My use case for CyberArk Privileged Access Manager is that I work as an administrator where I can configure and integrate all those CyberArk Privileged Access Manager components such as PSM, CPM, hardening the CPMs, checking the services of the PVWA and Vaults, and making sure everything is operational. I am responsible for creating safes and managing the accounts. I onboard the accounts on the platform based on their vendor requirement.

We also provide the SIEM integration to check the logs and we are responsible for Splunk integration too, but it is not related to CyberArk Privileged Access Manager. We actually implement all those application logs to Splunk for the dashboard monitoring and the alert-based system through ITSI.

CyberArk Privileged Access Manager has improved how my organization functions as we have 24 PSM servers, four CPM servers, one primary Vault, and one DR Vault. We are in the process of upgrading from version 11.3 to 14.6 and maybe next month, we are going to update our servers.

The best features of CyberArk Privileged Access Manager include that it is normally used for securing passwords because nowadays, most of the breaches happen due to leaking passwords. So we actually manage the passwords in a secured way. In a Vault, there is end-to-end security, with seven layers of security that we are maintaining. That is called session encryption, firewalls, authentication, authorization, and auditing. At the end of the day, we are doing the file encryption. Through this, we are actually managing the passwords in a very secure way. We can explain this architecture to the vendor to convince them to come to CyberArk Privileged Access Manager.

What I appreciate about CyberArk Privileged Access Manager is that it is not only for password security; we can also manage their applications and platforms. Each and every thing, whenever a user is coming to CyberArk Privileged Access Manager or logging in to CyberArk Privileged Access Manager, end-to-end protection will be handled by CyberArk Privileged Access Manager. Whenever they connect to their target servers, each and every thing will be monitored and reviewed by CyberArk Privileged Access Manager administrators such as us. We see whatever incidents happen and whatever is going to happen. Whatever the user does from the target system, we can monitor everything through the PSM servers. We also have PTA, Privileged Threat Analysis. Whenever a user is doing unwanted things such as running unwanted scripts in their target system, the PTA incident automatically closes their target system. For example, if a user is working beyond their scope and is running some scripts, it will show that and raise an incident. We get the tickets and we can monitor it and have a call with the user. We are giving end-to-end security from the user to the platform level.

In CyberArk Privileged Access Manager, I see room for improvement as I am working in the on-premises networks, and now we are also having the cloud-based PAM. So there, everything is maintained by the CyberArk Privileged Access Manager team, and we are only maintaining the PSM servers. So it is already upgraded from the on-premises network to the cloud network. If you ask me what we can implement beyond that, I just need a few minutes to think about what new things, because it is already an end-to-end security on-premises itself. Now, when it comes to PCloud, Privileged Cloud, it is more secure than the on-premises networks because most of the things are handled using the cloud itself. So it is an already upgraded version; we do not need to implement something new. But if you think in that way, we can have a chance to implement our things.

If anything could be improved in CyberArk Privileged Access Manager, I think we could build a small agent AI in my team, we could give access to these logs—the Vault logs, PSM logs, and CPM logs. Whenever the system is going down, the AI will automatically check. If we actually implement agent AI in CyberArk Privileged Access Manager, it will check the logs, and if any errors are coming, it automatically triggers alerts and gives the solution. That is the best improvement I can think of because these days, most things are done by agent AI. So if we also implement this agent AI in CyberArk Privileged Access Manager, we can add more features.

I have been using CyberArk Privileged Access Manager for around three years. I have exactly three years of experience with CyberArk Privileged Access Manager.

I would rate the stability of CyberArk Privileged Access Manager as an eight.

I will rate the scalability of CyberArk Privileged Access Manager as a ten, indicating it is a scalable solution.

I rate the technical support for CyberArk Privileged Access Manager as the main thing in any environment. It can be a production environment such as CyberArk Privileged Access Manager or any production environment with any project. Because of technical support, we have continuous deployment and continuous monitoring. Whenever they are doing their work best, and at that time, when something is going down, they are the first point of contact to check what the issue is. After that, it will come to the developers to check that issue. So I will rate the monitoring team, the operations team, a ten.

I have used other PAM solutions, and I find that when it comes to CyberArk Privileged Access Manager, it is a company that has a long history of trust with users and vendors, which provides a more secure way of doing things for their platforms and their work. So in my opinion, CyberArk Privileged Access Manager is the best solution we can give to vendors for PAM solutions.

The time it takes to deploy CyberArk Privileged Access Manager is actually based on the architecture of their requirement, such as the number of users, accounts, and the platforms they are onboarding into CyberArk Privileged Access Manager. If it is less than ten users and four platforms, it will take one or two days. If the communication between our servers and the platforms is already good, it will normally take one to two days. If their requirement is more, such as at the platform level where they have both Windows and Linux operating systems and database operating systems and they want to segregate multiple users based on their OS, at that time we just need some time to create the SOPs and we have to proceed based on that requirement.

My team works with CyberArk Privileged Access Manager, and we have 12 members.

My thoughts on the pricing of CyberArk Privileged Access Manager depend entirely on the vendors' requirements. If they want their things to be secure, they have to spend accordingly. We have four types of pricing. Based on their requirement, we will actually propose the pricing to the vendor. If their platforms and accounts are fewer, we can go for the minimal requirement of a PAM solution. And if they want more upgraded servers in their system, we can go for the maximum pricing.

CyberArk Privileged Access Manager solution requires maintenance, and definitely, we are actually doing rotations 24/7 to make sure every system is active 24/7 so a user will not get interrupted when accessing their platforms.

My clients use CyberArk Privileged Access Manager for around 12,000 accounts.

The vendor can contact me if they have any questions or comments about my review.

I'm interested in being a reference for CyberArk Privileged Access Manager.

I definitely recommend CyberArk Privileged Access Manager to other users because it gives more security to their platforms and users to store their passwords and provides end-to-end security. If they do not want to breach their platforms, I would recommend CyberArk Privileged Access Manager 100 to 200 percent to keep it secure. My overall rating for this product is a ten.

We use CyberArk Privileged Access Manager for least privilege and accountability purposes, while we also utilize the EPM solution for endpoint protection. Additionally, PTA is one of the most important tools from CyberArk Privileged Access Manager, which we use on a real-time protection basis. CyberArk Privileged Access Manager effectively prevents attacks on the financial service infrastructure, as we protect against lateral movement, credential stuffing, and since no passwords are available because they are rotated through CyberArk Privileged Access Manager, we can isolate every session and record all activity while monitoring in real-time.

The ability of CyberArk Privileged Access Manager to safeguard the financial services infrastructure by protecting credentials is extremely important, as every activity in a financial organization needs to be recorded for accountability in auditing. Therefore, CyberArk Privileged Access Manager is a crucial tool, and we utilize credential rotation as 85% of successful attacks in the last 10 years have been initiated through credential theft. Monitoring, recording, and credential rotating activities are crucial because if CyberArk Privileged Access Manager goes out of service, the total environment would collapse due to the lack of passwords for respective servers.

While I cannot suggest major changes, I did encounter a vulnerability concerning RADIUS blasts, which was recently mitigated by CyberArk Privileged Access Manager in their latest version, indicating an area for improvement in vulnerability assessments. Improvements in vulnerability assessment are essential. A notable request I have regarding CyberArk Privileged Access Manager is to address the issues of database corruption identified in cluster environments experienced by multiple clients.

From 2021 to now, I have been working on CyberArk Privileged Access Manager.

I have not experienced any stability issues with CyberArk Privileged Access Manager.

It is easy to scale.

In terms of technical support, CyberArk Privileged Access Manager has provided excellent support without any doubt. Based on the issue resolution and support quality, I rate the support 10 out of 10.

Before using CyberArk Privileged Access Manager, I did not evaluate any other PAM tools.

Setting up CyberArk Privileged Access Manager is not complex, especially if you properly follow the recommendations from CyberArk.

I handled the deployment myself.

CyberArk Privileged Access Manager has been very effective in helping my company meet compliance and regulatory requirements. Implementing CyberArk Privileged Access Manager saved time on compliance requirements in finance, typically around one hour.

There has been no reduced cost associated with CyberArk Privileged Access Manager, as when it is required, you must pay for their licensing and prepare the full environment. While there are costs for the licensing of CyberArk Privileged Access Manager, it definitely provides value when I need any accountability or session recording.

CyberArk Privileged Access Manager is one of the most important components from CyberArk, along with EPM (Endpoint Privilege Manager) and PTA (Privileged Threat Analytics tool). I recommend anyone considering CyberArk Privileged Access Manager to view it as a friendly environment, as it stands out among the other PAM solutions I have encountered. CyberArk Privileged Access Manager is highly recommended for its user-friendly nature. I rate CyberArk Privileged Access Manager a ten out of ten.

We use CyberArk Privileged Access Manager to manage our privileged accounts because it protects against cyberattacks and prevents unnecessary or illegal access.

It provides a centralized management system, making it easier for us to enforce policies and monitor access across our organization. Additionally, we can monitor sessions and record and detect suspicious activities that are harmful to our systems and organization.

The AI capabilities, including advanced threat detection features, are very helpful for us. They reduce human effort and errors, allowing us to quickly identify and respond to threats. This solution scales up our IT environment and resolves almost every issue that poses a threat to our organization.

Pricing is a concern for me because it is not very user-friendly for startups, new users, or very small organizations. It might be better if the price was reduced. Sometimes, the maintenance cost can also be high.

I have been using CyberArk Privileged Access Manager for the last one and a half to two years.

Every application has downtime. However, it remains stable overall. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

Sometimes, when I face issues or want to understand some features, or it is difficult to identify activities in our system, I contact the support team. They are very helpful, always available, and try to resolve our issues as soon as possible.

This is the first PAM solution that I implemented in our organization.

The initial setup is not very easy, nor very difficult. It is moderate to deploy.

It does not require any maintenance from our side.

We have a team of three to five members, and they deployed it in a minimum of one week.

Its price can be reduced.

I researched some solutions and found CyberArk Privileged Access Manager to be one of the good solutions. I am very happy with the product.

I am happy with this product. If someone is looking for a PAM solution, I recommend it because it has a large developer community and good customer support. It is more stable than the others, and I am very happy with it.

Overall, I would rate it a ten out of ten.

The main use of CyberArk Privileged Access Manager is to manage identities and access for our clients. We mainly focus on use cases like managing shared accounts, automatic password rotation, and recording sessions.

Its quite difficult to track for client who has access and at what time, which activity was done with that account, especially for built-in administrator accounts and Shared accounts.

Automatic password rotation is another use case. CyberArk Privileged Access Manager has the capability to rotate automatic passwords in the defined period of time. CyberArk Privileged Access Manager is also used for recording and session monitoring .

With CyberArk DNA, we can discover the accounts and their associated dependencies and usage.

Data is secure. The passwords are stored in an encrypted format. The data privacy is very high, and it is quite challenging for someone to retrieve credentials from CyberArk Privileged Access Manager.

With Privileged Threat Analytics (PTA), which is a different component in CyberArk, you can put some additional control. For example, you have an account onboarded on CyberArk. If someone wants to access the system without using CyberArk and copying a password, which they might have stored in the notepad or their system, an alert gets triggered. There is also an additional control for ad hoc admin access if someone wants to access an admin privilege or and want to access some critical application after business hours. PTA provides more control.

It improves the overall security posture and provides more control. We have better governance. Credentials are stored in the safe vault.

It reduces the need for IT and help desk resources. There is a streamlined change process without relying on the L1 team to reset the admin account credentials. There is also better compliance and segregation of duties. We can meet the compliance requirement for retention of logs, password rotations, etc. It helps client to meet different compliance requirement / standards, such as HIPAA, SOX, ISO 27001, etc.

With no manual intervention, there is also a reduction in human errors. Based on the number of available accounts for the organization and the user entitlement, that is 300 to 400 hours.

It improves operational efficiency. With the control that we have with CyberArk Privileged Access Manager, there is a reduction in the manual effort for validation of the admin accounts. Without it, a person has to extract the accounts from the servers and revalidate them with the owners or approvers. That is quite tricky.

It can help to reduce the number of privileged accounts. For example, if the Windows team has 10 or 15 members with individual accounts. It is better to create one shared account based on their role such as L1, L2, or L3, reducing it to 2 accounts. It will reduce the number of privileged accounts in the organization as well as threats.

The main feature of CyberArk Privileged Access Manager is the ability to manage who has access to what and when, especially with shared accounts. With individual accounts, that is easy, but with shared accounts, it is quite challenging for clients.

The sessions are being monitored based on the Safe design and the ownership of a respective Safe. And its maintain individual accountability, Also check-in and check-out the passwords.

The reporting should be improved. There should be more customization. The report should show how we are going to mitigate the risk because we cannot show the system environment to each and every auditor. Some kind of custom report should be there so that we can give a clear output about the risk.

There should be improvements in the dashboard visibility within CyberArk Privileged Access Manager. It should give more visibility in a single go rather than having to compare different reports.

Furthermore, having out-of-the-box dependency discovery for accounts, such as scheduled tasks , services and application pools, would be beneficial to improve overall functionality.

I have a total of 16 years of experience, and I have been working with CyberArk for about twelve to thirteen years.

There have been no stability or performance issues as long as the design meets the requirements. It is essential to adhere to the recommendations for concurrent session capacities.

The solution is quite stable and scalable. It does not seem to have any gaps.

The technical support from CyberArk is quite impressive. They are responsive and provide detailed information when needed. I would rate them a nine out of ten because sometimes there are delays due to different reasons or misunderstandings.

I have worked in CyberArk, Delinea, CA PAM, ARCON, and BeyondTrust. I am parallelly working on other PAM tools along with CyberArk. I started to work in CyberArk PAM since version 7.1.

For on-premises, there is complexity due to the need for physical servers and cluster configuration, which might require going to data centers. However, after several deployments, it becomes less challenging. A cloud deployment would be easier.

Its integration capabilities are quite good. We are using CyberArk identity as a multifactor authentication with RADIUS. That is quite impressive because, with one dashboard, we can manage the users' identities.

In terms of the deployment strategy, we first identify the scale and then design the solution. If the number of admins is high, there will be more concurrent sessions and recordings.

It is not tough to maintain. We once had an issue because of human error, but overall, it is easy. For 8X5 support, five members should be there.

For a large-scale deployment, two to three people are sufficient.

The cost savings vary based on the organization. A larger organization will definitely have more cost savings with the reduction in the manual effort in managing the accounts in the system.

The pricing is slightly higher compared to other solutions, but it is reasonable because there are better security features. Initially, it was based on endpoints, now it is based on the number of users, which offers cost savings based on administrative accounts.

I would recommend CyberArk Privileged Access Manager. My recommendation would be to ensure that the benefits of the solution are highlighted by presales, such as risk mitigation and meeting compliance posture.

The overall rating for CyberArk Privileged Access Manager is ten out of ten.

The primary use case for CyberArk Privileged Access Manager in our organization is to ensure we move away from named identity admin access, which lacks protection such as MFA and other features offered by cloud privileged identity management solutions. Our goal was to protect anything on-prem related to Active Directory privileged access, so we chose to go with CyberArk Privileged Access Manager.

I am the cybersecurity lead in my organization. Every single year when we do the audit, one of the things that consistently comes up is how there are hashes floating around the environment. Since switching over from named admin-privileged identities to CyberArk PAM identities, like PAM accounts, there have been almost no breadcrumbs left behind. There are no hashes and that sort of thing. We hardly see any hashes floating around the environment. We have not done the audit yet, which is due next month, but I have been keeping an eye on the hashes and it is looking promising.

The session recording and monitoring capabilities are valuable. We have real-time session management ability to record, audit, and monitor any privileged user activities. That is a big deal.

Automatic credential rotation and granular access control for target resources accessed by admins add to the value.

Seamless integration with the SIEM, especially Microsoft Sentinel, is valuable.

Lastly, the platform's versatility allows for the use of different types of platforms beyond just RDP and SSH, including SQL and web applications.

There is room for improvement, particularly with Vendor PAM. We were previously using a competitor product that allowed vendors to manage their own teams. CyberArk has brought a feature called Vendor Team Manager, but it does not provide full access. It requires the vendor team leader to be onboarded as a local account instead of using their email address. Improvements could be made to onboard the vendor team leaders using their email, allowing them to manage their own team. That would greatly reduce the overhead in managing vendor team members. We have 50 to 100 vendors. Each vendor has at least 10 to 20 accounts., so we are talking about 500 to 1,000 accounts. It would be easier if we could just manage those 50 vendor team leaders rather than hundreds.

We have been using CyberArk Privileged Access Manager for six months, having started on the first of July.

Stability has been impressive. We have not experienced downtime for any reason. We did encounter one bug, but it was resolved once a patch was applied. The system is very stable and seamless. It requires minimal intervention to maintain high functionality.

When we took over as system owners of CyberArk, I thought every single time there was an update, we would have to stay up the night to do the patches and make sure it worked, but it has been very smooth and seamless. There is no friction. Everything has been taken care of at the back end, and we have not had to do anything out of hours. It has been very good.

I would rate it a ten out of ten for stability.

So far, scalability has been excellent. Initially, we deployed the architecture for 10 to 20 users, but we have onboarded 30 users while still on that mid-tier configuration. We have had no issues.

Being a mining company, we do have operations at various sites. That includes multiple sites in Australia as well as a couple of sites in Northern America. We do have multiple sites with critical infrastructure on every single site.

At the moment, we have 50 user licenses, and so far, we have onboarded 30 users. We have 20 more users and some more coming on board in the new year.

I would rate it a ten out of ten for scalability.

CyberArk's support is excellent, providing personalized assistance through a dedicated local account manager and sales engineer. Their responsiveness is impressive, even though our location is quite isolated. We receive prompt support, which often exceeds expectations.

The dedicated local account manager has been providing us with personalized assistance tailored to the unique challenges that we have as a mining organization. The sales engineer supported us with his expert technical guidance during the deployment as well. It has been amazing. Both of these guys ensured smooth implementation.

For any issues that are not important, we raise tickets for customer support, and they have been very responsive. They get us back promptly. That is something unheard of because we are a very isolated city in Australia. Ours is the most isolated city in the world. The nearest city to us is 2,400 kilometers away. For someone like us, the support has been amazing. Sometimes, with other vendors, we have to wait a couple of days to hear back from them, but CyberArk has been exceptional in coming back to us with immediate responses. Their support has been perfect. I would rate them a ten out of ten.

Previously, we used BeyondTrust. We decided to switch to CyberArk due to its superior support, scalability, adaptability, and the local presence of account managers and sales engineers, which facilitated a smooth and effective experience.

While other products in the market may offer certain features at a competitive price, they often compromise on support, scalability, and adaptability. The main thing for us was the support. CyberArk combines top-notch technical capabilities with the local human touch of the local account managers and sales engineers. That was a big thing for us because that ensured a smooth and effective experience throughout the journey, which other products lacked.

We are in the West of Australia, and all the competitors are in the East. The only way to communicate is over the phone, and we would only see them once or twice a year. Having local account managers and a sales community was a game changer. Also, considering the reputation and the gold standard for Privileged Access Manager, others cannot compete with CyberArk.

It is a fully SaaS model, but because of the way CyberArk is architected, we do have our jump servers, PSM connector servers, and Secure Infrastructure Access servers in Azure, but it is not self-hosted. It is a cloud solution.

The jump start that was offered as a part of the product licensing was a game changer. When it comes to CyberArk, the complexity is quite high. That comes with security. Security and usability do not go hand in hand, but we have had help throughout our journey. The initial setup was detailed and supported actively by CyberArk's jump-start engineer. Every question was addressed, and the deployment was well-structured.

To realize its benefits, we had to wait until the users were happy using the PAM accounts. The individual privileged identities were still being used, so it took almost three months. That was the time it took for us to onboard the PAM accounts, hand over those accounts to the users, and confirm that it was working as expected.

In terms of maintenance, I thought there was going to be a lot of maintenance because we are the system owners, but so far, it has not skipped a beat. All the updates were very smooth. We did not have to do any work installing the patches, apart from underlying Windows patches, which is the sysadmin's job. If sysadmins are able to patch them, the product is resilient enough to come back up and do its function. Any updates related to the product itself are installed in the background, and it is very transparent for the user. It has been very seamless.

CyberArk's jump-start engineer played a crucial role in our successful deployment. He helped us all the way. Even now, about six months into the journey, he is helping us out with a few bits and pieces. Having that jump-start there was a game changer.

During our quantitative analysis, we estimated potential savings of one to ten million dollars a year by using a PAM solution. A cyber breach relating to admin-privileged access could lead to a financial loss of ten million dollars. If a standard user account is breached or compromised using their credentials, they cannot escalate to our higher privilege ones or cannot move laterally within the network. That was a game-changer.

CyberArk Privileged Access Manager is perceived to be somewhat overpriced compared to similar market products. It is a little bit overvalued. It could come down a little bit for my liking. However, the industry-leading reputation and the quality of service justify the high price point to some extent.

I would highly recommend CyberArk Privileged Access Manager. It is a leader in the privileged access management space, offering robust tools to secure credentials across IT and OT environments. We are very heavy on OT environments. It has been nothing but the best.

I would rate CyberArk Privileged Access Manager a ten out of ten.

We use CyberArk to secure the last resort accounts by introducing dual control approval, ticket validation, temporary access, and regular password rotation.

It also allows us to introduce location-aware access controls with multiple sites having access to specific location-protected content.

Finally, the session management capabilities allowed us to introduce delegated accounts to secure access to all sorts of devices in an easy way, but without losing the individual traceability.

It allows us to comply with the regulator requirements allowing us to operate in the different countries and to fulfil the security and compliance requirements.

In the end, it secures all the highly privileged accounts and protects the company from internal and external threat actors.

The solution is multifaceted and includes session management, password management, temporary access, ticketing validation, API access, single sign-on integration, load balancing, and high availability principles.

The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis.

The session isolation reduces the risk of exposure of the credentials and applying simpler network controls.

Web access allows the introduction of location-aware controlled access so that different locations can only access the data that is allowed to be retrieved from their sites allowing centralisation but fulfilling the regional requirements.

The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials.

The upgrade options are good but could be further simplified.

The high availability options could be improved, and the load distribution as well for both the vaults and the credentials managers.

The web interface should allow having multiple sites for location-aware access control within the same web server.

I've used the solution for more than ten years.