Our customers mainly use CyberArk EPM to remove admin privileges from end-user systems, especially for developers and IT people who need admin rights on their desktops. It resolves this issue by only giving admin rights for specific use cases and applications rather than full admin rights for the whole system. This keeps users happy while maintaining security.

Additionally, the tool provides insight into what software users use, has threat detection mechanisms to prevent credential harvesting, and offers proactive monitoring.

The main industries using CyberArk EPM are IT-enabled services and software development companies—mostly technology companies where users typically need full admin rights. The manufacturing and banking industries already tend to have more controlled environments, so they use them less.

The biggest benefit of CyberArk EPM for our customers is control over privileged access for endpoints. Endpoints are often the starting point for attackers to enter and move within a network. CyberArk EPM bridges the gap between security and operations teams. Operations teams are happy because work isn't stopped due to admin rights issues, while security teams are satisfied that full admin rights aren't given to all users.

The threat detection capability impacts security posture. Many web browsers and WinSCP applications can save passwords, but not always securely. Attackers could potentially tamper with and harvest these credentials. CyberArk EPM protects against this by continuously monitoring and blocking access attempts to these stored credentials, such as those in browser caches. This prevents malware or attackers from accessing these vulnerable credential stores.

My recommendation for improvement is to add functionality for when users request access to an application. There's a pop-up UI, but it's not very customizable. I suggest creating a UI where we can write scripts or use SDKs to enhance it. This could automatically create tickets in a system like ServiceNow when users request an application. If a manager approves, we could automatically push policies to those users.

CyberArk EPM is very stable stability-wise. Though the network is unavailable, policies still work from the offline cache. The agent uses a small memory footprint and doesn't crash much. I'd rate stability as eight out of ten.

I'd also rate the solution an eight out of ten for scalability. Because it is cloud-based, customers don't have to worry about capacity.

It's difficult to get support, especially for issues affecting only one or two users. CyberArk support mainly focuses on priority one tickets, which affect all users. Support needs improvement in terms of easier access and quality. Generating and uploading logs takes a lot of time, and the process moves through different levels in the organization.

Neutral

There are challenges during the implementation of CyberArk EPM. It's a phased process. First, we install the agent on all endpoint computers. Then, we monitor what applications users use and which request admin rights. The tool generates reports on this. We work with the security team to create policies based on these reports. These policies define which applications users can have elevated admin rights and which ones to block. We then push these policies to the users. New application requests come in over time. The main challenge isn't the product itself but working with multiple teams. We need to understand different kinds of software and end-user systems to create the right policies. So, the hardest part is coordinating with various teams.

Setting up the solution is very easy. It's cloud-based, so it's already set up in the cloud. Customers need to buy licenses and use them. I'd rate the setup difficulty as eight out of ten, with ten being easy.

The tool's pricing is reasonable for customers.

I advise those who want to use CyberArk EPM to get a good consultant. They need to analyze their environment and generate reports. There should be many whiteboarding sessions and discussions to develop steps for policy creation. A lot of paperwork needs to be done before starting to use it. Overall, I'd rate CyberArk EPM as nine out of ten. It's a very good product.

I use the solution in my company since some users need a certain level of activity in EXE files. The tool is used to block certain issues that we don't want in our environment.

The most valuable feature of the solution stems from its ability to delegate admin access instead of giving complete admin access to a single user. It is possible to elevate the product to a single process.

The product is very flexible. I don't feel any difficulties while using the product. Recently, my company moved to the tool's SaaS model from the on-prem version. With the tool's on-prem version, the database used to have some issues. After moving to the tool's SaaS version, we are not facing any issues. The on-prem version of the tool requires improvement.

The turnaround time of the support team is an area of concern where improvements are required.

I have been using CyberArk Endpoint Privilege Manager for four years. I am a user of the tool.

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a ten out of ten.

More than 3,500 to 4,000 people in my company use the product.

I have contacted the technical support for the solution. I rate the technical support a nine out of ten.

Positive

The product's deployment part is very easy because only the agent you need to distribute to either via Intune. With Intune, you need to install the tool via automation.

I feel that the price of the product is nominal. It must be around 10 to 15 USD per installation. I rate the product price an eight to nine out of ten, where one is high price, and ten is low price.

CyberArk integrates with WebLogic. There are no issues with integration wise when it comes to CyberArk Endpoint Privilege Manager.

I rate the overall tool a ten out of ten.

I use the solution in my company since its PAM features are used for privileged accounts.

The most valuable feature of the solution is its performance. I would describe it as a seamless solution.

The price of the product is an area of concern where improvements are required. The product's price should be made more flexible.

The tool's UI could be better and more user-friendly.

I have been using CyberArk Endpoint Privilege Manager for a year. My company has a partnership with CyberArk.

Stability-wise, I rate the solution an eight out of ten.

Scalability is fine since many people can use it even with a minimum number of licenses.

Around five people in my company use the tool.

My company has not contacted the product's technical support since our internal team took care of the deployment process.

The product's initial setup phase is fine. The on-premises architecture is a bit tough.

The product's deployment phase focuses on consolidating everything in a single platform.

Around two people are required to deploy and maintain the product.

The value or the benefits derived from the use of the product revolve around the fact that it is a reliable tool. Though it may come across as a complex product, its customers can rely on its efficiency.

The product's license is easy to procure.

I am aware of CyberArk's PAM part and CyberArk Identity.

I find the solution to be more effective since it is better than its competitors. The brand value offered by the product is very good.

There are no application control capabilities offered by the tool, but I know that enforcing privilege access control is pretty fast.

The product is reliable and stable. The solution's brand value is good. The solution is better than the products offered by its competitors.

My company is aware of the fact that CyberArk offers integration with other security tools in the market, but we have not dealt with such a complex implementation yet.

I rate the tool an eight out of ten.

The primary use case for CyberArk Endpoint Privilege Manager (EPM) is to control applications on work sessions, particularly in environments where users are not supposed to have open rights. It can be utilized to remove local admin rights from work sessions and protect the local admin group from unauthorized modifications. By deploying policies on these work sessions, organizations can restrict users' privileges and prevent them from adding users to the local admin group, reducing administrative privilege risks on endpoints.

Furthermore, it enables the deployment of policies that allow users to elevate application permissions without granting additional user rights. These application policies benefit specific applications without affecting users' overall rights. For instance, developers may require elevated permissions for certain software applications without needing broader administrative rights. However, EPM does not directly improve an organization's response to endpoint threats. Instead, it depends on other policies, such as those designed to prevent ransomware attacks. These policies focus on different aspects of endpoint security, while application policies specifically address the elevation of application permissions for user tasks, such as development activities.

CyberArk Endpoint Privilege Manager (EPM) 's most valuable feature is its ability to manage user application privileges and protect against ransomware attacks by controlling access to specific files and applications. Additionally, EPM effectively oversees the local admin group, preventing unauthorized users from adding themselves to it and ensuring tighter security. Moreover, the capability to remove users from the local admin group and rotate passwords for built-in admin groups enhances security measures significantly.

The product's threat protection and defense capabilities need enhancement. While there have been significant improvements in recent months, there's still a need for better identification and handling of real threats versus false alarms. It would be beneficial if the product could accurately detect and respond to genuine threats without generating false positives. This would allow organizations to rely more confidently on the product as a complete tool for application control and endpoint protection.

We have been using CyberArk Endpoint Privilege Manager for four years.

The technical support services are good. Despite occasional delays, the team has consistently provided effective assistance and support.

Positive

The initial setup of CyberArk APM was relatively straightforward, and the platform offers flexibility in deployment methods. Depending on the organization's preference, deployment could be done through various means, including deployment tools or the APM console. The platform provides administrators options for choosing the most suitable approach for their environment, contributing to ease of deployment.

However, there are areas for improvement. One aspect that could be enhanced is moving endpoints between sets within the EPM console. While the capability exists, there can be delays in endpoint movement, which could be addressed to streamline the process and improve efficiency.

Additionally, I recall considering adjustments in the advanced settings of the APM console. Specifically, there's a feature for creating custom advanced settings and targeting specific computers or endpoints. However, it's currently limited to targeting only one computer at a time, which can be cumbersome when dealing with multiple endpoints. The process could be easier.

EPM is not specifically designed for threat protection. While it does a decent job in this area, it generates many false positives. As a result, the primary function of EPM in terms of threat detection is to send events to the security team for further investigation.

As a consultant working with organizations, I've deployed application control features like those offered by CyberArk Endpoint Privilege Manager (EPM) across various environments. Without such controls, organizations would face increased vulnerability to attacks, as granting local admin rights exposes systems to potential security breaches.

I rate it an eight. However, there are areas where improvements could be made. For example, addressing the issue of false positives in events, especially concerning ransomware events, would enhance the platform's usability. Additionally, it requires EPM and PAM solutions to reset passwords for local accounts on workstations. Other products allow this with just the EPM component, whereas CyberArk requires integrating two separate products.

I work with CyberArk Endpoint Privilege Manager for my partners. It is mainly for compliance, managing credentials securely, and monitoring what's going on with those credentials. Also, there's this thing about limiting privileges for certain users in production environments. But it seems like it's not just for big setups, it's also used across all kinds of workplaces.

The feature called PTA, which stands for Privileged Threat Analytics keeps track of what admins are doing and works with Centimeters. If something fishy is going on with a user's credentials, it alerts the security team so they can act fast. Plus, it automates stuff like resetting credentials or blocking users. So, if there's a potential hack, CyberArk can change passwords and lock out users in a snap. It also gives you a heads-up if anything unusual is going on with server activities, like someone creating new users with uncontrolled credentials. 

CyberArk meets clients' need very spot-on. It covers everything customers ask for.

As for improvements, honestly, the feedback's been really positive. I haven't heard any specific areas that need work.

It's designed to be highly available and resilient, so you can always access your targets no matter what.

As for scalability, it's totally on point. With the SaaS option, it's fully scalable. And if you're running components on-premise, you can easily add more to boost performance as your user base grows. They're usually virtual, so it's a breeze to scale up by adding more virtual machines.

I don’t deal directly with customer support, but I've heard good things from my colleagues who do. They usually handle it through certified partners, and the feedback is pretty positive.

Positive

There are two choices, one is the software service option, which is super easy to install and get running. The other is a self-hosted route, which has a more structured setup for better security and performance, though it's a bit more complex.As for deployment time, it varies depending on the project, but on average, you can get it up and running in just a day.

Maintenance is not a headache. We usually offer manager services to keep everything updated and running smoothly. It's a simple process that keeps things effective.

It's not at the lower end of the market. I think the price is reasonable considering the quality it delivers. It is a top-notch solution at a fair price point.

Once you start integrating this solution with your existing technologies and implementing new processes for accessing targets by administrators, you can see significant progress within two to three months, covering around eighty to ninety percent of your technology integration. With strong engagement, you can expect a substantial return on investment in that timeframe.As for rating the solution, I would give a solid ten.

We use the solution to secure direct access to servers. Users could open their browsers and access resources. This applies to different teams, such as DevOps, IT services, and development teams. They can no longer use RDP connections directly to the server for their day-to-day tasks. Instead, they must log in to CyberArk with their account and then use a shared account to access the server. Another advantage is using (Privilege Access Management) PAM accounts, which have high permissions but are limited in their access.

CyberArk's infrastructure is extensive. A cloud version has been introduced, when it was fully on-premises. You had to set up a separate environment for CyberArk, which incurred significant costs for the customer. Additionally, maintaining the infrastructure required dedicated resources, including on-call support outside of regular hours. If infrastructure went down, it left everyone in a difficult situation.

I have been using CyberArk Endpoint Privilege Manager as a consultant for three and a half years.

The product is stable.

I rate the solution’s stability an eight out of ten.

The solution is not easy to scale because it needs a separate team to do the capacity management all the time. We cater the solution to enterprises and small businesses.

I rate the solution’s scalability an eight out of ten.

The initial setup is very difficult, but If you follow the correct sequence, then it's fine. The only complex thing is to build the infrastructure and maintain it.
It depends on the whole component and takes a couple of weeks to deploy.

The solution is very expensive. The licensing costs a lot. There is a separate cost for support.

We opted for BeyondTrust.

Three people are required for the solution’s maintenance.

Overall, I rate the solution a nine out of ten.

What sets CyberArk apart is its continuous innovation, staying ahead of the competition. It not only offers integrated solutions but also expands its capabilities through strategic acquisitions.

In terms of improvement, CyberArk Endpoint Privilege Manager can be better by making its UI more consistent. Right now, there is a mix of a new, user-friendly look and an older interface with some functions. This mix can confuse users and affect how smoothly everything works together. Making the interface more uniform would make things easier and more efficient for everyone.

I have been using CyberArk Endpoint Privilege Manager for almost five years.

I would rate the stability of the solution as a nine out of ten.

The solution is highly scalable. I would rate the scalability as a nine out of ten.

I would give CyberArk's tech support a nine out of ten. They have made it so only certified experts can raise support tickets, ensuring that the person seeking help knows the product. This often leads to quicker problem-solving. While I haven't needed support much, others say CyberArk is responsive, even handling custom requests overnight in some cases. Overall, their support is solid.

Positive

Setting up CyberArk Endpoint Privilege Manager was challenging for me due to the involvement of multiple components. The process required a good understanding of each component and its configuration. It is not a straightforward setup, and familiarity with the system is crucial to ensure everything is correctly configured. I would rate the easiness of the initial setup as a six out of ten. The deployment of CyberArk Endpoint Privilege Manager takes about a day. It is not as quick as some Linux, which can be up and running in just a couple of hours. CyberArk's deployment is more complex due to the various components that need to be set up and validated to ensure they work together seamlessly. Once the deployment is complete, you can then proceed with tasks like account onboarding.

The investment in CyberArk is worthwhile. It significantly elevates security measures, reducing the vulnerability to breaches.

CyberArk is mostly used by big companies, especially in finance and banking. It is not really for small businesses because the investment is quite large. I have seen cases where substantial discounts were given, but that is usually for big enterprises. CyberArk has extra costs for professional services on top of the standard fee. These services are a bit pricey, and unlike some competitors, CyberArk doesn't focus heavily on them. While helpful, be prepared for an additional expense if you opt for these services. I would give it an eight out of ten in terms of costliness.

Overall, I would rate CyberArk Endpoint Privilege Manager as an eight out of ten.

We use the solution for cyber security to block unwanted things and ensure endpoint security. We also use the solution to collect user analytics.

Based on a customer's requirements, the solution allows me to give access and privileges to each user individually. CyberArk also allows granular blocking permissions.

CyberArk has better features than other vendors' products, such as a password vault.

CyberArk has some performance issues. For example, servers could not handle the solution when we first took CyberArk Endpoint Privilege Manager.

But to solve the problem, I first examine why the services take so much time to install. After that, I look at where we start the services. After that, if we need any patches there, I'll contact CyberArk.

It would be good if, based on an analysis of the user behavior from the logs we collect, we can see if a user has been accessing some other things. We need better reporting tools for those use cases.

I have worked with this solution for three years.

CyberArk's technical support is great. They immediately give support to everybody.

Positive

I've used Arcon User Behavior Analytics. And with endpoint security, we have used ManageEngine Endpoint Security. CyberArk's advantage over its competitors is its granular access. You can give specific access.

However, we work with all the solutions and provide one or the other based on what the customer requires. We will make a POC accordingly.

The solution's implementation process is a bit complex compared to other products. But every product has some challenges based on the customer's environment. However, we don't face any challenges because we understand the customer's environment and assess the scope of work.

As for difficulties we face while deploying CyberArk PAM, sometimes the agent won't install on the client's server. But if I report that to CyberArk, they give the required patches, and the solution works fine.

The time we take to deploy CyberArk PAM is based on the number of endpoints. If we have about 200 users, it takes two or three weeks to deploy.

We usually need two or three people to deploy the solution. One will be L2, and the other will be L1.

The solution's pricing is reasonable compared to other vendors' products.

I rate CyberArk Endpoint Privilege Manager an eight out of ten.

The solution is used for:

Rotating local administrator passwords: EPM can be used to rotate the passwords of local administrator accounts on endpoints, which helps to prevent attackers from gaining unauthorized access to these accounts.

Revoking access to privileged accounts: EPM can be used to revoke access to privileged accounts when users no longer need it, which helps to reduce the risk of unauthorized access.

Monitoring privileged activity: EPM can be used to monitor all privileged activity on endpoints, which helps to identify and investigate suspicious activity.

Auditing privileged access: EPM can be used to audit all privileged access to sensitive systems and data, which helps to comply with security regulations.

We were able to reduce the number of privileged accounts by 50%, which helped to simplify our privileged access management environment. 

We were able to automate the process of rotating privileged passwords, which saved us 100 hours of manual work each year. 

We were able to detect and block a number of unauthorized access attempts, which helped to prevent data breaches. 

We were able to meet the requirements of the PCI DSS, which helped to protect our customers' data.

With the solution, we met regulatory requirements. CyberArk has helped us to meet specific regulatory requirements for privileged access management. For example, CyberArk has helped us audit all privileged access to sensitive systems and data,

The least privilege enforcement has helped us to reduce the number of privileged accounts by 50%, which has simplified our privileged access management environment and reduced the risk of unauthorized access.

The privileged session management has helped us to prevent unauthorized access to sensitive systems and data. For example, we were able to detect and block a number of unauthorized attempts to access our financial systems.

Auditing and reporting have helped us to comply with security regulations such as the Payment Card Industry Data Security Standard (PCI DSS).

Threat protection has helped us to detect and block malicious applications and scripts, which has helped to protect our endpoints from attacks.

Centralized management has simplified administration and reduced the risk of errors. For example, we were able to easily deploy CyberArk EPM to all of our endpoints without any major problems.

The solution could improve:

User experience and ease of use: The product needs a streamlined user interface; improvements to the user interface can enhance user experience and make the solution more intuitive to navigate.

Simplified policy configuration: Making the process of creating and managing policies more user-friendly can lead to better adoption and utilization.

Integration and compatibility: Enhanced Integrations, Improving compatibility with a wider range of operating systems, applications, and devices can broaden the solution's scope and effectiveness.

API and automation: Expanding API capabilities allows for more seamless integration into existing security workflows and automation processes.

Threat intelligence and analytics and advanced threat detection: Incorporating more advanced threat detection mechanisms can help in identifying and mitigating potential security breaches.

Analytics and reporting: Robust reporting and analytics features can provide insights into privilege usage, potential vulnerabilities, and overall security posture.

Performance and scalability: Enhancements in performance, such as reduced latency and faster policy enforcement, can contribute to a more efficient endpoint management process. Ensuring the solution can handle a large number of endpoints without sacrificing performance is crucial for enterprises of varying sizes.

I've used the solution for ten years.

Scalability can be an issue when the solution struggles to efficiently manage a large number of endpoints. 

As an organization grows, the number of endpoints (devices) that need privilege management increases, which can strain the solution's capacity to effectively manage and enforce policies across all these endpoints.

We did not use a different solution.

The initial setup was straightforward.

We did not evaluate other options. 

The solution reduces the stress of managing privileged accounts that log into servers and network devices. We're also looking to onboard service accounts, and the solution takes care of the rotation while meeting the password policy and auditing and recording user sessions. The solution manages privilege sessions. The solution is also part of a zero-trust architecture where we see what admin users do on the servers.

The password rotation and the session recording are the most valuable features. Likewise, password management for service accounts is a very nice feature.

One area that has room for improvement is in managing the credentials for network devices. The solution works fine for servers running Windows 10, but it's not very functional or smooth in operation for servers running Linux and Unix operating systems. There could also be some improvement in integrating with a number of solutions. Though CyberArk keeps developing, improving, or increasing its integrations with other solutions, it could do better.

I would also like the initial setup to be easier because we have to engage the services of a partner when setting up the solution. Moreover, the documentation for setup is restricted to partners only. You can get training on the administration of the solution, but the setup and getting some support documents are reserved for partners only. If there were a better way to get this information out there or to make it more accessible, that would reduce the complexity of setting up the solution.

We've worked with this solution for three years.

I rate the solution's stability an eight out of ten.

The solution is highly valuable, but it depends on the license. To scale the architecture, you can just increase your resources. I rate the solution's scalability an eight out of ten. I have about 50 users for this solution, using it 24/7.

CyberArk's technical support can be very prompt, and I am satisfied with their services.

Positive

I rate the initial setup a five out of ten. The solution was not so easy to set up. It has several components with communication between them and server hardening, so the setup is not exactly easy. But there is straightforward documentation, so we can work with that. However, that is reserved for partners.

All conditions being equal, it takes three weeks to deploy the solution. But it took longer for us because there were some constraints within the environment, so it took three weeks to one month.

When deploying the solution, we had to evaluate our environment, get all our privileged accounts, and decide on the architecture we wanted to go with. Since we deployed the solution on-premises, we had to provision servers for different components of the solution before installing each component on the servers and then installing the vault.

Right now, as an individual, I can't just say I'm getting CyberArk and setting it up myself. I need to get the services of a partner. A lot of the documentation is reserved for partners.

We needed two people to deploy the solution, and we currently just need one admin for maintenance. We would need two for a larger business.

I rate the solution's pricing an eight out of ten since the price can be too high for smaller businesses. There is an annual support license that needs to be purchased additionally.

It's a great solution and is really functional. It's not a solution that covers a lot of needs. It has a niche area, and they do excellently with that. I recommend CyberArk Endpoint Privilege Manager and rate it a nine out of ten.

I'm still trying to maximize and explore the solution's capabilities. It does quite a lot, but I have not been able to utilize the solution that well. It takes time for users to accept changes and get used to the solution.