We are working with CyberArk solutions such as PAM on-premises. We are working with CyberArk Privileged Access Manager, including AIM, PSM, and PSMP components.
Privileged Access Management
CyberArkExternal reviews
External reviews are not included in the AWS star rating for the product.
Secures critical infrastructures with essential user session audit records
What is our primary use case?
How has it helped my organization?
The ability of CyberArk Privileged Access Manager to safeguard financial service infrastructure is important; without it, banking and financial clients cannot secure their operations. Despite various attacks affecting other companies, CyberArk's implementations ensured that we remained unaffected.
CyberArk Privileged Access Manager has been helpful in managing over 125,000 privileged accounts in a single environment for our client, and we have multiple CyberArk environments for different clients with different numbers of accounts. CyberArk Privileged Access Manager is excellent at helping companies meet regulatory requirements due to its ability to cater to the specific needs of clients across different countries, ensuring compliance without data transfer issues.
What is most valuable?
CyberArk Privileged Access Manager provides security and video recording of user sessions for audit purposes. This feature is critical in financial sectors where auditing who performed specific actions is essential. Having video records adds a layer of proof and ensures compliance with audit requirements.
The key feature of CyberArk Privileged Access Manager is that it's a comprehensive package rather than just dependent on components such as Vault or Privileged Session Manager. Each component is necessary, and the Vault is the heart of CyberArk; everything connects via PSM and PSMP. I particularly appreciate PSM and PSMP because they simplify troubleshooting and charging.
What needs improvement?
A potential area for improvement is enhancing support for cluster environments and distributed Vaults. Clients in multiple countries that need central access have different challenges that require better solutions from CyberArk.
For financial services, CyberArk can improve incident response by ensuring fast support for critical priority tickets to meet compliance requirements. Providing more documentation on CyberArk is recommended for new team members to enhance their troubleshooting capabilities. I understand it's up to the client, but 99% fail to change the demo key, so it's crucial for CyberArk to emphasize changing the key and documenting it as part of the installation process.
For how long have I used the solution?
I have been working with CyberArk Privileged Access Manager for more than nine years.
What do I think about the stability of the solution?
For stability, I would rate CyberArk Privileged Access Manager a nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of CyberArk Privileged Access Manager as a nine.
How are customer service and support?
Regarding technical support from CyberArk, while L2 and L3 teams are effective, L1 support requires improvement due to longer response times in critical situations. Coordination with higher support levels sometimes takes longer than expected, which should be addressed.
How would you rate customer service and support?
Positive
How was the initial setup?
After implementing CyberArk Privileged Access Manager, it typically takes about four to five months for a company to realize time to value, assuming they have a strong implementation team and infrastructure in place.
What about the implementation team?
Integrating CyberArk Privileged Access Manager is very simple due to the provided connectors for Windows and UNIX, as well as plugins for databases. Custom integrations may take longer, around one month, due to development requirements.
What's my experience with pricing, setup cost, and licensing?
Regarding costs, CyberArk Privileged Access Manager is not a cheap product; hence, many companies struggle with its high licensing cost. While it's valuable, it comes with a high price tag, making it hard for every company to afford it.
Which other solutions did I evaluate?
After comparing with other products, I find that no other product currently matches CyberArk's performance; the performance issues in alternative solutions make them less desirable. While there are competitors, I cannot definitively name one that compares with CyberArk Privileged Access Manager.
What other advice do I have?
The requirements for CyberArk, particularly in India, have evolved significantly since the company acquired several businesses in 2014. Every organization needs an identity and access management (IAM) and privileged access management (PAM) solution. CyberArk stands out as the leading product in this category. While there are other protocols available in the market, CyberArk is known for its security, reliability, and user-friendly access.
In my experience working with multiple companies and clients using CyberArk, I have not encountered any cases of breaches or malicious activity associated with the platform. This track record provides a strong sense of security and assurance regarding CyberArk’s capabilities. Although the privileged access management solution can be costly, it offers extensive security features, including multi-factor authentication (MFA). Overall, CyberArk is an excellent product for organizations seeking robust security solutions.
Regarding granularity of PAM controls in CyberArk Privileged Access Manager, it means having centralized control in the Vault. Standalone CyberArk Vaults perform best compared to cluster systems, which present challenges during maintenance or network connectivity issues.
Overall, I would rate CyberArk Privileged Access Manager a nine out of ten.
Which deployment model are you using for this solution?
Granular control provides compliance and automates credential security
What is our primary use case?
Mainly, I use the CyberArk Privileged Access Manager for securely storing and managing the credentials, and its main features include the Password Vault and automatic password rotation.
What is most valuable?
The granularity of the controls in the CyberArk Privileged Access Manager is good; they have provided compliance which is required, helping us in auditing and reducing the risk of insider misuse of credential theft while also saving time for the IT guys with automating password rotations.
It's a valuable tool. The main function is securing data from theft and saving all the passwords in the same place, as the whole organization's main API endpoints are stored here.
The feature I appreciate the most about the CyberArk Privileged Access Manager is the secure data, which acts as a centralized store where credentials are securely stored.
What needs improvement?
The interface of the CyberArk Privileged Access Manager could be smoother, and the GUI could be more user-friendly and modern.
For how long have I used the solution?
I have been using the CyberArk Privileged Access Manager for one year.
What do I think about the stability of the solution?
I have not really seen any lagging, crashing, or downtime with the stability of the CyberArk Privileged Access Manager.
How are customer service and support?
I have contacted their technical support and customer support a couple of times, and the quality and speed are good. The service is great.
How would you rate customer service and support?
How was the initial setup?
When I first started using the CyberArk Privileged Access Manager, it was easy to learn how to use it. It's a simple and straightforward tool. It took me approximately three days to fully learn how to use the CyberArk Privileged Access Manager, which is less than a week.
Which other solutions did I evaluate?
I have not tried using any alternatives to the CyberArk Privileged Access Manager.
What other advice do I have?
On a scale from 1 to 10, I would rate the CyberArk Privileged Access Manager overall as 9.5.
Protects financial infrastructure with credential security and audits while continuously recording sessions
What is our primary use case?
We use CyberArk Privileged Access Manager for least privilege and accountability purposes, while we also utilize the EPM solution for endpoint protection. Additionally, PTA is one of the most important tools from CyberArk Privileged Access Manager, which we use on a real-time protection basis. CyberArk Privileged Access Manager effectively prevents attacks on the financial service infrastructure, as we protect against lateral movement, credential stuffing, and since no passwords are available because they are rotated through CyberArk Privileged Access Manager, we can isolate every session and record all activity while monitoring in real-time.
What is most valuable?
The ability of CyberArk Privileged Access Manager to safeguard the financial services infrastructure by protecting credentials is extremely important, as every activity in a financial organization needs to be recorded for accountability in auditing. Therefore, CyberArk Privileged Access Manager is a crucial tool, and we utilize credential rotation as 85% of successful attacks in the last 10 years have been initiated through credential theft. Monitoring, recording, and credential rotating activities are crucial because if CyberArk Privileged Access Manager goes out of service, the total environment would collapse due to the lack of passwords for respective servers.
What needs improvement?
While I cannot suggest major changes, I did encounter a vulnerability concerning RADIUS blasts, which was recently mitigated by CyberArk Privileged Access Manager in their latest version, indicating an area for improvement in vulnerability assessments. Improvements in vulnerability assessment are essential. A notable request I have regarding CyberArk Privileged Access Manager is to address the issues of database corruption identified in cluster environments experienced by multiple clients.
For how long have I used the solution?
From 2021 to now, I have been working on CyberArk Privileged Access Manager.
What do I think about the stability of the solution?
I have not experienced any stability issues with CyberArk Privileged Access Manager.
What do I think about the scalability of the solution?
It is easy to scale.
How are customer service and support?
In terms of technical support, CyberArk Privileged Access Manager has provided excellent support without any doubt. Based on the issue resolution and support quality, I rate the support 10 out of 10.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Before using CyberArk Privileged Access Manager, I did not evaluate any other PAM tools.
How was the initial setup?
Setting up CyberArk Privileged Access Manager is not complex, especially if you properly follow the recommendations from CyberArk.
What about the implementation team?
I handled the deployment myself.
What was our ROI?
CyberArk Privileged Access Manager has been very effective in helping my company meet compliance and regulatory requirements. Implementing CyberArk Privileged Access Manager saved time on compliance requirements in finance, typically around one hour.
What's my experience with pricing, setup cost, and licensing?
There has been no reduced cost associated with CyberArk Privileged Access Manager, as when it is required, you must pay for their licensing and prepare the full environment. While there are costs for the licensing of CyberArk Privileged Access Manager, it definitely provides value when I need any accountability or session recording.
What other advice do I have?
CyberArk Privileged Access Manager is one of the most important components from CyberArk, along with EPM (Endpoint Privilege Manager) and PTA (Privileged Threat Analytics tool). I recommend anyone considering CyberArk Privileged Access Manager to view it as a friendly environment, as it stands out among the other PAM solutions I have encountered. CyberArk Privileged Access Manager is highly recommended for its user-friendly nature. I rate CyberArk Privileged Access Manager a ten out of ten.
Which deployment model are you using for this solution?
Privilege Access Managed Environment Vulnerabilities
One of the best tools for PAM and functionality it has to integrate with multiple critical platforms gives us one of key controls
Challenges in Operations
Privileged access management achieves full control with comprehensive features
What is our primary use case?
For CyberArk Privileged Access Manager, use cases are providing just-in-time privileged access. The most simple use case is hosting all privileged credentials in a secure manner and managing and controlling access to those credentials. Therefore, controlling access to privileged endpoints is the usual thing that will be done with PAM.
What is most valuable?
CyberArk Privileged Access Manager has several valuable features. The basic feature is privileged access management with all the processes and procedures that are needed. It has all the relevant features required to provide a PAM project or PAM program. It does everything that is needed. A tangible benefit is that we already have full control of privileged access. We have just started and have onboarded all privileged accounts into the system.
What needs improvement?
I have noticed areas of CyberArk Privileged Access Manager that could be improved or enhanced in integration with automation tools. It's not quite the same in the cloud, the Privilege Cloud version. The on-premises version allows users to do absolutely everything. When they took it to the cloud, they started cutting things out. The other issue with CyberArk is that they are marketing their new product, SIA, which is based on Privilege Cloud. Users still need to have Privilege Cloud to achieve the same level of functionality as the on-premises version.
We are still early in the roadmap and haven't progressed far enough to identify additional needs. When organizations reach the end of their maturity roadmap, they can better identify specific tool requirements that aren't currently available.
For how long have I used the solution?
We have been deploying CyberArk Privileged Access Manager for two years now and counting.
How are customer service and support?
The evaluation of customer service and technical support for CyberArk Privileged Access Manager depends on several factors. When receiving support directly from CyberArk, they are the most knowledgeable, though they don't always have immediate solutions as they might need to create them, which can take considerable time. For instance, the Ansible integration for the cloud version has been requested for years.
When working with CyberArk partners for support, it's crucial to ensure they have actual knowledge and aren't just acting as middlemen. There have been instances where third parties are hired to provide first and second line support, but they simply forward requests to CyberArk without adding value to the process.
How would you rate customer service and support?
What about the implementation team?
We used a deployment partner recommended by CyberArk for the deployment and maintenance process. One crucial step that should be done first is creating an inventory of how privileged access is currently handled and where it is needed. Without this inventory, you might deploy CyberArk and realize it doesn't work with your existing architecture or infrastructure.
Our implementation team consisted of approximately 15 people, including architects, engineers, application owners, network specialists, Windows and Linux administrators, database administrators, and cloud specialists. While maintenance requires fewer people, input from all these stakeholders is crucial for successful implementation as they each have different requirements.
Most importantly, this needs to be a management-driven initiative with a top-down approach. Management must establish new working methods, as the biggest barrier to acceptance is typically resistance to changes in working procedures.
For ongoing operations, the staffing requirements depend on the company's operations. Typically, 24/7 coverage requires at least three people per shift in a follow-the-sun model. This accounts for first and second line support only, with additional staff needed for server maintenance, totaling around nine people.
What other advice do I have?
The primary problem addressed by implementing CyberArk Privileged Access Manager is the lack of control over privileged access - where it happens, how it occurs, and what is done with that access. When attempting to attack an enterprise, attackers target the highest-privilege credentials available. Therefore, protecting the most critical credentials within your organization is essential.
For those planning to deploy CyberArk Privileged Access Manager, it's crucial to understand that it's a multi-year program. It's not just about deploying the tool; it needs policies and governance around it. Additionally, infrastructure modifications are necessary to ensure PAM is the only way to provide privileged access to endpoints.
It's a great product that does everything required from a PAM tool. I would rate CyberArk Privileged Access Manager as a nine out of ten.
Implementing robust access security and monitoring for user sessions
What is our primary use case?
My main use case for CyberArk Privileged Access Manager is installing it to prevent direct access to the users. For the privileged account, we are using the PAM, and all sessions have been monitored, with all logs shared and logged on the vault.
I have more to add about my main use case for CyberArk Privileged Access Manager, specifically our Privileged Threat Analysis, which detects any suspicious event and alarms us.
What is most valuable?
The best features CyberArk Privileged Access Manager offers are PTA, Privileged Threat Analysis, and Alero, Remote Access Management, and these features are essential for enhancing security.
PTA and Alero have made a difference for my team by providing a predefined rule assigned and implemented on the PAM; for example, it sends us an email if there is any suspicious activity or threat credential loss, offering feedback related to user behavior. For Alero, Remote Access Management, it is a very wonderful Identity and Access Management with biometric MFA, mobile access, location tracking, and a small RBAC role-based matrix access that defines user roles, serving as a replacement for VPN.
CyberArk Privileged Access Manager has positively impacted my organization, showing significant improvement since all sessions are monitored and isolated using isolated RDP sessions, which are created temporarily and expire if not used.
In terms of specific metrics or outcomes, the time savings have been noticeable, and while it is not direct access, the PAM works efficiently between servers and end users, preventing users from running or installing unauthorized applications through the AppLocker application created on the PSM.
What needs improvement?
CyberArk Privileged Access Manager can be improved because I have experienced one issue where a user connected through RDP to a Linux server and the PAM could not fetch any commands or key store logging from the Linux server, which works fine on Windows servers. If they could combine both into one keylogger solution, it would be great, and increasing the number of CPM plugins for password retention while providing common web portal applications out-of-the-box would also help.
For how long have I used the solution?
I have been using CyberArk Privileged Access Manager for more than five years.
What do I think about the stability of the solution?
CyberArk Privileged Access Manager is stable in my experience, with no issues of downtime or reliability due to our disaster recovery (DR) and high availability (HA) servers in place.
What do I think about the scalability of the solution?
CyberArk Privileged Access Manager's scalability is good, as it can handle more users or workloads with our five-year roadmap indicating that the PSM server can manage around 20 sessions per hour, which is sufficient for our organization.
How are customer service and support?
I would rate customer support a nine on a scale.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously used BeyondTrust and Delinea, but I did not switch because I noticed many features in CyberArk that are not available in other solutions.
Which other solutions did I evaluate?
I did not evaluate other options before choosing CyberArk Privileged Access Manager, as I had good experience with another live product.
What other advice do I have?
My advice for others looking to use CyberArk Privileged Access Manager is to pay attention to the vaulting part, which is essential for every organization, as each server has a secured vault that connects over TLS with a lot of encryption details. The product is consistently enhanced, and the latest release is 14.6. I rate this solution 9 out of 10.
Which deployment model are you using for this solution?
Provides secure access and visibility, and it's highly configurable
What is our primary use case?
The use cases for CyberArk Privileged Access Manager include access to Windows, Windows servers, Linux servers, firewalls, clouds, GCP, AWS, and Azure, but I do not administer the clouds. I only administer CyberArk.
How has it helped my organization?
CyberArk Privileged Access Manager helps us maintain an inventory of our privileged credentials and manage password rotation easily for our organization. It provides a secure way to access and monitor.
CyberArk Privileged Access Manager has positively impacted visibility into the PAM accounts. It has a very good dashboard that provides visibility into our accounts and password information.
CyberArk Privileged Access Manager's abilities to safeguard the infrastructure are important, as protecting credentials provides us with security and visibility.
CyberArk Privileged Access Manager is effective for preventing attacks and threats. It's very effective since it connects to a SIEM, such as Splunk and ArcSight. The functionality called PTA, Privileged Threat Analytics, is very good.
CyberArk Privileged Access Manager integrates well with other products.
CyberArk Privileged Access Manager improves operations because it's all centralized. When you have CyberArk to gain access to the admin console and other applications, it's the easiest way to configure your firewall rule because everything comes from CyberArk.
What is most valuable?
It's user-friendly and very configurable. We can do many things with it, especially with password management. It's easy to manage, and the controls are straightforward. It's a specialized solution for which it's hard to find professionals to work with, but it's very effective.
It's a very good solution for data privacy.
What needs improvement?
The reports could be more editable. I want to be able to edit a dashboard to see other information or graphics. Making the reports more editable would be beneficial.
For how long have I used the solution?
I've been using this solution for at least five years.
How are customer service and support?
I would evaluate the customer service and technical support of CyberArk Privileged Access Manager as very good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I worked with Senhasegura, which is a Brazilian application for password security. We switched to CyberArk Privileged Access Manager because it is recommended for larger environments.
How was the initial setup?
The initial setup is easy. I was involved in the setup process and was part of it.
It takes six months for the full implementation in a big company.
What about the implementation team?
The deployment team consisted of approximately 10 people. While I don't know the exact job titles, a manager and at least two engineers on the CyberArk team were required.
What was our ROI?
CyberArk Privileged Access Manager has helped our organization save on costs. CyberArk Privileged Access Manager is expensive, but it helps protect us from losing money.
Its benefits are visible immediately after the deployment, but in Brazil, people generally implement CyberArk Privileged Access Manager after an incident.
What's my experience with pricing, setup cost, and licensing?
It's not a cheap application. It's very expensive.
What other advice do I have?
Don't wait to be attacked or lose your data. Protect your credentials, even if you use other security tools.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Cyberark
Robust PAM for Enterprise
There are few I liked,
Session recording and live monitoring
Audit logs for any activity done within the PAM session and by PAM administrator.
Integration with SIEM
UBA is also presented
And there are more I could say as dislike points,
1. Not be able to use their administration PAM IOS or android app
2. PAM password automation often causing issue with switches
3. Integration with jumpcloud password automation has major risk and challenges
4. VPN less security open nee risk to organisation
1. Centralising all privilege credentials within untouchable vault
2. Manual credential managements
3. Session monitoring on limited visibility privileged accounts
4. Compliance and gaps
Role management and session recording increase operational efficiency
What is our primary use case?
With CyberArk Privileged Access Manager, the main idea is to control third parties of the organizations. A lot of banks usually work with integrators abroad, and they want to control those connections from the third party to their infrastructure, including the ability for the CISO or security officer to watch online the session of technical support provided by the integrator. That was the most common use case.
Another use case is to control IT personnel, where the information security team manages what actions they perform at higher privilege levels in the infrastructure. So, those two use cases are the most common.
What is most valuable?
The most valuable features in CyberArk Privileged Access Manager are session recording, role management, and access control division. Different groups can use all the abilities of the administrative role, and customers can divide their teams into auditors, administrators, and CISOs.
The storage of passwords is also brilliant. Everything is stored in a highly protected area, allowing customers to use a single sign-on approach to connect to infrastructure servers necessary for their daily activities.
The impact of CyberArk Privileged Access Manager on customer operational efficiency is quite positive. While we cannot provide exact figures, the effectiveness is apparent, though we lack specific data.
Assessing CyberArk Privileged Access Manager's ability to prevent attacks on financial services infrastructure is quite complicated, as customers usually do not share information about attacks or prevention. During POCs, before selling the solution, we run common attack simulations that typically occur in the financial sector, such as lateral movement. We have tested various attack scenarios in testing mode where CyberArk is installed, and we have shown to our customers that CyberArk successfully mitigates those attempts.
CyberArk Privileged Access Manager has helped reduce the number of privileged accounts to a minimum over the years. When we start working with CyberArk in customer infrastructure, the first thing we do is run the Discovery feature, which shows all the administrative accounts in different information systems. The next step involves addressing accounts that are unnecessary or could be used for malicious activities, so reducing administrative accounts is typically the second or third step after integrating the system.
CyberArk Privileged Access Manager indeed helps meet compliance and regulatory requirements for customers, especially in the financial sector, by aligning with PCI DSS standards. Consequently, customers are very satisfied when auditors evaluate their compliance. When assessing CyberArk Privileged Access Manager for ensuring data privacy, the focus mainly lies on password management. I have not encountered customers using the storage solutions for anything other than passwords, making it challenging to discuss broader data privacy. The primary data customers prefer to store consists solely of passwords.
What needs improvement?
Areas of CyberArk Privileged Access Manager that can be improved include offering clearer configuration options. Due to its advanced and complex nature, sometimes it is not obvious where to find specific parameters for configuration. Enhancements, such as video tutorials within the product, would be beneficial, as the text documentation is often insufficient.
It would be very useful to have predefined configuration wizards. For instance, if templates are available for third-party support teams, it would allow users to click through the configuration process with checkboxes, significantly simplifying the setup.
For how long have I used the solution?
I have been working with CyberArk Privileged Access Manager for eight years, with technical hands-on experience for three years.
I became a project manager of the projects for implementation, education, and technical support of CyberArk. In terms of technical experience, it was three years, and for the management of CyberArk projects in general, it has been about five years.
What do I think about the scalability of the solution?
CyberArk Privileged Access Manager is easy to scale and accommodates various infrastructure models. Any component, including licenses, can be duplicated and scaled across hybrid infrastructures, such as when a customer uses both on-prem and cloud solutions.
How are customer service and support?
My impression of their technical support team is that it is very bad. The support team's response time is quick, however, the resolution process takes too long.
This inefficiency leads us to maintain a highly trained and experienced internal team, which is costly yet necessary since the vendor support response time is often inadequate.
How would you rate customer service and support?
Positive
How was the initial setup?
The typical deployment process for CyberArk Privileged Access Manager starts with ensuring organizational prerequisites are met. We begin by sending prerequisites required for the environment, and the customer provides feedback that the environment is ready.
After we establish remote connection capabilities, we initiate the installation process following the agreed scope of work. This process includes integrating with Active Directories, second-factor authorization services, and email systems.
Next, we configure role-based access control, set up reporting, and automate email notifications for predefined activities.
Finally, we utilize a Threat Intelligence system to establish a baseline of regular behavior for administrative users.
What was our ROI?
Regarding measurable benefits after deploying CyberArk Privileged Access Manager, customers often ask about return on investment. One measurable benefit is the reduction of engineering resources in the IT staff since they do not need as many administrators to manage numerous services.
Additionally, they reduce the number of personnel in the information security team, as fewer controllers or auditors are needed to oversee the activities of IT staff. These benefits can certainly be measured.
CyberArk Privileged Access Manager has helped customers save on costs primarily by reducing the number of engineering and information security personnel. This includes salaries and bonuses; although they do not fire these individuals, they reallocate them to other activities.
What other advice do I have?
If a colleague believes they do not need a Privileged Access Management tool since they are already using other security tools, I might explain the core idea of PAM solutions. The main purpose of a PAM solution is to prevent malicious activities involving administrative accounts. Hackers need to exploit these accounts to cause harm, and according to a recent Gartner report, approximately 80% of all attacks are directed through administrative accounts. This is why PAM solutions, including CyberArk, must be implemented to effectively manage and monitor those administrative accounts.
On a scale of one to ten, I rate CyberArk Privileged Access Manager an eight out of ten.