Primarily, I import accounts from our critical systems.
Privileged Access Management
CyberArkReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
127 reviews
from
and
External reviews are not included in the AWS star rating for the product.
CyberArk PAM is the strongest PAM I've ever tried.
What do you like best about the product?
CyberArk capabilities to manage authentication is really strong. It can help every enterprises to setup complex rules to manage the session & also monitor it.
What do you dislike about the product?
CyberArk redundancy is hard to manage. Sometimes you need to manually bring it up after a failure.
What problems is the product solving and how is that benefiting you?
It can manage authentication, helping us to implement 2FA to secure the authentication - the most common attack surface.
Passwords are stored securely within the vault and eliminates the need for users to store passwords in less secure locations
What is our primary use case?
How has it helped my organization?
Knowing that our passwords are stored securely within the vault has been a big improvement. It eliminates the need for users to store passwords in less secure locations.
We want to integrate it with our IT service management platform and our SOC solution, but that's a future project.
What is most valuable?
The password protection itself is the most important feature. It's something we didn't have before.
Moreover, the interface is intuitive. It is clear and user-friendly.
What needs improvement?
The session monitoring and recording feature is also a good feature feature, but we're currently experiencing an issue with session monitoring not working correctly. We're working with CyberArk to resolve it.
We aren't able to view active sessions or historical recordings of sessions.
It is complex, which is something I know CyberArk is working on. They're trying to simplify certain administration tasks because a common critique is the level of complexity. But overall, we can do everything we need with it.
So, CyberArk could still focus on making it more user-friendly.
For how long have I used the solution?
I have been using it for a year.
What do I think about the scalability of the solution?
So far, we haven't had any scalability problems.
We have around 50 licensed users – primarily administrators. We currently manage about 5,000 accounts with CyberArk.
How are customer service and support?
Sometimes, the initial response time is a bit slow, but once the customer service and support take on a case, they resolve issues quickly.
How would you rate customer service and support?
Positive
What about the implementation team?
CyberArk handled the primary setup tasks. We worked with a partner to implement additional components and now have the knowledge to manage the solution ourselves.
The implementation process took around eight months.
What was our ROI?
There has been an ROI.
We expect to see a full return on investment within the next three years. This was part of our long-term security plan.
What's my experience with pricing, setup cost, and licensing?
It is expensive, but the cost is justified considering the security it provides. Compared to other solutions, it is costly. We have not tried other solutions, but the price is high.
We only license Password Vault.
Which other solutions did I evaluate?
My company evaluated another solution like Delinea but preferred CyberArk due to its robustness and flexibility.
I like its flexibility, while adding some complexity, allows us to fully customize the solution to our needs.
One of the main advantages is the way we can connect from outside. We use a portal that provides secure access to our systems without needing a VPN. We just scan a QR code, and we're connected. We do not need to use a password and we are in through the QR code scan.
What other advice do I have?
I would recommend using it. Overall, I would rate the solution a nine out of ten.
It's a very complete solution for what we need.
Comes with automatic password rotation feature but UI and pricing needs improvement
What is most valuable?
Previously, we used to share passwords for service and normal admin accounts among team members. However, since we started managing it through the product, we've transitioned to individual admin accounts or implemented dual control for shared accounts. With dual control, exclusive checking and checkout options are available, and passwords are not stored in clear text anywhere in the credentials.
The solution's most valuable features are automatic password rotation, privilege manager, and secret manager. Previously, IT personnel had admin rights on their regular accounts, allowing them to log in to domain controllers. However, this posed a security risk as compromised accounts could grant unauthorized access to domain controllers. To mitigate this risk, we implemented separate DA accounts for IT staff. These DA accounts were restricted from logging in to domain controllers and did not have associated email addresses. They were dedicated AD accounts solely for accessing domain controllers, and the solution handled their management.
Previously, manually rotating admin credentials was a time-consuming task. However, implementing the tool's automatic password management feature has made this process easier. We've configured defined policies within the solution to dictate when these credentials should be changed.
What needs improvement?
The tool's UI has bugs and lags. It needs to be improved. The deployment process can be complex due to multiple components for various functionalities, each requiring separate infrastructure management. To simplify this process, consolidating all these components into a single platform could be beneficial. The product's pricing could be cheaper.
For how long have I used the solution?
I have been using the product for eight to nine years.
What do I think about the stability of the solution?
I rate the product's stability a seven out of ten.
What do I think about the scalability of the solution?
I rate the tool's scalability a seven out of ten.
How are customer service and support?
The tool's support gets worse each year. Support is outsourced to smaller companies, which doesn't work fine. Its support was good eight to nine years back. Over the years, it hasn't improved but degraded.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
I work with BeyondTrust. BeyondTrust's UI and support are good and never lag. BeyondTrust is also cheaper.
How was the initial setup?
CyberArk Enterprise Password Vault's implementation timeline largely depends on the size and complexity of the infrastructure. A smaller infrastructure with around a thousand servers can typically be implemented within a week or two. However, the implementation process may extend to four or five months for more extensive infrastructures with tens or hundreds of thousands of workstations and accounts. The tool's transition into a security-focused product necessitates strong integration with security orchestration platforms. Prebuilt packages with ready-made integrations are required instead of developing everything from scratch. It lags in automation.
What was our ROI?
We have seen 40-50 percent improvements after using the solution.
What other advice do I have?
I rate the product a seven out of ten.
A stable and profitable solution for privileged access
What is our primary use case?
CyberArk is a good, profitable, and most valuable solution.
What is most valuable?
While testing the functionality of PAM, we weren't merely conducting a standard PAM evaluation. We aimed to establish a connection and successfully received a response from the target PAM component.
What needs improvement?
The product’s pricing could be improved.
For how long have I used the solution?
I have been using CyberArk Privileged Access Manager as a partner and implementor.
What do I think about the stability of the solution?
The product is stable. If you make some changes or something, it's stable.
What do I think about the scalability of the solution?
The solution is scalable. We cater it to enterprise businesses.
How are customer service and support?
Customer support takes too much time to provide some response. When you open some cases, sometimes it takes one or two weeks to get some people to know the problem and how they will help us.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup takes a few days to complete.
I rate the initial setup a six out of ten, where one is difficult and ten is easy.
What's my experience with pricing, setup cost, and licensing?
The product is expensive.
I rate the product’s pricing a seven out of ten, where one is cheap and ten is expensive.
What other advice do I have?
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Reduces organizational risk with password vaulting, password rotation, session management, and secret management
What is our primary use case?
We use the solution for password vaulting, password rotation, session management, and secret management.
What needs improvement?
CyberArk Enterprise Password Vault must incorporate connectors for password and session managers in the marketplace.
For how long have I used the solution?
I have been working with the product for seven years.
What do I think about the stability of the solution?
The product is highly stable.
What do I think about the scalability of the solution?
CyberArk Enterprise Password Vault is highly scalable. My company has over 3000 users. We use it regularly.
How are customer service and support?
CyberArk Enterprise Password Vault's support quality is good, but there are delays.
How would you rate customer service and support?
Neutral
How was the initial setup?
I rate the tool's deployment an eight out of ten. Experienced engineers can complete the deployment in a few days. We need three to four resources to complete the deployment.
What was our ROI?
CyberArk Enterprise Password Vault reduces risks.
What's my experience with pricing, setup cost, and licensing?
I rate the tool's pricing an eight out of ten.
What other advice do I have?
I rate CyberArk Enterprise Password Vault a nine out of ten.
Which deployment model are you using for this solution?
On-premises
CyberArk is a Identity and access management tool which used managed user and & account.
What do you like best about the product?
CyberArk is one the best Privilege Access Management tools which used for enable or disable access of admin credentials as per our requirement. We can easily integrate with third party application access management.
What do you dislike about the product?
CyberArk tools logout again and again and sometimes password not updated account organizational policy which setup for reset password.
What problems is the product solving and how is that benefiting you?
I am using CyberArk for managed Admin credentials access privileged and servers password management to access the organization server.
Resource and administration costs are less but support needs to improve knowledge and quality
What is most valuable?
The accounts are maintained automatically. Hence, resource and administration costs are less.
What needs improvement?
CyberArk Enterprise Password Vault's deployment is complex for resources with little experience. Tech support needs to be improved as well based on quality and knowledge.
For how long have I used the solution?
I have been working with the product for more than five years.
What do I think about the stability of the solution?
The product is very stable.
What do I think about the scalability of the solution?
CyberArk Enterprise Password Vault is scalable.
How was the initial setup?
CyberArk Enterprise Password Vault's deployment can be done with two to three resources.
What other advice do I have?
I rate the solution a nine out of ten.
The definitive solution for Privileged Access Manager
What do you like best about the product?
Session monitoring and isolating, Password management (automated rotation, reconciliation). Remedation capabilities are one of the strongest points in CyberArk PAM
What do you dislike about the product?
Administration could be quite difficult and requires a lot of experience.
What problems is the product solving and how is that benefiting you?
Monitoring and Recording of privileged sessions across the organization
Great session management, password management, and temporary access capabilities
What is our primary use case?
We use CyberArk to secure the last resort accounts by introducing dual control approval, ticket validation, temporary access, and regular password rotation.
It also allows us to introduce location-aware access controls with multiple sites having access to specific location-protected content.
Finally, the session management capabilities allowed us to introduce delegated accounts to secure access to all sorts of devices in an easy way, but without losing the individual traceability.
How has it helped my organization?
It allows us to comply with the regulator requirements allowing us to operate in the different countries and to fulfil the security and compliance requirements.
In the end, it secures all the highly privileged accounts and protects the company from internal and external threat actors.
The solution is multifaceted and includes session management, password management, temporary access, ticketing validation, API access, single sign-on integration, load balancing, and high availability principles.
What is most valuable?
The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis.
The session isolation reduces the risk of exposure of the credentials and applying simpler network controls.
Web access allows the introduction of location-aware controlled access so that different locations can only access the data that is allowed to be retrieved from their sites allowing centralisation but fulfilling the regional requirements.
What needs improvement?
The product is very vaulting-focused. I'd love to see it expanding its capabilities a bit further into areas like just-in-time elevation, and access with non-vaulted credentials.
The upgrade options are good but could be further simplified.
The high availability options could be improved, and the load distribution as well for both the vaults and the credentials managers.
The web interface should allow having multiple sites for location-aware access control within the same web server.
For how long have I used the solution?
I've used the solution for more than ten years.
Scalable, reliable, fully fledged and highly customisable
What do you like best about the product?
There is no limit to the integrations as you can implement all sort of bespoke plugins and integrations.
Can be deployed in hybrid self-hosted on-prem and private cloud environments.
Supports the cross-border restrictions by allowing the deployment of as many satellites as required.
Can be deployed in hybrid self-hosted on-prem and private cloud environments.
Supports the cross-border restrictions by allowing the deployment of as many satellites as required.
What do you dislike about the product?
It's based on a vaulting passwords approach, which is a perfect use case for last resort accounts.
However for business as usual tasks it's better to implement fine grained just in time solutions.
To cover all the security use cases, it has to be combined with additional solutions like CyberArk Identity or CyberArk Conjur.
However for business as usual tasks it's better to implement fine grained just in time solutions.
To cover all the security use cases, it has to be combined with additional solutions like CyberArk Identity or CyberArk Conjur.
What problems is the product solving and how is that benefiting you?
Vaulting of last resort accounts.
Agentless temporary access with password based accounts (Quite useful in those scenarios where agents cannot be implemented, or when temporary access elevation is not an easy to implement option).
Agentless temporary access with password based accounts (Quite useful in those scenarios where agents cannot be implemented, or when temporary access elevation is not an easy to implement option).
showing 41 - 50