BeyondTrust Endpoint Privilege Management Reviews

Typical use cases for BeyondTrust Endpoint Privilege Management include not providing credentials to the development team; instead, we provide the URL link. Once they click on the URL link, they should put their username and password with the Active Directory to get access to that machine, maintaining confidentiality regarding the password.

BeyondTrust Endpoint Privilege Management is usually used within the organization for applications such as accessing firewalls and router switches, with policies implemented by PAM to enable access.

For BeyondTrust Endpoint Privilege Management, the best features are the security measures we have, such as not sharing any credentials with employees in the bank sector.

For security purposes in BeyondTrust Endpoint Privilege Management, when employees are working in the system, we can make a recording of the video, showing the modifications and configurations they made, allowing us to see everything. The recording option is available.

BeyondTrust Endpoint Privilege Management positively impacts the organization by providing more security and benefits, such as ensuring that if modifications are made, we can see where mistakes occurred in the recording video.

The recording video in BeyondTrust Endpoint Privilege Management allows us to see modifications and mistakes, which is an advantage.

In future updates of BeyondTrust Endpoint Privilege Management, I would prefer to see features for Password Safe and VPN access, as we have applications for that.

Technical support for BeyondTrust Endpoint Privilege Management should be an enterprise edition; whoever is working in the bank sector for security purposes needs to be 100% secure on the servers.

There is room for improvement in terms of support.

I have been using BeyondTrust Endpoint Privilege Management for almost eight to nine months.

We need to do it from scratch to end for BeyondTrust Endpoint Privilege Management; we will not allow someone else to do it because the credentials and everything are very important. In this case, we are not allowing someone to do it. We will do it ourselves.

BeyondTrust Endpoint Privilege Management is very easy to use; if you know the process of cybersecurity, you will not experience downtime. It will not have downtime; if the power shuts down for the building, that is a different matter.

I rate the support of BeyondTrust Endpoint Privilege Management a seven out of ten.

I did not work with them much, but sometimes when you open the support for BeyondTrust Endpoint Privilege Management, it may take one hour or two hours to get a response by email.

It takes a maximum of one hour to get a response for support-related issues.

Positive

The installation of BeyondTrust Endpoint Privilege Management is not complex. If you understand the concept, it is very easy, but you should focus on Password Safe in BeyondTrust Endpoint Privilege Management for Smart Rule.

The installation does not take much time. It depends on the scope of work and how many endpoints we should merge on our PAM product.

If it depends on three to four servers, the installation is completed within 30 to 45 minutes.

In our technical team for BeyondTrust Endpoint Privilege Management, we have about 10 employees in the office, and we provided some AC engineers to the banks with almost around 70 users.

If it depends on three to four servers, the installation is completed within 30 to 45 minutes.

For deployment of BeyondTrust Endpoint Privilege Management, when you deploy the implemented OS, you should give it one hour. After that, you need to start the initial configuration, which requires a minimum time of one hour.

I did not work on the audit tools of BeyondTrust Endpoint Privilege Management because I just started.

I do not think it is necessary to lower the price of BeyondTrust Endpoint Privilege Management.

BeyondTrust Endpoint Privilege Management is a very good product for security purposes. I rate it seven out of ten.

There is room for improvement in terms of support.

In Bangladesh, BeyondTrust Endpoint Privilege Management (EPM) is widely adopted for securing privileged access across diverse IT environments—including Windows, macOS, UNIX, and Linux systems. Given the cost-sensitive market, BeyondTrust stands out as a preferred alternative to ManageEngine, offering robust security at a competitive price point.

Bangladeshi enterprises, particularly those in banking and finance, prioritize PAM solutions due to the frequency of cyberattacks targeting RDP and remote access tools. Many organizations mandate on-premises server deployments for compliance and control, a requirement that BeyondTrust fulfills effectively. Our testing and deployments in Bangladesh confirm its adaptability to local infrastructure needs and threat landscapes.

As a solutions integrator, we have deployed BeyondTrust EPM for multiple clients in Bangladesh and gathered direct feedback from their experiences. The solution has significantly enhanced their security posture by enabling centralized control over administrator and user access rights. Key benefits include:

• 
  Unified Visibility: Clients can monitor and manage all privileged activities from a single dashboard, simplifying oversight.
  


• 
  Automated Security: Features like password rotation and time-based access restrictions reduce manual effort and enforce compliance.
  


• 
  Secure Remote Access: Vendors can connect from any location within a controlled environment, with session recording for full auditability.
  


• 
  Real-Time Intervention: Administrators can immediately terminate suspicious sessions if abnormal or risky behavior is detected.
  

BeyondTrust EPM has proven to be a time-efficient and high-impact solution for Bangladeshi enterprises, particularly those prioritizing operational security and streamlined access management.

- Key Improvemnet 

✅ Clear Structure – Bullet points highlight specific benefits for readability.
✅ Local Relevance – Emphasizes real-world deployments in Bangladesh.
✅ Stronger Value Proposition – Focuses on measurable outcomes (time savings, risk reduction).
✅ Professional Tone – Suitable for public reviews while keeping it concise.

 In our deployments of BeyondTrust Endpoint Privilege Management (EPM) and ManageEngine PAM 360, several key features stand out:

Most Valuable Features:

Automated Privilege Elevation

Both solutions allow seamless permission elevation for approved applications.

Support for multi-condition access policies (approval-based, scheduled sessions) ensures flexibility.

Streamlined Auditing & Reporting

BeyondTrust EPM provides robust analytics and real-time alerts when unauthorized access is attempted.

ManageEngine PAM 360 simplifies compliance with Microsoft-integrated reporting (no extra ports/agents needed).

Ease of Management

ManageEngine requires minimal training, making it user-friendly for basic setups.

BeyondTrust enforces stricter login criteria and approval workflows, improving security at the cost of slight complexity.

Comparison & Verdict:

BeyondTrust EPM excels in threat detection (unauthorized access alerts) but has minor operational challenges.

ManageEngine PAM 360 offers smoother Microsoft environment integration with fewer setup hurdles.

Rating: 8/10 for BeyondTrust EPM—strong in security but room for improvement in usability.

BeyondTrust is a strong, compliance-driven solution with excellent market recognition (Gartner, Peers, etc.), making it appealing for Bangladeshi enterprises. However, some key improvements could accelerate adoption:

Areas for Improvement:

Pricing & Local Affordability

While the product’s capabilities justify its value, cost remains a barrier for many Bangladeshi organizations. Competitive pricing or regional discounts would make it more accessible.

Local Support & Partnerships

Currently, lack of local partners or trainers creates delays in support, implementation, and pricing negotiations.

Establishing a Bangladesh-based support team or authorized resellers would improve responsiveness and trust.

Enhanced Onboarding & Training

Offering localized training programs (in Bengali/English) and documentation would help IT teams deploy and manage the solution more efficiently.

Recommendations for Next Release:

Introduce tiered pricing for emerging markets like Bangladesh.

Develop a partner network in Bangladesh for faster service and sales.

Add simplified dashboards for easier monitoring by non-technical staff.

Final Note: BeyondTrust is already a top-tier PAM solution, but addressing these gaps would solidify its leadership in Bangladesh’s growing cybersecurity market.

I have extensive professional experience working with ManageEngine solutions. Currently, I implement and manage BeyondTrust and ManageEngine platforms (not Delinea) for privileged access and identity security. These solutions are widely adopted in Bangladesh for their scalability and compliance features in enterprise environments.

The product is stable enough and works smoothly.

BeyondTrust Endpoint Privilege Management is very scalable.

BeyondTrust support is reliable. I would rate support as a seven out of ten.

Many organizations in Bangladesh initially adopted ManageEngine PAM360 due to its affordability and Microsoft integration. However, several key factors drove the shift to BeyondTrust Endpoint Privilege Management (EPM):

Reasons for Switching:

Advanced Threat Prevention

BeyondTrust’s real-time session monitoring and automated intervention capabilities proved superior against Bangladesh’s rising RDP-based attacks.

Compliance & Audit Readiness

BeyondTrust’s granular access controls and video-recorded sessions helped financial institutions meet strict regulatory requirements (e.g., Bangladesh Bank guidelines).

Scalability Challenges

ManageEngine required frequent customization for large deployments, while BeyondTrust offered out-of-the-box scalability for enterprise environments.

Cost Efficiency Over Time

Though BeyondTrust’s upfront cost is higher, its reduced administrative overhead (e.g., automated password rotation) lowered long-term TCO for clients.

Advice for Bangladeshi Enterprises:

For SMBs: ManageEngine remains viable for basic needs.

For Banks/Enterprises: BeyondTrust’s security ROI justifies the investment, but negotiate localized pricing and demand on-prem support options.

The initial BeyondTrust setup presented moderate complexity for Bangladeshi deployments:

Technical Challenges

Required more port configurations than ManageEngine

On-prem server setup needed additional security hardening

Resource Intensive

Demanded 2-3 weeks for full deployment vs 1 week for ManageEngine

Needed specialized Windows Server expertise

Documentation Gaps

Lack of Bengali/local language guides slowed implementation

Pro Tip: Budget for 30% more time than vendor estimates for Bangladesh-specific network adjustments.

We see some return on investments from working with BeyondTrust Endpoint Privilege Management. We have not faced significant attention or disaster issues with BeyondTrust. When it makes sense, we will confirm how this application performs; within a short time, we can back it up. Money saving is the main part because every organization tries to reduce their costs.

BeyondTrust's pricing is premium but negotiable for Bangladesh. Expect 20-30% extra costs from currency/import factors. Start with modular licensing (EPM first), demand emerging market discounts, and account for 3X implementation costs. For banks: budget $ 25 K-$50 K; manufacturers: $ 8 K-$12 K. Always get fixed-price quotes from partners to avoid hidden charges.

Yes, we thoroughly evaluated multiple PAM solutions before recommending BeyondTrust to Bangladeshi enterprises. Here's our analysis of the competitive landscape:

Solutions We Considered:

ManageEngine PAM360

Pros: Cost-effective, easy Microsoft integration, simple UI

Cons: Limited advanced security features, scalability challenges

CyberArk EPM

Pros: Enterprise-grade security, strong compliance features

Cons: Complex setup, prohibitively expensive for most Bangladeshi firms

Delinea Secret Server

Pros: Good privilege session management

Cons: Weak endpoint protection, minimal local support

Why BeyondTrust Stood Out for Bangladesh:

Balanced Security & Cost: Offers 80% of CyberArk's capabilities at 60% of the cost

Hybrid Deployment: Supports both cloud and on-premise (critical for Bangladeshi banks)

Bangladesh-Ready: Works reliably with local infrastructure despite latency/power issues

Key Lesson: For most Bangladeshi organizations, BeyondTrust hit the "sweet spot" between security and affordability. However, we still recommend ManageEngine for SMBs with basic needs.

Based on our experience as an integrator:

Current Deployment Status

Live experience with ManageEngine PAM 360 (3 customers)

BeyondTrust only at POC stage – no production deployment yet

Customer Preference Trends

Testing revealed this priority:

1️⃣ ManageEngine (cost + usability)

2️⃣ BeyondTrust (security features)

3️⃣ Delinea

Key Tradeoffs Noted

BeyondTrust offers stronger security but has more complex dependencies

ManageEngine wins on admin-friendliness and simpler deployment

Market Perception

Some clients show preference for US-origin solutions over Indian products

Final Rating: 7/10 for BeyondTrust – robust but needs smoother implementation

I have experience with BeyondTrust as a solution where I have deployed PasswordSafe, VRA, and other products in the portfolio. I have also contributed to POCs and demos since I am working as a solution architect for FDC. BeyondTrust has been one of our main products, and our team is certified with the BCI certification. 

We aim to take the solution effectively to the market and discuss it with management. From a use case perspective, if I'm talking about an end user who is looking for visibility and control over the organization's endpoints, it tests permissions and determines who has access to which solutions or assets. 

APM provides a platform to enhance visibility from Active Directory connections to peer control of their endpoints within the organization.

One of the challenges within an enterprise environment with 250 to 300 users is ensuring data security across multiple solutions. BeyondTrust Bot Pro, for example, offers privileged access solutions. 

Administrators need a tool that provides visibility and clarity about endpoint management within the organization. This addresses the issue of managing privileged users, which is crucial for any administrator or higher management team to control. 

Integration of PAM with other solutions is a key selling point. BeyondTrust is capable of integrating with platforms like Ping Identity, making it compatible with Android and ready for integrations.

Regarding the feedback scenario, it's a tough question as I have thoroughly gone through the entire partner portal and library of BeyondTrust, as well as BeyondTrust University. 

I have also interacted with support whenever a ticket is raised, ranging from P1 to P3 or P2. Most end users and partners seem happy and content with BeyondTrust. The deployment of the solution is generally easy, flexible, and scalable. 

However, it can be challenging in certain environments, especially regarding management. Improvements could focus on adding more AI features to automate processes that are currently manual or challenging for end users. In some cases of competition, I have noted specific use cases where the recording of sessions was an endpoint for BeyondTrust, providing an edge for higher management. The ability to view recorded live sessions of specific users is a crucial benefit.

I have worked with BeyondTrust Solutions for about four and a half years. I have been working with APM for one and a half years.

Understanding the end user's environment and the operating systems they use is important. When discussing the endpoint solution, it involves onboarding users and ensuring they are part of EPM. 

In the future, granting access and ensuring permissions are authorized should be done via APM. I have talked to deployment consultants both within and outside the organization, and the consensus is that APM is straightforward and not complex. 

The initial understanding of the environment is crucial, followed by a simple deployment process.

When providing a license for BeyondTrust, a certain subscription support function is provided to end users based on the term, whether one, two, or three years. Support is critical, especially when challenges arise related to PAM. For example, if a new engineer joins the team and is unsure how to resolve a situation, contacting support provides immediate assistance based on the case's criticality. Subscription and support are essential.

There were differences, but now everyone is scaling their solutions. Talking about solutions like CyberArk, everyone is updating their technology, each with pros and cons. The market is diversified, with everyone matching solutions. 

With respect to password management or session recording, BeyondTrust was leading, but now CyberArk and others are also filling these needs. The X factor is becoming more challenging to maintain.

Understanding the end user's environment and the operating systems they use is important. When discussing the endpoint solution, it involves onboarding users and ensuring they are part of EPM. In the future, granting access and ensuring permissions are authorized should be done via APM. I have talked to deployment consultants both within and outside the organization, and the consensus is that APM is straightforward and not complex. The initial understanding of the environment is crucial, followed by a simple deployment process.

Understanding the end user's environment and the operating systems they use is important. When discussing the endpoint solution, it involves onboarding users and ensuring they are part of EPM. In the future, granting access and ensuring permissions are authorized should be done via APM.

I have talked to deployment consultants both within and outside the organization, and the consensus is that APM is straightforward and not complex. The initial understanding of the environment is crucial, followed by a simple deployment process. Speaking about AI, it is now an essential element of the EPM and remote support solutions offered by BeyondTrust. 

AI adds value by automating the onboarding of assets and using smart rules to assign privileges. This can be done by triggering a smart rule.

I am talking about compliance here. From an ROI perspective, the focus is on making the organization compliant with regional regulations. When questioned by auditors, having a PAM solution like BeyondTrust can confirm compliance. The biggest ROI is maintaining compliance with PAM regulations and effectively integrating BeyondTrust within the environment.

Setup costs vary depending on the scenario. Sometimes we win orders, and other times we lose due to partner preferences or deal scenarios. Customers may negotiate on price, understanding that quality comes at a price. If a solution fits a customer's budget, considerations must be made that it may not have all the features of more expensive solutions. You cannot expect to buy a premium product at a budget price.

There were differences, but now everyone is scaling their solutions. Talking about solutions like CyberArk, everyone is updating their technology, each with pros and cons. The market is diversified, with everyone matching solutions. With respect to password management or session recording, BeyondTrust was leading, however, now CyberArk and others are also filling these needs. The X factor is becoming more challenging to maintain.

I've already addressed this in different scenarios. Visibility and endpoint privilege access are crucial throughout the organization's asset directory to prevent data breaches. I give partners a simple use case: an administrator mistakenly grants critical app server access to a new user. A malicious attacker could exploit this oversight, however, with a VPN, organizations can monitor and restrict least privileges for users. 

I recommend BeyondTrust VPN for ease of deployment and management. The solution effectively resolves issues, even where admins cannot. With support from us and the distributor, customer challenges are minimized. 

I rate the overall solution eight out of ten.

I work with financials, communication companies, and other big companies in my country.

The first valuable feature is the stability of the solution. The appliance is stable, and I don't have many issues with backups or recovery. 

The user experience is good, and there are many preconfigured platforms. The platform has grown in the last year to provide more experience to customers. 

Another important aspect is the ability to move the solution to the cloud or install it on-premises, offering my customers flexibility.

There is a need for better MQ integration with DevOps and improvements in architecture. This is a key area for growth in the future. 

Furthermore, BeyondTrust could enhance in these areas.

I have been working with BeyondTrust for around 20 years.

The solution is very stable. The appliances are stable, and there are no significant issues with backups or recovery.

Customer service is acceptable. There is a lot of online documentation and knowledge base articles. They offer support around the clock, and responses are generally quick.

Positive

Some of my customers switched to BeyondTrust for more efficiency in PAM solutions.

The initial setup is straightforward for experienced users. The cloud system is particularly easy to install and manage.

For implementation, I typically need a project manager and one or two technicians. The roles involved include project management and technical expertise.

My customers have shifted to BeyondTrust for more efficient PAM solutions, indicating a good return on investment.

I compared CyberArk, BeyondTrust, and Bluelift.

Control of users and access is crucial for security against hackers. The product provides significant protection against malware. 

Overall, I would rate this solution a nine out of ten.

We deploy it for customers as part of ISO 27001, 27701, and HITRUST. We do managed QMS. We go into a customer that is specifically under a GDPR or HIPAA mandate where they use HITRUST to implement it, and we act as their PRRC (person responsible for regulatory compliance). We do the hands-on configuration if they are not in compliance.

We have two customers who use Privileged Management Broker 2.23 and Cloud Privilege Broker 21.3. The PM is a hybrid deployment and CPB is on public cloud in Amazon.

The use cases are all in regulated environments that have GDPR and HIPAA medical data. That includes third-party host transfer of credentials and entitlement across multi-cloud infrastructure. The latter is specifically in a medical environment where multiple clinics are acting under a single medical provider. Or it's a GDPR situation where we act as a PRRC for a company that is highly regulated in GDPR with a multi-country presence.

One of our customers has a branch in Toronto so they fall under a multi-regulatory scheme. That's where the multi-cloud infrastructure and the ability to visualize via the dashboard come in handy. That's why the product is useful for us. It gives us a centralized dashboard both for the Privileged Management and the Cloud Privilege Broker. That's why it was chosen.

In addition, de-provisioning of privileged access accounts can be done in minutes. If we need to de-provision someone, we can do it really quickly. And with Endpoint Privilege Management, admin rights can be granted and revoked within minutes. For us, everything comes down to that. The ability to revoke rights is one of the ISO mandates.

Overall, Endpoint Privilege Management provides an immense increase in security, as our 27001 reports indicate.

The most important factor is the ability to invoke least privilege, which is required under 27701 and GDPR.

We have used the solution to remove users' administrative rights and instead provide on-demand, token-based administrative rights. The latter is an option for a single, temporary increase in privileges for a trusted user for a specific time. We use it in a medical environment for HIPAA compliance or medical compliance in a GDPR case. For example, if you have a clinician who needs access to a specific piece of medical information, or if there is an administrator who needs to have administrator rights to a particular database for a limited period of time, we can give it and then revoke it. That's another reason the tool is useful.

Also, the fact that we are able to add events straight from event logs and/or the database is important for crisis management and rapid reaction. This ability helps us meet our SLA requirements.

In addition, we can elevate approved applications and actions without broad administrative rights. We can temporarily increase privilege based on tasks.
If someone puts in a ticket, we increase their privilege for that ticket. We then watch to see if that ticket has been resolved and then we decrease it.

Another feature of the platform is instant risk reduction solutions. We can do a risk metric with it, and we do that as part of our risk evaluation. We can increase and decrease privilege and we can actually show that in the ISO 13485 risk metric.

And it provides a single solution for managing endpoint security preferences. It does a good job of that.

There is room for improvement in having the solution align more with standards. We're always shoehorning the product into the standards. It's not that it doesn't work for standards, it does. But Quick Start Policies are pretty close to what we need. The vendor needs to keep looking at GDPR, 27001, and 27701. That's why our clients buy the product.

Having templates available to implement this product against the various standards and the mandates that are actually forcing this product's purchase would be really nice. There are some templates, but it would be better to have more.

The solution has been stable so far.

It's scalable, as far as I can tell.

Each of our clients has between 136 and 300 users, depending on the size of their clinics. The extent of use and whether our clients will increase their usage of the solution totally depends on the practices and business plans.

So far, the technical support has been good. We haven't had problems with the support and we haven't needed it much.

Positive

We used RSA Access Manager. The switch was made because this solution works better in a cloud environment.

The implementation is fairly straightforward. AWS works well. Deployment takes about a week. 

Our implementation strategy was by the book. We didn't have to go too far out of the box. Our clients bought it. I walked them through it. They had a little bit of pain, but it wasn't so bad.

Our clients are using between six and 12 individuals just to maintain this, partly because it has a huge compliance overhead and partly because, as PRRC, I require that. 

ROI is compliance from non-compliance, specifically on Azure. Microsoft uses compliance as a gateway to sell in its marketplace. One of my customers could not sell in the Microsoft Azure Marketplace without the compliance and they use this product to be compliant. This product effectively acted as a gatekeeper.

RSA was one of the products we evaluated. The IBM product was another. BeyondTrust was chosen simply because of the ability to give and remove privileges quickly. That was the main difference. From an ISO 27701 standpoint, that is the difference maker.

I give the solution a nine out of 10 because it has some features that other products don't have yet, differentiation that sets it apart in the marketplace. The solution is able to get some companies to a compliance standpoint they would not get to otherwise. Those features are a centralized dashboard and the ability to issue and revoke entitlements within minutes. That makes a difference.

Hire someone who knows the standards and knows how to align the product against the standards. That ability is why you should buy this product. The product is really good for GDPR, HIPAA, and medical compliance. I also like it for risk reduction. I can take a customer that is non-compliant with 27001, an organization that failed their registrar audit, and get them to compliance with this product fairly quickly; in half a year. That's good.

Policy changes could be easier and better aligned with HITRUST and GDPR, although we can do them. We don't do a whole lot of whitelisting since everything we do is regulated. Part of what I have to do is all my own policy changes for the HITRUST GDPR.

We have around 700 assets on-premise and more than 500 assets on the cloud. We have many vendors all over the world. We have 200 people in the IT department. Everyone has to go through the solution to access and manage servers. We can access the assets through BeyondTrust regardless of where we are in the world.

The product is secure. It has a separate PAM portal where we can put all the passwords. It has a secure and isolated LAN. We are using it to log in to the servers.

We face challenges with SSL inspection. If anything intercepts the tool from outside, the tool disconnects itself. We faced some challenges with remote desktop sessions. Our vendors have their own service accounts to log in to the applications and Windows. The accounts get locked often. It is the only challenge we face.

The tool is stable. I rate the stability an eight and a half to nine out of ten compared to the Broadcom solution we used before.

I rate the tool’s scalability an eight and a half to nine out of ten. It is very scalable. We have 1000 to 1500 users.

The technical support is very supportive. The support persons help us every time we ask them for help.

It's very easy to implement the tool on-premise and on the cloud. In the beginning, the setup was a challenge. We had a lot of sessions with the support team. Now, it is fine. We faced a bit of a challenge to set up the product because there are two components. BeyondTrust Password Safe is only for passwords. BeyondTrust Endpoint is for access management. It provides access to the public. Different products need different teams and vendors. It took us three to four months to implement the solution. We still deal with patches and fixes.

We pay a yearly license fee.

We have installed servers where all the applications are published. People open the published application and use it. Integration is easy. We faced some challenges in the beginning, but now it is fine. The product is mature. We have a lot of demand for the product in our region. I recommend the product to everybody. Banks also use the solution. They recommend it, too. Overall, I rate the product an eight and a half to nine out of ten.

I find the comprehensive Privilege Access Management features valuable, including automation, and the ability to integrate with applications and the Windows operating system.

The weaknesses are related to the effort required to migrate from existing technologies or having no Privilege Access Management (PAM) at all to adopting technologies like BeyondTrust. It involves changes in processes and can take a significant amount of time, typically six to twelve months.

I have been with this solution for about ten years. In my current company, my customers are using it. In my previous company, I was the actual customer.

It has been stable.

It is a scalable solution. I would recommend it for both smaller and larger companies.

The customer service and support were always very good. When I was a customer, we had a systems integrator partner who handled technical issues, and they were skilled and knowledgeable about the technology. As long as you have good support either from BeyondTrust or a capable systems integrator, it should work smoothly. Everything is fine from a speed of response perspective.

Positive

I was using CyberArk. While both products achieve the same goal, they differ significantly in their architectures and how they integrate with applications. It's challenging to make a direct comparison, but they essentially do the same things.  

Apart from pricing considerations, BeyondTrust is a newer product, and therefore it's more agile and has a more solid approach.

CyberArk is obviously the more mature market leader in the PAM space. They have a lot more experience and a larger pool of people with CyberArk skills in the marketplace. So if you are looking for a more mature product, then CyberArk would probably be the better choice.

The complexity of the initial setup depends on the organization it's applied to. If an organization has a complex IT environment with multiple applications or legacy systems, it can be quite complex. However, if an organization mostly uses cloud-based applications, it's relatively straightforward.

The PAM market overall is quite highly priced. It's a necessary expense, but both BeyondTrust and CyberArk are on the expensive side.

Make sure you have a thorough understanding of your environment, assets, and applications before considering any product like BeyondTrust or CyberArk. If you don't understand your assets and the applications you're trying to protect, you may encounter issues.

Overall, I would rate the solution an eight out of ten. To push it to a ten, improvements in pricing and easier integration into legacy applications would be beneficial.

We are using it in our organization for whitelisting a set of applications. In addition, we provide access in terms of access rules from low flexibility to higher flexibility. We also have various other use cases.

It is a cloud product. It is completely on BeyondTrust's cloud. They're using some cloud product, and we're just accessing the console from our end. We haven't deployed it on our cloud provider.

In terms of the version, the client version is 21.7, and the adapter version is 21.8. That's the latest one that we are testing right now.

It is helpful for security. We have thousands of applications and a lot of users who are using these applications. We don't have to provide each and every user admin rights to install those applications. We can just whitelist those applications and provide them to the users. We don't have to provide admin rights to the users, which makes it secure because once the users have admin rights, they can do anything on their devices. We don't have to provide them with admin rights just for installation purposes. We can just whitelist those applications in the environment, and we're good.

It is very important that we can add events straight from event logs and/or the database. Those logs are used for creating rules.

It allows us to elevate approved applications and actions without broad admin rights. It reduces the support tickets because a user is able to use applications without any problems.

It has reduced the tickets for application installation. We don't get any tickets because an application first gets analyzed and only then gets deployed in the production environment. So, if there is any issue regarding the deployment of an application, it gets sorted out initially, and we don't get any support tickets related to that. It has reduced the support tickets from the end-user perspective.

By reducing the number of tickets, it has reduced desktop support costs. From the application perspective, whitelisting and other things are handled remotely once, which reduces the support tickets. When the support tickets are reduced, the workforce required to attend to and resolve those issues is also reduced. The cost savings depend on the number of applications you have in your environment and the number of users you are dealing with. 

It provides a single solution for managing endpoint security preferences. Its impact on our endpoint management operations is good. We don't have to provide admin rights to all the users. It has increased the security of the environment, and it has reduced the exposure score from the vulnerability perspective. It is a very good solution. It has improved our security posture.

The whitelisting feature is valuable. It is a good feature. My organization is using more than 10K applications, and we are using EPM to whitelist applications in our environment and allow those applications to provide some tokens and make them work. If users want to install an application on any device, instead of giving rights to them, we basically whitelist that application, and we provide the token to the application so that they don't prompt for elevation.

The logs are also good. Logs that get collected on the Privilege Management console from the agents are very good. They help us to identify the aspects from which we have to whitelist an application.

It keeps on breaking every now and then. It is not yet mature. Every time something new comes up or we run into some new issues, the culprit is BeyondTrust because the agents and the adapter are not mature. The new development process goes on, and they're not able to handle things. It should be mature. It shouldn't break every now and then. 

Their support members should be very proactive in responding and providing the resolution. Their support team takes a lot of time to resolve the issues.

When it comes to whitelisting and implementing policy changes, if the application doesn't have the complete set of parameters based on which you whitelist an application or application is still under development and the versions keep on changing, that sometimes creates problems because you have to revisit the rules again and again. That could be simpler.

It has been a year since I have been using it.

It is not a stable product. 

It is scalable. We are going to use it for 100K users. Currently, we have 10K users, but we have seen a lot of instability in the product.

Some of them are very good, and some of them are not good. Sometimes, you get a quick resolution, but sometimes, it prolongs for a month or even more than a month. I would rate them a seven out of ten.

Neutral

It was complex because every organization has its own needs. Initially, we were looking for some solution, but they didn't have that. We had to work around that, and finally, we devised a solution. It was a little bit complex for us to achieve what we were looking for. It took about a month.

It doesn't require much maintenance. The upgrades are done at the backend by BeyondTrust. So, there is not much, but for testing, three to four people are enough. They are from the operations teams.

BeyondTrust Endpoint Privilege Management has the flexibility to enforce privilege across Windows and Mac endpoints as well as Unix and Linux machines, but I've only worked with Windows machines. So far, we have had a good experience.

I would recommend this product. It is a good product, but it needs to be more mature. Overall, I would rate it an eight out of ten.

I was part of the project, I collaborated with a Privileged Access Management consultant and incorporated it with their existing password safe from BeyondTrust. This allowed for a comprehensive approach to security within the designated area of focus.

When it comes to FSO security, a prevalent objective is the removal of admin rights for users and many security teams aim to transition users from admin to standard status, even while ensuring the seamless operation of critical business applications. Challenges arise as some users find it difficult to complete their tasks without admin rights. Avecto Defendpoint addresses this by allowing specific business applications to run with elevated privileges through the Advantage Token. Striking a balance, it empowers users in standard mode to run essential business applications with the necessary admin rights, while maintaining a secure posture.

The notable aspect is its ability to capture the application's behavior comprehensively and this thorough analysis is crucial for effective policy management. During troubleshooting, the event capture feature, known as PG capture, proves invaluable. By leveraging this functionality, administrators can quickly identify processes through Windows Event Viewer. The obtained insights from these events can be utilized for immediate problem resolution. Furthermore, the reporting feature facilitates the seamless addition of policies based on the gathered information, making it a standout and practical feature. In the event of attackers attempting to execute malicious files that require admin privileges, it intervenes at the initial stage, blocking such attempts outright. The incorporation of a chat feature and the adoption of BeyondTrust's Trusted Application Protection further enhance security measures. Organizations often opt for implementing policies from this application suite, safeguarding fundamental applications like Office, Adobe, and browsers.

When working with the on-premises installation, the reporting process posed challenges, requiring the installation of SQL. The differences between EPO reports and the reporting console were observed, prompting a desire for equivalence, especially in specific report types critical to customer evaluation. Aligning these features across platforms would enhance the overall reporting consistency and user experience. A valuable enhancement could be the capability to deploy agents directly through the console. While it might not currently fall within the scope of the product, having the ability to uninstall or install agents seamlessly through the console would be a beneficial feature.

I have been using it for six years.

It is notably stable, especially evident through its tamper protection feature. Even attempts to tamper with the product, such as through registry settings, proved unsuccessful in our testing, attesting to its robustness.

The ability to seamlessly uninstall or install agents through the console would be highly advantageous. Presently, dependency on SSE for scalability and deployment tasks involves setting up groups and pushing tasks to endpoints, including the configuration of policies for certificates.

Their support was excellent, providing valuable responses within a few hours. However, during the transition period, typical of major changes, responsiveness slightly declined, taking a day or two to receive a response. Fortunately, things have improved, and we now receive prompt responses.

CyberArk is a significant rival, offering a multitude of features, some of which may not necessarily align with the fundamental needs of the customers. Avecto Defendpoint, on the other hand, caters to the precise requirements articulated by the customers. This thorough comparison involves not only feature sets but also financial considerations and other pertinent aspects.

The initial setup is straightforward, requiring the fulfillment of certain prerequisites. This includes setting up ports and, if opting for reporting through SQL, configuring the SQL server along with the necessary accounts. When all these prerequisites are in place, the implementation process is smooth and not overly complicated.

The process involves several steps, starting with initial discussions to understand the existing infrastructure and identifying the necessary knowledge about the current state. Subsequently, approvals need to be obtained from relevant workflow departments based on the proposed changes. Once the groundwork is established, the next phase entails getting the servers up and running for it. The decision-making process then extends to choosing the appropriate deployment model, whether on-premises or in the cloud. For customers with the Password Safe, considerations regarding the Password Safe console come into play. This comprehensive approach ensures a thorough understanding of the client's requirements before making informed decisions about the deployment. Our process typically involves progressing from Proof of Concepts to real-time production deployment. The entire timeline for this transition spans approximately three months.

By consistently reviewing and adjusting policies, and implementing stringent measures, this product can provide enhanced security, ensuring a substantial return on investment.

It is relatively more cost-effective compared to the competing product.

When evaluating this product, it's more effective to base the assessment on your specific use cases rather than comparing it to other products. If the product aligns with ninety percent of your use cases and meets your needs, it would strongly indicate that proceeding with this product is a favorable choice. Overall, I would rate it eight out of ten.

We use it primarily for Jamf Pro. Most of our users who use Jamf Pro are on Mac. We work on artificial intelligence and machine learning, specifically for the military and healthcare sectors. We have developers and many DevOps professionals who use MacBooks. We manage Jamf Connect and Jamf Pro, and since developers need admin access on their MacBooks to execute code and perform coding tasks, we can't give full admin access to everyone in the company. 

We use EPM (Endpoint Privilege Management) as the agent, which communicates with the server and is deployed on the machines. The agent follows specific rules defined on the server. Users on Mac can only use these 100 specified commands. Anything beyond those commands won't work. 

We provide limited privileges, such as changing Wi-Fi or network settings, but users cannot create admin accounts on the machine. However, as an administrator, I can create admin accounts using EPM. But we have restricted that option in APM (Application Privilege Management). If you have admin access, you can create an admin account, but it will automatically be downgraded to a standard account. These are the situations we have implemented using EPM.

The most valuable features are the development tools. We use them for coding, such as VS Code, iTerm, and Brew. These activities often require sudo access to execute the code. So, we have granted sudo access to standard users through EPM.

BeyondTrust EPM is a very complicated tool. When I started using it, I struggled for six months just to configure it. It's not straightforward and requires more improvements, especially in the console. Currently, there is no console option available in BeyondTrust Endpoint Privilege Management. In comparison, other tools offer a simple certificate management system in Windows Server. I'm not familiar with Linux since we primarily use Windows. In Windows, we just open the console for application management. We open a browser, log in, and access the console interface.

However, with BeyondTrust Endpoint Privilege Management, it's different. It's a certificate-based tool where you have to double-click the certificate to bring up the user interface. Unfortunately, the user interface (UI) is very ugly. But when it comes to the tool's features, they are awesome. The tool's features are awesome.

The only drawback is they need to improve the UI. They should have the option to access a console and report. Yes, the reporting is also very bad. Let's say I want to export a file from BeyondTrust EPM to see how many devices we have given admin access to with high or medium flexibility; I cannot export that information. I cannot export. I always take screenshots. There should be an option to simply click "export" and have an Excel file. So, those improvements are required in the UI. 

Since BeyondTrust is not used by many companies, there are very few companies that use this product, and it's also very expensive by the way. It was very expensive.

Moreover, they should have a good portal, like Jamf has Jamf Nation. If you have any issues, you can find help there. But with BeyondTrust, since very few people are using it, there is no community to help each other.

And on top of that, it's a very complicated tool to implement. These are the things that, in my opinion, they need to improve. But when it comes to the features, whatever you are paying for, you are getting your money's worth.

We have been using BeyondTrust Privilege Management for two years. I first used it at my previous company. We are using version 2.12.

Stability is good. 

Scalability is good. I would rate the scalability a nine out of ten. There are around 600 users in our organization using BeyondTrust. I can say around 50% of total users are using BeyondTrust Endpoint Privilege Management.

The initial setup was very difficult. Even if you are an expert in EPM, it is still very difficult. It's not straightforward like Jamf.

The deployment was done in-house. Moreover, it will take time, actually. Let's say you are an expert. Maybe it will take months or two months to deploy.

I would advise if you're using BeyondTrust Endpoint Privilege Management for the first time, seek professional services directly from BeyondTrust, not from a vendor or supplier role. Take professional services directly from BeyondTrust EPM.

Overall, I would rate the solution an eight out of ten because I'm also missing something on the pricing side. I'm missing something on the configuration side. Those things are missing.