Sign in
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Reviews from AWS customer

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

127 reviews
from and

External reviews are not included in the AWS star rating for the product.


    Shad Smith

Great password management and Privileged Threat Analytics with good auditing capabilities

  • August 21, 2023
  • Review provided by PeerSpot

What is our primary use case?

The solution is used to provide privileged access management to our datacentre environments, for anyone with admin rights with infrastructure or applications within the datacentres. Authentication to the solution in the PVWA (Password Vault Web Access) with onward connectivity via the PSM for Windows (PSM) as well as the PSM for SSH (PSMP). These provide the session isolation, audit, and session recording capabilities that CyberArk offers. The use of Privileged Threat Analytics (PTA) adds more control functionality to the solution.

How has it helped my organization?

The product has allowed us to improve both the management and access to privileged credentials, while also creating a full audit trail of all activities happening within isolated sessions of all tasks and activities taking place within the solution. 

This includes sessions via the solution and sessions to administer the solution itself. From a user perspective, we no longer need to try and create or remember complex passwords or have to be concerned about when they will change as the solution takes care of this and can and does populate these credentials for you so mistyping a complex password is a thing of the past.

What is most valuable?

Password management is a great feature, as all passwords are changed more frequently. This can be scheduled in line with a specific policy requirement or each time the credentials are returned to the pool for reuse and are always compliant with the password policy however long or complicated the policy states that they need to be. 

Another great feature is the Privileged Threat Analytics (PTA) as this can stop a session based on prescribed risk and bring it to an end or pause it pending approval to proceed.  

What needs improvement?

The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow. That said, it has been moving in the right direction with features becoming available in the v10 interface and some user features are available in both classic and v10 interfaces. I would love to see all the classic interface features moved into the v10 interface or available in both interfaces within the next version. 

For how long have I used the solution?

I've used the solution for about eight years.

What do I think about the stability of the solution?

The solution has been very stable.

What do I think about the scalability of the solution?

The solution performs well, however, based on the user base may require a sizable footprint.

How are customer service and support?

Support does vary depending on how critical your issue is and if it needs to be elevated to dev support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Our previous solution was not a PAM solution and these days you can't afford to not use one.

How was the initial setup?

The setup is not complicated when trained staff are used.

What about the implementation team?

We handled the initial setup in-house.

What's my experience with pricing, setup cost, and licensing?

Set-up costs can be minimized by controlling the number of applications that are made available within the solution. The newer licenses are per user and open up access to a suite of products, the best value, and security can be achieved by using more of the products.

Which other solutions did I evaluate?

We looked at other products like Delinia and Wallix.

What other advice do I have?

Take advantage of the vendor's training or use a good partner to provide support and administration.

Which deployment model are you using for this solution?

On-premises


    Wensley W.

Standard integrations make the implementation and use successfull from the start

  • August 21, 2023
  • Review provided by G2

What do you like best about the product?
Hundreds of standard integrations that are available out of the box without additional cost.
All documentation is open and free to use, if necessary support can help.
Partner ecosystem that can help in providing the right support.
What do you dislike about the product?
The downside is since there are so many different technologies which need protecting it is difficult to get all stakeholder aboard.
What problems is the product solving and how is that benefiting you?
Standing Access
Lack of visibility
Session recording
Approval workflows
Vendor Access


    Bruce P

Good notifications, solid support, and agentless architecture

  • August 21, 2023
  • Review provided by PeerSpot

What is our primary use case?

CyberArk PAM is used to secure passwords and remediate audit findings. CyberArk PAM is used to manage access to passwords, rotating these after use or on a regular basis, and verifying the passwords on the system match what is in the vault on a regular basis. Passwords are managed in this manner on both Linux and Windows servers.

How has it helped my organization?

CyberArk PAM ensures that passwords on Linux servers are highly secure, regularly changed, and completely auditable. This saves enormous amounts of time when responding to audits and security concerns. And the scheduled verification of passwords ensures that passwords remain available when needed and stay secure. CyberArk has become the standard tool for password management.

What is most valuable?

I find value in notifications from CyberArk when passwords fail verification and have other issues. Investigation of these issues often uncovers other issues. The way safe security is handled is outstanding and makes it easy to provide safe access to those who need it and deny safe access to those who should not have it.  

Another valuable feature is the agentless architecture of the product. Using native processes to manage passwords and not having to install and update agents is a huge plus.

What needs improvement?

A more friendly and functionally complete user interface would be nice to have. The current interface is not very intuitive. It is somewhat clunky and difficult to navigate, and many times have to toggle between the somewhat underdeveloped new interface and the older classic UI. This state of basically having two interfaces is a prime opportunity for CyberArk to improve its product.

Also, it would be nice if the vaults could run on Linux instead of Windows.

For how long have I used the solution?

I have been working with CyberArk for more than ten years in various capacities ranging from end user to safe/vault administrator to application administrator.

What do I think about the stability of the solution?

The solution is incredibly stable.

What do I think about the scalability of the solution?

We have not run into any scaling issues.

How are customer service and support?

CyberArk support is pretty solid.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

The initial setup is more complex than simple, however, not daunting.

What about the implementation team?

We worked with the vendor team who were very knowledgeable during the implementation.

What's my experience with pricing, setup cost, and licensing?

The PAM product isn't low-cost, however, it is worth it. Go with a longer-term agreement to realize lower costs.

Which other solutions did I evaluate?

CyberArk PAM was chosen before I got involved so I am not aware of which other products were evaluated. However, we have never had to go back and review the decision to use CyberArk.

What other advice do I have?

Use CyberArk professional services when needed. They are very knowledgeable and experienced which means engagements have a high success rate.

Which deployment model are you using for this solution?

On-premises


    reviewer907214

Great credential rotation automation and privileged session management with helpful support

  • August 21, 2023
  • Review provided by PeerSpot

What is our primary use case?

We use the solution for the full automation of tens of thousands of credentials across hundreds of different integrations. Our use case includes Windows, Linux, networks, security, storage, mainframe, and cloud (both Software as a Service and Azure platform based). In addition to the credential rotation, we use credential providers and privileged session management to greatly reduce the use of passwords in the environment. Users authenticate using MFA, Multi-Factor Authentication, and are able to access systems based on Role Bases authentication rules. 

How has it helped my organization?

The solution has improved security posture while greatly reducing administrative burden. We leverage CyberArk to deploy applications without the use of secrets.  

Applications authenticate securely to CyberArk using a combination of certificates and other extended application-identifying parameters to promote a secure DevSecOps environment.   

The extensibility of CyberArk has enabled us to develop custom integrations into Microsoft Azure leveraging KeyVault to synchronize on-premise and cloud secrets in a consistent hybrid credential management architecture.

What is most valuable?

Credential rotation automation combined with privileged session management are great aspects of the solution. It enables highly complex passwords that the end user never knows or sees. We have some use cases where administrative users will log in to highly privileged systems using a one-time use secret and immediately following their administrative session the password is rotated

The ability to develop and deploy applications with no stored secrets is very valuable. This keeps code repositories free of secrets and application authentication is centrally controlled and monitored.

What needs improvement?

The greatest area of improvement is with the user interface of the Password Vault Web Access component. The latest long-term support version of CyberArk (12.x)  still includes and still leverages the version 9.x UI in order to maintain some of the administrative functionality.   

The performance of the 9.x UI leaves much to be desired and there are still some administrative tasks that require the use of a thick "PrivateArk" client.   

Many improvements have been made over time, however, there is still work needed.

For how long have I used the solution?

I've used the solution for eight years.

What do I think about the stability of the solution?

The solution has been quite stable for many years and includes the functionality for clustering the multiple site replication, both of which we leverage for a high level of uptime.

What do I think about the scalability of the solution?

The solution is very scalable, however, with scale, there are certainly performance considerations.

How are customer service and support?

Support has been a mixed bag. First-level support has been extremely time-consuming to get to an escalation resource that can help us resolve our reported issue. In all fairness, we have a very experienced staff and generally only contact support for more complex issues. There have been improvements made over the years and the commitment to improving support. Still, there is work needed in that department.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did not previously use a different solution. 

How was the initial setup?

Setup depends on the complexity of the solution. A simple configuration could be up and running in a day.

What about the implementation team?

Our environment is run in-house by a contract team with expertise in CyberArk.  However, we do leverage the vendor for major upgrades and have used their technical account manager services in the past

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure


    reviewer092752

Provides a comprehensive access control list and auditing and offers robust reporting

  • August 21, 2023
  • Review provided by PeerSpot

What is our primary use case?

It's a privileged access management tool so it helps in making sure that all privileged accounts are compliant.

How has it helped my organization?

The product is an important security measure against credential theft. It ensures session isolation and password rotation including pushing passwords to the endpoints. 

It's also possible to pull the password from the CyberArk to ensure that there are no hardcoded credentials in scrips or DevOps tools. 

It provides a comprehensive access control list and auditing. Reporting capabilities are extensive.

What is most valuable?

New features are being added in every release, and there are few releases a year.

Enhancement requests can be submitted by the community and are taken into consideration by the company.

What needs improvement?

As configuration options are very extensive, it is sometimes hard to find the correct and complete way of customization or specific configuration. 

The documentation is rather basic and it is missing many use cases. 

It's also hard to test solutions without a development environment as CyberArk doesn't provide the possibility to run the environment for personal purposes.

For how long have I used the solution?

I've used the solution for six years.

Which deployment model are you using for this solution?

On-premises


    Kartik S.

CyberArk PAM - Slefhosted and Cloud

  • August 21, 2023
  • Review provided by G2

What do you like best about the product?
Seamless and least privileged access to the end users.
Isolation and audit videos for the logs.
Security
What do you dislike about the product?
Troubleshooting support when working on some issues with CyberArk.
What problems is the product solving and how is that benefiting you?
Control our cyber exposure.


    reviewer990891

Good password rotation with helpful reporting and auditing functions

  • August 19, 2023
  • Review provided by PeerSpot

What is our primary use case?

We use the solution for privileged access to internal systems and multiple customer environments.

We have distributed PSM and CPM components throughout multiple sites and customer domains access over the VPN, with PSM load balancing handled via third-party hardware load balancers. 

Environment segregation and security are high on the criteria for the implemented solution, however, not at the overall expense of performance. 

We tend towards providing access to privileged admin applications direct from the PSM servers wherever suitable, yet offload additional workloads to siloed RDS collections if the need arises. 

How has it helped my organization?

I appreciate the ease of use for support analysts. We provide a single pane of glass access to our analysts where segregated admin access is provided via safe access groups. The overall goal is to provide the analysts with just enough access to function without being totally impaired by security constraints. With the piece of mind that the auditing and recording capabilities allow. We provide access to fully managed systems via distributed PSMs, or where the need arises we can provide access to online third-party access points via a central pool of web-enabled PSMs.

What is most valuable?

The most important feature is the password rotation and recording to align with customer security requirements.

The reporting and auditing functions allow us to provide evidence-based accounting to customers or security personnel when or if required. Being able to prove that "it does what it says on the tin" is a very key selling point or point scorer in project and planning sessions.

The marketplace default connectors are constantly evolving and simplifying administration. In the case of one not being available then the majority of additional requests can be catered for with some clever AutoIT scripting.

What needs improvement?

Remediation of some of the platform settings in the master policies section would be handy.

Overall what I would really love to see is the third-party PAS reporter tool pulled more into the overall solution, ideally as its own deployable component service installation package, that could be installed/branded alongside the PVWA service, and build out API integration so that third party calls could draw valuable data directly out of the management backend with very little amount of additional admin overhead.

For how long have I used the solution?

I've used the solution for eight years. 

What do I think about the stability of the solution?

The solution is very stable; if instability is ever experienced it is likely to be as a result or symptom of a problem elsewhere, such as external factors (updates, network etc.).

What do I think about the scalability of the solution?

The solution is fairly scalable, although depending on how far and wide you stretch your footprint, you may be better suited to multiple smaller vaults and component environments, than one large pot.

How are customer service and support?

Initial call logging can be tedious at times. If you clearly articulate an issue yet are then required to collate entirely irrelevant logging information or jump through a default set of "have you tried this" questions it can cause frustration. Call escalation via account management has improved and when needed we have then progressed with support at a faster pace.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have not worked with a solution with a focus explicitly for PAM.

How was the initial setup?

The initial setup was both straightforward and complex in equal measure.

What about the implementation team?

The majority of the setup was in-house. On occasion, we have engaged the vendor team and always had a positive outcome.

What was our ROI?

I'm not in the loop to be able to answer to ROI.

What's my experience with pricing, setup cost, and licensing?

Engage with Cyberark account management and professional services to fully understand your current, expected, and future requirements. 

Some default settings applied early on may be very time-consuming to amend at a later date (for example, set a default attribute in a platform, extrapolate that platform out to 300 other platforms and a single change may then have to be retrofitted 300 times). So the more scope you can define at deployment the better.

Which other solutions did I evaluate?

I believe other vendors were evaluated prior to selecting CyberArk.

What other advice do I have?

I'd advise other users to take their time, measure twice, and cut once.

Which deployment model are you using for this solution?

On-premises


    Jonathan Hawes

Good automation, reduces human error, and offers helpful support

  • August 18, 2023
  • Review provided by PeerSpot

What is our primary use case?

Our primary use case is the scheduled password change management of Windows, Linux, and Cisco privileged local user passwords, as well as providing internal applications using the REST API credentials to access and maintain network elements.

Utilizing the CyberArk Password Vault DR implementation, we have a ready resource as a hedge against network issues caused by seasonal hurricanes through having a replicated DR vault in an out-of-state facility.

How has it helped my organization?

The implementation of the CyberArk Privileged Access Management has reduced the total labor cost of doing quarterly password change management (PCM) on the thousands of network elements (routers & switches), servers, and workstations throughout our nationwide network.

In addition to reducing the direct labor cost of the PCM procedures, the automation aspect has reduced risk that has previously resulted in many lost man-days resolving issues which previously was attributed to human-factor error during PCM procedures.

What is most valuable?

Utilizing the Central Policy Manager to provide policy programmable password change management automation, which can be configured either globally, or by using the individual PlatformIDs which limits the effect of human error on a nationwide implementation of network devices that are remotely co-located and not readily accessible. 

The implementation of the PSM proxy has reduced the specific risk of "insider attacks" on our domain controllers and SLDAP servers by eliminating direct user login by an open secure connection on the user's behalf without ever revealing the privileged credentials.

What needs improvement?

My personal wishlist of features has been fulfilled with versions 12.6 and 13.2, which provide a host of improvements that the administrator community has been asking for.  

With these version releases, that leaves my only "unfulfilled" product improvement request to be the creation of some kind of memo field for each device account, which could be used, in our network at least, to leave a note about the device for either the security or network engineering team members.

For how long have I used the solution?

We originally implemented the product in 2014 as a compliance mandate and fully integrated the application and functionality in 2017. We have just finished our fourth product upgrade and expanded our enterprise vault space to meet growing demand.

What do I think about the stability of the solution?

My implementation has been very stable over the past seven years, only having minor hiccups caused by "human error" during the "accidental" editing of a configuration file.

What do I think about the scalability of the solution?

We currently store over 50,000 privileged passwords, and I know if our network doubled tomorrow, the product would scale to meet the increased demand.

How are customer service and support?

There are two specific organizations within CyberArk that can provide customer assistance.

The customer success team is there with serious advanced knowledge to assist when things are not flowing. In my specific case, while I was learning to be a PAM administrator, I routinely contacted our customer success team with questions related to "Where can I find this documentation?", "How does this work?" and my favorite, "How can I put my permission back onto a safe?"

The other team is the professional services team, whose job is to be able to come in, analyze an issue, and correct it with the utmost speed. These are also highly experienced individuals that can be brought in the expand your implementation as needed.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Prior to the implementation of the CyberArk Privileged Access Manager, the security operations utilized unencrypted spreadsheets to store privileged passwords, which became a POAM when discovered during a routine security audit.

How was the initial setup?

Our organization utilized the CyberArk professional support team to come in and provide a local, hands-on planning and implementation approach. This implementation methodology actually reduced long-term costs by making sure the implementation was done according to CyberArk's Best Practices.

What about the implementation team?

Our organization utilized CyberArk's professional support team to come in and provide a local, hands-on planning and implementation approach. This implementation methodology actually reduced long-term costs by making sure the implementation was done according to CyberArk's Best Practices.

What was our ROI?

Our annual support costs are offset by the reduced labor costs within the SOCC environment, as the product has automated most of the password change management procedures, allowing labor to be focused on other topics.

What's my experience with pricing, setup cost, and licensing?

While the IAM space is heating up with new vendors, both CyberArk development and the product team seem to be ahead of the curve, with features and products to enable enterprise customers the ability to secure their networks and break the intrusion cycle.

Which other solutions did I evaluate?

CyberArk was our first venture into a secure password vault and was implemented at the recommendation of our federal customer.

What other advice do I have?

The product takes some time to learn. That said, CyberArk Software offers both a customer success team as well as paid professional support to assist.  

The customer success team has always seemed to be in my corner when needed, bringing insight and assistance when I was unable to resolve some of my "self-created issues".

Which deployment model are you using for this solution?

On-premises


    Jonathan H.

Identity Management Excellence

  • August 18, 2023
  • Review provided by G2

What do you like best about the product?
Utilizing the Accounts Discovery function within CyberArk, along with its REST API, we have automated the detection, sorting and onboarding of new privilaged accounts freeing up man hours that used to be spent tracking down and manually adding accounts.
What do you dislike about the product?
I believe the single thing that I have disliked about CyberArk was the product documentation. As an administrator, trying to use the past documentation methods, finding specific procedures was difficult. This issue has been much inproved with the web-based documentaiton.
What problems is the product solving and how is that benefiting you?
Initially, the CyberArk PAS suite was implemented to reduce the risk of privileged passwords being stored in multiple spreadsheets around the enterprise. These spreadsheets were impossible to keep track of, as employees were forewver making local copies which created both a security issue, but also a support issue. When the Security Operations team would initiate a password change project for a specific segment, all of the "stored" passwords on the employee-copied spreadsheets would be wrong, resulting in an increase in SOCC calls for assistance with account lockouts.


    Investment Management

Market leader

  • August 18, 2023
  • Review provided by G2

What do you like best about the product?
CyberArk can manage passwords and sessions of a huge number of devices/endpoints. It is highly customizable, but it may require extensive product and scripting/programming knowledge.
What do you dislike about the product?
As configuration options are very extensive, it is sometimes hard to find the correct and complete way of customization or specific configuration. The documentation is rather basic and it is missing may use cases.
What problems is the product solving and how is that benefiting you?
It's a privileged access management tool so it helps in making sure that all privileged accounts are compliant. It's an important measure against credential theft.