We changed our name from IT Central Station: Here's why

BeyondTrust Endpoint Privilege Management OverviewUNIXBusinessApplication

BeyondTrust Endpoint Privilege Management is #4 ranked solution in top Privileged Access Management (PAM) tools. PeerSpot users give BeyondTrust Endpoint Privilege Management an average rating of 8 out of 10. BeyondTrust Endpoint Privilege Management is most commonly compared to CyberArk Privileged Access Manager: BeyondTrust Endpoint Privilege Management vs CyberArk Privileged Access Manager. BeyondTrust Endpoint Privilege Management is popular among the large enterprise segment, accounting for 45% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 27% of all views.
What is BeyondTrust Endpoint Privilege Management?

BeyondTrust Endpoint Privilege Management enables organizations to mitigate attacks by removing excess privileges on Windows, Mac, Unix/Linux and networked devices. Remove excessive end user privileges and control applications on Windows, Mac, Unix, Linux, and networked devices without hindering end-user productivity.

Key Solutions Include:

-ENTERPRISE PASSWORD SECURITY

Discover, manage and monitor all privileged accounts and SSH keys, secure privileged assets, and report on all privileged account activity in a single solution.

-ENDPOINT LEAST PRIVILEGE

Enforce least privilege across all Windows and Mac endpoints, gain visibility into target system vulnerabilities, and control access to privileged applications without disrupting user productivity or compromising security.

-SERVER PRIVILEGE MANAGEMENT

Gain control and visibility over Unix, Linux and Windows server user activity without sharing the root or administrator account.

-A SINGLE PLATFORM FOR MANAGEMENT, POLICY, REPORTING AND THREAT ANALYTICS

Utilize a single solution to manage PAM policies and deployment, understand vulnerability and threat analytics, and provide reporting to multiple stakeholders and complementary security systems.

Learn more at https://www.beyondtrust.com/privilege-management

BeyondTrust Endpoint Privilege Management was previously known as BeyondTrust PowerBroker, PowerBroker, BeyondTrust Endpoint Privilege Management for Windows, BeyondTrust Endpoint Privilege Management for Mac, BeyondTrust Endpoint Privilege Management for Linux, BeyondTrust Endpoint Privilege Management for Unix.

BeyondTrust Endpoint Privilege Management Buyer's Guide

Download the BeyondTrust Endpoint Privilege Management Buyer's Guide including reviews and more. Updated: January 2022

BeyondTrust Endpoint Privilege Management Customers

Aera Energy LLC, Care New England, James Madison University

BeyondTrust Endpoint Privilege Management Video

Archived BeyondTrust Endpoint Privilege Management Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Consultant- Information Security at a tech services company with 11-50 employees
Consultant
Monitors all infrastructure activities but program updates are very rare and it gets buggy
Pros and Cons
  • "The implementation is quite easy because the documents are always online."
  • "The program updates are very rare and the frequency is too far apart to take care of bug fixes and adding the latest features."

What is our primary use case?

Our primary use case of this solution is data access management. When you have a complex infrastructure you obviously need a solution that can monitor the activities that are going on in the infrastructure. The usernames, passwords, and activities have to be monitored, and this program helps you with that.

So it is nothing but a monitoring and security tool that will monitor all the infrastructure activities and help you to manage the passwords of the infrastructure so that the passwords are not being exposed to the third parties or your users. These passwords will be secure in your infrastructure and be rotated as part of the compliance policies.

What needs improvement?

There are a few points that are lagging in the technology and I think updated versions should be available more frequently.

So the program updates are very rare and the frequency is too far apart to take care of bug fixes and adding the latest features. 

For how long have I used the solution?

I have been working on BeyondTrust Endpoint Privilege Management for about three years now.

What do I think about the stability of the solution?

BeyondTrust is lagging on stability because it is a merger with Bomgar and so there are three, four technologies included in that. So the stability is still not how it should be.

What do I think about the scalability of the solution?

The program is scalable. It is reliable and to be deployed in a complex infrastructure, will be no problem. It can handle the load. Almost all our clients are enterprise level. So we have good partners and clients with enterprise architecture and complex infrastructure.

How was the initial setup?

The implementation is quite easy because the documents are always online. So you can do the installation yourself. But it is always better to have certified engineers to do the implementation so that you can design the infrastructure in a more secure way. When you have certified engineers, they have their own strategies to do the implementation, which is good in the long run. The deployment, however, is easy and very straightforward.

For a program like this, you want your infrastructure to be stable for more than five years or 10 years. So when you do the deployment with the help of certified engineers, they will have their own strategy of doing the installation and implementation so that managing the operations of such solutions will be easy for you. Yes, you can do the installation on your own, but it is always better to have some certified engineers.

What other advice do I have?

This program has a good reputation in the market and it is more required for the security of your infrastructure. It is a product that you can trust. The only thing I'm looking for in the next version is that the bug fixes have to be more frequent and the solution has to be more reliable and more flexible. On a scale from one to 10, I'll give it a six.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
VP Cyber Risk at a tech services company with 501-1,000 employees
Real User
Good for meeting compliance objectives but it has a complex setup
Pros and Cons
  • "The privileged access management into sensitive systems is very valuable. That includes control from the endpoint all the way through to the managing of passwords and credentials that are used by the person to access the sensitive information. It's very useful, because nobody ever really maintains passwords for those endpoint systems. It's maintained in the Dropbox password file."

    What is our primary use case?

    In terms of meeting compliance objectives of securing endpoints, this product is very useful. It works for things like ISO, PCI, DSS, and the CIA. BeyondTrust meets all of the technical requirements from the compliance perspective. The vault, remote access management, and VP enlisted VPNs will become very useful in terms of being able to manage and maintain infrastructure security without having the complexities of changing passwords all of the time. It also helps to maintain all of the compliance objectives with password complexity changes. All of those things get managed under one product tree.

    What is most valuable?

    The privileged access management into sensitive systems is very valuable. That includes control from the endpoint all the way through to the managing of passwords and credentials that are used by the person to access the sensitive information. It's very useful because nobody ever really maintains passwords for those endpoint systems. It's maintained in the Dropbox password file.

    What needs improvement?

    This depends on the client. Some clients find the granular approach a lot better than the simplified approach and some clients prefer the simplified approach better than the granular approach. Depending on the type of organization and type of information that must be protected, there are obviously different requirements.

    For how long have I used the solution?

    I actually haven't been using this solution. Customers of mine have been using it for about three years to provide me with evidence for audit purposes. They retrieved this evidence from BeyondTrust. When I ask them about endpoint management, all the information that I ask for they pull out of BeyondTrust. 

    What do I think about the stability of the solution?

    At this point in time, I haven't had any complaints from clients that it let them down, so I would assume it's stable.

    What do I think about the scalability of the solution?

    It is definitely scalable. I've worked with clients that have a 75,000-device network and it's working fine. Our clients have anywhere from about 15,000 users up to about 40,000 users.

    How was the initial setup?

    The initial setup is complex.

    What about the implementation team?

    We use a vendor team to implement.

    What other advice do I have?

    Approach it slowly. Don't rush in and drop things down there. Do it carefully, because you might end up breaking access to systems, which is complicated when you're running a production environment. Make sure you go through the testing process vigorously before you deploy.

    I would give BeyondTrust a seven out of ten. There are some features in CyberArk that are better, cheaper, or easier to implement. Some of those running in CyberArk don't have the conflicts that BeyondTrust has, as there are many products in the suite. You've got to compare apples with apples.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Learn what your peers think about BeyondTrust Endpoint Privilege Management. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
    564,997 professionals have used our research since 2012.
    AslamImroze
    Technical Manager at Gulf IT
    Reseller
    Great session management features and out-of-box connectors
    Pros and Cons
    • "I would say session management on the go is the most valuable feature. When the session is going on, you can stop the session without terminating it for justification. You can cancel it. The recording takes very little space. Those are some things which the customers are worried about when they talk about session recording."
    • "The other area to improve is that they rely on MS SQL servers only. You cannot have any other database behind them. They have to be on MS SQL. If they can do something about these issues, this would be a better alternative for some customers."

    What is our primary use case?

    The primary use case for BeyondTrust is for when one needs to control the administrative accesses on their critical assets, whether that be Windows, Linux, or UNIX servers, databases, and application servers.

    What is most valuable?

    I would say session management on the go is the most valuable feature. When the session is going on, you can stop the session without terminating it for justification. You can cancel it. The recording takes very little space. Those are some things that the customers are worried about when they talk about session recording.

    The other valuable feature is out-of-box connectors. BeyondTrust has partnered with many well-known companies. Other PAM products are not there yet. The number of out-of-box connectors BeyondTrust has is really good.

    What needs improvement?

    One issue, especially when you deploy HA actively and passively, is the synchronization. Usually, there is a large delay between the sync. The biggest problem is that it takes at least 14 minutes to detect that the primary is down. That is 14 minutes of downtime, which is a huge amount of time, especially for our enterprise customers. That delay should be reduced.

    The other area to improve is that they rely on MS SQL servers only. You cannot have any other database behind them. They have to be on MS SQL. If they can do something about these issues, this would be a better alternative for some customers.

    In terms of software, BeyondTrust should work on other operating systems other than Windows and support non-Windows operating systems also.

    What do I think about the stability of the solution?

    I haven't faced any issues with stability. Others might have, but I personally haven't faced any stability issues, because the system is very solid. The processes behind them are very well defined, as well. I haven't seen any instability yet, but perhaps there might be in the future.

    What do I think about the scalability of the solution?

    Scalability is very simple. I mean you can just add a greater number of nodes or sessions. They can be behind a load balancer, so it's very easily scalable. They do need to have a license for the scalability that they wish to reach, so they can keep upgrading their hardware as much as they want.

    How are customer service and technical support?

    There are chances some customer might give very negative feedback. Firstly, we think that they are extremely good in terms of ability. Next, they give you a slot for the support. If you give a ticket they respond quickly and give you a slot. However, the customer needs to make sure that they are available for that slot. Otherwise, they can view which slots will be available soon. If they miss a slot, the technical support will get busy with other tasks. This is one reason we have had negative feedback. It comes from the customer's end. 

    As an implementer who has submitted tickets, we have gotten responses that resolve the issue. I have found that the way they communicate to resolve the issue was really good. I work with other vendors' products as well, although not for PAM. I thought that BeyondTrust support was really good.

    How was the initial setup?

    The initial setup was very straightforward and simple.

    The deployment time depends upon the size of deployment. If it's a single company with DC and DR, where you have an HA in DC and DR, the maximum time if they have 500 assets, for example, would be two weeks. If everything is smooth, it should be a maximum of two weeks. It could also be shorter.

    What about the implementation team?

    We do demonstrations for implementations only because we are partners for BeyondTrust in this region. We deploy the solution.

    Which other solutions did I evaluate?

    I've actually looked at ARCON and BeyondTrust. Now I'm working with BeyondTrust implementation.

    Features-wise, BeyondTrust is a lot better than ARCON. ARCON, even with limited features, is still good, but the number of features and scope of its privilege control is limited.

    BeyondTrust Password Safe works for critical assets and servers. For endpoints, it offers PowerBroker and Bomgar, which is for privilege remote access and control. I think that the suite of BeyondTrust covers a good landscape. ARCON is limited.

    What other advice do I have?

    Don't start the implementation until you get the prerequisite sheet confirmed from the customer. If not, you may waste a lot of time at the customer's site.

    I have learned a couple of things from this product. First, if the organization doesn't have a structured hierarchy of the work or the segregation of duties properly implemented, no matter what kind of security there is, it tends to fail. Operationally, it tends to fail. The tasks never get finished. BeyondTrust helps define those duties properly.

    That was one major thing. The other thing I learned is that PAM is not for an inexperienced person. Don't give a PAM solution to a company that is employing inexperienced people, because they will never understand the concept of security and why identity security is important.

    I would rate this solution as eight and a half or nine out of ten. I am not saying ten, only because of the limited choice of Windows. If it had alternate options available, I would give it a ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    Faraz Abbasi
    Security Engineer at Dig8Labs
    Real User
    Provides our clients with Session Management and state-of-the-art Password Management
    Pros and Cons
    • "I'm a BeyondTrust partner and I have multiple deployments, four or five banks right now. The features that give us quite an edge compared to what our competitors are offering - like IBM or Thycotic - are the Session Management, that is quite a big one; also the recording of keystrokes. In addition, there is the password vaulting and state-of-the-art Password Management, which I haven't seen in other products."

      What is our primary use case?

      There are multiple use cases for this solution. There is the auto-discovery option for PowerBroker Password Safe, which can discover all the local accounts on any of Windows, Linux, or Unix. It can work with Active Directory and onboard Active Directory accounts automatically, if the correct credentials have been provided for AD. When it comes to databases, it also governs and controls all of them. It can integrate with Oracle Database, SQL, Oracle Linux, or other database environments.

      What is most valuable?

      I'm a BeyondTrust partner and I have multiple deployments, four or five banks right now. The features that give us quite an edge compared to what our competitors are offering - like IBM or Thycotic - are the Session Management, that is quite a big one; also the recording of keystrokes. In addition, there is the password vaulting and state-of-the-art Password Management, which I haven't seen in other products.

      It also provides a granular approach through the Management Console and manages all the operations "from the inside out". It is easy to explain and easy to manage.

      What needs improvement?

      If you are specifically dedicated to Privileged Access Management, the definitions are a bit unclear throughout the world. I have been in contact with engineers around the world, in Canada, the U.S, and the U.K as well. Everyone has quite a different definition for Privileged Access Management or Identity Access Management or Identity Management.

      Because of the definition of PAM, I don't think they can provide anything in addition to what has been defined. If you want to include anything else in this product, it will deviate from the boundaries of PAM.

      For how long have I used the solution?

      Three to five years.

      What do I think about the stability of the solution?

      I have not encountered issues with the stability.

      There are slight hiccups but they are based on the configuration details of the appliances, as done by the clients. If you are talking about the application or the features it provides, I don't think there are any hiccups with BeyondTrust.

      I have worked on competitive products as well. IBM and Thycotic are lightweight applications utilizing limited resources and providing proportionate results. I don't think anyone can compete with BeyondTrust.

      How are customer service and technical support?

      The response time and the responsiveness, the level of support that they provide, is tremendous.

      I have worked on the scene, I have worked on firewalls as well as on multiple security products, but the support from BeyondTrust is highly efficient, from a highly experienced technical staff. The level at which they provide support, the dedication as well as the expertise they have, is among the best I have seen.

      Which solution did I use previously and why did I switch?

      I have utilized OpenAM SSO, as a single sign-on. That was a Canadian product. It was an open-source solution. But I am happier with BeyondTrust. About 95 percent of use cases are handled by BeyondTrust. Whether you're talking about a bank or a telco, whatever their requirements are, they can be met by the PAM. When it comes to the PAM, I don't think that any application can compete with BeyondTrust, except for the financial issue that has been recently affected by the change in the licensing model.

      How was the initial setup?

      The initial setup is straightforward; the way that they provide the UVMs, and the whole package when it comes to deployment. What they do is provide you a complete setup package. Everything in there is preconfigured, so all you have to do is to provide the basic IP addresses and other stuff and that's it.

      What's my experience with pricing, setup cost, and licensing?

      What BeyondTrust was providing was user-based licensing which was a great benefit from the client point of view. Recently, I don't know why, the licensing model has been changed, and that is the reason that they have lost a bit of their edge when it comes to the PAM, against our competition.

      The asset-based licensing, from the user's point of view, is not beneficial. The licensing should be based on the users. The greater the number of users, the greater will be the load and the greater the scalability problems. I presume that is why the licensing model has changed.

      Which other solutions did I evaluate?

      My company first chose the IBM Identity Manager suite. Later on, we surveyed the market and the needs and requirements of the clients. We thought the IBM solution was utilizing too many resources to achieve a very limited goal. The requirements are related to PAM, but they were employing IM.

      What other advice do I have?

      I would rate BeyondTrust at eight out of 10. It's not a 10 because the scalability and licensing have impacted us a lot. Of the two points that I have deducted: One is the non-flexibility on the pricing and one is the licensing model. When you launch a product in several markets like the European market, the Asian market, or the Russian market, you have to be very flexible when it comes to the pricing.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
      Star Tseng
      Senior Technical Consultant at a tech services company with 1,001-5,000 employees
      MSP
      It scales easily and the product is stable

      What is our primary use case?

      We use it for the password management (of privileged password management).

      What is most valuable?

      Privileged password management.

      What needs improvement?

      It should support XWindows Remote Desktop Access Protocol for Linux/Unix. I would like more connectors for other security software/systems. A password is needed to access their security systems.

      For how long have I used the solution?

      Less than one year.

      What do I think about the stability of the solution?

      No stability issues.

      What do I think about the scalability of the solution?

      It scales easily.

      How are customer service and technical support?

      I would rate their technical support as a nine out of 10. I have a technical support contact in Singapore.

      Which solution did I use

      What is our primary use case?

      We use it for the password management (of privileged password management).

      What is most valuable?

      Privileged password management.

      What needs improvement?

      It should support XWindows Remote Desktop Access Protocol for Linux/Unix.

      I would like more connectors for other security software/systems. A password is needed to access their security systems.

      For how long have I used the solution?

      Less than one year.

      What do I think about the stability of the solution?

      No stability issues.

      What do I think about the scalability of the solution?

      It scales easily.

      How are customer service and technical support?

      I would rate their technical support as a nine out of 10. I have a technical support contact in Singapore.

      Which solution did I use previously and why did I switch?

      We did not previously use another solution.

      How was the initial setup?

      The initial setup was easy.

      What other advice do I have?

      For a Windows/Linux/Unix mixed environment, it is a good product to management privilege account passwords to prevent security breaches.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor.
      Security Staff Engineer at a tech vendor with 1,001-5,000 employees
      Real User
      Helps us reduce major vulnerabilities by removing local administrator privileges

      What is our primary use case?

      We use it to limit user privileges.

      How has it helped my organization?

      It reduces major vulnerabilities by removing local administrator privileges.

      What is most valuable?

      I like that I can remove local admin privileges from developers.

      What needs improvement?

      It only has limited support for Mac.

      For how long have I used the solution?

      Less than one year.

      What do I think about the stability of the solution?

      In version 7.3 there were driver compatibility issues with other security applications, but they were resolved very quickly by support.

      What do I think about the scalability of the solution?

      The BeyondInsight appliance environment is not as flexible as it should be in some designs. But overall, it’s a well-designed product.

      How is

      What is our primary use case?

      We use it to limit user privileges.

      How has it helped my organization?

      It reduces major vulnerabilities by removing local administrator privileges.

      What is most valuable?

      I like that I can remove local admin privileges from developers.

      What needs improvement?

      It only has limited support for Mac.

      For how long have I used the solution?

      Less than one year.

      What do I think about the stability of the solution?

      In version 7.3 there were driver compatibility issues with other security applications, but they were resolved very quickly by support.

      What do I think about the scalability of the solution?

      The BeyondInsight appliance environment is not as flexible as it should be in some designs. But overall, it’s a well-designed product.

      How is customer service and technical support?

      I would rate support at six out of 10. They need more people in the Pacific time zone.

      How was the initial setup?

      The setup was straightforward. The appliance build was very simple and was completed with minimal effort.

      What's my experience with pricing, setup cost, and licensing?

      PowerBroker for a Mac client is three times the price of the Windows version.

      Which other solutions did I evaluate?

      • Avecto
      • Thycotic
      • Viewfinity

      What other advice do I have?

      Implementation is simple, but privileged application support may need a lot of testing. Support may not be able to help due to a lack of understanding of your environment.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      StarTseng
      Senior Technical Consultant at a tech services company with 1,001-5,000 employees
      MSP
      Simplifies server access without password distribution

      How has it helped my organization?

      Simplifies server access without password distribution.

      What is most valuable?

      Password management, as it is a core function; passwords are a frequent hacking point.

      What needs improvement?

      All products have room to improve. I would like to see support for many more systems, such as AS400.

      For how long have I used the solution?

      Less than one year.

      What do I think about the stability of the solution?

      No issues with stability.

      What do I think about the scalability of the solution?

      I have not had a chance to scale out.

      How is customer service and technical support?

      My support has come from the sales engineering team, not the support team, and I would rate the support at nine out of 10.

      How was the initial setup?

      For a production…

      How has it helped my organization?

      Simplifies server access without password distribution.

      What is most valuable?

      Password management, as it is a core function; passwords are a frequent hacking point.

      What needs improvement?

      All products have room to improve. I would like to see support for many more systems, such as AS400.

      For how long have I used the solution?

      Less than one year.

      What do I think about the stability of the solution?

      No issues with stability.

      What do I think about the scalability of the solution?

      I have not had a chance to scale out.

      How is customer service and technical support?

      My support has come from the sales engineering team, not the support team, and I would rate the support at nine out of 10.

      How was the initial setup?

      For a production environment, the setup is easy. For a PoC it is a different scenario.

      What other advice do I have?

      Take care regarding the SQL database.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      ITCS user
      Identity and Governance Access Lead
      Real User
      The features related to application elevate is amazing.
      Pros and Cons
      • "The features related to application elevate is amazing. It helped the company to remove almost all admin local users."
      • "Reports to the end user."

      What is most valuable?

      The features related to application elevate is amazing. It helped the company to remove almost all admin local users.

      How has it helped my organization?

      There are severals application that all users needed to have local admin configured to work. After the powerbroker implementation, all users with this privilege were removed, it improved the security and helped to change the IT vision, from Security to SAFETY.

      What needs improvement?

      Reports to the end user.

      For how long have I used the solution?

      1 year

      What was my experience with deployment of the solution?

      Not at all.

      What do I think about the stability of the solution?

      Not at all

      What do I think about the scalability of the solution?

      No.

      How are customer service and technical support?

      Customer Service:

      Very good.

      Technical Support:

      Very good

      Which solution did I use previously and why did I switch?

      No.

      How was the initial setup?

      Easy.

      What about the implementation team?

      Vendor team. Very good.

      What was our ROI?

      N/A

      What's my experience with pricing, setup cost, and licensing?

      I'm sure everyone should have the cluster environment, which means more expensive, anyway, cheaper than the other solutions.

      Which other solutions did I evaluate?

      Yes, CyberArk, CA.

      What other advice do I have?

      No.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      it_user599004
      Sr Platform Engineer at a construction company with 10,001+ employees
      Vendor
      Elevation rules reduce the number of users in administrator groups.

      What is most valuable?

      It elevates the user to perform admin tasks without the user being a part of an administrator group.

      PowerBroker allows elevation of required actions or application and eliminates the need of user having full administrative access. There are immense security and administrative benefits associated with removing users administrative access on the workstation.

      PowerBroker allows the elevation of certain actions based on different whitelisting abilities. This can range from restarting services, installing software and allowing applications that require administrative privileges to run.

      It is very similar to the UAC components built into Windows but gives us a lot more control surrounding the elevation

      How has it helped my organization?

      Previously, all users were in the administrator group of their machines. Since PowerBroker elevates the user, we can remove the users from the administrator group. Thus, the machines become less vulnerable to attacks

      What needs improvement?

      Improve the ActiveX rule for websites.

      For how long have I used the solution?

      I have used this product for almost a year.

      What do I think about the stability of the solution?

      The software sometimes uses a lot of memory.

      What do I think about the scalability of the solution?

      We have not had any scalability issues.

      How are customer service and technical support?

      Technical support is mostly good.

      Which solution did I use previously and why did I switch?

      We didn’t use any previous solutions.

      How was the initial setup?

      It's a straightforward setup.

      What's my experience with pricing, setup cost, and licensing?

      Price seems to be a little on the higher side.

      Which other solutions did I evaluate?

      We evaluated Avecto.

      What other advice do I have?

      Make use of Polmon and Beyondtrust reporting console to create the elevation rules.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      ITCS user
      Information Security & PreSales Officer at a tech services company with 51-200 employees
      Consultant
      It allows implementing a strong workflow in the organization for accessing the most valued resources.

      What is most valuable?

      The main areas of focus of BeyondTrust products is Privileged Access Management. Along with it, they've also bundled the PAM solutions with a Vulnerability Management solution. We all know Retina Network Security Scanner has been around for more than a decade now and anybody would agree with me that it has been a most comprehensive scanner. BeyondTrust bundles these two areas of security - PAM and VM - with an extremely rich reporting & analytics platform – BeyondInsight - which gives actionable intelligence to SMBs as well as large enterprises.

      Along with PAM & VM, PBW allows implementing a strong workflow in the organization, with regards to accessing the most valued resources of the enterprise. The request-approval process along with session monitoring and recording, could prove a very strong deterrent security control for actors with malicious intent.

      With all the other features, such as asset inventory, scanning, jobs scheduling, etc., BeyondInsight offers an intelligent platform for reporting and analysis of the collected information from the customer's environment. It presents the information in the form of heat maps, risk maps, ROI graphs which are very useful for presenting to your senior executives during your budget planning. Overall, it has proven very useful to all individuals from engineer to the 'C' class of the company.

      How has it helped my organization?

      We implemented the BeyondTrust suite of products as part of our initial evaluation and continued to use the product because we liked it very much. We distribute security solutions to our customers, so we can only sell something to our customers that we believe in. And the best way to start to believe in something is to experience it. So, from the initial evaluation environment, we moved a few assets – because it's not a very large organization - and implemented a workflow process for our IT contractors. Developers and network engineers who access our infrastructure devices such as servers, routers, and firewalls have to put forth a request (though we've kept them as auto-approve 24x7, since we trust them :) ), to access the devices. All these activities are monitored, recorded & audited on a periodic basis or in cases of issues. We do not have any external auditing done within our company. However, I can imagine the kind of details provided by the solution to the auditors on almost all of the IT activities required to be monitored and audited.

      Apart from auditing & recording requirements, our sysadmin now has the best control of his work in his tenure with us, in the area of patch management for our networks. RNSS has been scheduled for periodic scan jobs preparing a report. We've configured the Enterprise Update server, which checks the vulnerabilities, suggested remediation, and once they've been reviewed, all the systems are patched directly from the Enterprise Update server.

      These are some of the areas I can think of at this point of time that we have benefited from BeyondTrust so far.

      What needs improvement?

      I'm of the thought that the best products in the market have room for improvement, always, and so is the case with this product as well. I have always submitted the improvements / bugs list to the vendor and am looking forward for them to be implemented in their coming releases.

      These are related to the Flash / Java Web UI, which we know is very vulnerable. I would love to see the Reporting & Analytics console in HTML5 or other technologies which are not as vulnerable as Flash. That's something I don’t promote for the product. However, it being an internal-facing Web application, it doesn't pose a very high risk.

      Other areas for improvement I have suggested in the past were more tight integration with some of the comprehensive ticket management systems. Currently, it does open a ticket in external ticket management system by sending an email. However, I would love to see these tickets being opened and customizable for other activities, such as after a vulnerability scan for high-impact or high-risk vulnerabilities, systems not patched for a certain time duration, and the list can go on. Auto-opening & auto-closing of tickets is something I would love to see implemented in BeyondTrust.

      For how long have I used the solution?

      I've been implementing & using BeyondTrust products for more than a year now.

      What do I think about the stability of the solution?

      I have not encountered any major stability issues so far; just a few minor bugs, such as when you run / schedule jobs, sometimes we could see two of them being run. But this was just in the UI, RNSS in the background would still run as per the configured and scheduled jobs & reporting back is also as expected. Apart from that, the product is pretty much stable.

      What do I think about the scalability of the solution?

      I've seen the product scale with no problems. I've implemented products in customers’ environments as a POC with a few servers / resources under monitoring. And once they decided to go ahead with the solution, they've scaled very well to a few hundred or thousands of users with addition of endpoint software, with virtually no impact on the performance. On the contrary, the more the resources being monitored, the more information being collected, which lights up the platform and provides a very comprehensive list of information of your network.

      How are customer service and technical support?

      Until now, there hasn’t been local direct support in Australia, so any support has to be raised via email and there is a day's lag. To speak directly to the support rep, you have to call a toll-free U.S number. However, I haven't doubted the competitiveness and efficiency of the support. All the cases I have submitted so far, for ourselves as well as our customers, have been resolved to an excellent level of satisfaction.

      Which solution did I use previously and why did I switch?

      I wasn't using any similar solution previously.

      How was the initial setup?

      The product is available in the software as well as virtual appliance form which is a hardened Windows server, shipped securely to the end-user. It does have initial setup and configuration tasks. I would not say it's simple for naive users; however, having said that, it's backed up by very strong, simple and straightforward step-by-step documentation, which is very simple to understand and can be followed by a beginner to mid-level engineer.

      What's my experience with pricing, setup cost, and licensing?

      Compared to its competitors, BeyondTrust software is way too cheap and offers many more features and functionality at the base price point. Licensing is simple and based on either number of users or number of resources, whichever is cheaper for the customer and very easy to calculate. Licenses are not hard-limited on the number of users.

      What other advice do I have?

      Security, as always, should be taken care of in a layered approach. BeyondTrust products take care of the containment of the breach with its PAM suite of solutions, as well as reducing the attack surface with its Vulnerability Management products. Together, they present a very strong, in-depth defense approach for customers. It's not an endpoint protection product, though they have their endpoint agents, which could be installed on the workstations. It has to be implemented in conjunction with other security solutions such as endpoint protection and gateway security solutions such as email & web, as well as firewalls, IDS, IPS and other network security devices.

      Disclosure: My company has a business relationship with this vendor other than being a customer: My organization is a Value Added Distributor for BeyondTrust in the APAC region.
      Buyer's Guide
      Download our free BeyondTrust Endpoint Privilege Management Report and get advice and tips from experienced pros sharing their opinions.