CyberArk Privileged Access Management Reviews and Ratings

Rating: 9.2 out of 10

Score

9.2 out of 10

Community insights

TrustRadius Insights for CyberArk Privileged Access Management are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Business Problems Solved

Users have reported that CyberArk is a valuable tool for securely storing and accessing passwords for remote support teams and third-party vendors. It offers version control and access controls that allow users to analyze and track who is accessing what and when, providing strong delegation controls. Organizations rely on CyberArk to manage privileged accounts, service accounts, and non-IT staff sessions when remoting into servers. For instance, one department in an organization effectively uses CyberArk to manage privileged accounts dealing with critical data sources.

CyberArk addresses the need for password rotation while ensuring complexity requirements are maintained, making it useful for managing passwords to privileged accounts and non-rotating passwords for applications that require administrator-level access. It solves the problem of password storage for different applications by utilizing safes. Users find it helpful for managing local admin passwords, credentials used by multiple people, and other privileged account management tasks.

One key advantage of CyberArk is its ability to control, monitor, and govern sensitive account usage. It automatically changes passwords, reducing the risk of compromise, and provides a centralized location for rarely used passwords, simplifying administrators' tasks. To enhance security further, it can be secured through AD authentication combined with RAS two-factor authentication.

With its wide range of functionalities, CyberArk is used across entire enterprises to protect secrets, service accounts, and administration credentials. It serves as a robust and resilient solution that works well with both Windows and Linux systems, making it suitable for enterprise-level deployments. Additionally, it provides a strong audit tool for credential usage, addressing the business problem of protecting sensitive access.

By implementing features such as password expiration and limiting account activity, CyberArk scales effectively to meet the needs of the entire organization while mitigating risks associated with highly privileged accounts with static passwords.

Reviews

9 Reviews

CyberArk PAS - Great Product to add security

Rating: 8 out of 10

Incentivized

August 27, 2020

Use Cases and Deployment Scope

We use CyberArk across our IT department to manage passwords to privileged accounts. We also use it to manage non-rotating passwords to applications that require administrator-level access.

It solved for:

1. Rotation of passwords while maintaining the minimum requirements for the password. We automatically rotate admin-role passwords after x number of days and maintain complexity.

2. Password storage: Due to the cross-collaborative environment, we needed a location to store passwords for different applications.

3. Different Safes: Not all passwords should be seen by others - the concept of safes in Cyberark helped with RBA type control.

4. Monitoring/Alerting/Reporting

Pros

Password segregation via RBAC
Rotation of passwords
View/reconcile/Verify passwords
Options to store passwords

Cons

GUI - right now everything is on one page/dashboard. Some level of folder/Safe type view would be great
More options when storing passwords - especially for network based passwords
Better integrations with vendors like Cisco so that admins dont need to really get the password from the vault (think Last Pass type add on)

Likelihood to Recommend

Well suited where you have cross collaboration among admins/users. This enables the storage of passwords in one place without being stored on notepads. It integrates with Okta SSO for an additional layer of security.

It has minimum complexity requirements and has detailed monitoring - you need to state a reason to see the password.

Verified User

Engineer in Information Technology (1001-5000 employees)

Vetted Review

2 years of experience

The best privileged account tool I've found

Rating: 10 out of 10

Incentivized

October 13, 2019

Use Cases and Deployment Scope

We utilize CyberArk for privileged account management for sensitive and shared accounts across our technology organization. We utilize it for local admin passwords across multiple datacenters as well as any other set of credentials that might be utilized by multiple people. We use it to control, monitor and govern sensitive account usages and to ensure that nobody knows the password as much of the time as is possible.

Pros

Automatically discover new servers on the network and take control of the local admin password by vaulting it and ensuring nobody knows the password. A different password on every server.
Automatically roll the password in a configurable manner - after each use, after a certain period of time, etc.
Track and govern sensitive account usage by ensuring only properly authorized users can access the vault and obtain the credentials and then monitor usage.

Cons

It can be hard to work with the native back end vault which is reduced and hardened OS with minimal operating capabilities.
Reporting could be better.

Likelihood to Recommend

I always recommend CyberArk based on my experiences at several different jobs and industries. It does a great job of helping you create all kinds of use cases and approval flows for accessing and using privileged accounts. It also does a great job securing local admin passwords on servers. End-users of the system are able to quickly and easily start utilizing the more secure method of obtaining credentials in minimal time with minimal overhead/tax on their work time.

Verified User

Program Manager in Information Technology (10,001+ employees)

Vetted Review

10 years of experience

A comfortable way to manage privileged and service accounts

Rating: 8 out of 10

Incentivized

October 8, 2019

Use Cases and Deployment Scope

We currently use CyberArk across the whole organization. We use it to manage our privileged accounts and our service accounts. It is also used for recording sessions that our Non-IT staff use when remoting into a server.

Pros

Managing Service Accounts. We like using CyberArk for using it when we need to remote into certain systems and the password is stored on CyberArk.
Managing Privileged Accounts. It allows our IT personal to use their privileged accounts without having to remember their passwords. It also keeps our staff compliant with complexities with passwords.
Using CyberArk as a jump host has saved us on licensing issues. It's also easy to use when needing to remote in and automatically signing you in.

Cons

I'm not sure what could be done differently. There are some things that were once an issue that are no longer an issue. For instance, creating a short cut on the desktop for RDP through CyberArk. Since the upgrade and updates, we are now able to save shortcuts to our desktop.

Likelihood to Recommend

CyberArk is great when you're making changes to a system on a server. You can record your session and if anything was done in error, you can replay the session to see what was done. I especially like this feature when we're doing system upgrades.

Larissa Ruelas

Security System Administrator in Information Technology at HealthCare Partners (1001-5000 employees)

Vetted Review

4 years of experience

CyberArk makes your security life easier

Rating: 7 out of 10

Incentivized

October 4, 2019

Use Cases and Deployment Scope

CyberArk Privileged Account Security helps a lot to maintain security by automatically changing passwords for our supported systems.

It also stores and manages passwords company-wide. That's really making admins lives' much easier. Also rarely used passwords are in one place and you don't have to search for them a long time. CyberArk itself can be secured by AD authentication combined with RAS two-factor authentication.

Pros

storing password safely
storing passwords in one central place
"remembering" a password for a whole team and/or single persons
securing access to certain passwords by groups or team

Cons

performance is sometimes not very fast, but acceptable
look and feel is a bit "old looking"

Likelihood to Recommend

CyberArk keeps all the local and domain passwords for us. They are changed regularly. That ensures that they are stored company-wide and accessible for approved persons. At the same time, because they are changed as example on a weekly or monthly basis, the passwords and the admin access is better protected against hacking.

Verified User

Engineer in Information Technology (201-500 employees)

Vetted Review

5 years of experience

Make your privileged data safe using CyberArk

Rating: 9 out of 10

Incentivized

August 21, 2018

Use Cases and Deployment Scope

We are using CyberArk to manage the privilege accounts in our organization. It is being used by a specific department that deals with critical data sources.

Pros

Identify and reduce the number of privileged accounts
Eliminate shared/service accounts having non-expiring passwords
Automatically changing privileged account passwords
Automate password verification and reconciliation
Frequently identify, change and verify hardcoded passwords
Connect Target Systems directly without displaying passwords to users

Cons

The initial product cost is a little on the higher side, which might turn off small & medium enterprises.
As it talks about security, it has a lot of hardware/software requirements for the initial setup, which might make the rollout timeline a little lengthy.
Product should be easy to customize based on different industry's needs.

Likelihood to Recommend

It should be used by organizations who are dealing with customer- or finance-related data, where there is a lot of focus on managing regulatory compliance. Organizations who outsource their IT/Marketing activities to vendors must use CyberArk to control any potential data leakage or theft, which can reflect a very negative brand image.

Sujeet Swain

Senior Consultant in Information Technology at Infosys (10,001+ employees)

Vetted Review

2 years of experience

View profile

Cyber Ark - Quality PAM

Rating: 9 out of 10

Incentivized

March 1, 2018

Use Cases and Deployment Scope

Cyber Ark is being used across the entire enterprise. It is used for administration credential protection and application integration to protect secrets and service accounts. This solution is solving the business problem of ensuring our most sensitive access is protected and we have a strong audit tool for when credentials are used.

Pros

Credential Vaulting
Application Integration
Auditing

Cons

There needs to be a better strategy and integration on the application development secret protection
High availability needs to be a constant focus

Likelihood to Recommend

Cyber Ark is well suited for protecting all privileged accounts and auditing the usage of those accounts. It is an integral part of protecting sensitive credentials.

Verified User

Vice-President in Information Technology (5001-10,000 employees)

Vetted Review

5 years of experience

CyberARK in real world use

Rating: 8 out of 10

Incentivized

January 23, 2018

Use Cases and Deployment Scope

It is used to check out highly privileged accounts with a randomized password. Being scaled to entire organization. It solves the problem of highly privileged accounts with a static password. If one of the accounts is compromised the password has an expiration and minimizes the amount of damage that can be done by limiting the time the account is active.

Pros

Randomizes passwords
Scales to enteprise level
Keeps admins in check

Cons

License model
The vault is difficult to patch, because it cannot have your normal patching agents on it
On going costs are high

Likelihood to Recommend

It works well when an organization needs to keep track and randomize admin accounts. Also, it works better than LAPS for local workstation admin account management. It will allow for more than just one account. The auditing is robust vs. LAPS. Not a good solution for a small business. Too big of a tool for that scenario.

Verified User

Engineer in Information Technology (10,001+ employees)

Vetted Review

3 years of experience

Making passwords more secure than Password123

Rating: 8 out of 10

Incentivized

January 16, 2018

Use Cases and Deployment Scope

CyberArk is a great means to access and securely store passwords for a remote support team or third-party vendors. The version control and access controls help with analyzing who is accessing what and when, while having strong delegation controls. This is particularly helpful with providing access to other users or administrators to systems that may require temporary access or to a vendor to access when troubleshooting.

Pros

The user interface is intuitive and easy to use.
The local server/workstation account management is great with the ability to remove local admin accounts but still leverage admin privileges.
Prevents unauthorized access and meets security requirements and allowing for robust and detailed reporting and audit logs.

Cons

The copy button in a web-browser requires an add-on to the browser. The feature should be included without the add-on.
Forced purchase of re-branded dell servers as account vaults is terrible.
Reports are ok but requires some expertise to export data into a better reporting DB.

Likelihood to Recommend

The system is great for enterprise or larger IT departments or teams where temporary or full access may be given using privileged IDs. Requirements for needing local admin access is also eliminated which can help with specific Windows workstation related tasks.

It can be very useful when working with remote teams or contractors who may need temporary access to a system when required.

Craig Lockley

VP of IT & Innovation in Information Technology at Momentum Credit Union Ltd (11-50 employees)

Vetted Review

1 year of experience

View profile

Loading Reviews List....

CyberArk PAS - Great Product to add security

Rating: 8 out of 10

Incentivized

August 27, 2020

Use Cases and Deployment Scope

We use CyberArk across our IT department to manage passwords to privileged accounts. We also use it to manage non-rotating passwords to applications that require administrator-level access.

It solved for:

1. Rotation of passwords while maintaining the minimum requirements for the password. We automatically rotate admin-role passwords after x number of days and maintain complexity.

2. Password storage: Due to the cross-collaborative environment, we needed a location to store passwords for different applications.

3. Different Safes: Not all passwords should be seen by others - the concept of safes in Cyberark helped with RBA type control.

4. Monitoring/Alerting/Reporting

Pros

Password segregation via RBAC
Rotation of passwords
View/reconcile/Verify passwords
Options to store passwords

Cons

GUI - right now everything is on one page/dashboard. Some level of folder/Safe type view would be great
More options when storing passwords - especially for network based passwords
Better integrations with vendors like Cisco so that admins dont need to really get the password from the vault (think Last Pass type add on)

Likelihood to Recommend

It has minimum complexity requirements and has detailed monitoring - you need to state a reason to see the password.

Verified User

Engineer in Information Technology (1001-5000 employees)

Vetted Review

2 years of experience