The main use of CyberArk Privileged Access Manager is to manage identities and access for our clients. We mainly focus on use cases like managing shared accounts, automatic password rotation, and recording sessions.

Its quite difficult to track for client who has access and at what time, which activity was done with that account, especially for built-in administrator accounts and Shared accounts.

Automatic password rotation is another use case. CyberArk Privileged Access Manager has the capability to rotate automatic passwords in the defined period of time. CyberArk Privileged Access Manager is also used for recording and session monitoring .

With CyberArk DNA, we can discover the accounts and their associated dependencies and usage.

Data is secure. The passwords are stored in an encrypted format. The data privacy is very high, and it is quite challenging for someone to retrieve credentials from CyberArk Privileged Access Manager.

With Privileged Threat Analytics (PTA), which is a different component in CyberArk, you can put some additional control. For example, you have an account onboarded on CyberArk. If someone wants to access the system without using CyberArk and copying a password, which they might have stored in the notepad or their system, an alert gets triggered. There is also an additional control for ad hoc admin access if someone wants to access an admin privilege or and want to access some critical application after business hours. PTA provides more control.

It improves the overall security posture and provides more control. We have better governance. Credentials are stored in the safe vault.

It reduces the need for IT and help desk resources. There is a streamlined change process without relying on the L1 team to reset the admin account credentials. There is also better compliance and segregation of duties. We can meet the compliance requirement for retention of logs, password rotations, etc. It helps client to meet different compliance requirement / standards, such as HIPAA, SOX, ISO 27001, etc.

With no manual intervention, there is also a reduction in human errors. Based on the number of available accounts for the organization and the user entitlement, that is 300 to 400 hours.

It improves operational efficiency. With the control that we have with CyberArk Privileged Access Manager, there is a reduction in the manual effort for validation of the admin accounts. Without it, a person has to extract the accounts from the servers and revalidate them with the owners or approvers. That is quite tricky.

It can help to reduce the number of privileged accounts. For example, if the Windows team has 10 or 15 members with individual accounts. It is better to create one shared account based on their role such as L1, L2, or L3, reducing it to 2 accounts. It will reduce the number of privileged accounts in the organization as well as threats.

The main feature of CyberArk Privileged Access Manager is the ability to manage who has access to what and when, especially with shared accounts. With individual accounts, that is easy, but with shared accounts, it is quite challenging for clients.

The sessions are being monitored based on the Safe design and the ownership of a respective Safe. And its maintain individual accountability, Also check-in and check-out the passwords.

The reporting should be improved. There should be more customization. The report should show how we are going to mitigate the risk because we cannot show the system environment to each and every auditor. Some kind of custom report should be there so that we can give a clear output about the risk.

There should be improvements in the dashboard visibility within CyberArk Privileged Access Manager. It should give more visibility in a single go rather than having to compare different reports.

Furthermore, having out-of-the-box dependency discovery for accounts, such as scheduled tasks , services and application pools, would be beneficial to improve overall functionality.

I have a total of 16 years of experience, and I have been working with CyberArk for about twelve to thirteen years.

There have been no stability or performance issues as long as the design meets the requirements. It is essential to adhere to the recommendations for concurrent session capacities.

The solution is quite stable and scalable. It does not seem to have any gaps.

The technical support from CyberArk is quite impressive. They are responsive and provide detailed information when needed. I would rate them a nine out of ten because sometimes there are delays due to different reasons or misunderstandings.

I have worked in CyberArk, Delinea, CA PAM, ARCON, and BeyondTrust. I am parallelly working on other PAM tools along with CyberArk. I started to work in CyberArk PAM since version 7.1.

For on-premises, there is complexity due to the need for physical servers and cluster configuration, which might require going to data centers. However, after several deployments, it becomes less challenging. A cloud deployment would be easier.

Its integration capabilities are quite good. We are using CyberArk identity as a multifactor authentication with RADIUS. That is quite impressive because, with one dashboard, we can manage the users' identities.

In terms of the deployment strategy, we first identify the scale and then design the solution. If the number of admins is high, there will be more concurrent sessions and recordings.

It is not tough to maintain. We once had an issue because of human error, but overall, it is easy. For 8X5 support, five members should be there.

For a large-scale deployment, two to three people are sufficient.

The cost savings vary based on the organization. A larger organization will definitely have more cost savings with the reduction in the manual effort in managing the accounts in the system.

The pricing is slightly higher compared to other solutions, but it is reasonable because there are better security features. Initially, it was based on endpoints, now it is based on the number of users, which offers cost savings based on administrative accounts.

I would recommend CyberArk Privileged Access Manager. My recommendation would be to ensure that the benefits of the solution are highlighted by presales, such as risk mitigation and meeting compliance posture.

The overall rating for CyberArk Privileged Access Manager is ten out of ten.

The primary use case for CyberArk Privileged Access Manager in our organization is to ensure we move away from named identity admin access, which lacks protection such as MFA and other features offered by cloud privileged identity management solutions. Our goal was to protect anything on-prem related to Active Directory privileged access, so we chose to go with CyberArk Privileged Access Manager.

I am the cybersecurity lead in my organization. Every single year when we do the audit, one of the things that consistently comes up is how there are hashes floating around the environment. Since switching over from named admin-privileged identities to CyberArk PAM identities, like PAM accounts, there have been almost no breadcrumbs left behind. There are no hashes and that sort of thing. We hardly see any hashes floating around the environment. We have not done the audit yet, which is due next month, but I have been keeping an eye on the hashes and it is looking promising.

The session recording and monitoring capabilities are valuable. We have real-time session management ability to record, audit, and monitor any privileged user activities. That is a big deal.

Automatic credential rotation and granular access control for target resources accessed by admins add to the value.

Seamless integration with the SIEM, especially Microsoft Sentinel, is valuable.

Lastly, the platform's versatility allows for the use of different types of platforms beyond just RDP and SSH, including SQL and web applications.

There is room for improvement, particularly with Vendor PAM. We were previously using a competitor product that allowed vendors to manage their own teams. CyberArk has brought a feature called Vendor Team Manager, but it does not provide full access. It requires the vendor team leader to be onboarded as a local account instead of using their email address. Improvements could be made to onboard the vendor team leaders using their email, allowing them to manage their own team. That would greatly reduce the overhead in managing vendor team members. We have 50 to 100 vendors. Each vendor has at least 10 to 20 accounts., so we are talking about 500 to 1,000 accounts. It would be easier if we could just manage those 50 vendor team leaders rather than hundreds.

We have been using CyberArk Privileged Access Manager for six months, having started on the first of July.

Stability has been impressive. We have not experienced downtime for any reason. We did encounter one bug, but it was resolved once a patch was applied. The system is very stable and seamless. It requires minimal intervention to maintain high functionality.

When we took over as system owners of CyberArk, I thought every single time there was an update, we would have to stay up the night to do the patches and make sure it worked, but it has been very smooth and seamless. There is no friction. Everything has been taken care of at the back end, and we have not had to do anything out of hours. It has been very good.

I would rate it a ten out of ten for stability.

So far, scalability has been excellent. Initially, we deployed the architecture for 10 to 20 users, but we have onboarded 30 users while still on that mid-tier configuration. We have had no issues.

Being a mining company, we do have operations at various sites. That includes multiple sites in Australia as well as a couple of sites in Northern America. We do have multiple sites with critical infrastructure on every single site.

At the moment, we have 50 user licenses, and so far, we have onboarded 30 users. We have 20 more users and some more coming on board in the new year.

I would rate it a ten out of ten for scalability.

CyberArk's support is excellent, providing personalized assistance through a dedicated local account manager and sales engineer. Their responsiveness is impressive, even though our location is quite isolated. We receive prompt support, which often exceeds expectations.

The dedicated local account manager has been providing us with personalized assistance tailored to the unique challenges that we have as a mining organization. The sales engineer supported us with his expert technical guidance during the deployment as well. It has been amazing. Both of these guys ensured smooth implementation.

For any issues that are not important, we raise tickets for customer support, and they have been very responsive. They get us back promptly. That is something unheard of because we are a very isolated city in Australia. Ours is the most isolated city in the world. The nearest city to us is 2,400 kilometers away. For someone like us, the support has been amazing. Sometimes, with other vendors, we have to wait a couple of days to hear back from them, but CyberArk has been exceptional in coming back to us with immediate responses. Their support has been perfect. I would rate them a ten out of ten.

Previously, we used BeyondTrust. We decided to switch to CyberArk due to its superior support, scalability, adaptability, and the local presence of account managers and sales engineers, which facilitated a smooth and effective experience.

While other products in the market may offer certain features at a competitive price, they often compromise on support, scalability, and adaptability. The main thing for us was the support. CyberArk combines top-notch technical capabilities with the local human touch of the local account managers and sales engineers. That was a big thing for us because that ensured a smooth and effective experience throughout the journey, which other products lacked.

We are in the West of Australia, and all the competitors are in the East. The only way to communicate is over the phone, and we would only see them once or twice a year. Having local account managers and a sales community was a game changer. Also, considering the reputation and the gold standard for Privileged Access Manager, others cannot compete with CyberArk.

It is a fully SaaS model, but because of the way CyberArk is architected, we do have our jump servers, PSM connector servers, and Secure Infrastructure Access servers in Azure, but it is not self-hosted. It is a cloud solution.

The jump start that was offered as a part of the product licensing was a game changer. When it comes to CyberArk, the complexity is quite high. That comes with security. Security and usability do not go hand in hand, but we have had help throughout our journey. The initial setup was detailed and supported actively by CyberArk's jump-start engineer. Every question was addressed, and the deployment was well-structured.

To realize its benefits, we had to wait until the users were happy using the PAM accounts. The individual privileged identities were still being used, so it took almost three months. That was the time it took for us to onboard the PAM accounts, hand over those accounts to the users, and confirm that it was working as expected.

In terms of maintenance, I thought there was going to be a lot of maintenance because we are the system owners, but so far, it has not skipped a beat. All the updates were very smooth. We did not have to do any work installing the patches, apart from underlying Windows patches, which is the sysadmin's job. If sysadmins are able to patch them, the product is resilient enough to come back up and do its function. Any updates related to the product itself are installed in the background, and it is very transparent for the user. It has been very seamless.

CyberArk's jump-start engineer played a crucial role in our successful deployment. He helped us all the way. Even now, about six months into the journey, he is helping us out with a few bits and pieces. Having that jump-start there was a game changer.

During our quantitative analysis, we estimated potential savings of one to ten million dollars a year by using a PAM solution. A cyber breach relating to admin-privileged access could lead to a financial loss of ten million dollars. If a standard user account is breached or compromised using their credentials, they cannot escalate to our higher privilege ones or cannot move laterally within the network. That was a game-changer.

CyberArk Privileged Access Manager is perceived to be somewhat overpriced compared to similar market products. It is a little bit overvalued. It could come down a little bit for my liking. However, the industry-leading reputation and the quality of service justify the high price point to some extent.

I would highly recommend CyberArk Privileged Access Manager. It is a leader in the privileged access management space, offering robust tools to secure credentials across IT and OT environments. We are very heavy on OT environments. It has been nothing but the best.

I would rate CyberArk Privileged Access Manager a ten out of ten.

I use CyberArk Privileged Access Manager to manage the privileged credentials of our environment.

When I arrived at my company, CyberArk Privileged Access Manager was already deployed, so I didn't set it up myself. However, I've increasingly taken over its management during the past five and a half years. I saw its benefits almost immediately. Much of the value is tied to user adoption; as the end-user base becomes more familiar with CyberArk and embraces it, the benefits increase. Conversely, when we have users who know CyberArk exists but don't trust it, prefer their own methods, and avoid using it, its effectiveness is reduced. Ultimately, the more users embrace CyberArk, the greater the benefits I observe.

The best feature of CyberArk Privileged Access Manager is its core function: automatically managing and securing credentials. The ability to ensure compliance with both our internal and industry standards is invaluable, particularly in the current environment. While managing a couple of thousand accounts may not be a large number within the CyberArk community, it significantly simplifies our work in ensuring compliance and maintaining standards. The PSM feature is also excellent, as I've found it increasingly helpful in establishing connections without exposing passwords. Although a bit clunky when I used it a few years ago, it runs much smoother now. Overall, it's a great product, and I appreciate most of its features.

We use the privileged cloud model. However, transitioning from a traditional on-premises deployment to the privileged cloud has resulted in losing access to many logs and administrative tools typically available on the back end. For instance, we can no longer examine safes directly, delve into the vault to set permissions more granularly, diagnose port issues, or manage license allocation. These functionalities were readily accessible with our on-premises setup, but the cloud environment significantly restricts them. One highly desirable feature, for which I've seen an enhancement request already submitted, would be the implementation of more comprehensive logging around platform and policy changes, including details on the nature of the change when it occurred, and who made it. I recently encountered an instance where one of our platforms was altered without knowing when or by whom. This lack of auditability makes it impossible to understand the rationale behind the change, even though it appears relatively intuitive. Therefore, enhanced logging would be a valuable addition to our current system.

I have been using Privileged Access Manager for five and a half years.

Generally, the performance of CyberArk Privileged Access Manager is quite good, and we've experienced very few issues. Specifically regarding the PSM, the response time is typically excellent. However, some users have reported occasional timeout issues where the PSM session terminates unexpectedly. The source of this problem is unclear, as it could originate from the target server or the PSM server itself. While I encountered more issues with the PSM a couple of years ago, the response time has significantly improved recently. There are inherent challenges due to the multiple network connections involved, mainly when mapping network drives to transfer files within a PSM session. This connection can be slow, especially when enumerating folders during file system traversal, but it's likely an unavoidable consequence of the process.

Scalability is straightforward. While the initial deployment presents some challenges, deploying additional servers afterward is quite simple. The servers are robust in terms of their handling capacity. In discussions with CyberArk engineers, I learned that the expected load for the CPM and PSM was discussed. The CPM, in particular, can reportedly handle up to 50,000 accounts independently without issue. Given that we only have a couple of thousand accounts rotating, deploying an additional CPM would be a relatively easy task, achievable in less than a day. Therefore, scaling up appears to be quite feasible if necessary.

We subscribe to premium support, and it's been excellent, providing us with relatively rapid responses and overall good experiences. Previously, with regular support, the quality was inconsistent and heavily dependent on the technician assigned to our ticket. Some technicians were excellent, diving right in, carefully reading my notes, and offering helpful solutions. Others seemed to overlook the details I provided. For instance, I'd explain that I'd already consulted a specific knowledge base article and implemented the recommended solution without success, only to have the technician suggest I review that very same KB article, which I had just referenced.

I rate CyberArk Privileged Access Manager eight out of ten.

The connector servers require minimal maintenance. The only constraint is keeping the browser drivers up-to-date for web application connections, which can be more of an annoyance than a hindrance. Overall, there is not much maintenance involved for CyberArk Privileged Access Manager.

My advice for new users is to read the documentation. There's a lot of good information in there. I know it can be a bit of a drag to go through it all, but as you work, especially on the administrative side, you'll find that it contains a lot of information that can save you headaches. It would help you avoid opening tickets just by reading and following the guidelines. The documentation is pretty good, though not perfect; there are actually several errors. However, for most day-to-day activities, it's quite helpful.

We currently use CyberArk Privileged Access Manager for password vaulting. Our roadmap includes managing service accounts, rotating passwords, and expanding to SSH keys, AWS keys, and other login credentials. We've already implemented local administrative accounts and rotated elevated domain administrative accounts. Additionally, we've integrated Okta for multi-factor authentication, using Okta Verify, and plan to expand this to workforce identity for broader end-user security and credential management.

CyberArk Privileged Access Management's most valuable features are primarily its password vault functionality, specifically CyberArk's Core Privileged Manager and Privileged Session Manager. These components facilitate secure password rotation and out-of-band session management, addressing our organization's critical security needs.

The current process for accessing RDP through the CyberArk or administrative portal involves downloading an RDP file. This is inconvenient for users and problematic due to security restrictions that prevent accessing servers via downloaded RDP files. Ideally, the process should allow for a direct RDP connection upon providing server details, eliminating the download step and streamlining access. This issue represents a significant challenge and source of frustration for users.

The product is complex and requires extensive configuration. More tutorials and detailed use cases with troubleshooting steps would be beneficial, particularly for first-time implementers. Despite the excellent customer service, resolving issues can be time-consuming due to the product's complexity. Compared to lightweight solutions like Okta, CyberArk requires more background experience and is not as straightforward to learn and implement.

I have been using CyberArk Privileged Access Manager for almost five years.

The performance of CyberArk Privileged Access Management sometimes lags or crashes, but this is not a significant concern.

We have not reached platform limitations yet, as CyberArk supports up to eight hundred platforms per tenant, and documentation is clear about scalability limits.

Customer support has been very helpful and responsive. My customer success manager facilitated many calls with technical experts, efficiently resolving critical issues.

CyberArk's environment setup was straightforward, but we encountered issues during the Proof of Concept stage, specifically with PAM account discovery. While the CyberArk Manager displayed discovered accounts, we couldn't download the data into a usable format like an Excel sheet. This hindered our ability to identify efficiently and inventory discovered accounts, particularly from Windows systems, for phased onboarding. Although we eventually received instructions from CyberArk support on downloading the data, the process was complex and time-consuming. Simplified data export features would greatly benefit administrators.

I received excellent support from CyberArk's technical team and customer success manager, who arranged calls and helped resolve implementation issues.

Although CyberArk Privileged Access Management is expensive, its protection capabilities outweigh the cost.

I also evaluated CyberArk, along with Okta PAM and BeyondTrust, because it encompasses all the features we require, and Gartner recognizes it as an industry leader.

I rate CyberArk Privileged Access Management seven out of ten.

To streamline project setup, new users should receive guidance on planning and implementation scopes. Scheduling a jump start without such direction can complicate learning.

The primary use case for CyberArk Privileged Access Manager is within the IT security industry. It manages privileged access and generates reports, particularly for clients in sectors like finance. The system facilitates account management, enables the generation of on-demand reports, and helps maintain security protocols for these clients.

CyberArk Privileged Access Manager has enhanced my organizational capabilities by providing important security reporting features.

The most valuable features of CyberArk Privileged Access Manager include its search capabilities. Searching was previously a challenge, especially with Windows servers. When searching, we could only search based on the account name itself, as the system couldn't identify which accounts had access to which systems. This functionality caught my attention. Another standout feature is CyberArk Compass, which is planned for an upcoming release or has potentially already been released for Prisma Cloud. Finally, managing user accounts through the PWA is quite helpful. When a user is suspended, we can activate the account using the PWA instead of the private client.

The ability to manage user accounts and suspend them with ease through Password Vault Web Access rather than a client is a significant feature.

I like the integration with tools like Compass and the ability to search based on account names and systems.

My concern and area for improvement revolves around reporting. I even submitted an enhancement request to CyberArk Software, suggesting that they include a dedicated dashboard page within either Privileged Cloud or their self-hosted PAM solution. This dashboard could feature visual elements like pie charts to display metrics such as account compliance percentages. For example, it could show PTA alerts to visualize security events occurring within a month, quarter, or year. Having such a feature would allow for on-the-spot report generation. Currently, we rely on the REST API to invoke and pull the necessary information. We then have to manually copy the data, convert it from JSON to Excel, and generate the desired report and dashboard. This process is time-consuming and sometimes leads to inconsistencies in the information provided.

I have been using CyberArk Privileged Access Manager for six years.

The stability of CyberArk Privileged Access Manager is generally good. Minor issues may arise, but they are typically manageable and not major. On a scale of one to ten, I would rate the stability an eight out of ten.

My deployment of CyberArk is scalable, although the scalability differs depending on whether it's on-premises or cloud.

Customer support is somewhat lacking. They are often unavailable on Fridays, and the support process, such as raising a call or case, can take too long. On a scale of zero to ten, I would rate their support as six out of ten.

Before using CyberArk, I interacted with BeyondTrust. BeyondTrust features, such as their reporting simplicity, made it easier for me to generate reports. The switch was primarily motivated by cost considerations.

The initial setup was detailed and required steps to ensure security measures were aligned with standards. Efficient sequencing, working with redundancy, and cooperation with load-balancing teams were crucial parts of the process.

The deployment took one week to complete because of the redundancy.

The solution is expensive but not excessively so. Discussions with clients have revealed that costs, especially for Privileged Cloud, are a concern. Improved support could enhance the solution's overall value.

I would rate the cost of CyberArk Privileged Access Manager seven out of ten with ten being the most expensive.

I would recommend CyberArk Privileged Access Manager because it is a leading solution for privileged access management. Although it has room for improvement, particularly in areas like reporting and support, it remains a solid option. I rate it an eight out of ten.

We have deployed CyberArk Privileged Access Manager using various configurations. For instance, active components are located in one location, while passive components reside in another. This is determined by the route to the virtual machine, as the components operate as virtual machines. The primary vault is situated in a separate location, and the disaster recovery vault is placed in another distinct location. Currently, we have a PAM license for 800 users, but we are utilizing it for 650 users.

CyberArk Privileged Access Manager maintenance addresses security bulletins and involves several key steps. We ensure the admin utilizes the security bulletin during maintenance, which begins with raising a change request. Before the change is approved and implemented in production, it is thoroughly tested in a test environment to verify its functionality. Deployment to production follows successful testing. Application-specific maintenance for CyberArk follows the product roadmap, ensuring we remain at most one version behind the latest release. We also promptly apply necessary security patches from security bulletins. Furthermore, from an OS perspective, we maintain alignment with the latest Microsoft patches, ensuring all systems are up-to-date and secure.

I am a senior manager, and we have multiple clients for whom we deploy CyberArk Privileged Access Manager. We also manage or upgrade their instances. We handle migrations and new implementations. We take care of anything related to CyberArk.

The feature that I like the most is the Privileged Session Manager. It offers session recordings, logging, and tracking of user workstreams. It keeps a record of activities, allowing me to easily fetch screen recordings to detect any misuse and see who did what and what happened. Its benefits can be seen immediately after the deployment.

Based on the user experience that I see on a day-to-day basis, some changes could be made to the Privileged Session Manager tool to make it more user-friendly. The user interface of that tool could be more advanced and understandable to laymen, rather than being more of a developer tool. I would recommend more user-friendliness there.

CyberArk is more focused on the cloud solution. They are not going towards on-prem, but a lot of clients still like the on-prem solution. With the cloud implementation, you have a lot of dependencies on expert services. When you get into some issues, you have to wait for expert services. They usually reply in two to three days. That is something CyberArk needs to make better. If they want clients to move to the cloud, they need to support them in real-time. The client should not be waiting for two days to get a response for the issue. If CyberArk wants people to pay for cloud services, they need to make the cloud services much more real-time.

I have been using CyberArk Privileged Access Manager for approximately six years.

CyberArk Privileged Access Manager is a stable solution. I have never faced any issues with stability.

CyberArk Privileged Access Manager is a scalable solution.

I have contacted their support a lot of times. The quality of support is okay, but the time frame for replies should be much faster than it is currently.

I have not used any similar solution for PAM. However, for managing the accounts, we have used some password management solutions such as 1Password, but they do not give you the accessibility and different components that PAM provides. They are just for password storage and keeping the passwords safe. A PAM solution from CyberArk or BeyondTrust solution provides a lot more than that, so we cannot compare them. There is no comparison.

I have deployed it both on the cloud and on-prem. My one client is on-prem, and another one is on the cloud.

The initial deployment depends on how extensive it is. For one client, it was quite easy, but after the deployment, it was tricky to deploy the components for AEM, EP, and CCP. On-prem implementation is much easier than the cloud. Cloud solutions require better and more immediate support. Cloud deployment is challenging due to dependencies on expert services.

It requires a bit of maintenance but not that much. Once you deploy the solution, it works, but there are always new upgrades. For example, if you deploy a web connector for web applications and Chrome releases an upgrade, you have to see whether CyberArk is supporting that upgrade or not. Accordingly, you have to update the drivers and other things for the web applications. The same goes with PSMP and SMP. If there are any version upgrades or any vulnerability patch fixes, you have to perform maintenance.

We help customers deploy it.

The duration depends on how big the instance is. To deploy all the components, the duration can range from three to six months.

It can be deployed by one person, but it also depends on how many instances of servers you are deploying, what is the concurrent usage, how many users are being onboarded, and what components you have. There is PSM. There is EPM and PSMP. It depends on what exactly the client requires. These are some factors that determine the time frame and number of people required.

From a client perspective, CyberArk's pricing is fair but there is a significant increase each year. They should limit the price increase because this could potentially drive customers to other partners. Price changes should be at defined intervals. There should not be sudden jumps.

I would rate CyberArk Privileged Access Manager an eight out of ten.

We have traditional use cases for Windows, Unix, and Linux-based systems. Additionally, we have use cases involving AWS, Oracle, SQL, and Postgres databases.

We also plan to bring in more use cases for VMware vCenter, VMware VxRail, and iDRAC. We aim for CyberArk Privileged Access Manager to be an integral part of all our infrastructures in accessing and securing credentials, particularly in restricted environments. It is a life science project. There are certain places restricted for the users.

We are still trying to get everything driven through CyberArk. We are trying to restrict direct RDPs to a particular target or doing an SSH outside of CyberArk. The adaptability is about 60% at this time, but we want to make it 100%.

Authentication is the key to protecting sensitive data. Integration with SAML or Okta prevents intrusions to a great extent.

We were able to realize its benefits immediately after the deployment, and we are happy with it.

CyberArk Privileged Access Manager has not helped reduce the number of privileged accounts, but they all are being vaulted now. We do not have any privileged accounts that are not vaulted in CyberArk.

CyberArk Privileged Access Manager’s ability to safeguard credentials is very important. The paradigms are changing. The data is at threat when it is online. Anything digital needs to be secured. CyberArk has been the leader in the PAM product market. Our client made a good decision by taking CyberArk as their PAM tool.

The features that CyberArk Privileged Access Manager provides are good. It helps to meet the compliance and regulatory requirements to a large extent.

CyberArk Privileged Access Manager has helped to improve the incident response mean times. We have notifications configured from CyberArk. We have integrated CyberArk with ServiceNow and Splunk SIEM. We get notified pretty easily. The notification part works very well with CyberArk. There is about 85% improvement.

One of the best features of CyberArk Privileged Access Manager is the capability of Privileged Session Manager (PSM) because it provides visibility into user activities, audit ability, and traceability.

The integration with most other technologies is also excellent. We expect more plug-ins, but it already includes plug-ins for password management with other technologies, offering a robust mechanism for credential safety and management.

One area for improvement is the plug-in development challenge. Although CyberArk provides a plug-in generator utility, it does not fully meet our needs, particularly for web-based applications. The plug-in generator currently works only for Telnet and SSH connections. We cannot generate a plug-in for web-based applications.

Moreover, integration with ServiceNow ticketing supports change requests or incidents but lacks support for service requests. Introducing service request support could prevent the overhead of raising unnecessary incidents or changes. There have been a lot of votes for this feature, but I am not sure why CyberArk has not yet introduced it. This is one of the features that we have been waiting for.

I have used CyberArk for over six years, and the client I am working with has been using it for over four years.

I would rate its stability an eight out of ten. There are occasional bugs where while installing the product, it behaves differently on different servers, especially during patch upgrades. Such issues have been more noticeable since we moved from version 12.6 to higher versions. This could be because they have done a lot of UI changes and enhancements in these versions.

Scalability is good, and I would rate it around an eight out of ten.

They are fast. In some cases, they typically respond within one to two days. However, the response time can vary depending on the priority and volume of cases they receive.

We previously used BeyondTrust but are transitioning everything to CyberArk, as it offers better integration and enhancements.

The initial setup is easy. I was not part of the organization during the initial setup phase. It probably took around six months.

There are other vendors that handle the maintenance for us. CyberArk comes into the picture if issues are not resolved by our vendors.

The pricing for CyberArk is on the higher side compared to other Privileged Access Management products. Something should be done regarding enterprise licensing for long-standing customers.

I would advise trying CyberArk as it offers a wide range of integrations, plug-ins, and enhancements compared to other solutions. However, it is expensive.

Overall, I would rate CyberArk Privileged Access Manager an eight out of ten.

My primary use case for CyberArk Privileged Access Manager is managing privileged access across the organization. I focus on auditing compliance and ensuring compliance with financial systems like SAP.

The benefits of CyberArk Privileged Access Manager are typically realized over time, often facing initial resistance from various teams within an organization. While security, audit, and governance teams readily recognize the value of CyberArk, platform teams, and other stakeholders may resist its implementation. This necessitates a concerted effort to sell CyberArk internally, emphasizing its benefits and addressing concerns. Convincing internal stakeholders can be more challenging than securing buy-in from security or IT teams, often requiring three to six months after deployment for the benefits to become evident and widely accepted.

For me, CyberArk Privileged Access Manager's most valuable features are password and session management. It also includes technologies like Zero Standing Privileges and EPM, which I deploy for customers to demonstrate the return on investment.

CyberArk could enhance its usability by simplifying its architecture and design. Additionally, incorporating automated onboarding and offboarding features directly into the product would reduce the maintenance burden on administrators.

I have been using CyberArk Privileged Access Manager for eight years.

I find CyberArk to be quite stable. Exceptions occur mostly due to user errors. It has a large customer base and positive feedback within my network.

On-premises scalability is challenging for me due to deploying various components on different servers, but I find SaaS to be more promising in scalability.

In my experience, the quality of support has been inconsistent. Response times seem to correlate with the strength of the relationship with the CyberArk account manager, with quicker responses when rapport is strong.

I worked briefly with BeyondTrust but returned to CyberArk, which has been my primary focus.

In SaaS, most tasks are abstracted, reducing the workload compared to on-premise solutions where tasks like network configuration, connectivity, SSL certificates, and management fall on the user. However, SaaS solution eliminate the overhead of building VMs and similar infrastructure. Overall effort for both approaches is comparable, but SaaS offers the significant advantage of CyberArk managing the underlying infrastructure, including the vault and web interface, a feature most customers prefer today.

Initial setups were challenging for me at first, but with experience, they became more manageable. It generally requires reviewing documentation and seeking initial support from CyberArk. The deployments take between three and six months.

Implementation involves a project team with a project manager and Windows engineers for tasks like VM provisioning. Typically, I have executed projects primarily by myself, sometimes with minimal assistance from junior resources.

CyberArk Privileged Access Manager is more expensive than its competitors, such as BeyondTrust, Delinea, and ManageEngine PAM360. While ManageEngine PAM360 offers similar flexibility and support at a lower cost, CyberArk's SaaS solution is particularly expensive. This high price point has discouraged many customers from migrating from on-premise solutions to the CyberArk SaaS platform.

I would rate CyberArk Privileged Access Manager nine out of ten.

CyberArk manages the maintenance for the Privileged Access Manager.

Organizations must ensure users understand the importance of PAM and how it secures infrastructure. Training sessions, workshops, and demos are crucial for building user engagement and overcoming initial resistance.

I use CyberArk Privileged Access Manager to prevent exposing credentials for super-critical accounts, such as admin accounts and root accounts. I use it to protect these credentials and to avoid exposing them.

The module called PTA, Privileged Threat Analytics, is very useful. When you give access to a user, it monitors and detects if the user's behavior is unusual. After giving access, it continually checks if the user is the same user. It detects unusual behavior if someone else accesses the application.

The solution's architecture could be improved. It requires installation on four to five different servers. Each server has a purpose, but when you need to troubleshoot, it can be difficult because you need to access each of them. Reducing the number of servers would be helpful.

In the SaaS version, the number of required servers is reduced from five to three, but it is not completely cloud-based because servers still need to be deployed on-premises. Some clients are migrating from on-premises to the cloud. They do not want to use more servers or increase their on-premises data centers. They want everything to be on the cloud, but even in the SaaS version of CyberArk Privileged Access Manager, they need to deploy some servers on-premises. That is not very helpful.

I started using CyberArk Privileged Access Manager in 2022, which was two years ago.

I have not experienced much instability. Sometimes, the issue lies with the server I deployed, but this is not very often.

In the on-premises version, scalability is difficult because server limitations can require buying new hardware. The SaaS version is more flexible, allowing easier scaling with increased users.

I contacted them more when I started to work with this solution. I still contact them but not so much.

I would rate their technical support a six out of ten. They are helpful, but complex issues can take a long time to resolve, which can delay solutions for urgent customer issues.

I have used other solutions like Password Manager, but they were not very helpful because you use and store the same credentials, so there is a risk of exposing real credentials. CyberArk Privileged Access Manager allows me to create a random password and share it with a person, preventing the exposure of real credentials.

While some of the Password Manager solutions are free, they are too dangerous because they expose credentials.

I have worked with both on-premises and cloud versions. I prefer the cloud version because with on-prem, I need to install my own servers and maintain those servers. I do not have to do that with the cloud model. The responsibility belongs to CyberArk. I have fewer responsibilities as an administrator.

Initially, the setup was difficult to understand, but after three to four deployments, it became easier. It also depends on the kind of applications or servers needing integration.

In terms of maintenance, when the customer starts to use a new application, it needs to be integrated with CyberArk Privileged Access Manager. Sometimes the new application is not 100% compatible. In such a case, the developer needs to create the integration.

In the first deployment, there was a team of two people.

Its price is high. I have also worked with Delinea. CyberArk is comparatively expensive compared to other PAM solutions, such as Delinea, especially during renewal.

It takes some time to realize the benefits of this solution. Customers take time to understand this solution. It also happened to me when I first started to learn how this solution works. I was looking for a solution to protect identities, and when I came across this solution, I found it hard to deploy as the architecture is complex. Still, in one month, I was able to understand the purpose of this solution.

Before deployment, I advise being clear about the applications to integrate and the users who will use them. Mapping this information beforehand will save time during production. You will not have to add them one by one.

I would rate this solution a nine out of ten.

The use case of privileged access management is self-explanatory. A large telecommunication company like ours needs to protect our privileged access because every attack cycle has privilege escalation, and we have to stop attackers at this point.

We have a lot of vendors or third parties working with us. They need to access our resources. The trust level of external third parties is lower than direct employees, so we do not want to share our critical credentials with them. That is our primary use case.

Another use case is managing internal employees, especially highly privileged administrators. Furthermore, the critical business applications and areas throughout our IT infrastructure involve privileged access, and we aim to protect those. We want the ability to audit and have real-time control.

I appreciate CyberArk's real-time capabilities. I can secure critical sessions, such as SSH or database sessions. As a security professional, I have real-time visibility into ongoing sessions. If anything suspicious occurs, I can terminate or freeze the session, which is part of user behavior analytics.

We can monitor and have real-time control over our environment with sessions coming from around the world, ensuring security. We have visibility and control through real-time user behavior analytics. That is my favorite feature.

It has a learning curve and is a complex product that requires dedicated training and people.

Maintaining the product is challenging. Upgrades require a lot of resources, as it impacts the entire organization. For example, upgrading components like the Privileged Session Manager (PSM) and the vault is time-consuming and difficult. In the long term, I would like to see these processes simplified, especially for on-premise installations.

I have been using this solution since 2018, which is a little over six years for me.

The product is solid and works as designed. The product itself is not yet very mature. That is one side. Another side is not putting enough resources into it as a customer. Most of the time, any stability issues are mostly with the customer, not the vendor. Proper fine-tuning and expertise ensure the product performs well.

It is highly scalable. We started small and expanded it to an enterprise level, and are now moving to the cloud for further growth. Its architecture offers scalability. It can grow much bigger than our company. It provides all the flexibility and modules if you have the required expertise.

CyberArk's customer service has improved recently and is now very responsive. However, four to five years ago, they were average. They are now at acceptable levels.

We are fully on-prem for the PAM, but we are moving to the cloud.

Its deployment is not easy due to CyberArk's complexity. We started from a small footprint and then moved to a larger deployment. It was a lot of work. This could not be managed without CyberArk-certified engineers. It is very complex.

We can never deploy and manage it fully by ourselves. No company has that expertise, so you always need CyberArk-certified engineers from a third party when it comes to critical things. We have over 30 servers running for the CyberArk solution. All 30 servers have different pieces of this complete solution. We can never upgrade it by ourselves without professional services. We can do some of the things ourselves, such as day-to-day management, troubleshooting, and operations, but for upgrades, installations, migrations, and disaster recovery, we need professional services. We have a separate budget every year for professional services.

We have a team including myself from governance, a project manager, senior leadership, and hands-on team members, among others. It requires four to five people from security and two CyberArk-certified engineers. I need two engineers because if one gets sick in the middle, the other person can take over because there is no going back when we start the upgrades and critical changes. We have four to seven knowledgeable and dedicated people in a critical scenario.

Pricing is a problem. CyberArk is expensive compared to other products I know. It is similar to buying a German car. It comes with all the bells and whistles, but some companies may find it too expensive.

I compared CyberArk with a product called Delinea. I preferred CyberArk because Delinea required additional agents installed on each target for session recording, whereas CyberArk does not. There was a difference between the two products in how they did the session recording. Because Delinea needs an extra agent installed on each target to do the session recording, you have a huge amount of work managing those target agents on probably thousands of servers. You need another team to do that. An extra workforce is needed to manage that. That was the first turn-off for me. CyberArk does not need an agent. It is in real-time. It drops DLLs to the target host during the session so that you do not need to manage the agent.

The most important aspect for us was that Delinea did not have real-time controls. They said they were developing that piece. They could only analyze recordings after the event had already happened, but then you are too late. All the artificial intelligence and machine learning were applied for the post-event activities. That was a big differentiator. CyberArk's real-time controls set it apart as Delinea only analyzed recordings after events.

These were the two main reasons for going with CyberArk. Everything else was fine. For an average-sized company, Delinea is fine, but for a large-scale company, CyberArk is a better choice.

It took us some time to realize its benefits because there was a learning curve for us. It took us about a year to get our heads around this product and start effectively using it. It is a journey. It takes at least five years for any company to make this product very useful and reach maturity. It is not only the product's fault. The company needs to have a vision, and the company culture needs to go with it. Senior leadership needs to support the vision. You need to have lots of ingredients for success. If everything is in place, you will see success after one year. In the first year, it is a struggle for everybody.

My company was bought by a bigger company, and they were very new to privileged access management. Everybody was struggling. The advice I would give is to have a good vision for privileged access management. You need dedicated teams, senior management support, and proper company policies and standards before implementing the solution. Start building knowledge slowly and avoid jumping into the deep end without preparation.

I would rate CyberArk Privileged Access Manager a nine out of ten.