In my organization, we are using CyberArk Privileged Access Manager to enhance the security of an organization's critical systems, mainly by securing privileged accounts (e.g. administrator passwords, SSH keys, and API tokens).

We are also using Cyber-Ark for access control by ensuring that only authorized personnel can access privileged accounts and sensitive systems.

very important for us is also Session Recording and Monitoring. We can record and monitor privileged user sessions in real time for auditing purposes.

CyberArk Privileged Access Manager significantly improved our organization's security. Mainly, it has enhanced our ability to secure privileged accounts. Centralized management of identities ensures that credentials are stored securely. Also, the automated rotation of passwords reduces the risk of leaks.

The session recording feature adds great value and helps with auditing administrative activities.

CyberArk PAM can be easily automated, which saves a lot of time and administrative effort.

For our organization, the most valuable features of CyberArk PAM are:

• Credential Management. The automation of the retrieval and injection of credentials into sessions, and automation of password rotation.
• Session Recording. It gives us the possibility to record privileged user sessions for auditing and compliance purposes.
• Ease of integration. CyberArk can by integrated with multiple systems and applications.
• The possibility of using Multi Factor Authentication (MFA) which increases security
• Reporting module. This allows us to generate reports based on session activity

Cost management. There should be more models and licensing plans for this software. They should also be flexible, allowing you to purchase selected features at a favorable price.

User Experience. The current interface is OK, however, sometimes it is not very intuitive. There is also no possibility of advanced modification and adaptation to your own needs and requirements.

Performance. The performance of the application could be a bit better, especially in the case of remote sessions - delays in remote sessions can be annoying.

I've used the solution for about five years.

Within our organization, our security requirements, which are set by our customers, require CIS compliance. Those requirements mandated securing privileged passwords with encryption, both in transit and at rest. CyberArk PAM was selected as our solution, and CyberArk's Professional Services team conducted the initial installation and implementation.

Three years later, I was tasked with implementing the product more fully, integrating more of the out-of-the-box privileged password change management automation features of the product within our environment.

The out-of-the-box functionality, Windows OS Privileged local account password change management, was the first automation feature implemented, and by itself, the automation reduced the man-hour requirement for quarterly local privileged password change management enough to provide a complete ROI on the initial licensing investment.

Continued implementation of more of the out-of-the-box PAM functionality continues to produce man-hour savings, which frees up our security operations group to have more time to monitor, investigate, and resolve potential security issues on the network.

Our implementation is air-gapped from the outside world, and as such, we utilize a completely on-prem solution. Our highest risk is from privileged insiders, and CyberArk's answer to this challenge was the implementation of a Privileged Session Manager (PSM). With PSM, we were able to secure, control, and more importantly, monitor privileged access to highly critical network servers by using PSM to manage accounts and create detailed session audits and video recordings of all IT administrator privileged sessions on our most critical servers. The established sessions on the target systems are fully isolated and the privileged account credentials are never exposed to the end-users or their client applications and devices.

CyberArk PAM is a very broad product as everyone's requirements for implementation are different. In our particular case, the initial implementation was planned and developed by people who didn't know our specific network requirements, so the initial implementation needed to be tweaked over time. While this is normal, at the time all these "major" changes required CyberArk professional services to come in-plant and "assist" with the changes.

Over time, the CyberArk product team has made this process simpler and has enabled more local administrator configuration and update functionality, which doesn't require sub-contracts.

Our program has been using CyberArk since 2014, although it was not fully implementated until I took it over in 2017.

The product is very stable, limited only by the Windows Operating System is it built upon.

This product seems to be scalable to any size. Providing vault cluster services, distributed vaults, and DR vault implementations, the product is truly ready for global implementation.

Tier One customer service is not as responsive or as knowledgeable as I would like, however, once your service request is sent to a Tier Two support engineer, the knowledge and experience level increases dramatically.

In addition, within the CyberArk support environment, Technical forums are available in which other customers are very willing to share their experience, and offer possible solutions to non-critical issues.

This was an initial implementation to meet the regulatory requirements of a federal customer.

In our specific case, the initial setup and configuration were very complex, which was a result of the initial design being developed by our internal engineers and CyberArk professional services, neither of which had the "tribal knowledge" of how the network functioned, or how the processes of network engineering and security had been implemented.

The initial implementation was a joint project with CyberArk Professional Services and our internal Systems Engineers. The Professional Services engineers were very knowledgeable regarding the implementation of their products.

Our program realized the total ROI after the implementation of policy-based automated password change management, which resulted in a significant reduction in man-hours required to conduct password change management (PCM) on a multitude of network elements.

For licensing on a localized on-prem installation, the CorePAS licensing model enables the most critical component products within the PAM stack, enabling multiple layers of security which can take a while to implement.

At the time of the initial implementation (2013-2014), after looking at the field of available products, CyberArk PAM was significantly more mature than the other available products. For that reason, CyberArk PAM was selected.

The greatest issue that I experienced with the implementation of the CyberArk PAM solution was inter-departmental politics regarding change. To resolve this, I relied on the CyberArk Customer Success team to assist with developing a strategy to get all of the stakeholders to accept the changes. Every CyberArk administrator needs to spend time learning about their customer success team since their purpose is to assist with making sure you have the knowledge you need to make sure your implementation is successful.

In a large financial institution, CyberArk Privileged Access Management (PAM) plays a pivotal role in ensuring the security and integrity of sensitive financial data. With numerous systems, applications, and databases holding critical client information and transaction data, the institution faced the challenge of managing and protecting privileged accounts effectively.

The PAM solution was seamlessly integrated into the existing IT infrastructure. It introduced granular access controls, requiring all employees to log in with standard user accounts, regardless of their role. When a privileged action is required, the PAM system enables the temporary elevation of privileges through just-in-time (JIT) access, granting access only for the necessary time frame. This reduces the window of opportunity for potential cyber threats.

CyberArk Privileged Access Management (PAM) has been a game-changer for our organization's security landscape. With PAM in place, we've experienced a significant reduction in potential security breaches. The meticulous control it offers over access rights ensures that only authorized personnel can access critical systems and sensitive information. The implementation of just-in-time access has effectively minimized our attack surface, making it incredibly challenging for unauthorized users to exploit vulnerabilities.

The most valuable features of CyberArk Privileged Access Management (PAM) are its granular access controls and just-in-time (JIT) access provisioning. These features ensure that only authorized users have elevated privileges and access to critical systems. JIT access reduces the attack surface by granting privileges only when needed, minimizing exposure to potential threats.

Additionally, robust auditing and real-time monitoring capabilities enhance security by tracking privileged activities, aiding in threat detection and compliance. PAM's ability to seamlessly integrate into existing infrastructures and streamline workflows further adds operational efficiency, making it an indispensable tool for modern cybersecurity.

CyberArk PAM could greatly benefit from an under-the-hood update; integrating machine learning algorithms could provide predictive insights.

The user interface lacks intuitiveness; revamping the UX of the web access panel through intuitive navigation, customization, contextual assistance, visual coherence, and accessibility considerations will undoubtedly result in higher user satisfaction, increased engagement, and ultimately, a more competitive offering in the market.

In addition, several tools seem to be outdated, however, you can see that CyberArk is constantly working on them.

I've used the solution since 2017.

The solution is used to provide privileged access management to our datacentre environments, for anyone with admin rights with infrastructure or applications within the datacentres. Authentication to the solution in the PVWA (Password Vault Web Access) with onward connectivity via the PSM for Windows (PSM) as well as the PSM for SSH (PSMP). These provide the session isolation, audit, and session recording capabilities that CyberArk offers. The use of Privileged Threat Analytics (PTA) adds more control functionality to the solution.

The product has allowed us to improve both the management and access to privileged credentials, while also creating a full audit trail of all activities happening within isolated sessions of all tasks and activities taking place within the solution.

This includes sessions via the solution and sessions to administer the solution itself. From a user perspective, we no longer need to try and create or remember complex passwords or have to be concerned about when they will change as the solution takes care of this and can and does populate these credentials for you so mistyping a complex password is a thing of the past.

Password management is a great feature, as all passwords are changed more frequently. This can be scheduled in line with a specific policy requirement or each time the credentials are returned to the pool for reuse and are always compliant with the password policy however long or complicated the policy states that they need to be.

Another great feature is the Privileged Threat Analytics (PTA) as this can stop a session based on prescribed risk and bring it to an end or pause it pending approval to proceed.

The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow. That said, it has been moving in the right direction with features becoming available in the v10 interface and some user features are available in both classic and v10 interfaces. I would love to see all the classic interface features moved into the v10 interface or available in both interfaces within the next version.

I've used the solution for about eight years.

The solution has been very stable.

The solution performs well, however, based on the user base may require a sizable footprint.

Support does vary depending on how critical your issue is and if it needs to be elevated to dev support.

Our previous solution was not a PAM solution and these days you can't afford to not use one.

The setup is not complicated when trained staff are used.

We handled the initial setup in-house.

Set-up costs can be minimized by controlling the number of applications that are made available within the solution. The newer licenses are per user and open up access to a suite of products, the best value, and security can be achieved by using more of the products.

We looked at other products like Delinia and Wallix.

Take advantage of the vendor's training or use a good partner to provide support and administration.

CyberArk PAM is used to secure passwords and remediate audit findings. CyberArk PAM is used to manage access to passwords, rotating these after use or on a regular basis, and verifying the passwords on the system match what is in the vault on a regular basis. Passwords are managed in this manner on both Linux and Windows servers.

CyberArk PAM ensures that passwords on Linux servers are highly secure, regularly changed, and completely auditable. This saves enormous amounts of time when responding to audits and security concerns. And the scheduled verification of passwords ensures that passwords remain available when needed and stay secure. CyberArk has become the standard tool for password management.

I find value in notifications from CyberArk when passwords fail verification and have other issues. Investigation of these issues often uncovers other issues. The way safe security is handled is outstanding and makes it easy to provide safe access to those who need it and deny safe access to those who should not have it.

Another valuable feature is the agentless architecture of the product. Using native processes to manage passwords and not having to install and update agents is a huge plus.

A more friendly and functionally complete user interface would be nice to have. The current interface is not very intuitive. It is somewhat clunky and difficult to navigate, and many times have to toggle between the somewhat underdeveloped new interface and the older classic UI. This state of basically having two interfaces is a prime opportunity for CyberArk to improve its product.

Also, it would be nice if the vaults could run on Linux instead of Windows.

I have been working with CyberArk for more than ten years in various capacities ranging from end user to safe/vault administrator to application administrator.

The solution is incredibly stable.

We have not run into any scaling issues.

CyberArk support is pretty solid.

I did not previously use a different solution.

The initial setup is more complex than simple, however, not daunting.

We worked with the vendor team who were very knowledgeable during the implementation.

The PAM product isn't low-cost, however, it is worth it. Go with a longer-term agreement to realize lower costs.

CyberArk PAM was chosen before I got involved so I am not aware of which other products were evaluated. However, we have never had to go back and review the decision to use CyberArk.

Use CyberArk professional services when needed. They are very knowledgeable and experienced which means engagements have a high success rate.

We use the solution for the full automation of tens of thousands of credentials across hundreds of different integrations. Our use case includes Windows, Linux, networks, security, storage, mainframe, and cloud (both Software as a Service and Azure platform based). In addition to the credential rotation, we use credential providers and privileged session management to greatly reduce the use of passwords in the environment. Users authenticate using MFA, Multi-Factor Authentication, and are able to access systems based on Role Bases authentication rules.

The solution has improved security posture while greatly reducing administrative burden. We leverage CyberArk to deploy applications without the use of secrets.

Applications authenticate securely to CyberArk using a combination of certificates and other extended application-identifying parameters to promote a secure DevSecOps environment.

The extensibility of CyberArk has enabled us to develop custom integrations into Microsoft Azure leveraging KeyVault to synchronize on-premise and cloud secrets in a consistent hybrid credential management architecture.

Credential rotation automation combined with privileged session management are great aspects of the solution. It enables highly complex passwords that the end user never knows or sees. We have some use cases where administrative users will log in to highly privileged systems using a one-time use secret and immediately following their administrative session the password is rotated

The ability to develop and deploy applications with no stored secrets is very valuable. This keeps code repositories free of secrets and application authentication is centrally controlled and monitored.

The greatest area of improvement is with the user interface of the Password Vault Web Access component. The latest long-term support version of CyberArk (12.x) still includes and still leverages the version 9.x UI in order to maintain some of the administrative functionality.

The performance of the 9.x UI leaves much to be desired and there are still some administrative tasks that require the use of a thick "PrivateArk" client.

Many improvements have been made over time, however, there is still work needed.

I've used the solution for eight years.

The solution has been quite stable for many years and includes the functionality for clustering the multiple site replication, both of which we leverage for a high level of uptime.

The solution is very scalable, however, with scale, there are certainly performance considerations.

Support has been a mixed bag. First-level support has been extremely time-consuming to get to an escalation resource that can help us resolve our reported issue. In all fairness, we have a very experienced staff and generally only contact support for more complex issues. There have been improvements made over the years and the commitment to improving support. Still, there is work needed in that department.

I did not previously use a different solution.

Setup depends on the complexity of the solution. A simple configuration could be up and running in a day.

Our environment is run in-house by a contract team with expertise in CyberArk. However, we do leverage the vendor for major upgrades and have used their technical account manager services in the past