Product(s): CyberArk Privileged Access Manager
Overall Comment:"Customers want a PAM solution, so we looked at Cyber Ark to reduce the risks associated with privilege sprawl. It provides advanced auditing, video recording and credential rotation capabilities that are intended to add value to a secure by design methodology. The journey thus far has been mixed. While the platform offers strong features, there are technical gaps. Password rotation only works in specific setups - don't expect it to work with all configurations. If you use scanners or zealot firewalls in your own environment, expect some features such as 365 access etc to not work as it requires an add-on in your browser which most environments will look to block. Check-ins and check-outs don't work reliably. Administrators have to constantly unlock accounts, even while following best practices. Support is okay - they do help but to a point, as if it's hosted on your own environment they can't help as much. When it does work, and in the right setups (PAM servers hosted locally in the customer's environment), it works fine for the most part (minus check in/outs). "
Security First Architecture for the end user is what I do like, but unfortunately the journey has been very long in the implementation phase which is what lets this product down. Remote access, when it works, is smooth, there's not much latency. Future updates look good with AI driven analytics and TDR.
Configurations can vary (on premise, cloud, LDAP etc). CA didn't initially offer best practices or tell us some of those don't work with password rotations etc. Check ins are a major pain with the teams due to needing an admin user to manually check them out. 365 logins don't work for us. It just takes us to our tenant due to browser addons being blocked on our company.