BeyondTrust Endpoint Privilege Management OverviewUNIXBusinessApplication

BeyondTrust Endpoint Privilege Management is the #7 ranked solution in top Privileged Access Management (PAM) tools. PeerSpot users give BeyondTrust Endpoint Privilege Management an average rating of 8.2 out of 10. BeyondTrust Endpoint Privilege Management is most commonly compared to CyberArk Endpoint Privilege Manager: BeyondTrust Endpoint Privilege Management vs CyberArk Endpoint Privilege Manager. BeyondTrust Endpoint Privilege Management is popular among the large enterprise segment, accounting for 65% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.
BeyondTrust Endpoint Privilege Management Buyer's Guide

Download the BeyondTrust Endpoint Privilege Management Buyer's Guide including reviews and more. Updated: June 2023

What is BeyondTrust Endpoint Privilege Management?

BeyondTrust Endpoint Privilege Management enables organizations to mitigate attacks by removing excess privileges on Windows, Mac, Unix/Linux and networked devices. Remove excessive end user privileges and control applications on Windows, Mac, Unix, Linux, and networked devices without hindering end-user productivity.

Key Solutions Include:

-ENTERPRISE PASSWORD SECURITY

Discover, manage and monitor all privileged accounts and SSH keys, secure privileged assets, and report on all privileged account activity in a single solution.

-ENDPOINT LEAST PRIVILEGE

Enforce least privilege across all Windows and Mac endpoints, gain visibility into target system vulnerabilities, and control access to privileged applications without disrupting user productivity or compromising security.

-SERVER PRIVILEGE MANAGEMENT

Gain control and visibility over Unix, Linux and Windows server user activity without sharing the root or administrator account.

-A SINGLE PLATFORM FOR MANAGEMENT, POLICY, REPORTING AND THREAT ANALYTICS

Utilize a single solution to manage PAM policies and deployment, understand vulnerability and threat analytics, and provide reporting to multiple stakeholders and complementary security systems.

Learn more at https://www.beyondtrust.com/privilege-management

BeyondTrust Endpoint Privilege Management was previously known as BeyondTrust PowerBroker, PowerBroker, BeyondTrust Endpoint Privilege Management for Windows, BeyondTrust Endpoint Privilege Management for Mac, BeyondTrust Endpoint Privilege Management for Linux, BeyondTrust Endpoint Privilege Management for Unix.

BeyondTrust Endpoint Privilege Management Customers

Aera Energy LLC, Care New England, James Madison University

BeyondTrust Endpoint Privilege Management Video

BeyondTrust Endpoint Privilege Management Pricing Advice

What users are saying about BeyondTrust Endpoint Privilege Management pricing:
  • "Its pricing and licensing are okay. We were in the perpetual model when it was on-prem, and now, with the SaaS service, we have a subscription model. As a customer, I would always like to see a lower price, but it seems to be priced at the right model currently, and we are trying to get the maximum benefits out of it."
  • "Price-wise, it is very competitive. In our area, government entities and banks don't go for the monthly payment. It is a headache even for us in terms of finance and procurement to go for monthly payments. Quarterly might be more logical and reasonable, but the minimum that we go for is one year, and sometimes, we even try to compile and give one offering for three years."
  • "The product’s licensing is different for Windows, Linux, and Mac. The tool’s licensing is yearly."
  • BeyondTrust Endpoint Privilege Management Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Sr. Manager Cyber Security at a manufacturing company with 10,001+ employees
    Real User
    Top 20
    A simple and flexible solution for controlling the access and improving the security posture
    Pros and Cons
    • "The privileged access and the application control are helpful in making sure we have good, robust challenge responses. Blacklisting with trusted application protection is also beneficial for us."
    • "Reporting analytics is one of the areas that can be improved. It is a new cloud-based solution. So, many more specific reports can come out natively. Currently, we get all the events, and we put them in plug-ins. From there, we generate our own design of reports. If there is a much more solid or robust reporting analytics framework within the product itself, it would be helpful."

    What is our primary use case?

    Its use cases are mostly around all the 65,000 endpoints. The use cases are mostly for privileged access and the application control across all endpoints throughout the organization to make sure we have the least privileged model with zero-trust enabled at the endpoints.

    We started with on-prem, but now, we've moved to the SaaS cloud.

    How has it helped my organization?

    It has helped in multiple ways. We have more than 30 years of legacy of having local admins on our endpoints. With this solution, we have removed the local admins from the users. Now, we are giving them privileges on their machine only for the applications and not for everything. It has reduced the unwanted risk and increased the security posture. 

    It also helps with some robotic process automation. It helps with certain actions that we have been engaged in for certain RPA-type behaviors.

    We are able to increase the security by blocking a lot of applications, such as encrypted chat applications and blacklisted applications. Data exfiltration is a big concern in our company, and this solution helps us to tighten up those controls in many different ways. We are able to control the access.

    What is most valuable?

    The privileged access and the application control are helpful in making sure we have good, robust challenge responses. Blacklisting with trusted application protection is also beneficial for us.

    What needs improvement?

    Reporting analytics is one of the areas that can be improved. It is a new cloud-based solution. So, many more specific reports can come out natively. Currently, we get all the events, and we put them in plug-ins. From there, we generate our own design of reports. If there is a much more solid or robust reporting analytics framework within the product itself, it would be helpful.

    One of the requirements that I've already expressed is that they can unify the clients. We have got two clients: one for the iC3 adapter and one for the Defendpoint client itself within the EPM product. iC3 is used for connection to the SaaS or cloud, and Defendpoint is the actual product that does all the local admin privilege management. They can just unify them. 

    Buyer's Guide
    BeyondTrust Endpoint Privilege Management
    June 2023
    Learn what your peers think about BeyondTrust Endpoint Privilege Management. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
    708,461 professionals have used our research since 2012.

    For how long have I used the solution?

    We've probably been using this solution for three years.

    What do I think about the stability of the solution?

    In the on-premise version, stability is okay. However, it takes time to sync up policies. That's because it depends on the environment that you have. From the Active Directory perspective, it depends on how the group policies are going to be advertised back to the endpoints. So, there was some delay, but it was completely because of our environment. 

    In the cloud version, the deployments are pretty quick. Policies get deployed pretty quickly. Overall, the cloud experience has been good. However, because it's a SaaS service in the cloud, we often have to reach out to the BeyondTrust team to make sure that our backend compute, which is not visible to us, is completely solid. The databases, servers, and other things are running in the cloud, and they're properly, adequately beefed up to have the right resources because we don't have visibility on that. With on-prem, we know how much compute, memory, or CPU cores we are putting to the servers at the backend. On the SaaS cloud compute, we don't know that. The initial few registrations took a toll. It was because BeyondTrust was also trying to figure out the volume of traffic that was coming their way. It took a while to baseline the compute configuration at their end, but once it was all figured out and resolved, the performance has been fairly consistent.

    What do I think about the scalability of the solution?

    The solution is scalable to the level of security posture that we wanted to deploy in our environment. From a scalability perspective, we are pretty good with the way we have used the product so far.

    How are customer service and support?

    Their support line is good. They're familiar with the product, and they have expertise with the product. So far, any tickets raised by my team have been dealt with fairly with the right solutions. I would give them an eight out of 10 because there is always room for improvement. There are instances where you expect a solution to come faster with more accurate details. There are always back and forth conversations, until and unless you figure out the final solution.

    Which solution did I use previously and why did I switch?

    We didn't use any other solution previously. This was the first time we were trying to do an endpoint privilege management solution. 

    How was the initial setup?

    It was a straightforward process. We were on-premise. We were using group policies to manage this whole EPM solution, and it was easy to move to the cloud. Wherever you have agent-based deployments, there is always a little bit of complication, but we were able to make it work.

    On-prem deployment took almost three to four months. We had a very large and wide-scale environment. A lot of legacies were also built-in, so it took a while to build the policies around, get the local admins out from the endpoints, and take over with Defendpoint or the BeyondTrust EPM solution.

    The migration to the cloud was pretty good. It wasn't that bad. When we had it on-prem, it was a single client. When we had to go to the cloud, two clients were needed. One was the iC3 web adapter that makes a connection to the SaaS cloud, and the second one was the existing Defendpoint client. Having an extra client adapter needed a little bit more packaging on the endpoint side, which added a little bit more to the transition to the cloud. Policy-wise, everything was straightforward.

    What about the implementation team?

    We did it by ourselves. In the initial deployment, it was a team of six or seven people. They came from different groups. We had group policy administrators, Windows administrators, and security administrators from my team. There was also the endpoint provisioning team that does the packaging work.

    In the cloud migration, the same team was there, but we didn't have the Windows team and the admin team. That's because they weren't required from a group policy perspective. It mostly had security administrators. The packaging team was also very important. We also have a test team that does the validation from a testing perspective across a variety of endpoints in different regions. So, there were around six or seven people during the cloud migration.

    What was our ROI?

    We have definitely been getting an ROI, and we want to maximize that ROI. We have a zero-trust adoption process going on continuously for the next two to three years, so we are trying to maximize the ROI. We haven't yet got the full ROI, and we will try to maximize the ROI from the product going forward.

    What's my experience with pricing, setup cost, and licensing?

    Its pricing and licensing are okay. We were in the perpetual model when it was on-prem, and now, with the SaaS service, we have a subscription model. As a customer, I would always like to see a lower price, but it seems to be priced at the right model currently, and we are trying to get the maximum benefits out of it.

    In addition to their standard licensing fees, there is just the internal infrastructure cost for the license, indexing, etc. There is nothing additional from any other components that we use for the job. These are the resources for managing the solution at our end.

    Which other solutions did I evaluate?

    We did take a look at several other products, but we finalized on BeyondTrust. We looked at some of the Microsoft solutions, and we also looked at some of the CyberArk solutions to do a comparison. What was more interesting with BeyondTrust was the flexibility in the policies. The clarity in the policy writing was a little better, and the deployment of the solution was easier. The overall product simplicity was fairly okay. When you're going from a hardcore local admin to a zero local admin stage, simplicity in the product is extremely important. So, simplicity and flexibility were the key factors.

    What other advice do I have?

    I would advise going for the cloud-based solution. The cloud-based solution has come a long way from its initial stage. 

    It is a very simplified solution. Their licenses are very straightforward, simple, and accommodating. The support has been really good, and their flexible policy model has really been instrumental in going for a stage-by-stage approach. You don't have to go all the way to impact your environment from day one. You can define your policies using their quick policy wizard and other processes to simplify your environment. You should proceed step-by-step to get rid of the local admin and the environment. Evaluation with their simplistic and flexible model is going to make it much easier and faster for you to pick up the solution.

    I would rate it a nine out of 10. There is always a scope for improvement.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Marlin B Pohlman - PeerSpot reviewer
    Consultant at Visdom
    Consultant
    Top 20
    Admin rights can be granted and revoked within minutes and that is what everything comes down to, for us
    Pros and Cons
    • "It has some features that other products don't have yet, differentiation that sets it apart in the marketplace... Those features are a centralized dashboard and the ability to issue and revoke entitlements within minutes. That makes a difference."
    • "There is room for improvement in having the solution align more with standards. We're always shoehorning the product into the standards. It's not that it doesn't work for standards, it does. But Quick Start Policies are pretty close to what we need. The vendor needs to keep looking at GDPR, 27001, and 27701. That's why our clients buy the product."

    What is our primary use case?

    We deploy it for customers as part of ISO 27001, 27701, and HITRUST. We do managed QMS. We go into a customer that is specifically under a GDPR or HIPAA mandate where they use HITRUST to implement it, and we act as their PRRC (person responsible for regulatory compliance). We do the hands-on configuration if they are not in compliance.

    We have two customers who use Privileged Management Broker 2.23 and Cloud Privilege Broker 21.3. The PM is a hybrid deployment and CPB is on public cloud in Amazon.

    The use cases are all in regulated environments that have GDPR and HIPAA medical data. That includes third-party host transfer of credentials and entitlement across multi-cloud infrastructure. The latter is specifically in a medical environment where multiple clinics are acting under a single medical provider. Or it's a GDPR situation where we act as a PRRC for a company that is highly regulated in GDPR with a multi-country presence.

    How has it helped my organization?

    One of our customers has a branch in Toronto so they fall under a multi-regulatory scheme. That's where the multi-cloud infrastructure and the ability to visualize via the dashboard come in handy. That's why the product is useful for us. It gives us a centralized dashboard both for the Privileged Management and the Cloud Privilege Broker. That's why it was chosen.

    In addition, de-provisioning of privileged access accounts can be done in minutes. If we need to de-provision someone, we can do it really quickly. And with Endpoint Privilege Management, admin rights can be granted and revoked within minutes. For us, everything comes down to that. The ability to revoke rights is one of the ISO mandates.

    Overall, Endpoint Privilege Management provides an immense increase in security, as our 27001 reports indicate.

    What is most valuable?

    The most important factor is the ability to invoke least privilege, which is required under 27701 and GDPR.

    We have used the solution to remove users' administrative rights and instead provide on-demand, token-based administrative rights. The latter is an option for a single, temporary increase in privileges for a trusted user for a specific time. We use it in a medical environment for HIPAA compliance or medical compliance in a GDPR case. For example, if you have a clinician who needs access to a specific piece of medical information, or if there is an administrator who needs to have administrator rights to a particular database for a limited period of time, we can give it and then revoke it. That's another reason the tool is useful.

    Also, the fact that we are able to add events straight from event logs and/or the database is important for crisis management and rapid reaction. This ability helps us meet our SLA requirements.

    In addition, we can elevate approved applications and actions without broad administrative rights. We can temporarily increase privilege based on tasks.
    If someone puts in a ticket, we increase their privilege for that ticket. We then watch to see if that ticket has been resolved and then we decrease it.

    Another feature of the platform is instant risk reduction solutions. We can do a risk metric with it, and we do that as part of our risk evaluation. We can increase and decrease privilege and we can actually show that in the ISO 13485 risk metric.

    And it provides a single solution for managing endpoint security preferences. It does a good job of that.

    What needs improvement?

    There is room for improvement in having the solution align more with standards. We're always shoehorning the product into the standards. It's not that it doesn't work for standards, it does. But Quick Start Policies are pretty close to what we need. The vendor needs to keep looking at GDPR, 27001, and 27701. That's why our clients buy the product.

    Having templates available to implement this product against the various standards and the mandates that are actually forcing this product's purchase would be really nice. There are some templates, but it would be better to have more.

    What do I think about the stability of the solution?

    The solution has been stable so far.

    What do I think about the scalability of the solution?

    It's scalable, as far as I can tell.

    Each of our clients has between 136 and 300 users, depending on the size of their clinics. The extent of use and whether our clients will increase their usage of the solution totally depends on the practices and business plans.

    How are customer service and support?

    So far, the technical support has been good. We haven't had problems with the support and we haven't needed it much.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We used RSA Access Manager. The switch was made because this solution works better in a cloud environment.

    How was the initial setup?

    The implementation is fairly straightforward. AWS works well. Deployment takes about a week. 

    Our implementation strategy was by the book. We didn't have to go too far out of the box. Our clients bought it. I walked them through it. They had a little bit of pain, but it wasn't so bad.

    Our clients are using between six and 12 individuals just to maintain this, partly because it has a huge compliance overhead and partly because, as PRRC, I require that. 

    What was our ROI?

    ROI is compliance from non-compliance, specifically on Azure. Microsoft uses compliance as a gateway to sell in its marketplace. One of my customers could not sell in the Microsoft Azure Marketplace without the compliance and they use this product to be compliant. This product effectively acted as a gatekeeper.

    Which other solutions did I evaluate?

    RSA was one of the products we evaluated. The IBM product was another. BeyondTrust was chosen simply because of the ability to give and remove privileges quickly. That was the main difference. From an ISO 27701 standpoint, that is the difference maker.

    I give the solution a nine out of 10 because it has some features that other products don't have yet, differentiation that sets it apart in the marketplace. The solution is able to get some companies to a compliance standpoint they would not get to otherwise. Those features are a centralized dashboard and the ability to issue and revoke entitlements within minutes. That makes a difference.

    What other advice do I have?

    Hire someone who knows the standards and knows how to align the product against the standards. That ability is why you should buy this product. The product is really good for GDPR, HIPAA, and medical compliance. I also like it for risk reduction. I can take a customer that is non-compliant with 27001, an organization that failed their registrar audit, and get them to compliance with this product fairly quickly; in half a year. That's good.

    Policy changes could be easier and better aligned with HITRUST and GDPR, although we can do them. We don't do a whole lot of whitelisting since everything we do is regulated. Part of what I have to do is all my own policy changes for the HITRUST GDPR.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    BeyondTrust Endpoint Privilege Management
    June 2023
    Learn what your peers think about BeyondTrust Endpoint Privilege Management. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
    708,461 professionals have used our research since 2012.
    Senior Specialist at a tech services company with 10,001+ employees
    Real User
    Improves security and provides the flexibility to meet the needs of users for application installation
    Pros and Cons
    • "Logs that get collected on the Privilege Management console from the agents are very good. They help us to identify the aspects from which we have to whitelist an application."
    • "It keeps on breaking every now and then. It is not yet mature. Every time something new comes up or we run into some new issues, the culprit is BeyondTrust because the agents and the adapter are not mature. The new development process goes on, and they're not able to handle things. It should be mature. It shouldn't break every now and then."

    What is our primary use case?

    We are using it in our organization for whitelisting a set of applications. In addition, we provide access in terms of access rules from low flexibility to higher flexibility. We also have various other use cases.

    It is a cloud product. It is completely on BeyondTrust's cloud. They're using some cloud product, and we're just accessing the console from our end. We haven't deployed it on our cloud provider.

    In terms of the version, the client version is 21.7, and the adapter version is 21.8. That's the latest one that we are testing right now.

    How has it helped my organization?

    It is helpful for security. We have thousands of applications and a lot of users who are using these applications. We don't have to provide each and every user admin rights to install those applications. We can just whitelist those applications and provide them to the users. We don't have to provide admin rights to the users, which makes it secure because once the users have admin rights, they can do anything on their devices. We don't have to provide them with admin rights just for installation purposes. We can just whitelist those applications in the environment, and we're good.

    It is very important that we can add events straight from event logs and/or the database. Those logs are used for creating rules.

    It allows us to elevate approved applications and actions without broad admin rights. It reduces the support tickets because a user is able to use applications without any problems.

    It has reduced the tickets for application installation. We don't get any tickets because an application first gets analyzed and only then gets deployed in the production environment. So, if there is any issue regarding the deployment of an application, it gets sorted out initially, and we don't get any support tickets related to that. It has reduced the support tickets from the end-user perspective.

    By reducing the number of tickets, it has reduced desktop support costs. From the application perspective, whitelisting and other things are handled remotely once, which reduces the support tickets. When the support tickets are reduced, the workforce required to attend to and resolve those issues is also reduced. The cost savings depend on the number of applications you have in your environment and the number of users you are dealing with. 

    It provides a single solution for managing endpoint security preferences. Its impact on our endpoint management operations is good. We don't have to provide admin rights to all the users. It has increased the security of the environment, and it has reduced the exposure score from the vulnerability perspective. It is a very good solution. It has improved our security posture.

    What is most valuable?

    The whitelisting feature is valuable. It is a good feature. My organization is using more than 10K applications, and we are using EPM to whitelist applications in our environment and allow those applications to provide some tokens and make them work. If users want to install an application on any device, instead of giving rights to them, we basically whitelist that application, and we provide the token to the application so that they don't prompt for elevation.

    The logs are also good. Logs that get collected on the Privilege Management console from the agents are very good. They help us to identify the aspects from which we have to whitelist an application.

    What needs improvement?

    It keeps on breaking every now and then. It is not yet mature. Every time something new comes up or we run into some new issues, the culprit is BeyondTrust because the agents and the adapter are not mature. The new development process goes on, and they're not able to handle things. It should be mature. It shouldn't break every now and then. 

    Their support members should be very proactive in responding and providing the resolution. Their support team takes a lot of time to resolve the issues.

    When it comes to whitelisting and implementing policy changes, if the application doesn't have the complete set of parameters based on which you whitelist an application or application is still under development and the versions keep on changing, that sometimes creates problems because you have to revisit the rules again and again. That could be simpler.

    For how long have I used the solution?

    It has been a year since I have been using it.

    What do I think about the stability of the solution?

    It is not a stable product. 

    What do I think about the scalability of the solution?

    It is scalable. We are going to use it for 100K users. Currently, we have 10K users, but we have seen a lot of instability in the product.

    How are customer service and support?

    Some of them are very good, and some of them are not good. Sometimes, you get a quick resolution, but sometimes, it prolongs for a month or even more than a month. I would rate them a seven out of ten.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    It was complex because every organization has its own needs. Initially, we were looking for some solution, but they didn't have that. We had to work around that, and finally, we devised a solution. It was a little bit complex for us to achieve what we were looking for. It took about a month.

    It doesn't require much maintenance. The upgrades are done at the backend by BeyondTrust. So, there is not much, but for testing, three to four people are enough. They are from the operations teams.

    What other advice do I have?

    BeyondTrust Endpoint Privilege Management has the flexibility to enforce privilege across Windows and Mac endpoints as well as Unix and Linux machines, but I've only worked with Windows machines. So far, we have had a good experience.

    I would recommend this product. It is a good product, but it needs to be more mature. Overall, I would rate it an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Akash Jogbond - PeerSpot reviewer
    Team Lead at Foresight Software Solutions
    Real User
    Top 5
    Good for controlling admin rights and blacklisting or whitelisting items
    Pros and Cons
    • "It's relatively straightforward to set up, especially if you are deploying to the cloud."
    • "They need to come up with better integrative options which should be customer-centric."

    What is our primary use case?

    There are three use cases that you can target. The first use case is the fact that some of your users may need admin rights for launching custom applications, such as Visual Studio, or they may want to install something on their machine on their own, or they may want to start, stop some services, change maybe system font, if the need arises, or install a custom font or change the driver, update the driver. Also, instead of giving full blanket admin rights, we can give selective admin rights using EPM in order to protect the company and the infrastructure from abuse. This is the first major use case.

    The second use case is where we implement application blacklisting and whitelisting. If I don't want Adobe applications to run within my company, I can create a policy around that. Or, for example, if I have Adobe licenses, and those are only valid for version two to version three. Anything below two, I don't own and anything above three, I am not allowed to upgrade. Therefore, whitelisting based on version control also can be implemented. 

    The third use case, which not popular in my region, is where cyberattacks can be mitigated or zero-day attacks can be mitigated, by making sure we whitelist only the browser and only Outlook. If the browser tries to invoke a script or if Outlook launches say Excel or PDF as an attachment, and from there, if a script tries to launch, we will be able to block it. Therefore, making sure that the entry point of the malware itself is blocked is possible. That said, having said that, it has zero intelligence in checking whether the script is legitimate or bad. It's going to block everything. It blocks all and later you can enable it, if the need arises.

    What is most valuable?

    The solution can scale.

    It's relatively straightforward to set up, especially if you are deploying to the cloud.

    Technical support has gotten more responsive.

    What needs improvement?

    At the moment, they don't support Linux. For this EPM, they have a different product for EPM, for Linux.

    The same company needs two different products for EPM. One works with Windows and Mac and the other solution is mainly created for Linux. They can try to merge these two and make one product. That would be an improvement. Being a policy administrator, I have to create, or maybe monitor, two different admin consoles for the policy due to the separation between the OS.

    They have a troubleshooting utility or a quick start utility, a quick start policy. They need to come up with better integrative options which should be customer-centric. At the moment, it is from their point of view. A quick start policy is something that helps customers to remove admin rights on day one.

    For how long have I used the solution?

    I've been dealing with the solution for the last eight years. 

    What do I think about the scalability of the solution?

    The solution is definitely stable. That's why within the last eight years, we are able to satisfy the most demanding customers in the world. It supports 10 users. It supports 10,000 users or even 100,000 users. It's scalable.

    I'm not sure how many people collectively are using it in our company. I happen to have one specific area within my control. There are other technicians who will be implementing this from my own company.

    How are customer service and support?

    I've used technical support in the past. 

    The product was initially developed by Avecto. Then BeyondTrust purchased that company and they both merged together. Initially, the team was quite small. The company itself was small, and its support was not that good, in terms of response time. However, when they used to come online, their technical expertise was at par. It was way beyond our expectations. The only trouble was to bring them on a call, as the company was slightly small.

    Fast forward six years, seven years. Now, the strength of BeyondTrust being a larger organization, we have better access to the technical team. Today, we raise a support ticket and someone will definitely assist by tomorrow. That's progress.

    However, technical expertise becomes a challenge sometimes. Not always. Just sometimes. Any big organization will not assign an L3 person on day one. That's the architecture problem. Not the company's problem.

    I may scream at the top of my lungs that I don't think this is something that an L1 can handle and they will not believe me. They would like to go through L1, and L2 and then eventually reach L3. That's the only issue with any big organization. It's an architectural problem. 

    How was the initial setup?

    The ease of deployment depends on your requirement and your setup. If you are handling the cloud, then it's fairly easy. You simply download the agent and install the agent. The reporting is inbuilt. Policy management is inbuilt. If you consider other deployments, there is some friction, depending on the architecture.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is paid on a yearly basis. I can't speak, however, to the actual cost of the solution.

    What other advice do I have?

    We are a partner and we sell and support this EPM solution to other customers.

    We use both cloud and on-premises deployment options. 

    I'd suggest new users go slow. Instead of going bold. It's a powerful solution. If I create a beautiful policy, the product will behave beautifully. However, if I create an ugly policy, the product will show its ugly face to you, as it's just a brainless bull running around. You have to give it a direction. Otherwise, it can harm you. 

    Overall, I would rate the solution an eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    PeerSpot user
    Software Consultant at a financial services firm with 5,001-10,000 employees
    Real User
    Top 10
    Good user management and command control features
    Pros and Cons
    • "One of the valuable features is the absence of any local user in a unique system. All users are defined in the AD; communication is only between Unix and AD."
    • "We use a program to automate all of this, but it's not a default feature of BeyondTrust Endpoint Privilege Management."

    What is our primary use case?

    It's mainly for privilege management when you log in to any Windows system, so you'll be able to execute only what you have to and can.

    How has it helped my organization?

    Everyone in the company uses BeyondTrust Endpoint Privilege Management—about 3000 to 4000 in South Africa and another 1000 in the UK.

    What is most valuable?

    One of the valuable features is the absence of any local user in a unique system. All users are defined in the AD; communication is only between Unix and AD. When you log in, there are no local users on any unique system you access.

    Another valuable feature is privilege management, where only the command steps needed to be executed given to the user, and they cannot execute more than that.

    What needs improvement?

    There is always room for improvement. One thing that would be helpful is if it was easier to define which commands can be used. Currently, we use a program to automate all of this, but it's not a default feature of BeyondTrust Endpoint Privilege Management. It can be a bit more difficult if we're not using our own script. We have a script that checks the day from the AD group to see if any users have certain privileges, and we execute it to make any necessary changes. We've automated the process by creating our own script. We run it four times a day.

    In the future release, I would like to see it easier to configure without adding all the scripts. It would be helpful if it had a user-friendly manual that allows you to change things easily. It would make BeyondTrust Endpoint Privilege Management a lot easier to use.

    For how long have I used the solution?

    I've been working with it for a long time. It's the latest version.

    We started with AD Bridge about four years ago, only AD Bridge, and then we added the privilege management about two years after finishing the credit bridge.

    What do I think about the stability of the solution?

    I would rate stability a seven out of ten. Sometimes we lose the connection to the domain, but just the domain joins and resolves the problem.

    What do I think about the scalability of the solution?

    It is a scalable product. We have over 1000 systems that we scan every day. We check every day if the system is not there in full. If it has been more than twenty days, we take it out of the assets. If there is a new system, it will join the asset. We have a contract running four times a day that checks for all this. If there is a user that left the company and was deleted from the database, it's all automated.

    How are customer service and support?

    The customer service team is okay. I've had a few issues with them, but they were reasonable. However, I have one issue that has been ongoing for a year, and they have not been able to solve it yet. It could be a difficult issue, I'm not sure. I managed to resolve it myself with my own programs that check and solve it automatically, but it persists after over a year. They are unable to identify or replicate the problem.

    How was the initial setup?

    We need two to three people for solution administration. We have a big configuration and complicate it with the script that we are running. These scripts are very complicated, and it took us quite a few times to wind it to this case. But now that it is automated, we need half a person to do it. But in the beginning, we needed a lot of people.

    And now that it is running and automated, every user has been added automatically without any intervention.

    Before, we had a division where we had to add local users all over the systems. But now we are using BeyondTrust Endpoint Privilege Management. All are controlled by the privilege management, and we don't have so many problems.

    What other advice do I have?

    I suggest starting with AD Bridge and implementing it properly before installing the privilege management. Doing them together will be very difficult. First, enable the AD Bridge fully and make it available to all users, and then install Privilege Management.

    I would rate it around eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Windows Enterprise Engineer at a comms service provider with 1,001-5,000 employees
    Real User
    Top 20
    Stable, flexible, and offers good technical support
    Pros and Cons
    • "Technical support is good."
    • "If you don't get the implementation right at the outset, you will struggle with the product."

    What is our primary use case?

    The primary reason for BeyondTrust was so that one administrator could use their password to log on to our server. The second reason was, we needed to use BeyondTrust to form some level of sharing. It's my understanding that Microsoft has this and we have this challenge of having a tier one and tier two. We wanted to do a structure like that. 

    What is most valuable?

    The solution can do so much. It's quite flexible.

    It's a great tool.

    It's nice to have admission tools without having to remember the password. You just have to click on whatever you need to do and you get temporary access. 

    The product is stable.

    Technical support is good.

    What needs improvement?

    We have installed BeyondTrust, however, it's not working as-is. There are two domains, and there's a trust between those two domains, however, just one of the domains is working. We've not been able to set it up such that we're able to use the second domain as well. That, unfortunately for us, that second domain is a valuable domain, it's very critical.

    BeyondTrust is trying to find a way to do it, however, we do not need it for some time. It's working at least, however, there are some times where it just freezes out. We have to fall back on RDP to do BeyondTrust. That was part of the reason I was doing the comparison between BeyondTrust and Broadcom - to see if there was a way to resolve this.

    The implementation process could be better. It's not as vast as we would like it to be.

    If you don't get the implementation right at the outset, you will struggle with the product.

    What do I think about the stability of the solution?

    For the most part, the stability is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

    What do I think about the scalability of the solution?

    We are actually working on scaling the solution currently. My understanding is that it is possible, and part of our plans, however, I can't speak to how easy it is to scale, or how much you can actually expand it.

    How are customer service and technical support?

    I haven't really dealt with technical support. I recall the team having to reach out during implementation and, as I recall, they were helpful and responsive and our team was satisfied with the level of support.

    How was the initial setup?

    The initial setup can be tricky in that, if you get the implementation wrong, it will affect everything and won't work as it is supposed to. 

    That said, I was not a part of the implementation team, and therefore cannot discuss specifics. I can say that the deployment took some time, however.

    What's my experience with pricing, setup cost, and licensing?

    It's my understanding that we have a license that is paid monthly.

    I don't have a view of the exact costs the company pays. It's not an aspect of the solution I deal with. Our management team deals directly with them.

    Which other solutions did I evaluate?

    I've looked into Broadcom to see if it could resolve some issues we were having under this product.

    What other advice do I have?

    We are a customer and an end-user.

    I'm not sure which version of the solution we're on right now. I cannot speak to the exact version number we are using.

    I would definitely recommend the product to other companies and users. For us, it's a very important organizational tool.

    Overall, I would rate it at an eight out of ten. We're mostly quite satisfied with its capabilities.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Security Solutions Architect at a tech services company with 10,001+ employees
    Reseller
    Top 5Leaderboard
    Straightforward, competitive price, and easy to deploy
    Pros and Cons
    • "It is straightforward. It is a good technology, and it is made to do one single thing."
    • "They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment."

    What is most valuable?

    It is straightforward. It is a good technology, and it is made to do one single thing.

    What needs improvement?

    They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment.

    For how long have I used the solution?

    I have been selling this solution for three years.

    What do I think about the stability of the solution?

    It is stable. 

    What do I think about the scalability of the solution?

    It is scalable.

    How are customer service and support?

    I never had a problem for which I needed their technical support. The product is simple and easy to use. Our team is also capable of solving all the problems.

    How was the initial setup?

    It is easy to deploy. The deployment duration depends on how many servers or routers you have, what kind of IT stuff you need to grant access to, and how much stuff you have. I am referring to the entire environment with all the customers and all the users. If you have five routers, five firewalls, it might take up to two to three days to deploy the entire solution. It also depends on the number of administrators you have.

    What's my experience with pricing, setup cost, and licensing?

    Price-wise, it is very competitive. In our area, government entities and banks don't go for the monthly payment. It is a headache even for us in terms of finance and procurement to go for monthly payments. Quarterly might be more logical and reasonable, but the minimum that we go for is one year, and sometimes, we even try to compile and give one offering for three years.

    What other advice do I have?

    It is mainly deployed on-prem. About 95% of the sales that I do are on-prem solutions. That's because we're talking about security.

    It is a good technology. I would definitely recommend this solution. I would never sell it if I can't recommend it. I would give it an eight out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer:
    PeerSpot user
    Lakshmi Prasada Reddy Nandyala - PeerSpot reviewer
    Senior Consultant at Techdemocracy LLC
    Real User
    Top 5Leaderboard
    A user-friendly tool with easy GUI
    Pros and Cons
    • "I find the solution’s features like section management, password management, and analytics valuable."
    • "There are three types of endpoints. If we need to use them in the solution, then we need to purchase the licenses separately. The tool needs to improve its licensing."

    What is our primary use case?

    There are three components for BeyondTrust. Password Safe is where we privilege the accounts like server accounts, domain accounts, local accounts, or custom third-party applications. We use the application to monitor and fix the recordings of third-party applications. You can also use it for Cisco integrations and multi-factor authentication.

    What is most valuable?

    I find the solution’s features like section management, password management, and analytics valuable.

    What needs improvement?

    There are three types of endpoints. If we need to use them in the solution, then we need to purchase the licenses separately. The tool needs to improve its licensing.

    For how long have I used the solution?

    I have been using the solution for four and a half years.

    What do I think about the stability of the solution?

    The solution is stable.

    What do I think about the scalability of the solution?

    The solution is scalable. There are around 10,000 users for the solution in our organization.

    How was the initial setup?

    The tool’s setup is straightforward compared to other products. The solution’s deployment depends on remote databases. We should also install a challenge-response code. For Password Safe, we need to install the EPM database, challenge-response code, etc.

    What's my experience with pricing, setup cost, and licensing?

    The product’s licensing is different for Windows, Linux, and Mac. The tool’s licensing is yearly.

    What other advice do I have?

    I would rate the solution an eight out of ten. You can deploy the solution to Azure, AWS, or on-premises. This solution will be very helpful for organizations for security purposes. The tool is very user-friendly. The solution’s graphic user interface is also very easy compared to other products.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free BeyondTrust Endpoint Privilege Management Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2023
    Buyer's Guide
    Download our free BeyondTrust Endpoint Privilege Management Report and get advice and tips from experienced pros sharing their opinions.