What is our primary use case?
In terms of meeting compliance objectives of securing endpoints, this product is very useful. It works for things like ISO, PCI, DSS, and the CIA. BeyondTrust meets all of the technical requirements from the compliance perspective. The vault, remote access management, and VP enlisted VPNs will become very useful in terms of being able to manage and maintain infrastructure security without having the complexities of changing passwords all of the time. It also helps to maintain all of the compliance objectives with password complexity changes. All of those things get managed under one product tree.
What is most valuable?
The privileged access management into sensitive systems is very valuable. That includes control from the endpoint all the way through to the managing of passwords and credentials that are used by the person to access the sensitive information. It's very useful because nobody ever really maintains passwords for those endpoint systems. It's maintained in the Dropbox password file.
What needs improvement?
This depends on the client. Some clients find the granular approach a lot better than the simplified approach and some clients prefer the simplified approach better than the granular approach. Depending on the type of organization and type of information that must be protected, there are obviously different requirements.
For how long have I used the solution?
I actually haven't been using this solution. Customers of mine have been using it for about three years to provide me with evidence for audit purposes. They retrieved this evidence from BeyondTrust. When I ask them about endpoint management, all the information that I ask for they pull out of BeyondTrust.
What do I think about the stability of the solution?
At this point in time, I haven't had any complaints from clients that it let them down, so I would assume it's stable.
What do I think about the scalability of the solution?
It is definitely scalable. I've worked with clients that have a 75,000-device network and it's working fine. Our clients have anywhere from about 15,000 users up to about 40,000 users.
How was the initial setup?
The initial setup is complex.
What about the implementation team?
We use a vendor team to implement.
What other advice do I have?
Approach it slowly. Don't rush in and drop things down there. Do it carefully, because you might end up breaking access to systems, which is complicated when you're running a production environment. Make sure you go through the testing process vigorously before you deploy.
I would give BeyondTrust a seven out of ten. There are some features in CyberArk that are better, cheaper, or easier to implement. Some of those running in CyberArk don't have the conflicts that BeyondTrust has, as there are many products in the suite. You've got to compare apples with apples.
Which deployment model are you using for this solution?