We use CyberArk Privileged Access Manager to manage privileged access, so all the privileged accounts are vaulted in CyberArk, and that's our control method to manage privileged access. We also manage access for developers, so we have dual control to give approval to developers.

CyberArk Privileged Access Manager has made our operations more streamlined. There is an approval process, so it helps us keep tabs on who's working on what and for how long. We also have to give a reason when we're using privileged accounts, which helps keep track of whether they're being used correctly.

It's been good so far in safeguarding the infrastructure, but we've not used additional features of CyberArk Privileged Access Manager. Modern PAM with secure web sessions or secure infrastructure access is something that I learned about at the conference. I am curious about how we can use it.

It has not helped to reduce the number of privileged accounts. Whatever we find privileged in the environment, we want to control that by using CyberArk Privileged Access Manager. That's how we're able to control it. It has helped us identify privileged access better because we discovered users who didn't need privileged access. There have been cases where users with privileged access don't want their accounts in PAM because they need to pick up the password on a daily basis to perform their actions. There have been cases where they've gotten their privileged access off the account because it's not needed.

The user interface needs some training, but with a guide telling the user how to go about it, we have received positive feedback from whoever has used it.

It took us some time to realize its benefits because any new tool needs a proper understanding of how it can be used. A lot of testing was done on the engineering side, and demos were given. It took some time, but it is going smoothly.

Given that this is the only tool that I've worked with for the control process of privileged access, I don't have anything to compare it with. However, it's helped us keep our privileged access in check. We're able to get logs as to when the user checks out an ID and for how long, so it's a good monitoring tool.

They covered a lot at the conference. I don't have visibility into what product we've bought. It would be nice for them to approach us with what we have bought versus the new features being added. We need clarity on whether new features come included in the package that we already have, or if it's something that we need to have over and above.

Occasionally, there are lagging issues. Sometimes users have to re-login. When users copy passwords, there is sometimes a lag, so they have to log out and log in, but these are very rare cases.

I've been using it for about 5 years.

Occasionally lagging occurs. I've not heard about crashing, but there is a lag. Sometimes users will have to re-login and get it right.

The team that I work with is our in-house engineering team. I've had a conversation with CyberArk once last year revolving around efficiently generating the inventory reports. I contacted the technical support, but I didn't get a very straightforward solution that I was expecting.

We were developing a dashboard to find all the privileged accounts that weren't vaulted in CyberArk. We wanted the inventory report to be generated on a daily basis, but were having some trouble. We reached out to their technical support. The solution that they proposed was not straightforward because of the backend processes of CyberArk. We had to approach it in a different way.

I would rate CyberArk Privileged Access Manager a seven out of ten.

I am an admin, and I use this solution for all our users. We have 80 users in our environment.

By implementing CyberArk Privileged Access Manager, we wanted to secure our environment and track everything.

We were able to realize its benefits within four to five months of its deployment after we had onboarded everything.

CyberArk Privileged Access Manager is cool. It has a lot of good tools, including everything we need.

It could be more user-friendly. Sometimes I encounter issues, and I do not know what the issue is. It takes a lot of time to find the error and fix it. Sometimes it gives an error, but I do not know what the error is. I have to find the documents, but it does not provide all the details needed to fix the error. This is one of the day-to-day issues with CyberArk.

When I contact support, it takes a long time to get help. They request all these logs, but they are not always relevant to my case. It is not always a definite help because I sometimes need help with issues that do not require any logs or device details. I am not sure if they read the case or not.

I have been using CyberArk Privileged Access Manager for four years.

It is good. We had a ten-minute outage last month. That is all. We do not know the reason.

It is reliable.

CyberArk's support quality has to improve because we are totally dependent on them. I would rate their support a five out of ten.

I used to use Okta. CyberArk Privileged Access Manager has more features.

We had a third-party professional service that helped us to install it. It took about four or five months. To deploy, we worked with three people.

It does not require any maintenance. We just have to do the day-to-day operations work.

New users should have training before they sign up for CyberArk. CyberArk should provide mandatory training so that everyone implements it properly. Sometimes, new users do not know what is going on, and they open a ticket, which might be an issue from their end. CyberArk should have a new user training service so that everyone is familiar with it.

I would rate CyberArk Privileged Access Manager a seven out of ten.

I use CyberArk Privileged Access Manager to manage privileged access within the organization.

By implementing CyberArk Privileged Access Manager, we wanted the management of periodic password rotation, management of privileged access, and discovery of privileged access.

CyberArk Privileged Access Manager’s ability to safeguard credentials for our organization is very important because it helps in managing the keys to the kingdom, especially the privileged access for various platforms. It is quite important for the organization, and it is one of the must-have applications. It plays a key role in managing privileged access for the organization.

We are able to manage close to 20,000 accounts without many cases by using out-of-the-box features available in CyberArk Privileged Access Manager.

CyberArk Privileged Access Manager helps in meeting certain compliance and regulatory requirements and closing any gaps.

CyberArk Privileged Access Manager has not helped reduce MTTR. When we have an incident with CyberArk, it takes time for us to recover. There is always an increase in MTTR because of the complexity of the CyberArk infrastructure itself.

From an operational efficiency perspective, CyberArk Privileged Access Manager has reduced a lot of manual work, such as changing passwords and managing privileged access accounts manually. By automatically rotating passwords within a set period of time, it streamlines many processes. It has improved operational efficiency for privileged access, but managing the infrastructure is one of the things that we are working on. It is a complex product.

CyberArk Privileged Access Manager has not helped reduce the number of privileged accounts in our organization. Privileged accounts are the key entities within CyberArk. There has not been any decrease in the number of privileged accounts, but there are areas that we, as an organization, have not touched, such as cloud infrastructure, etc. We are working closely with CyberArk engineers to have them onboarded and manage those privileged accounts through CyberArk. That is in our road map.

The most valuable feature is platform management. It is quite easy to manage privileged access for certain target platforms with CyberArk Privileged Access Manager as compared to other products I have worked with.

It is very out-of-the-box and straightforward to configure periodic password rotations and access management for the platforms my organization is working with. That makes things easier in terms of what needs to be done. We do not have to spend time troubleshooting and working with support to figure out why something is not working, which is what I have personally done with other competitors.

One area for improvement is the user interface. It needs significant enhancements. It is outdated and does not align with the stress and challenges happening across the IT products landscape regarding user experience. CyberArk definitely needs to improve user experience and reduce complexity.

It is quite complex. CyberArk needs to reduce complexity. The product is currently very complex and challenging to understand without training. The product should be user-friendly and easy to use. CyberArk should understand that a product should not require training after a customer subscribes. Hence, user experience should be given the utmost priority.

Maintaining the infrastructure is not easy. Patching CyberArk Privileged Access Manager when there is an update or patch release requires professional services due to the complexity of the product. It takes us three months to six months to do an upgrade. For managing or monitoring the infrastructure, CyberArk Privileged Access Manager does not have any inbuilt tools. We have to rely on other tools which CyberArk does not recommend. There is no other way to monitor those infrastructure components. It is quite taxing and resource-intensive. For an organization of our size, at least five people are required to work full-time with CyberArk and monitor and maintain the infrastructure.

I have been using CyberArk Privileged Access Manager for more than two years.

Regarding the stability, it is pretty stable. We do not need continuous management. The performance is also very good for the size of our organization and the user base we are working with. We have not had any performance issues so far.

It is not easily scalable due to the on-premises infrastructure we use. It is not elastic like cloud-based solutions.

We have approximately 6,500 users. We have sized the environment accordingly. As an organization, we have done our own risk assessment to understand how CyberArk will grow in the next three years. We sized the environment accordingly so that there are no performance issues if it grows vertically or horizontally.

We use their premium support, but we do not get the value for the price we pay for the support.

For some questions, CyberArk support recommends professional services, which takes us on a financial route. From a customer perspective, it is unclear why I need to reach out to professional services for certain issues. If I have straightforward questions, I get answers from technical support easily. However, there have been instances where we were redirected to services requiring additional payments to get certain questions answered or receive suggestions.

In my previous organizations, I have used multiple products. I have also worked in a company competing with CyberArk. I worked on the development of a competitive product for CyberArk.

I also implemented a competitor product in another organization which is listed as a leader alongside CyberArk. It was much easier to work with in terms of user experience compared to CyberArk. It was pretty easy to use and could be self-learned.

Its implementation is complex. If a new customer is onboarding CyberArk as a product to manage privileged access, it is quite complex.

Its integration is pretty straightforward. There are many out-of-the-box connectors. There are also a lot of connectors available in the marketplace to have CyberArk integrated with various systems. For a particular connector, testing to production took close to six weeks.

As CyberArk always recommends, we went with one of their partners to implement it within the organization.

We have three key engineers within the team responsible for managing the entire CyberArk architecture. They handle monitoring and management. They also work with other business units to have the privileged access vaulted and determine the road map for privileged access management. They also help in performing certain day-to-day business activities or tasks.

It took us close to three years to see its value and understand why it was chosen over other solutions.

I have heard from my leaders that CyberArk is costlier in terms of licensing. The support and maintenance are also costly. We use their premium support, but for the price we pay, we do not get the value.

CyberArk Privileged Access Manager is pretty costly, and it takes a lot of time to implement it. It is quite complex to implement CyberArk Privileged Access Manager, but once it is properly implemented, with the user community that is available with CyberArk, it is pretty straightforward and easy to use. Once implemented, it does provide value for the organization.

I would advise sizing it appropriately and building the infrastructure accordingly so that it is scalable. When it is sized properly in terms of CPU, RAM, memory, and disk size, it works smoothly without requiring specific maintenance, such as clearing logs. That is what I would recommend to any of my peers or colleagues working in other companies.

I would rate CyberArk Privileged Access Manager a six out of ten. Four points are deducted because of its complexity.

We currently use CyberArk Privileged Access Manager for password vaulting. Our roadmap includes managing service accounts, rotating passwords, and expanding to SSH keys, AWS keys, and other login credentials. We've already implemented local administrative accounts and rotated elevated domain administrative accounts. Additionally, we've integrated Okta for multi-factor authentication, using Okta Verify, and plan to expand this to workforce identity for broader end-user security and credential management.

CyberArk Privileged Access Management's most valuable features are primarily its password vault functionality, specifically CyberArk's Core Privileged Manager and Privileged Session Manager. These components facilitate secure password rotation and out-of-band session management, addressing our organization's critical security needs.

The current process for accessing RDP through the CyberArk or administrative portal involves downloading an RDP file. This is inconvenient for users and problematic due to security restrictions that prevent accessing servers via downloaded RDP files. Ideally, the process should allow for a direct RDP connection upon providing server details, eliminating the download step and streamlining access. This issue represents a significant challenge and source of frustration for users.

The product is complex and requires extensive configuration. More tutorials and detailed use cases with troubleshooting steps would be beneficial, particularly for first-time implementers. Despite the excellent customer service, resolving issues can be time-consuming due to the product's complexity. Compared to lightweight solutions like Okta, CyberArk requires more background experience and is not as straightforward to learn and implement.

I have been using CyberArk Privileged Access Manager for almost five years.

The performance of CyberArk Privileged Access Management sometimes lags or crashes, but this is not a significant concern.

We have not reached platform limitations yet, as CyberArk supports up to eight hundred platforms per tenant, and documentation is clear about scalability limits.

Customer support has been very helpful and responsive. My customer success manager facilitated many calls with technical experts, efficiently resolving critical issues.

CyberArk's environment setup was straightforward, but we encountered issues during the Proof of Concept stage, specifically with PAM account discovery. While the CyberArk Manager displayed discovered accounts, we couldn't download the data into a usable format like an Excel sheet. This hindered our ability to identify efficiently and inventory discovered accounts, particularly from Windows systems, for phased onboarding. Although we eventually received instructions from CyberArk support on downloading the data, the process was complex and time-consuming. Simplified data export features would greatly benefit administrators.

I received excellent support from CyberArk's technical team and customer success manager, who arranged calls and helped resolve implementation issues.

Although CyberArk Privileged Access Management is expensive, its protection capabilities outweigh the cost.

I also evaluated CyberArk, along with Okta PAM and BeyondTrust, because it encompasses all the features we require, and Gartner recognizes it as an industry leader.

I rate CyberArk Privileged Access Management seven out of ten.

To streamline project setup, new users should receive guidance on planning and implementation scopes. Scheduling a jump start without such direction can complicate learning.

Previously, we used to share passwords for service and normal admin accounts among team members. However, since we started managing it through the product, we've transitioned to individual admin accounts or implemented dual control for shared accounts. With dual control, exclusive checking and checkout options are available, and passwords are not stored in clear text anywhere in the credentials.

The solution's most valuable features are automatic password rotation, privilege manager, and secret manager. Previously, IT personnel had admin rights on their regular accounts, allowing them to log in to domain controllers. However, this posed a security risk as compromised accounts could grant unauthorized access to domain controllers. To mitigate this risk, we implemented separate DA accounts for IT staff. These DA accounts were restricted from logging in to domain controllers and did not have associated email addresses. They were dedicated AD accounts solely for accessing domain controllers, and the solution handled their management.

Previously, manually rotating admin credentials was a time-consuming task. However, implementing the tool's automatic password management feature has made this process easier. We've configured defined policies within the solution to dictate when these credentials should be changed.

The tool's UI has bugs and lags. It needs to be improved. The deployment process can be complex due to multiple components for various functionalities, each requiring separate infrastructure management. To simplify this process, consolidating all these components into a single platform could be beneficial. The product's pricing could be cheaper.

I have been using the product for eight to nine years.

I rate the product's stability a seven out of ten.

I rate the tool's scalability a seven out of ten.

The tool's support gets worse each year. Support is outsourced to smaller companies, which doesn't work fine. Its support was good eight to nine years back. Over the years, it hasn't improved but degraded.

I work with BeyondTrust. BeyondTrust's UI and support are good and never lag. BeyondTrust is also cheaper.

CyberArk Enterprise Password Vault's implementation timeline largely depends on the size and complexity of the infrastructure. A smaller infrastructure with around a thousand servers can typically be implemented within a week or two. However, the implementation process may extend to four or five months for more extensive infrastructures with tens or hundreds of thousands of workstations and accounts. The tool's transition into a security-focused product necessitates strong integration with security orchestration platforms. Prebuilt packages with ready-made integrations are required instead of developing everything from scratch. It lags in automation.

We have seen 40-50 percent improvements after using the solution.

I rate the product a seven out of ten.

My company uses CyberArk Enterprise Password Vault for privileged access management, a domain that the product fits under. CyberArk Enterprise Password Vault involves password rotations, recording of sessions, keystrokes, and securing sessions, which all come under the same category in the solution.

The most valuable feature of the solution stems from the fact that it's the best in the market. I haven't seen any other PAM solutions better than CyberArk Enterprise Password Vault.

CyberArk Enterprise Password Vault's GUI has certain shortcomings that need improvement.

I have been using CyberArk Enterprise Password Vault for two years. I use the solution's latest version.

It is a stable solution, but sometimes its GUI lags if the load gets too much. If you try to click some buttons, responding will take five seconds instead of just responding immediately.

It is a highly scalable solution.

My company has around 500 uses of the solution and 3,000 to 4,000 accounts, which can be scaled up to 10,000 or 15,000 accounts.

My company does not have plans to increase the usage of the solution.

I am not an admirer of the product's technical support team. The product's technical support team doesn't know the product well enough to give customers suggestions, so they need to work on that part.

BeyondTrust and LastPass were the two solutions I had used in the past.

The initial setup of CyberArk Enterprise Password Vault is quite complicated, but if you follow the documentation, I don't think you should have any issues. The issues are only with the solution's support team and the GUI.

The initial deployment just takes about five days to a week if you have got all the network architecture right.

If you don't get the network architecture right, then the deployment could take two or three weeks.

For the deployment process, you should ensure you have some open IP ranges because CyberArk needs to talk to the cloud at its end, so you need to allow certain IPs to make certain connections, after which you need infrastructure and servers in place.

There is a Zip file for your environment, like an image you download from their website, which CyberArk's partners can access. Once you download the Zip file, there are a few scripts to run, and if the scripts run properly, your environment will be set up properly, after which you deploy the connector.

There is a need for an architect who is an expert in CyberArk and networking for the deployment and maintenance, along with one senior engineer.

The ROI for the solution is good because if you deploy the product, then you will not face any issues for five to ten years, especially if you manage it well.

Payments have to be made on a yearly basis toward the licensing costs of the solution.

I would say that the solution is expensive because it's only preferred by the top-tier companies involved in banking or insurance who have no problem with budgets for their cybersecurity. A medium or small-sized company would prefer to use some other solution over CyberArk Enterprise Password Vault.

was not part of the evaluation process in my company. I wouldn't know why my company chose CyberArk Enterprise Password Vault over other products. I can say that I am comfortable with CyberArk Enterprise Password Vault.

I recommend the solution to those planning to use it. I suggest that CyberArk's potential users invest in getting their own IT environments working perfectly before involving a team of CyberArk-certified engineers since it makes the process a lot easier. If you don't follow the aforementioned steps, then you will find yourself going back and forth to the product's support team, which will take you ages because they take time to respond.

I rate the overall solution a seven out of ten.