What is most valuable?
The main areas of focus of BeyondTrust products is Privileged Access Management. Along with it, they've also bundled the PAM solutions with a Vulnerability Management solution. We all know Retina Network Security Scanner has been around for more than a decade now and anybody would agree with me that it has been a most comprehensive scanner. BeyondTrust bundles these two areas of security - PAM and VM - with an extremely rich reporting & analytics platform – BeyondInsight - which gives actionable intelligence to SMBs as well as large enterprises.
Along with PAM & VM, PBW allows implementing a strong workflow in the organization, with regards to accessing the most valued resources of the enterprise. The request-approval process along with session monitoring and recording, could prove a very strong deterrent security control for actors with malicious intent.
With all the other features, such as asset inventory, scanning, jobs scheduling, etc., BeyondInsight offers an intelligent platform for reporting and analysis of the collected information from the customer's environment. It presents the information in the form of heat maps, risk maps, ROI graphs which are very useful for presenting to your senior executives during your budget planning. Overall, it has proven very useful to all individuals from engineer to the 'C' class of the company.
How has it helped my organization?
We implemented the BeyondTrust suite of products as part of our initial evaluation and continued to use the product because we liked it very much. We distribute security solutions to our customers, so we can only sell something to our customers that we believe in. And the best way to start to believe in something is to experience it. So, from the initial evaluation environment, we moved a few assets – because it's not a very large organization - and implemented a workflow process for our IT contractors. Developers and network engineers who access our infrastructure devices such as servers, routers, and firewalls have to put forth a request (though we've kept them as auto-approve 24x7, since we trust them :) ), to access the devices. All these activities are monitored, recorded & audited on a periodic basis or in cases of issues. We do not have any external auditing done within our company. However, I can imagine the kind of details provided by the solution to the auditors on almost all of the IT activities required to be monitored and audited.
Apart from auditing & recording requirements, our sysadmin now has the best control of his work in his tenure with us, in the area of patch management for our networks. RNSS has been scheduled for periodic scan jobs preparing a report. We've configured the Enterprise Update server, which checks the vulnerabilities, suggested remediation, and once they've been reviewed, all the systems are patched directly from the Enterprise Update server.
These are some of the areas I can think of at this point of time that we have benefited from BeyondTrust so far.
What needs improvement?
I'm of the thought that the best products in the market have room for improvement, always, and so is the case with this product as well. I have always submitted the improvements / bugs list to the vendor and am looking forward for them to be implemented in their coming releases.
These are related to the Flash / Java Web UI, which we know is very vulnerable. I would love to see the Reporting & Analytics console in HTML5 or other technologies which are not as vulnerable as Flash. That's something I don’t promote for the product. However, it being an internal-facing Web application, it doesn't pose a very high risk.
Other areas for improvement I have suggested in the past were more tight integration with some of the comprehensive ticket management systems. Currently, it does open a ticket in external ticket management system by sending an email. However, I would love to see these tickets being opened and customizable for other activities, such as after a vulnerability scan for high-impact or high-risk vulnerabilities, systems not patched for a certain time duration, and the list can go on. Auto-opening & auto-closing of tickets is something I would love to see implemented in BeyondTrust.
For how long have I used the solution?
I've been implementing & using BeyondTrust products for more than a year now.
What do I think about the stability of the solution?
I have not encountered any major stability issues so far; just a few minor bugs, such as when you run / schedule jobs, sometimes we could see two of them being run. But this was just in the UI, RNSS in the background would still run as per the configured and scheduled jobs & reporting back is also as expected. Apart from that, the product is pretty much stable.
What do I think about the scalability of the solution?
I've seen the product scale with no problems. I've implemented products in customers’ environments as a POC with a few servers / resources under monitoring. And once they decided to go ahead with the solution, they've scaled very well to a few hundred or thousands of users with addition of endpoint software, with virtually no impact on the performance. On the contrary, the more the resources being monitored, the more information being collected, which lights up the platform and provides a very comprehensive list of information of your network.
How are customer service and technical support?
Until now, there hasn’t been local direct support in Australia, so any support has to be raised via email and there is a day's lag. To speak directly to the support rep, you have to call a toll-free U.S number. However, I haven't doubted the competitiveness and efficiency of the support. All the cases I have submitted so far, for ourselves as well as our customers, have been resolved to an excellent level of satisfaction.
Which solution did I use previously and why did I switch?
I wasn't using any similar solution previously.
How was the initial setup?
The product is available in the software as well as virtual appliance form which is a hardened Windows server, shipped securely to the end-user. It does have initial setup and configuration tasks. I would not say it's simple for naive users; however, having said that, it's backed up by very strong, simple and straightforward step-by-step documentation, which is very simple to understand and can be followed by a beginner to mid-level engineer.
What's my experience with pricing, setup cost, and licensing?
Compared to its competitors, BeyondTrust software is way too cheap and offers many more features and functionality at the base price point. Licensing is simple and based on either number of users or number of resources, whichever is cheaper for the customer and very easy to calculate. Licenses are not hard-limited on the number of users.
What other advice do I have?
Security, as always, should be taken care of in a layered approach. BeyondTrust products take care of the containment of the breach with its PAM suite of solutions, as well as reducing the attack surface with its Vulnerability Management products. Together, they present a very strong, in-depth defense approach for customers. It's not an endpoint protection product, though they have their endpoint agents, which could be installed on the workstations. It has to be implemented in conjunction with other security solutions such as endpoint protection and gateway security solutions such as email & web, as well as firewalls, IDS, IPS and other network security devices.