Privileged Access Management

My use case for CyberArk Privileged Access Manager  is that I work as an administrator where I can configure and integrate all those CyberArk Privileged Access Manager  components such as PSM, CPM , hardening the CPMs, checking the services of the PVWA and Vaults, and making sure everything is operational. I am responsible for creating safes and managing the accounts. I onboard the accounts on the platform based on their vendor requirement.

We also provide the SIEM  integration to check the logs and we are responsible for Splunk integration too, but it is not related to CyberArk Privileged Access Manager. We actually implement all those application logs to Splunk for the dashboard monitoring and the alert-based system through ITSI.

CyberArk Privileged Access Manager has improved how my organization functions as we have 24 PSM servers, four CPM  servers, one primary Vault, and one DR Vault. We are in the process of upgrading from version 11.3 to 14.6 and maybe next month, we are going to update our servers.

The best features of CyberArk Privileged Access Manager include that it is normally used for securing passwords because nowadays, most of the breaches happen due to leaking passwords. So we actually manage the passwords in a secured way. In a Vault, there is end-to-end security, with seven layers of security that we are maintaining. That is called session encryption, firewalls, authentication, authorization, and auditing. At the end of the day, we are doing the file encryption. Through this, we are actually managing the passwords in a very secure way. We can explain this architecture to the vendor to convince them to come to CyberArk Privileged Access Manager.

What I appreciate about CyberArk Privileged Access Manager is that it is not only for password security; we can also manage their applications and platforms. Each and every thing, whenever a user is coming to CyberArk Privileged Access Manager or logging in to CyberArk Privileged Access Manager, end-to-end protection will be handled by CyberArk Privileged Access Manager. Whenever they connect to their target servers, each and every thing will be monitored and reviewed by CyberArk Privileged Access Manager administrators such as us. We see whatever incidents happen and whatever is going to happen. Whatever the user does from the target system, we can monitor everything through the PSM servers. We also have PTA, Privileged Threat Analysis. Whenever a user is doing unwanted things such as running unwanted scripts in their target system, the PTA incident automatically closes their target system. For example, if a user is working beyond their scope and is running some scripts, it will show that and raise an incident. We get the tickets and we can monitor it and have a call with the user. We are giving end-to-end security from the user to the platform level.

In CyberArk Privileged Access Manager, I see room for improvement as I am working in the on-premises networks, and now we are also having the cloud-based PAM. So there, everything is maintained by the CyberArk Privileged Access Manager team, and we are only maintaining the PSM servers. So it is already upgraded from the on-premises network to the cloud network. If you ask me what we can implement beyond that, I just need a few minutes to think about what new things, because it is already an end-to-end security on-premises itself. Now, when it comes to PCloud, Privileged Cloud, it is more secure than the on-premises networks because most of the things are handled using the cloud itself. So it is an already upgraded version; we do not need to implement something new. But if you think in that way, we can have a chance to implement our things.

If anything could be improved in CyberArk Privileged Access Manager, I think we could build a small agent AI in my team, we could give access to these logs—the Vault logs, PSM logs, and CPM logs. Whenever the system is going down, the AI will automatically check. If we actually implement agent AI in CyberArk Privileged Access Manager, it will check the logs, and if any errors are coming, it automatically triggers alerts and gives the solution. That is the best improvement I can think of because these days, most things are done by agent AI. So if we also implement this agent AI in CyberArk Privileged Access Manager, we can add more features.

I have been using CyberArk Privileged Access Manager for around three years. I have exactly three years of experience with CyberArk Privileged Access Manager.

I would rate the stability of CyberArk Privileged Access Manager as an eight.

I will rate the scalability of CyberArk Privileged Access Manager as a ten, indicating it is a scalable solution.

I rate the technical support for CyberArk Privileged Access Manager as the main thing in any environment. It can be a production environment such as CyberArk Privileged Access Manager or any production environment with any project. Because of technical support, we have continuous deployment and continuous monitoring. Whenever they are doing their work best, and at that time, when something is going down, they are the first point of contact to check what the issue is. After that, it will come to the developers to check that issue. So I will rate the monitoring team, the operations team, a ten.

I have used other PAM solutions, and I find that when it comes to CyberArk Privileged Access Manager, it is a company that has a long history of trust with users and vendors, which provides a more secure way of doing things for their platforms and their work. So in my opinion, CyberArk Privileged Access Manager is the best solution we can give to vendors for PAM solutions.

The time it takes to deploy CyberArk Privileged Access Manager is actually based on the architecture of their requirement, such as the number of users, accounts, and the platforms they are onboarding into CyberArk Privileged Access Manager. If it is less than ten users and four platforms, it will take one or two days. If the communication between our servers and the platforms is already good, it will normally take one to two days. If their requirement is more, such as at the platform level where they have both Windows and Linux operating systems and database operating systems and they want to segregate multiple users based on their OS, at that time we just need some time to create the SOPs and we have to proceed based on that requirement.

My team works with CyberArk Privileged Access Manager, and we have 12 members.

My thoughts on the pricing of CyberArk Privileged Access Manager depend entirely on the vendors' requirements. If they want their things to be secure, they have to spend accordingly. We have four types of pricing. Based on their requirement, we will actually propose the pricing to the vendor. If their platforms and accounts are fewer, we can go for the minimal requirement of a PAM solution. And if they want more upgraded servers in their system, we can go for the maximum pricing.

CyberArk Privileged Access Manager solution requires maintenance, and definitely, we are actually doing rotations 24/7 to make sure every system is active 24/7 so a user will not get interrupted when accessing their platforms.

My clients use CyberArk Privileged Access Manager for around 12,000 accounts.

The vendor can contact me if they have any questions or comments about my review.

I'm interested in being a reference for CyberArk Privileged Access Manager.

I definitely recommend CyberArk Privileged Access Manager to other users because it gives more security to their platforms and users to store their passwords and provides end-to-end security. If they do not want to breach their platforms, I would recommend CyberArk Privileged Access Manager 100 to 200 percent to keep it secure. My overall rating for this product is a ten.

We are working with CyberArk solutions such as PAM on-premises. We are working with CyberArk Privileged Access Manager , including AIM, PSM, and PSMP components.

The ability of CyberArk Privileged Access Manager to safeguard financial service infrastructure is important; without it, banking and financial clients cannot secure their operations. Despite various attacks affecting other companies, CyberArk's implementations ensured that we remained unaffected.

CyberArk Privileged Access Manager has been helpful in managing over 125,000 privileged accounts in a single environment for our client, and we have multiple CyberArk environments for different clients with different numbers of accounts. CyberArk Privileged Access Manager is excellent at helping companies meet regulatory requirements due to its ability to cater to the specific needs of clients across different countries, ensuring compliance without data transfer issues.

CyberArk Privileged Access Manager provides security and video recording of user sessions for audit purposes. This feature is critical in financial sectors where auditing who performed specific actions is essential. Having video records adds a layer of proof and ensures compliance with audit requirements.

The key feature of CyberArk Privileged Access Manager is that it's a comprehensive package rather than just dependent on components such as Vault or Privileged Session Manager. Each component is necessary, and the Vault is the heart of CyberArk; everything connects via PSM and PSMP. I particularly appreciate PSM and PSMP because they simplify troubleshooting and charging.

A potential area for improvement is enhancing support for cluster environments and distributed Vaults. Clients in multiple countries that need central access have different challenges that require better solutions from CyberArk.

For financial services, CyberArk can improve incident response by ensuring fast support for critical priority tickets to meet compliance requirements. Providing more documentation on CyberArk is recommended for new team members to enhance their troubleshooting capabilities. I understand it's up to the client, but 99% fail to change the demo key, so it's crucial for CyberArk to emphasize changing the key and documenting it as part of the installation process.

I have been working with CyberArk Privileged Access Manager for more than nine years.

For stability, I would rate CyberArk Privileged Access Manager a nine out of ten.

I would rate the scalability of CyberArk Privileged Access Manager as a nine.

Regarding technical support from CyberArk, while L2 and L3 teams are effective, L1 support requires improvement due to longer response times in critical situations. Coordination with higher support levels sometimes takes longer than expected, which should be addressed.

After implementing CyberArk Privileged Access Manager, it typically takes about four to five months for a company to realize time to value, assuming they have a strong implementation team and infrastructure in place.

Integrating CyberArk Privileged Access Manager is very simple due to the provided connectors for Windows and UNIX, as well as plugins for databases. Custom integrations may take longer, around one month, due to development requirements.

Regarding costs, CyberArk Privileged Access Manager is not a cheap product; hence, many companies struggle with its high licensing cost. While it's valuable, it comes with a high price tag, making it hard for every company to afford it.

After comparing with other products, I find that no other product currently matches CyberArk's performance; the performance issues in alternative solutions make them less desirable. While there are competitors, I cannot definitively name one that compares with CyberArk Privileged Access Manager.

The requirements for CyberArk, particularly in India, have evolved significantly since the company acquired several businesses in 2014. Every organization needs an identity and access management (IAM) and privileged access management (PAM) solution. CyberArk stands out as the leading product in this category. While there are other protocols available in the market, CyberArk is known for its security, reliability, and user-friendly access.

In my experience working with multiple companies and clients using CyberArk, I have not encountered any cases of breaches or malicious activity associated with the platform. This track record provides a strong sense of security and assurance regarding CyberArk’s capabilities. Although the privileged access management solution can be costly, it offers extensive security features, including multi-factor authentication (MFA). Overall, CyberArk is an excellent product for organizations seeking robust security solutions.

Regarding granularity of PAM controls in CyberArk Privileged Access Manager, it means having centralized control in the Vault. Standalone CyberArk Vaults perform best compared to cluster systems, which present challenges during maintenance or network connectivity issues.

Overall, I would rate CyberArk Privileged Access Manager a nine out of ten.

We use CyberArk Privileged Access Manager  for least privilege and accountability purposes, while we also utilize the EPM solution for endpoint protection. Additionally, PTA is one of the most important tools from CyberArk Privileged Access Manager , which we use on a real-time protection basis. CyberArk Privileged Access Manager effectively prevents attacks on the financial service infrastructure, as we protect against lateral movement, credential stuffing, and since no passwords are available because they are rotated through CyberArk Privileged Access Manager, we can isolate every session and record all activity while monitoring in real-time.

The ability of CyberArk Privileged Access Manager to safeguard the financial services infrastructure by protecting credentials is extremely important, as every activity in a financial organization needs to be recorded for accountability in auditing. Therefore, CyberArk Privileged Access Manager is a crucial tool, and we utilize credential rotation as 85% of successful attacks in the last 10 years have been initiated through credential theft. Monitoring, recording, and credential rotating activities are crucial because if CyberArk Privileged Access Manager goes out of service, the total environment would collapse due to the lack of passwords for respective servers.

While I cannot suggest major changes, I did encounter a vulnerability concerning RADIUS blasts, which was recently mitigated by CyberArk Privileged Access Manager in their latest version, indicating an area for improvement in vulnerability assessments. Improvements in vulnerability assessment are essential. A notable request I have regarding CyberArk Privileged Access Manager is to address the issues of database corruption identified in cluster environments experienced by multiple clients.

From 2021 to now, I have been working on CyberArk Privileged Access Manager.

I have not experienced any stability issues with CyberArk Privileged Access Manager.

It is easy to scale.

In terms of technical support, CyberArk Privileged Access Manager has provided excellent support without any doubt. Based on the issue resolution and support quality, I rate the support 10 out of 10.

Before using CyberArk Privileged Access Manager, I did not evaluate any other PAM tools.

Setting up CyberArk Privileged Access Manager is not complex, especially if you properly follow the recommendations from CyberArk.

I handled the deployment myself.

CyberArk Privileged Access Manager has been very effective in helping my company meet compliance and regulatory requirements. Implementing CyberArk Privileged Access Manager saved time on compliance requirements in finance, typically around one hour.

There has been no reduced cost associated with CyberArk Privileged Access Manager, as when it is required, you must pay for their licensing and prepare the full environment. While there are costs for the licensing of CyberArk Privileged Access Manager, it definitely provides value when I need any accountability or session recording.

CyberArk Privileged Access Manager is one of the most important components from CyberArk, along with EPM (Endpoint Privilege Manager ) and PTA (Privileged Threat Analytics tool). I recommend anyone considering CyberArk Privileged Access Manager to view it as a friendly environment, as it stands out among the other PAM solutions I have encountered. CyberArk Privileged Access Manager is highly recommended for its user-friendly nature. I rate CyberArk Privileged Access Manager a ten out of ten.

For CyberArk Privileged Access Manager , use cases are providing just-in-time privileged access. The most simple use case is hosting all privileged credentials in a secure manner and managing and controlling access to those credentials. Therefore, controlling access to privileged endpoints is the usual thing that will be done with PAM.

CyberArk Privileged Access Manager  has several valuable features. The basic feature is privileged access management with all the processes and procedures that are needed. It has all the relevant features required to provide a PAM project or PAM program. It does everything that is needed. A tangible benefit is that we already have full control of privileged access. We have just started and have onboarded all privileged accounts into the system.

I have noticed areas of CyberArk Privileged Access Manager that could be improved or enhanced in integration with automation tools. It's not quite the same in the cloud, the Privilege Cloud version. The on-premises version allows users to do absolutely everything. When they took it to the cloud, they started cutting things out. The other issue with CyberArk is that they are marketing their new product, SIA, which is based on Privilege Cloud. Users still need to have Privilege Cloud to achieve the same level of functionality as the on-premises version.

We are still early in the roadmap and haven't progressed far enough to identify additional needs. When organizations reach the end of their maturity roadmap, they can better identify specific tool requirements that aren't currently available.

We have been deploying CyberArk Privileged Access Manager for two years now and counting.

The evaluation of customer service and technical support for CyberArk Privileged Access Manager depends on several factors. When receiving support directly from CyberArk, they are the most knowledgeable, though they don't always have immediate solutions as they might need to create them, which can take considerable time. For instance, the Ansible  integration for the cloud version has been requested for years.

When working with CyberArk partners for support, it's crucial to ensure they have actual knowledge and aren't just acting as middlemen. There have been instances where third parties are hired to provide first and second line support, but they simply forward requests to CyberArk without adding value to the process.

We used a deployment partner recommended by CyberArk for the deployment and maintenance process. One crucial step that should be done first is creating an inventory of how privileged access is currently handled and where it is needed. Without this inventory, you might deploy CyberArk and realize it doesn't work with your existing architecture or infrastructure.

Our implementation team consisted of approximately 15 people, including architects, engineers, application owners, network specialists, Windows and Linux administrators, database administrators, and cloud specialists. While maintenance requires fewer people, input from all these stakeholders is crucial for successful implementation as they each have different requirements.

Most importantly, this needs to be a management-driven initiative with a top-down approach. Management must establish new working methods, as the biggest barrier to acceptance is typically resistance to changes in working procedures.

For ongoing operations, the staffing requirements depend on the company's operations. Typically, 24/7 coverage requires at least three people per shift in a follow-the-sun model. This accounts for first and second line support only, with additional staff needed for server maintenance, totaling around nine people.

The primary problem addressed by implementing CyberArk Privileged Access Manager is the lack of control over privileged access - where it happens, how it occurs, and what is done with that access. When attempting to attack an enterprise, attackers target the highest-privilege credentials available. Therefore, protecting the most critical credentials within your organization is essential.

For those planning to deploy CyberArk Privileged Access Manager, it's crucial to understand that it's a multi-year program. It's not just about deploying the tool; it needs policies and governance around it. Additionally, infrastructure modifications are necessary to ensure PAM is the only way to provide privileged access to endpoints.

It's a great product that does everything required from a PAM tool. I would rate CyberArk Privileged Access Manager as a nine out of ten.