I use the solution for administration. If the customer requires Alero or HTML, we will deploy the solution in that particular environment. Otherwise, if the end users are accessing the solution via VPN or from inside the network, we will not deploy Alero or HTML. We will instead focus on CyberArk's core PAM, which includes the vault password rotation component, the web interface component, the jump server, and PPA. These are CyberArk's four main components which we deploy for every customer.

CyberArk has a lot of modules, such as Enterprise Password Vault, which is the heart of the solution and needs to be up and running at any time. Privileged accounts and session recordings get stored inside the vault itself.

Likewise, we can configure high availability for the vault, like an active/passive or an active/active configuration. Replication disaster recovery is also supported.

CyberArk is also capable of rotating the credentials for a lot of endpoints. It has the CPM plugins by default for password management, Windows and Linux, as well as databases like Oracle and MS SQL, and can also rotate to some network devices like Cisco 9000.

We have Privileged Access Management, a general server between the user's and the target's machine. All of the sessions go from that server to the target endpoints. Once the end user disconnects the session, the session recordings and live monitoring will be uploaded to the vault. That recording will be stored for 180 days for auditing.

Another component is Privileged Threat Analytics. It detects any threats on target machines. For example, an end user might connect to a Linux endpoint and try to run privileged commands. Those commands are customizable and can be defined in the PTA as well. Whenever those users run those particular commands on the target, the PTA will report suspicious activity and report to security admins in the organization via mail or even on the web portal. We have a separate tab for security.

Within security events, these particular suspicious activities will be detected as threats and attain a risk score, "This is the user who connected to this particular target and ran these particular commands or applications."

CyberArk has a remote access solution called CyberArk Remote Access Alero. CyberArk also supports HTML gateways so that users can connect from outside the network without a VPN connection.

The solution has many advantages, such as the user interfaces and remote app features when using local applications when sessions are getting established over RDP, SSH, database, and web browsers. It is easy for administration as well.

Password management for all the endpoints needs improvement.

CyberArk can handle password management for Windows, Linux, databases, and network devices. However, there are solutions like Tenable or Skybox, Palo Alto, and other security devices for which we cannot provide password rotations on CyberArk. CyberArk should look into development for those particular plugins. I heard they had developed them, but they are not widely available. So if, for example, a customer requires CPM's password management plugin for Tenable, they need to send a request to CyberArk themselves so that the CyberArk team will then sell it to the customer. It does not come with an implementation license. It's a separate thing that a customer needs to purchase. CyberArk will assign it to that particular customer ID, and that plugin will not be supported for other customers. But those are their business tactics. They will not reveal all their plugins, only the basic ones.

I have worked with CyberArk Enterprise Password Vault for four years on a regular basis.

I rate the solution's stability an eight out of ten.

I rate the solution's scalability an eight out of ten.

The technical support is very poor. We handle implementation for our clients, so we do not handle support after. We do the knowledge transfer and if they face some challenges, we will show them how to troubleshoot as well as the documentation. We provide everything to the customer as they are not experts in CyberArk.

If the customer faces any issue, they will raise a case with CyberArk in the technical portal. But once they raise a case, CyberArk will not respond.

Let us say I opened a case this morning. Initially, they will respond, "I am the technical expert handling this particular case. Please provide me the logs." Their first reply will be that they want the logs. The customer will then gather the logs somehow and attach those logs to the case.

However, it will take two days for technical support to investigate their logs and reply. Even after two days, they will reply, and will say, "I am transferring this case to the higher level expert" that is, L2 or L3, "they will get back to you." 

The initial reply will be given by the L1 engineer who doesn't know the product or how to troubleshoot that situation, so every case will go to the L2 level or L3. The time taken in the process is too heavy. So even if I open the case as a "severe" case, even if it is not severe, they will reply to say that this particular case is not severe, so I have to keep it as "medium" or "low." As a result, customers consider hiring support from my company.

Neutral

With CyberArk, we have the direct installer file and setup files for each component, such as Password Vault Web Access, CPM, PSM, and PTA. The implementation engineer should install every component. We also need to have servers for each component. We need to request a set of servers per the architecture and the components count. Once we get those servers, Windows or Linux servers, we need to copy the setup files onto them. We need to deploy the setup files by installing and taking some steps. It contains manual and automatic installation, with CyberArk providing some PowerShell scripts themselves. With those scripts, we can do the installation automatically. 

By comparison, with BeyondTrust, whatever the module is, the virtual appliance is built by the BeyondTrust team itself with all the configurations. We just need to deploy it in our organization network and do the initial networking configuration, and later, we can directly do the integrations.

Also, CyberArk recommends we do hardening for each component for security purposes. After hardening, unwanted firewalls and services will be disabled on the operating systems, which makes the product more secure.

Though there are some efforts required from the implementation engineer, the installation is straightforward. I rate the initial setup a seven out of ten.

Users will clearly understand the solution once they go through the architecture diagram.

To connect to the target systems and view the accounts, view the session recordings, and check if the system health of all the components is working well. Any admin-related task will be done in the web portal, Password Vault Web Access, a separate component in CyberArk.

CyberArk is one of the better solutions which users will want to implement in their organization for securing their privileged accounts and access, and session monitoring for auditing. If they can deploy CyberArk, it's a good product.

The main use case is the protection of privileged accounts. We also use it for multi-factor authentication and single sign-on.

Now we feel assured that all our privileged accounts are well protected. Our admins don't know passwords and don't enter them manually. This eliminates the risk of interception and account hijacking.

First of all, CyberArk offers great flexibility. Throughout our years of experience, we haven't found any system that we couldn't connect with CyberArk. We have many web management consoles, and it's no problem to connect to them using custom connectors.

Moreover, it's a highly customizable solution. If you know how to do it, you can customize it as you want.

There is room for improvement in the pricing model. From a technical point of view, there are no issues. Support could be faster, though. We have mentioned that better support from CyberArk would be beneficial.

So, support could be faster, and pricing can be improved.

We have been using it for our needs and sharing it for over ten years. Currently, we use version 12.

It is a very stable solution. I would rate the stability a ten out of ten. If you can read the manual and avoid making mistakes, it's very stable.

It is an extremely scalable solution. I would rate the scalability a ten out of ten. In our organization, there are ten CyberArk users; they all are system administrators. 

The customer service and support could be better. The response time could be better. 

Neutral

I would rate my experience with the initial setup a four out of ten, one being difficult and ten being easy. It's a modular system. To run CyberArk, you need to deploy several different services, set them up, and configure the interactions. It's not a solution in one box.

The initial setup is not very complex, but I would say it's not very simple, either.

We have deployed CyberArk in both environments. We have several working calls in the cloud and some parts on-premises. The initial deployment takes about two days. 

Our main technical task was to reduce security risks, which we accomplished with CyberArk.

I would rate CyberArk's pricing a nine out of ten, with one being cheap and ten being expensive. It's one of the most expensive solutions in the market, but it's worth it.

I would suggest finding a qualified partner. Don't try to install and configure it on your own. Instead, seek a certified CyberArk partner. It will save a lot of time and stress.

Overall, I would rate the solution a nine out of ten. It's very good, but there are still areas for improvement, like any other product. 

The solution's most valuable features are one-time password and exclusive access.

CyberArk is complicated and costly to deploy for Windows servers compared to a few other vendors. It would be helpful if they combined all the components on a single server. Also, they should release a version specific to small businesses with two servers installation architecture.

We have been using the solution for three years.

The solution is highly stable. I rate its stability a ten out of ten.

I rate the solution's scalability a ten. It is the best in the market. It can scale to any infrastructure. We had implemented around 1000 target servers for our previous customers.

The solution's training documentation compensates for efforts to raise the tickets. We can resolve the issues ourselves based on the documents provided by the vendor. If you contact them for any problems, they solve them within a few hours.

I have implemented the solution for small and large enterprises. I haven't come across any bugs or issues. I use the 12.2 version as it is more stable, and I have more experience working with it than the newer version. It is easier to deploy if you know how to use it.

The time taken for deployment depends on specific project requirements. In the case of lesser servers and target machines, it takes about a few weeks. Whereas for a larger number of servers, it takes around two to three months to complete. The process involves setting up servers to host password vault, API access, central policy manager, and SM server. Additionally, for customer-specific requirements, we can set up Distributed Trusted Host (DTH) server for privileged analytics and Privileged Session Manager (PSM) for session management.

Apart from the deployment, it involves configuring policies, setting up additional connection components, etc.

The solution is cost-effective for the features. In comparison, other vendors would charge extra for the same features. Also, its pricing model is based on the number of users rather than the number of servers. Thus, there are no additional costs. I rate its pricing a six or seven.

I recommend the solution to others and rate it a ten out of ten. It is user-friendly once you understand its functionality.

We use the product to store system accounts. 

CyberArk is a good and adaptive solution. It is easy to adopt and install. It is easy for every use case. 

The challenge with the product is pricing since it's expensive. It also needs to improve the customization. We encountered some stability issues as well. 

I have been working with the product for more than 10 years. 

I would rate the solution's stability a seven out of ten. 

My company has more than 20,000 users for the product. I would rate the product's stability an eight out of ten. 

We have a direct connection with the CyberArk leadership. However, the tool's support is not user-friendly. They will charge you for premium support and push you towards it. 

Neutral

I have used BeyondTrust before. 

The solution's setup is easy. There were some challenges while managing from environment to environment. We experienced some glitches during the installation process. 

The product's licensing is yearly. I would rate the solution's pricing a six out of ten. 

I would rate the product an eight out of ten. We only have the licensing contract with the product and everything else is managed in-house with a team size of four members. 

We currently employ CyberArk Privileged Access Management, which involves extremely complex processes for ensuring the secure management, verification, and guarantee of credentials. Implementing the professional installation tool represents another challenging aspect of this task.

The most valuable feature of CyberArk Privileged Access Manager is privileged threat analytics.

The support could improve for CyberArk Privileged Access Manager.

I have been using CyberArk Privileged Access Manager for approximately three years.

The solution has high availability.

CyberArk Privileged Access Manager is highly scalable. When compared to other solutions it scales well.

I plan to use the solution more in the future.

The issue of technical support is crucial, as there are not many specialized partners available in Brazil to provide this service. While English language support is of good quality, there is a significant shortage of partners capable of meeting the demand locally.

The initial setup of CyberArk Privileged Access Manager is easy.

We have received a high ROI using CyberArk Privileged Access Manager.

The price of the solution is reasonable.

I rate the price CyberArk Privileged Access Manager a seven out of ten.

Individuals who wish to utilize CyberArk should be cautious when selecting a partner to implement the solution, as proper architecture design is essential to ensure a streamlined and effective implementation.

I rate CyberArk Privileged Access Manager a nine out of ten.

CyberArk vouches for access to domain controllers in Unix and Windows Server. 

CyberArk makes our environment more secure and prevents possible attacks by compromised accounts.

The price is high compared to Azure Key Vault. It's the most expensive solution. 

I have used CyberArk for about three months.

We have 98 percent uptime. 

CyberArk is scalable. We have around 4,000 users. 

We previously used Telos. We switched to CyberArk because it has features to deal with a large company that has a complex structure and many partners. 

Deploying CyberArk was moderately difficult. It isn't too hard, but it isn't easy. One person is enough to install it. It took about one month to select the product and deploy it.

CyberArk is more expensive than other solutions, but it's necessary when the company has contacts with other branches and partners. 

I rate CyberArk Enterprise Password Vault eight out of 10. It's more expensive than Azure Key Vault, but Key Vault doesn't have CyberArk's analytics and user tracking. I recommend CyberArk if you need those features. However, it's costly in the Brazilian market because of the conversion fro reals to dollars.