We changed our name from IT Central Station: Here's why

BeyondTrust Endpoint Privilege Management OverviewUNIXBusinessApplication

BeyondTrust Endpoint Privilege Management is #4 ranked solution in top Privileged Access Management (PAM) tools. PeerSpot users give BeyondTrust Endpoint Privilege Management an average rating of 8 out of 10. BeyondTrust Endpoint Privilege Management is most commonly compared to CyberArk Privileged Access Manager: BeyondTrust Endpoint Privilege Management vs CyberArk Privileged Access Manager. BeyondTrust Endpoint Privilege Management is popular among the large enterprise segment, accounting for 45% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 27% of all views.
What is BeyondTrust Endpoint Privilege Management?

BeyondTrust Endpoint Privilege Management enables organizations to mitigate attacks by removing excess privileges on Windows, Mac, Unix/Linux and networked devices. Remove excessive end user privileges and control applications on Windows, Mac, Unix, Linux, and networked devices without hindering end-user productivity.

Key Solutions Include:

-ENTERPRISE PASSWORD SECURITY

Discover, manage and monitor all privileged accounts and SSH keys, secure privileged assets, and report on all privileged account activity in a single solution.

-ENDPOINT LEAST PRIVILEGE

Enforce least privilege across all Windows and Mac endpoints, gain visibility into target system vulnerabilities, and control access to privileged applications without disrupting user productivity or compromising security.

-SERVER PRIVILEGE MANAGEMENT

Gain control and visibility over Unix, Linux and Windows server user activity without sharing the root or administrator account.

-A SINGLE PLATFORM FOR MANAGEMENT, POLICY, REPORTING AND THREAT ANALYTICS

Utilize a single solution to manage PAM policies and deployment, understand vulnerability and threat analytics, and provide reporting to multiple stakeholders and complementary security systems.

Learn more at https://www.beyondtrust.com/privilege-management

BeyondTrust Endpoint Privilege Management was previously known as BeyondTrust PowerBroker, PowerBroker, BeyondTrust Endpoint Privilege Management for Windows, BeyondTrust Endpoint Privilege Management for Mac, BeyondTrust Endpoint Privilege Management for Linux, BeyondTrust Endpoint Privilege Management for Unix.

BeyondTrust Endpoint Privilege Management Buyer's Guide

Download the BeyondTrust Endpoint Privilege Management Buyer's Guide including reviews and more. Updated: January 2022

BeyondTrust Endpoint Privilege Management Customers

Aera Energy LLC, Care New England, James Madison University

BeyondTrust Endpoint Privilege Management Video

BeyondTrust Endpoint Privilege Management Pricing Advice

What users are saying about BeyondTrust Endpoint Privilege Management pricing:
  • "This solution is expensive compared to its competitors."
  • "Price-wise, it is very competitive. In our area, government entities and banks don't go for the monthly payment. It is a headache even for us in terms of finance and procurement to go for monthly payments. Quarterly might be more logical and reasonable, but the minimum that we go for is one year, and sometimes, we even try to compile and give one offering for three years."
  • BeyondTrust Endpoint Privilege Management Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    PAM Architect at a tech services company with 11-50 employees
    Real User
    Top 5Leaderboard
    A stable, scalable, and easy-to-deploy solution that can track malicious use or send analytics to a host
    Pros and Cons
    • "What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy."
    • "What's bothering me, which is true of all of them, is that sometimes, the error codes that come up don't necessarily get reflected in the searches within their support sites or they're out of date. I would rather search by an error code than type in the text and search for it by text because the error code means that it is programmatic, and it is known. It might not be desired, but it at least is not unexpected. If you don't have an error code, you just get an anomalous error, and if it is lengthy, it can be difficult to search and find the specific instance you're looking for. This is something I would like all of them to improve. BeyondTrust, CyberArk, Centrify, and Thycotic could do some improvements in staying up to date and actually allowing you to search based on the product version. They are assuming that everybody is on their way to release. They put out a new release, but it is not reflected on the support site, which makes no sense to me, especially when they revamp all the error codes. They all have been guilty of this in some way."

    What is our primary use case?

    We are an integrator, and we do a lot of Identity and Access Management and Privileged Identity. I am only just getting into this solution. I am not trained in it, but I've been reading about it. I have recommended it for a client based on their requirements and based on what I know about CyberArk versus a couple of others. I have not implemented it yet. I have the agent running on the system where I am actually profiled. I have its latest version.

    In terms of use case, it primarily has two things, and you can choose whatever you want in the middle. One side is that you can use it to allow the user to have specific administrative rights and do certain things without having to call the help desk. For example, you can allow users to be able to install certain applications. You can also have a whitelist or a blacklist of things that they are allowed to install, which saves a boatload of money in calling the help desk. The other side is to rein in administrators so that they don't go too far or do something outside of the bounds. The help desk personnel would have different restrictions when they log into a workstation than regular users.

    What is most valuable?

    What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. 

    It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy.

    What needs improvement?

    What's bothering me, which is true of all of them, is that sometimes, the error codes that come up don't necessarily get reflected in the searches within their support sites or they're out of date. I would rather search by an error code than type in the text and search for it by text because the error code means that it is programmatic, and it is known. It might not be desired, but it at least is not unexpected. If you don't have an error code, you just get an anomalous error, and if it is lengthy, it can be difficult to search and find the specific instance you're looking for. This is something I would like all of them to improve. BeyondTrust, CyberArk, Centrify, and Thycotic could do some improvements in staying up to date and actually allowing you to search based on the product version. They are assuming that everybody is on their way to release. They put out a new release, but it is not reflected on the support site, which makes no sense to me, especially when they revamp all the error codes. They all have been guilty of this in some way.

    For how long have I used the solution?

    I started using it about a month ago when I was doing the appraisal of it, and I put it on a virtual machine. Our work machine is a virtual machine.

    What do I think about the stability of the solution?

    It is very stable. I had worked on a competitor's product two years ago, and it was rather buggy. It had issues. Sometimes, it used to hang the machine. Because you're running an agent on the workstation, it could have a memory conflict or an application conflict. It doesn't happen anymore because you've got it pretty much running strictly in Windows.

    What do I think about the scalability of the solution?

    It is very scalable. 

    How are customer service and technical support?

    I used their email support, which is very good.

    Which solution did I use previously and why did I switch?

    I didn't switch the client to this one. I recommended this one because it stays under the BeyondTrust umbrella. It also helped them in getting a discount for volume and being a loyal customer and things like that. They also didn't have to add new infrastructure. 

    CyberArk is a very good product, and I like it. I've been trained in it, but I have not implemented it. I am not going to ask the customer to install another infrastructure or another platform, especially when the products are fairly equal or equal enough to not be an issue to put on a table. If I had recommended CyberArk, they would have to put in a CyberArk infrastructure and retrain a whole bunch of administrators to administer that. They would also have to train a whole bunch of support people to manage off-hours, holidays, weekends, and things like that. Every time you add another brand, it adds to your soft costs, which can make a solution pretty expensive.

    Hard costs are so much fun, and they're much easier. I've seen people get up and just start writing on a dry erase board because they know all the hard costs. It would be good if they would just be honest with themselves and the clients and explain what some of the soft costs are in terms of additional training or a more significant hardware footprint.

    How was the initial setup?

    It is pretty straightforward to get the agent installed. You install the agent and the server component, and you let the users do whatever they've been doing for the last 10 or 20 years of their life. You also create profiles. For example, I had a developer profile for both Windows and Linux, and I had a profile for a regular user, help desk, and engineering. After you create profiles, an administrator can look at their activities in the log and analyze things like the following:

    • Why did he install CCleaner on the machine?
    • Why did he install this application?
    • Why did he elevate a command prompt to do something? What is he doing?
    • Why does he need administrator command prompts?

    You can then add things like this to your blacklist, and you can create a profile that will allow or disallow that.

      What other advice do I have?

      I would rate BeyondTrust Endpoint Privilege Management a nine out of ten. 

      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
      General Manager, Head of Information Security at a tech services company with 51-200 employees
      Reseller
      Top 20
      Good authentification but offers poor technical support and is rather pricey
      Pros and Cons
      • "BeyondTrust has very good integrations with quite a lot of security vendors such as SailPoint, IBM, FortiGuard, Splunk, etc."
      • "Their technical support could be more responsive and helpful."

      What is our primary use case?

      We primarily offer this solution to our clients. Our clients use it for access. For example, if there is a user who is not from their existing network and he's a contractor, they have to be able to give him the privilege to come inside, otherwise, that person can't access anything internally like a regular end user can. This solution allows them to offer separate privileged user access for specific users. 

      What is most valuable?

      The solution is very fast.

      The solution offers good authentification. It makes managing passwords and access easy and ensures that access is granted only to respective people and/or organizations.

      BeyondTrust has very good integrations with quite a lot of security vendors such as SailPoint, IBM, FortiGuard, Splunk, etc.

      What needs improvement?

      There are different vendors that are pretty competitive in terms of features. BeyondTrust is great in some areas, however, CyberArk is as well. The solution needs to continue to add features in order to stay competitive in the market.

      Their technical support could be more responsive and helpful.

      The solution is quite expensive.

      For how long have I used the solution?

      I've been using this solution for one year now.

      What do I think about the stability of the solution?

      We don't have any issues with stability. It doesn't crash or freeze. It's not buggy.

      What do I think about the scalability of the solution?

      The solution offers good scalability and is easy to upgrade as needed.

      How are customer service and technical support?

      While I've never been in touch with technical support, my team has in the past.

      They can improve their services. That's my understanding based on the feedback I've heard. They are a Gartner leader, and due to this accolade, sometimes they can get a bit lazy when it comes to giving the right support. They are a leader so they take advantage. There are a lot of deals which we have lost due to this kind of attitude.

      There are been cases that we are handling that have been going on for a year now. Even though they are an industry leader, they haven't been able to solve a small problem. We have the American University of Dubai struggling to solve a small problem, and it's been one year since one case has been opened with BeyondTrust, and they're not able to solve it. That's far too long.

      How was the initial setup?

      The initial set up is quite quick. BeyondTrust implementation does not take much time. However, it depends on the complexity of the client. It'll take months sometimes if the customer does not know their requirements. For example, a basic implementation takes 10 to 15 days. However, if there is more access needed it takes months sometimes. Access has to be defined based on the number of end-users. It may take as long as four months or so.

      What's my experience with pricing, setup cost, and licensing?

      The cost of the solution is very high. As a market leader, they tend to charge a premium. They only provide the product. Technical support is extra, if a company wants to have access to that.

      What other advice do I have?

      Overall, I'd rate the solution five out of ten.

      I would definitely recommend it, however, I would recommend organizations test a couple of solutions based on their requirements. There will be a different requirement for a retail outlet and a different requirement for an oil and gas company. 

      Even though it is privileged remote access, different accesses most likely need to be granted. If somebody is a software developer, and somebody is just for support, they will need different types of access. Whether this solution offers that a company needs depends on different requirements from different end-users.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
      Learn what your peers think about BeyondTrust Endpoint Privilege Management. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
      566,406 professionals have used our research since 2012.
      Windows Enterprise Engineer at a comms service provider with 1,001-5,000 employees
      Real User
      Top 20
      Stable, flexible, and offers good technical support
      Pros and Cons
      • "Technical support is good."
      • "If you don't get the implementation right at the outset, you will struggle with the product."

      What is our primary use case?

      The primary reason for BeyondTrust was so that one administrator could use their password to log on to our server. The second reason was, we needed to use BeyondTrust to form some level of sharing. It's my understanding that Microsoft has this and we have this challenge of having a tier one and tier two. We wanted to do a structure like that. 

      What is most valuable?

      The solution can do so much. It's quite flexible.

      It's a great tool.

      It's nice to have admission tools without having to remember the password. You just have to click on whatever you need to do and you get temporary access. 

      The product is stable.

      Technical support is good.

      What needs improvement?

      We have installed BeyondTrust, however, it's not working as-is. There are two domains, and there's a trust between those two domains, however, just one of the domains is working. We've not been able to set it up such that we're able to use the second domain as well. That, unfortunately for us, that second domain is a valuable domain, it's very critical.

      BeyondTrust is trying to find a way to do it, however, we do not need it for some time. It's working at least, however, there are some times where it just freezes out. We have to fall back on RDP to do BeyondTrust. That was part of the reason I was doing the comparison between BeyondTrust and Broadcom - to see if there was a way to resolve this.

      The implementation process could be better. It's not as vast as we would like it to be.

      If you don't get the implementation right at the outset, you will struggle with the product.

      What do I think about the stability of the solution?

      For the most part, the stability is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

      What do I think about the scalability of the solution?

      We are actually working on scaling the solution currently. My understanding is that it is possible, and part of our plans, however, I can't speak to how easy it is to scale, or how much you can actually expand it.

      How are customer service and technical support?

      I haven't really dealt with technical support. I recall the team having to reach out during implementation and, as I recall, they were helpful and responsive and our team was satisfied with the level of support.

      How was the initial setup?

      The initial setup can be tricky in that, if you get the implementation wrong, it will affect everything and won't work as it is supposed to. 

      That said, I was not a part of the implementation team, and therefore cannot discuss specifics. I can say that the deployment took some time, however.

      What's my experience with pricing, setup cost, and licensing?

      It's my understanding that we have a license that is paid monthly.

      I don't have a view of the exact costs the company pays. It's not an aspect of the solution I deal with. Our management team deals directly with them.

      Which other solutions did I evaluate?

      I've looked into Broadcom to see if it could resolve some issues we were having under this product.

      What other advice do I have?

      We are a customer and an end-user.

      I'm not sure which version of the solution we're on right now. I cannot speak to the exact version number we are using.

      I would definitely recommend the product to other companies and users. For us, it's a very important organizational tool.

      Overall, I would rate it at an eight out of ten. We're mostly quite satisfied with its capabilities.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Flag as inappropriate
      Team Lead, Network Infrastructure Business at a tech services company with 51-200 employees
      Reseller
      Top 5
      Good asset discovery and management capability
      Pros and Cons
      • "The most valuable feature is the asset discovery, which makes it very easy to locate and identify assets and pull them into the manager."
      • "The help system should be improved to provide a quick help guide with each tab within the solution, which explains what each particular function does."

      What is our primary use case?

      We are a technical services company and this is one of the solutions that we provide for our clients. It is used to manage privileged access for our customers and their server resources.

      One of our customers had administrators that shared credentials to access some of their enterprise applications. We needed to remove those credentials because they were compromised at some point, leaving other people to access them and the organization was not able to keep track of who was logging in, or what they were doing at any particular point in time. Implementing this solution has allowed us to remove most of the credentials from those applications move them into a proper management facility.

      What is most valuable?

      The most valuable feature is the asset discovery, which makes it very easy to locate and identify assets and pull them into the manager.

      What needs improvement?

      The help system should be improved to provide a quick help guide with each tab within the solution, which explains what each particular function does. This would help because sometimes, you can get lost and you find yourself going back to see what the functions do. Have at least a very small hint for some of the key functions would go a long way to help with deploying and using the system.

      Better pricing would help this solution to grow in the Nigerian market.

      For how long have I used the solution?

      I have been using BeyondTrust Endpoint Privilege Management for just less than three years.

      What do I think about the stability of the solution?

      This is a stable solution.

      What do I think about the scalability of the solution?

      Our customers have been relying on what they have, and thus there has been no reason to scale.

      How are customer service and technical support?

      We have been in touch with technical support and we are satisfied with them.

      Which solution did I use previously and why did I switch?

      We offer a variety of competing solutions to our clients, such as CyberArk. In general, the competitors are cheaper in price. I have not personally used other solutions because it was BeyondTrust that brought me into the privileged access management realm.

      How was the initial setup?

      The initial setup is a bit complex and not particularly straightforward. Deploying this solution for the first time took about a month.

      What about the implementation team?

      Our in-house team handled the deployment.

      What's my experience with pricing, setup cost, and licensing?

      This solution is expensive compared to its competitors.

      What other advice do I have?

      This is a good solution that I would recommend, but in the Nigerian market, the price of this solution is challenging. Many companies are choosing competing solutions like CyberArk because the cost is lower. If the price were more friendly then it would have a better share of the market.

      I would rate this solution an eight out of ten.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
      Chris Derjany
      Security Solutions Architect at a tech services company with 10,001+ employees
      Reseller
      Top 5Leaderboard
      Straightforward, competitive price, and easy to deploy
      Pros and Cons
      • "It is straightforward. It is a good technology, and it is made to do one single thing."
      • "They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment."

      What is most valuable?

      It is straightforward. It is a good technology, and it is made to do one single thing.

      What needs improvement?

      They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment.

      For how long have I used the solution?

      I have been selling this solution for three years.

      What do I think about the stability of the solution?

      It is stable. 

      What do I think about the scalability of the solution?

      It is scalable.

      How are customer service and support?

      I never had a problem for which I needed their technical support. The product is simple and easy to use. Our team is also capable of solving all the problems.

      How was the initial setup?

      It is easy to deploy. The deployment duration depends on how many servers or routers you have, what kind of IT stuff you need to grant access to, and how much stuff you have. I am referring to the entire environment with all the customers and all the users. If you have five routers, five firewalls, it might take up to two to three days to deploy the entire solution. It also depends on the number of administrators you have.

      What's my experience with pricing, setup cost, and licensing?

      Price-wise, it is very competitive. In our area, government entities and banks don't go for the monthly payment. It is a headache even for us in terms of finance and procurement to go for monthly payments. Quarterly might be more logical and reasonable, but the minimum that we go for is one year, and sometimes, we even try to compile and give one offering for three years.

      What other advice do I have?

      It is mainly deployed on-prem. About 95% of the sales that I do are on-prem solutions. That's because we're talking about security.

      It is a good technology. I would definitely recommend this solution. I would never sell it if I can't recommend it. I would give it an eight out of 10.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: My company has a business relationship with this vendor other than being a customer:
      Flag as inappropriate
      Buyer's Guide
      Download our free BeyondTrust Endpoint Privilege Management Report and get advice and tips from experienced pros sharing their opinions.