Item: CyberArk Privileged Access Management
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

It is used to check out highly privileged accounts with a randomized password. Being scaled to entire organization. It solves the problem of highly privileged accounts with a static password. If one of the accounts is compromised the password has an expiration and minimizes the amount of damage that can be done by limiting the time the account is active.

Pros and Cons

Randomizes passwords
Scales to enteprise level
Keeps admins in check

License model
The vault is difficult to patch, because it cannot have your normal patching agents on it
On going costs are high

Return on Investment

Positive - environment is much more secure
Negative - need highly trained engineers to maintain it
Negative is ongoing costs

Alternatives Considered

Lieberman Enterprise Random Password Manager

CyberArk is better in every possible way. ERPM is engineered for a workstation model. It treats directories like they are computers with a lot of local accounts. Also many settings are universal, so it is either on or off. You cannot customize a checkout time per account is an example.

Other Software Used

Lieberman Enterprise Random Password Manager, Forefront Identity Manager, VMware ESXi

Likelihood to Recommend

It works well when an organization needs to keep track and randomize admin accounts. Also, it works better than LAPS for local workstation admin account management. It will allow for more than just one account. The auditing is robust vs. LAPS. Not a good solution for a small business. Too big of a tool for that scenario.

CyberARK in real world use

Overall Satisfaction with CyberArk Privileged Account Security