BeyondTrust Endpoint Privilege Management Reviews

There are multiple use cases for this solution. There is the auto-discovery option for PowerBroker Password Safe, which can discover all the local accounts on any of Windows, Linux, or Unix. It can work with Active Directory and onboard Active Directory accounts automatically, if the correct credentials have been provided for AD. When it comes to databases, it also governs and controls all of them. It can integrate with Oracle Database, SQL, Oracle Linux, or other database environments.

I'm a BeyondTrust partner and I have multiple deployments, four or five banks right now. The features that give us quite an edge compared to what our competitors are offering - like IBM or Thycotic - are the Session Management, that is quite a big one; also the recording of keystrokes. In addition, there is the password vaulting and state-of-the-art Password Management, which I haven't seen in other products.

It also provides a granular approach through the Management Console and manages all the operations "from the inside out". It is easy to explain and easy to manage.

If you are specifically dedicated to Privileged Access Management, the definitions are a bit unclear throughout the world. I have been in contact with engineers around the world, in Canada, the U.S, and the U.K as well. Everyone has quite a different definition for Privileged Access Management or Identity Access Management or Identity Management.

Because of the definition of PAM, I don't think they can provide anything in addition to what has been defined. If you want to include anything else in this product, it will deviate from the boundaries of PAM.

I have not encountered issues with the stability.

There are slight hiccups but they are based on the configuration details of the appliances, as done by the clients. If you are talking about the application or the features it provides, I don't think there are any hiccups with BeyondTrust.

I have worked on competitive products as well. IBM and Thycotic are lightweight applications utilizing limited resources and providing proportionate results. I don't think anyone can compete with BeyondTrust.

The response time and the responsiveness, the level of support that they provide, is tremendous.

I have worked on the scene, I have worked on firewalls as well as on multiple security products, but the support from BeyondTrust is highly efficient, from a highly experienced technical staff. The level at which they provide support, the dedication as well as the expertise they have, is among the best I have seen.

I have utilized OpenAM SSO, as a single sign-on. That was a Canadian product. It was an open-source solution. But I am happier with BeyondTrust. About 95 percent of use cases are handled by BeyondTrust. Whether you're talking about a bank or a telco, whatever their requirements are, they can be met by the PAM. When it comes to the PAM, I don't think that any application can compete with BeyondTrust, except for the financial issue that has been recently affected by the change in the licensing model.

The initial setup is straightforward; the way that they provide the UVMs, and the whole package when it comes to deployment. What they do is provide you a complete setup package. Everything in there is preconfigured, so all you have to do is to provide the basic IP addresses and other stuff and that's it.

What BeyondTrust was providing was user-based licensing which was a great benefit from the client point of view. Recently, I don't know why, the licensing model has been changed, and that is the reason that they have lost a bit of their edge when it comes to the PAM, against our competition.

The asset-based licensing, from the user's point of view, is not beneficial. The licensing should be based on the users. The greater the number of users, the greater will be the load and the greater the scalability problems. I presume that is why the licensing model has changed.

My company first chose the IBM Identity Manager suite. Later on, we surveyed the market and the needs and requirements of the clients. We thought the IBM solution was utilizing too many resources to achieve a very limited goal. The requirements are related to PAM, but they were employing IM.

I would rate BeyondTrust at eight out of 10. It's not a 10 because the scalability and licensing have impacted us a lot. Of the two points that I have deducted: One is the non-flexibility on the pricing and one is the licensing model. When you launch a product in several markets like the European market, the Asian market, or the Russian market, you have to be very flexible when it comes to the pricing.

We use it for the password management (of privileged password management).

Privileged password management.

It should support XWindows Remote Desktop Access Protocol for Linux/Unix.

I would like more connectors for other security software/systems. A password is needed to access their security systems.

No stability issues.

It scales easily.

I would rate their technical support as a nine out of 10. I have a technical support contact in Singapore.

We did not previously use another solution.

The initial setup was easy.

For a Windows/Linux/Unix mixed environment, it is a good product to management privilege account passwords to prevent security breaches.

We use it to limit user privileges.

It reduces major vulnerabilities by removing local administrator privileges.

I like that I can remove local admin privileges from developers.

It only has limited support for Mac.

In version 7.3 there were driver compatibility issues with other security applications, but they were resolved very quickly by support.

The BeyondInsight appliance environment is not as flexible as it should be in some designs. But overall, it’s a well-designed product.

I would rate support at six out of 10. They need more people in the Pacific time zone.

The setup was straightforward. The appliance build was very simple and was completed with minimal effort.

PowerBroker for a Mac client is three times the price of the Windows version.

• Avecto
• Thycotic
• Viewfinity

Implementation is simple, but privileged application support may need a lot of testing. Support may not be able to help due to a lack of understanding of your environment.

Simplifies server access without password distribution.

Password management, as it is a core function; passwords are a frequent hacking point.

All products have room to improve. I would like to see support for many more systems, such as AS400.

No issues with stability.

I have not had a chance to scale out.

My support has come from the sales engineering team, not the support team, and I would rate the support at nine out of 10.

For a production environment, the setup is easy. For a PoC it is a different scenario.

Take care regarding the SQL database.

The features related to application elevate is amazing. It helped the company to remove almost all admin local users.

There are severals application that all users needed to have local admin configured to work. After the powerbroker implementation, all users with this privilege were removed, it improved the security and helped to change the IT vision, from Security to SAFETY.

Reports to the end user.

1 year

Not at all.

Not at all

No.

Very good.

Very good

No.

Easy.

Vendor team. Very good.

N/A

I'm sure everyone should have the cluster environment, which means more expensive, anyway, cheaper than the other solutions.

Yes, CyberArk, CA.

No.

It elevates the user to perform admin tasks without the user being a part of an administrator group.

PowerBroker allows elevation of required actions or application and eliminates the need of user having full administrative access. There are immense security and administrative benefits associated with removing users administrative access on the workstation.

PowerBroker allows the elevation of certain actions based on different whitelisting abilities. This can range from restarting services, installing software and allowing applications that require administrative privileges to run.

It is very similar to the UAC components built into Windows but gives us a lot more control surrounding the elevation

Previously, all users were in the administrator group of their machines. Since PowerBroker elevates the user, we can remove the users from the administrator group. Thus, the machines become less vulnerable to attacks

Improve the ActiveX rule for websites.

I have used this product for almost a year.

The software sometimes uses a lot of memory.

We have not had any scalability issues.

Technical support is mostly good.

We didn’t use any previous solutions.

It's a straightforward setup.

Price seems to be a little on the higher side.

We evaluated Avecto.

Make use of Polmon and Beyondtrust reporting console to create the elevation rules.

The main areas of focus of BeyondTrust products is Privileged Access Management. Along with it, they've also bundled the PAM solutions with a Vulnerability Management solution. We all know Retina Network Security Scanner has been around for more than a decade now and anybody would agree with me that it has been a most comprehensive scanner. BeyondTrust bundles these two areas of security - PAM and VM - with an extremely rich reporting & analytics platform – BeyondInsight - which gives actionable intelligence to SMBs as well as large enterprises.

Along with PAM & VM, PBW allows implementing a strong workflow in the organization, with regards to accessing the most valued resources of the enterprise. The request-approval process along with session monitoring and recording, could prove a very strong deterrent security control for actors with malicious intent.

With all the other features, such as asset inventory, scanning, jobs scheduling, etc., BeyondInsight offers an intelligent platform for reporting and analysis of the collected information from the customer's environment. It presents the information in the form of heat maps, risk maps, ROI graphs which are very useful for presenting to your senior executives during your budget planning. Overall, it has proven very useful to all individuals from engineer to the 'C' class of the company.

We implemented the BeyondTrust suite of products as part of our initial evaluation and continued to use the product because we liked it very much. We distribute security solutions to our customers, so we can only sell something to our customers that we believe in. And the best way to start to believe in something is to experience it. So, from the initial evaluation environment, we moved a few assets – because it's not a very large organization - and implemented a workflow process for our IT contractors. Developers and network engineers who access our infrastructure devices such as servers, routers, and firewalls have to put forth a request (though we've kept them as auto-approve 24x7, since we trust them :) ), to access the devices. All these activities are monitored, recorded & audited on a periodic basis or in cases of issues. We do not have any external auditing done within our company. However, I can imagine the kind of details provided by the solution to the auditors on almost all of the IT activities required to be monitored and audited.

Apart from auditing & recording requirements, our sysadmin now has the best control of his work in his tenure with us, in the area of patch management for our networks. RNSS has been scheduled for periodic scan jobs preparing a report. We've configured the Enterprise Update server, which checks the vulnerabilities, suggested remediation, and once they've been reviewed, all the systems are patched directly from the Enterprise Update server.

These are some of the areas I can think of at this point of time that we have benefited from BeyondTrust so far.

I'm of the thought that the best products in the market have room for improvement, always, and so is the case with this product as well. I have always submitted the improvements / bugs list to the vendor and am looking forward for them to be implemented in their coming releases.

These are related to the Flash / Java Web UI, which we know is very vulnerable. I would love to see the Reporting & Analytics console in HTML5 or other technologies which are not as vulnerable as Flash. That's something I don’t promote for the product. However, it being an internal-facing Web application, it doesn't pose a very high risk.

Other areas for improvement I have suggested in the past were more tight integration with some of the comprehensive ticket management systems. Currently, it does open a ticket in external ticket management system by sending an email. However, I would love to see these tickets being opened and customizable for other activities, such as after a vulnerability scan for high-impact or high-risk vulnerabilities, systems not patched for a certain time duration, and the list can go on. Auto-opening & auto-closing of tickets is something I would love to see implemented in BeyondTrust.

I've been implementing & using BeyondTrust products for more than a year now.

I have not encountered any major stability issues so far; just a few minor bugs, such as when you run / schedule jobs, sometimes we could see two of them being run. But this was just in the UI, RNSS in the background would still run as per the configured and scheduled jobs & reporting back is also as expected. Apart from that, the product is pretty much stable.

I've seen the product scale with no problems. I've implemented products in customers’ environments as a POC with a few servers / resources under monitoring. And once they decided to go ahead with the solution, they've scaled very well to a few hundred or thousands of users with addition of endpoint software, with virtually no impact on the performance. On the contrary, the more the resources being monitored, the more information being collected, which lights up the platform and provides a very comprehensive list of information of your network.

Until now, there hasn’t been local direct support in Australia, so any support has to be raised via email and there is a day's lag. To speak directly to the support rep, you have to call a toll-free U.S number. However, I haven't doubted the competitiveness and efficiency of the support. All the cases I have submitted so far, for ourselves as well as our customers, have been resolved to an excellent level of satisfaction.

I wasn't using any similar solution previously.

The product is available in the software as well as virtual appliance form which is a hardened Windows server, shipped securely to the end-user. It does have initial setup and configuration tasks. I would not say it's simple for naive users; however, having said that, it's backed up by very strong, simple and straightforward step-by-step documentation, which is very simple to understand and can be followed by a beginner to mid-level engineer.

Compared to its competitors, BeyondTrust software is way too cheap and offers many more features and functionality at the base price point. Licensing is simple and based on either number of users or number of resources, whichever is cheaper for the customer and very easy to calculate. Licenses are not hard-limited on the number of users.

Security, as always, should be taken care of in a layered approach. BeyondTrust products take care of the containment of the breach with its PAM suite of solutions, as well as reducing the attack surface with its Vulnerability Management products. Together, they present a very strong, in-depth defense approach for customers. It's not an endpoint protection product, though they have their endpoint agents, which could be installed on the workstations. It has to be implemented in conjunction with other security solutions such as endpoint protection and gateway security solutions such as email & web, as well as firewalls, IDS, IPS and other network security devices.

BeyondTrust Endpoint Privilege Management helps with activity monitoring. 

The tool is easy to use and deploy. It has PAM capabilities like privilege access. The solution helps with the management of third parties and vendors. It is an effective solution compared to other alternatives. 

The product should improve its price. 

I have been working on the solution since the beginning of the first quarter. 

The solution is stable. 

The tool is scalable. 

BeyondTrust Endpoint Privilege Management is easy to deploy. 

I rate the solution a seven out of ten.