For CyberArk Privileged Access Manager, use cases are providing just-in-time privileged access. The most simple use case is hosting all privileged credentials in a secure manner and managing and controlling access to those credentials. Therefore, controlling access to privileged endpoints is the usual thing that will be done with PAM.
Reviews from AWS customer
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Privileged access management achieves full control with comprehensive features
What is our primary use case?
What is most valuable?
CyberArk Privileged Access Manager has several valuable features. The basic feature is privileged access management with all the processes and procedures that are needed. It has all the relevant features required to provide a PAM project or PAM program. It does everything that is needed. A tangible benefit is that we already have full control of privileged access. We have just started and have onboarded all privileged accounts into the system.
What needs improvement?
I have noticed areas of CyberArk Privileged Access Manager that could be improved or enhanced in integration with automation tools. It's not quite the same in the cloud, the Privilege Cloud version. The on-premises version allows users to do absolutely everything. When they took it to the cloud, they started cutting things out. The other issue with CyberArk is that they are marketing their new product, SIA, which is based on Privilege Cloud. Users still need to have Privilege Cloud to achieve the same level of functionality as the on-premises version.
We are still early in the roadmap and haven't progressed far enough to identify additional needs. When organizations reach the end of their maturity roadmap, they can better identify specific tool requirements that aren't currently available.
For how long have I used the solution?
We have been deploying CyberArk Privileged Access Manager for two years now and counting.
How are customer service and support?
The evaluation of customer service and technical support for CyberArk Privileged Access Manager depends on several factors. When receiving support directly from CyberArk, they are the most knowledgeable, though they don't always have immediate solutions as they might need to create them, which can take considerable time. For instance, the Ansible integration for the cloud version has been requested for years.
When working with CyberArk partners for support, it's crucial to ensure they have actual knowledge and aren't just acting as middlemen. There have been instances where third parties are hired to provide first and second line support, but they simply forward requests to CyberArk without adding value to the process.
How would you rate customer service and support?
What about the implementation team?
We used a deployment partner recommended by CyberArk for the deployment and maintenance process. One crucial step that should be done first is creating an inventory of how privileged access is currently handled and where it is needed. Without this inventory, you might deploy CyberArk and realize it doesn't work with your existing architecture or infrastructure.
Our implementation team consisted of approximately 15 people, including architects, engineers, application owners, network specialists, Windows and Linux administrators, database administrators, and cloud specialists. While maintenance requires fewer people, input from all these stakeholders is crucial for successful implementation as they each have different requirements.
Most importantly, this needs to be a management-driven initiative with a top-down approach. Management must establish new working methods, as the biggest barrier to acceptance is typically resistance to changes in working procedures.
For ongoing operations, the staffing requirements depend on the company's operations. Typically, 24/7 coverage requires at least three people per shift in a follow-the-sun model. This accounts for first and second line support only, with additional staff needed for server maintenance, totaling around nine people.
What other advice do I have?
The primary problem addressed by implementing CyberArk Privileged Access Manager is the lack of control over privileged access - where it happens, how it occurs, and what is done with that access. When attempting to attack an enterprise, attackers target the highest-privilege credentials available. Therefore, protecting the most critical credentials within your organization is essential.
For those planning to deploy CyberArk Privileged Access Manager, it's crucial to understand that it's a multi-year program. It's not just about deploying the tool; it needs policies and governance around it. Additionally, infrastructure modifications are necessary to ensure PAM is the only way to provide privileged access to endpoints.
It's a great product that does everything required from a PAM tool. I would rate CyberArk Privileged Access Manager as a nine out of ten.
Implementing robust access security and monitoring for user sessions
What is our primary use case?
My main use case for CyberArk Privileged Access Manager is installing it to prevent direct access to the users. For the privileged account, we are using the PAM, and all sessions have been monitored, with all logs shared and logged on the vault.
I have more to add about my main use case for CyberArk Privileged Access Manager, specifically our Privileged Threat Analysis, which detects any suspicious event and alarms us.
What is most valuable?
The best features CyberArk Privileged Access Manager offers are PTA, Privileged Threat Analysis, and Alero, Remote Access Management, and these features are essential for enhancing security.
PTA and Alero have made a difference for my team by providing a predefined rule assigned and implemented on the PAM; for example, it sends us an email if there is any suspicious activity or threat credential loss, offering feedback related to user behavior. For Alero, Remote Access Management, it is a very wonderful Identity and Access Management with biometric MFA, mobile access, location tracking, and a small RBAC role-based matrix access that defines user roles, serving as a replacement for VPN.
CyberArk Privileged Access Manager has positively impacted my organization, showing significant improvement since all sessions are monitored and isolated using isolated RDP sessions, which are created temporarily and expire if not used.
In terms of specific metrics or outcomes, the time savings have been noticeable, and while it is not direct access, the PAM works efficiently between servers and end users, preventing users from running or installing unauthorized applications through the AppLocker application created on the PSM.
What needs improvement?
CyberArk Privileged Access Manager can be improved because I have experienced one issue where a user connected through RDP to a Linux server and the PAM could not fetch any commands or key store logging from the Linux server, which works fine on Windows servers. If they could combine both into one keylogger solution, it would be great, and increasing the number of CPM plugins for password retention while providing common web portal applications out-of-the-box would also help.
For how long have I used the solution?
I have been using CyberArk Privileged Access Manager for more than five years.
What do I think about the stability of the solution?
CyberArk Privileged Access Manager is stable in my experience, with no issues of downtime or reliability due to our disaster recovery (DR) and high availability (HA) servers in place.
What do I think about the scalability of the solution?
CyberArk Privileged Access Manager's scalability is good, as it can handle more users or workloads with our five-year roadmap indicating that the PSM server can manage around 20 sessions per hour, which is sufficient for our organization.
How are customer service and support?
I would rate customer support a nine on a scale.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously used BeyondTrust and Delinea, but I did not switch because I noticed many features in CyberArk that are not available in other solutions.
Which other solutions did I evaluate?
I did not evaluate other options before choosing CyberArk Privileged Access Manager, as I had good experience with another live product.
What other advice do I have?
My advice for others looking to use CyberArk Privileged Access Manager is to pay attention to the vaulting part, which is essential for every organization, as each server has a secured vault that connects over TLS with a lot of encryption details. The product is consistently enhanced, and the latest release is 14.6. I rate this solution 9 out of 10.
Which deployment model are you using for this solution?
Provides secure access and visibility, and it's highly configurable
What is our primary use case?
The use cases for CyberArk Privileged Access Manager include access to Windows, Windows servers, Linux servers, firewalls, clouds, GCP, AWS, and Azure, but I do not administer the clouds. I only administer CyberArk.
How has it helped my organization?
CyberArk Privileged Access Manager helps us maintain an inventory of our privileged credentials and manage password rotation easily for our organization. It provides a secure way to access and monitor.
CyberArk Privileged Access Manager has positively impacted visibility into the PAM accounts. It has a very good dashboard that provides visibility into our accounts and password information.
CyberArk Privileged Access Manager's abilities to safeguard the infrastructure are important, as protecting credentials provides us with security and visibility.
CyberArk Privileged Access Manager is effective for preventing attacks and threats. It's very effective since it connects to a SIEM, such as Splunk and ArcSight. The functionality called PTA, Privileged Threat Analytics, is very good.
CyberArk Privileged Access Manager integrates well with other products.
CyberArk Privileged Access Manager improves operations because it's all centralized. When you have CyberArk to gain access to the admin console and other applications, it's the easiest way to configure your firewall rule because everything comes from CyberArk.
What is most valuable?
It's user-friendly and very configurable. We can do many things with it, especially with password management. It's easy to manage, and the controls are straightforward. It's a specialized solution for which it's hard to find professionals to work with, but it's very effective.
It's a very good solution for data privacy.
What needs improvement?
The reports could be more editable. I want to be able to edit a dashboard to see other information or graphics. Making the reports more editable would be beneficial.
For how long have I used the solution?
I've been using this solution for at least five years.
How are customer service and support?
I would evaluate the customer service and technical support of CyberArk Privileged Access Manager as very good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I worked with Senhasegura, which is a Brazilian application for password security. We switched to CyberArk Privileged Access Manager because it is recommended for larger environments.
How was the initial setup?
The initial setup is easy. I was involved in the setup process and was part of it.
It takes six months for the full implementation in a big company.
What about the implementation team?
The deployment team consisted of approximately 10 people. While I don't know the exact job titles, a manager and at least two engineers on the CyberArk team were required.
What was our ROI?
CyberArk Privileged Access Manager has helped our organization save on costs. CyberArk Privileged Access Manager is expensive, but it helps protect us from losing money.
Its benefits are visible immediately after the deployment, but in Brazil, people generally implement CyberArk Privileged Access Manager after an incident.
What's my experience with pricing, setup cost, and licensing?
It's not a cheap application. It's very expensive.
What other advice do I have?
Don't wait to be attacked or lose your data. Protect your credentials, even if you use other security tools.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Cyberark
Robust PAM for Enterprise
There are few I liked,
Session recording and live monitoring
Audit logs for any activity done within the PAM session and by PAM administrator.
Integration with SIEM
UBA is also presented
And there are more I could say as dislike points,
1. Not be able to use their administration PAM IOS or android app
2. PAM password automation often causing issue with switches
3. Integration with jumpcloud password automation has major risk and challenges
4. VPN less security open nee risk to organisation
1. Centralising all privilege credentials within untouchable vault
2. Manual credential managements
3. Session monitoring on limited visibility privileged accounts
4. Compliance and gaps
Role management and session recording increase operational efficiency
What is our primary use case?
With CyberArk Privileged Access Manager, the main idea is to control third parties of the organizations. A lot of banks usually work with integrators abroad, and they want to control those connections from the third party to their infrastructure, including the ability for the CISO or security officer to watch online the session of technical support provided by the integrator. That was the most common use case.
Another use case is to control IT personnel, where the information security team manages what actions they perform at higher privilege levels in the infrastructure. So, those two use cases are the most common.
What is most valuable?
The most valuable features in CyberArk Privileged Access Manager are session recording, role management, and access control division. Different groups can use all the abilities of the administrative role, and customers can divide their teams into auditors, administrators, and CISOs.
The storage of passwords is also brilliant. Everything is stored in a highly protected area, allowing customers to use a single sign-on approach to connect to infrastructure servers necessary for their daily activities.
The impact of CyberArk Privileged Access Manager on customer operational efficiency is quite positive. While we cannot provide exact figures, the effectiveness is apparent, though we lack specific data.
Assessing CyberArk Privileged Access Manager's ability to prevent attacks on financial services infrastructure is quite complicated, as customers usually do not share information about attacks or prevention. During POCs, before selling the solution, we run common attack simulations that typically occur in the financial sector, such as lateral movement. We have tested various attack scenarios in testing mode where CyberArk is installed, and we have shown to our customers that CyberArk successfully mitigates those attempts.
CyberArk Privileged Access Manager has helped reduce the number of privileged accounts to a minimum over the years. When we start working with CyberArk in customer infrastructure, the first thing we do is run the Discovery feature, which shows all the administrative accounts in different information systems. The next step involves addressing accounts that are unnecessary or could be used for malicious activities, so reducing administrative accounts is typically the second or third step after integrating the system.
CyberArk Privileged Access Manager indeed helps meet compliance and regulatory requirements for customers, especially in the financial sector, by aligning with PCI DSS standards. Consequently, customers are very satisfied when auditors evaluate their compliance. When assessing CyberArk Privileged Access Manager for ensuring data privacy, the focus mainly lies on password management. I have not encountered customers using the storage solutions for anything other than passwords, making it challenging to discuss broader data privacy. The primary data customers prefer to store consists solely of passwords.
What needs improvement?
Areas of CyberArk Privileged Access Manager that can be improved include offering clearer configuration options. Due to its advanced and complex nature, sometimes it is not obvious where to find specific parameters for configuration. Enhancements, such as video tutorials within the product, would be beneficial, as the text documentation is often insufficient.
It would be very useful to have predefined configuration wizards. For instance, if templates are available for third-party support teams, it would allow users to click through the configuration process with checkboxes, significantly simplifying the setup.
For how long have I used the solution?
I have been working with CyberArk Privileged Access Manager for eight years, with technical hands-on experience for three years.
I became a project manager of the projects for implementation, education, and technical support of CyberArk. In terms of technical experience, it was three years, and for the management of CyberArk projects in general, it has been about five years.
What do I think about the scalability of the solution?
CyberArk Privileged Access Manager is easy to scale and accommodates various infrastructure models. Any component, including licenses, can be duplicated and scaled across hybrid infrastructures, such as when a customer uses both on-prem and cloud solutions.
How are customer service and support?
My impression of their technical support team is that it is very bad. The support team's response time is quick, however, the resolution process takes too long.
This inefficiency leads us to maintain a highly trained and experienced internal team, which is costly yet necessary since the vendor support response time is often inadequate.
How would you rate customer service and support?
Positive
How was the initial setup?
The typical deployment process for CyberArk Privileged Access Manager starts with ensuring organizational prerequisites are met. We begin by sending prerequisites required for the environment, and the customer provides feedback that the environment is ready.
After we establish remote connection capabilities, we initiate the installation process following the agreed scope of work. This process includes integrating with Active Directories, second-factor authorization services, and email systems.
Next, we configure role-based access control, set up reporting, and automate email notifications for predefined activities.
Finally, we utilize a Threat Intelligence system to establish a baseline of regular behavior for administrative users.
What was our ROI?
Regarding measurable benefits after deploying CyberArk Privileged Access Manager, customers often ask about return on investment. One measurable benefit is the reduction of engineering resources in the IT staff since they do not need as many administrators to manage numerous services.
Additionally, they reduce the number of personnel in the information security team, as fewer controllers or auditors are needed to oversee the activities of IT staff. These benefits can certainly be measured.
CyberArk Privileged Access Manager has helped customers save on costs primarily by reducing the number of engineering and information security personnel. This includes salaries and bonuses; although they do not fire these individuals, they reallocate them to other activities.
What other advice do I have?
If a colleague believes they do not need a Privileged Access Management tool since they are already using other security tools, I might explain the core idea of PAM solutions. The main purpose of a PAM solution is to prevent malicious activities involving administrative accounts. Hackers need to exploit these accounts to cause harm, and according to a recent Gartner report, approximately 80% of all attacks are directed through administrative accounts. This is why PAM solutions, including CyberArk, must be implemented to effectively manage and monitor those administrative accounts.
On a scale of one to ten, I rate CyberArk Privileged Access Manager an eight out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Offers quick access, ease of use, and seamless integration
What is our primary use case?
I'm using CyberArk Privileged Access Manager in the telecom industry, specifically for one of the clients. The main use case for CyberArk Privileged Access Manager is the Endpoint Privilege Management part, where privileged access needs to be managed, monitored, and recorded as part of SOX compliance. Other major use cases involve event management, trigger management, and notifications for break glass scenarios for various customers.
How has it helped my organization?
CyberArk Privileged Access Manager offers various exposed REST APIs, allowing for quick onboarding and reporting from the SOX compliance perspective, which wasn't available before. The exposed APIs give us the flexibility to perform scripting using Python and other languages to develop native tools.
CyberArk Privileged Access Manager integrates with various incident management tools, enabling automated actions through triggers for generated events. The integration with Ignimission provides operations teams with a dashboard for compliance management more efficiently.
CyberArk Privileged Access Manager offers customers good visibility of accounts to onboard. The DNA tool provides an overview of their network entity, thereby helping them streamline their network from a privilege management perspective. They can see how many assets there are, how many assets have different accounts, and which accounts are currently active or not. From the dashboard, the customer has clear visibility.
Its integration is seamless with out-of-the-box connectors. You just need to provide the input in a configuration file. It can be integrated very easily.
What is most valuable?
The most valuable features of CyberArk Privileged Access Manager include quick access, ease of use, and a variety of connection methods beyond the web portal. The Just-in-Time functionality within CyberArk is very important, and recent features such as the MFA gateway allow external customers to perform their work while being monitored seamlessly. Any events not adhering to SOP trigger notifications to admins for prompt action.
What needs improvement?
Improvements in CyberArk Privileged Access Manager should focus on simplifying installation and upgrade times, and also consider making professional services training more accessible to implementers and partners. Free training for implementers should be offered, and the installation and upgrade process should take less time.
In addition to that, CyberArk should communicate their Impact events to customers and SI partners, and consider making them free, as these events showcase their roadmap and new features.
For how long have I used the solution?
I have been working with CyberArk Privileged Access Manager for more than eight years.
What do I think about the stability of the solution?
I find CyberArk Privileged Access Manager to be a stable solution and would rate its stability a nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of CyberArk Privileged Access Manager an eight out of ten.
How are customer service and support?
I would rate CyberArk's customer support as a seven out of ten. The rating stems from the fact that sometimes critical issues require follow-ups, as the support team doesn't always recognize the urgency of a critical ticket immediately. There is a need for more dedicated support for some customers moving forward.
How would you rate customer service and support?
Neutral
How was the initial setup?
The previous versions were a bit difficult, but the newer versions have improved. They have done some scripting for the installation part, which has improved the overall installation very much. There is still some scope for improvement. I'm looking for an automated script where all the entities or inputs can be provided. Once that script runs on a particular server, CyberArk gets installed without any user interruptions. Currently, we have to be very specific with prerequisites and everything else. If the prerequisites are not met, there are some issues, and you have to sometimes rebuild that particular server. To avoid such things, an automated script should be there to check the overall prerequisites. After installation, there should be a global script that checks all the functionalities to see whether every entity and every component has been installed correctly or not.
What about the implementation team?
I am the implementer for CyberArk. As an implementer, my customers are from various industries, currently managing customers from the healthcare, telecom, and semiconductor industries.
What's my experience with pricing, setup cost, and licensing?
Since CyberArk is at the top of the Gartner list, the cost is indeed on the higher side, but customers must discern which entities are essential to purchase. They should weigh the cost against the quality received.
The setup cost for CyberArk depends upon the customer's infrastructure, and while it may be on the expensive side, the quality and support provided justify the investment, along with documentation and training that add value.
What other advice do I have?
CyberArk Privileged Access Manager is the best solution for safeguarding sensitive patient data in healthcare, providing visibility and traceability that enhance compliance. Its strong design offers security and visibility for events across all industries, showcasing its robust capabilities. CyberArk Privileged Access Manager is crucial for safeguarding credentials in healthcare organizations.
I would recommend CyberArk Privileged Access Manager to those looking to use it. The biggest benefit is its versatility, providing comprehensive flexibility across various operational needs, while also offering expert support to resolve any issues encountered.
It stands out as the best tool on the market. It deserves a nine out of ten overall.
Which deployment model are you using for this solution?
An excellent solution with continuous upgrades and quick support
What is our primary use case?
We use CyberArk Privileged Access Manager for all kinds of privileged accounts, comprising personal accounts, service accounts, and different database accounts. We manage the administrator account for Windows, the root account and reconcile accounts for Unix servers, and system administrator accounts in databases. Personal accounts are also managed along with some shared service accounts.
I work for a cybersecurity reseller company, which is US-based, and we provide managed services to all kinds of industries. Currently, I am working with a natural resource and a healthcare company.
How has it helped my organization?
Many things have improved with CyberArk Privileged Access Manager. All privileged accounts are now secured.
The password management keeps the passwords rotated, and these have different sets of policies, which keep the passwords in compliance. Compliance-wise, it is good to have a PAM solution in the organization. I believe CyberArk Privileged Access Manager is the best one available at this point in time.
What is most valuable?
The best thing about CyberArk Privileged Access Manager is that they keep on upgrading it. They continually conduct research and development from their end, and we get immediate support from CyberArk whenever OEM support is required for any task. Support-wise, they are the best, and the way they conduct research and analysis and upgrade the tool often is excellent.
What needs improvement?
They keep on improving regularly. As of now, it does not manage all of the IDM practices. It is only good as a PAM solution. If they could work more on Privileged Threat Analytics, it would be beneficial. It has limitations, so improvements on PTA would be fine.
For how long have I used the solution?
I first used CyberArk Privileged Access Manager in 2016, and since then, I have worked on different tools as Cloakware, CA PAM, but I am now again working on CyberArk Privileged Access Manager, so it has been approximately seven years.
What do I think about the stability of the solution?
If implemented properly, the stability for CyberArk Privileged Access Manager is very good.
What do I think about the scalability of the solution?
I would rate the scalability for CyberArk Privileged Access Manager as nine out of ten. It is very scalable, and you can manage more than 100,000 accounts, as I have worked in environments where we managed that volume and more.
We are partners with CyberArk Privileged Access Manager. Our clients are medium and small businesses. The number of accounts we manage in CyberArk Privileged Access Manager is approximately 10,000 in one client and 5,000 in another.
How are customer service and support?
Support-wise, they are the best. I would rate the technical support for CyberArk Privileged Access Manager a nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used a very old tool called Cloakware before CyberArk Privileged Access Manager, created by CA Technologies. It later got upgraded to merge with CA Technologies, and we had a product called CA PAM, which later got improved into what we see in the market today, called BeyondTrust. Cloakware was not that organized. There were many issues with provider IDs, the interface was very old, and hardly any companies use it these days. When I was using it, I was working for a US-based bank. Comparing that with CyberArk Privileged Access Manager is impossible, as they are poles apart.
How was the initial setup?
We have had cloud and on-premises deployments. Its deployment is easy. They have provided all kinds of documents. They are available in the community portal. You can get all kinds of help from the community or people using CyberArk and the OEM.
The duration of the deployment for CyberArk Privileged Access Manager completely depends on the environment. If it is a big environment, it may take up to one or two months sometimes. It depends on the collaboration of the teams. If the infra teams, the network side, and the OS side do not collaborate properly with the CyberArk team, it can take longer. However, if everything is in place and the environment is not huge, it takes less than a month, around 20 days.
The solution requires regular maintenance. You need to keep upgrading when updates are released by CyberArk Privileged Access Manager, and they do it quite often. Server patching is very important, and you need to be aware of the services running all the time. They have provided a system health feature to check if there are any component services that stop. All maintenance is required regularly, not daily but perhaps weekly, depending on the size of the environment. A good thing is that all of these can be automated. It saves a lot of time there.
What about the implementation team?
We have eight specialists in one team working with CyberArk Privileged Access Manager in my MSS team. There are other teams as well that have many CyberArk specialists, though I do not have an actual count.
What was our ROI?
It saves financially, though I cannot provide specific numbers. It is vital to have a PAM tool in your organization because it protects you from all kinds of malicious attacks, both insider and outside threats.
Regarding time-saving, many things are automated on CyberArk Privileged Access Manager, which helps us save considerable time work-wise and is very efficient for users. The end users have the authority to reconcile the password or verify it before using session isolation, which is one of the unique features that can be enabled through Privileged Session Manager, preventing any attacks from happening within the organization when connected with sessions through CyberArk Privileged Access Manager.
What's my experience with pricing, setup cost, and licensing?
The pricing for CyberArk Privileged Access Manager is quite expensive, and the pricing varies from region to region. In APAC, CyberArk Privileged Access Manager can be obtained for less than in North America, according to my understanding. Pricing-wise, they could improve by trying to sell their product in bulk licenses. You need to have a service provider or a reseller as the mediator company building the CyberArk Privileged Access Manager. Pricing-wise, they could definitely do a little better.
What other advice do I have?
I would recommend CyberArk Privileged Access Manager to other users for all the reasons discussed. It has been number one on Gartner's quadrant for several years. Considering all those factors and being the best tool in the market for Privileged Access Management, it is recommended.
I would rate CyberArk Privileged Access Manager a nine out of ten.
Helps secure our accounts and has good stability and support
What is our primary use case?
My use cases as of right now include configuration, implementation, and developing a PowerShell report.
What is most valuable?
By implementing CyberArk Privileged Access Manager, we wanted to secure the password data and password accounts. We could see the benefits of CyberArk Privileged Access Manager immediately after we deployed it and started using it.
What needs improvement?
They could improve CyberArk Privileged Access Manager by providing more reports. If I need to know the 10 most-used accounts for this week, that functionality can be made available in the reports.
For how long have I used the solution?
I have been using CyberArk Privileged Access Manager for seven years.
What do I think about the stability of the solution?
It is stable. The environment is stable, with no lagging, crashing, or downtime.
What do I think about the scalability of the solution?
I cannot say much about scalability because we did not have any need for it.
How are customer service and support?
I have contacted their technical support plenty of times. I would rate CyberArk's support a seven out of ten. They are always good.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have not used any alternatives to CyberArk Privileged Access Manager in my career.
How was the initial setup?
The initial deployment was easy because I went to training first. The training was set up by CyberArk. From design to implementation, it took close to six months.
In terms of maintenance, it requires OS upgrades and patches. It doesn't take a long time.
What about the implementation team?
We did not use any help from a third party, such as an integrator or consultant. The number of people required depends on the environment. I don't see how one person can manage it because there is a lot of information to collect before even doing a design.
What's my experience with pricing, setup cost, and licensing?
My company always complains about the cost of CyberArk Privileged Access Manager because it's too high.
What other advice do I have?
For a new user, I would advise them to try to configure CyberArk Privileged Access Manager a couple of times before starting to use it in a production environment.
I would rate CyberArk Privileged Access Manager a nine out of ten.
Which deployment model are you using for this solution?
Provides good control over privileged access but users sometimes experience lagging
What is our primary use case?
We use CyberArk Privileged Access Manager to manage privileged access, so all the privileged accounts are vaulted in CyberArk, and that's our control method to manage privileged access. We also manage access for developers, so we have dual control to give approval to developers.
How has it helped my organization?
CyberArk Privileged Access Manager has made our operations more streamlined. There is an approval process, so it helps us keep tabs on who's working on what and for how long. We also have to give a reason when we're using privileged accounts, which helps keep track of whether they're being used correctly.
It's been good so far in safeguarding the infrastructure, but we've not used additional features of CyberArk Privileged Access Manager. Modern PAM with secure web sessions or secure infrastructure access is something that I learned about at the conference. I am curious about how we can use it.
It has not helped to reduce the number of privileged accounts. Whatever we find privileged in the environment, we want to control that by using CyberArk Privileged Access Manager. That's how we're able to control it. It has helped us identify privileged access better because we discovered users who didn't need privileged access. There have been cases where users with privileged access don't want their accounts in PAM because they need to pick up the password on a daily basis to perform their actions. There have been cases where they've gotten their privileged access off the account because it's not needed.
The user interface needs some training, but with a guide telling the user how to go about it, we have received positive feedback from whoever has used it.
It took us some time to realize its benefits because any new tool needs a proper understanding of how it can be used. A lot of testing was done on the engineering side, and demos were given. It took some time, but it is going smoothly.
What is most valuable?
Given that this is the only tool that I've worked with for the control process of privileged access, I don't have anything to compare it with. However, it's helped us keep our privileged access in check. We're able to get logs as to when the user checks out an ID and for how long, so it's a good monitoring tool.
What needs improvement?
They covered a lot at the conference. I don't have visibility into what product we've bought. It would be nice for them to approach us with what we have bought versus the new features being added. We need clarity on whether new features come included in the package that we already have, or if it's something that we need to have over and above.
Occasionally, there are lagging issues. Sometimes users have to re-login. When users copy passwords, there is sometimes a lag, so they have to log out and log in, but these are very rare cases.
For how long have I used the solution?
I've been using it for about 5 years.
What do I think about the stability of the solution?
Occasionally lagging occurs. I've not heard about crashing, but there is a lag. Sometimes users will have to re-login and get it right.
How are customer service and support?
The team that I work with is our in-house engineering team. I've had a conversation with CyberArk once last year revolving around efficiently generating the inventory reports. I contacted the technical support, but I didn't get a very straightforward solution that I was expecting.
We were developing a dashboard to find all the privileged accounts that weren't vaulted in CyberArk. We wanted the inventory report to be generated on a daily basis, but were having some trouble. We reached out to their technical support. The solution that they proposed was not straightforward because of the backend processes of CyberArk. We had to approach it in a different way.
How would you rate customer service and support?
Neutral
What other advice do I have?
I would rate CyberArk Privileged Access Manager a seven out of ten.