CyberArk Endpoint Privilege Manager

Our use case for CyberArk Endpoint Privilege Manager involved thousands of machines with users having admin rights, which presented a massive risk. 

We needed to find a way to strip their access and stay compliant with our regulators, specifically the RBI regulator for banking. Therefore, we wanted to have people get their work done, and CyberArk Endpoint Privilege Manager helped us in hitting that balance. We use it to remove admin rights from over 2,000 to 3,000 endpoints without disrupting the team. 

It has really helped in terms of reducing the malware risk, increasing visibility, and even letting us delegate some tasks safely without exposing full privileges. The biggest benefit is that it removed local admin rights in compliance with our regulatory guidelines from RBI. It also fits into a zero-trust strategy, and the audit logs help significantly in case of forensic needs.

CyberArk Endpoint Privilege Manager has significantly reduced time spent on tasks. When discussing time savings, it really controls the privilege elevation, allowing users to run tasks as admin without actually giving them admin rights. That's a huge security improvement, which helps us use fewer manual tools. We have this automation, which saves us time.

In terms of operational efficiency for our financial services organization, CyberArk Endpoint Privilege Manager supports both the whole architecture and integrates effectively, providing us with efficiency in getting logs from our CM. It makes the whole process more efficient within a stipulated time, and we can do extensive customization, making it more flexible. We can do fine-tuning to pull out the logs, and it works effectively with the CM.

There are areas where CyberArk Endpoint Privilege Manager can improve. The total cost of ownership (TCO) is a bit high from my perspective, especially from the Indian banking standpoint. 

Deployment-wise, the policy is tricky and time-consuming, so that's something that can be improved. The user interface needs to get in line with current market trends, as it feels slightly dated. 

Additionally, implementing AI-based policy suggestions would be beneficial, especially considering the current GenAI buzz in technology. This could incorporate Indian compliance standards such as GDPR and the RBI guidelines, which would be valuable. 

Moreover, there should be better visibility into backup tools and scripts, especially for hybrid environments, which is a necessity.

CyberArk Endpoint Privilege Manager is a part of our enterprise, and it was rolled out between 2017 and 2019. It has been in use for more than five years now.

The stability and performance of CyberArk Endpoint Privilege Manager are excellent. There have not been any fluctuations or variations in the output recently. The support team is also good.

CyberArk Endpoint Privilege Manager is known for its scalability. It can manage around 2,000 to 3,000 endpoints without disrupting the team when removing admin rights, which gives it an edge over competitors in the space.

Technical support for CyberArk Endpoint Privilege Manager has not been contacted in recent times; it was only contacted in the past for fine-tuning policies and related issues.

Prior alternatives to CyberArk Endpoint Privilege Manager have not been used; however, BeyondTrust was evaluated, which recently started operations in India. 

Several other companies were evaluated, yet none were implemented as an EPM. BeyondTrust seems effective and somewhat aligns with CyberArk's proposition. As significant Microsoft customers, Microsoft Defender with app control was considered. 

Other companies evaluated include Delinea and ManageEngine, which provide PAM solutions. One Identity seems weaker in comparison to CyberArk. Each alternative has its strengths, but CyberArk's deep PAM integration provides an advantage.

The full deployment of CyberArk Endpoint Privilege Manager took approximately seven to 12 weeks.

The maintenance includes fine-tuning of the dashboard, keeping the dashboard and platform updated, and basic maintenance. It mainly involves fine-tuning of the policies.

The deployment of CyberArk Endpoint Privilege Manager involved a fragmented approach with tech teams, third-party vendors, and our technical team, as we don't deploy CyberArk directly. We utilized several people from the third party along with the CyberArk team. In total, including everyone, approximately 15 to 20 people were involved.

The meantime to detect has reduced significantly.

Annual maintenance fees are paid for CyberArk Endpoint Privilege Manager. 

I'd rate CyberArk Endpoint Privilege Manager a seven out of ten.

Customers use CyberArk Endpoint Privilege Manager  to limit the administrative abilities of user accounts on laptops and endpoints. The big issue with Microsoft Windows operating system is a huge difference between advanced privileges that administrators have and simple user privileges that users have. Customers sometimes need something in the middle of those two positions, and Windows doesn't give a user-friendly interface to configure this from the operating system itself.

I have seen a positive impact of CyberArk Endpoint Privilege Manager  for my customers over the years. It's quite a useful tool in the general strategy of a company to work with administrative accounts. Customers can grant appropriate access to laptops for their employees who sometimes need to be granted some higher permissions. It's not a very common use case, but sometimes customers need to work with such types of activities. For example, customers sometimes need to perform backup and test restore data tasks on the laptop, and this operation happens, not so frequently, maybe once a month. There is no need to grant the user administrative abilities because it would be too much for the users. 

CyberArk Endpoint Privilege Manager has helped my customers free up people for other projects or tasks. Companies using CyberArk EPM can hire third parties to perform some support tasks only for a limited time frame. They use some part of administrative privileges, and they granularly configure those privileges for third-party users.

CyberArk Endpoint Privilege Manager has had a positive impact on my customers' security posture. The customer has two options: one option is to grant access to perform some administrative tasks for their employees, and after that, to get these abilities back. In case they use the CyberArk tool, they don't need to perform this task from time to time. They don't need to have a person who manages these activities to grant access and to get it back.

CyberArk Endpoint Privilege Manager helps my customers reduce mean time to detect. Usually, detection tasks go to another security solution. CyberArk can prevent some data breaches and similar issues, but there is a part with Behavior Analytics. If the user does something very different from their usual actions, it can monitor and alert through the administrator's dashboard. It helps to monitor and prevent data breaches as well, making the behavior part the most powerful in terms of detection.

CyberArk Endpoint Privilege Manager's time to value can be seen immediately after the implementation. Customers usually have very clear requirements. They already know what the pain is, and they are clear about the scope of work for the project. So, after the implementation, customers can get all these benefits.

There are many valuable aspects of the product, but the most common feature is working with the privileges. 

The controls of CyberArk Endpoint Privilege Manager influence the visibility into endpoints for my customers. It allows them to granularly manage controls to prevent some malicious activities on the endpoint machine.

Integrating CyberArk Endpoint Privilege Manager with the existing systems is usually very easy. It does not cause any conflict with other solutions.

CyberArk Endpoint Privilege Manager is user-friendly to configure. The initial setup is mostly straightforward. In addition to this, the product has very strong documentation, so administrators can use the documents as well.

While CyberArk Endpoint Privilege Manager is a great tool, I believe the functionality could be wider. If it could work not only with permissions but also involve pure EDR tasks or User and Entity Behavior Analytics , it would be great. It could cover more tasks related to managing endpoint protection solutions.

I have been working with CyberArk Endpoint Privilege Manager for about seven or eight years.

CyberArk Endpoint Privilege Manager is easy to scale. There is just one license for one endpoint, so it's just a matter of calculating the administrative users in your entire organization.

I have not seen many technical support requests, but customers are satisfied with this aspect of CyberArk products. Based on my experience with them, I would rate their support a nine out of ten.

Positive

It's quite easy. It's a user-friendly tool to configure, and you can see what you configure, so it's not complicated to perform this task. It is one of the easiest products. In some cases, customers only buy the license and do the implementation process on their own.

I believe it's quite a reasonably priced solution. It's not very common to use CyberArk because it's a niche solution, but customers who are willing to control administrative accounts are willing to pay this money.

Despite CyberArk giving the ability to control applications and similar tasks, usually, customers also have an EDR or Endpoint Detection and Response solution.

I usually suggest starting with a small Proof of Concept project to see all the abilities and address any concerns. The main concerns generally revolve around whether the solution will conflict with other endpoint solutions. Since it is a very lightweight agent on laptops, there is no conflict with other solutions while performing their main tasks, which alleviates those concerns.

Overall, I would rate CyberArk Endpoint Privilege Manager a nine out of ten.

I work in the financial industry, currently providing services for Banco Colombia, one of the most important banks in Colombia.

Working with various banks, we find that CyberArk Endpoint Privilege Manager increases operational efficiency through solutions that automate processes amid organizational growth. While there might not be free time, the solution allows us to enhance our cybersecurity capabilities and utilize that time for further project maturity.

We use CyberArk Endpoint Privilege Manager to complement a privilege access management solution in order to avoid golden ticket attacks and strengthen services against attacks. 

It serves as a complement to our asset management solution. The architecture of CyberArk Endpoint Privilege Manager is beneficial for integrating with all customer ecosystems; it's easy to deploy, and achieving that level of integration and control is more challenging with other solutions. 

The ability of CyberArk Endpoint Privilege Manager to safeguard our financial services infrastructure is very important, as we need to record actions on privileges in our information systems. 

Regarding the granularity of the managed controls in CyberArk Endpoint Privilege Manager, we have different levels of features to define compensations and capabilities, which help us verify configurations and access, ultimately keeping the safety of rights intact.

Our initial challenge with CyberArk Endpoint Privilege Manager is to comply with Colombian regulations in the financial sector, particularly identifying users and managing password changes and rotations. We needed to certify the identities and provide necessary information for government investigations, if required. CyberArk Endpoint Privilege Manager is very important for helping our organization meet compliance and regulatory requirements.

We have to comply with international regulations such as SOC, but also with local regulations unique to the financial sector, which is crucial for us due to the high risks involved. CyberArk Endpoint Privilege Manager helped us reduce the time for regulatory processes to approximately two to four months, completing the solution and training.

CyberArk Endpoint Privilege Manager has helped us reduce the mean time to detect within our organization. That's our main goal. Regarding MTTD, the solution provides enough information to enhance our overall detection process. We have an 85% improvement in MTTD.

CyberArk Endpoint Privilege Manager helps ensure data privacy through strategies that manage information in real-time. 

CyberArk Endpoint Privilege Manager helps save costs by avoiding risks and future expenses associated with security incidents. It's essential to communicate the value of CyberArk Endpoint Privilege Manager to users, as its controls help improve system security. My role at the company involves service and sales activities.

CyberArk Endpoint Privilege Manager can improve its Identity Governance, which is already working effectively yet could continue to enhance its capabilities. There are areas for improvement, as CyberArk Endpoint Privilege Manager is near the ideal but not fully there yet.

I have five years of experience with CyberArk Endpoint Privilege Manager, and we are using the global solution.

I would rate CyberArk Endpoint Privilege Manager's technical support an eight out of ten. 

My reasoning for this rating is that, despite newer versions and functionalities, CyberArk Endpoint Privilege Manager lacks sufficient knowledgeable support staff, resulting in longer wait times for assistance.

Positive

I don't recall the previous solution we used. The main differences between the past solution and CyberArk Endpoint Privilege Manager are in ease of integration and administration; past solutions were much more difficult to keep operational.

The solution is easier to deploy than other solutions and easy to deploy in the cloud. The initial integration in the beginning may be complex due to the different technologies and architectures involved in preventing attacks. There are some limits in terms of what you can do to customize the solution. 

I consider CyberArk Endpoint Privilege Manager's return on investment to be good since it effectively accomplishes the goals expected from privilege access management solutions. After implementing CyberArk Endpoint Privilege Manager, we saw the time to value after a year.

I currently don't know how CyberArk Endpoint Privilege Manager utilizes artificial intelligence for management.

I rate this solution nine out of ten.

For privileges itself, I, as a Windows administrator, can connect to a laptop or desktop, and I need multi-factor authentication. This is what I am using it for - to authenticate identities and access privileges.

The solution blocks unknown applications automatically. It allows whitelisting. Whitelisted applications have limited access compared to blocked and graylisted applications. Unknown applications that attempt tasks require credential prompts for access. These features are very valuable since they protect me. It safeguards against any unforeseen background tasks.

The main issues I experience are related to deployment, which requires dependency on other solutions like AD or SCCM. These tools need to be defined and synced with the client or agent and master, sometimes needing manual checks. The agent may have problems syncing, which complicates deployment, especially when users leave the organization, however, agents remain licensed since the server still maintains licenses. 

Additionally, compared to other endpoint managers like Thycotic, CyberArk Endpoint Privilege Manager  lacks recording capabilities, which limits its functionality for critical applications. A feature that records activity, even when bypassing CyberArk Endpoint Privilege Manager , would be beneficial.

I have used EPM for three to four years.

In terms of stability, I can provide very positive feedback. When I work with multiple applications as an administrator, I find the stability level of CyberArk Endpoint Privilege Manager to be superior. 

Other tools struggle with stability and require significant improvement. Despite claims of strength, their stability levels are lower than CyberArk Endpoint Privilege Manager's. Once everything is set up, it continues to work reliably.

Scalability-wise, it is good. CyberArk Endpoint Privilege Manager has a distributed architecture not found in other PAM tools. However, there are challenges at the application and database integration levels. Success relies on my knowledge of databases and applications to increase capabilities; otherwise, it becomes challenging. Compared to other tools, CyberArk Endpoint Privilege Manager excels in scalability.

On a scale from one to ten, I give a seven for customer service. 

While support processes have changed, making it more challenging to obtain vendor support, CyberArk Endpoint Privilege Manager's support is still segmented into multiple levels, causing delays. Compared with newer market tools, their lack of segmented support allows for quicker response. However, CyberArk Endpoint Privilege Manager requires a more streamlined escalation process.

Neutral

Our setup process is moving to the cloud, which is very good. It reduces complexity. The cloud makes things simpler.

The implementation is done by a partner. I have traveled to Dubai for two implementations. We also have partners in Bangalore.

I've received feedback that the pricing is high, however, for me, the value it brings is worth the cost. It's really one of the best solutions.

CyberArk Endpoint Privilege Manager has two main competitors: BeyondTrust and Thycotic. Thycotic has integrated with Centrify to become Delinea. While these tools compete with CyberArk Endpoint Privilege Manager, particularly in identity management, they use some backend features from Centrify. Still, CyberArk Endpoint Privilege Manager stands out in other areas.

I rate the solution seven out of ten. 

In terms of stability, CyberArk Endpoint Privilege Manager scores well. Considering scalability, it is good due to its distributed architecture. However, it primarily fits medium to large organizations, especially those with financial ties, which should utilize CyberArk Endpoint Privilege Manager.

I have been using CyberArk in financial services. The specific use case depends on my customer's needs. Sometimes, it is just about securing some departments, and some customers want to have protection against certain threats.

The initial implementation stands out. It was very easy to go to different departments and analyze the software they were using, and so on.

I love the product. It works very well. 

I also appreciate the automatic agent updates, which is a new feature for CyberArk EPM. 

It's good at preventing attacks or threats on infrastructure and data. I can see an incident on the board, and it is clear to analyze what is happening on the endpoint devices. I am able to manage endpoints from a different perspective.

You can scale by department. 

The user interface is quite easy to use.

We did immediately begin to see results when using CyberArk. We were able to manage endpoints and see what is happening right away. 

We've been able to reduce mean time to detect. We can see anything on the report. It's really clear if you need to analyze anything that's happening on endpoints.

It helps with data privacy. We can configure the websites and monitor what is happening inside the application. We can see what is happening and what is being monitored. We can record endpoint screens as well - which the users are aware of.

It doesn't affect operational efficiency. If you set everything correctly, the user doesn't notice that it is in the background. 

The management of Privilege Access is not satisfactory. The company also suggests different software, and they seem to want to push me to buy additional software. 

The agent user interface doesn't have too much information. Without knowledge, you are not able to find some items as they are really hidden within the UI.

Some features provided in the self-hosted version of EPM are not supported in the software as a service version, like connection to some analysis applied by Palo Alto. Some connections to third-party analyzing engines, like Palo Alto and others, which can check hashes and similar functionalities, were working in the self-hosted version of EPM yet are not supported in the software as a service version. I'd like to see more connections to third-party analysis engines.

I have been using CyberArk for about a year and a half.

Right now, the product is primarily provided as software as a service, and it works very well.

The scalability is fine. I can divide my deployment by location. One administrator can manage specific departments, while someone else can manage others. 

When I need to contact CyberArk, I usually work with level one support, and sometimes their knowledge is lacking compared to mine.

Neutral

I've used other solutions as a user, not an administrator. I have more experience with EPM and therefore prefer using it. 

The initial setup is easy for me. The deployment took us one month from start to finish.

The initial setup could be done by one person.

There is some maintenance needed after deployment. You might have some incidents, or you may need to check for disconnected agents. 

I don't have any knowledge of pricing aspects. 

It's important that EPM can safeguard our financial infrastructure. Every endpoint is like a door to the company. Any user using an endpoint can accidentally grant access. It's integral to have something like EPM to manage the endpoints and protect the company.

Overall, I would rate the product seven out of ten.

We are selling CyberArk and doing some deployments. We have a CyberArk partner.