology that allows the business to remove complexity and also allow the security improvements. This is high on our agenda. 

What needs improvement?

As with most things CA, once we are bringing more technology into the portfolio and being able to collapse those products into a much more integrated way, that will definitely come over the time. 

In terms of improvement, keep listening to customers and their challenges and make sure the roadmap is very responsive. It is all about being agile, so we need to make sure the product is very easy to work with. It does not constrain us further down the road.

What do I think about the stability of the solution?

At the moment, we are going through several evaluations. We found that the architecture is scalable and very resilient. In terms of scaling up, it has yet to be proven, but so far, so good.

How is customer service and technical support?

We have worked with CA before, so we understand that each engagement is slightly different. One thing we do make sure is we always do things like test runs as part of any onboarding of a system. This would be no different if we go down this path in the future.

What other advice do I have?

It is fairly mature in the world of what it have known as a vault. When you look in a wider context of how to bring it into an organization, it is not necessarily just the technology side. I would rate it from the technology side between a seven and an eight. Actually, how it becomes too much of an adopted technology in a much more wider industry, they are still around about a five to six, but it has to do with the vendor across the industry.

Most important criteria when selecting a vendor: It is about really understanding what the security challenges are in the industry, but also being able to align with specific use cases each organization is going to deal with. You have a generic capability that we can take off the shelf, but we should be able to customize when you need it. Having that right balance is really important. I think from my of view, CA has started to move in that direction more. I would like to see more of that.

I think like most evaluations, it takes a lot of time and effort. We do look at things around where the history of the technology, where it's born out of, where they are currently going, and the direction they are going. Also, in terms of how well they are going to integrate into the wider portfolio. Evaluations are not just about features and functions of this specific product, but it is taking that holistic view around what else we can get out of it in the next three to five years. It is really important for us to have that clear roadmap and one that we believe in and trust.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user715158
Information Security Manager at United Parcel Service
Video Review
Real User
Stability is solid as a rock

Pros and Cons

  • "Stability is solid as a rock."
  • "We know we can scale up with what we have, and we probably will not need to buy any further appliances down the road."
  • "They need to do a little bit more on the mainframe side.​"

What is most valuable?

I have been in the security business for almost 30 years. We have never had a solution in place where we could really manage and control privileged accounts in the company. This solution really makes a big difference. We started rolling it out for our Linux base. It has been invaluable to us already, and it has only been a year.

What needs improvement?

We are a multiplatform shop, so we have Windows, Linux, mainframe. The mainframe piece of it is coming along, but we would like to see a little bit more integration with the non-CA mainframe component, such as RACF. That is what we use, but they have more features which are coming out in the next month or so, which is a huge. They are listening to their customers. I think that is great, but they need to do a little bit more on the mainframe side.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

Solid as a rock. It is a hardened appliance. We went with that version versus the virtual, and we set it up in less than half a day, and have had no problems since. It has been running fine.

What do I think about the scalability of the solution?

Based on the purchase that we made, we bought an awful lot of appliances. We are using only a small portion of it right now, because it can handle so much volume. We know we can scale up with what we have, and we probably will not need to buy any further appliances down the road. So, that is huge.

How was the initial setup?

It is very easy to set up the initial piece. We even did it without CA on-site for the first day. We got it up and running, then they came in and helped us tweak it and make it a little bit more efficient. However, setting it up out of the box, it was a no-brainer. It was very quick.

What other advice do I have?

Right out of the box, right now, I would say it is a solid eight. I think 10 is doable, and they are very close. We are still only a year out. We have only really done one platform, so I am kind of saving the nine and 10 for once we are fully deployed.

Most important criteria when selecting a vendor: Support is a big deal. Reputation is great, but the support is what we use most. After the sale is over and the initial deployment is done, we need to work with support, and if support is not strong, then that hurts us. We can't get the product to be what we want it to be.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user779106
Information Security at ITG
Real User
The interface is very friendly, colorful, and bold

Pros and Cons

  • "Whoever built it from the ground up, they understand how an organization is laid out."
  • "The interface is very friendly, colorful, and bold."
  • "Instead of just giving passwords to the user based on job function, from auditing perspective, turn that cycle around. That would really help from an auditing standpoint."

What is our primary use case?

I see it performing really well. It has a really good scalability attribute, where you can continuously keep dumping on new users and giving them only the access they need on the projects that they would view. It is very controlling and I really like that.

What is most valuable?

Whoever built it from the ground up, they understand how an organization is laid out. You can tell. When a user comes in, it automatically picks up their information. It is very easy to use. The interface is very friendly, colorful, and bold. I really like that. It is friendly to the users. 

What needs improvement?

What PAM does is when a user signs in, or when a user gets prompted to an organization, they are classified based on what teams, job titles, and roles that they have. 

One feature I would like to see is instead of just giving passwords to the user based on job function, from auditing perspective, turn that cycle around. Let us have a reporting feature that will say, "Can you please show me all the users who have access to the DB admin account essay." That would really help from an auditing standpoint. 

There is already a feature for that. It is not too great to use. Instead of being Splunk, maybe have a feature built into the application. 

How is customer service and technical support?

There have been no issues with CA technical support.

Which other solutions did I evaluate?

After doing a little bit of research in the PAM market, there are not too many PAM players out there. Obviously, there is CyberArk but the other big player is CA PAM. I took a look at CA PAM. CA's rep gave me every reason to pick CA PAM over CyberArk.

CyberArk is harder to set up. You need a stand up infrastructure to back up CyberArk. PAM, on the other hand, is much more simple to use, and you do not need as many Windows servers to back it up as far as I know. 

  1. According to the users who have actually used CyberArk and CA PAM, they have said that CA PAM is ten times easier to use and manage. 
  2. Also, according to the users, CyberArk is only in the Windows area. They only control passwords in the Windows area. I am not sure how true that is, but that is a huge thing. 

What other advice do I have?

If your company has Windows, Unix, and Linux, and has accounts all over the place and you need to management it, look into CA now. 

I feel like I have to learn more about CA PAM, because there are a lot of questions I still have for the product and I do not know them yet. 

Most important criteria when selecting a vendor: technical support. Always having someone there who knows a lot about the product, but at the same time, they will be straight up with you about the difficulties. I really do like when people tell me, this is not working, and tell you straight off the bat. I really like that straightforwardness.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user778803
Program Manager at a financial services firm with 10,001+ employees
Real User
It will provide us with more security

Pros and Cons

  • "It will provide us with more security."
  • "It gives you list of servers, so you can see which users have access to which servers. This is really useful, so we can make sure nobody is getting extra access than what is needed."
  • "They need to have zero tier and active-active setup ​with zero minimum downtime, which they are working on it. ​"

What is our primary use case?

It is for all admins. We need to have a two-factor authentication. So for that, we are using the PAM, Privileged Access Manager product called Xceedium.

We have just put it in QA, so it will go live in production by March or April. 

How has it helped my organization?

It will provide us with more security. Anybody who has access can only get it. It makes admin access more critical. People are not building service accounts. 

It will provide more security and monitoring. 

What is most valuable?

The session recording is useful. We can capture what each of our users are doing.

It gives you list of servers, so you can see which users have access to which servers. This is really useful, so we can make sure nobody is getting extra access than what is needed. It is also isolated from Internet, so there is no way hackers or anybody can come into the systems.

What needs improvement?

We are going to work on Trade Analytics, so we wanted to see how Trade Analytics work and all.

They need to work on some of the enhancements, which we have already given to them. 

They need to have zero tier and active-active setup with zero minimum downtime, which they are working on it. 

For how long have I used the solution?

Still implementing.

What do I think about the stability of the solution?

So far, it is stable in our development and QA. Once we go in production, we will know it. We have just started testing on the products, especially integration testing and performance testing. After that, we will know the stability, and we are putting Splunk and monitoring alerts on right now. 

What do I think about the scalability of the solution?

For scalability, we had some performance issues with the regular virtual jump servers. Therefore, to make the improvement better and all, we ordered bare metal physical servers. This way we will have better results and the performance will be good. 

How is customer service and technical support?

We are using the technical support. We also have a list of all the security enhancements, which are needed. We gave it to CA. They are working on it, and for any issues, we are escalating the issues and working with the product team directly. 

They are really good at answering us quickly. Some of them, they also provided us a patch, and some of them are going into the new version, which is 301, so we are upgrading our environment to 301 now in our development and QA next week. 

How was the initial setup?

It was a straightforward setup.

What's my experience with pricing, setup cost, and licensing?

Cost-wise, CA was better compared to others in the market. 

Which other solutions did I evaluate?

One of the goals for one of our projects this year was to implement Privileged Access Management. We tried different products in the market: Xceedium, CyberArk, etc. This is when we decided on Xceedium. 

All were almost good, but CA's UI was much better. Performance-wise, CA was good. One of the advantages was Unix, which was not on CyberArk. It was more Windows-focused. We have been using Windows and Linux both. 

When we started analyzing different products, CA was really good. They are more proactive every time. 

They really worked hard in the PoC. They made sure all of our use cases are validated, and they would even provide us patches during our PoC. 

What other advice do I have?

Depending on your requirements, you can compare different products and decide what you want. This product so far seems good to us.

Most important criteria when selecting a vendor: Our use cases, all of them, should be validated: the product performance and how the product behaves. We do a full end-to-end PoC to make sure how the product performs. Basically making sure all of the use cases have been satisfied and each have a proactive active-active setup. 

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user715158
Information Security Manager at United Parcel Service
Real User
Transparent Logins Prevent Password Sharing Yet Reporting Is Limited.

Pros and Cons

  • "Transparent login for users of privileged IDs (Linux, Windows). This prevents sharing of the password because it is never seen."
  • "It's difficult to locate the reports, there are limits on what reports can be run from the GUI, and the report formats are lacking."

What is most valuable?

Transparent login for users of privileged IDs (Linux, Windows). This prevents sharing of the password because it is never seen.

How has it helped my organization?

Once we implemented the solution, we found that support groups were sharing the Root password with some application teams to facilitate implementations and upgrades. The applications required Root due to software requirements or other issues. This process was never documented and therefore was unknown. We are now working on getting these applications under proper controls. They will either need to use PAM if Root is still required or proper access will be implemented where Root will not be required for day to day support.

What needs improvement?

Reporting. It's difficult to locate the reports, there are limits on what reports can be run from the GUI, and the report formats are lacking. I have already spoken to product management about this specific area.

For how long have I used the solution?

Four months.

What do I think about the stability of the solution?

Not yet.

What do I think about the scalability of the solution?

Yes, we noticed that when trying to rotate 1400 privileged passwords with a single job, the results were not consistent. Support suggested we break the job up into smaller groups. We will likely have well over 200,000 managed accounts in the system when we are fully deployed. We should be able to submit mass password changes without having to break them down into groups of 50 or less.

How are customer service and technical support?

For the most part, support is good. We do run into problems sometimes with respect to getting support for APIs. Our experience has been that engineering has to become involved due to limitations with the support staff's knowledge/experience in this area.

Which solution did I use previously and why did I switch?

We have been trying to get approved for a solution (this or others) for 15 years. We finally have a CIO who understands the need for and benefit of this product and it was approved late in 2016.

How was the initial setup?

Appliance setup was not difficult. We did have issues with network setup (behind a load balancer, or not; these were mostly internal issues and not the problem of the product). We selected this product (in part) because of the initial ease of implementation. We did a PoC and had the appliances set up in less than a day.

What's my experience with pricing, setup cost, and licensing?

Appliances are relatively cheap, don’t skimp. Make sure you have redundancy, high availability, and enough appliances to manage the concurrent workload. Definitely make sure you include training in your budget and purchase. There are at least three specific courses that are a must for any administrator of the product. Courses can be classroom, virtual, on site or web-based. A2A licensing will be the cost that continues to grow over time. As you begin to deploy and work with various groups, you will find more uses for the A2A component and this is licensed by agent deployed on a server.

Which other solutions did I evaluate?

We had a project to review eight vendors and their PAM products: IBM, Hitachi, CyberArk, BeyondTrust, CA, Enforcive, Centrify, and Lieberman.

What other advice do I have?

Definitely do your homework. CA PAM was the best product for us but if you are strictly a mainframe shop you might like a different solution and similarly for a Windows only shop. For us we have all platforms (Windows, Linux, Unix, mainframe, databases, network devices, appliances) that need to be managed. This product was relatively simple to implement but again do your homework. Make sure you document your use cases, and I strongly recommend setting up a test environment before deploying into production. We were told to get ROI so we started with production and are now standing up a fully supported test environment. If I had the time, I would have done this the other way around.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user713793
Citrix / Windows Administrator/PM at a government with 10,001+ employees
Vendor
The tool helps us manage local, domain, and service accounts. I would like to see improvements in the documentation.

What is most valuable?

The tool helps us manage local, domain, and service accounts. It helps us meet compliance standards.

How has it helped my organization?

The fact the password is changed after each checkout beats changing passwords manually every few months.

What needs improvement?

I would definitely like to see improvements in the documentation. It is very plain and doesn't provide details. They are no screenshots either.

For how long have I used the solution?

We owned this product for about three years. I took over the project about six months ago.

What do I think about the stability of the solution?

I did not encounter any issues with stability.

What do I think about the scalability of the solution?

I did not encounter any issues with scalability.

How are customer service and technical support?

Few people I've dealt with know the product well. They are not very helpful. Some technical support team members don't have much knowledge.

Which solution did I use previously and why did I switch?

I don't think DSS used any other solution prior to this.

How was the initial setup?

I didn't do the initial setup, so I can't answer this question.

What's my experience with pricing, setup cost, and licensing?

I'm the admin and do not know anything about pricing and licensing.

Which other solutions did I evaluate?

I personally have used RPM and think it is more user-friendly.

What other advice do I have?

Be prepared to call tech support a lot because the documentation is almost worthless.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user712038
Business Coach & Consultant
Vendor
When people are accessing our production environment as administrators or as non-end users, they use CA Privileged Access Manager​ to be able to access it

Pros and Cons

  • "The two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors. That was pretty huge for us."
  • "It'd be great if you just stuck in your PIV card and Windows popped up, asked you for your password. You typed it in, then it remembered your credentials."

What is most valuable?

If I remember correctly, it was the two factor authentication, and the single most important capability was it supported PIV and CAC as one of the two factors. That was pretty huge for us.

How has it helped my organization?

Our organization does and uses cloud-based solutions. Those have to be very secure.

Specifically, administrative access needs to be highly secure. When people are accessing the production environment as administrators or as non-end users, they use CA Privileged Access Manager to be able to access it.

What needs improvement?

Trouble free installation and configuration and not even noticing that it's installed. There's too many steps involved in accessing the production network. Too many things you have to do to get on.

It'd be great if you just stuck in your PIV card and Windows popped up, asked you for your password. You typed it in, then it remembered your credentials.

For how long have I used the solution?

For about 10 months.

What do I think about the stability of the solution?

There were some issues with stability.

From what I remember, people would complain that every 30 minutes to an hour or so, their connection would drop and they'd have to reconnect, but it wasn't clear whether that was a problem with the network we were working on or whether that was a problem with Privileged Access Manager.

What do I think about the scalability of the solution?

We didn't run into any scale issues at all. The more people involved, the more it was able to handle.

How are customer service and technical support?

Yeah, we worked with technology support. They were actually pretty helpful. The couple of problems we had, they were able to identify and help us resolve.

Which solution did I use previously and why did I switch?

Yeah, we were using OpenVPN. We were using OpenVPN, and the biggest single reason was dual-factor authentication with PIV and CAC. That was the biggest single reason.

How was the initial setup?

I did not personally do the setup. From what I remember, it took a couple of weeks for the security lead to do the work. That's not out of the question or a surprise with a security product, because just getting it operating usually takes a little bit, then getting it fine tuned takes a whole another round of work.

Which other solutions did I evaluate?

We looked at about a half a dozen, and this one came out to be the best one. We filtered down.

What other advice do I have?

I would say, test it out in your environment, make sure it works out well. If it configures well, and then, assuming it works out fine, you're in good shape.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user708468
Senior Engineer at a tech services company with 1,001-5,000 employees
Consultant
​It has been reliable down the line with new features and updates

What is most valuable?

Access management and security compliance.

How has it helped my organization?

It started with the basic features, and gradually they added SCP, FTP, and also the API calls that helped us to meet the Automation at our end.

What needs improvement?

Role mapping, high availability, coverage of more important AWS data centers in Frankfurt.

For how long have I used the solution?

I've used this solution for three years

What do I think about the stability of the solution?

It has been reliable down the line with new features and updates.

What do I think about the scalability of the solution?

Yeah, it still does not support HA in Multi AZ subnets.

How are customer service and technical support?

Yeah, it's great. I would give it a nine out of 10. …

What is most valuable?

Access management and security compliance.

How has it helped my organization?

It started with the basic features, and gradually they added SCP, FTP, and also the API calls that helped us to meet the Automation at our end.

What needs improvement?

Role mapping, high availability, coverage of more important AWS data centers in Frankfurt.

For how long have I used the solution?

I've used this solution for three years

What do I think about the stability of the solution?

It has been reliable down the line with new features and updates.

What do I think about the scalability of the solution?

Yeah, it still does not support HA in Multi AZ subnets.

How are customer service and technical support?

Yeah, it's great. I would give it a nine out of 10.

Which solution did I use previously and why did I switch?

We selected it after the evaluation of multiple products.

How was the initial setup?

It's easy to configure and with the help of their documentation, one can easily do that.

What's my experience with pricing, setup cost, and licensing?

Yeah, this is an expensive product.

Which other solutions did I evaluate?

It's confidential.

What other advice do I have?

I would say definitely to use it if you've got a high number of systems and are concern about security.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user708474
Pre-Sales Engineer at a tech services company with 51-200 employees
Real User
It has proven to be a very stable solution, even when it is run as a virtual appliance

Pros and Cons

  • "Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated."
  • "The support for other remote assistance tools would be excellent. Free included tools in Windows (Remote Assist) and Microsoft SCCM Configuration Manager (ConMgr Remote Control) allow companies to reduce the amount of RDP connections and expand the usage of the tools are frequently used by companies to provide technical support for remote assistance."

What is most valuable?

Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated.

The recording feature uses a proprietary format that is very light, even with high definition videos, allowing you to use very little hard drive space. This has proven very valuable when managing large amounts of sessions.

How has it helped my organization?

We are now able to record all technical support requests that require a remote control session, therefore accountability has risen reducing the amount of mistakes or errors.

Clients are also more confident that all activities are recorded and everyone is held accountable when asking for support being provided.

With the recently added feature that supports recording VNC sessions, we have been able to expand the session management to the IT personnel who prefer VNC for remote session management.

What needs improvement?

The support for other remote assistance tools would be excellent. Free included tools in Windows (Remote Assist) and Microsoft SCCM Configuration Manager (ConMgr Remote Control) allow companies to reduce the amount of RDP connections and expand the usage of the tools are frequently used by companies to provide technical support for remote assistance.

This could increase the amount of purchased licenses, with increasing growth of (remote) managed services (MSPs), and would also allow a company to demand that a provider use a tool such as CA PAM when providing remote assistance, in order to record evidence or increase accountability. Access to online training free of charge is also highly recommended.

For how long have I used the solution?

Over two years.

What do I think about the stability of the solution?

Not in my experience. It has proven to be a very stable solution, even when it is run as a virtual appliance.

What do I think about the scalability of the solution?

Not in my experience.

How are customer service and technical support?

I have had a good experience because they have been able to resolve issues nine of 10 in a short period.

The cons are that you are rarely (if ever) able to talk to a technician when calling support. This is frustrating when the issues are critical or urgent.

This is much worse in out of office hours. At times, when the issues are complex, the resolution times has been longer than desired and the time in between contacts is also too long.

There is a lot of space to improve in this area.

Which solution did I use previously and why did I switch?

No, I have looked at CyberArk, but never used it as a customer.

How was the initial setup?

Session management is pretty straightforward as is the password management. We were able to get it up and running in no time. It might be a bit complex to follow the flow of creating the devices, users, and single sign on using the password vault, so that process could be simplified for those getting started with the solution.

What's my experience with pricing, setup cost, and licensing?

Can’t say much. The prices are not low, but one can ask for a discount. It’s not the cheapest PAM solution.

Which other solutions did I evaluate?

Yes, CyberArk. We found it too complex and with more features than one would probably need.

What other advice do I have?

If looking for a solution with privileged session management, great recording features with an integrated password vault and Single Sign-On that is pretty straightforward to implement out-of-the-box and does not overwhelm you with unnecessary features, it the best way to go.

It has space for improving the user interface and remote connection tools, but surely this is something that should be in their roadmap.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
JO
Tech Lead at a financial services firm with 5,001-10,000 employees
Vendor
Automates the security of DevOps pipeline for the shared secrets across environments

Pros and Cons

  • "For me, it is the robust API which is the most valuable feature. This allows for low maintenance costs and allows applications to automatically connect. This is great to automate security of the DevOps pipeline for shared secrets across environments. Also, being on Linux and a virtual appliance is great."
  • "I wish it could create local accounts on desktops."

What is most valuable?

For me, it is the robust API which is the most valuable feature. This allows for low maintenance costs and allows applications to automatically connect. This is great to automate security of the DevOps pipeline for shared secrets across environments. Also, being on Linux and a virtual appliance is great.

How has it helped my organization?

Before we had a vaulting solution that had a manual provisioning of the DB and privileged accounts. Now, we can automate this provisioning through APIs which are easy to understand and implement.

What needs improvement?

I wish it could create local accounts on desktops. But, what I really want to do with it is automatically manage DevOps pipelines through tools like Docker/Puppet/Chef. It would manage shared secrets to the segregated environments. I am hoping that the API is helpful for this.

For how long have I used the solution?

We have used it just for a PoC, but we are purchasing it soon. From going through the selection process, we felt CA PAM was the best option for our company.

How are customer service and technical support?

CA technical support has been very responsive the past couple years. It has come a long way.

Which solution did I use previously and why did I switch?

I have used ERPM, but it was difficult to upgrade the product. The structure of the vaulting policies was not conducive to Ally’s organization. Plus, it ran on Windows, which in our world you want to always go with a Linux solution, when possible.

How was the initial setup?

In the PoC, it seems very easy to get started.

What's my experience with pricing, setup cost, and licensing?

Don’t go with an agent model. Don’t go with a model that has you buying a thousand different parts. Go with PAM that gives you everything, or you’ll just be paying costs of implementing another tool that PAM would have just given you up front. PAM can monitor exponentially more devices than it competitors. This covers a large audit item for us.

Which other solutions did I evaluate?

We looked at CyberArk, BeyondTrust, ERPM and ObserveIT.

What other advice do I have?

If you truly want to secure a DevOps world that is constantly changing the architecture and number of boxes, then you need CA PAM.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user707193
IT Security & Compliance at a energy/utilities company with 1,001-5,000 employees
Vendor
It meets with the objective of password vault with controlled access to the systems

What is most valuable?

The password vault and access to the systems are the most valuable features. It meets with the objective of password vault with controlled access to systems.

How has it helped my organization?

There are no improvements as it never went live.

What needs improvement?

It lacks good logging capabilities and the reports are not customized. Also, there are security issues with the 'super' account.

For how long have I used the solution?

I have tried to implement it for almost two years.

What do I think about the stability of the solution?

There were no stability issues experienced, but we never went live.

What do I think about the scalability of the solution?

There were no scalability issues experienced, but we never went live.

How are customer service and technical support?

Technical support is average. They took a long time to provide good answers, only recommended to upgrade SW version which in some environments is not an option and they don’t even know if that will fix the problem.

Which solution did I use previously and why did I switch?

We were not using any other product before, although now we have changed to another cheaper solution.

How was the initial setup?

The setup was not simple, design took a lot of time, and we had a consultant from CA.

What's my experience with pricing, setup cost, and licensing?

It’s not a cheap solution. The increasing number of licenses are also expensive.

What other advice do I have?

There are other cheaper solutions available in the market.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user707178
Project Coordinator at a logistics company with 10,001+ employees
Vendor
Gives us the ability to rotate passwords automatically via a scheduled job or password view

What is most valuable?

Gives us the ability to rotate passwords automatically in the vault, on in any interval, via a scheduled job or password view. This takes out the management of passwords from the user and CA PAM can control the password maintenance.

How has it helped my organization?

Without getting too specific, we are able to manage root account passwords on 1600+ Linux servers. Our users can transparently login with those credentials when needed.

What needs improvement?

The OOTB reporting functionality is lacking. The ability to view a simple breakdown of the various data. They offer an all or nothing solution that does work for my organization. We need to be able to distribute reports to various groups that have users working in CA PAM without showing them all the activity. However, there are APIs that can be utilized to make custom reports. The product is good and enhancements are coming to improve the product. Reporting is what is lacking in this version of the product.

For how long have I used the solution?

We have used the product since September 2016.

What do I think about the stability of the solution?

At this point, there were no issues with stability.

What do I think about the scalability of the solution?

At this point, there were no issues with scalability.

How are customer service and technical support?

The technical support has be an essential part of our deployment. They are very responsive and work diligently to resolve the issues.

Which solution did I use previously and why did I switch?

We didn’t have a previous solution.

How was the initial setup?

We have ten appliances and the setup was straightforward. We had no issues setting up our infrastructure.

What's my experience with pricing, setup cost, and licensing?

I was not involved in the negotiations of the product.

Which other solutions did I evaluate?

We started out with eight different products and wound up doing an RFP with four finalists, and CA PAM was one of them. The other three were BeyondTrust, CyberArk, and Hitachi ID.

What other advice do I have?

My only advice is to make sure you perform a through PoC in your environment to make sure all aspects of the system work for you.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user707196
Principal Consultant
Vendor
Some of the valuable features are safe access to company resources and an intuitive management interface

What is most valuable?

Some of the valuable features are safe access to company resources, quick, comprehensible, and intuitive management interface, and good integration capabilities. Control on targets could be extended through CA PAM Server Control component. It now includes an optional risk evaluation engine (CA Threat Analytics for Privileged Access Manager).

How has it helped my organization?

  • Quick setup
  • Support for different types of existing user stores
  • Management automation through REST interface
  • Integration with Identity Management solutions easily for automatic user provisioning.

What needs improvement?

I would like it to support more types of integration.

For how long have I used the solution?

We have used this solution since CA acquired Xceedium.

What do I think about the stability of the solution?

There were no stability issues.

What do I think about the scalability of the solution?

There were no scalability issues.

How are customer service and technical support?

I would give technical support a rating of an eight out of 10.

Which solution did I use previously and why did I switch?

Many customers switched to CA PAM, because the list of useful features quickly expands.

How was the initial setup?

The deployment was very fast, as it is commonly deployed as a virtual appliance.

What's my experience with pricing, setup cost, and licensing?

Contact the sales department.

Which other solutions did I evaluate?

We evaluated Hitachi ID PAM and IBM PIM.

What other advice do I have?

Proceed!

Disclosure: My company has a business relationship with this vendor other than being a customer: We sell and implement CA PAM.
it_user459162
Presale Engineer with 51-200 employees
Vendor
When a customer uses CA PAM, they can control who can access their server and what they do

What is most valuable?

Access control and Password Management, because almost every customer wants to protect and audit their server(s), as well as their credentials.

How has it helped my organization?

When a customer uses CA PAM, they can control who can access their server and what they do. So they feel more comfortable when using outsourced engineers to manage their assets.

What needs improvement?

Reporting, Logging, and support recording for Web App using Java.

Now, the reporting feature on CA PAM only shows the basic information in white-black table format. If I’m a customer, I like to see the reports with colorful charts and pictures.

About the Web App using Java:

Currently, CA PAM only can record and work with a Web Console that doesn't use Java. If a Web Console uses Java and has a pop-up, CA PAM can’t do a recording.

For how long have I used the solution?

Over three years. I used it before CA acquired Xceedium.

What do I think about the stability of the solution?

The CA PAM appliance works stably. I didn’t see many errors related to stability.

What do I think about the scalability of the solution?

Not yet.

How are customer service and technical support?

I appreciate CA technical support. They respond quickly.

Which solution did I use previously and why did I switch?

No, I didn’t.

How was the initial setup?

Simple for me.

Which other solutions did I evaluate?

No, I didn’t.

What other advice do I have?

The CA PAM product can help companies/organizations who looking are for Privilege Access Management. CA PAM is an industry leader; a powerful, easy to use solution.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user531528
Security Consultant
Vendor
One of the most valuable items is the load balancing feature

What is most valuable?

One of the most valuable items is the load balancing feature.

What needs improvement?

The live session recording is still not in the features.

For how long have I used the solution?

We have used this solution for over a year.

What do I think about the stability of the solution?

There were no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

I would give technical support a rating of 7/10.

Which solution did I use previously and why did I switch?

This is the first solution.

How was the initial setup?

The setup is one of the advantages of CA PAM, as compared with the other solutions.

Which other solutions did I

What is most valuable?

One of the most valuable items is the load balancing feature.

What needs improvement?

The live session recording is still not in the features.

For how long have I used the solution?

We have used this solution for over a year.

What do I think about the stability of the solution?

There were no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

I would give technical support a rating of 7/10.

Which solution did I use previously and why did I switch?

This is the first solution.

How was the initial setup?

The setup is one of the advantages of CA PAM, as compared with the other solutions.

Which other solutions did I evaluate?

We evaluated CyberArk, BeyondTrust, and Dell.

What other advice do I have?

The implementation of this product is not a problem and is simple.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user707184
Security and Governance Manager (Principal Director) at a tech services company with 201-500 employees
Real User
The solution has the capability to address hybrid eco-systems

What is most valuable?

The solution has the capability to address hybrid eco-systems, both on-premises and cloud services. Most of the high privileges now include tenant administrator credentials.

Integration with the AD RBAC model is also a great feature, as we can tie it to the central repository.

The FIPS-140-2 certification is really a nice option with every governmental response.

How has it helped my organization?

The solution allows us to ease the risks and headaches with administrators turning to our IT team.

What needs improvement?

I would like the ability to provision through a real REST API. Perhaps this could be SCIM-PAM, once it is certified.

For how long have I used the solution?

We have used this solution for more than a year for training, PoC, and laboratory use cases.

What do I think about the stability of the solution?

Some rollover credentials often do not work or you need a more complex configuration.

What do I think about the scalability of the solution?

There were no issues with scalability.

How is customer service and technical support?

Technical support has yet to be included completely in the CA Support.

How was the initial setup?

Some rollover scenarios can complex to achieve.

Which other solutions did I evaluate?

We evaluated Sudo-AD and CyberArk.

What other advice do I have?

Have a good view of their role model and critical assets.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a technological partner for reselling.
Renê Souza
Especialista em CA at a tech services company with 5,001-10,000 employees
Real User
It offers access control of privileged accounts

What is most valuable?

It offers access control of privileged accounts.

How has it helped my organization?

It has simplified and unified the access of the users to a single point of access. It grants access identity to privileged accounts.

What needs improvement?

I would like to see improvements in branding customization and multi-tenancy.

For how long have I used the solution?

We have been using this solution for six months

What do I think about the stability of the solution?

The solution is not implemented for end users, so we haven't had any problems so far.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

Technical support is very good.

Which solution did I use

What is most valuable?

It offers access control of privileged accounts.

How has it helped my organization?

It has simplified and unified the access of the users to a single point of access. It grants access identity to privileged accounts.

What needs improvement?

I would like to see improvements in branding customization and multi-tenancy.

For how long have I used the solution?

We have been using this solution for six months

What do I think about the stability of the solution?

The solution is not implemented for end users, so we haven't had any problems so far.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

Technical support is very good.

Which solution did I use previously and why did I switch?

We did not use a different solution before.

How was the initial setup?

The initial was setup straightforward and simple. The solution does not need any complex customization to deploy and start using it.

What's my experience with pricing, setup cost, and licensing?

Just measure all the necessities before starting and all will be okay.

What other advice do I have?

Keep in mind that the product can be implemented quickly, but it depends on how fast you can provide information.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are partners.
it_user705717
Senior Systems Administrator at a tech company with 5,001-10,000 employees
Vendor
The most valuable feature is the keystroke tracking feature

What is most valuable?

The most valuable element is the keystroke tracking feature.

We use the tool in our FedRAMP data centers. Whenever an employee does some work at the command line in the servers, app servers or database servers, we need to track what they do.

We use the tool to do just that. We bought it for that purpose. That is why this is the most important feature for us.

How has it helped my organization?

The product has not improved our organization. It is an intentionally limiting product. That’s why we have it.

What needs improvement?

It limits the number of CIs. Why not have unlimited CIs?

As I understand the licensing, we purchase the PAM product and pay for it based on the number of CIs. (A “CI” is a “configuration item”. It’s an ITIL term.)

That means the number of servers, routers, switches, etc. for which PAM controls access and tracks activity. Why not charge us a flat fee and give us unlimited CIs?

For how long have I used the solution?

We have been using the solution for around four years.

What do I think about the stability of the solution?

We did not encounter any issues with stability.

What do I think about the scalability of the solution?

We had scalability issues, particularly in regards to the limit of CIs.

How are customer service and technical support?

The technical support is very good. They are very helpful. They are knowledgeable and follow-up when we have issues.

Which solution did I use previously and why did I switch?

We did not use a previous solution.

How was the initial setup?

I don’t know about the initial setup. I was not involved in the initial setup.

What's my experience with pricing, setup cost, and licensing?

I am not involved in pricing and licensing.

Which other solutions did I evaluate?

I don’t know about the evaluation of other products. I was not involved in that part of the process.

What other advice do I have?

Make sure you can track enough CIs and have room for growth.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user705705
Finance at a tech services company with 10,001+ employees
Consultant
Have a test environment for testing any upgrades/patches first, before pushing it to production

What is most valuable?

Manager user/admin’s password, so it’s more secure and password will be changed on time.

What needs improvement?

When there’s new patches or upgrades, please test the new release well, so it won’t break the functional parts.

What do I think about the stability of the solution?

It’s very stable, unless we do some patches or upgrade, then it’ll break some functional parts.

What do I think about the scalability of the solution?

So far, no.

How are customer service and technical support?

So far, it's fair. Because sometimes, it takes me a few days/weeks to get attention.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

I didn’t get involved in the initial setup.

What's my experience with pricing, setup

What is most valuable?

Manager user/admin’s password, so it’s more secure and password will be changed on time.

What needs improvement?

When there’s new patches or upgrades, please test the new release well, so it won’t break the functional parts.

What do I think about the stability of the solution?

It’s very stable, unless we do some patches or upgrade, then it’ll break some functional parts.

What do I think about the scalability of the solution?

So far, no.

How are customer service and technical support?

So far, it's fair. Because sometimes, it takes me a few days/weeks to get attention.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

I didn’t get involved in the initial setup.

What's my experience with pricing, setup cost, and licensing?

I don’t handle that.

Which other solutions did I evaluate?

I didn't get involved in that evaluation, either.

What other advice do I have?

Have a test environment for testing any upgrades/patches first, before pushing it to production.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user705702
IT Operations at a retailer with 10,001+ employees
Vendor
We did a PoC for a few, but chose CA PPM

What is most valuable?

  • Password management (Linux/Windows) and session recording.
  • Platform to access any (RDP, Telnet, SSH device in Datacenter).

How has it helped my organization?

  • Centralized
  • Secure
  • Monitored access to any (RDP, Telnet, and SSH device in Datacenter).

What needs improvement?

Still Exploring.

What do I think about the stability of the solution?

The product is matured now after new patches and versions.

What do I think about the scalability of the solution?

Easy to scale with clusters.

How are customer service and technical support?

10 out of 10.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

Straightforward. We recently migrated from Physical to Virtual Appliance.

What's my experience with pricing, setup cost, and licensing?

Based on features e.g., access management and password management, the price is suitable.

Which other solutions did I evaluate?

I don't remember now, but we did a PoC for a few, but chose CA PPM (formally known as Xceedium).

What other advice do I have?

It is the best product for monitoring the recorded session of your IT admins and external consultants. RDP is best for Telnet and SSH devices password management.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user705735
IAM Architect at a tech services company with 5,001-10,000 employees
Real User
So far, we’re using the RDP-gateway and the “published application” features

Pros and Cons

  • "The RDP-gateway: For limiting which server an operator can access."
  • "I’m no fan of Java as an application front-end, as it tends to have issues depending on what browser one’s using."

What is most valuable?

So far, we’re using the RDP-gateway and the “published application” features.

  • The RDP-gateway: For limiting which server an operator can access.
  • The “published applications” feature: To minimize the exposure of sensitive usernames and passwords.

How has it helped my organization?

The exposure of sensitive usernames and passwords has been limited in a massive way. This allows us to give much needed access to LDAP servers and databases without the operator knowing the username and/or password. They just have a link to click on after logging into the PAM virtual appliance.

What needs improvement?

I’m no fan of Java as an application front-end, as it tends to have issues depending on what browser one’s using. Have nothing further right now due to limited exposure to the more technical parts of the product.

For how long have I used the solution?

We’ve had it running for approximately six months so far.

What do I think about the stability of the solution?

No issues so far, except the typical Java/web-browser problems that all Java-based products have.

What do I think about the scalability of the solution?

Do not know as of right now, as we only have one instance in production at the moment.

How are customer service and technical support?

So far, I would rate it high. I have gotten fast and accurate answers to my questions and any issues have been resolved in a timely manner.

Which solution did I use previously and why did I switch?

We used the now discontinued Shared Account Management component of CA Privileged Identity Manager.

How was the initial setup?

The initial setup is really easy. The only thing to worry about is to add all needed networks to your virtual appliance prior to the initial boot. This is a pain and should be fixed in my opinion.

What's my experience with pricing, setup cost, and licensing?

I do not know as I only work with the technical parts of the product, I do not worry about pricing and licensing.

What other advice do I have?

Make sure you have all your network needs mapped out prior to installation, as you have to add all needed networks to the virtual appliance prior to the first boot.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user705732
Ingeniero de servicios at a tech services company with 51-200 employees
Consultant
We administrate the platform in some clients and the results are very useful to control the access to privileged servers.Manager

What is most valuable?

The possibility to control the remote activity and establish different policies, because it depends on the position of workers, how much access they needed, and in what platforms they connect. The possibility to separate this in an easy way is very useful.

How has it helped my organization?

We administrate the platform in some clients and the results are very useful to control the access to privileged servers.

What needs improvement?

The Java problem for web access to the platform, add more useful information in the logs; solve the Javascript problem to access to some Google services on the web.

For how long have I used the solution?

For over a year.

What do I think about the stability of the solution?

Yes, at first the cluster desynchronizes often.

What do I think about the scalability of the solution?

No, but the answer is not always clear or satisfactory. In some cases, the answer result is vague.

How are customer service and technical support?

On a scale from 1 to 10, I give it a 7. I hope to know the SLA of the technical support.

Which solution did I use previously and why did I switch?

No, but I've heard about CyberArk.

How was the initial setup?

Very straightforward.

What's my experience with pricing, setup cost, and licensing?

I don’t have any comment

Which other solutions did I evaluate?

No, I’m not from the sales department.

What other advice do I have?

Well, that I recommend the product. It has a good interface and it’s easy to administrate.

Disclosure: My company has a business relationship with this vendor other than being a customer:
it_user705711
System Support Analyst at a financial services firm with 10,001+ employees
Vendor
I like the fact that passwords are checked-in automatically. They shouldn’t compromise better looking UI with performance.

Pros and Cons

  • "You can do A2A integration. You can have your own script, which can then run outside of PA to retrieve the password and perform other tasks."
  • "What I hope happens with the new product CA PAM is to keep all the useful features that exist in PA, but what I’ve noticed with many new products is the UI gets polished but systems lags stability and performance or it adds additional complexity instead of simplifying the user experience."

What is most valuable?

I mostly do support for the product so I’m aware of all the features this product offers. I like the fact that passwords are checked-in automatically. In case you forget to release the account so that other people can use it, it keeps the account secured by changing the password automatically.

You can do A2A integration. You can have your own script, which can then run outside of PA to retrieve the password and perform other tasks.

It has CLI commands for bulk changes. I’ve used that feature to on-board thousands of accounts, and it saved time and effort rather than doing it manually.

How has it helped my organization?

PA is a global vault application which is essential in our day-to-day tasks is retrieving and using privileged accounts. Also provides a nice logging and notification to management as well as audit.

What needs improvement?

I think most people that use the product are concern with performance and they are also used to the user inference. We shouldn’t compromise a better looking UI with performance. It’s hard to say, because ever since I’ve started using the product, we have had performance issues.

What I hope happens with the new product CA PAM is to keep all the useful features that exist in PA, but what I’ve noticed with many new products is the UI gets polished but systems lags stability and performance or it adds additional complexity instead of simplifying the user experience.

I hope that’s not the case with the new product. And of course with any new product, there should be improvements in stability, usability, performance and support.

For how long have I used the solution?

We have used this solution for over two years.

What do I think about the stability of the solution?

Stability is a problem that we fight every day.

What do I think about the scalability of the solution?

We have scalability issues. For our current stress test, it looks like the system is not able to handle a large number of users at peak times.

How are customer service and technical support?

I think there are two points to this. It’s very hard to get to level 2 or 3 support to answer questions. We had cases that were dragged on for years with no answer waiting for engineering. It almost sounds like we are on our own and this product is not “really supported” or CA is so busy with other more important issues that higher level support is almost never available.

Which solution did I use previously and why did I switch?

I am not sure. When I joined the bank, this was what they were using.

How was the initial setup?

I was not part of the bank at that point.

What other advice do I have?

I think this product is no longer available. But if it is, I would recommend a full stress test before they even implement it. Make sure you can run it on the newest web or application servers.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user705714
Systems/Software Engineer at a tech vendor with 10,001+ employees
Vendor
Used for securing privileged accounts

What is most valuable?

Used for securing privileged accounts. This is the why people choose this particular product: To manage credentials and record sessions.

How has it helped my organization?

DXC has created a managed service offering based on it.

What needs improvement?

  • The user interface and dependence on applets and Windows could use some improvement.
  • Increased the compatibility with other browsers.
  • Remove the Java applet dependency (it is being depreciated).

For how long have I used the solution?

We have been using this solution for 12 months.

What do I think about the stability of the solution?

We did not encounter any issues with stability.

What do I think about the scalability of the solution?

We did not encounter any issues with scalability.

How are customer service and technical support?

Technical support could be improved.

Which solution did I use previously and why did I switch?

We haven’t switched from a previous solution, but rather added an additional option to our offering catalog.

How was the initial setup?

The initial setup was straightforward.

Which other solutions did I evaluate?

Before choosing this product, we evaluated CyberArk PAM.

What other advice do I have?

Make sure you are certified from the official CA course.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are partners.
it_user705741
Sr. Oracle DBA at a government with 10,001+ employees
Vendor
One of the valuable features is the randomly generated password

What is most valuable?

One of the valuable features is the randomly generated password. It is a strong way to protect the security access to the network and servers in our department of Homeland Security Environmental Management System.

How has it helped my organization?

It has helped us with security.

What needs improvement?

Updates get difficult for the client. It needs to improve. I experienced difficulty in upgrading the software myself. With a tech engineer's help, I was able to manually delete some directories and was finally able to upgrade successfully. The codes should be easier and have an auto-feature to upgrade.

For how long have I used the solution?

We have used this solution for two years.

What do I think about the stability of the solution?

We did not encounter any issues with stability.

What do I think about the scalability of the solution?

We did not encounter any issues with scalability.

Which solution did I use previously and why did I switch?

We did not use different solution before.

How was the initial setup?

The initial setup was straightforward.

What other advice do I have?

Make it easier to upgrade the software.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user705699
Consultor Senior TI y Seguridad de Datos at a tech services company
Consultant
The deployment was straightforward, the provisioning, too. In general, it's not complicated to work with this solution.

What is most valuable?

Session Recording: This feature is very useful and powerful. This application is very easy, fast, and trustworthy!

How has it helped my organization?

This product allows the administrator of users control of the vault of passwords, in the sense that is known who are the privileged users and who has the power to close the session for security issues.

The answer for the requirements of the users is faster and stable. The Session Recording function in audits is accurate and functional.

What needs improvement?

The integration with AS/400 Endpoint via Transparent Login could be better and useful for some users.

For how long have I used the solution?

Almost one year.

What do I think about the stability of the solution?

Not yet.

What do I think about the scalability of the solution?

Not yet.

How are customer service and technical support?

Good.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

The deployment was straightforward, and the provisioning, too. In general, it's not complicated to work with this solution.

What's my experience with pricing, setup cost, and licensing?

They can request a trial, and if the results are positive, make a PoC.

Which other solutions did I evaluate?

We are a partner of CA. The tests were only executed for this product (CA PAM).

What other advice do I have?

Try the product.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Anton Purba
IT Security Consultant at a tech services company with 51-200 employees
Consultant
Some of the valuable features include session management and one step installation

What is most valuable?

  • Session Management (Session Control and Recording)
  • Very good in reliability
  • Deployment Model: Available in both hardware and software appliance with one step installation only

How has it helped my organization?

Not applicable. I’m distributor of this product, not an end user.

What needs improvement?

Live session

GUI command keystroke and filtering

Session limitation

Live Session is a common feature now on PAM technology. By having this feature, an Administrator can monitor on live session about a privileged user activity, same like what we saw in CCTV. CA should add this feature on their PAM product, then they can compete with competitors.

Command keystroke and filtering on GUI session is needed to record and filter which commands allowed or not allowed privileged user work on GUI sessions, i.e., RDP Windows. By having this feature an Administrator can prevent dangerous commands when a privileged user on an RDP Session and open PowerShell or Windows Command or Database Engine CLI (MySQL, Oracle, etc.)

Session limitation is a very critical feature that cannot be addressed by CA PAM. By having this feature, only one username can allowed to login to the PAM dashboard at the same time and prevent another person to login using the same username (sharing password/username).

For how long have I used the solution?

I have used this solution for two years.

What do I think about the stability of the solution?

There were no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

I would give technical support a rating of four out of five.

Which solution did I use previously and why did I switch?

We did not use a solution before this one.

How was the initial setup?

The initial setup was straightforward and very easy to setup.

What's my experience with pricing, setup cost, and licensing?

There is a combination of user and target devices pricing/licensing. There is no point to charge on target device pricing for 1000+ target devices. I would suggest charging for user percentages.

What other advice do I have?

I’m very satisfied with the product.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are distributor of this product.
it_user651831
Cloud SME
Vendor
The most valuable features are session manager, access manager, and credential manager. They don't offer multi-tenancy.

What is most valuable?

When you look at the whole PAM itself, session manager is very important. It records what happens. Access manager and credential manager are very important as well. Those are the key things. Session manager, access manager, and credential manager.

How has it helped my organization?

On the access management side, our system administrators, under privileged management, don't have to use their local tools to log on to the production servers.

They basically will log on, but they need access controls. They log on to a web interface, so that they will have access to the servers. From there, they can make the sessions.

What I'm saying is that on 443, with an extra cell connection, you log on to a web server and that web server will basically initiate the sessions from the web server to the production server. At that point, my session is secure because all that is happening inside that subnet or inside that network. All my end user is seeing is training the HTML-file interface.

That makes the access more secure. Even on the session side, the sessions are really between the production servers and the IA PAM. The sessions are not between the endpoint and the production server. So that makes it more secure by using a PAM.

What needs improvement?

When we look at CA PAM, the multi-tenant deployment is definitely an improvement that we want to see. They don't offer multi-tenancy.

If I have an enterprise, or if I am an MSP and I would like use an instantiation of CA PAM for multiple tenants, I can't do that.

I have to deploy a CA PAM for each tenant, which basically increases the cost and the management side of it. That's a very essential thing.

CyberArk does the multi-tenancy, but CA PAM doesn't have this.

For how long have I used the solution?

We have used it for two years.

What do I think about the stability of the solution?

Stability-wise, there were no issues. It met our SLAs. For the most part, it's really stable. There were no significant outages or issues with the stability of the product. We didn't have any of that experience with the solution.

What do I think about the scalability of the solution?

There were some scalability issues. Along with access manager, there's something called a credential manager. The way the CA PAM solution is designed, a credential manager is local to each of these boxes.

If you want to scale to multiple data centers and multiple end points, the credential manager is not centralized anymore. We need to have a way to synchronize that. That seems to be one of the biggest issues of scalability.

It has AD integration, but the way they do it is an issue, because it's not scalable. For every active directory identity, it basically creates a local user. It defeats the whole purpose of using a single identity store. That's not a scalable solution to manage identities itself. That's a big issue.

We did submit an enhancement request to CA on multi-tenancy and the active directory implementation, and we don't think they have released any updates. That's a big issue with this product.

How are customer service and technical support?

I would give tech support a rating of 7/10. They're not the best, because the product was acquired from a small company. Just updating the portal with the knowledge base and the support took a long time. We had a bad experience with that.

Once they got all the stuff integrated into the CA support structure, the responsiveness was there, but the relevant information of the tech staff to solve the problem was not there.

Which solution did I use previously and why did I switch?

There were no previous solutions. CA PAM is the new evolution of Privileged Management. We haven't used a PAM solution in the past, and this was our first generation PAM that we used. We didn't move from an existing solution.

How was the initial setup?

Once you have a network, then the reach-out is added. They have something called Outer Discovery, which discovers all the accounts and all the servers’ end points and groups.

I'm not going to say it's very easy, but on the flipside, I'm not going to say it's terribly hard to do it.

The reason it was not easy, was that the end points of the system administrators that have access to PAM needed a version of Java and some Java libraries on the end point.

With logged-on systems in the DOD space, or with the federal space, it's really tough to get those versions installed. The federal government, the central IT, update the Java versions and we don't have control over that. Every time we have an upgrade, it breaks the accessibility of the software.

Even though they say it's a web based tool, they still need a Java version that is compatible and libraries have to be on your client to do it. The Java competence has been a nightmare.

The product installation by itself is fairly easy, but the accessibility is very difficult.

We did reach out to CA and submitted a ticket with them, saying, "Okay, you need to get out of this Java thing, and then have something like HTML-file-based access, so that we don't have to have any of these Java things."

They said, "Great," but nothing has happened so far.

Which other solutions did I evaluate?

We did evaluate other solutions.

  • We did a market research of Xceedium, before CA bought Xceedium Xsuite
  • CyberArk
  • Dell had a tool to do privileged identity management
  • There's another company also, that starts with Cyber, but I don't remember the name

We evaluated these solutions, and Xceedium, which is now CA PAM, stood out.

What other advice do I have?

If you are going for a multi-tenant deployment as an MSP, I would work with CA to see when that feature will be available.

If the local end points are logged down with the Java versions, I would really tell them to pull out the HTML-file-based solution. The accessibility of this tool from the desktops is very, very difficult. Those are two big things for a use case.

I would recommend them to make sure they validate that these things are rolled out and then use it. Other than those two issues, everything else is good.

Asking me to rate the solution is a tough question, because the market research came out well. It stood out. The usability was good.

The accessibility and other issues were big blockers for our customer:

  • The local accounts with AD integration
  • Multi-tenant deployment
  • Java installation on the local machines

Those three elements were the biggest blockers. I would have rated it higher, but because of those three blockers, I'll had to rate it lower. They were very significant blockers for our project when we used it, and we were always putting out fires to do that.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user621030
User at a tech vendor with 10,001+ employees
Vendor
This product is for privileged access for a jump server using a PIV card.

What is most valuable?

The product is for privileged access for a jump server using a PIV card.

How has it helped my organization?

So far, with the functionality of what we had, there has not been much improvement at this point of time. I am not able to comment at this time.

What needs improvement?

I think it works just enough because it is a mandate from the customer to have the privileged access for the administrators to manage the servers using the PIV cards. We haven't used it long enough to comment on areas for improvement.

We clearly know what the functionality is that we need from the product. I think this has been accomplished by the functionality that exists in the PAM of Xceedium.

For how long have I used the solution?

We have been using this solution for six months.

What do I think about the stability of the solution?

We don't use it that often and it is only for admin users. So far, there have been no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

I would give technical support a rating of 10/10. It's a matter of a learning curve for my administrators. When they requested support, they were quick to respond. It's not really a problem. It's basically a lack of awareness of the product. It was quickly resolved talking to the technical support people.

Which solution did I use previously and why did I switch?

There was not a previous solution.

How was the initial setup?

We did not have any team members who were trained in Xceedium. For the setup, we got directions from the manual that was provided by the reseller.

We then went to Xceedium, which is now CA. They helped us if we had any issues from the technical point of it.

I would rate the setup as 80/20: 80% being simple and the remaining 20% needed some help from the technical folks at CA.

Which other solutions did I evaluate?

We did not evaluate different products. There was no choice for us. We didn't have a choice to evaluate other solutions because they mandated the use of this product.

What other advice do I have?

I think it's a good solution for anybody who is looking for a single sign-on implementation for administration of the servers.

It's a straightforward solution. It has been in the federal space for quite some time. It has been part of our TRM.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user616500
Security Engineer
Vendor
Some of the valuable features are transparent login and cluster synchronization. There are a lot of gaps in the documentation.

What is most valuable?

Transparent login and cluster synchronization. This is quite stable compared with other products. It is easy to manage for the administrator.

How has it helped my organization?

After the CA acquisition of Xceedium, I was able to see a lot of improvement in technical support.

What needs improvement?

There are a lot of gaps in the documentation. The documentation has to improve like anything else. There are a lot of things which are not covered in the documentation, and there are a few things which are covered in the documentation, but are not clear.

To mention the features which are not covered and which are not clear would require a separate document. Here are some examples:

  • Authentication methods: PAM does support a few authentication mechanisms to login to PAM. But the documentation does not have the details of how to integrate TACACS+ in PAM. The documentation explains it at a very high level.
  • Application Connectors: PAM does support different application connectors. But for CISCO devices, the details are not clear.
  • Roles and Privileges: There are almost 200 privileges in Credential Management. There is not a document which has the details for the privileges and their functionality.
  • Segregation of Duties: There is not a document for PAM roles. For example, if the user has “Standard User” as a role, he cannot have “Approver Role” from CM. It is a limitation in PAM. This limitation might be due to security or operational functionality. But it should be documented if it is limitation of PAM.

For how long have I used the solution?

We have been using this solution for two and a half years.

What do I think about the stability of the solution?

I faced stability issues in the past, but I have not faced any stability issues lately.

What do I think about the scalability of the solution?

I have not faced any scalability issues.

How are customer service and technical support?

I would give technical support a rating of 6/10.

Which solution did I use previously and why did I switch?

We did not use a previous solution.

How was the initial setup?

The setup was straightforward.

What's my experience with pricing, setup cost, and licensing?

There are currently other tools on the market which are much cheaper than PAM. They can do almost all of what PAM does, and even do it better. CA can think of reducing the pricing for PAM.

Which other solutions did I evaluate?

We did not evaluate other solutions.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user624780
Director, Managed Services - Analytics & Data Solutions at a tech services company with 51-200 employees
Consultant
We set a rule once, and it can be applied when we add new clients into our cloud environment.

What is most valuable?

  • Consolidates access to all the systems
  • Easy to deploy/virtual
  • Records access for troubleshooting issues

How has it helped my organization?

One example of how it has improved the way my organization functions is that before, we had to deal with the firewall rules between domains to control access. With CA PAM, we simply set the rule once, which can be applied when we add new clients into our cloud environment.

What needs improvement?

They need to improve how it scales. We end up adding new “appliances” to scale for large or complex environments.

I run a multi-tenant cloud environment so I cover multiple domains and environments. So, as we grow our customer base by adding more systems, new customers or have different security zones for new applications/systems for customers, we end up having to add more appliances….we can only scale the virtual resources so much before we start hitting the performance thresholds on the appliance and the thresholds we have set with a customer.

By segregating and/or adding new appliances we even out the load and still maintain the performance we want with our customers. Obviously, I am talking about customers that have a higher access than some other companies.

For how long have I used the solution?

I have used this solution for roughly a year.

What do I think about the stability of the solution?

At the beginning, we did have some stability issues, i.e., until we understood the product, and then the process was better.

What do I think about the scalability of the solution?

There were scalability issues. The architecture forces us to add systems - similar to a Cisco model.

How are customer service and technical support?

The technical support is above average.

Which solution did I use previously and why did I switch?

I have used different systems in the past with other companies that I worked for, so I have been able to compare several of these. CA PAM is the least expensive option than most and is easy to deploy.

How was the initial setup?

The initial setup/configuration was easy. It was more troublesome in finessing the rule sets/processes that needs to be used, which isn’t a product issue but an internal walkthrough of how we wanted the access to be controlled and in what manner.

What's my experience with pricing, setup cost, and licensing?

Negotiate well but more importantly, design your architecture and understand what you will need as you scale (build building blocks).

Which other solutions did I evaluate?

We also evaluated One Identity, Centrify and Microsoft PIM.

What other advice do I have?

Make sure you fully vet out what is needed for the complete process, and understand what you need up front for the initial set and what will be added at what trigger points.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a CA MSP Partner.
it_user621822
User
Vendor
Monitoring privileged users’ actions is valuable because of the possible impact of an insider breach incident.

What is most valuable?

Monitoring privileged users’ actions is valuable because of the high level of trust and wide-ranging access insiders typically enjoy. The impact of an insider breach incident can be quite high.

How has it helped my organization?

  • Integrates your management

What needs improvement?

Customers want simultaneous monitoring of users’ actions, so a manager can block the session immediately in case of a user violation.

For how long have I used the solution?

I have used it for six years.

What do I think about the stability of the solution?

We had some issues with the load balancing feature when configured for clustering.

What do I think about the scalability of the solution?

We have not encountered any scalability issues.

How are customer service and technical support?

Technical support is average.

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

How was the initial setup?

Initial setup was simple because of the rule-based configuration.

What's my experience with pricing, setup cost, and licensing?

Reduce the price by subdividing the license bundle.

Which other solutions did I evaluate?

Before choosing this product, we did not evaluate other options.

What other advice do I have?

It is the best solution for managing privileged users.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user613575
Sr. Security Analyst at a retailer with 1,001-5,000 employees
Vendor
We have had the same core team supporting us over the years and they work with us through any issues.

What is most valuable?

  • High availability/stability
  • Flexibility
  • Security
  • Excellent support

We need a solution that is very reliable for our users. We need something that has the ability to handle requests for network ports and various configurations. Security is one of the highest priorities and part of that is tracking/auditing. Xceedium/CA PAM support has been excellent and that is one of the main reasons we have stuck with this solution. We have had the same core team supporting us over the years and they work with us through any issues.

How has it helped my organization?

Centralized firewall rules (through the appliances) make it easier for users to access our secure environments from a variety of locations and devices. The release of the CA PAM Client eliminated the Java vulnerabilities and support issues with browser access.

What needs improvement?

The areas of this product with room for improvement are mostly small annoyances like search fields that you cannot type a query and hit Enter (have to tab or click the button).

For how long have I used the solution?

I have used it for about eight years.

What do I think about the stability of the solution?

We have encountered stability issues at various software and hardware versions, but we worked with the support team to quickly stabilize our environment.

What do I think about the scalability of the solution?

We have not encountered any scalability issues; we have plenty of capacity for our environment usage. We only added appliances for new data centers and redundancy.

How are customer service and technical support?

Technical support is excellent. They respond quickly and work with us to find solutions; easy web access to open and update tickets.

Which solution did I use previously and why did I switch?

We started with the Xceedium solution to protect remote access to our secure environments.

How was the initial setup?

Setup was straightforward once we linked to Active Directory and had our network firewall group access completed.

What's my experience with pricing, setup cost, and licensing?

Licensing is by device and/or user depending on your functionality. We only use the Session Management, so it is by devices.

Which other solutions did I evaluate?

We looked at a few other solutions over the years but nothing was better than what we had. We are looking to the future to see if any new solutions might be as good or better and cheaper. Licensing costs do add up as we are adding more servers in our secure networks.

What other advice do I have?

Get enough appliances for redundancy so if you lose one due to hardware or software issues, there is no impact to users. We use a VIP that directs all users to whichever appliance is available.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user589527
IT Infrastructure Manager at a tech services company
Consultant
Individual administrators have access to end points without needing to know passwords. We have had many complications during the implementation.

What is most valuable?

The most important feature is that we do not need to know the passwords any more; just having access to the end point; and that it’s easy to manage users and the account.

How has it helped my organization?

Since we implemented CA PAM in our company, we don't need to pass the passwords to every individual administrator. He just logs in using his own credentials and then searches for the end point he wants to access and that's it. We approve their access and they're ready to administer the end point. This is good because we don't need to change passwords every time one of our colleagues leaves the company.

What needs improvement?

There are many improvements needed. We are always searching for new features and new ways to improve the solution, because I'm just the local administrator. I have a support company which implements the solution. We are always constantly trying to improve new features to upgrade the solution, to understand more ways to facilitate our databases.

For how long have I used the solution?

We are going on the third year. We have had many complications during the implementation.

What do I think about the stability of the solution?

The current release that we are using is much faster than the old ones we were trying. We had several problems with performance and crashes, screens that wouldn’t load up. The final release we are using is much better and more stable.

What do I think about the scalability of the solution?

Now, it is scalable.

How are customer service and technical support?

I would give technical support a 2.5/5. I'm not sure if this is a problem with my local support or CA support, but when we opened a case, it took several days to get a response. It cost me time to get a reply. They'd come back to us to understand what is going on or what was necessary to give support. Between me opening the case and my local support trying to understand what we want; then, they don't know how to solve it and go to CA support and try to understand again; that takes a long time.

Which solution did I use previously and why did I switch?

This is the only one. We got this implementation by bid, so we couldn't choose any company. It was the lowest price and a quicker time to implement.

How was the initial setup?

The first setup was complex. The implementation, to me, was very bad.

Which other solutions did I evaluate?

We did a proof of concept with another solution.

What other advice do I have?

When they came for the proof of concept, we only had access to the system itself. I couldn't try to understand the complexity of implementation or support or all the features that the solution would have to offer. I just saw the main features.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user595743
Cloud Solutions Architecture Manager at a tech services company with 501-1,000 employees
Consultant
The automated authentication is valuable. The demonstration and consideration portion does not work the best.

What is most valuable?

I have found the automated authentication to be most valuable.

How has it helped my organization?

We do not have to authenticate users due to automatic authentication, so this allows us to be much more secure.

What needs improvement?

The demonstration and consideration portion does not work the best. It's not that intuitive. To define how it should work and what systems should be involved, requires extensive training to understand how to configure the setup. It is not immediately obvious to do this.

For how long have I used the solution?

I have used it for about a year.

What was my experience with deployment of the solution?

I did not encounter any deployment issues.

What do I think about the stability of the solution?

I did not encounter any stability issues.

What do I think about the scalability of the solution?

I did not encounter any scalability issues.

How are customer service and technical support?

We actually haven't had to use technical support, yet.

Which solution did I use previously and why did I switch?

We have not used a different solution. We started with CA PAM.

How was the initial setup?

The initial setup was complex. The system itself was easy to install, but the configurations were highly complicated.

Which other solutions did I evaluate?

Other options were evaluated but I was not involved in that.

What other advice do I have?

Get as much training as possible.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user599001
Co Founder & Chief Operating Officer at a tech services company with 51-200 employees
Consultant
Passwords don't float around unchanged anymore. We can scale by just dropping in another appliance.

What is most valuable?

The most valuable feature is the general concept of securing privileged passwords. Having worked in IT for a long time, I know how privileged passwords can float around. They pass from person to person and don’t get changed when they should be changed, such as when someone key who knows them leaves the organization. So, I appreciate the value of locking all that down.

How has it helped my organization?

Being able to have a centralized place to store the most critical username/password combinations that you have. These are the ones that access your key systems. PAM prevents some of the breaches that we've seen recently where one of those privileged accounts can lead to access to confidential information or financials can really paralyze an entire organization. Breaches can potentially smear organizations in the media when their names get out there in that light. So the whole concept of locking that down is very important.

What needs improvement?

The product itself is solid. I haven't really seen any deficiencies. It’s more just getting the message out about why it's so important. That's what our organization is trying to do. We're also a reseller. We are trying to convince companies that they need this type of technology. Publishing more use cases would be helpful just to help to convince companies why they need a product like this.

For how long have I used the solution?

We don't actually use this solution ourselves. We implement the solution for people who buy it. I’ve been doing it for about a year. I haven't used it personally, but I know how it works.

What do I think about the stability of the solution?

It's very self-contained as a product. Being appliance-based, it's easy to implement. It's stable. No complaints there.

What do I think about the scalability of the solution?

It is very scalable. I know it's used in large organizations like banks and healthcare organizations. It's just a matter of swapping in. I recall on one of the enablement calls that I attended, they had a very defined set of parameters where if you reached a certain threshold, you would then swap in another PAM appliance.

How is customer service and technical support?

I've actually never called in to their technical support, so I really can't say.

What's my experience with pricing, setup cost, and licensing?

I don't really know much on the pricing side. I'm more on the technical side. We do have an instructor that teaches the PAM enablement classes, and he's a big fan of the course materials. He thinks that they're very valuable and well worth the cost of attending a class. So attend the public CA courses on PAM, because they're very good.

What other advice do I have?

I would say definitely get professionals that can help out. My company is in this space, and this is what we do for a living, so I don't think that it's a product that you want to go and try to implement on your own. Getting professional experience on your side for two or three weeks, or whatever it takes, to deploy the solution is well worth the investment.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: We are a reseller.
it_user572856
Security Engineer at EarthLink
Video Review
Real User
In addition to helping with security, it also helps with how we audit which credentials are being used

What is most valuable?

With CA PAM, it's mainly the vaulting of credentials that we're looking for, and then after that, probably the bastion functionality where we force all of our administrators through that to get to the servers. We'll also do session recording of both RDP and the SSH sessions through it.

How has it helped my organization?

It definitely helps with security. It also helps with how we audit which credentials are being used. When somebody actually logs in to CA PAM, they have to go in through second factor authentication. Once they're logged in, whatever credentials they check out, we get to see that and our auditors get to see that. It helps out in that way.

What needs improvement?

A better discovery interface of accounts.

It does do discovery of accounts for Windows servers, and you could do UNIX servers as well, but it's kind of clunky how it does it.

What do I think about the stability of the solution?

It's a very stable solution, but we also built it to be highly available and redundant as well. We built it out where we have four appliances in one single cluster across two data centers.

What do I think about the scalability of the solution?

It's pretty scalable from what we can see. We have four appliances in a single cluster across two data centers, and we can actually even grow that if we wanted to.

How are customer service and technical support?

I haven't had to call in any cases yet, but we've been working with the CA services team to help us implement the solution. They've been really really good.

Which solution did I use previously and why did I switch?

Over time security has been becoming more prevalent, mainly because of the number of attacks out there. We found that just by looking at our whole portfolio of solutions that we already had in place, there were definitely some small gaps and areas that we needed to fill. PAM was one of the solutions that we found to help us with vaulting credentials, rapidly changing credentials.

Beforehand, for administrators to change certain credentials, they would have to go in and there would be change control processes that they had to go through. The vaulting automates a lot of that for us.

How was the initial setup?

When we set up CA PAM, it's a OVA. It's an appliance, a virtual appliance, that we just needed to throw in VMware, spin it up, and there it is. From there it was just connecting in other things like our storage, our time server, and whatever else. Very very simple to set up.

Which other solutions did I evaluate?

For us, we mainly wanted a solution that worked in the scenarios that we were looking for.

We've demoed numerous products. After even just watching the demos we weeded some out. Then we actually brought a few in-house that we liked, and we did proof of concepts. We found out that some products just didn't work the way we wanted them to in our environment.

The reason we chose CA PAM is it worked in the scenarios that we wanted it to, and it just worked without problems.

What other advice do I have?

Rating: I would say probably a seven or an eight. As I said, the interface is not the easiest to navigate and it doesn't really have the discovery piece or fully baked discovery. Overall, the solution works and there's just multiple ways of doing things. You don't have to use the whole GUI interface to get your stuff in. There's ways of importing our credentials and what not through Excel spreadsheets and what not. It's really easy how the import/export mechanism works.

I would definitely tell them [peers] to do an in-house proof of concept of the solution to make sure that solution works for their environment.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user558579
IT Infrastructure Director at a construction company with 1,001-5,000 employees
Vendor
Session recording enhances the ability to regulate and control privileged access accounts.

What is most valuable?

CA PAM has session recording, which is a very valuable feature. Overall, it is generally easy to use. It's a relatively simple product to setup and configure. You're not looking at tons of Professional Services hours to get it running.

How has it helped my organization?

Its primary benefits are the ability to regulate and control privileged access accounts, and their usage. Say for instance, that you have an administrator account for your Oracle EBS system: you obviously don't want your system administrators all sharing a single account. If you do find yourself in a situation where you only have one administrator account, you can setup Privileged Access Manager to track which administrators are using that single administrator account. That is very useful.

What needs improvement?

They actually just announced adding features that I would have liked included in the release that we're using. These new features all revolve around reporting and analytics. The basic reporting that comes with it is basic. They are not broad enough or deep enough. Apparently, with the latest release that was announced yesterday, there's a new analytics piece to it that really expands on its reporting capabilities.

Some of the key analytics that I would like to see are consolidated dashboard views with information about any privileged access usage that is out of the norm from a security perspective. That is now included in this new module; but I don’t think that this module is part of the Base Privileged Access Manager

Also, the licensing model, with cost as you scale with the number of users and recordable sessions. If it was cheaper, I would give it a perfect ranking.

What do I think about the stability of the solution?

I have had no stability issues whatsoever with it.

What do I think about the scalability of the solution?

We have a relatively small implementation, but from what we've seen so far, it would scale pretty well.

How are customer service and technical support?

We’ve used a little bit of technical support. It was really just a couple of questions here and there, and the support has been very good so far.

Which solution did I use previously and why did I switch?

We did not have a solution in place.

How was the initial setup?

Initial setup is pretty straightforward.

Which other solutions did I evaluate?

My organization had a push to increase our security posture this year. One of the areas we're looking at concentrating on is the use and control of privileged accounts. We obviously looked at the feature functionality set; then cost, then ease of use with a proof of concept demo.

We considered Thycotic Secret Server and we looked at a ManageEngine product. Ultimately, it came down to a choice between the Thycotic product and CA's PAM.

What other advice do I have?

The only advice that I would give is to also consider some of the new pure Cloud-based offerings that are out. They weren't necessarily strong enough for us to consider when we were looking.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558024
Director Of Information Security at a insurance company with 1,001-5,000 employees
Vendor
We can separate the management of accounts with and without elevated privileges. It integrates with our identity management system.

What is most valuable?

So far the best value is the centralized management of all administrative accounts. Before PAM, domain administrators, Unix administrators with root access, end-users with elevated desktop privileges, and so on, were managed by those individual groups themselves. Now we have a way to separate the management of accounts with and without elevated privileges. This provides better control over who can see what information, and who can perform which actions.

So all the different roles (such as database admin, Unix admin, network administrator), are now centralized into one system. Users are authenticated with a single sign-on to access only what is appropriate for their role. It also enables us to take a generic role, like an administrator, and grant certain access rights to that role. Then you can apply the generic role, but go inside and make it granular. That isn't available in the product off the shelf, like in Microsoft or Red Hat.

It also integrates with our identity management system in which the roles and responsibilities are defined. Syncing the two systems is very helpful as well.

How has it helped my organization?

It is very helpful with passing audits. It’s one thing to say you have a control; it’s another to show your control. This is very easy to show. It also simplifies the security team's role in that we aren't chasing as many accounts with elevated privileges. We have a central place to go look for them.

A secondary feature is that it tracks normal behavior, and then sends notifications about anything out of the norm. An example of that is: a network administrator would add accounts on a regular basis at a rate of 10 a day; if 50 were to show up in one day, it would automatically flag it and say, "Something's not right, take a look."

What needs improvement?

I would like to see better integration with Security Incident Management solutions, a SIM, like a Splunk.

The integration with IBM’s Guardian is useful, but it is not a specific plug-in or API. It is just log information; so a little more detail would be useful there.

What do I think about the stability of the solution?

So far, so good. It is new. We haven’t had any issues yet.

What do I think about the scalability of the solution?

So far, so good. It is new. We haven’t had any issues yet.

How are customer service and technical support?

Technical support been good too. We had professional services onsite with us, so that made things easy. We have transitioned away from that, but so far things have been fine. We haven't had any major issues.

Which solution did I use previously and why did I switch?

We were not using anything else previously.

How was the initial setup?

It was a little bit of both. There's some internal politics, and the internal infrastructures, as well as bringing in a new product,; but overall it was fine.

There was lack of knowledge from my team; and then learning from the other team, as well as the professional services team learning our infrastructure and its intricacies.

How do you get a change control approved so we could do something quickly?

Which other solutions did I evaluate?

We went with it because of internal customer needs, the regulatory and audit requirements, ease of installation, and auditor funding.

What other advice do I have?

I would say do your research. We did, and that's why I said there weren't any real competitors. There always; but in this space, I don't think so – not today.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user479766
CIO/Management Consultant at a tech company with 51-200 employees
Vendor
Privileged users see only those systems and access methods to which they’re expressly allowed access.

What is most valuable?

The CA PAM’s ability to seamlessly integrate and provide a demarcation between users and systems is the most attractive aspect. It:

  • Enables all control to start with Xsuite’s Deny All, Permit by Exception (DAPE) approach to limit privilege access controls.
  • Enables all privileged users to see only those systems and access methods to which they’re expressly allowed access. Privileged users include Vendor Integration and Partners.
  • Enables and verifies all system policies, providing an additional level of control by selectively filtering commands issued.
  • Enables unauthorized commands to be blocked, with optional user warnings and policy violation alerts to security teams and logs.
  • Enables sessions of users attempting to violate policies to be terminated, or accounts deactivated; enterprise policy control.
  • Enables “leapfrogging” prevention, which allows one system to be used as a launch point for additional attacks / lateral movement.
  • Enables full stack and system integration.
  • Enables service integration with all systems using APIs or application to application.

These features greatly assist us and our clients in protecting their data privacy.

How has it helped my organization?

In retrospect, we and our clients have seen a reduction in service-related issues for application server and mainframe environments, a reduction in the provisioning lifecycle and requirements for systems such as mainframes, and a substantial increase in security flow and protection.

What needs improvement?

I believe continued expansion of integration to multiple systems including SSO and SAML technologies will provide a more-expansive, enterprise view of access orchestration, which will in turn strengthen the security of the environment.

For how long have I used the solution?

I have been involved with this product for three years, both using and implementing for client architectures.

What do I think about the stability of the solution?

I have not encountered any issues with stability.

What do I think about the scalability of the solution?

I have not encountered any issues with scalability; this is a true enterprise expandable product for mid-market and beyond.

How are customer service and technical support?

In my experience with the CA PAM, their support apparatus has improved immensely over the past 12 months and continues to improve based on client feedback. Indications from my clients are that CA Technologies actually listens to their concerns and takes action.

Which solution did I use previously and why did I switch?

Being in the technology sector for many years, we did not initially use products such as the CA PAM. We relied on common architecture, such as Microsoft and Oracle. As the need for more segregation of duties became prevalent, we looked to enhance our security with privileged access management. The feedback from most clients surrounding PAM is it provides a segregated extension of access control framework to enable better protection of customer privacy/data.

How was the initial setup?

The initial setup is not complex. The design and integration can become complex without the proper solution architecture and understanding the impacts changes in technology place on a companies operational process and employee behavioral management. These topics became more complex to manage and establish than the product itself.

What's my experience with pricing, setup cost, and licensing?

Product pricing and licensing is related to short-term or long-term business planning. In many cases, this solution should be looked at as a long-term solution. Therefore, considering the long-term savings in perpetual vs annual licensing is paramount to a progressive architecture. Therefore, I believe it is in the interest of the business to make these decisions prior to OEM engagement; they need to be vetted and defined as a value to the company at large.

Which other solutions did I evaluate?

No other options were evaluated because this PAM has made substantial gains in system integration, which outweigh industry choices.

What other advice do I have?

I am a proponent of the product in many ways but most importantly, I believe a solid, well-thought-out strategy and solid architectural plan for the future needs to be the priority, not buying a product to fit the unknown.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: My company is a CA Technologies OEM partner.
it_user526257
Senior Solutions Architect, at a tech services company with 10,001+ employees
Consultant
It can wrap system connectivity information into its internal Java-based shell. Online Help is not detailed enough.

What is most valuable?

  • Ease of use.
  • The way in which it can learn about the connectivity to systems, e.g., VMware vCenter Console; it can wrap that into its internal Java-based shell. Therefore, one does not need a terminal server solution.
  • The non-Java based client.
  • Two integration options with AD using SAML and the AD GC ports.
  • The API explorer.

This system comes with a built in Java client which handles the connectivity to remote systems, e.g. the VMware vCenter Console Web Interface.

When you add the system to the CA PAM, you can put the connection into “learn mode” where you map out where the username and the password and submit fields are. You can then configure the system in PAM with the relevant credentials and then based on the information it “learned” about where the username and password and submit fields are and what needs to go where, it presents you with a vCenter Web Interface and logs you onto vCenter automatically based on your PAM permissions. This vCenter Web Console is effectively proxied via this Java Client that CA PAM has available and happens through the PAM system – the end user does not make a direct connection to vCenter.

In other PAM solutions that we tested, one had to setup a Microsoft Remote Desktop Server (TS) and publish the vCenter Web Interface and integrate that published app with the PAM solution so that when a user wants to access the particular vCenter server, PAM initiates the Remote Desktop Server published app – inserts the credentials – to provide you with access to vCenter.

When integrating with Active Directory for authentication purposes – most vendors support LDAP. For larger AD environments, the LDAP integration supports the Microsoft MSFT ports (3268 & 3269) that allows one to look for nested group memberships across multiple child domains. Another way to integrate with AD is to use SAML.

We were able to use both methods with the CA PAM solution. With another vendor we tested, they did not support SAML.

How has it helped my organization?

We only did an evaluation of the product, but we do feel that it will improve our security and governance posture and shave time off our engineers having to connect to systems managed by the PAM solution. It also gives us the accountability we are looking for.

What needs improvement?

  • Reporting is very limited.
  • Online Help is not detailed enough.
  • Canned reports provided results for all targets and cannot simply be run for a particular customer when used in a service provider environment; one has to create some custom filtering.
  • Multi-tenancy (reporting, AD users, customer devices, customer credentials).
  • Interface and routing configuration (no individual routing tables per interface, cannot see routing table).
  • Network connectivity to multiple networks where these networks might have overlapping IP address spaces.
  • Session recording not included by default without an additional license.
  • Session recording mount point is often disconnected after a system restart.
  • Additional configuration required for multi-domain AD forests in order to find groups in child domains and to expand their membership.

For how long have I used the solution?

We used it over a period of about 2-3 months, up to slightly less than two months ago as part of our proof of concept tests.

What do I think about the stability of the solution?

I have not encountered any stability issues; it is very stable.

What do I think about the scalability of the solution?

I have not encountered any scalability issues; it scaled easily.

How are customer service and technical support?

Technical support is very good.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was straightforward, but we had some problems initially understanding what needed to be done to get an end device under management and how to set up the networking.

What's my experience with pricing, setup cost, and licensing?

  • Take note that Session Recording is not included by default.
  • One would likely also have to invest in other infrastructure in a service provider environment when wanting to use the same solution for multiple clients to allow for the necessary networking.
  • Additional costs that need to be catered for:
    • Storage space, NAS or SAN for session recording data.
    • A Terminal Server and CALs for more-complex end devices, e.g., Cisco UCS – the client needs to be run from a Terminal Server as a published application by the PAM solution

Which other solutions did I evaluate?

We ran a PoC with CA and BeyondTrust at the same time.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user351294
Technical Director at a tech services company with 51-200 employees
Consultant
It adds another layer of security from the basic OS security of Linux and Windows, although the rule management portion and reporting is very weak on its own.

Valuable Features:

It consists of three components that work well together: access controls, SIEM, and password recording capabilities.

Improvements to My Organization:

The access control component is solid. It adds another layer of security from the basic OS security of Linux and Windows. A lot of customers use it. The segregation is difficult to achieve as different OS's require different skill sets, but in terms of admin, it’s the same cost, and that’s a key benefit.

Room for Improvement:

The rule management portion and reporting is very weak on its own. Also, the login part and visibility are not user friendly, as is management of the policies. Moreover, I can't easily generate the metrics. Once the rules increase, if you can’t cross-reference it becomes a challenge.

Deployment Issues:

With any deployment, you may have overkill, so it’s up to the business to get balance with rules.

Stability Issues:

It’s been in the market a long time, so thankfully it is stable.

Scalability Issues:

Scalability is not an issue because of the architecture. The management piece just manages policies, so you can still go the system and are not handicapped.

Initial Setup:

The initial set up is very straightforward. The complexity is not so much of a problem, but that’s up to the organization.

Other Solutions Considered:

There are not many players in this arena so there aren't many choices. IBM has a solution, but I don’t think they push it.

Other Advice:

Definitely you have to go for a tested solution. This solution doesn’t have bugs, but you should follow CA’s messaging that it’s always good to deploy in small chunks. Applications have problems, and sometimes it’s a process. You just have to expand over time.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Privileged Access Management (PAM) Report and find out what your peers are saying about Broadcom, CyberArk, BeyondTrust, and more!