What is your primary use case for BeyondTrust Endpoint Privilege Management?

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
  • 0
  • 722
PeerSpot user
17 Answers
Relationship Manager at Snapnet Ltd
Top 5
Sep 4, 2023

BeyondTrust Endpoint Privilege Management helps with activity monitoring.

Search for a product comparison
Pradeep Swain - PeerSpot reviewer
Information Technology System Analyst at a tech services company with 1,001-5,000 employees
Real User
Top 10
Jun 9, 2023

We use it primarily for Jamf Pro. Most of our users who use Jamf Pro are on Mac. We work on artificial intelligence and machine learning, specifically for the military and healthcare sectors. We have developers and many DevOps professionals who use MacBooks. We manage Jamf Connect and Jamf Pro, and since developers need admin access on their MacBooks to execute code and perform coding tasks, we can't give full admin access to everyone in the company. We use EPM (Endpoint Privilege Management) as the agent, which communicates with the server and is deployed on the machines. The agent follows specific rules defined on the server. Users on Mac can only use these 100 specified commands. Anything beyond those commands won't work. We provide limited privileges, such as changing Wi-Fi or network settings, but users cannot create admin accounts on the machine. However, as an administrator, I can create admin accounts using EPM. But we have restricted that option in APM (Application Privilege Management). If you have admin access, you can create an admin account, but it will automatically be downgraded to a standard account. These are the situations we have implemented using EPM.

Lakshmi Prasada Reddy Nandyala - PeerSpot reviewer
Senior Consultant at Techdemocracy LLC
Real User
Top 5Leaderboard
Mar 15, 2023

There are three components for BeyondTrust. Password Safe is where we privilege the accounts like server accounts, domain accounts, local accounts, or custom third-party applications. We use the application to monitor and fix the recordings of third-party applications. You can also use it for Cisco integrations and multi-factor authentication.

Marlin B Pohlman - PeerSpot reviewer
Consultant at Visdom
Top 20
Oct 24, 2022

We deploy it for customers as part of ISO 27001, 27701, and HITRUST. We do managed QMS. We go into a customer that is specifically under a GDPR or HIPAA mandate where they use HITRUST to implement it, and we act as their PRRC (person responsible for regulatory compliance). We do the hands-on configuration if they are not in compliance. We have two customers who use Privileged Management Broker 2.23 and Cloud Privilege Broker 21.3. The PM is a hybrid deployment and CPB is on public cloud in Amazon. The use cases are all in regulated environments that have GDPR and HIPAA medical data. That includes third-party host transfer of credentials and entitlement across multi-cloud infrastructure. The latter is specifically in a medical environment where multiple clinics are acting under a single medical provider. Or it's a GDPR situation where we act as a PRRC for a company that is highly regulated in GDPR with a multi-country presence.

Akash Jogbond - PeerSpot reviewer
Team Lead at Foresight Software Solutions
Real User
Top 5
Apr 11, 2022

There are three use cases that you can target. The first use case is the fact that some of your users may need admin rights for launching custom applications, such as Visual Studio, or they may want to install something on their machine on their own, or they may want to start, stop some services, change maybe system font, if the need arises, or install a custom font or change the driver, update the driver. Also, instead of giving full blanket admin rights, we can give selective admin rights using EPM in order to protect the company and the infrastructure from abuse. This is the first major use case. The second use case is where we implement application blacklisting and whitelisting. If I don't want Adobe applications to run within my company, I can create a policy around that. Or, for example, if I have Adobe licenses, and those are only valid for version two to version three. Anything below two, I don't own and anything above three, I am not allowed to upgrade. Therefore, whitelisting based on version control also can be implemented. The third use case, which not popular in my region, is where cyberattacks can be mitigated or zero-day attacks can be mitigated, by making sure we whitelist only the browser and only Outlook. If the browser tries to invoke a script or if Outlook launches say Excel or PDF as an attachment, and from there, if a script tries to launch, we will be able to block it. Therefore, making sure that the entry point of the malware itself is blocked is possible. That said, having said that, it has zero intelligence in checking whether the script is legitimate or bad. It's going to block everything. It blocks all and later you can enable it, if the need arises.

Sr. Manager Cyber Security at a manufacturing company with 10,001+ employees
Real User
Top 20
Jan 31, 2022

Its use cases are mostly around all the 65,000 endpoints. The use cases are mostly for privileged access and the application control across all endpoints throughout the organization to make sure we have the least privilege model with zero-trust enabled at the endpoints. We started with on-prem, but now, we've moved to the SaaS cloud.

Learn what your peers think about BeyondTrust Endpoint Privilege Management. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
735,432 professionals have used our research since 2012.
Windows Enterprise Engineer at a comms service provider with 1,001-5,000 employees
Real User
Jul 1, 2021

The primary reason for BeyondTrust was so that one administrator could use their password to log on to our server. The second reason was, we needed to use BeyondTrust to form some level of sharing. It's my understanding that Microsoft has this and we have this challenge of having a tier one and tier two. We wanted to do a structure like that.

PAM Architect at a tech services company with 11-50 employees
Top 5Leaderboard
Jan 29, 2021

We are an integrator, and we do a lot of Identity and Access Management and Privileged Identity. I am only just getting into this solution. I am not trained in it, but I've been reading about it. I have recommended it for a client based on their requirements and based on what I know about CyberArk versus a couple of others. I have not implemented it yet. I have the agent running on the system where I am actually profiled. I have its latest version. In terms of use case, it primarily has two things, and you can choose whatever you want in the middle. One side is that you can use it to allow the user to have specific administrative rights and do certain things without having to call the help desk. For example, you can allow users to be able to install certain applications. You can also have a whitelist or a blacklist of things that they are allowed to install, which saves a boatload of money in calling the help desk. The other side is to rein in administrators so that they don't go too far or do something outside of the bounds. The help desk personnel would have different restrictions when they log into a workstation than regular users.

General Manager, Head of Information Security at a tech services company with 51-200 employees
Nov 5, 2020

We primarily offer this solution to our clients. Our clients use it for access. For example, if there is a user who is not from their existing network and he's a contractor, they have to be able to give him the privilege to come inside, otherwise, that person can't access anything internally like a regular end user can. This solution allows them to offer separate privileged user access for specific users.

Team Lead, Network Infrastructure Business at a tech services company with 51-200 employees
Jan 29, 2020

We are a technical services company and this is one of the solutions that we provide for our clients. It is used to manage privileged access for our customers and their server resources. One of our customers had administrators that shared credentials to access some of their enterprise applications. We needed to remove those credentials because they were compromised at some point, leaving other people to access them and the organization was not able to keep track of who was logging in, or what they were doing at any particular point in time. Implementing this solution has allowed us to remove most of the credentials from those applications move them into a proper management facility.

Team Lead, Network Infrastructure Business at a tech services company with 51-200 employees
Jan 27, 2020

At one point, our users shared credentials to access some enterprise applications within our environment. We had to take off user credentials because those credentials were getting compromised at one point. We also had trouble keeping track of who logged in or when people were doing work at any given period of time. With this solution, we're able to log the credentials from those applications and then move it into the facility for proper credential management.

Consultant- Information Security at a tech services company with 11-50 employees
Jan 12, 2020

Our primary use case of this solution is data access management. When you have a complex infrastructure you obviously need a solution that can monitor the activities that are going on in the infrastructure. The usernames, passwords, and activities have to be monitored, and this program helps you with that. So it is nothing but a monitoring and security tool that will monitor all the infrastructure activities and help you to manage the passwords of the infrastructure so that the passwords are not being exposed to the third parties or your users. These passwords will be secure in your infrastructure and be rotated as part of the compliance policies.

VP Cyber Risk at a tech services company with 501-1,000 employees
Real User
Dec 4, 2019

In terms of meeting compliance objectives of securing endpoints, this product is very useful. It works for things like ISO, PCI, DSS, and the CIA. BeyondTrust meets all of the technical requirements from the compliance perspective. The vault, remote access management, and VP enlisted VPNs will become very useful in terms of being able to manage and maintain infrastructure security without having the complexities of changing passwords all of the time. It also helps to maintain all of the compliance objectives with password complexity changes. All of those things get managed under one product tree.

Technical Manager at Gulf IT
Top 5Leaderboard
Nov 6, 2019

The primary use case for BeyondTrust is for when one needs to control the administrative accesses on their critical assets, whether that be Windows, Linux, or UNIX servers, databases, and application servers.

Security Engineer at Dig8Labs
Real User
Aug 16, 2018

There are multiple use cases for this solution. There is the auto-discovery option for PowerBroker Password Safe, which can discover all the local accounts on any of Windows, Linux, or Unix. It can work with Active Directory and onboard Active Directory accounts automatically, if the correct credentials have been provided for AD. When it comes to databases, it also governs and controls all of them. It can integrate with Oracle Database, SQL, Oracle Linux, or other database environments.

Senior Technical Consultant at a tech services company with 1,001-5,000 employees
Real User
Aug 9, 2018

We use it for the password management (of privileged password management).

Security Staff Engineer at a tech vendor with 1,001-5,000 employees
Real User
Jun 24, 2018

We use it to limit user privileges.

Related Questions
Senior Finance Manager at AmerisourceBergen
Sep 30, 2023
Hi community, I do not think this is an apples-to-apples comparison and am not finding much information about it.   I work as a Senior Finance Manager at a Healthcare company. I am being asked to provide a comparison document for these 2 products (BeyondTrust Endpoint Privilege Management and Microsoft Defender) which is difficult because they are such different solutions.   Can anyone help?...
See 1 answer
Content Editor at PeerSpot
Sep 30, 2023
BeyondTrust Endpoint Privilege Management (EPM) and Microsoft Defender are very different products, as BeyondTrust EPM is a Privileged Access Management (PAM) solution. On the other hand, Microsoft Defender is an Endpoint Security solution. PAM solutions help organizations manage and control privileged accounts, which have elevated permissions on systems and networks. This could help reduce the risk of unauthorized access and data breaches. Endpoint Security solutions help organizations protect endpoints from malware, ransomware, and other cyberattacks. They typically include antivirus, antimalware, intrusion detection, and vulnerability management features. BeyondTrust Endpoint Privilege Management Purpose Centralized Privilege Management for Windows, Mac, Unix and Linux Key features Privileged Access Management (PAM) Privileged Session Management Remote Access Management Privileged Password Management Advantages Comprehensive Has strong security features Reportedly easy to use as well as manage Disadvantages Can be expensive, as reported by others Setting it up, including managing, may require technical expertise Microsoft Defender Purpose Unified Endpoint Security platform Key features Antivirus Antimalware Firewall Intrusion Detection and Prevention Endpoint Detection and Response (EDR) Advantages Some find it affordable They say using and managing it is easy Tight integration with Microsoft products Disadvantages May not be as comprehensive as some other PAM solutions Reportedly lacks some advanced features, such as Privileged Session Management and Remote Access Management Others report that BeyondTrust Endpoint Privilege Management is more comprehensive than Microsoft Defender, as it offers a broader range of features, which includes Remote Access Management and Privileged Session Management. Others say Microsoft Defender is a more affordable and easy-to-use solution than BeyondTrust Endpoint Privilege Management.
Copywriter at Gb Advisors
Jul 8, 2021
Hi I am researching Privilege Access Management solutions. I'd like to know if BeyondTrust is considered expensive in comparison to similar solutions?  Any additional feedback? Thanks!
2 out of 3 answers
Cloud Specialist at a tech services company with 1-10 employees
Oct 27, 2020
It depends on a lot of things.  We are currently doing a comparison and it depends on our growth scenario which solution will be more expensive. (Compared to CyberArk). So I don't think that it is more expensive than similar solutions. 
AsifIqbal - PeerSpot reviewer
Chief Information Security Officer at a financial services firm with 1,001-5,000 employees
Jul 8, 2021
It is not much expensive as compared with other leading solutions, much easier to deploy and manage. All about what architecture you selected to use and then depends upon a number of other factors. 
Related Articles
Content Manager at PeerSpot (formerly IT Central Station)
Apr 18, 2022
Top 5 Privileged Access Management (PAM) Tools PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews ...
Related Articles
Content Manager at PeerSpot (formerly IT Central Station)
Apr 18, 2022
Top 5 Privileged Access Management (PAM) Tools 2022
Top 5 Privileged Access Management (PAM) Tools PeerSpot’s crowdsourced user review platform help...
Download Free Report
Download our free BeyondTrust Endpoint Privilege Management Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
735,432 professionals have used our research since 2012.