Access Privileges Simplified
Cyberark thought far beyond monopoly and designed a tool to take charge of the uncertainty around systems security.
I like the idea to centralise password management and the ability to log onto systems automatically, with automatic password policy enforcement
Make a more simplified administration portal
Easy To Be Integrated, Can Be Trusted
We replaced a custom solution for PAM with CyberArk to get an easy to mantain and scale solution. CyberArk also provides the possibility to deploy the solution on-premises giving us the confidence we need.
Easy to use, scale and maintain vs. our old custom in-house solution.
Difficult to integrate with some of our custom apps, but not an issue in general terms.
Make privileges Access Management easier with CyberArk
Overall CyberArk is complete and feature rich solution to organizations for privilege access management without hassel and support to achieve most of the compliance requirements.
CyberArk can cater compliance requirements such as PCI-DSS when it comes to compliances which is major challenge to Payment Card Industry. Automatic credential rotation can be set based on organization policies to reduce the risk of brute force attacks. It support remote administration of all type of operating systems. Tool provides recording of user sessions and auditing logs which is very useful during forensic investigation. It has threat analytics capabilities and can detect suspicious activities of password theft. Multi factor authentication is supported , so increase the security of the privilege user.
CyberArk is quiet expensive and license model goes per user basis. Solution required set of VM's which don't count for total cost of ownership and deployment is quite complex. For password vault physical servers may recommend and when it comes to high availability and backup several physical servers may required. Continuous session recording required bigger storage. Patch update of password vault is bit complex which require thorough testing with professional support.
Part of Implementation Team rolling out CyberArk PAS ( Privileged Account Security) solution
Decreased the probability of external cyber attack to Privileged Account.
Automatic PWD change functionality will substantially decrease probability of PWD theft or misuse.
Management can control Privilege Account life cycle management more effectively
Recording privileged sessions allow organization to playback exactly the point of a breach or malicious behavior
Automated system to manage and verify passwords as privileged accounts are constantly created and deleted
CyberArk PAS ( Privileged Account Security) solution pioneered best practices that must be followed by every Organization to minimize or completely stop external attacker or malicious insider to breach privileged accounts.
Following are the high-level practices which needs to be followed -
Identify and Reduce the Number of Privileged Accounts
Eliminate Shared/Service Accounts having Non-Expiring Passwords
Automatically Changing Privileged Account Passwords
Automate Password Verification and Reconciliation
Frequently Identify, Change and Verify Hardcoded Passwords
Connect Target Systems directly without displaying Passwords to Users
Recording Privileged Sessions
CyberArk PAS Solution has out of the box functionalities to achieve the above best practices across your Organizations around the Globe.
The solution is quite intuitive in nature which can be easily rolled out across Organization quickly with out doing any major change management.
They have strong technical support team who helps Organization starting from requirement initiation till production roll out followed by continuous sustenance period.
Continuously engage with Organization through Training, Seminars to make sure the application is deployed correctly & what steps need to be taken to make sure it will sustain future Eco-system.
The initial product cost is on a little higher side which might turn off small & medium enterprises.
As it talks about security, it has a lot of hardware/software requirements for initial setup, which might make roll out timeline little lengthy.
The product is easy to install and use. it is more user friendly compared to other products. It is easy to identify systems and monitor their status from the interface.
The screens are sometimes unstable in product version transitions. Sometimes I find it difficult to follow the general situation of the added resources collectively.
Good program for Admin access
Good program if you do not want random people knowing admin passwords
Great security when preventing users to be admin capable.
provides short term admin or specific passwords when needed
Too many steps and needing to go through a big setup to get working
Switching phones and needing to release the MTA and re setup ordeal takes 15-30 minutes