BeyondTrust Privileged Remote Access Reviews

I am in the energy sector. The solution is primarily used for something called interactive remote access. We have a secure environment where we manage the energy grid. The BeyondTrust PRA solution helps us meet a compliance requirement since we need to establish a protocol break before we start working on the electrical grid. Therefore, we don't have to walk into the room where the stuff is. It can be remotely accessed for us internally for the most part.

Right now, it is in the NERC system, which is the compliance control. This has an electronic access control system that allows us to get to our stuff. It also allows our vendors to possibly get to our stuff.

I use the tool everyday. I am logged into it right now. It allows me to do my job. I know that I am using the right thing, looking at who goes into what. If somebody needs help with a secure site, I can usually hop and help them, then it is done. It is very good and flexible. It allows me to do my job quite well.

Having a single point of getting anywhere running through its box is like another firewall. It is controlling all access to our secure network so nothing else can get through. Outside of the firewall, it is our network security. 

It is a real fortress. Its security is very strong. Multi-factor came as a feature out-of-the-box, which was big for us. That helps us meet another compliance requirement. It enforces encryption. Nobody can see what we are doing in our remote system if they happen to be listening for unencrypted traffic. That is its biggest strength.

Having a VPN just means maintenance. I have worked in the industry for around 10 years and have never enjoyed really working on anything requiring a VPN, either working over it or supporting it. As far as IT is concerned, it is no longer a great technology. We like how this solution uses a protocol that enforces encryption right away, like HTTPS. So, the solution is good to go and takes out one of the moving parts, since VPN can get quite complicated.

PRA is available in multiple formats: as a physical and virtual appliance, or as SaaS. We appreciate the flexibility, though we went with the physical in our deployment. We might go to the cloud or use a virtual appliance later. Therefore, I appreciate the flexibility. However, we went with the reliable physicals.

PRA offers SSO authentication, which adds to the encryption suite. You need to have it in order for the appliance to work. It makes compliance easier.

It is too much of a fortress. It is difficult for us to report on compliance when I need to check for that device. For instance, I need to monitor what version that device is on, and it is quite complicated for us to do that. You can't connect to it traditionally and that is by design. While they have made some improvements in their API connectivity, it is just not quite what I would really like. It requires me to kind of apply some aftermarket steps in order to get what I need.

There is no connectivity to the appliance side. There is no API, and it is just difficult for me to capture what version the device is on without going in and doing screenshots. It is a little too secure in that regard, where they don't even trust their product owner. Since a lot of hacks come from the inside, they are probably doing what they need to do out of necessity. It is just that I have to work pretty hard to produce compliance data on the box.

You can usually API into something and get whatever you need. Or, you can have an SSH saying, "Do whatever you need. Just do a Git version command." There is none of that with BeyondTrust. However, this is the least of my concerns compared to whatever it grants us in freedom for all our security compliance requirements that it helps us meet.

I have been using it for three years.

The physical appliances don't have dual-power supplies. Anytime our power goes out, like even for a second, it has a lot of trouble recovering, even though we have two of them in a cluster. It has trouble recovering after a power-related event on the physical side. We know that we don't really have a redundant BeyondTrust PRA, but they would probably tell me to use a cloud or virtual appliance.

Scaling is pretty simple. We can stretch it to different operating systems, devices, and command lines. We can use it in any way that we want, either on stuff or from stuff. I am confident we can work with it for whatever needs to be done.

The technical support has been okay. There have not been too many inquiries. I have asked questions from a developer on how to connect to it and gather the compliance data and was able to get an answer, which was nice.

Positive

Some people working remotely have used TeamViewer. However, we have migrated the privileged remote access since then for our security flexibility.

We looked into this solution for its ability to meet our compliance requirement. It is one of the leaders in Interactive Remote Access. When an auditor or whomever sees the solution, they say, "Okay, you are on BeyondTrust. This should be pretty simple." Out-of-the-box, it meets a lot of requirements. We don't need to go out of our way to prove requirements because they are in the manual of the solution saying, "There is encryption." 

When the world went remote, we also looked to get off TeamViewer rather quickly and enforce users getting onto a privileged remote access solution. We wanted more control of who could come into the network as well as not be subject to a hack of TeamViewer. Now, we have everything run through our internal network instead of bouncing off Germany.

The initial setup was pretty straightforward. It is simple and elegant in its design. It is pretty clear how to get things configured. There are a few quirks with getting some policies in force for particular types of workers. Once you get that down and have it working, it is a set-and-forget solution. It is not nearly as complicated as some other implementations that we have done with different apps.

It took two weeks to implement.

Instantly, we were compliant with one of the SIP standards.

It doesn't allow for multiple monitors without some extra steps. TeamViewer allows you to open a monitor in one tab and another monitor in another, then you can drag that tab to your monitors at home. Therefore, you can have a dual monitor setup at home. BeyondTrust doesn't work like that, and our users hate it. It is possible to do this with RDP technology, but next to email, RDP is one of the least secure protocols in the world. We don't really want to use that, but we have been kind of forced to lately when trying to get away from TeamViewer. That is one thing that TeamViewer has, it can tab to multi-monitor support.

PRA stands on its own as a full solution. We appreciate their presence in that realm. You will get part of what you want from TeamViewer, but you are getting quite a bit more with a PRA. You can roll it out via on-prem, cloud, or virtual. You control a lot more of it, controlling what people do. Whereas, with TeamViewer, that is so much more difficult. 

I am considering a cheaper competitor since that is what we moved over from. However, I don't think that we have really looked at many other vendors for this since I have exactly what I need from BeyondTrust.

We are monitoring vendor sessions. We will probably start monitoring our own so we can use it to see what happens in regards to a security incident. We can also go back and use it for troubleshooting or see exactly what somebody did inside of their remote session. At some point, we look forward to turning on the session recording. We just hadn't done it yet, not for internal staff.

There is no unattended remote access for vendors that I am aware of, but we know that we can use the solution to do that. Some have done that in the past. We just don't do it all the time and probably not in the last year.

My usage of the solution is primarily in the secure network. I don't have any kinds of sounds that I really need to listen to.

It is hard for us to roll so much trust into one thing at a time, because what happens when that thing is gone? You need to have an adequate backup plan, and we have not quite gone that far yet.

We have an audit coming up this year, because of that it is hard to really decide to do anything new. We kind of have been told, "Hey, stop getting new stuff. You have to get through the audit first."

I would rate PRA as 10 out of 10.

Our company has been growing, and we have many audits as well as SOX compliance requirements. We have different SOX requirements, and we wanted to ensure that every activity is monitored. That was the main reason for deploying this solution into the environment.

We are using it like a VPN access for our external users, such as vendors, to allow them to access the resources within the organization. Instead of providing them the regular VPN access, we give them access to the privileged access solution so that we can monitor what they are doing, and we are able to view back the recordings of all the activities they've done.

We have not integrated Privileged Remote Access (PRA) with other solutions at the moment. We also have another solution of BeyondTrust. We have integrated that solution with other solutions, but we haven’t integrated PRA with other solutions. We just use it for remote access and credential injection.

It has put us at the forefront when it comes to security, auditing, and meeting SOX requirements. It is a top-notch solution for us in these aspects. Security is the key to fulfilling SOX requirements. Ever since we deployed it, we are able to provide external auditors, who audit the company, with recordings of who is in the environment. We are able to see what is happening. We are able to provide access durations and show who is accessing what and who has been given permission to access. It has really helped us in those aspects.

The fact that PRA does not require a VPN goes a long way for us because instead of our external users installing different VPN applications and having different user names and passwords for different applications, they can just make use of it via the web. They don't need to install an application, which is a very cool and nice feature for us.

In terms of security provided by PRA when it comes to access for remote and privileged users, the users get to access only what they are permitted to access. They can't go beyond what they're allowed to access. You don't have to give anybody the credentials to privilege accounts. The solution allows you to do account injection while you are using the solution, which is really good for us. So, you can do credential injection while accessing the solution, which is a top-notch security feature for us where you get to manage privileged credentials within the organization.

It is available in multiple formats. It is available as a physical and virtual appliance, or as SaaS. When we did the PoC, it was before COVID. We did the on-prem deployment for the PoC, but immediately after the PoC, COVID came, and we started to think of what will happen when we are not physically present. So, we had to go for the cloud solution, which is quite cool as well. It takes the burden away from IT admins, and we don't have to think of how many servers we have to manage.

It is important that through the use of PRA, there is no need to share passwords with users. We are able to do credential injection where you don't get to give users privileged user accounts. With the solution, we're able to do the privilege injection, which makes it perfect for us. Nobody gets to hold onto the privileged accounts. With the solution, we are able to inject it, which is good for us.

We are mainly using it to give access to third-party vendors. In order to ensure that we monitor the activities of what they're doing, we use PRA for their access. All our external users come in through PRA. For every internal user, we use the regular VPN. We are also looking into the cost of getting more PRA licenses if we are going to put every other user in the company on it.

We have integrated it with our Active Directory, which allows us to apply our Active Directory password policies. We don't need to create any other user account for whoever is coming in. We just get to create a user in Active Directory, and password policies are already applied. So, users come in by using the Active Directory credentials, which is another level of security as well.

One of the features that I really like about it is the ability to set a start date, time, and end date for the access. For example, you can set the access for a person from tomorrow, Monday, or Tuesday and ending on a specific period of the day or a specific date. That's really quite helpful.

You can use the solution to access not just the Windows environment; you can also access your Linux devices and even your network devices. That's a very cool feature for us.

At the moment, I don't see any major problems with it. If anything, they can just change the look and feel of the login screen because it looks too simple to me. It does not have so much information. When you get to the login screen of the solution, you should have more information. We also have BeyondTrust Remote Support, and the login page looks similar to BeyondTrust Privilege Remote Access. I would love to see more rich information on the login screen or landing page so that rather than having a regular sign-in screen or page where you just provide a username and password and get into the solution, you should have more insight into what the solution does. I've mentioned this to them every time I have had an opportunity.

It was deployed last year.

Its stability is good. It is top-notch. They are doing well because I can see the way they do release updates for the solution. They are also at the top in terms of security updates, vulnerability assessments, and other things that are currently happening. They are doing well in terms of updates, which are also helpful in stabilizing the solution. With regular updates, you get a stable solution and also more improvements and features.

We are using cloud deployment. When you have a cloud SaaS solution as compared to having it in your own cloud environment or on-prem, you do not get to have much say on scalability. If you have deployed it within your environment, you get to see how to scale it up or scale it down, but when it is a cloud solution, you don't get to see what happens on the provider side. However, you get to know that at least you have been provided what you have paid for, and it is working perfectly. So, for me, scalability comes into the picture if I am managing the infrastructure within my environment, but that doesn't mean you can't talk to your provider to tell them that you want to include other things in the solution.

Their technical support is good. At any point in time, when I needed support, they responded quickly. There was a time when the local vendor reached out to us that there is a new upgrade, but on logging onto the platform, we couldn't see the update available. We reached out to their support, and the support personnel who picked up the case told us to give him just five minutes, and he will ensure that the update is available. Their technical support is beyond cool. I would rate them a nine out of ten.

Positive

We didn't use any similar solution previously.

We went for the SaaS solution. They provided the platform and the access to the UI to the local vendor, who is a product partner. 

Three people were involved in its deployment. One engineer from the local vendor worked with two people from my end. One of them was from the server side, and the other one was from the networking side. 

We didn't evaluate any other solution. We were already using BeyondTrust Remote Support to support our client's computers. It was deployed during the COVID period. Initially, it was implemented because management was thinking about how IT would manage the situation when working from home. The users had no credentials. With remote support, we were able to do that perfectly, which also gave us assurance that BeyondTrust PRA would work well for us, and we won't have any issues with it. So, the management was able to sell PRA to the top management. There wasn’t much discussion about it because of the previous experience that we had with BeyondTrust Remote Support. It has already paved the way for PRA to come into the environment.

I would tell others to just go for it. If they are security conscious and are concerned about security within their environment, then just go for it.

I would rate this solution a nine out of ten.

We primarily use the solution for Privileged Remote Access. The primary use case is to let the suppliers connect in a very, very secure way on privileged endpoints and internal privilege endpoints or internal operators, probably from Azure. They operate something in the Azure cloud, and that's a very secure way to connect to the Azure cloud.

It's one of the most secure products in the market. 

They have very good support. They have really have great support.

It's everything that we need. It's like a Swiss knife. We can do everything with that to produce what we need for Privileged Remote Access reasons. 

Every three to six months they bring new features like processes, access processes, and things like that, which are unique in the market. I have not seen other solutions offering what they offer.

The documentation is really great. It's cool. You can download all the documentation you need at any time. They've done it in a great way.

The API is great and we can automate anything that we need with the product.  

If you know what you are doing, it's not a difficult setup.

The solution is stable.

The scalability is excellent. 

The solution offers many great integrations.

I cannot say that the solution is lacking any features. It has everything we need right now.

They could probably integrate a wizard or something like that to add a new use case. It could be something that makes it easier to add a new use case. That's something they could probably improve. I'm not sure about this, however, as the direction is anyway going more and more in the direction of automation. That said, for a beginner customer who is starting from scratch, probably a wizard would be a good feature to add.

The on-premises version is not as easy to set up as a cloud deployment,

We've used the solution for about five years. We started using it pretty much from the moment it came out. We have worked with the solution for a while. We've benn BeyondTrust resellers, however, for 15 years.

It's got great stability. It's really great. In all the 15 years I used the remote support solution, and the five years we used the PRA solution, we never have seen an unstable situation with any of the components of the product. There are no bugs or glitches. It doesn't crash or freeze.

The solution is scalable. You can do a worldwide rollout of the product. This is an Enterprise product, and so the scalability allows you to expand over multiple countries, over multiple locations, with their technology. 

The company is best suited to enterprise level organizations - specifically medium and large ones. 

They have really great support. If you have to call, for example, someone at Microsoft, you need to wait in a queue about 30 minutes, or here in Switzerland, some companies, have outsourced the support to other countries. Then you have to wait in a queue and wait for a person which is helping you. At BeyondTrust in all these 15 years, normally you have a wait of one or two minutes, and almost immediately you have a person in the chat, which helps you, and a competent person. They are very quick and very responsive. 

This is an on-premise product. You cannot really compare with the other products from the cloud, which you just click and then work. There is a setup process, and you need an admin with a certification. It's not so easy, however, if you have the right guys in place, then it's no problem. 

Normally, anyway, this is an Enterprise product, and in the company, you have a person which is administrating this product. BeyondTrust is an Enterprise solution, and therefore, you have to do some kind of rollout as well.

Typically, users will see an ROI within about a year or so. It gives you the best tool to your employees they can have in that area. And therefore the return of investment comes very fast.

The pricing depends on the model you choose. You can have it as a cloud version or you can have it as an on-premise version and therefore the prices vary. The initial costs are normally a little bit higher than with other products, however, after two or three years, it's a bargain. It's just that the initial cost is a little bit higher. That said, due to the functionality it gives to your team, the return of investment comes very fast.

We are a reseller, not an end-user.

While we do use different deployment models, many of our clients are government-related and therefore we deal a lot with on-premises deployments. 

I'd rate the solution at a nine out of ten. It's definitely on the upper level, well above what else is available.

I would recommend that those considering using the solution do a certification course similar to when you install Windows server or something like that from Microsoft where you can become a Microsoft certified professional, and you can attend a class and then you can do an exam about the product. 

I recommend that a company which uses the product has also a certified admin. It makes it lot easier. That way, they can really profit from all the functionality the product has. The product has many functions however, you need to give it to a person with enough know-how. Otherwise, the company will not use all the features the product offers. 

My company uses BeyondTrust Privileged Remote Access for privileged access management to facilitate the management of RDP sessions and the rotation of credentials or passwords.

The most valuable features of the solution are the seamless features that allow you to use the password without manually copying it while also providing it in a clear format. The solution's feature injects the password directly into the application you use.

The integration of the solution with many platforms is a difficult area to manage and needs to be made easy. For example, I don't think BeyondTrust Privileged Remote Access works with products from Sophos.

I have been using BeyondTrust Privileged Remote Access for around three months. My company has a partnership with BeyondTrust.

It is a stable tool. Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution an eight to eight and a half out of ten.

In my company, there are less than ten users of the solution. I have dealt with my company's clients, with more than five hundred people working with the product.

The solution can be used in small and enterprise-sized businesses.

Based on the feedback from my colleagues who have never complained about the technical support, I would say that the product's support team is good.

BeyondTrust Privileged Remote Access is one of the easiest products to deploy.

The solution is deployed mainly on virtual appliances.

I rate the product's pricing a four on a scale of one to ten, where one is high, and ten is low. It is an expensive product.

I have only compared BeyondTrust Privileged Remote Access with Delinea Secret Server till now. From a technical standpoint, Delinea has more features. From a practical point of view, I think BeyondTrust Privileged Remote Access is easier to manage and deploy. I haven't worked with Delinea to be able to give an elaborate opinion about it.

I rate the overall solution an eight and a half to nine out of ten.

We use the solution to give the network access to third-party vendors or remote basis employees. It helps us authenticate their credentials directly without a VPN connection.

The solution has the best screen-sharing feature. We can invite external vendors without exposing any credentials or network access to them using it.

The solution's access process for third-party vendors needs to be simplified. It should eliminate the process of installing client applications on users' machines for better security. Instead, we can publish a URL link for them. Also, its web interface needs enhancement as well.

We have been using the solution for four years.

It is a stable solution. I rate its stability an eight out of ten.

The solution's scalability is a five or six out of ten.

The solution's technical support is good. Whenever we raise any case, they try to solve it as soon as possible.

Positive

The solution's initial setup process is straightforward. It is developed and managed by BeyondTrust itself. They provide us with the virtual appliance, and we ask the customer to deploy that profile on their server. Once the appliance is deployed, we can access the URL and start with the initial configuration. Further, it integrates with the active directory and the customer's NTP server to configure two-factor authentication. The users can easily enable it for their IDs by scanning the QR code using any authenticator app or mobile device.

I advise others to use BeyondTrust if they have an existing PAM solution. It will help them with seamless access to privileged accounts and credentials. I rate the solution a seven out of ten.

The primary use case is for customers who are aware of RDP, remote desktop insecurity, and want to resolve this by deploying BeyondTrust Remote Access. There are so many features built into the system, and both cloud and on-premises deployment are offered. 

This product is very stable and scalable. This is an excellent platform. 

I can't think of any specific improvements because the product is already so rich. 

This solution is very stable. 

It's very scalable—horizontal, vertical, you name it. 

This product is backed up by excellent, very knowledgeable support. 

The company guarantees the best ROI, provided you take advantage of all the features. If you're buying a product, though, you shouldn't use only the basic function features anyway—use the advanced features. So the ROI is almost guaranteed when you invest in this product, but you need to find the right partner for deployment. You need a partner who will show you all the features you can take advantage of so that you benefit from the ROI, otherwise you're wasting it and you might as well buy something cheaper and more basic. 

The price is pretty expensive, but you get what you pay for and this is a great product. 

This product is the de facto standard, based on function features, installation, and customer base. There is a reason why so many well-known companies use it. 

I rate BeyondTrust Privileged Remote Access a nine out of ten, just because there's no such thing as a perfect product. 

I have a hundred different use cases. They're all different because every customer is different. One of the top use cases is where a third-party vendor needs to internally access one of the servers or applications. 

Its security, simplicity, and ease of deployment and maintenance are the most valuable. It is FIPS compliant, so it goes through severe penetration testing every one year or two years. They have to maintain this compliance. It is very safe.

Customers have been using it in the last eight years because of the simplicity of getting it deployed quickly. Most of the people using the solution had been hacked already, so they needed it quickly. As compared to the other solutions in the market, it can be turned on in production very quickly. You don't really need to have a server. It can be deployed very rapidly on VMware or Hyper-V, and you don't need to do an installation. It is a kind of an all-included package that you just deploy in a VM environment. It is basically a VM that is specifically built for a customer. The way the PRA data solutions work is that you need to build them for each customer because of being hard-coded with their SSL certificate, their web page name, and all that.

It would be very nice if it has an enterprise vault. Currently, it can interact with Password Safe, which is a separate solution and equivalent to Thycotic Secret Server. Instead of having Password Safe as a separate entity, they should combine it with BeyondTrust Privileged Remote Access. They have done it in some way, but it is not an enterprise tech solution.

I have been using this solution for eight years.

It is very stable. In eight years, I've never seen a bug.

Our clients are large businesses. 

I used to work there. I know this stuff by heart, so I don't need to call them. 

It is easy to set up. The complex part is to explain all the beneficial features and functionality to the customer because it can pretty much do everything. Discussing the environment and use cases is where you spend most of the time before you do the deployment.

Its deployment can be done very quickly. It can be deployed within 24 hours, which is useful if there is any hacking or breach. After that, you can add more complexity to it and configure it for a use case.

I would rate BeyondTrust Privileged Remote Access a nine out of ten.

We use this solution to provide remote authentication for a support system that we are providing. We have a data center with many different products that are based on Windows, Linux, and hardware appliances.

There are many different ways to configure this solution in order to provide what we need. Depending on the kind of system that we're supporting, we can directly access the server, and application, or even a web page.

The most valuable feature is that this solution can be implemented regardless of the operating system. It can be used with Microsoft, Linux, Unix, and Cisco, and we can use the same product to access every different service.

This solution is simple to use.

Changing your password should be simplified, and there should not be a charge for it. For every server that we are supporting, we have an administrator password to log in. This is for remote access and remote support, and we do not like to give this password to the local support people. I would like to be able to assign a dedicated password that can be used only for one day. There are other products that can do this.

We built this system with redundancy and we have never had a crash or any other problem with it.

We deal with a person from the vendor to handle our maintenance, and we never have to contact technical support directly. We are very happy with the support.

This initial setup of this solution is straightforward.

It is not very easy to implement because there are so many types of servers. It depends on the knowledge of the person. However, if it is properly defined then it is very simple to use.

The length of time for deployment depends on the implementation. If everything is known then it can take one to two hours. In other cases, it can take a week or two.

I would rate this solution a nine out of ten.