What is our primary use case?
There are multiple use cases for this solution. There is the auto-discovery option for PowerBroker Password Safe, which can discover all the local accounts on any of Windows, Linux, or Unix. It can work with Active Directory and onboard Active Directory accounts automatically, if the correct credentials have been provided for AD. When it comes to databases, it also governs and controls all of them. It can integrate with Oracle Database, SQL, Oracle Linux, or other database environments.
What is most valuable?
I'm a BeyondTrust partner and I have multiple deployments, four or five banks right now. The features that give us quite an edge compared to what our competitors are offering - like IBM or Thycotic - are the Session Management, that is quite a big one; also the recording of keystrokes. In addition, there is the password vaulting and state-of-the-art Password Management, which I haven't seen in other products.
It also provides a granular approach through the Management Console and manages all the operations "from the inside out". It is easy to explain and easy to manage.
What needs improvement?
If you are specifically dedicated to Privileged Access Management, the definitions are a bit unclear throughout the world. I have been in contact with engineers around the world, in Canada, the U.S, and the U.K as well. Everyone has quite a different definition for Privileged Access Management or Identity Access Management or Identity Management.
Because of the definition of PAM, I don't think they can provide anything in addition to what has been defined. If you want to include anything else in this product, it will deviate from the boundaries of PAM.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
I have not encountered issues with the stability.
There are slight hiccups but they are based on the configuration details of the appliances, as done by the clients. If you are talking about the application or the features it provides, I don't think there are any hiccups with BeyondTrust.
I have worked on competitive products as well. IBM and Thycotic are lightweight applications utilizing limited resources and providing proportionate results. I don't think anyone can compete with BeyondTrust.
How is customer service and technical support?
The response time and the responsiveness, the level of support that they provide, is tremendous.
I have worked on the scene, I have worked on firewalls as well as on multiple security products, but the support from BeyondTrust is highly efficient, from a highly experienced technical staff. The level at which they provide support, the dedication as well as the expertise they have, is among the best I have seen.
Which solutions did we use previously?
I have utilized OpenAM SSO, as a single sign-on. That was a Canadian product. It was an open-source solution. But I am happier with BeyondTrust. About 95 percent of use cases are handled by BeyondTrust. Whether you're talking about a bank or a telco, whatever their requirements are, they can be met by the PAM. When it comes to the PAM, I don't think that any application can compete with BeyondTrust, except for the financial issue that has been recently affected by the change in the licensing model.
How was the initial setup?
The initial setup is straightforward; the way that they provide the UVMs, and the whole package when it comes to deployment. What they do is provide you a complete setup package. Everything in there is preconfigured, so all you have to do is to provide the basic IP addresses and other stuff and that's it.
What's my experience with pricing, setup cost, and licensing?
What BeyondTrust was providing was user-based licensing which was a great benefit from the client point of view. Recently, I don't know why, the licensing model has been changed, and that is the reason that they have lost a bit of their edge when it comes to the PAM, against our competition.
The asset-based licensing, from the user's point of view, is not beneficial. The licensing should be based on the users. The greater the number of users, the greater will be the load and the greater the scalability problems. I presume that is why the licensing model has changed.
Which other solutions did I evaluate?
My company first chose the IBM Identity Manager suite. Later on, we surveyed the market and the needs and requirements of the clients. We thought the IBM solution was utilizing too many resources to achieve a very limited goal. The requirements are related to PAM, but they were employing IM.
What other advice do I have?
I would rate BeyondTrust at eight out of 10. It's not a 10 because the scalability and licensing have impacted us a lot. Of the two points that I have deducted: One is the non-flexibility on the pricing and one is the licensing model. When you launch a product in several markets like the European market, the Asian market, or the Russian market, you have to be very flexible when it comes to the pricing.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.