This case study highlights how Crest Data helped a customer improve operational visibility into its CyberArk PAM deployment using Datadog. While CyberArk PAM provided strong access management capabilities, the customer needed deeper insight into how users, accounts, safes, applications, and privileged sessions were actually being used.

Using Crest Data’s Datadog integration for CyberArk PAM, inventory data, audit activity, and Privileged Session Manager (PSM) events were centralized and correlated within Datadog. Crest Data then developed dashboards that transformed this data into operational insights, helping the customer identify inactive accounts and safes, track usage patterns, monitor session activity, and investigate privileged access behavior more efficiently.

The result was a unified observability view that improved access visibility, supported governance decisions, and helped the customer identify unused assets for cleanup and license optimization.

About the Customer  

A leading global alternative investment management firm with a strong presence across North America, Europe, and Asia-Pacific. The organization manages multi-strategy investment portfolios spanning fundamental equities, systematic investing, macro strategies, private credit, and venture capital. With thousands of employees and investment teams worldwide, the firm operates in a highly data-intensive and performance-driven environment, requiring scalable, secure, and resilient technology operations to support real-time decision-making and global financial operations.

Customer Challenge  

Although the customer had CyberArk PAM deployed, visibility into how privileged assets were actually used was limited.

Key challenges included:

• Inventory data without enough context
  The customer could retrieve data for users, safes, applications, and accounts, but that only showed what existed in the environment. It did not show how those objects were being used, which ones were inactive, or which ones were used most often.

• Need to correlate activity with CyberArk objects
  The customer needed to connect audit activity with users, safes, and accounts so they could answer practical operational questions more quickly. For example, they wanted to know which accounts had been inactive for more than 30 days, which safes had little or no activity, which accounts were used frequently, and which users were associated with those accounts.

• Limited visibility into privileged session activity
  The customer also wanted better visibility into Privileged Session Manager events. They needed to understand what session-related events were happening, who performed them, and how that activity changed over time.

• Need for actionable insights, not just raw data
  Simply pulling data into Datadog would not be enough. The customer needed dashboards that could turn raw PAM data into useful operational and governance insights.

• Need for flexible investigation
  Different teams wanted to analyze the same data in different ways. They needed the ability to filter by time, user, safe, account, and event type so they could drill into specific patterns and questions without creating a new report each time.

These gaps made it difficult to use CyberArk data for ongoing monitoring, governance review, investigation, and better utilization of the PAM environment over time.

Proposed Solution

Crest Data implemented its Datadog integration for CyberArk PAM to provide a centralized observability layer on top of the customer’s privileged access environment.

The goal was not just to bring data into Datadog, but to make that data useful. Crest Data combined inventory data, audit logs, and Privileged Session Manager events to create a more complete view of privileged access activity. This helped the customer move from static records to meaningful operational insight.

The solution delivered visibility across four core areas.

• Inventory Visibility
  

  The integration collected key CyberArk PAM inventory data, including users, safes, applications, and accounts. This created a structured view of the customer’s CyberArk environment inside Datadog.

  This inventory layer became the foundation for further analysis. Instead of looking at accounts or safes as standalone records, the customer could now use them as reference points for understanding activity and behavior.

  This helped answer basic but important questions such as what objects existed, how they were distributed, and which ones should be reviewed more closely based on usage patterns.

• Monitoring

  Crest Data designed correlated dashboards focused on practical monitoring and governance use cases.
  
  These dashboards did more than show counts. They helped the customer understand how privileged access was actually being used. For example, they made it possible to identify users with no activity in the last 30 days, safes with no activity in the last 30 days, accounts that were used frequently, and accounts that were used rarely.
  
  This was valuable from both an operational and governance perspective. Inactive or low-usage accounts and safes could be reviewed to determine whether they were still needed. That helped the customer reduce clutter in the PAM environment, simplify review processes, and identify objects that could be considered for cleanup.
  
  In the customer’s environment, this also supported PAM license cleanup efforts. By helping teams review unused accounts across a large licensed deployment, the dashboards made it easier to improve license utilization and align PAM usage more closely with actual activity.
  
  The dashboards also showed which users were using which accounts, how safe access changed over time, and how privileged activity was distributed across the environment. Because the dashboards could be filtered by time, user, safe, account, and event type, teams could investigate issues or patterns without needing separate custom reports.

• Audit Visibility
  

  To add behavioral context, Crest Data ingested CyberArk audit logs into Datadog and used them to build activity-based views.
  
  This allowed the customer to move beyond static inventory and understand how privileged assets were being used in practice. Audit data helped show which accounts were active, which safes were being accessed, which users were driving activity, and how usage patterns changed over time.
  
  With this visibility in Datadog, teams could review privileged access behavior more easily and investigate unusual patterns with better context. Instead of manually reviewing raw logs, they could use dashboards and filtered views to focus on the activity that mattered most.

• Dashboard-Driven Privileged Session Insights
  

  Crest Data also extended the solution to include deeper visibility into Privileged Session Manager activity.
  
  This gave the customer a clearer view of session-related activity, including what events were taking place, who performed them, and how session behavior changed over time.

To support this, Crest Data built correlated dashboards with widgets such as:

• • Users with No Activity (Last 30 Days)
  • Safes with No Activity (Last 30 Days)
  • Safe Access & Action Summary
  • User Activity Breakdown
  • Safe Access Activity Over Time
  • Privileged Session Manager (PSM) Events
  • PSM Activity by Users
  • PSM Events Over Time
  • PSM Event Details

These dashboards gave the customer both high-level visibility and detailed investigation capability. Teams could quickly spot dormant assets, heavily used accounts, unusual activity concentration, and broader access trends, then drill into the underlying data using filters.

Users could also slice the data by time, user, safe, account, and event type, making the dashboards flexible enough to support multiple teams and investigate use cases from a single view.

Outcomes & Success Metrics

The Datadog-based CyberArk PAM observability solution delivered clear value to the customer.

• Centralized Visibility

• • Created a single view for CyberArk inventory data, audit activity, and privileged session events.
  • Gave teams one place to analyze users, safes, accounts, and session activity.
  • Reduced dependence on disconnected data views and manual review.

• Improved Incident Response

• • Made it easier to investigate privileged access activity by linking inventory data with audits and session events.
  • Helped teams understand who used which accounts, what activity took place, and how access patterns changed over time.
  • Improved day-to-day visibility into privileged behavior across the environment.

• Audit & Governance Support
  • Supported access review and governance workflows by turning CyberArk data into actionable insights.
  • Helped identify unused or low-usage accounts and safes that could be reviewed for cleanup, rationalization, and better license utilization.
  • Improved traceability by showing what actions occurred, who performed them, and when they happened.
• Scalable Operations

• • Enabled reusable dashboards that could support multiple teams and use cases.
  • Allowed users to filter and investigate data without building separate reports each time.
  • Created a scalable model for expanding CyberArk visibility in Datadog as requirements evolved.

About Crest Data

Crest Data is a data and AI-driven technology solutions provider specializing in Cybersecurity and Observability. As an Advanced Datadog Partner, Crest Data helps enterprises modernize operations through scalable integrations, migrations, and insight-led observability solutions.

With 1,000+ professionals, 5,500+ successful projects, and 175+ global customers, Crest Data enables organizations to turn complex data into actionable insights, improved visibility, and secure operational growth.