Try our new research platform with insights from 80,000+ expert users

BeyondTrust Password Safe vs Symantec Privileged Access Manager comparison

BeyondTrust and Broadcom are both solutions in the Privileged Access Management (PAM) category. BeyondTrust is ranked #9 with an average rating of 8.9, while Broadcom is ranked #16 with an average rating of 8.5. BeyondTrust holds a 3.4% mindshare in PAM, compared to Broadcom’s 1.4% mindshare. Additionally, 84% of BeyondTrust users are willing to recommend the solution, compared to 85% of Broadcom users who would recommend it.
BeyondTrust Password Safe
Read 26 BeyondTrust Password Safe reviews
  • 2,364 Views
  • 1,087 Comparison Views
84% willing to recommend
Symantec Privileged Access ...
Read 53 Symantec Privileged Access Manager reviews
  • 909 Views
  • 682 Comparison Views
85% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 6, 2024

BeyondTrust Password Safe and Symantec Privileged Access Manager compete in the privileged access security category. While BeyondTrust is noted for its support and cost-effectiveness, Symantec is viewed as offering superior features, which many users find justifies its higher price point.

Features: BeyondTrust Password Safe is recognized for its comprehensive auditing, session management capabilities, and efficiency in quickly realizing ROI. Symantec Privileged Access Manager distinguishes itself with scalability, integration options, and advanced threat detection, making it a preferred choice for highly secure environments.

Room for Improvement: BeyondTrust users suggest enhancements for a more intuitive reporting system, improved third-party cloud integrations, and advanced analytics. Symantec users seek a simpler update process, better customization options, and increased efficiency in updates.

Ease of Deployment and Customer Service: BeyondTrust Password Safe is favored for its straightforward deployment and responsive customer service. Symantec Privileged Access Manager, despite offering extensive documentation, involves more complex deployment steps, though it is backed by highly rated technical support.

Pricing and ROI: BeyondTrust Password Safe is considered cost-effective with lower initial setup costs and quicker ROI. Symantec Privileged Access Manager, although starting with a higher setup cost, is seen as providing substantial ROI over time through its advanced features, justifying the investment.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed BeyondTrust Password Safe vs. Symantec Privileged Access Manager Report (Updated: September 2025).
Buyer's Guide
BeyondTrust Password Safe vs. Symantec Privileged Access Manager
September 2025
Download the complete report
Helped 869,202 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

BeyondTrust Password Safe
Ranking in Privileged Access Management (PAM)
9th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
26
Ranking in other categories
Enterprise Password Managers (7th)
Symantec Privileged Access ...
Ranking in Privileged Access Management (PAM)
16th
Average Rating
7.8
Reviews Sentiment
7.0
Number of Reviews
53
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of October 2025, in the Privileged Access Management (PAM) category, the mindshare of BeyondTrust Password Safe is 3.4%, up from 2.7% compared to the previous year. The mindshare of Symantec Privileged Access Manager is 1.4%, down from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Privileged Access Management (PAM) Market Share Distribution
ProductMarket Share (%)
BeyondTrust Password Safe3.4%
Symantec Privileged Access Manager1.4%
Other95.2%
Privileged Access Management (PAM)
 

Featured Reviews

IshtiaqKhalil - PeerSpot reviewer
Extensive experience with session management and quick technical support boost confidence
While generally a strong product, BeyondTrust Password Safe has a few areas that could use some polish. From an administrator's viewpoint, we sometimes see keystroke capturing fail. More significantly, RDP sessions occasionally disconnect without any error messages on the client side. This leaves us administrators in the dark, unable to identify the cause of the problem
Read full review
Muzi Lubisi - PeerSpot reviewer
Secure management of sensitive servers and seamless applications with direct linking
The credential injection feature is highly valued, particularly for RDP sessions. A majority of customers use it for RDP, and a couple for Linux servers. The broader capabilities, including access to multiple systems, web-based applications, and clustering, have never posed an issue. The threat analytics aspect is also a robust feature that analyzes all pertinent information.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The best aspect of the product is the ability to onboard devices. You can scan the IP subnets and onboard all the devices. You can then segregate them if it's a network device or a firewall. If it's a Windows server or a UNIX, you can basically scan your IT infrastructure and onboard the efforts, which should be managed. Once they have been onboarded, then the session management and password management are easy and nicely configurable."
"BeyondTrust Password Safe is a good PAM tool."
"Session recording, password rotation, and password vaulting are the most valuable features."
"I like the session recording feature. I also like the analytics and reports. You can pull up a report, and the UI is fantastic. The system is recording when nobody's there, so we have a record of what's happening."
"The actual innovations offered by the vendor stand out to me. They are quick to respond to market demands and the changing environment of privileged access management."
"The most valuable feature is the architecture capabilities, which allow designated server components for high availability and failover. It works well with identity and access management solutions, allowing users to be automatically onboarded and offboarded. The account mapping feature makes rollout seamless. The session monitoring capabilities are excellent, with keystroke and graphical monitoring. This enhanced our security posture by providing detailed accounts of user actions. It helped us pass our SOX audits."
"The time-saving benefits come from no longer having to remember multiple device passwords."
"Screen recording is valuable, and integration with applications is easy. We can customize whatever we want. We did a lot of application integration using scripting."
More BeyondTrust Password Safe pros
"Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated."
"The system is very stable."
"It is simple to implement and is suitable for medium to large-scale enterprises."
"We can enforce complicated password policies and very important frequent password changes."
"It gives you list of servers, so you can see which users have access to which servers. This is really useful, so we can make sure nobody is getting extra access than what is needed."
"The interface is very friendly, colorful, and bold."
"It's easy to use and easy to configure."
"The product is very scalable in terms of concurrent sessions that it can handle at a time, number of device it can support, accounts that it can manage, or number of nodes that you can deploy in a cluster."
More Symantec Privileged Access Manager pros
 

Cons

"Documentation is the primary area of improvement."
"We weren't aware that the Password Safe virtual appliance runs on a Windows server. As part of our monthly patching process, we ran into an issue. BeyondTrust Password Safe wasn't compatible with the patching we used to put on our server."
"The only feature they could improve is the banners because they aren't informative. For example, if something is not correct and I open the error notification, the dialogue box simply says, "This is an error." It would be great if they could provide some valuable comments about how to fix the errors."
"The effectiveness of BeyondTrust Password Safe's session management capabilities for SSH and RDP is pretty much robust, but it needs more improvement for other applications and web-based applications."
"The only improvement I could suggest would be standardizing documentation, but that's more the responsibility of the implementing engineer rather than BeyondTrust Password Trust itself. The documentation must be specific and narrow for implementation, not just broad guidelines."
"The pricing is not cheap, but it could be better."
"Named accounts don't work well in this solution. If you use named accounts for your administrative access, the way Smart Rules work is that it takes your SAM account name and matches it to the account name of your privileged ID, which creates limitations on size and how big those names can be because the directory has a 20-character limit."
"We don't have much control over the appliance. When anything happens in the backend, we have to depend on the support team. We need to raise a case so that they can update the appliance. If we have control over it, we would be able to troubleshoot easily."
More BeyondTrust Password Safe cons
"I’m no fan of Java as an application front-end, as it tends to have issues depending on what browser one’s using."
"The response time for support could be faster. Some features should be added: cloud-based, VPN-less, more secure, and it should be adjusted in a hybrid environment."
"The support for other remote assistance tools would be excellent. Free included tools in Windows (Remote Assist) and Microsoft SCCM Configuration Manager (ConMgr Remote Control) allow companies to reduce the amount of RDP connections and expand the usage of the tools are frequently used by companies to provide technical support for remote assistance."
"The setup is complex."
"We experience stability issues after every patch upgrade. This is a place where CA needs to improve drastically."
"Technical support was good when CA handled it. After Broadcom took over, it's not as good."
"They need to have zero tier and active-active setup ​with zero minimum downtime, which they are working on it. ​"
"Broadcom has neglected product development since acquiring Symantec, and nothing major has been added to PAM."
More Symantec Privileged Access Manager cons
 

Pricing and Cost Advice

"When you buy Password Safe and perform your initial Discovery, you have all these servers that are added to your assets in BeyondTrust, but you're not using a license until you actually start managing the systems. BeyondTrust's licensing is based on the systems when they're managed, which means when an administrator is able to connect to the server through BeyondTrust with a managed account. There would be a privileged account on the endpoint when the licensing starts. A significant advantage to that is that there are many organizations that want to evaluate their environment prior to automatic management."
"At the time, BeyondTrust was significantly cheaper than CyberArk. Pricing-wise, if I remember correctly, it goes by assets. The pricing was negotiated for our instances based on the number of assets that we onboard into the system. It is a little different from CyberArk, where the pricing is by users. So, it depends. If you have a lot of assets, it can get very expensive."
"It has subscription-based licensing. BeyondTrust is three times less expensive than CyberArk."
"This solution is not cheap—it's a very expensive solution. Very, very expensive compared to the features and functions that they offer."
"We just pay for Password Safe. Session management is included, but we don't use it. There aren't any additional costs besides the standard licensing fees. We pay for an annual license."
"The pricing of BeyondTrust is very good as compared to other products. That was the main reason we decided to go with BeyondTrust at first."
"I would rate the pricing a seven out of ten, where one is cheap and ten is expensive."
"The pricing structure is better than the competitors. It's much cheaper than CyberArk. They do the licensing on the basis of assets, not on the number of users. For CyberArk, they base the licensing on the number of users, and they have an expensive model of pricing. BeyondTrust has a cheaper model."
More BeyondTrust Password Safe pricing and cost advice
"The version we are using is affordable compared to BeyondTrust, which is maybe three to four times as expensive, but it depends on the features."
"Cost-wise, CA was better compared to others in the market. ​"
"I would prefer better licensing options for the 20-100 users we have at a given time."
"It is more expensive than other solutions on the market."
"Appliances are relatively cheap, don’t skimp. Make sure you have redundancy, high availability, and enough appliances to manage the concurrent workload."
"Pricing is fair compared to other top vendors."
"Don’t go with an agent model. Don’t go with a model that has you buying a thousand different parts. Go with PAM that gives you everything, or you’ll just be paying costs of implementing another tool that PAM would have just given you up front."
"They offer per-device, per-user, or monthly and yearly licensing models."
More Symantec Privileged Access Manager pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Privileged Access Management (PAM) solutions are best for your needs.
See recommendations
869,202 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
13%
Manufacturing Company
8%
Healthcare Company
6%
Comms Service Provider
16%
Computer Software Company
15%
Government
11%
Financial Services Firm
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise5
Large Enterprise10
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise6
Large Enterprise30
 

Questions from the Community

What is your experience regarding pricing and costs for BeyondTrust Password Safe?
My experience with BeyondTrust Password Safe's pricing, setup cost, and licensing has been positive, primarily due to its asset-based licensing model. This is a significant advantage for us because...
See all answers
What needs improvement with BeyondTrust Password Safe?
We do not utilize the dynamic privilege elevation and delegation feature yet, because the customer is not planning to use this feature. They want to control the manner of user creation processes in...
See all answers
What is your primary use case for BeyondTrust Password Safe?
Currently, we have one customer using BeyondTrust Password Safe. BeyondTrust Password Safe is usually used for two things: compliance and audit.
See all answers
What is your experience regarding pricing and costs for Symantec Privileged Access Manager?
Due to the nature of the solution, it is hard to gauge, but compared to competitors, the pricing is very good. I would rate it as an eight and a half out of ten.
See all answers
What needs improvement with Symantec Privileged Access Manager?
Recent releases need improvement in webpage management. For instance, navigating through a webpage that acts like a wizard, where I proceed to the next page and enter more information, is not handl...
See all answers
What is your primary use case for Symantec Privileged Access Manager?
With the customers that I have so far, I help them broker RDP sessions to sensitive servers, particularly those that manage aspects like physical access. I have also done it for backend databases, ...
See all answers
 

Comparisons

CyberArk Privileged Access Manager vs BeyondTrust Password Safe Logo
CyberArk Privileged Access Manager vs BeyondTrust Password Safe
Compared 16% of the time
Delinea Secret Server vs BeyondTrust Password Safe Logo
Delinea Secret Server vs BeyondTrust Password Safe
Compared 13% of the time
BeyondTrust Privileged Remote Access vs BeyondTrust Password Safe Logo
BeyondTrust Privileged Remote Access vs BeyondTrust Password Safe
Compared 10% of the time
Azure Key Vault vs BeyondTrust Password Safe Logo
Azure Key Vault vs BeyondTrust Password Safe
Compared 8% of the time
HashiCorp Vault vs BeyondTrust Password Safe Logo
HashiCorp Vault vs BeyondTrust Password Safe
Compared 7% of the time
More BeyondTrust Password Safe Competitors
Cisco Identity Services Engine (ISE) vs Symantec Privileged Access Manager Logo
Cisco Identity Services Engine (ISE) vs Symantec Privileged Access Manager
Compared 29% of the time
CyberArk Privileged Access Manager vs Symantec Privileged Access Manager Logo
CyberArk Privileged Access Manager vs Symantec Privileged Access Manager
Compared 27% of the time
ARCON Privileged Access Management vs Symantec Privileged Access Manager Logo
ARCON Privileged Access Management vs Symantec Privileged Access Manager
Compared 17% of the time
BeyondTrust Endpoint Privilege Management vs Symantec Privileged Access Manager Logo
BeyondTrust Endpoint Privilege Management vs Symantec Privileged Access Manager
Compared 14% of the time
Delinea Secret Server vs Symantec Privileged Access Manager Logo
Delinea Secret Server vs Symantec Privileged Access Manager
Compared 12% of the time
More Symantec Privileged Access Manager Competitors
 

Product Reports

Buyer's Guide
BeyondTrust Password Safe
October 2025
BeyondTrust Password Safe reportDownload BeyondTrust Password Safe product report
Buyer's Guide
Symantec Privileged Access Manager
September 2025
Symantec Privileged Access Manager reportDownload Symantec Privileged Access Manager product report
 

Also Known As

BeyondTrust PowerBroker Password Safe
CA PAM, Xceedium Xsuite, CA Privileged Access Manager
 

Overview

Beyond Trust Password Safe is an automated solution that combines password and privileged session management into a single platform. Password Safe delivers secure access control, auditing, alerting, recording, and monitoring.

This free and open-source password manager supports Windows and Linux, and some ports are available for other platforms as well. Their proprietary algorithm, Twofish, is considered highly secure, with the advantage that it is not affiliated with NIST. The Twofish algorithm secures the data while keys are delivered using SHA-256 authentication.

The application is easy to use, and you can download the Windows app from several sites. Additionally, the application is available in 14 languages.

Beyond Trust Password Safe Key Features

  • Continuous automated account discovery: Scan, identify and profile assets with the discovery engine. The solution has dynamic categorization that enables the automated onboarding of assets into groups.

  • Application-to-application password management: Password Safe offers an adaptable API interface including an unlimited number of password caches, therefore providing scalability and redundancy.

  • Secure SSH key management: The system automatically rotates SSH keys to enforce granular access control and workflow. Private keys securely log users onto systems without exposing them.

  • Adaptive access control: Evaluates context and provides access requests by considering factors such as time of access and location to determine the user’s authorization level.

  • Enhanced privileged session management: Admins can record, lock, and document suspicious behavior without disrupting productivity by managing sessions live.

  • Advanced privileged threat analytics: Password Safe monitors assets and user behavior every day, analyzing what are normal patterns and detecting deviations.

  • Multi-factor authentication: Password Safe supports 2FA (two-factor authentication) using Yubikey 4, Nano, or Neo.

What can you do with Password Safe?

  • Cross-device and cross-platform syncing: You can safely store encrypted password files online, where you can access them via Password Safe-compatible apps.

  • Drag and drop password: Password Safe has a “Dragbar,” which you can use to complete forms by dragging and dropping icons over the form - for example, passwords, usernames, design tiles, and emails.

  • Autotype: With Password Safe, when you click on a web page or login box, the autotype feature will try to fill in your credentials automatically for you.

  • Import and export: You can import passwords from text, XML, or CSV fails. You can also export passwords in text, XML, and the PSAFE format.

  • Password generator: Generate secure passwords by using the algorithm. You can also define your password rules.

Beyond Trust Password Safe Benefits

  • Controls third-party access: Password Safe secures the connection and automatically checks privileged credentials. The solution records all sessions.

  • Uses context to determine access: Password Safe considers risk factors like location, day, or time of access and uses them to adjust the permissions and privileges of each user.

  • Manages access for privileged and non-privileged accounts: By integrating with SailPoint IdentityIQ, Password Safe effectively manages user access for privileged as well as non-privileged accounts.

  • Reduces cloud risk: Password Safe simplifies secure storage and session management. It supports major cloud providers such as Azure, Amazon, Google, Rackspace, and GoGrid. It also supports social networks - Facebook, LinkedIn, and Twitter.

  • Integrates password and privilege management: Integrates with Endpoint Privilege Management to control the resources users can access and the actions they are allowed to take

Reviews from Real Users

A PAM Architect at a tech services company says, "BeyondTrust Password Safe's features that I have found most valuable are really those that are knitted in. That is their Smart Rules and Smart Groups, where you design your administration model so you create your AD groups and your asset groups, and configure Password Safe."

An I.S. Architect at a insurance company mentions that "Session recording, password rotation, and password vaulting are the most valuable features."

    "One of the most valuable features is that this is a product designed with enterprises in mind," adds a Cybersecurity Architect at a tech vendor.

        BeyondTrust

        CA Privileged Access Manager is a simple-to-deploy, automated, proven solution for privileged access management in physical, virtual and cloud environments. It enhances security by protecting sensitive administrative credentials such as root and administrator passwords, controlling privileged user access, proactively enforcing policies and monitoring and recording privileged user activity across all IT resources.  It includes CA PAM Server Control (previously CA Privileged Identity Manager) for fine-grained protection of critical servers

        Broadcom
         

        Sample Customers

        Aera Energy LLC, Care New England, James Madison University
        NEOVERA, Telesis, eSoft
        Buyer's Guide
        BeyondTrust Password Safe vs. Symantec Privileged Access Manager
        September 2025
        Free Report: BeyondTrust Password Safe vs. Symantec Privileged Access Manager
        Find out what your peers are saying about BeyondTrust Password Safe vs. Symantec Privileged Access Manager and other solutions. Updated: September 2025.
        DOWNLOAD NOW
        869,202 professionals have used our research since 2012.
        See our BeyondTrust Password Safe vs. Symantec Privileged Access Manager report.
        See our list of best Privileged Access Management (PAM) vendors.

        We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.