Our use case for CyberArk Endpoint Privilege Manager involved thousands of machines with users having admin rights, which presented a massive risk. 

We needed to find a way to strip their access and stay compliant with our regulators, specifically the RBI regulator for banking. Therefore, we wanted to have people get their work done, and CyberArk Endpoint Privilege Manager helped us in hitting that balance. We use it to remove admin rights from over 2,000 to 3,000 endpoints without disrupting the team. 

It has really helped in terms of reducing the malware risk, increasing visibility, and even letting us delegate some tasks safely without exposing full privileges. The biggest benefit is that it removed local admin rights in compliance with our regulatory guidelines from RBI. It also fits into a zero-trust strategy, and the audit logs help significantly in case of forensic needs.

CyberArk Endpoint Privilege Manager has significantly reduced time spent on tasks. When discussing time savings, it really controls the privilege elevation, allowing users to run tasks as admin without actually giving them admin rights. That's a huge security improvement, which helps us use fewer manual tools. We have this automation, which saves us time.

In terms of operational efficiency for our financial services organization, CyberArk Endpoint Privilege Manager supports both the whole architecture and integrates effectively, providing us with efficiency in getting logs from our CM. It makes the whole process more efficient within a stipulated time, and we can do extensive customization, making it more flexible. We can do fine-tuning to pull out the logs, and it works effectively with the CM.

There are areas where CyberArk Endpoint Privilege Manager can improve. The total cost of ownership (TCO) is a bit high from my perspective, especially from the Indian banking standpoint. 

Deployment-wise, the policy is tricky and time-consuming, so that's something that can be improved. The user interface needs to get in line with current market trends, as it feels slightly dated. 

Additionally, implementing AI-based policy suggestions would be beneficial, especially considering the current GenAI buzz in technology. This could incorporate Indian compliance standards such as GDPR and the RBI guidelines, which would be valuable. 

Moreover, there should be better visibility into backup tools and scripts, especially for hybrid environments, which is a necessity.

CyberArk Endpoint Privilege Manager is a part of our enterprise, and it was rolled out between 2017 and 2019. It has been in use for more than five years now.

The stability and performance of CyberArk Endpoint Privilege Manager are excellent. There have not been any fluctuations or variations in the output recently. The support team is also good.

CyberArk Endpoint Privilege Manager is known for its scalability. It can manage around 2,000 to 3,000 endpoints without disrupting the team when removing admin rights, which gives it an edge over competitors in the space.

Technical support for CyberArk Endpoint Privilege Manager has not been contacted in recent times; it was only contacted in the past for fine-tuning policies and related issues.

Prior alternatives to CyberArk Endpoint Privilege Manager have not been used; however, BeyondTrust was evaluated, which recently started operations in India. 

Several other companies were evaluated, yet none were implemented as an EPM. BeyondTrust seems effective and somewhat aligns with CyberArk's proposition. As significant Microsoft customers, Microsoft Defender with app control was considered. 

Other companies evaluated include Delinea and ManageEngine, which provide PAM solutions. One Identity seems weaker in comparison to CyberArk. Each alternative has its strengths, but CyberArk's deep PAM integration provides an advantage.

The full deployment of CyberArk Endpoint Privilege Manager took approximately seven to 12 weeks.

The maintenance includes fine-tuning of the dashboard, keeping the dashboard and platform updated, and basic maintenance. It mainly involves fine-tuning of the policies.

The deployment of CyberArk Endpoint Privilege Manager involved a fragmented approach with tech teams, third-party vendors, and our technical team, as we don't deploy CyberArk directly. We utilized several people from the third party along with the CyberArk team. In total, including everyone, approximately 15 to 20 people were involved.

The meantime to detect has reduced significantly.

Annual maintenance fees are paid for CyberArk Endpoint Privilege Manager. 

I'd rate CyberArk Endpoint Privilege Manager a seven out of ten.

Customers use CyberArk Endpoint Privilege Manager to limit the administrative abilities of user accounts on laptops and endpoints. The big issue with Microsoft Windows operating system is a huge difference between advanced privileges that administrators have and simple user privileges that users have. Customers sometimes need something in the middle of those two positions, and Windows doesn't give a user-friendly interface to configure this from the operating system itself.

I have seen a positive impact of CyberArk Endpoint Privilege Manager for my customers over the years. It's quite a useful tool in the general strategy of a company to work with administrative accounts. Customers can grant appropriate access to laptops for their employees who sometimes need to be granted some higher permissions. It's not a very common use case, but sometimes customers need to work with such types of activities. For example, customers sometimes need to perform backup and test restore data tasks on the laptop, and this operation happens, not so frequently, maybe once a month. There is no need to grant the user administrative abilities because it would be too much for the users. 

CyberArk Endpoint Privilege Manager has helped my customers free up people for other projects or tasks. Companies using CyberArk EPM can hire third parties to perform some support tasks only for a limited time frame. They use some part of administrative privileges, and they granularly configure those privileges for third-party users.

CyberArk Endpoint Privilege Manager has had a positive impact on my customers' security posture. The customer has two options: one option is to grant access to perform some administrative tasks for their employees, and after that, to get these abilities back. In case they use the CyberArk tool, they don't need to perform this task from time to time. They don't need to have a person who manages these activities to grant access and to get it back.

CyberArk Endpoint Privilege Manager helps my customers reduce mean time to detect. Usually, detection tasks go to another security solution. CyberArk can prevent some data breaches and similar issues, but there is a part with Behavior Analytics. If the user does something very different from their usual actions, it can monitor and alert through the administrator's dashboard. It helps to monitor and prevent data breaches as well, making the behavior part the most powerful in terms of detection.

CyberArk Endpoint Privilege Manager's time to value can be seen immediately after the implementation. Customers usually have very clear requirements. They already know what the pain is, and they are clear about the scope of work for the project. So, after the implementation, customers can get all these benefits.

There are many valuable aspects of the product, but the most common feature is working with the privileges. 

The controls of CyberArk Endpoint Privilege Manager influence the visibility into endpoints for my customers. It allows them to granularly manage controls to prevent some malicious activities on the endpoint machine.

Integrating CyberArk Endpoint Privilege Manager with the existing systems is usually very easy. It does not cause any conflict with other solutions.

CyberArk Endpoint Privilege Manager is user-friendly to configure. The initial setup is mostly straightforward. In addition to this, the product has very strong documentation, so administrators can use the documents as well.

While CyberArk Endpoint Privilege Manager is a great tool, I believe the functionality could be wider. If it could work not only with permissions but also involve pure EDR tasks or User and Entity Behavior Analytics, it would be great. It could cover more tasks related to managing endpoint protection solutions.

I have been working with CyberArk Endpoint Privilege Manager for about seven or eight years.

CyberArk Endpoint Privilege Manager is easy to scale. There is just one license for one endpoint, so it's just a matter of calculating the administrative users in your entire organization.

I have not seen many technical support requests, but customers are satisfied with this aspect of CyberArk products. Based on my experience with them, I would rate their support a nine out of ten.

Positive

It's quite easy. It's a user-friendly tool to configure, and you can see what you configure, so it's not complicated to perform this task. It is one of the easiest products. In some cases, customers only buy the license and do the implementation process on their own.

I believe it's quite a reasonably priced solution. It's not very common to use CyberArk because it's a niche solution, but customers who are willing to control administrative accounts are willing to pay this money.

Despite CyberArk giving the ability to control applications and similar tasks, usually, customers also have an EDR or Endpoint Detection and Response solution.

I usually suggest starting with a small Proof of Concept project to see all the abilities and address any concerns. The main concerns generally revolve around whether the solution will conflict with other endpoint solutions. Since it is a very lightweight agent on laptops, there is no conflict with other solutions while performing their main tasks, which alleviates those concerns.

Overall, I would rate CyberArk Endpoint Privilege Manager a nine out of ten.

I work in the financial industry, currently providing services for Banco Colombia, one of the most important banks in Colombia.

Working with various banks, we find that CyberArk Endpoint Privilege Manager increases operational efficiency through solutions that automate processes amid organizational growth. While there might not be free time, the solution allows us to enhance our cybersecurity capabilities and utilize that time for further project maturity.

We use CyberArk Endpoint Privilege Manager to complement a privilege access management solution in order to avoid golden ticket attacks and strengthen services against attacks. 

It serves as a complement to our asset management solution. The architecture of CyberArk Endpoint Privilege Manager is beneficial for integrating with all customer ecosystems; it's easy to deploy, and achieving that level of integration and control is more challenging with other solutions. 

The ability of CyberArk Endpoint Privilege Manager to safeguard our financial services infrastructure is very important, as we need to record actions on privileges in our information systems. 

Regarding the granularity of the managed controls in CyberArk Endpoint Privilege Manager, we have different levels of features to define compensations and capabilities, which help us verify configurations and access, ultimately keeping the safety of rights intact.

Our initial challenge with CyberArk Endpoint Privilege Manager is to comply with Colombian regulations in the financial sector, particularly identifying users and managing password changes and rotations. We needed to certify the identities and provide necessary information for government investigations, if required. CyberArk Endpoint Privilege Manager is very important for helping our organization meet compliance and regulatory requirements.

We have to comply with international regulations such as SOC, but also with local regulations unique to the financial sector, which is crucial for us due to the high risks involved. CyberArk Endpoint Privilege Manager helped us reduce the time for regulatory processes to approximately two to four months, completing the solution and training.

CyberArk Endpoint Privilege Manager has helped us reduce the mean time to detect within our organization. That's our main goal. Regarding MTTD, the solution provides enough information to enhance our overall detection process. We have an 85% improvement in MTTD.

CyberArk Endpoint Privilege Manager helps ensure data privacy through strategies that manage information in real-time. 

CyberArk Endpoint Privilege Manager helps save costs by avoiding risks and future expenses associated with security incidents. It's essential to communicate the value of CyberArk Endpoint Privilege Manager to users, as its controls help improve system security. My role at the company involves service and sales activities.

CyberArk Endpoint Privilege Manager can improve its Identity Governance, which is already working effectively yet could continue to enhance its capabilities. There are areas for improvement, as CyberArk Endpoint Privilege Manager is near the ideal but not fully there yet.

I have five years of experience with CyberArk Endpoint Privilege Manager, and we are using the global solution.

I would rate CyberArk Endpoint Privilege Manager's technical support an eight out of ten. 

My reasoning for this rating is that, despite newer versions and functionalities, CyberArk Endpoint Privilege Manager lacks sufficient knowledgeable support staff, resulting in longer wait times for assistance.

Positive

I don't recall the previous solution we used. The main differences between the past solution and CyberArk Endpoint Privilege Manager are in ease of integration and administration; past solutions were much more difficult to keep operational.

The solution is easier to deploy than other solutions and easy to deploy in the cloud. The initial integration in the beginning may be complex due to the different technologies and architectures involved in preventing attacks. There are some limits in terms of what you can do to customize the solution. 

I consider CyberArk Endpoint Privilege Manager's return on investment to be good since it effectively accomplishes the goals expected from privilege access management solutions. After implementing CyberArk Endpoint Privilege Manager, we saw the time to value after a year.

I currently don't know how CyberArk Endpoint Privilege Manager utilizes artificial intelligence for management.

I rate this solution nine out of ten.

For privileges itself, I, as a Windows administrator, can connect to a laptop or desktop, and I need multi-factor authentication. This is what I am using it for - to authenticate identities and access privileges.

The solution blocks unknown applications automatically. It allows whitelisting. Whitelisted applications have limited access compared to blocked and graylisted applications. Unknown applications that attempt tasks require credential prompts for access. These features are very valuable since they protect me. It safeguards against any unforeseen background tasks.

The main issues I experience are related to deployment, which requires dependency on other solutions like AD or SCCM. These tools need to be defined and synced with the client or agent and master, sometimes needing manual checks. The agent may have problems syncing, which complicates deployment, especially when users leave the organization, however, agents remain licensed since the server still maintains licenses. 

Additionally, compared to other endpoint managers like Thycotic, CyberArk Endpoint Privilege Manager lacks recording capabilities, which limits its functionality for critical applications. A feature that records activity, even when bypassing CyberArk Endpoint Privilege Manager, would be beneficial.

I have used EPM for three to four years.

In terms of stability, I can provide very positive feedback. When I work with multiple applications as an administrator, I find the stability level of CyberArk Endpoint Privilege Manager to be superior. 

Other tools struggle with stability and require significant improvement. Despite claims of strength, their stability levels are lower than CyberArk Endpoint Privilege Manager's. Once everything is set up, it continues to work reliably.

Scalability-wise, it is good. CyberArk Endpoint Privilege Manager has a distributed architecture not found in other PAM tools. However, there are challenges at the application and database integration levels. Success relies on my knowledge of databases and applications to increase capabilities; otherwise, it becomes challenging. Compared to other tools, CyberArk Endpoint Privilege Manager excels in scalability.

On a scale from one to ten, I give a seven for customer service. 

While support processes have changed, making it more challenging to obtain vendor support, CyberArk Endpoint Privilege Manager's support is still segmented into multiple levels, causing delays. Compared with newer market tools, their lack of segmented support allows for quicker response. However, CyberArk Endpoint Privilege Manager requires a more streamlined escalation process.

Neutral

Our setup process is moving to the cloud, which is very good. It reduces complexity. The cloud makes things simpler.

The implementation is done by a partner. I have traveled to Dubai for two implementations. We also have partners in Bangalore.

I've received feedback that the pricing is high, however, for me, the value it brings is worth the cost. It's really one of the best solutions.

CyberArk Endpoint Privilege Manager has two main competitors: BeyondTrust and Thycotic. Thycotic has integrated with Centrify to become Delinea. While these tools compete with CyberArk Endpoint Privilege Manager, particularly in identity management, they use some backend features from Centrify. Still, CyberArk Endpoint Privilege Manager stands out in other areas.

I rate the solution seven out of ten. 

In terms of stability, CyberArk Endpoint Privilege Manager scores well. Considering scalability, it is good due to its distributed architecture. However, it primarily fits medium to large organizations, especially those with financial ties, which should utilize CyberArk Endpoint Privilege Manager.

I have been using CyberArk in financial services. The specific use case depends on my customer's needs. Sometimes, it is just about securing some departments, and some customers want to have protection against certain threats.

The initial implementation stands out. It was very easy to go to different departments and analyze the software they were using, and so on.

I love the product. It works very well. 

I also appreciate the automatic agent updates, which is a new feature for CyberArk EPM. 

It's good at preventing attacks or threats on infrastructure and data. I can see an incident on the board, and it is clear to analyze what is happening on the endpoint devices. I am able to manage endpoints from a different perspective.

You can scale by department. 

The user interface is quite easy to use.

We did immediately begin to see results when using CyberArk. We were able to manage endpoints and see what is happening right away. 

We've been able to reduce mean time to detect. We can see anything on the report. It's really clear if you need to analyze anything that's happening on endpoints.

It helps with data privacy. We can configure the websites and monitor what is happening inside the application. We can see what is happening and what is being monitored. We can record endpoint screens as well - which the users are aware of.

It doesn't affect operational efficiency. If you set everything correctly, the user doesn't notice that it is in the background. 

The management of Privilege Access is not satisfactory. The company also suggests different software, and they seem to want to push me to buy additional software. 

The agent user interface doesn't have too much information. Without knowledge, you are not able to find some items as they are really hidden within the UI.

Some features provided in the self-hosted version of EPM are not supported in the software as a service version, like connection to some analysis applied by Palo Alto. Some connections to third-party analyzing engines, like Palo Alto and others, which can check hashes and similar functionalities, were working in the self-hosted version of EPM yet are not supported in the software as a service version. I'd like to see more connections to third-party analysis engines.

I have been using CyberArk for about a year and a half.

Right now, the product is primarily provided as software as a service, and it works very well.

The scalability is fine. I can divide my deployment by location. One administrator can manage specific departments, while someone else can manage others. 

When I need to contact CyberArk, I usually work with level one support, and sometimes their knowledge is lacking compared to mine.

Neutral

I've used other solutions as a user, not an administrator. I have more experience with EPM and therefore prefer using it. 

The initial setup is easy for me. The deployment took us one month from start to finish.

The initial setup could be done by one person.

There is some maintenance needed after deployment. You might have some incidents, or you may need to check for disconnected agents. 

I don't have any knowledge of pricing aspects. 

It's important that EPM can safeguard our financial infrastructure. Every endpoint is like a door to the company. Any user using an endpoint can accidentally grant access. It's integral to have something like EPM to manage the endpoints and protect the company.

Overall, I would rate the product seven out of ten.

We are selling CyberArk and doing some deployments. We have a CyberArk partner.

My use case involves users who have admin rights and who do not have admin rights. We control the activities of users to stop them from downloading certain things from the Internet. We control their activities via CyberArk Endpoint Privilege Manager. There could be some plugins in some of the applications or some files that are not whitelisted in the infrastructure and could be harmful or disruptive for the organization. Only whitelisted applications are allowed on the end user's laptops, as well as the servers, and we control them via CyberArk Endpoint Privilege Manager.

I am a partner implementing CyberArk Endpoint Privilege Manager on customers' infrastructure. Before deploying CyberArk Endpoint Privilege Manager, users could download anything through browsers. Some applications do not require admin rights to install because they are plug-and-play or portable applications. Such applications could not be controlled by admins or antivirus. After deploying CyberArk Endpoint Privilege Manager, we could control these applications by creating policies to block unwanted files and applications. We have whitelisted applications based on the signatures and other factors. All other applications are blacklisted.

Any new requirements require users to contact the admin team, ensuring applications are not harmful. Previously, when new requirements came related to infrastructure or something else, the users would not contact the admin team or the service team. They would directly deploy or try to run the application on their laptop without informing or taking help from the IT team. After deploying CyberArk Endpoint Privilege Manager, they have to follow the process. They cannot do anything themselves. They have to contact the admin team. We allow them to install the application after verifying that it is whitelisted and not harmful.

It prevents the use of pirated applications, securing company policies. At times, users can get pirated applications, which has an effect on the organization. The company becomes liable to pay money for using a pirated application. With CyberArk Endpoint Privilege Manager, we are able to control such issues because users do not have the right to directly install or run applications.

The most valuable feature is the ability to control users with admin rights. Even if developers and senior folks maintain their admin rights, we can still manage their activities. For example, despite having admin rights, we can control what applications they can run on their laptops with their admin rights. This is the main feature provided by CyberArk Endpoint Privilege Manager. We do not need to notify them that we are modifying their admin rights. We can create and push a policy from the backend. This access control is significant for us.

We also get reports on what kinds of activities are performed and which applications are launched from users' laptops.

There are many features that are currently missing. A customization option is required for certain policies. For instance, if we need to stop PowerShell scripting, we have to create a different policy for that. Being able to create a sub-level policy within a top-level policy would be good. 

Currently, no user-based policy option is available inside the EPM console. We can only create computer-based policies. The database is available, but there is a drawback in not being able to create local groups on the EPM console. We only have to depend on Active Directory. This limits infrastructure security as we depend on the Active Directory team to manage user groups. If they remove any users, we lose control. If we could create groups locally and block them or set specific policies, we would have more control. Local endpoint management is missing from the EPM site. 

Moreover, there is an issue with policies not running as expected when we make enhancements. We have to find multiple ways to whitelist applications or enhance policies.

I have used the solution for the last seven years.

It is very stable. CyberArk Endpoint Privilege Manager offers multiple options for creating and stopping policies. We have a separate set, like a container, to manage policies. If a policy is not working properly, we can shut it down or disable it. Downtime is rare, and challenges usually occur when individual policies impact a user. That is the only time any downtime is required. 

Windows 10 and 11 are stable operating systems, and we are not facing issues, unlike with Windows 7 when bugs were prevalent. 

I would rate it a nine out of ten for stability.

Scalability is excellent because it is SaaS-based. It is accessible from everywhere. I would rate it a ten out of ten for stability.

It is being used at multiple locations and multiple departments. As a partner, we have deployed it for multiple clients and multiple businesses globally. 

Our clients are small, medium, and large enterprises. One of them is a pharmaceutical company with about 1,500 licenses of CyberArk Endpoint Privilege Manager. Another client has more than 200,000 endpoints. We also have a client with 120,000 endpoints. It is very easy to manage them via the console. All of them are using the cloud.

I would rate their customer service as eight out of ten. Over the past six to seven months, support has been difficult to get due to increased customers. Earlier, we received support for normal tickets within a day, but now it takes one or two days to resolve issues. It also depends on the engineers assigned to a particular ticket.

Positive

I previously worked with Symantec and McAfee antivirus solutions. However, they are not the same as CyberArk Endpoint Privilege Manager, which is a broader endpoint security tool.

Earlier, it was on-premises, but in 2020, CyberArk moved to the cloud, so we migrated from on-premises to the cloud.

Its deployment was easy. Migration to the cloud was also easy.

CyberArk supported us at the time of the deployment and migration. It was very easy to migrate from on-premises to the cloud.

Maintenance is handled by the CyberArk team, who upgrade it from the backend. They send emails about operation activities, so we only need to monitor the system afterward. Once they upgrade the infrastructure, we check the release notes. After the upgrade, we have to push the EPM agent ourselves. We use the SCCM tool and patch management tool to push the EPM agent on larger networks. That is the only activity required from our side.

In terms of ROI, deploying CyberArk Endpoint Privilege Manager has secured the infrastructure, which saves money, time, and resources.

Resources do not have to spend time monitoring screens and checking logs of events on user laptops to capture any malicious activities. Decreased manpower reduces costs. It also reduces the need for monitoring solutions. CyberArk Endpoint Privilege Manager has reduced costs and manpower. It has saved 20% to 30% of resources after implementation.

Although I do not deal directly with the pricing, CyberArk Endpoint Privilege Manager is costly compared to other solutions. However, it offers beneficial features.

We did PoC with BeyondTrust and CyberArk. BeyondTrust is good, but because we also use CyberArk PAM, staying with CyberArk Endpoint Privilege Manager gives us multiple advantages. We can achieve multiple functions through both, solidifying the choice.

Every company has unique requirements. Based on ours, we chose CyberArk. We recommend it because it allows multiple policies and customization levels. The solution also offers benefits not available with other EPM solutions. Customers should conduct a PoC and evaluate requirements against other PAM tools. Some organizations might not be able to go for CyberArk due to its cost.

Overall, I would rate CyberArk Endpoint Privilege Manager a nine out of ten. One point is removed due to its higher cost. However, the company continues to enhance its offerings, justifying the expense.

My organization specializes in IT security solutions for the finance and manufacturing sectors. We use CyberArk Endpoint Privilege Manager as a core component of our endpoint protection strategy, alongside other essential security measures such as network security, security operation center services, vulnerability management, credential management, and identity access management.

The organization's policy dictates what users can have on their laptops. For example, if the organization wants to limit certain applications, they can be blocked. The policy should define what users can have on their computers, such as restricting financial tools and applications to the finance team. These computers would be highly protected, with access to specific tools configured and restricted using CyberArk Endpoint Privilege Manager to safeguard sensitive data.

CyberArk Endpoint Privilege Manager enforces various security regulations. It includes a tool for comparing existing system configurations against those regulations and identifying any discrepancies. CyberArk actively ensures its software meets all relevant compliance standards.

CyberArk Endpoint Privilege Manager offers granular control over application access through customizable policies. These policies allow organizations to enforce the least privilege, block access entirely, or grant elevated privileges based on specific needs. Options include no access, least privilege access, and full access, ensuring that application permissions are tailored to individual users or groups and aligned with organizational security requirements.

The endpoint visibility is excellent. CyberArk Endpoint Privilege Manager is a discreet tool that runs in the background, monitoring application usage without impacting user experience. It remains invisible unless an unauthorized application is downloaded and installed. At this point, it blocks the installation and displays a message directing the user to contact IT support for assistance. This ensures that only approved applications are used and provides a clear path for users to request access to new tools.

We can use the discovery tool to identify all endpoints on the computers and compare that list with the computers running the EPM agent. This will reveal any computers without the EPM agent, which we can then deploy using the deployment tool.

CyberArk Endpoint Privilege Manager significantly reduces IT support calls by approximately 30 to 40 percent by preventing users from downloading unnecessary or malicious software. Without EPM, users with full admin privileges often install unauthorized applications, leading to increased support requests and potential virus infections. EPM allows IT to control and push only required software to computers, restricting unwanted applications. Additionally, EPM scans files and applications for viruses, blocking the installation of infected files and further reducing security risks and support calls. Overall, it helps reduce the number of IT service calls and the number of virus incidents by 30 percent.

CyberArk Endpoint Privilege Manager helps organizations meet compliance and regulatory requirements by addressing critical security concerns related to endpoint devices. Specifically, it mitigates the risk of credential theft, a common vulnerability across all endpoints. Additionally, it manages local accounts, a legacy practice where users create accounts directly on devices by rotating credentials automatically. This feature further enhances security by preventing unauthorized access, even if a hacker gains control of a device, rendering the compromised credentials useless.

CyberArk Endpoint Privilege Manager has saved approximately 20 to 25 percent of our time spent fulfilling compliance requirements. However, some areas require minor improvements that will be addressed in the future.

CyberArk Endpoint Privilege Manager significantly reduces the mean time to detect because it scans new objects immediately.

CyberArk helps reduce the number of privileged accounts by limiting privileged permissions on endpoint devices. Only the account used for software installation, such as local admin or domain admin, will have the necessary permissions, specifically for modifying registry settings during installation. This elevated access is required for certain software installations. However, these privileged accounts will not be used for regular login, internet browsing, or daily tasks. They are solely for backend application installation. Consequently, no other accounts will have privileged access to the endpoints.

CyberArk Endpoint Privilege Manager has significantly improved our security posture by preventing virus incidents and restricting users from downloading unwanted applications. This has reduced both virus-related incidents and data-loss incidents.

CyberArk Endpoint Privilege Manager helps reduce costs by minimizing service desk calls related to unwanted applications and virus incidents.

The time to value of CyberArk Endpoint Privilege Manager is evident immediately after deployment.

CyberArk Endpoint Privilege Manager enhances computer security by providing minimal access, effectively preventing ransomware attacks. It safeguards data from unauthorized access by offering the least privileged access to endpoints and applications. This results in a 30 to 40 percent reduction in IT support calls, minimizes virus infections, and controls unauthorized software installations.

The CyberArk team is working on a feature to identify devices without the Endpoint Privilege Manager running, which is currently missing. Another enhancement needed is the scheduling of deployment, which I expect in future releases.

I have been using CyberArk Endpoint Privilege Manager product for about six years.

CyberArk Endpoint Privilege Manager is highly stable.

I findCyberArk Endpoint Privilege Manager to be scalable. The available reports and other security tools assist in scaling it according to my organization's needs.

The technical support is good.

Positive

I have used ManageEngine's PowerBroker tool in the past. However, CyberArk Endpoint Privilege Manager is a mature endpoint security tool that offers credential and access management, making it more comprehensive than competitors.

The implementation policy involved deploying the agent without restricting applications or elevated access, allowing us to gather data on all applications. Based on this data and organizational needs, a policy was configured to allow only authorized applications and block unwanted tools. A pilot group tested the policy by removing elevated access to ensure functionality. Once confirmed, elevated access and local admin rights were gradually removed from the remaining users based on team or group. Finally, crew link batches were removed for all users.

Integrating CyberArk Endpoint Privilege Manager with existing solutions can present moderate difficulty for those unfamiliar with EPM and its operational mechanisms.

Typically, two to three people are required for implementation, depending on the number of users and applications. The deployment can take six months to one year.

CyberArk Endpoint Privilege Manager provides good ROI by preventing significant financial losses from data breaches.

CyberArk Endpoint Privilege Manager is slightly expensive, but costs can be negotiated to become more competitive.

I would rate CyberArk Endpoint Privilege Manager nine out of ten.

I recommend colleagues consider CyberArk Endpoint Privilege Manager. CyberArk offers flexible deployment options and is willing to negotiate to meet budgetary needs. Even with limited funding, organizations can start with a smaller deployment and expand it later based on their needs and budget availability.

Following the implementation of CyberArk Endpoint Privilege Manager, ongoing monitoring of new applications is crucial. This monitoring is essential for evaluating and configuring the system's policy, a manual process that must align with the organization's evolving application requirements. Continuous observation ensures the policy functions effectively and meets security standards.

I recommend gathering all applications and administrative rights information before implementing CyberArk Endpoint Privilege Manager. Using a centralized management tool for deployment facilitates the process.

I have worked on multiple projects for our clients. The day-to-day use case involves checking in CyberArk Endpoint Privilege Manager to see if there is any elevation request. I also create incidents for tracking purposes. We create accounts for different types of platforms and onboard the accounts. We check if any user has any issues with reconciling accounts or verifications. We track all that with the tickets.

For a project in the UK, the user raises the request for an application, and we will go and check the application to see whether the user has given a correct justification or not and why and where the user needs to download that application. After doing various checks, we decide whether to add that application to the trusted policy or not. Otherwise, we will require higher approval for whitelisting that application.

Additionally, we manually upgrade computers and handle onboarding, offboarding servers, and account monitoring.

We have created automation. If a user is getting an issue, it will automatically give us a pop-up mentioning the platform where the issue is happening. We can then look at the platform to see what is happening there. We are looking into how to reduce password verification failures and reconciliation failures. These failures are not related to CyberArk. They are related to internal usage.

We have not had issues with CyberArk. It works very smoothly. We can do many things with CyberArk. It helps us to see exactly what is happening. For example, if a user is out of their account, we can see what exactly is happening. For such issues, we use CyberArk and follow the recommendations.

We have improved our system upgrades from a month to just two weeks for around 10,000 computers. Automation implemented by our senior team also provides timely notifications of issues, improving our response time and operational efficiency.

CyberArk Endpoint Privilege Manager effectively reduces malicious content in applications by allowing us to identify and block dangerous applications. We can also elevate certain things based on the user's needs. In our environment, we have three levels: auto elevate, golden image, and no elevation.

CyberArk should consider whitelisting important applications like PowerShell and DLL that are currently not allowed due to some malicious content. If these applications could be included, it would enhance the utility of the solution.

I have been working with CyberArk for three years. I have worked with CyberArk Vault, EPM, and PAM.

It has been stable. Over the past three years, I have seen significant growth in CyberArk. It is a robust solution that has effectively supported our environment without major issues.

CyberArk Endpoint Privilege Manager is quite scalable. Based on my limited experience, I would rate it an eight out of ten.

In our environment, we have just two people with admin access. We have $1,800 licenses for CyberArk Endpoint Privilege Manager. We plan to get more licenses to better manage our organization's needs.

Over three years, we only created two tickets, and their customer support was excellent. They respond immediately to our inquiries, resolve issues promptly, and provide valuable guidance, especially in critical situations. I would rate them a ten out of ten.

Positive

My first exposure to security solutions has been with CyberArk at Accenture.

Its implementation and maintenance are handled by other teams.

I would advise others to explore CyberArk and its comprehensive components, as it offers significant learning opportunities and career growth prospects. 

For those constrained by budget, I suggest prioritizing privileged accounts for evaluation and assessing the prerequisites needed for implementation. 

I would rate CyberArk Endpoint Privilege Manager an eight out of ten.

Our primary use case for CyberArk Endpoint Privilege Manager is to control privileged access to endpoint machines, specifically managing local administrator access. We also use EPM to rotate local accounts on systems as often as we want, which helps manage what people can elevate into an administrative right through EPM.

CyberArk Endpoint Privilege Manager effectively prevents attacks and threats on our infrastructure and data. The dashboard provides a clear overview of blocked activity, although occasional false positives require manual intervention. While some legitimate installations have been inadvertently blocked, EPM's ability to secure the environment from threats is commendable.

CyberArk offers a wide range of granular controls, allowing for extensive customization. For example, we can enforce multifactor authentication for Team A, while Team B may not require it. Similarly, we can configure Team C to elevate privileges only for a specific application. This level of granularity enables us to tailor CyberArk's controls to each team's unique needs.

The initial setup of diverse policies for various teams within CyberArk Endpoint Privilege Manager required some time, delaying the realization of its benefits. However, after a discovery process and successful policy implementation, we began to reap the advantages of the EPM system.

It is critical for safeguarding our service infrastructure by preventing unauthorized users from gaining administrator rights. Within EPM, access is restricted to those with defined roles, effectively isolating sessions and enhancing security.

CyberArk Endpoint Privilege Manager helps meet compliance and regulatory requirements.

CyberArk Endpoint Privilege Manager helps reduce our mean time to detect credential theft. When detected, the information is sent to our Incident Response team who investigates, responds if necessary, or tells us to ignore it if it's a false positive.

Before using CyberArk Endpoint Privilege Manager, we granted users full local administrator privileges on their machines, giving them unrestricted control. However, with CyberArk, we can now precisely manage user permissions and elevate privileges only for specific tasks. For instance, we can prevent users from running PowerShell scripts with elevated privileges across the company. This granular control has significantly enhanced our security posture.

CyberArk Endpoint Privilege Manager has improved efficiency by automating user access and eliminating the need for manual intervention. Staff no longer need to log in to individual user systems to grant administrator rights; instead, access is managed through Active Directory groups. By assigning users to the appropriate AD group, they automatically receive the necessary permissions. This process is streamlined through a self-service portal, where users can request access and be automatically granted the required privileges. This automation has freed team members to focus on other tasks and projects.

After setting up CyberArk Endpoint Privilege Manager and defining roles for various teams, users can request access through a self-service portal. Upon approval, they are automatically added to the relevant group, either temporarily or for a specified duration. This automated process eliminates the need for manual intervention, freeing administrators from tasks like monitoring user activity or logging into their systems while empowering users to manage their access.

CyberArk Endpoint Privilege Manager has freed up analysts and administrators for other tasks, saving us money.

Integrating CyberArk Endpoint Privilege Manager with our existing systems was reasonably straightforward.

The most valuable feature of CyberArk Endpoint Privilege Manager is its scalability. It allows for granular control over application elevation, enabling customization for different teams based on their needs. For example, one team might only need to elevate PowerShell, while another might only need to elevate Visual Studio. This level of customization ensures that teams have the necessary permissions without unnecessary access. Additionally, CyberArk Endpoint Privilege Manager can enforce multi-factor authentication for specific teams or all users, further enhancing security.

CyberArk Endpoint Privilege Manager could be improved by simplifying the administration process, specifically when setting up policies and applications. More straightforward instructions and fewer steps would enhance the user experience.

I have been using CyberArk Endpoint Privilege Manager for about three years.

CyberArk Endpoint Privilege Manager is very stable. Since implementing it, we have not experienced any outages or stability issues.

CyberArk Endpoint Privilege Manager is highly scalable. We can set permissions per team or department, allowing some teams to elevate specific applications while others have different permissions.

The support is good. We engage them when needed and receive prompt responses that typically resolve our issues.

Positive

We switched from Centrify, which is now Delinea, to CyberArk due to the former's merger and planned phase-out of the application. We evaluated CyberArk alongside another product from the merging company and found CyberArk to have better features.

The initial setup was straightforward but time-consuming due to the number of applications needing policy setup. The deployment took three months to complete, but we did not work on it daily because we were also working on other projects.

We worked with professional services during our deployment, which made the process straightforward.

I rate CyberArk Endpoint Privilege Manager a nine out of ten.

CyberArk provides a more seamless and user-friendly experience. Previously, we had to log in to a separate window and use a special command to elevate privileges. With CyberArk Endpoint Privilege Manager, we click to run as administrator, and it automatically recognizes our role and elevates permissions without any extra steps. This streamlined process makes it a more intuitive and efficient solution.

The only maintenance we need to do is update the agents on the end-user systems. CyberArk Endpoint Privilege Manager is entirely cloud-based, so no further upkeep is required.

For end users, CyberArk Endpoint Privilege Manager is a native product. It integrates seamlessly, making administrative tasks intuitive. 

I have been working with the product for five years. 

The tool is an endpoint management system. It monitors everything a standard user does and helps elevate privileges when necessary for advanced users. It keeps an auditable trail of all activities. Practically, it stops and blocks potentially hazardous user behavior, whether intentional or unintentional. Certain companies must use endpoint management software because of national or international rules or ISO norms.

The product is expensive.

One of the product's strengths is the large international user community. Often, you don't need to speak directly to the vendor because you can find solutions on the community site, where there are discussions or officially closed cases with solutions provided by the vendor. You can usually solve most issues on your own this way. However, if you can't find a solution, you can open a case through their ticketing system. If the issue is relevant, tech support will connect with you to solve it, especially if you are the first to encounter a specific bug. Once resolved, they anonymize the case and make it available to others so that the same question doesn't have to be answered repeatedly.

I'm quite happy with the support. The documentation and guides are generally okay, although you might find some minor mistakes. Still, you can accomplish a lot on your own. Compared to smaller competitors, they have a quite extensive e-learning platform with self-paced courses, which is very helpful. They also offer paid live courses and labs. 

There have been some issues, like delayed responses or the time it takes for your case to be considered important enough for direct tech support. Additionally, to speak with high-level tech experts, you often need specific certifications, which can be frustrating for those with extensive hands-on experience but without the required certifications. This might mean they get support later than someone like me, who has taken the exams and can access support more quickly.

Positive

Regarding return on investment, it's hard to put a number on it since it's in security. You might be able to calculate if a company has been successfully attacked a couple of times, then installs EPM and stops being attacked. But you don't know if there would have been attacks without it. It's hard to estimate, and I'm not calculating these things.

The tool is a bit pricey compared to its competitors. My company does work with competitors, but I don't have hands-on experience with other software. I've just done some comparisons.

Overall, I'm very satisfied with the product. It's almost perfect. It's a heavy solution but has all the functionalities you need practically or administratively. It might be a bit more expensive than its competitors, but function-wise, it's the best you can get from what we've seen.

It is the best option on the market, especially for companies already using other CyberArk products. You can have identity, privileged access, and endpoint management from one vendor, which can be more cost-effective and allow the products to communicate.

CyberArk Endpoint Privilege Manager integrates well with third-party solutions. Its marketplace offers plugins, connectors, and documentation for connecting to various third-party solutions, operating systems, servers, platforms, and network devices.

CyberArk is quite popular in our region. One competitor, BeyondTrust, is similar in size and functionality. But in this region, and I'd say mainly in all of Europe, CyberArk beats BeyondTrust. There's no technical reason for this; BeyondTrust has no history here. CyberArk is quite dominant in this area.

I rate the overall solution an eight out of ten. Technically and functionally, it has everything, but it's very heavy on hardware and virtual machines. I think it could be lighter on deployment and hardware requirements.

I'm satisfied with the security part and detection capabilities. The functionality is great, although it can be heavy to deploy.