Currently, we have one customer using BeyondTrust Password Safe.

BeyondTrust Password Safe is usually used for two things: compliance and audit.

The main purpose of BeyondTrust Password Safe is for Privileged Access Management, with session monitoring being very effective for risk mitigation. It ensures we adhere to the control standards set for financial institutions.

For BeyondTrust Remote Support, I am onboarding accounts. I create special connectors through the RDS server into one server broker to run various applications. I establish browser connections and perform onboarding, uploading accounts, and applying remote rules. 

I also create smart groups for access. I also use Password Safe to allow users to connect through a target machine through the appliance with built-in databases.

Our customers are looking for a product that offers provisioning in their network, and for that reason, they choose BeyondTrust Password Safe.

I find that BeyondTrust Password Safe is a very effective application for password management. I find it very easy to use and update.

It is used primarily to adhere to SOC compliance and to provide what we call user/administrator segregation.

We are an MSP. We do manage services, but we also do a lot of other things. We implement as well as do ongoing managed services. We don't use it in our organization. We have it in our lab set up as a running service so that I can go there and test something just to see what'll happen because I can do a snapshot of my system and then revert if things go wrong. That's something that I don't want to experiment with in a client environment, even in a test or a dev environment. I just want to test something. I can do that in our lab, but our organization does not use Password Safe.

We use Password Safe to protect privileged identities and privileged access. The difference between any PAM and IM is that IM is basically for all the identities and the users in the organization. PAM mainly focuses on privileged access. For example, it can be to any database, or a Windows machine where someone is an administrator, or on a Linux machine where someone is root or equivalent to root, or any other web-based application where someone is an administrator. The focus was that any user should log into the infrastructure using PAM.

Every user, administrator, and developer who logged into IT infrastructure used BeyondTrust Password Safe.

I used BeyondTrust in my previous organization. We used version 22. They recently changed their version number so it matches the year. For instance, in 2022, the version number is 2022.

BeyondTrust Password Safe is used so that all the activities can be recorded and logged. Sessions can be monitored, and all of that data can be audited later if needed. Generally in organizations, IT departments, or teams, people find it difficult to rotate passwords. If it's an administrator account, the passwords are generally not rotated. They're either shared between teammates, or the passwords are written down somewhere. With BeyondTrust, you can automatically rotate the password, and set the complexity of the password, the letters, the characters, special characters, upper case, lower case, etc. You can choose when the password should be rotated, and if the password should be rotated every day, every month, or after every use.

You can enforce your password policies on these privileged accounts, which previously were not rotated that much. There are so many breaches. Recently, there was a SolarWinds attack where the password was solarwinds123. The privileged accounts were not safeguarded, and the passwords weren't rotated. People knew the password. But with this solution, no one needs to know the passwords. If it is implemented in the perfect sense, the passwords will be rotated regularly. Administrators who are logging onto the system's servers and databases don't need to know the password because the session is proxied by Password Safe's solution directly. You will see the applications, and it helps enforce least privilege, which is one of the main principles.

With least privilege, if you are allowed to have access to only two servers out of ten, then you will only be given access to those two servers. You click on the machine you want to log into, and you will get the link. If you want to do RDP or SSH, click on that and the session will be launched. You don't need to know the password, and passwords are automatically rotated.

The solution is deployed on-premises.

In my organization, there were hundreds of users. There were different teams. In other organizations, I have seen 1,000 users at different points. At any given time, there might be 400 or 500 users.

They are mainly admins and end users. End users can vary a lot and have different roles. They are the people who log onto the servers, databases, network devices, and web applications. There are a few admins, developers, and network administrators. Administrators are also end users in any particular instance because they're also the users and consumers of that particular service.

The solution was implemented to secure privileged access management in a large-scale corporate environment.

We use this solution for password management. It allows us to control and manage passwords in a safe and secure way, and it records sessions.

The solution is deployed on-premises. It's being used extensively in my organization.

Typically, we would allow users to connect with their regular user ID, a non-privileged user account, and automatically connect to a designated privileged account managed by BeyondTrust. This account would be onboarded to target systems or databases, preventing users from using their user account as a privileged account. Instead, it would act as a surrogate, using only a managed, dedicated account the user could access.

Our use case was allowing users to connect with their regular, non-privileged user ID and automatically connect to a designated privileged account for target systems or databases. This prevented users from using their regular account as a privileged account. Instead, it used a managed, dedicated account in BeyondTrust Password Safe that only that the user could use. For example, my account "Gary.Jolley" might have a domain admin account "dam-Gary.Jolley" that I'd automatically connect to.

We're using it as a vaulting solution. We're doing password vaulting, and we're doing password rotations. We also do session management and session proxies.

We probably are using version 7.2. 

BeyondTrust Password Safe is used to protect privileged accounts and record any activity when using those accounts. Password Safe is able to record and report anything in SSH. It's mainly used for auditing purposes.

We downloaded the virtual appliance and deployed the solution on-premises.

I use Password Safe as a fully-fledged conventional PAM solution; for SSH and RDP brokering to servers, whether that's Linux or Windows, as well as SQL and Oracle.

I also use the product to publish applications using a jump box server and as a vault for user credentials to provide normal use and REST API through CI/CD integration.

We have active and passive appliances and an offsite cold spare.

The use case was to integrate BeyondTrust with the organization and onboard servers and accounts. We created Smart Rules and used other features for automatic onboarding and integrating BeyondTrust with various components in the organization, such as SNMP, SIEM, and AD.

The use cases are essentially the same as those for any PAM solution. Like addressing security compliance, securing the network against threats, and protecting all identities with intelligence and minimal concerns.

It also includes cloud security management, handling different shifts, and addressing workforce access, passwords, and the likes of compiance. It simplifies analytics, reporting, and secret implementation.

Additionally, it reduces servers while increasing stability in privileged access. These are the general use cases that apply to all PAM solutions.

We use the solution as a password safe to keep the privileged credentials secret to make sure they aren't stolen or lost.

We primarily use the solution to keep passwords.

We deploy in client environments. It's not deployed in our environment. Generally, its deployment depends upon a client's environment. Sometimes, it's hybrid. Sometimes, it's on-prem, and sometimes, it's on a virtual hypervisor or VMware.

We are currently deploying it for one of our Indian clients. For this client, we are deploying SaaS-based Password Safe, which is purely on the cloud. They also have BeyondTrust Remote Support. We are integrating both of them. BeyondTrust Remote Support is for tech support for their teams, and Password Safe is for password rotation, screen recording, and monitoring of their employees.

We use BeyondTrust Password Safe for server and database management of the accounts noted. We will be moving ahead with application management as well.

There are a lot of customers, worldwide, who use this solution, especially in the education sector. This solution is so niche that it's not like TeamViewer. It's basically designed and developed with enterprises in mind—it's an enterprise solution. It's built for a highly privileged and secure environment. It starts with a virtual appliance and physical appliance and then, now, to what's basically a cloud-based type of access. 

We use the solution to login through remote application solutions. 

We are using it for vaulting and proxying the admin session. It is not yet implemented. We will implement it at the beginning of 2021.

The solution is used for password management. We can manage access to applications and systems in the organization.

BeyondTrust replaced the leading password management solution, offered vulnerability management and gave me a third-party patch management that integrates with Microsoft. To me, that was a win-win. 

We use the product for privilege account management and session management.