What is our primary use case?
The use case was to integrate BeyondTrust with the organization and onboard servers and accounts. We created Smart Rules and used other features for automatic onboarding and integrating BeyondTrust with various components in the organization, such as SNMP, SIEM, and AD.
How has it helped my organization?
It reduces risks. Beyond Password Safe manages all privileged credentials. It takes care of the automatic rotation and connection to the target servers. It reduces a lot of risks of cyber attacks, malware, and ransomware.
It is very important to us that Password Safe provides integrated password and session management in one solution.
Its customization features help us to manage most assets, databases, and applications. With the plugins and customization features, we can connect to databases. We can also connect to Windows and Linux. When I worked with it in 2018, we also had to use one of the plugins to connect to a mainframe. It supports a lot of different platform connections.
The Direct Connect feature allows us to use existing tools such as MobaXterm, PuTTY, or SecureCRT. There is a feature that power users can use to connect to the log server every day. This way, they don't have to go through the web portal. They can just connect to their target server by using MobaXterm, PuTTY, or SecureCRT.
What is most valuable?
Smart Rules is a nice feature in BeyondTrust. It is a unique feature that BeyondTrust has as compared to other vendors such as CyberArk. With Smart Rules, you can do automatic onboarding of accounts. There are a lot of options and features. For example, you can do onboarding based on different AD attributes. It is a nice feature in BeyondTrust that some of the other PAM vendors don't have. With other vendors, we have to create our own scripts, whereas, with BeyondTrust, we can just use the in-built Smart Rules.
In terms of the intuitiveness of the user interface, I find it to be pretty good as compared to the other products. It is user-friendly, and in terms of the looks and feel, it is one of the better ones.
What needs improvement?
I find it a little bit confusing because you have the management console, and then within the management console, you have access to different admin consoles. There are probably two or three different ones. I wish they would place all those different types of consoles into one main one so that we don't have to access two or three different consoles to do the work.
When we deploy BeyondTrust, we have to deploy our own database on a SQL server. It doesn't deploy the database. I wish BeyondTrust packages the whole solution in one and includes the MySQL database so that when you deploy it, it deploys everything for you. BeyondTrust gives you the software, but you are in charge of setting up your own database. It is a single appliance just for the BeyondTrust portion but not the database. Unless that has changed in later releases, you have to set up your own database for BeyondTrust Password Safe. I find that part complex because we then need the expertise and help of the database team to set it up, which also increases the deployment time. If they can deploy the database, it will reduce the deployment time.
Their documentation is not very detailed and thorough. In case of any issues, a lot of times, we have to go through their professional service. They need to update their documentation and create a good knowledge base for us so that when we run into problems, we can go there and search for common issues or problems.
For how long have I used the solution?
I have been working with this solution for about three years. I have used it on and off depending on the companies I worked for.
What do I think about the stability of the solution?
It is average because we did have issues with some parts of the solution.
What do I think about the scalability of the solution?
Its scalability is good. It is very scalable. We didn't have too many users because we switched over to CyberArk after two years, but the plan was for 500 end users.
We don't have plans to increase its usage because we switched over to Cyborg earlier this year.
How are customer service and support?
Their documentation is not very detailed. A lot of time, we have to go through their professional service. We do get really good people, but they should provide more and better documentation and knowledge base so that we can solve a lot of issues on our own instead of going through their professional service.
Their professional service or technical support is very good. When we opened a case, sometimes, they answered within a day, and sometimes, it took five days before someone answered the ticket, but when we do get someone, in general, I found most of them to be very good. I would rate them an eight out of ten.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We didn't use any other solution before BeyondTrust, but we recently switched over to CyberArk.
How was the initial setup?
The process of migrating end users to Password Safe varies from organization to organization, but overall, if you have all the proper workflows, it isn't difficult. With PAM, half of the work is related to processes and policies, and the other half is related to technology. In terms of the technology, I found it to be pretty straightforward, but you need to have all the policies defined in advance.
It wasn't too difficult for us to integrate Session Management into existing business processes. You have to provide the connection strings. The difficulty level was average.
What about the implementation team?
I was the integrator for one of the projects. As a part of their purchase, they also got a certain amount of hours of professional services from BeyondTrust.
We had a team of about five people for its deployment and maintenance. There were two DevOps and two BeyondTrust admins.
What was our ROI?
We didn't see a return on our investment.
What's my experience with pricing, setup cost, and licensing?
The pricing of BeyondTrust is very good as compared to other products. That was the main reason we decided to go with BeyondTrust at first.
Which other solutions did I evaluate?
I wasn't involved in its procurement. They had to go through their due diligence. They probably had four PAM vendors, and they went through their procurement process.
What other advice do I have?
Functionality-wise, it works. Everything works well, especially with using Smart Rules. There is a big learning curve to deploying and maintaining it because when you buy this solution, it doesn't come with a Password Safe database. You have to deploy that yourself. If they can package a database with Password Safe, it would be better and more user-friendly. It will cut down the deployment time. They should also improve their documentation, knowledge base, and support on their website. There is not a lot of good information.
I would rate it a six out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
UPDATE: Since I posted this almost a year ago, BeyondTrust has decided to remove their scanning solution from their UVM (Unified Vulnerability Management ) appliance. At the end of 2019 BeyondTrust announced that they will EOL their integrated scanner (12/31/2020).
This single move has removed the benefit that BeyondTrust brought to the table, wiping out any economies of scales that justified the ROI and TCO benefit of an integrated Unified Vulnerability Management solution.
This now turns their UVM into just a Password management solution. Which is still better than CyberArk, but now lacks the additional benefit of intelligence gathering.
To make matters worse, BeyondTrust has decided to partner with Tenable to provide the replacement vulnerability scanning solution. When asked what other integrations they had besides Tenable, there was no answer. Clearly some deal was cut with no thought to their customers or their customers experience with Tenable.
Without a scanning solution, the visibility of the assets is now questionable. Where I once viewed them as a visionary and leader, it seems that the executives are reverting to their safe desks and not providing the vison necessary to stay ahead of the pack.
Unfortunately, due to BeyondTrust change in direction, their ROI is now questionable and now has to be re-thought.
The final straw was their overt push for their customers to use Tenable as a replacement for their EOL vulnerability scanner.
All I can say is that for me BeyondTrust's value has diminished tremendously due to their decision to remove themselves from the vulnerability market. I have also lost trust in BeyondTrust to listen to their customers' needs to address our challenges.