BeyondTrust Endpoint Privilege Management Review

Great session management features and out-of-box connectors

What is our primary use case?

The primary use case for BeyondTrust is for when one needs to control the administrative accesses on their critical assets, whether that be Windows, Linux, or UNIX servers, databases, and application servers.

What is most valuable?

I would say session management on the go is the most valuable feature. When the session is going on, you can stop the session without terminating it for justification. You can cancel it. The recording takes very little space. Those are some things that the customers are worried about when they talk about session recording.

The other valuable feature is out-of-box connectors. BeyondTrust has partnered with many well-known companies. Other PAM products are not there yet. The number of out-of-box connectors BeyondTrust has is really good.

What needs improvement?

One issue, especially when you deploy HA actively and passively, is the synchronization. Usually, there is a large delay between the sync. The biggest problem is that it takes at least 14 minutes to detect that the primary is down. That is 14 minutes of downtime, which is a huge amount of time, especially for our enterprise customers. That delay should be reduced.

The other area to improve is that they rely on MS SQL servers only. You cannot have any other database behind them. They have to be on MS SQL. If they can do something about these issues, this would be a better alternative for some customers.

In terms of software, BeyondTrust should work on other operating systems other than Windows and support non-Windows operating systems also.

What do I think about the stability of the solution?

I haven't faced any issues with stability. Others might have, but I personally haven't faced any stability issues, because the system is very solid. The processes behind them are very well defined, as well. I haven't seen any instability yet, but perhaps there might be in the future.

What do I think about the scalability of the solution?

Scalability is very simple. I mean you can just add a greater number of nodes or sessions. They can be behind a load balancer, so it's very easily scalable. They do need to have a license for the scalability that they wish to reach, so they can keep upgrading their hardware as much as they want.

How are customer service and technical support?

There are chances some customer might give very negative feedback. Firstly, we think that they are extremely good in terms of ability. Next, they give you a slot for the support. If you give a ticket they respond quickly and give you a slot. However, the customer needs to make sure that they are available for that slot. Otherwise, they can view which slots will be available soon. If they miss a slot, the technical support will get busy with other tasks. This is one reason we have had negative feedback. It comes from the customer's end. 

As an implementer who has submitted tickets, we have gotten responses that resolve the issue. I have found that the way they communicate to resolve the issue was really good. I work with other vendors' products as well, although not for PAM. I thought that BeyondTrust support was really good.

How was the initial setup?

The initial setup was very straightforward and simple.

The deployment time depends upon the size of deployment. If it's a single company with DC and DR, where you have an HA in DC and DR, the maximum time if they have 500 assets, for example, would be two weeks. If everything is smooth, it should be a maximum of two weeks. It could also be shorter.

What about the implementation team?

We do demonstrations for implementations only because we are partners for BeyondTrust in this region. We deploy the solution.

Which other solutions did I evaluate?

I've actually looked at ARCON and BeyondTrust. Now I'm working with BeyondTrust implementation.

Features-wise, BeyondTrust is a lot better than ARCON. ARCON, even with limited features, is still good, but the number of features and scope of its privilege control is limited.

BeyondTrust Password Safe works for critical assets and servers. For endpoints, it offers PowerBroker and Bomgar, which is for privilege remote access and control. I think that the suite of BeyondTrust covers a good landscape. ARCON is limited.

What other advice do I have?

Don't start the implementation until you get the prerequisite sheet confirmed from the customer. If not, you may waste a lot of time at the customer's site.

I have learned a couple of things from this product. First, if the organization doesn't have a structured hierarchy of the work or the segregation of duties properly implemented, no matter what kind of security there is, it tends to fail. Operationally, it tends to fail. The tasks never get finished. BeyondTrust helps define those duties properly.

That was one major thing. The other thing I learned is that PAM is not for an inexperienced person. Don't give a PAM solution to a company that is employing inexperienced people, because they will never understand the concept of security and why identity security is important.

I would rate this solution as eight and a half or nine out of ten. I am not saying ten, only because of the limited choice of Windows. If it had alternate options available, I would give it a ten.

Which deployment model are you using for this solution?

**Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
More BeyondTrust Endpoint Privilege Management reviews from users
...who compared it with CyberArk PAS
Add a Comment