BeyondTrust Endpoint Privilege Management alternatives and competitors

I have been working with CyberArk for the past five years. I do installations, support, and presales.

We have installed the CyberArk solution and have been using it as a PAM solution.

The main reason for having the solution in place is to isolate and monitor all previous activities that have taken place within the organization. The second thing is to make sure all the previous accounts have been onboarded to the solution and accurately monitored as well as passwords have been managed as per the policies defined. The third thing is to make sure users are unaware of their previous account passwords. Those should be centrally stored and located in one of the solutions where we can manage them per our policy or ask users to raise a request for internal workflows on the solution, in case of any emergencies. The last thing is for managing the service account passwords.

Initially, the IT team and other teams used to access the servers manually. Now, because of this solution, everyone is onboarded on the PAM and we can direct all sessions to the PAM. Also, we have control of all decisions and activities being performed. Along with that, we are satisfying audit requirements with this because we are getting reports to track what we need to comply with any regulated requirements. 

We have an option for protecting various kinds of identities. It also provides you with a medium for authenticating your systems, not only with passwords, but also with the PKI certificates and RSA Tokens. There is also Azure MFA. So, there are many options for doing this. It has a wide range for managing all security identities. 

The most valuable feature is CyberArk DNA, which is an open-source tool used for scanning all servers, like Linux or Unix. We can get a very broad idea of the scope and picture of the servers as well as their predefined vulnerabilities, the service accounts running on them, and the dependent accounts running on those services. We get a very wide scope for all our servers and environments. 

There are some other options like Privileged Threat Analytics (PTA), which is a threat analytics tool of CyberArk that detects violations or any abnormal activities done by users in the privileged solution. This tool is very unique, since other PAM program solutions don't have this. This makes CyberArk the unique provider of this feature in the market.

It is very easy to maintain passwords in the solution, instead of changing them manually or using other tools. So, it is a centralized location where we have accounts and passwords in a database based on our defined policies. 

Product-wise, CyberArk is continuously improving. For the last two years, it has brought on new modules, like Alero and Cloud Entitlements Manager. Alero gives VPN-less access to the environment. So, there are many new things coming into the market from CyberArk. This shows us that it is improving its modules and technology.

We can integrate the solution with any other technologies. This is straightforward and mostly out-of-the-box.

For DevOps, we are using Conjur with a Dynamic Access Provider. We use those modules to make sure identities on other environments have been secured. For Azure and other cloud environments, we have out-of-box options where we can do some little configuration changes to get those identities secured. We have a process of managing these identities for RPA as well.

It has a centralized page where you can manage everything. This makes work easier. You don't have to remember different module URLs or browser applications. It is very easy to get all the secure identities of other environments into a single page, which is very important for us as it helps a lot in terms of operations, e.g., reduces management time. This is a single page where you can manage all accounts and onboard them to the CyberArk. You can then secure and see passwords from everywhere. So, there is a single pane of glass where you can manage all the identities across environments as well as across different types of identities.

We have a module called Endpoint Privilege Manager (EPM) that is used for the endpoint, managing the least privilege concept on Windows and Mac devices. We also have On-Demand Privilege Manager (OPM), which is used on UNIX and AIX machines. Using these modules, we can achieve the least privilege management on endpoints as well deploying on servers, if required. 

The continuous scanning of the assets is limited to Windows and Unix. We like to have the solution scan any databases, network devices, and security devices for privileged accounts. That would be very helpful. 

For least privilege management, we need a different level of certification from privileged management. Least privilege management comes under endpoint management. It takes time to get used to it, as it is not straightforward.

I have been well-versed with the CyberArk product for the last five years of my career.

The solution is very stable. 

Once the project installation was done, we put this product into the environment based on the policies that we defined, but it had initial hiccups. The policies that we defined might have hampered and raised issues, but the product is very stable.

The solution is very scalable. The landscape gets improved every day. It is scalable because it integrates with Azure, AWS, and other cloud solutions. Also, we have modules that work for DevOps, Secrets Manager, and Endpoint Privilege Manager. So, CyberArk is not just a PAM. It covers most of the products in the threat landscape. We do not worry about scalability in terms of CyberArk.

Our primary support is partners with whom we are interacting throughout the project. Then, if an issue is not yet resolved, we will raise a case with CyberArk support. They have certain SLAs that they are following based on the seriousness of an issue. The response will be according to that. 

The support is good.

Positive

We didn't use another solution before we bought this one.

The initial setup is straightforward. They have done major reforms on the installation process, so now we have automatic installations. We just have to run a particular script, and that does the installation for us. We also have a manual installation and that is our legacy process. So, we have both options. It is up to the customer how to move forward, but it is pretty straightforward. 

RNS did the installation for us. Our experience with them was pretty good. They followed all the processes per project management standard. They tracked all the activities, making sure the project was delivered on time, which was good.

One dedicated person is enough for the solution's maintenance.

CyberArk DNA is free if you purchase the CyberArk solution. There is no additional charge for CyberArk DNA, which is great.

Before, I used to work as a system integrator. I looked into other PAM solutions, like ARCON and BeyondTrust.

Make sure your use cases are covered. Go for a small PoC, if possible, to make sure that all your use cases are covered and delivered per your expectations. Check whether the solution is on-prem or Azure and the resource utilization needed for implementation. For your IT expansions in future, check whether you will need any additional modules in future or if the existing ones will meet your future requirements.

With Secure Web Solutions, we could access any web applications from a PC. It was like a native tool where you could browse from your Chrome or any web applications, and the applications would be routed to the CyberArk where it was securing the web applications and access. However, this product was deprecated last year so it is no longer supported from CyberArk's point of view.

I would rate CyberArk PAM as nine out of 10.

I primarily use the solution for PRAM management, privileged access management, and other similar tasks as well. We submit credentials and replicate and post them directly behind the scenes. There's also some session monitoring and issue recording, etc. that we handle.

The session monitoring and session recording aspects of the solution are valuable to us. The fact that, as a support, you can actually monitor sessions on the fly is really helpful. A lot of sessions are live. Therefore, if anything happens within the session, there is an alert, and the security can terminate the session. 

The fact that you can go back to any other session according to user or sequence, is quite useful. You can get a nice audit of the recording sessions. It's quite deep and quite useful.

Users are able to whitelist commands. It's very helpful.

The solution provides security for certain tasks as well. There's also regression on items like passwords.

The user interface is quite good. It's very straightforward.

The reporting is very powerful.

The solution is very good at improving based on customer feedback. If, for example, a customer asks for updated functionality, the next version will likely fit the requirements or requests. They're very responsive in that sense.

There could be tweaks here and there. For example, instead of going to one main function to do this and another main function to do that, the solution could remap the user interface so that a person only has to go through one function. The way that function branches off should make a bit more sense.

I'd like to see more automation on parts of the solution that cover APIs and disk space. There should be more automation in terms of what's out-of-the-box. It would help some customers as not all of them are knowledgable and well-skilled. It would make it easier for the layman.

I've been using the solution for one year.

The solution is pretty stable.

The solution is highly scalable. The architectural deployment is quite flexible. You can deploy it on multiple sites, you can do your load balancing, you can do your SQL storing, etc. It gives you various architectural deployment and flexibility options. It's very powerful.

We've been in touch with technical support in the past and they've been very helpful. We've been satisfied with their level of support.

We didn't previously use a different solution. This is my first foray into PRAM management and enterprise solutions.

The initial setup is pretty straightforward. We didn't find it to be overly complex in any way.

I did look at a few other companies and compared a few different features before choosing this solution. I looked at FireEye, BeyondTrust, and CyberArk.

I have a lot of hands-on experience with the solution and I present it to customers and do all the POCs for them.

I'd recommend the solution and advise others to look at cloud options, as most companies are moving to the cloud anyway right now. It's flexible, so users can deploy it both on-prem or on the cloud. There are lots of great custom features and network monitoring capabilities.

You can also patch the privileged behavior and it will, on the fly, give you nice digital printouts with privileged behavior also. If your system admin or one of your admins suddenly acts strangely, even at 2 AM on a Sunday, it will flag that because that's not normal behavior. That's due to the fact it has a lot of powerful machine learning built into the solution as well.

The endpoint application control of the privileged manager is powerful because of the authorizations, etc. The privileged manager can ensure that you actually are able to manage everything very well - everything from user privileges to admin. You can even escalate items easily.

I'd rate it nine out of ten, just because there's always room for improvement. However, for my purposes, it's a fantastic solution.

We prefer not to talk about our use cases for security reasons.

Overall, aside from the lack of password management, this solution is the best. It's a very good product.

The solution needs more work on the password management side of things. Password management is a big challenge for us, and I would like to improve this aspect. We're finding that BeyondTrust is better in this regard, which is why we're probably going to migrate over. It will offer better security I think.

I've been working with the solution for the past two and a half years.

The stability is really good on this solution. This product is really amazing. But in terms of our security, password management is a little bit of a worry for us. Security-wise, we need to change the password frequently. This product only has options for changing the password once a week, every two weeks, two days, or three days. Our recommendation is whenever users want to access the target server, they have to, every time, change the password. So this option is not available currently and it's a weak point.

The solution is scalable, but the security level doesn't increase. That might be an issue for larger companies and continues to be an issue for us. Still, we consider it to be a very good product.

We use this product quite extensively and on a daily basis.

We've made contact with the technical support team on multiple occasions. We even reached out about increasing the password security protocols as an added feature and they said they would consider it, however not much has changed there. They said they were going to release it as a new feature in the next release. That never happened. It's the reason we're looking at another product. It would have been great if they actually responded to their client's needs a bit more.

The initial setup is very straightforward. It's not complex at all.

We handle every aspect of the solution, from deployment and troubleshooting all the way through to managing and accounting. I personally have an administrator-level certification so I know personally how to handle the implementation of the solution and how to work everything in the background.

Deployment takes a maximum of two hours. It's not a long process.

We were able to implement the solution in-house using our own team. we didn't require the assistance of any integrators, resellers or consultants.

We're customers; we don't have any relationship with the business. We're not a reseller or anything like that. We just use the product.

Currently, we're using the solution. However, it's our intention to migrate to BeyondTrust in the near future.

Currently, we are using the latest version of the solution.

I'd like new users to know that the deployment really is quite straightforward, and it's easy to manage and troubleshoot. It's simple to restore the database within minutes if necessary as well. There are some great features that are available on the solution that makes it a worthwhile addition to a business. For us, security remains a concern, and password management is lacking. If an organization shares those concerns, this may not be the perfect solution for them.

Overall, I would rate the solution eight out of ten.