BeyondTrust Privileged Remote Access Reviews

I am in the energy sector. The solution is primarily used for something called interactive remote access. We have a secure environment where we manage the energy grid. The BeyondTrust PRA solution helps us meet a compliance requirement since we need to establish a protocol break before we start working on the electrical grid. Therefore, we don't have to walk into the room where the stuff is. It can be remotely accessed for us internally for the most part.

Right now, it is in the NERC system, which is the compliance control. This has an electronic access control system that allows us to get to our stuff. It also allows our vendors to possibly get to our stuff.

I use the tool everyday. I am logged into it right now. It allows me to do my job. I know that I am using the right thing, looking at who goes into what. If somebody needs help with a secure site, I can usually hop and help them, then it is done. It is very good and flexible. It allows me to do my job quite well.

Having a single point of getting anywhere running through its box is like another firewall. It is controlling all access to our secure network so nothing else can get through. Outside of the firewall, it is our network security. 

It is a real fortress. Its security is very strong. Multi-factor came as a feature out-of-the-box, which was big for us. That helps us meet another compliance requirement. It enforces encryption. Nobody can see what we are doing in our remote system if they happen to be listening for unencrypted traffic. That is its biggest strength.

Having a VPN just means maintenance. I have worked in the industry for around 10 years and have never enjoyed really working on anything requiring a VPN, either working over it or supporting it. As far as IT is concerned, it is no longer a great technology. We like how this solution uses a protocol that enforces encryption right away, like HTTPS. So, the solution is good to go and takes out one of the moving parts, since VPN can get quite complicated.

PRA is available in multiple formats: as a physical and virtual appliance, or as SaaS. We appreciate the flexibility, though we went with the physical in our deployment. We might go to the cloud or use a virtual appliance later. Therefore, I appreciate the flexibility. However, we went with the reliable physicals.

PRA offers SSO authentication, which adds to the encryption suite. You need to have it in order for the appliance to work. It makes compliance easier.

It is too much of a fortress. It is difficult for us to report on compliance when I need to check for that device. For instance, I need to monitor what version that device is on, and it is quite complicated for us to do that. You can't connect to it traditionally and that is by design. While they have made some improvements in their API connectivity, it is just not quite what I would really like. It requires me to kind of apply some aftermarket steps in order to get what I need.

There is no connectivity to the appliance side. There is no API, and it is just difficult for me to capture what version the device is on without going in and doing screenshots. It is a little too secure in that regard, where they don't even trust their product owner. Since a lot of hacks come from the inside, they are probably doing what they need to do out of necessity. It is just that I have to work pretty hard to produce compliance data on the box.

You can usually API into something and get whatever you need. Or, you can have an SSH saying, "Do whatever you need. Just do a Git version command." There is none of that with BeyondTrust. However, this is the least of my concerns compared to whatever it grants us in freedom for all our security compliance requirements that it helps us meet.

I have been using it for three years.

The physical appliances don't have dual-power supplies. Anytime our power goes out, like even for a second, it has a lot of trouble recovering, even though we have two of them in a cluster. It has trouble recovering after a power-related event on the physical side. We know that we don't really have a redundant BeyondTrust PRA, but they would probably tell me to use a cloud or virtual appliance.

Scaling is pretty simple. We can stretch it to different operating systems, devices, and command lines. We can use it in any way that we want, either on stuff or from stuff. I am confident we can work with it for whatever needs to be done.

The technical support has been okay. There have not been too many inquiries. I have asked questions from a developer on how to connect to it and gather the compliance data and was able to get an answer, which was nice.

Positive

Some people working remotely have used TeamViewer. However, we have migrated the privileged remote access since then for our security flexibility.

We looked into this solution for its ability to meet our compliance requirement. It is one of the leaders in Interactive Remote Access. When an auditor or whomever sees the solution, they say, "Okay, you are on BeyondTrust. This should be pretty simple." Out-of-the-box, it meets a lot of requirements. We don't need to go out of our way to prove requirements because they are in the manual of the solution saying, "There is encryption." 

When the world went remote, we also looked to get off TeamViewer rather quickly and enforce users getting onto a privileged remote access solution. We wanted more control of who could come into the network as well as not be subject to a hack of TeamViewer. Now, we have everything run through our internal network instead of bouncing off Germany.

The initial setup was pretty straightforward. It is simple and elegant in its design. It is pretty clear how to get things configured. There are a few quirks with getting some policies in force for particular types of workers. Once you get that down and have it working, it is a set-and-forget solution. It is not nearly as complicated as some other implementations that we have done with different apps.

It took two weeks to implement.

Instantly, we were compliant with one of the SIP standards.

It doesn't allow for multiple monitors without some extra steps. TeamViewer allows you to open a monitor in one tab and another monitor in another, then you can drag that tab to your monitors at home. Therefore, you can have a dual monitor setup at home. BeyondTrust doesn't work like that, and our users hate it. It is possible to do this with RDP technology, but next to email, RDP is one of the least secure protocols in the world. We don't really want to use that, but we have been kind of forced to lately when trying to get away from TeamViewer. That is one thing that TeamViewer has, it can tab to multi-monitor support.

PRA stands on its own as a full solution. We appreciate their presence in that realm. You will get part of what you want from TeamViewer, but you are getting quite a bit more with a PRA. You can roll it out via on-prem, cloud, or virtual. You control a lot more of it, controlling what people do. Whereas, with TeamViewer, that is so much more difficult. 

I am considering a cheaper competitor since that is what we moved over from. However, I don't think that we have really looked at many other vendors for this since I have exactly what I need from BeyondTrust.

We are monitoring vendor sessions. We will probably start monitoring our own so we can use it to see what happens in regards to a security incident. We can also go back and use it for troubleshooting or see exactly what somebody did inside of their remote session. At some point, we look forward to turning on the session recording. We just hadn't done it yet, not for internal staff.

There is no unattended remote access for vendors that I am aware of, but we know that we can use the solution to do that. Some have done that in the past. We just don't do it all the time and probably not in the last year.

My usage of the solution is primarily in the secure network. I don't have any kinds of sounds that I really need to listen to.

It is hard for us to roll so much trust into one thing at a time, because what happens when that thing is gone? You need to have an adequate backup plan, and we have not quite gone that far yet.

We have an audit coming up this year, because of that it is hard to really decide to do anything new. We kind of have been told, "Hey, stop getting new stuff. You have to get through the audit first."

I would rate PRA as 10 out of 10.

We primarily use the solution for Privileged Remote Access. The primary use case is to let the suppliers connect in a very, very secure way on privileged endpoints and internal privilege endpoints or internal operators, probably from Azure. They operate something in the Azure cloud, and that's a very secure way to connect to the Azure cloud.

It's one of the most secure products in the market. 

They have very good support. They have really have great support.

It's everything that we need. It's like a Swiss knife. We can do everything with that to produce what we need for Privileged Remote Access reasons. 

Every three to six months they bring new features like processes, access processes, and things like that, which are unique in the market. I have not seen other solutions offering what they offer.

The documentation is really great. It's cool. You can download all the documentation you need at any time. They've done it in a great way.

The API is great and we can automate anything that we need with the product.  

If you know what you are doing, it's not a difficult setup.

The solution is stable.

The scalability is excellent. 

The solution offers many great integrations.

I cannot say that the solution is lacking any features. It has everything we need right now.

They could probably integrate a wizard or something like that to add a new use case. It could be something that makes it easier to add a new use case. That's something they could probably improve. I'm not sure about this, however, as the direction is anyway going more and more in the direction of automation. That said, for a beginner customer who is starting from scratch, probably a wizard would be a good feature to add.

The on-premises version is not as easy to set up as a cloud deployment,

We've used the solution for about five years. We started using it pretty much from the moment it came out. We have worked with the solution for a while. We've benn BeyondTrust resellers, however, for 15 years.

It's got great stability. It's really great. In all the 15 years I used the remote support solution, and the five years we used the PRA solution, we never have seen an unstable situation with any of the components of the product. There are no bugs or glitches. It doesn't crash or freeze.

The solution is scalable. You can do a worldwide rollout of the product. This is an Enterprise product, and so the scalability allows you to expand over multiple countries, over multiple locations, with their technology. 

The company is best suited to enterprise level organizations - specifically medium and large ones. 

They have really great support. If you have to call, for example, someone at Microsoft, you need to wait in a queue about 30 minutes, or here in Switzerland, some companies, have outsourced the support to other countries. Then you have to wait in a queue and wait for a person which is helping you. At BeyondTrust in all these 15 years, normally you have a wait of one or two minutes, and almost immediately you have a person in the chat, which helps you, and a competent person. They are very quick and very responsive. 

This is an on-premise product. You cannot really compare with the other products from the cloud, which you just click and then work. There is a setup process, and you need an admin with a certification. It's not so easy, however, if you have the right guys in place, then it's no problem. 

Normally, anyway, this is an Enterprise product, and in the company, you have a person which is administrating this product. BeyondTrust is an Enterprise solution, and therefore, you have to do some kind of rollout as well.

Typically, users will see an ROI within about a year or so. It gives you the best tool to your employees they can have in that area. And therefore the return of investment comes very fast.

The pricing depends on the model you choose. You can have it as a cloud version or you can have it as an on-premise version and therefore the prices vary. The initial costs are normally a little bit higher than with other products, however, after two or three years, it's a bargain. It's just that the initial cost is a little bit higher. That said, due to the functionality it gives to your team, the return of investment comes very fast.

We are a reseller, not an end-user.

While we do use different deployment models, many of our clients are government-related and therefore we deal a lot with on-premises deployments. 

I'd rate the solution at a nine out of ten. It's definitely on the upper level, well above what else is available.

I would recommend that those considering using the solution do a certification course similar to when you install Windows server or something like that from Microsoft where you can become a Microsoft certified professional, and you can attend a class and then you can do an exam about the product. 

I recommend that a company which uses the product has also a certified admin. It makes it lot easier. That way, they can really profit from all the functionality the product has. The product has many functions however, you need to give it to a person with enough know-how. Otherwise, the company will not use all the features the product offers. 

I have a hundred different use cases. They're all different because every customer is different. One of the top use cases is where a third-party vendor needs to internally access one of the servers or applications. 

Its security, simplicity, and ease of deployment and maintenance are the most valuable. It is FIPS compliant, so it goes through severe penetration testing every one year or two years. They have to maintain this compliance. It is very safe.

Customers have been using it in the last eight years because of the simplicity of getting it deployed quickly. Most of the people using the solution had been hacked already, so they needed it quickly. As compared to the other solutions in the market, it can be turned on in production very quickly. You don't really need to have a server. It can be deployed very rapidly on VMware or Hyper-V, and you don't need to do an installation. It is a kind of an all-included package that you just deploy in a VM environment. It is basically a VM that is specifically built for a customer. The way the PRA data solutions work is that you need to build them for each customer because of being hard-coded with their SSL certificate, their web page name, and all that.

It would be very nice if it has an enterprise vault. Currently, it can interact with Password Safe, which is a separate solution and equivalent to Thycotic Secret Server. Instead of having Password Safe as a separate entity, they should combine it with BeyondTrust Privileged Remote Access. They have done it in some way, but it is not an enterprise tech solution.

I have been using this solution for eight years.

It is very stable. In eight years, I've never seen a bug.

Our clients are large businesses. 

I used to work there. I know this stuff by heart, so I don't need to call them. 

It is easy to set up. The complex part is to explain all the beneficial features and functionality to the customer because it can pretty much do everything. Discussing the environment and use cases is where you spend most of the time before you do the deployment.

Its deployment can be done very quickly. It can be deployed within 24 hours, which is useful if there is any hacking or breach. After that, you can add more complexity to it and configure it for a use case.

I would rate BeyondTrust Privileged Remote Access a nine out of ten.

The primary use case is for customers who are aware of RDP, remote desktop insecurity, and want to resolve this by deploying BeyondTrust Remote Access. There are so many features built into the system, and both cloud and on-premises deployment are offered. 

This product is very stable and scalable. This is an excellent platform. 

I can't think of any specific improvements because the product is already so rich. 

This solution is very stable. 

It's very scalable—horizontal, vertical, you name it. 

This product is backed up by excellent, very knowledgeable support. 

The company guarantees the best ROI, provided you take advantage of all the features. If you're buying a product, though, you shouldn't use only the basic function features anyway—use the advanced features. So the ROI is almost guaranteed when you invest in this product, but you need to find the right partner for deployment. You need a partner who will show you all the features you can take advantage of so that you benefit from the ROI, otherwise you're wasting it and you might as well buy something cheaper and more basic. 

The price is pretty expensive, but you get what you pay for and this is a great product. 

This product is the de facto standard, based on function features, installation, and customer base. There is a reason why so many well-known companies use it. 

I rate BeyondTrust Privileged Remote Access a nine out of ten, just because there's no such thing as a perfect product.