CyberArk is widely regarded as the "Gold Standard" in the Privileged Access Management (PAM) space. My overall experience is that it is a robust, enterprise-grade fortress. It is not just a tool, but a complete ecosystem that forces an organization to mature its security posture. While the learning curve is steep and the deployment complex, the peace of mind it provides regarding credential security and auditability is unmatched.

Customers want a PAM solution, so we looked at Cyber Ark to reduce the risks associated with privilege sprawl. It provides advanced auditing, video recording and credential rotation capabilities that are intended to add value to a secure by design methodology. The journey thus far has been mixed. While the platform offers strong features, there are technical gaps. Password rotation only works in specific setups - don't expect it to work with all configurations. If you use scanners or zealot firewalls in your own environment, expect some features such as 365 access etc to not work as it requires an add-on in your browser which most environments will look to block. Check-ins and check-outs don't work reliably. Administrators have to constantly unlock accounts, even while following best practices. Support is okay - they do help but to a point, as if it's hosted on your own environment they can't help as much. When it does work, and in the right setups (PAM servers hosted locally in the customer's environment), it works fine for the most part (minus check in/outs).