BeyondTrust Endpoint Privilege Management Reviews

It is straightforward. It is a good technology, and it is made to do one single thing.

They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment.

I have been selling this solution for three years.

It is stable. 

It is scalable.

I never had a problem for which I needed their technical support. The product is simple and easy to use. Our team is also capable of solving all the problems.

It is easy to deploy. The deployment duration depends on how many servers or routers you have, what kind of IT stuff you need to grant access to, and how much stuff you have. I am referring to the entire environment with all the customers and all the users. If you have five routers, five firewalls, it might take up to two to three days to deploy the entire solution. It also depends on the number of administrators you have.

Price-wise, it is very competitive. In our area, government entities and banks don't go for the monthly payment. It is a headache even for us in terms of finance and procurement to go for monthly payments. Quarterly might be more logical and reasonable, but the minimum that we go for is one year, and sometimes, we even try to compile and give one offering for three years.

It is mainly deployed on-prem. About 95% of the sales that I do are on-prem solutions. That's because we're talking about security.

It is a good technology. I would definitely recommend this solution. I would never sell it if I can't recommend it. I would give it an eight out of 10.

The primary reason for BeyondTrust was so that one administrator could use their password to log on to our server. The second reason was, we needed to use BeyondTrust to form some level of sharing. It's my understanding that Microsoft has this and we have this challenge of having a tier one and tier two. We wanted to do a structure like that. 

The solution can do so much. It's quite flexible.

It's a great tool.

It's nice to have admission tools without having to remember the password. You just have to click on whatever you need to do and you get temporary access. 

The product is stable.

Technical support is good.

We have installed BeyondTrust, however, it's not working as-is. There are two domains, and there's a trust between those two domains, however, just one of the domains is working. We've not been able to set it up such that we're able to use the second domain as well. That, unfortunately for us, that second domain is a valuable domain, it's very critical.

BeyondTrust is trying to find a way to do it, however, we do not need it for some time. It's working at least, however, there are some times where it just freezes out. We have to fall back on RDP to do BeyondTrust. That was part of the reason I was doing the comparison between BeyondTrust and Broadcom - to see if there was a way to resolve this.

The implementation process could be better. It's not as vast as we would like it to be.

If you don't get the implementation right at the outset, you will struggle with the product.

For the most part, the stability is good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

We are actually working on scaling the solution currently. My understanding is that it is possible, and part of our plans, however, I can't speak to how easy it is to scale, or how much you can actually expand it.

I haven't really dealt with technical support. I recall the team having to reach out during implementation and, as I recall, they were helpful and responsive and our team was satisfied with the level of support.

The initial setup can be tricky in that, if you get the implementation wrong, it will affect everything and won't work as it is supposed to. 

That said, I was not a part of the implementation team, and therefore cannot discuss specifics. I can say that the deployment took some time, however.

It's my understanding that we have a license that is paid monthly.

I don't have a view of the exact costs the company pays. It's not an aspect of the solution I deal with. Our management team deals directly with them.

I've looked into Broadcom to see if it could resolve some issues we were having under this product.

We are a customer and an end-user.

I'm not sure which version of the solution we're on right now. I cannot speak to the exact version number we are using.

I would definitely recommend the product to other companies and users. For us, it's a very important organizational tool.

Overall, I would rate it at an eight out of ten. We're mostly quite satisfied with its capabilities.

We primarily offer this solution to our clients. Our clients use it for access. For example, if there is a user who is not from their existing network and he's a contractor, they have to be able to give him the privilege to come inside, otherwise, that person can't access anything internally like a regular end user can. This solution allows them to offer separate privileged user access for specific users. 

The solution is very fast.

The solution offers good authentification. It makes managing passwords and access easy and ensures that access is granted only to respective people and/or organizations.

BeyondTrust has very good integrations with quite a lot of security vendors such as SailPoint, IBM, FortiGuard, Splunk, etc.

There are different vendors that are pretty competitive in terms of features. BeyondTrust is great in some areas, however, CyberArk is as well. The solution needs to continue to add features in order to stay competitive in the market.

Their technical support could be more responsive and helpful.

The solution is quite expensive.

I've been using this solution for one year now.

We don't have any issues with stability. It doesn't crash or freeze. It's not buggy.

The solution offers good scalability and is easy to upgrade as needed.

While I've never been in touch with technical support, my team has in the past.

They can improve their services. That's my understanding based on the feedback I've heard. They are a Gartner leader, and due to this accolade, sometimes they can get a bit lazy when it comes to giving the right support. They are a leader so they take advantage. There are a lot of deals which we have lost due to this kind of attitude.

There are been cases that we are handling that have been going on for a year now. Even though they are an industry leader, they haven't been able to solve a small problem. We have the American University of Dubai struggling to solve a small problem, and it's been one year since one case has been opened with BeyondTrust, and they're not able to solve it. That's far too long.

The initial set up is quite quick. BeyondTrust implementation does not take much time. However, it depends on the complexity of the client. It'll take months sometimes if the customer does not know their requirements. For example, a basic implementation takes 10 to 15 days. However, if there is more access needed it takes months sometimes. Access has to be defined based on the number of end-users. It may take as long as four months or so.

The cost of the solution is very high. As a market leader, they tend to charge a premium. They only provide the product. Technical support is extra, if a company wants to have access to that.

Overall, I'd rate the solution five out of ten.

I would definitely recommend it, however, I would recommend organizations test a couple of solutions based on their requirements. There will be a different requirement for a retail outlet and a different requirement for an oil and gas company. 

Even though it is privileged remote access, different accesses most likely need to be granted. If somebody is a software developer, and somebody is just for support, they will need different types of access. Whether this solution offers that a company needs depends on different requirements from different end-users.

We are a technical services company and this is one of the solutions that we provide for our clients. It is used to manage privileged access for our customers and their server resources.

One of our customers had administrators that shared credentials to access some of their enterprise applications. We needed to remove those credentials because they were compromised at some point, leaving other people to access them and the organization was not able to keep track of who was logging in, or what they were doing at any particular point in time. Implementing this solution has allowed us to remove most of the credentials from those applications move them into a proper management facility.

The most valuable feature is the asset discovery, which makes it very easy to locate and identify assets and pull them into the manager.

The help system should be improved to provide a quick help guide with each tab within the solution, which explains what each particular function does. This would help because sometimes, you can get lost and you find yourself going back to see what the functions do. Have at least a very small hint for some of the key functions would go a long way to help with deploying and using the system.

Better pricing would help this solution to grow in the Nigerian market.

I have been using BeyondTrust Endpoint Privilege Management for just less than three years.

This is a stable solution.

Our customers have been relying on what they have, and thus there has been no reason to scale.

We have been in touch with technical support and we are satisfied with them.

We offer a variety of competing solutions to our clients, such as CyberArk. In general, the competitors are cheaper in price. I have not personally used other solutions because it was BeyondTrust that brought me into the privileged access management realm.

The initial setup is a bit complex and not particularly straightforward. Deploying this solution for the first time took about a month.

Our in-house team handled the deployment.

This solution is expensive compared to its competitors.

This is a good solution that I would recommend, but in the Nigerian market, the price of this solution is challenging. Many companies are choosing competing solutions like CyberArk because the cost is lower. If the price were more friendly then it would have a better share of the market.

I would rate this solution an eight out of ten.

At one point, our users shared credentials to access some enterprise applications within our environment. We had to take off user credentials because those credentials were getting compromised at one point. We also had trouble keeping track of who logged in or when people were doing work at any given period of time. With this solution, we're able to log the credentials from those applications and then move it into the facility for proper credential management.

The asset discovery feature is the solution's most valuable aspect. It's very easy to pull assets into the database of the solution manager.

The deployment process should be clarified or made simpler. It would be helpful if the solution had in-app tutorials for users to look at as they progress through the system. Sometimes we get lost and need to go back to check what exactly the function was. There should be small hints around major key functions. It would go a long way in speeding up the deployment process.

I've been using the solution for less than three years.

The solution is stable.

I can't say how scalable the solution is because I don't have too much experience in the matter. For how we are currently using it, we haven't had a reason to scale the solution. Our customers would know better, but it's my sense that BeyondTrust offers much more access compared to a competitor like CyberArk.

We didn't previously use a different solution.

The initial process is not straightforward. It's a bit complex. Deployment took about a month for us.

We handled the deployment in-house with the help of our own team.

The pricing is quite high.

We didn't evaluate other options. We were already using BeyondTrust and it seemed a natural extension to add this solution as well.

We're a BeyondTrust reseller.

I'd recommend the solution. However, the pricing is not competitive and I find in the Nigerian market we're losing ground to CyberArk because the pricing is so unfriendly for the region. They need to try and match their competitors here in order to stay competitive overall in the market.

I'd rate the solution eight out of ten.

Our primary use case of this solution is data access management. When you have a complex infrastructure you obviously need a solution that can monitor the activities that are going on in the infrastructure. The usernames, passwords, and activities have to be monitored, and this program helps you with that.

So it is nothing but a monitoring and security tool that will monitor all the infrastructure activities and help you to manage the passwords of the infrastructure so that the passwords are not being exposed to the third parties or your users. These passwords will be secure in your infrastructure and be rotated as part of the compliance policies.

There are a few points that are lagging in the technology and I think updated versions should be available more frequently.

So the program updates are very rare and the frequency is too far apart to take care of bug fixes and adding the latest features. 

I have been working on BeyondTrust Endpoint Privilege Management for about three years now.

BeyondTrust is lagging on stability because it is a merger with Bomgar and so there are three, four technologies included in that. So the stability is still not how it should be.

The program is scalable. It is reliable and to be deployed in a complex infrastructure, will be no problem. It can handle the load. Almost all our clients are enterprise level. So we have good partners and clients with enterprise architecture and complex infrastructure.

The implementation is quite easy because the documents are always online. So you can do the installation yourself. But it is always better to have certified engineers to do the implementation so that you can design the infrastructure in a more secure way. When you have certified engineers, they have their own strategies to do the implementation, which is good in the long run. The deployment, however, is easy and very straightforward.

For a program like this, you want your infrastructure to be stable for more than five years or 10 years. So when you do the deployment with the help of certified engineers, they will have their own strategy of doing the installation and implementation so that managing the operations of such solutions will be easy for you. Yes, you can do the installation on your own, but it is always better to have some certified engineers.

This program has a good reputation in the market and it is more required for the security of your infrastructure. It is a product that you can trust. The only thing I'm looking for in the next version is that the bug fixes have to be more frequent and the solution has to be more reliable and more flexible. On a scale from one to 10, I'll give it a six.

In terms of meeting compliance objectives of securing endpoints, this product is very useful. It works for things like ISO, PCI, DSS, and the CIA. BeyondTrust meets all of the technical requirements from the compliance perspective. The vault, remote access management, and VP enlisted VPNs will become very useful in terms of being able to manage and maintain infrastructure security without having the complexities of changing passwords all of the time. It also helps to maintain all of the compliance objectives with password complexity changes. All of those things get managed under one product tree.

The privileged access management into sensitive systems is very valuable. That includes control from the endpoint all the way through to the managing of passwords and credentials that are used by the person to access the sensitive information. It's very useful because nobody ever really maintains passwords for those endpoint systems. It's maintained in the Dropbox password file.

This depends on the client. Some clients find the granular approach a lot better than the simplified approach and some clients prefer the simplified approach better than the granular approach. Depending on the type of organization and type of information that must be protected, there are obviously different requirements.

I actually haven't been using this solution. Customers of mine have been using it for about three years to provide me with evidence for audit purposes. They retrieved this evidence from BeyondTrust. When I ask them about endpoint management, all the information that I ask for they pull out of BeyondTrust. 

At this point in time, I haven't had any complaints from clients that it let them down, so I would assume it's stable.

It is definitely scalable. I've worked with clients that have a 75,000-device network and it's working fine. Our clients have anywhere from about 15,000 users up to about 40,000 users.

The initial setup is complex.

We use a vendor team to implement.

Approach it slowly. Don't rush in and drop things down there. Do it carefully, because you might end up breaking access to systems, which is complicated when you're running a production environment. Make sure you go through the testing process vigorously before you deploy.

I would give BeyondTrust a seven out of ten. There are some features in CyberArk that are better, cheaper, or easier to implement. Some of those running in CyberArk don't have the conflicts that BeyondTrust has, as there are many products in the suite. You've got to compare apples with apples.

The primary use case for BeyondTrust is for when one needs to control the administrative accesses on their critical assets, whether that be Windows, Linux, or UNIX servers, databases, and application servers.

I would say session management on the go is the most valuable feature. When the session is going on, you can stop the session without terminating it for justification. You can cancel it. The recording takes very little space. Those are some things that the customers are worried about when they talk about session recording.

The other valuable feature is out-of-box connectors. BeyondTrust has partnered with many well-known companies. Other PAM products are not there yet. The number of out-of-box connectors BeyondTrust has is really good.

One issue, especially when you deploy HA actively and passively, is the synchronization. Usually, there is a large delay between the sync. The biggest problem is that it takes at least 14 minutes to detect that the primary is down. That is 14 minutes of downtime, which is a huge amount of time, especially for our enterprise customers. That delay should be reduced.

The other area to improve is that they rely on MS SQL servers only. You cannot have any other database behind them. They have to be on MS SQL. If they can do something about these issues, this would be a better alternative for some customers.

In terms of software, BeyondTrust should work on other operating systems other than Windows and support non-Windows operating systems also.

I haven't faced any issues with stability. Others might have, but I personally haven't faced any stability issues, because the system is very solid. The processes behind them are very well defined, as well. I haven't seen any instability yet, but perhaps there might be in the future.

Scalability is very simple. I mean you can just add a greater number of nodes or sessions. They can be behind a load balancer, so it's very easily scalable. They do need to have a license for the scalability that they wish to reach, so they can keep upgrading their hardware as much as they want.

There are chances some customer might give very negative feedback. Firstly, we think that they are extremely good in terms of ability. Next, they give you a slot for the support. If you give a ticket they respond quickly and give you a slot. However, the customer needs to make sure that they are available for that slot. Otherwise, they can view which slots will be available soon. If they miss a slot, the technical support will get busy with other tasks. This is one reason we have had negative feedback. It comes from the customer's end. 

As an implementer who has submitted tickets, we have gotten responses that resolve the issue. I have found that the way they communicate to resolve the issue was really good. I work with other vendors' products as well, although not for PAM. I thought that BeyondTrust support was really good.

The initial setup was very straightforward and simple.

The deployment time depends upon the size of deployment. If it's a single company with DC and DR, where you have an HA in DC and DR, the maximum time if they have 500 assets, for example, would be two weeks. If everything is smooth, it should be a maximum of two weeks. It could also be shorter.

We do demonstrations for implementations only because we are partners for BeyondTrust in this region. We deploy the solution.

I've actually looked at ARCON and BeyondTrust. Now I'm working with BeyondTrust implementation.

Features-wise, BeyondTrust is a lot better than ARCON. ARCON, even with limited features, is still good, but the number of features and scope of its privilege control is limited.

BeyondTrust Password Safe works for critical assets and servers. For endpoints, it offers PowerBroker and Bomgar, which is for privilege remote access and control. I think that the suite of BeyondTrust covers a good landscape. ARCON is limited.

Don't start the implementation until you get the prerequisite sheet confirmed from the customer. If not, you may waste a lot of time at the customer's site.

I have learned a couple of things from this product. First, if the organization doesn't have a structured hierarchy of the work or the segregation of duties properly implemented, no matter what kind of security there is, it tends to fail. Operationally, it tends to fail. The tasks never get finished. BeyondTrust helps define those duties properly.

That was one major thing. The other thing I learned is that PAM is not for an inexperienced person. Don't give a PAM solution to a company that is employing inexperienced people, because they will never understand the concept of security and why identity security is important.

I would rate this solution as eight and a half or nine out of ten. I am not saying ten, only because of the limited choice of Windows. If it had alternate options available, I would give it a ten.