IT Central Station is now PeerSpot: Here's why

BeyondTrust Endpoint Privilege Management OverviewUNIXBusinessApplication

BeyondTrust Endpoint Privilege Management is #4 ranked solution in top Privileged Access Management (PAM) tools. PeerSpot users give BeyondTrust Endpoint Privilege Management an average rating of 8 out of 10. BeyondTrust Endpoint Privilege Management is most commonly compared to CyberArk Privileged Access Manager: BeyondTrust Endpoint Privilege Management vs CyberArk Privileged Access Manager. The top industry researching this solution are professionals from a computer software company, accounting for 26% of all views.
What is BeyondTrust Endpoint Privilege Management?

BeyondTrust Endpoint Privilege Management enables organizations to mitigate attacks by removing excess privileges on Windows, Mac, Unix/Linux and networked devices. Remove excessive end user privileges and control applications on Windows, Mac, Unix, Linux, and networked devices without hindering end-user productivity.

Key Solutions Include:

-ENTERPRISE PASSWORD SECURITY

Discover, manage and monitor all privileged accounts and SSH keys, secure privileged assets, and report on all privileged account activity in a single solution.

-ENDPOINT LEAST PRIVILEGE

Enforce least privilege across all Windows and Mac endpoints, gain visibility into target system vulnerabilities, and control access to privileged applications without disrupting user productivity or compromising security.

-SERVER PRIVILEGE MANAGEMENT

Gain control and visibility over Unix, Linux and Windows server user activity without sharing the root or administrator account.

-A SINGLE PLATFORM FOR MANAGEMENT, POLICY, REPORTING AND THREAT ANALYTICS

Utilize a single solution to manage PAM policies and deployment, understand vulnerability and threat analytics, and provide reporting to multiple stakeholders and complementary security systems.

Learn more at https://www.beyondtrust.com/privilege-management

BeyondTrust Endpoint Privilege Management was previously known as BeyondTrust PowerBroker, PowerBroker, BeyondTrust Endpoint Privilege Management for Windows, BeyondTrust Endpoint Privilege Management for Mac, BeyondTrust Endpoint Privilege Management for Linux, BeyondTrust Endpoint Privilege Management for Unix.

BeyondTrust Endpoint Privilege Management Buyer's Guide

Download the BeyondTrust Endpoint Privilege Management Buyer's Guide including reviews and more. Updated: May 2022

BeyondTrust Endpoint Privilege Management Customers

Aera Energy LLC, Care New England, James Madison University

BeyondTrust Endpoint Privilege Management Video

BeyondTrust Endpoint Privilege Management Pricing Advice

What users are saying about BeyondTrust Endpoint Privilege Management pricing:
  • "Its pricing and licensing are okay. We were in the perpetual model when it was on-prem, and now, with the SaaS service, we have a subscription model. As a customer, I would always like to see a lower price, but it seems to be priced at the right model currently, and we are trying to get the maximum benefits out of it."
  • "Price-wise, it is very competitive. In our area, government entities and banks don't go for the monthly payment. It is a headache even for us in terms of finance and procurement to go for monthly payments. Quarterly might be more logical and reasonable, but the minimum that we go for is one year, and sometimes, we even try to compile and give one offering for three years."
  • BeyondTrust Endpoint Privilege Management Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Sr. Manager Cyber Security at a manufacturing company with 10,001+ employees
    Real User
    Top 20
    A simple and flexible solution for controlling the access and improving the security posture
    Pros and Cons
    • "The privileged access and the application control are helpful in making sure we have good, robust challenge responses. Blacklisting with trusted application protection is also beneficial for us."
    • "Reporting analytics is one of the areas that can be improved. It is a new cloud-based solution. So, many more specific reports can come out natively. Currently, we get all the events, and we put them in plug-ins. From there, we generate our own design of reports. If there is a much more solid or robust reporting analytics framework within the product itself, it would be helpful."

    What is our primary use case?

    Its use cases are mostly around all the 65,000 endpoints. The use cases are mostly for privileged access and the application control across all endpoints throughout the organization to make sure we have the least privileged model with zero-trust enabled at the endpoints. We started with on-prem, but now, we've moved to the SaaS cloud.

    How has it helped my organization?

    It has helped in multiple ways. We have more than 30 years of legacy of having local admins on our endpoints. With this solution, we have removed the local admins from the users. Now, we are giving them privileges on their machine only for the applications and not for everything. It has reduced the unwanted risk and increased the security posture.  It also helps with some robotic process automation. It helps with certain actions that we have been engaged in for certain RPA-type behaviors. We are able to increase the security by blocking a lot of applications, such as encrypted chat applications and blacklisted applications. Data exfiltration is a big concern in our company, and this solution helps us to tighten up those controls in many different ways. We are able to control the access.

    What is most valuable?

    The privileged access and the application control are helpful in making sure we have good, robust challenge responses. Blacklisting with trusted application protection is also beneficial for us.

    What needs improvement?

    Reporting analytics is one of the areas that can be improved. It is a new cloud-based solution. So, many more specific reports can come out natively. Currently, we get all the events, and we put them in plug-ins. From there, we generate our own design of reports. If there is a much more solid or robust reporting analytics framework within the product itself, it would be helpful. One of the requirements that I've already expressed is that they can unify the clients. We have got two clients: one for the iC3 adapter and one for the Defendpoint client itself within the EPM product. iC3 is used for connection to the SaaS or cloud, and Defendpoint is the actual product that does all the local admin privilege management. They can just unify them. 
    Buyer's Guide
    BeyondTrust Endpoint Privilege Management
    May 2022
    Learn what your peers think about BeyondTrust Endpoint Privilege Management. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
    597,708 professionals have used our research since 2012.

    For how long have I used the solution?

    We've probably been using this solution for three years.

    What do I think about the stability of the solution?

    In the on-premise version, stability is okay. However, it takes time to sync up policies. That's because it depends on the environment that you have. From the Active Directory perspective, it depends on how the group policies are going to be advertised back to the endpoints. So, there was some delay, but it was completely because of our environment.  In the cloud version, the deployments are pretty quick. Policies get deployed pretty quickly. Overall, the cloud experience has been good. However, because it's a SaaS service in the cloud, we often have to reach out to the BeyondTrust team to make sure that our backend compute, which is not visible to us, is completely solid. The databases, servers, and other things are running in the cloud, and they're properly, adequately beefed up to have the right resources because we don't have visibility on that. With on-prem, we know how much compute, memory, or CPU cores we are putting to the servers at the backend. On the SaaS cloud compute, we don't know that. The initial few registrations took a toll. It was because BeyondTrust was also trying to figure out the volume of traffic that was coming their way. It took a while to baseline the compute configuration at their end, but once it was all figured out and resolved, the performance has been fairly consistent.

    What do I think about the scalability of the solution?

    The solution is scalable to the level of security posture that we wanted to deploy in our environment. From a scalability perspective, we are pretty good with the way we have used the product so far.

    How are customer service and support?

    Their support line is good. They're familiar with the product, and they have expertise with the product. So far, any tickets raised by my team have been dealt with fairly with the right solutions. I would give them an eight out of 10 because there is always room for improvement. There are instances where you expect a solution to come faster with more accurate details. There are always back and forth conversations, until and unless you figure out the final solution.

    Which solution did I use previously and why did I switch?

    We didn't use any other solution previously. This was the first time we were trying to do an endpoint privilege management solution. 

    How was the initial setup?

    It was a straightforward process. We were on-premise. We were using group policies to manage this whole EPM solution, and it was easy to move to the cloud. Wherever you have agent-based deployments, there is always a little bit of complication, but we were able to make it work. On-prem deployment took almost three to four months. We had a very large and wide-scale environment. A lot of legacies were also built-in, so it took a while to build the policies around, get the local admins out from the endpoints, and take over with Defendpoint or the BeyondTrust EPM solution. The migration to the cloud was pretty good. It wasn't that bad. When we had it on-prem, it was a single client. When we had to go to the cloud, two clients were needed. One was the iC3 web adapter that makes a connection to the SaaS cloud, and the second one was the existing Defendpoint client. Having an extra client adapter needed a little bit more packaging on the endpoint side, which added a little bit more to the transition to the cloud. Policy-wise, everything was straightforward.

    What about the implementation team?

    We did it by ourselves. In the initial deployment, it was a team of six or seven people. They came from different groups. We had group policy administrators, Windows administrators, and security administrators from my team. There was also the endpoint provisioning team that does the packaging work. In the cloud migration, the same team was there, but we didn't have the Windows team and the admin team. That's because they weren't required from a group policy perspective. It mostly had security administrators. The packaging team was also very important. We also have a test team that does the validation from a testing perspective across a variety of endpoints in different regions. So, there were around six or seven people during the cloud migration.

    What was our ROI?

    We have definitely been getting an ROI, and we want to maximize that ROI. We have a zero-trust adoption process going on continuously for the next two to three years, so we are trying to maximize the ROI. We haven't yet got the full ROI, and we will try to maximize the ROI from the product going forward.

    What's my experience with pricing, setup cost, and licensing?

    Its pricing and licensing are okay. We were in the perpetual model when it was on-prem, and now, with the SaaS service, we have a subscription model. As a customer, I would always like to see a lower price, but it seems to be priced at the right model currently, and we are trying to get the maximum benefits out of it. In addition to their standard licensing fees, there is just the internal infrastructure cost for the license, indexing, etc. There is nothing additional from any other components that we use for the job. These are the resources for managing the solution at our end.

    Which other solutions did I evaluate?

    We did take a look at several other products, but we finalized on BeyondTrust. We looked at some of the Microsoft solutions, and we also looked at some of the CyberArk solutions to do a comparison. What was more interesting with BeyondTrust was the flexibility in the policies. The clarity in the policy writing was a little better, and the deployment of the solution was easier. The overall product simplicity was fairly okay. When you're going from a hardcore local admin to a zero local admin stage, simplicity in the product is extremely important. So, simplicity and flexibility were the key factors.

    What other advice do I have?

    I would advise going for the cloud-based solution. The cloud-based solution has come a long way from its initial stage.  It is a very simplified solution. Their licenses are very straightforward, simple, and accommodating. The support has been really good, and their flexible policy model has really been instrumental in going for a stage-by-stage approach. You don't have to go all the way to impact your environment from day one. You can define your policies using their quick policy wizard and other processes to simplify your environment. You should proceed step-by-step to get rid of the local admin and the environment. Evaluation with their simplistic and flexible model is going to make it much easier and faster for you to pick up the solution. I would rate it a nine out of 10. There is always a scope for improvement.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PAM Architect at a tech services company with 11-50 employees
    Real User
    Top 5Leaderboard
    A stable, scalable, and easy-to-deploy solution that can track malicious use or send analytics to a host
    Pros and Cons
    • "What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy."
    • "What's bothering me, which is true of all of them, is that sometimes, the error codes that come up don't necessarily get reflected in the searches within their support sites or they're out of date. I would rather search by an error code than type in the text and search for it by text because the error code means that it is programmatic, and it is known. It might not be desired, but it at least is not unexpected. If you don't have an error code, you just get an anomalous error, and if it is lengthy, it can be difficult to search and find the specific instance you're looking for. This is something I would like all of them to improve. BeyondTrust, CyberArk, Centrify, and Thycotic could do some improvements in staying up to date and actually allowing you to search based on the product version. They are assuming that everybody is on their way to release. They put out a new release, but it is not reflected on the support site, which makes no sense to me, especially when they revamp all the error codes. They all have been guilty of this in some way."

    What is our primary use case?

    We are an integrator, and we do a lot of Identity and Access Management and Privileged Identity. I am only just getting into this solution. I am not trained in it, but I've been reading about it. I have recommended it for a client based on their requirements and based on what I know about CyberArk versus a couple of others. I have not implemented it yet. I have the agent running on the system where I am actually profiled. I have its latest version.

    In terms of use case, it primarily has two things, and you can choose whatever you want in the middle. One side is that you can use it to allow the user to have specific administrative rights and do certain things without having to call the help desk. For example, you can allow users to be able to install certain applications. You can also have a whitelist or a blacklist of things that they are allowed to install, which saves a boatload of money in calling the help desk. The other side is to rein in administrators so that they don't go too far or do something outside of the bounds. The help desk personnel would have different restrictions when they log into a workstation than regular users.

    What is most valuable?

    What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. 

    It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy.

    What needs improvement?

    What's bothering me, which is true of all of them, is that sometimes, the error codes that come up don't necessarily get reflected in the searches within their support sites or they're out of date. I would rather search by an error code than type in the text and search for it by text because the error code means that it is programmatic, and it is known. It might not be desired, but it at least is not unexpected. If you don't have an error code, you just get an anomalous error, and if it is lengthy, it can be difficult to search and find the specific instance you're looking for. This is something I would like all of them to improve. BeyondTrust, CyberArk, Centrify, and Thycotic could do some improvements in staying up to date and actually allowing you to search based on the product version. They are assuming that everybody is on their way to release. They put out a new release, but it is not reflected on the support site, which makes no sense to me, especially when they revamp all the error codes. They all have been guilty of this in some way.

    For how long have I used the solution?

    I started using it about a month ago when I was doing the appraisal of it, and I put it on a virtual machine. Our work machine is a virtual machine.

    What do I think about the stability of the solution?

    It is very stable. I had worked on a competitor's product two years ago, and it was rather buggy. It had issues. Sometimes, it used to hang the machine. Because you're running an agent on the workstation, it could have a memory conflict or an application conflict. It doesn't happen anymore because you've got it pretty much running strictly in Windows.

    What do I think about the scalability of the solution?

    It is very scalable. 

    How are customer service and technical support?

    I used their email support, which is very good.

    Which solution did I use previously and why did I switch?

    I didn't switch the client to this one. I recommended this one because it stays under the BeyondTrust umbrella. It also helped them in getting a discount for volume and being a loyal customer and things like that. They also didn't have to add new infrastructure. 

    CyberArk is a very good product, and I like it. I've been trained in it, but I have not implemented it. I am not going to ask the customer to install another infrastructure or another platform, especially when the products are fairly equal or equal enough to not be an issue to put on a table. If I had recommended CyberArk, they would have to put in a CyberArk infrastructure and retrain a whole bunch of administrators to administer that. They would also have to train a whole bunch of support people to manage off-hours, holidays, weekends, and things like that. Every time you add another brand, it adds to your soft costs, which can make a solution pretty expensive.

    Hard costs are so much fun, and they're much easier. I've seen people get up and just start writing on a dry erase board because they know all the hard costs. It would be good if they would just be honest with themselves and the clients and explain what some of the soft costs are in terms of additional training or a more significant hardware footprint.

    How was the initial setup?

    It is pretty straightforward to get the agent installed. You install the agent and the server component, and you let the users do whatever they've been doing for the last 10 or 20 years of their life. You also create profiles. For example, I had a developer profile for both Windows and Linux, and I had a profile for a regular user, help desk, and engineering. After you create profiles, an administrator can look at their activities in the log and analyze things like the following:

    • Why did he install CCleaner on the machine?
    • Why did he install this application?
    • Why did he elevate a command prompt to do something? What is he doing?
    • Why does he need administrator command prompts?

    You can then add things like this to your blacklist, and you can create a profile that will allow or disallow that.

      What other advice do I have?

      I would rate BeyondTrust Endpoint Privilege Management a nine out of ten. 

      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
      Buyer's Guide
      BeyondTrust Endpoint Privilege Management
      May 2022
      Learn what your peers think about BeyondTrust Endpoint Privilege Management. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
      597,708 professionals have used our research since 2012.
      Akash Jogbond - PeerSpot reviewer
      Team Lead at Foresight Software Solutions
      Real User
      Top 5
      Good for controlling admin rights and blacklisting or whitelisting items
      Pros and Cons
      • "It's relatively straightforward to set up, especially if you are deploying to the cloud."
      • "They need to come up with better integrative options which should be customer-centric."

      What is our primary use case?

      There are three use cases that you can target. The first use case is the fact that some of your users may need admin rights for launching custom applications, such as Visual Studio, or they may want to install something on their machine on their own, or they may want to start, stop some services, change maybe system font, if the need arises, or install a custom font or change the driver, update the driver. Also, instead of giving full blanket admin rights, we can give selective admin rights using EPM in order to protect the company and the infrastructure from abuse. This is the first major use case.

      The second use case is where we implement application blacklisting and whitelisting. If I don't want Adobe applications to run within my company, I can create a policy around that. Or, for example, if I have Adobe licenses, and those are only valid for version two to version three. Anything below two, I don't own and anything above three, I am not allowed to upgrade. Therefore, whitelisting based on version control also can be implemented. 

      The third use case, which not popular in my region, is where cyberattacks can be mitigated or zero-day attacks can be mitigated, by making sure we whitelist only the browser and only Outlook. If the browser tries to invoke a script or if Outlook launches say Excel or PDF as an attachment, and from there, if a script tries to launch, we will be able to block it. Therefore, making sure that the entry point of the malware itself is blocked is possible. That said, having said that, it has zero intelligence in checking whether the script is legitimate or bad. It's going to block everything. It blocks all and later you can enable it, if the need arises.

      What is most valuable?

      The solution can scale.

      It's relatively straightforward to set up, especially if you are deploying to the cloud.

      Technical support has gotten more responsive.

      What needs improvement?

      At the moment, they don't support Linux. For this EPM, they have a different product for EPM, for Linux.

      The same company needs two different products for EPM. One works with Windows and Mac and the other solution is mainly created for Linux. They can try to merge these two and make one product. That would be an improvement. Being a policy administrator, I have to create, or maybe monitor, two different admin consoles for the policy due to the separation between the OS.

      They have a troubleshooting utility or a quick start utility, a quick start policy. They need to come up with better integrative options which should be customer-centric. At the moment, it is from their point of view. A quick start policy is something that helps customers to remove admin rights on day one.

      For how long have I used the solution?

      I've been dealing with the solution for the last eight years. 

      What do I think about the scalability of the solution?

      The solution is definitely stable. That's why within the last eight years, we are able to satisfy the most demanding customers in the world. It supports 10 users. It supports 10,000 users or even 100,000 users. It's scalable.

      I'm not sure how many people collectively are using it in our company. I happen to have one specific area within my control. There are other technicians who will be implementing this from my own company.

      How are customer service and support?

      I've used technical support in the past. 

      The product was initially developed by Avecto. Then BeyondTrust purchased that company and they both merged together. Initially, the team was quite small. The company itself was small, and its support was not that good, in terms of response time. However, when they used to come online, their technical expertise was at par. It was way beyond our expectations. The only trouble was to bring them on a call, as the company was slightly small.

      Fast forward six years, seven years. Now, the strength of BeyondTrust being a larger organization, we have better access to the technical team. Today, we raise a support ticket and someone will definitely assist by tomorrow. That's progress.

      However, technical expertise becomes a challenge sometimes. Not always. Just sometimes. Any big organization will not assign an L3 person on day one. That's the architecture problem. Not the company's problem.

      I may scream at the top of my lungs that I don't think this is something that an L1 can handle and they will not believe me. They would like to go through L1, and L2 and then eventually reach L3. That's the only issue with any big organization. It's an architectural problem. 

      How was the initial setup?

      The ease of deployment depends on your requirement and your setup. If you are handling the cloud, then it's fairly easy. You simply download the agent and install the agent. The reporting is inbuilt. Policy management is inbuilt. If you consider other deployments, there is some friction, depending on the architecture.

      What's my experience with pricing, setup cost, and licensing?

      The licensing is paid on a yearly basis. I can't speak, however, to the actual cost of the solution.

      What other advice do I have?

      We are a partner and we sell and support this EPM solution to other customers.

      We use both cloud and on-premises deployment options. 

      I'd suggest new users go slow. Instead of going bold. It's a powerful solution. If I create a beautiful policy, the product will behave beautifully. However, if I create an ugly policy, the product will show its ugly face to you, as it's just a brainless bull running around. You have to give it a direction. Otherwise, it can harm you. 

      Overall, I would rate the solution an eight out of ten.

      Disclosure: My company has a business relationship with this vendor other than being a customer: partner
      Flag as inappropriate
      General Manager, Head of Information Security at a tech services company with 51-200 employees
      Reseller
      Top 20
      Good authentification but offers poor technical support and is rather pricey
      Pros and Cons
      • "BeyondTrust has very good integrations with quite a lot of security vendors such as SailPoint, IBM, FortiGuard, Splunk, etc."
      • "Their technical support could be more responsive and helpful."

      What is our primary use case?

      We primarily offer this solution to our clients. Our clients use it for access. For example, if there is a user who is not from their existing network and he's a contractor, they have to be able to give him the privilege to come inside, otherwise, that person can't access anything internally like a regular end user can. This solution allows them to offer separate privileged user access for specific users. 

      What is most valuable?

      The solution is very fast.

      The solution offers good authentification. It makes managing passwords and access easy and ensures that access is granted only to respective people and/or organizations.

      BeyondTrust has very good integrations with quite a lot of security vendors such as SailPoint, IBM, FortiGuard, Splunk, etc.

      What needs improvement?

      There are different vendors that are pretty competitive in terms of features. BeyondTrust is great in some areas, however, CyberArk is as well. The solution needs to continue to add features in order to stay competitive in the market.

      Their technical support could be more responsive and helpful.

      The solution is quite expensive.

      For how long have I used the solution?

      I've been using this solution for one year now.

      What do I think about the stability of the solution?

      We don't have any issues with stability. It doesn't crash or freeze. It's not buggy.

      What do I think about the scalability of the solution?

      The solution offers good scalability and is easy to upgrade as needed.

      How are customer service and technical support?

      While I've never been in touch with technical support, my team has in the past.

      They can improve their services. That's my understanding based on the feedback I've heard. They are a Gartner leader, and due to this accolade, sometimes they can get a bit lazy when it comes to giving the right support. They are a leader so they take advantage. There are a lot of deals which we have lost due to this kind of attitude.

      There are been cases that we are handling that have been going on for a year now. Even though they are an industry leader, they haven't been able to solve a small problem. We have the American University of Dubai struggling to solve a small problem, and it's been one year since one case has been opened with BeyondTrust, and they're not able to solve it. That's far too long.

      How was the initial setup?

      The initial set up is quite quick. BeyondTrust implementation does not take much time. However, it depends on the complexity of the client. It'll take months sometimes if the customer does not know their requirements. For example, a basic implementation takes 10 to 15 days. However, if there is more access needed it takes months sometimes. Access has to be defined based on the number of end-users. It may take as long as four months or so.

      What's my experience with pricing, setup cost, and licensing?

      The cost of the solution is very high. As a market leader, they tend to charge a premium. They only provide the product. Technical support is extra, if a company wants to have access to that.

      What other advice do I have?

      Overall, I'd rate the solution five out of ten.

      I would definitely recommend it, however, I would recommend organizations test a couple of solutions based on their requirements. There will be a different requirement for a retail outlet and a different requirement for an oil and gas company. 

      Even though it is privileged remote access, different accesses most likely need to be granted. If somebody is a software developer, and somebody is just for support, they will need different types of access. Whether this solution offers that a company needs depends on different requirements from different end-users.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
      Windows Enterprise Engineer at a comms service provider with 1,001-5,000 employees
      Real User
      Top 20
      Stable, flexible, and offers good technical support
      Pros and Cons
      • "Technical support is good."
      • "If you don't get the implementation right at the outset, you will struggle with the product."

      What is our primary use case?

      The primary reason for BeyondTrust was so that one administrator could use their password to log on to our server. The second reason was, we needed to use BeyondTrust to form some level of sharing. It's my understanding that Microsoft has this and we have this challenge of having a tier one and tier two. We wanted to do a structure like that. 

      What is most valuable?

      The solution can do so much. It's quite flexible.

      It's a great tool.

      It's nice to have admission tools without having to remember the password. You just have to click on whatever you need to do and you get temporary access. 

      The product is stable.

      Technical support is good.

      What needs improvement?

      We have installed BeyondTrust, however, it's not working as-is. There are two domains, and there's a trust between those two domains, however, just one of the domains is working. We've not been able to set it up such that we're able to use the second domain as well. That, unfortunately for us, that second domain is a valuable domain, it's very critical.

      BeyondTrust is trying to find a way to do it, however, we do not need it for some time. It's working at least, however, there are some times where it just freezes out. We have to fall back on RDP to do BeyondTrust. That was part of the reason I was doing the comparison between BeyondTrust and Broadcom - to see if there was a way to resolve this.

      The implementation process could be better. It's not as vast as we would like it to be.

      If you don't get the implementation right at the outset, you will struggle with the product.

      What do I think about the stability of the solution?

      For the most part, the stability is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

      What do I think about the scalability of the solution?

      We are actually working on scaling the solution currently. My understanding is that it is possible, and part of our plans, however, I can't speak to how easy it is to scale, or how much you can actually expand it.

      How are customer service and technical support?

      I haven't really dealt with technical support. I recall the team having to reach out during implementation and, as I recall, they were helpful and responsive and our team was satisfied with the level of support.

      How was the initial setup?

      The initial setup can be tricky in that, if you get the implementation wrong, it will affect everything and won't work as it is supposed to. 

      That said, I was not a part of the implementation team, and therefore cannot discuss specifics. I can say that the deployment took some time, however.

      What's my experience with pricing, setup cost, and licensing?

      It's my understanding that we have a license that is paid monthly.

      I don't have a view of the exact costs the company pays. It's not an aspect of the solution I deal with. Our management team deals directly with them.

      Which other solutions did I evaluate?

      I've looked into Broadcom to see if it could resolve some issues we were having under this product.

      What other advice do I have?

      We are a customer and an end-user.

      I'm not sure which version of the solution we're on right now. I cannot speak to the exact version number we are using.

      I would definitely recommend the product to other companies and users. For us, it's a very important organizational tool.

      Overall, I would rate it at an eight out of ten. We're mostly quite satisfied with its capabilities.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Chris Derjany - PeerSpot reviewer
      Security Solutions Architect at a tech services company with 10,001+ employees
      Reseller
      Top 5Leaderboard
      Straightforward, competitive price, and easy to deploy
      Pros and Cons
      • "It is straightforward. It is a good technology, and it is made to do one single thing."
      • "They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment."

      What is most valuable?

      It is straightforward. It is a good technology, and it is made to do one single thing.

      What needs improvement?

      They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment.

      For how long have I used the solution?

      I have been selling this solution for three years.

      What do I think about the stability of the solution?

      It is stable. 

      What do I think about the scalability of the solution?

      It is scalable.

      How are customer service and support?

      I never had a problem for which I needed their technical support. The product is simple and easy to use. Our team is also capable of solving all the problems.

      How was the initial setup?

      It is easy to deploy. The deployment duration depends on how many servers or routers you have, what kind of IT stuff you need to grant access to, and how much stuff you have. I am referring to the entire environment with all the customers and all the users. If you have five routers, five firewalls, it might take up to two to three days to deploy the entire solution. It also depends on the number of administrators you have.

      What's my experience with pricing, setup cost, and licensing?

      Price-wise, it is very competitive. In our area, government entities and banks don't go for the monthly payment. It is a headache even for us in terms of finance and procurement to go for monthly payments. Quarterly might be more logical and reasonable, but the minimum that we go for is one year, and sometimes, we even try to compile and give one offering for three years.

      What other advice do I have?

      It is mainly deployed on-prem. About 95% of the sales that I do are on-prem solutions. That's because we're talking about security.

      It is a good technology. I would definitely recommend this solution. I would never sell it if I can't recommend it. I would give it an eight out of 10.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: My company has a business relationship with this vendor other than being a customer:
      Flag as inappropriate
      Buyer's Guide
      Download our free BeyondTrust Endpoint Privilege Management Report and get advice and tips from experienced pros sharing their opinions.
      Updated: May 2022
      Buyer's Guide
      Download our free BeyondTrust Endpoint Privilege Management Report and get advice and tips from experienced pros sharing their opinions.