We are working with CyberArk solutions such as PAM on-premises. We are working with CyberArk Privileged Access Manager, including AIM, PSM, and PSMP components.

The ability of CyberArk Privileged Access Manager to safeguard financial service infrastructure is important; without it, banking and financial clients cannot secure their operations. Despite various attacks affecting other companies, CyberArk's implementations ensured that we remained unaffected.

CyberArk Privileged Access Manager has been helpful in managing over 125,000 privileged accounts in a single environment for our client, and we have multiple CyberArk environments for different clients with different numbers of accounts. CyberArk Privileged Access Manager is excellent at helping companies meet regulatory requirements due to its ability to cater to the specific needs of clients across different countries, ensuring compliance without data transfer issues.

CyberArk Privileged Access Manager provides security and video recording of user sessions for audit purposes. This feature is critical in financial sectors where auditing who performed specific actions is essential. Having video records adds a layer of proof and ensures compliance with audit requirements.

The key feature of CyberArk Privileged Access Manager is that it's a comprehensive package rather than just dependent on components such as Vault or Privileged Session Manager. Each component is necessary, and the Vault is the heart of CyberArk; everything connects via PSM and PSMP. I particularly appreciate PSM and PSMP because they simplify troubleshooting and charging.

A potential area for improvement is enhancing support for cluster environments and distributed Vaults. Clients in multiple countries that need central access have different challenges that require better solutions from CyberArk.

For financial services, CyberArk can improve incident response by ensuring fast support for critical priority tickets to meet compliance requirements. Providing more documentation on CyberArk is recommended for new team members to enhance their troubleshooting capabilities. I understand it's up to the client, but 99% fail to change the demo key, so it's crucial for CyberArk to emphasize changing the key and documenting it as part of the installation process.

I have been working with CyberArk Privileged Access Manager for more than nine years.

For stability, I would rate CyberArk Privileged Access Manager a nine out of ten.

I would rate the scalability of CyberArk Privileged Access Manager as a nine.

Regarding technical support from CyberArk, while L2 and L3 teams are effective, L1 support requires improvement due to longer response times in critical situations. Coordination with higher support levels sometimes takes longer than expected, which should be addressed.

After implementing CyberArk Privileged Access Manager, it typically takes about four to five months for a company to realize time to value, assuming they have a strong implementation team and infrastructure in place.

Integrating CyberArk Privileged Access Manager is very simple due to the provided connectors for Windows and UNIX, as well as plugins for databases. Custom integrations may take longer, around one month, due to development requirements.

Regarding costs, CyberArk Privileged Access Manager is not a cheap product; hence, many companies struggle with its high licensing cost. While it's valuable, it comes with a high price tag, making it hard for every company to afford it.

After comparing with other products, I find that no other product currently matches CyberArk's performance; the performance issues in alternative solutions make them less desirable. While there are competitors, I cannot definitively name one that compares with CyberArk Privileged Access Manager.

The requirements for CyberArk, particularly in India, have evolved significantly since the company acquired several businesses in 2014. Every organization needs an identity and access management (IAM) and privileged access management (PAM) solution. CyberArk stands out as the leading product in this category. While there are other protocols available in the market, CyberArk is known for its security, reliability, and user-friendly access.

In my experience working with multiple companies and clients using CyberArk, I have not encountered any cases of breaches or malicious activity associated with the platform. This track record provides a strong sense of security and assurance regarding CyberArk’s capabilities. Although the privileged access management solution can be costly, it offers extensive security features, including multi-factor authentication (MFA). Overall, CyberArk is an excellent product for organizations seeking robust security solutions.

Regarding granularity of PAM controls in CyberArk Privileged Access Manager, it means having centralized control in the Vault. Standalone CyberArk Vaults perform best compared to cluster systems, which present challenges during maintenance or network connectivity issues.

Overall, I would rate CyberArk Privileged Access Manager a nine out of ten.

For CyberArk Privileged Access Manager, use cases are providing just-in-time privileged access. The most simple use case is hosting all privileged credentials in a secure manner and managing and controlling access to those credentials. Therefore, controlling access to privileged endpoints is the usual thing that will be done with PAM.

CyberArk Privileged Access Manager has several valuable features. The basic feature is privileged access management with all the processes and procedures that are needed. It has all the relevant features required to provide a PAM project or PAM program. It does everything that is needed. A tangible benefit is that we already have full control of privileged access. We have just started and have onboarded all privileged accounts into the system.

I have noticed areas of CyberArk Privileged Access Manager that could be improved or enhanced in integration with automation tools. It's not quite the same in the cloud, the Privilege Cloud version. The on-premises version allows users to do absolutely everything. When they took it to the cloud, they started cutting things out. The other issue with CyberArk is that they are marketing their new product, SIA, which is based on Privilege Cloud. Users still need to have Privilege Cloud to achieve the same level of functionality as the on-premises version.

We are still early in the roadmap and haven't progressed far enough to identify additional needs. When organizations reach the end of their maturity roadmap, they can better identify specific tool requirements that aren't currently available.

We have been deploying CyberArk Privileged Access Manager for two years now and counting.

The evaluation of customer service and technical support for CyberArk Privileged Access Manager depends on several factors. When receiving support directly from CyberArk, they are the most knowledgeable, though they don't always have immediate solutions as they might need to create them, which can take considerable time. For instance, the Ansible integration for the cloud version has been requested for years.

When working with CyberArk partners for support, it's crucial to ensure they have actual knowledge and aren't just acting as middlemen. There have been instances where third parties are hired to provide first and second line support, but they simply forward requests to CyberArk without adding value to the process.

We used a deployment partner recommended by CyberArk for the deployment and maintenance process. One crucial step that should be done first is creating an inventory of how privileged access is currently handled and where it is needed. Without this inventory, you might deploy CyberArk and realize it doesn't work with your existing architecture or infrastructure.

Our implementation team consisted of approximately 15 people, including architects, engineers, application owners, network specialists, Windows and Linux administrators, database administrators, and cloud specialists. While maintenance requires fewer people, input from all these stakeholders is crucial for successful implementation as they each have different requirements.

Most importantly, this needs to be a management-driven initiative with a top-down approach. Management must establish new working methods, as the biggest barrier to acceptance is typically resistance to changes in working procedures.

For ongoing operations, the staffing requirements depend on the company's operations. Typically, 24/7 coverage requires at least three people per shift in a follow-the-sun model. This accounts for first and second line support only, with additional staff needed for server maintenance, totaling around nine people.

The primary problem addressed by implementing CyberArk Privileged Access Manager is the lack of control over privileged access - where it happens, how it occurs, and what is done with that access. When attempting to attack an enterprise, attackers target the highest-privilege credentials available. Therefore, protecting the most critical credentials within your organization is essential.

For those planning to deploy CyberArk Privileged Access Manager, it's crucial to understand that it's a multi-year program. It's not just about deploying the tool; it needs policies and governance around it. Additionally, infrastructure modifications are necessary to ensure PAM is the only way to provide privileged access to endpoints.

It's a great product that does everything required from a PAM tool. I would rate CyberArk Privileged Access Manager as a nine out of ten.

With CyberArk Privileged Access Manager, the main idea is to control third parties of the organizations. A lot of banks usually work with integrators abroad, and they want to control those connections from the third party to their infrastructure, including the ability for the CISO or security officer to watch online the session of technical support provided by the integrator. That was the most common use case.

Another use case is to control IT personnel, where the information security team manages what actions they perform at higher privilege levels in the infrastructure. So, those two use cases are the most common.

The most valuable features in CyberArk Privileged Access Manager are session recording, role management, and access control division. Different groups can use all the abilities of the administrative role, and customers can divide their teams into auditors, administrators, and CISOs.

The storage of passwords is also brilliant. Everything is stored in a highly protected area, allowing customers to use a single sign-on approach to connect to infrastructure servers necessary for their daily activities.

The impact of CyberArk Privileged Access Manager on customer operational efficiency is quite positive. While we cannot provide exact figures, the effectiveness is apparent, though we lack specific data.

Assessing CyberArk Privileged Access Manager's ability to prevent attacks on financial services infrastructure is quite complicated, as customers usually do not share information about attacks or prevention. During POCs, before selling the solution, we run common attack simulations that typically occur in the financial sector, such as lateral movement. We have tested various attack scenarios in testing mode where CyberArk is installed, and we have shown to our customers that CyberArk successfully mitigates those attempts.

CyberArk Privileged Access Manager has helped reduce the number of privileged accounts to a minimum over the years. When we start working with CyberArk in customer infrastructure, the first thing we do is run the Discovery feature, which shows all the administrative accounts in different information systems. The next step involves addressing accounts that are unnecessary or could be used for malicious activities, so reducing administrative accounts is typically the second or third step after integrating the system.

CyberArk Privileged Access Manager indeed helps meet compliance and regulatory requirements for customers, especially in the financial sector, by aligning with PCI DSS standards. Consequently, customers are very satisfied when auditors evaluate their compliance. When assessing CyberArk Privileged Access Manager for ensuring data privacy, the focus mainly lies on password management. I have not encountered customers using the storage solutions for anything other than passwords, making it challenging to discuss broader data privacy. The primary data customers prefer to store consists solely of passwords.

Areas of CyberArk Privileged Access Manager that can be improved include offering clearer configuration options. Due to its advanced and complex nature, sometimes it is not obvious where to find specific parameters for configuration. Enhancements, such as video tutorials within the product, would be beneficial, as the text documentation is often insufficient.

It would be very useful to have predefined configuration wizards. For instance, if templates are available for third-party support teams, it would allow users to click through the configuration process with checkboxes, significantly simplifying the setup.

I have been working with CyberArk Privileged Access Manager for eight years, with technical hands-on experience for three years.

I became a project manager of the projects for implementation, education, and technical support of CyberArk. In terms of technical experience, it was three years, and for the management of CyberArk projects in general, it has been about five years.

CyberArk Privileged Access Manager is easy to scale and accommodates various infrastructure models. Any component, including licenses, can be duplicated and scaled across hybrid infrastructures, such as when a customer uses both on-prem and cloud solutions.

My impression of their technical support team is that it is very bad. The support team's response time is quick, however, the resolution process takes too long.

This inefficiency leads us to maintain a highly trained and experienced internal team, which is costly yet necessary since the vendor support response time is often inadequate.

The typical deployment process for CyberArk Privileged Access Manager starts with ensuring organizational prerequisites are met. We begin by sending prerequisites required for the environment, and the customer provides feedback that the environment is ready.

After we establish remote connection capabilities, we initiate the installation process following the agreed scope of work. This process includes integrating with Active Directories, second-factor authorization services, and email systems.

Next, we configure role-based access control, set up reporting, and automate email notifications for predefined activities.

Finally, we utilize a Threat Intelligence system to establish a baseline of regular behavior for administrative users.

Regarding measurable benefits after deploying CyberArk Privileged Access Manager, customers often ask about return on investment. One measurable benefit is the reduction of engineering resources in the IT staff since they do not need as many administrators to manage numerous services.

Additionally, they reduce the number of personnel in the information security team, as fewer controllers or auditors are needed to oversee the activities of IT staff. These benefits can certainly be measured.

CyberArk Privileged Access Manager has helped customers save on costs primarily by reducing the number of engineering and information security personnel. This includes salaries and bonuses; although they do not fire these individuals, they reallocate them to other activities.

If a colleague believes they do not need a Privileged Access Management tool since they are already using other security tools, I might explain the core idea of PAM solutions. The main purpose of a PAM solution is to prevent malicious activities involving administrative accounts. Hackers need to exploit these accounts to cause harm, and according to a recent Gartner report, approximately 80% of all attacks are directed through administrative accounts. This is why PAM solutions, including CyberArk, must be implemented to effectively manage and monitor those administrative accounts.

On a scale of one to ten, I rate CyberArk Privileged Access Manager an eight out of ten.

We use CyberArk Privileged Access Manager for all kinds of privileged accounts, comprising personal accounts, service accounts, and different database accounts. We manage the administrator account for Windows, the root account and reconcile accounts for Unix servers, and system administrator accounts in databases. Personal accounts are also managed along with some shared service accounts.

I work for a cybersecurity reseller company, which is US-based, and we provide managed services to all kinds of industries. Currently, I am working with a natural resource and a healthcare company.

Many things have improved with CyberArk Privileged Access Manager. All privileged accounts are now secured.

The password management keeps the passwords rotated, and these have different sets of policies, which keep the passwords in compliance. Compliance-wise, it is good to have a PAM solution in the organization. I believe CyberArk Privileged Access Manager is the best one available at this point in time.

The best thing about CyberArk Privileged Access Manager is that they keep on upgrading it. They continually conduct research and development from their end, and we get immediate support from CyberArk whenever OEM support is required for any task. Support-wise, they are the best, and the way they conduct research and analysis and upgrade the tool often is excellent.

They keep on improving regularly. As of now, it does not manage all of the IDM practices. It is only good as a PAM solution. If they could work more on Privileged Threat Analytics, it would be beneficial. It has limitations, so improvements on PTA would be fine.

I first used CyberArk Privileged Access Manager in 2016, and since then, I have worked on different tools as Cloakware, CA PAM, but I am now again working on CyberArk Privileged Access Manager, so it has been approximately seven years.

If implemented properly, the stability for CyberArk Privileged Access Manager is very good.

I would rate the scalability for CyberArk Privileged Access Manager as nine out of ten. It is very scalable, and you can manage more than 100,000 accounts, as I have worked in environments where we managed that volume and more.

We are partners with CyberArk Privileged Access Manager. Our clients are medium and small businesses. The number of accounts we manage in CyberArk Privileged Access Manager is approximately 10,000 in one client and 5,000 in another.

Support-wise, they are the best. I would rate the technical support for CyberArk Privileged Access Manager a nine out of ten.

I have used a very old tool called Cloakware before CyberArk Privileged Access Manager, created by CA Technologies. It later got upgraded to merge with CA Technologies, and we had a product called CA PAM, which later got improved into what we see in the market today, called BeyondTrust. Cloakware was not that organized. There were many issues with provider IDs, the interface was very old, and hardly any companies use it these days. When I was using it, I was working for a US-based bank. Comparing that with CyberArk Privileged Access Manager is impossible, as they are poles apart.

We have had cloud and on-premises deployments. Its deployment is easy. They have provided all kinds of documents. They are available in the community portal. You can get all kinds of help from the community or people using CyberArk and the OEM.

The duration of the deployment for CyberArk Privileged Access Manager completely depends on the environment. If it is a big environment, it may take up to one or two months sometimes. It depends on the collaboration of the teams. If the infra teams, the network side, and the OS side do not collaborate properly with the CyberArk team, it can take longer. However, if everything is in place and the environment is not huge, it takes less than a month, around 20 days.

The solution requires regular maintenance. You need to keep upgrading when updates are released by CyberArk Privileged Access Manager, and they do it quite often. Server patching is very important, and you need to be aware of the services running all the time. They have provided a system health feature to check if there are any component services that stop. All maintenance is required regularly, not daily but perhaps weekly, depending on the size of the environment. A good thing is that all of these can be automated. It saves a lot of time there.

We have eight specialists in one team working with CyberArk Privileged Access Manager in my MSS team. There are other teams as well that have many CyberArk specialists, though I do not have an actual count.

It saves financially, though I cannot provide specific numbers. It is vital to have a PAM tool in your organization because it protects you from all kinds of malicious attacks, both insider and outside threats.

Regarding time-saving, many things are automated on CyberArk Privileged Access Manager, which helps us save considerable time work-wise and is very efficient for users. The end users have the authority to reconcile the password or verify it before using session isolation, which is one of the unique features that can be enabled through Privileged Session Manager, preventing any attacks from happening within the organization when connected with sessions through CyberArk Privileged Access Manager.

The pricing for CyberArk Privileged Access Manager is quite expensive, and the pricing varies from region to region. In APAC, CyberArk Privileged Access Manager can be obtained for less than in North America, according to my understanding. Pricing-wise, they could improve by trying to sell their product in bulk licenses. You need to have a service provider or a reseller as the mediator company building the CyberArk Privileged Access Manager. Pricing-wise, they could definitely do a little better.

I would recommend CyberArk Privileged Access Manager to other users for all the reasons discussed. It has been number one on Gartner's quadrant for several years. Considering all those factors and being the best tool in the market for Privileged Access Management, it is recommended.

I would rate CyberArk Privileged Access Manager a nine out of ten.

I work in the cybersecurity team. We typically provide access to other end users or IT administrators through this solution. We monitor their activity on servers, provision access, and review all logs.

By implementing this solution, we wanted identity management and access management.

Over these three years, there have been a lot of improvements. User management is more efficient. The interface is user-friendly, and I can create comprehensive reports.

Session recordings and timestamps are valuable features. They allow me to specifically select the time a particular command was executed, so I do not have to review the entire recording. I can click on events to determine where and when they happened.

We are looking for improvements in user provisioning, such as access provisioning and revoking access. We still have to test these improvements in the latest version.

Updates have been somewhat difficult, resulting in challenges when moving from one version to another. The current version includes automatic updates for minor patches, which should be easy.

I have been using the solution for more than three years.

It has been stable so far, so I would rate it a nine out of ten.

Its scalability is very good. It is in the cloud, so we can just expand it. I would rate it a nine out of ten for scalability.

We haven't used customer support so far apart from implementation.

I have not used any PAM solutions apart from this one.

Its implementation was very complex. It needs different servers and setup parameters involving load balancers, certification, encryption keys. The implementation took more than a month.

It requires maintenance once in six months and has been hard previously.

It was implemented by inhouse staff with oversight from vendor.

When it comes to compliance and audits the ROI on this is very good.

Licensing is little hard as they are perpetual and can't be used from a pool of resources.

I would recommend implementing CyberArk Privileged Access Manager as it is the best so far.

I would rate CyberArk Privileged Access Manager an eight out of ten.

I use CyberArk Privileged Access Manager to manage the privileged credentials of our environment.

When I arrived at my company, CyberArk Privileged Access Manager was already deployed, so I didn't set it up myself. However, I've increasingly taken over its management during the past five and a half years. I saw its benefits almost immediately. Much of the value is tied to user adoption; as the end-user base becomes more familiar with CyberArk and embraces it, the benefits increase. Conversely, when we have users who know CyberArk exists but don't trust it, prefer their own methods, and avoid using it, its effectiveness is reduced. Ultimately, the more users embrace CyberArk, the greater the benefits I observe.

The best feature of CyberArk Privileged Access Manager is its core function: automatically managing and securing credentials. The ability to ensure compliance with both our internal and industry standards is invaluable, particularly in the current environment. While managing a couple of thousand accounts may not be a large number within the CyberArk community, it significantly simplifies our work in ensuring compliance and maintaining standards. The PSM feature is also excellent, as I've found it increasingly helpful in establishing connections without exposing passwords. Although a bit clunky when I used it a few years ago, it runs much smoother now. Overall, it's a great product, and I appreciate most of its features.

We use the privileged cloud model. However, transitioning from a traditional on-premises deployment to the privileged cloud has resulted in losing access to many logs and administrative tools typically available on the back end. For instance, we can no longer examine safes directly, delve into the vault to set permissions more granularly, diagnose port issues, or manage license allocation. These functionalities were readily accessible with our on-premises setup, but the cloud environment significantly restricts them. One highly desirable feature, for which I've seen an enhancement request already submitted, would be the implementation of more comprehensive logging around platform and policy changes, including details on the nature of the change when it occurred, and who made it. I recently encountered an instance where one of our platforms was altered without knowing when or by whom. This lack of auditability makes it impossible to understand the rationale behind the change, even though it appears relatively intuitive. Therefore, enhanced logging would be a valuable addition to our current system.

I have been using Privileged Access Manager for five and a half years.

Generally, the performance of CyberArk Privileged Access Manager is quite good, and we've experienced very few issues. Specifically regarding the PSM, the response time is typically excellent. However, some users have reported occasional timeout issues where the PSM session terminates unexpectedly. The source of this problem is unclear, as it could originate from the target server or the PSM server itself. While I encountered more issues with the PSM a couple of years ago, the response time has significantly improved recently. There are inherent challenges due to the multiple network connections involved, mainly when mapping network drives to transfer files within a PSM session. This connection can be slow, especially when enumerating folders during file system traversal, but it's likely an unavoidable consequence of the process.

Scalability is straightforward. While the initial deployment presents some challenges, deploying additional servers afterward is quite simple. The servers are robust in terms of their handling capacity. In discussions with CyberArk engineers, I learned that the expected load for the CPM and PSM was discussed. The CPM, in particular, can reportedly handle up to 50,000 accounts independently without issue. Given that we only have a couple of thousand accounts rotating, deploying an additional CPM would be a relatively easy task, achievable in less than a day. Therefore, scaling up appears to be quite feasible if necessary.

We subscribe to premium support, and it's been excellent, providing us with relatively rapid responses and overall good experiences. Previously, with regular support, the quality was inconsistent and heavily dependent on the technician assigned to our ticket. Some technicians were excellent, diving right in, carefully reading my notes, and offering helpful solutions. Others seemed to overlook the details I provided. For instance, I'd explain that I'd already consulted a specific knowledge base article and implemented the recommended solution without success, only to have the technician suggest I review that very same KB article, which I had just referenced.

I rate CyberArk Privileged Access Manager eight out of ten.

The connector servers require minimal maintenance. The only constraint is keeping the browser drivers up-to-date for web application connections, which can be more of an annoyance than a hindrance. Overall, there is not much maintenance involved for CyberArk Privileged Access Manager.

My advice for new users is to read the documentation. There's a lot of good information in there. I know it can be a bit of a drag to go through it all, but as you work, especially on the administrative side, you'll find that it contains a lot of information that can save you headaches. It would help you avoid opening tickets just by reading and following the guidelines. The documentation is pretty good, though not perfect; there are actually several errors. However, for most day-to-day activities, it's quite helpful.

The main use case is the protection of privileged accounts. We also use it for multi-factor authentication and single sign-on.

Now we feel assured that all our privileged accounts are well protected. Our admins don't know passwords and don't enter them manually. This eliminates the risk of interception and account hijacking.

First of all, CyberArk offers great flexibility. Throughout our years of experience, we haven't found any system that we couldn't connect with CyberArk. We have many web management consoles, and it's no problem to connect to them using custom connectors.

Moreover, it's a highly customizable solution. If you know how to do it, you can customize it as you want.

There is room for improvement in the pricing model. From a technical point of view, there are no issues. Support could be faster, though. We have mentioned that better support from CyberArk would be beneficial.

So, support could be faster, and pricing can be improved.

We have been using it for our needs and sharing it for over ten years. Currently, we use version 12.

It is a very stable solution. I would rate the stability a ten out of ten. If you can read the manual and avoid making mistakes, it's very stable.

It is an extremely scalable solution. I would rate the scalability a ten out of ten. In our organization, there are ten CyberArk users; they all are system administrators.

The customer service and support could be better. The response time could be better.

I would rate my experience with the initial setup a four out of ten, one being difficult and ten being easy. It's a modular system. To run CyberArk, you need to deploy several different services, set them up, and configure the interactions. It's not a solution in one box.

The initial setup is not very complex, but I would say it's not very simple, either.

We have deployed CyberArk in both environments. We have several working calls in the cloud and some parts on-premises. The initial deployment takes about two days.

Our main technical task was to reduce security risks, which we accomplished with CyberArk.

I would rate CyberArk's pricing a nine out of ten, with one being cheap and ten being expensive. It's one of the most expensive solutions in the market, but it's worth it.

I would suggest finding a qualified partner. Don't try to install and configure it on your own. Instead, seek a certified CyberArk partner. It will save a lot of time and stress.

Overall, I would rate the solution a nine out of ten. It's very good, but there are still areas for improvement, like any other product.