We deploy it for customers as part of ISO 27001, 27701, and HITRUST. We do managed QMS. We go into a customer that is specifically under a GDPR or HIPAA mandate where they use HITRUST to implement it, and we act as their PRRC (person responsible for regulatory compliance). We do the hands-on configuration if they are not in compliance.

We have two customers who use Privileged Management Broker 2.23 and Cloud Privilege Broker 21.3. The PM is a hybrid deployment and CPB is on public cloud in Amazon.

The use cases are all in regulated environments that have GDPR and HIPAA medical data. That includes third-party host transfer of credentials and entitlement across multi-cloud infrastructure. The latter is specifically in a medical environment where multiple clinics are acting under a single medical provider. Or it's a GDPR situation where we act as a PRRC for a company that is highly regulated in GDPR with a multi-country presence.

Its use cases are mostly around all the 65,000 endpoints. The use cases are mostly for privileged access and the application control across all endpoints throughout the organization to make sure we have the least privileged model with zero-trust enabled at the endpoints.

We started with on-prem, but now, we've moved to the SaaS cloud.

There are three components for BeyondTrust. Password Safe is where we privilege the accounts like server accounts, domain accounts, local accounts, or custom third-party applications. We use the application to monitor and fix the recordings of third-party applications. You can also use it for Cisco integrations and multi-factor authentication.

We are using it in our organization for whitelisting a set of applications. In addition, we provide access in terms of access rules from low flexibility to higher flexibility. We also have various other use cases.

It is a cloud product. It is completely on BeyondTrust's cloud. They're using some cloud product, and we're just accessing the console from our end. We haven't deployed it on our cloud provider.

In terms of the version, the client version is 21.7, and the adapter version is 21.8. That's the latest one that we are testing right now.

We use it primarily for Jamf Pro. Most of our users who use Jamf Pro are on Mac. We work on artificial intelligence and machine learning, specifically for the military and healthcare sectors. We have developers and many DevOps professionals who use MacBooks. We manage Jamf Connect and Jamf Pro, and since developers need admin access on their MacBooks to execute code and perform coding tasks, we can't give full admin access to everyone in the company. 

We use EPM (Endpoint Privilege Management) as the agent, which communicates with the server and is deployed on the machines. The agent follows specific rules defined on the server. Users on Mac can only use these 100 specified commands. Anything beyond those commands won't work. 

We provide limited privileges, such as changing Wi-Fi or network settings, but users cannot create admin accounts on the machine. However, as an administrator, I can create admin accounts using EPM. But we have restricted that option in APM (Application Privilege Management). If you have admin access, you can create an admin account, but it will automatically be downgraded to a standard account. These are the situations we have implemented using EPM.

It's mainly for privilege management when you log in to any Windows system, so you'll be able to execute only what you have to and can.

I was part of the project, I collaborated with a Privileged Access Management consultant and incorporated it with their existing password safe from BeyondTrust. This allowed for a comprehensive approach to security within the designated area of focus.

We are using the solution to access the servers remotely.

The primary reason for BeyondTrust was so that one administrator could use their password to log on to our server. The second reason was, we needed to use BeyondTrust to form some level of sharing. It's my understanding that Microsoft has this and we have this challenge of having a tier one and tier two. We wanted to do a structure like that. 

There are three use cases that you can target. The first use case is the fact that some of your users may need admin rights for launching custom applications, such as Visual Studio, or they may want to install something on their machine on their own, or they may want to start, stop some services, change maybe system font, if the need arises, or install a custom font or change the driver, update the driver. Also, instead of giving full blanket admin rights, we can give selective admin rights using EPM in order to protect the company and the infrastructure from abuse. This is the first major use case.

The second use case is where we implement application blacklisting and whitelisting. If I don't want Adobe applications to run within my company, I can create a policy around that. Or, for example, if I have Adobe licenses, and those are only valid for version two to version three. Anything below two, I don't own and anything above three, I am not allowed to upgrade. Therefore, whitelisting based on version control also can be implemented. 

The third use case, which not popular in my region, is where cyberattacks can be mitigated or zero-day attacks can be mitigated, by making sure we whitelist only the browser and only Outlook. If the browser tries to invoke a script or if Outlook launches say Excel or PDF as an attachment, and from there, if a script tries to launch, we will be able to block it. Therefore, making sure that the entry point of the malware itself is blocked is possible. That said, having said that, it has zero intelligence in checking whether the script is legitimate or bad. It's going to block everything. It blocks all and later you can enable it, if the need arises.

There are multiple use cases for this solution. There is the auto-discovery option for PowerBroker Password Safe, which can discover all the local accounts on any of Windows, Linux, or Unix. It can work with Active Directory and onboard Active Directory accounts automatically, if the correct credentials have been provided for AD. When it comes to databases, it also governs and controls all of them. It can integrate with Oracle Database, SQL, Oracle Linux, or other database environments.

BeyondTrust Endpoint Privilege Management helps with activity monitoring. 

We are an integrator, and we do a lot of Identity and Access Management and Privileged Identity. I am only just getting into this solution. I am not trained in it, but I've been reading about it. I have recommended it for a client based on their requirements and based on what I know about CyberArk versus a couple of others. I have not implemented it yet. I have the agent running on the system where I am actually profiled. I have its latest version.

In terms of use case, it primarily has two things, and you can choose whatever you want in the middle. One side is that you can use it to allow the user to have specific administrative rights and do certain things without having to call the help desk. For example, you can allow users to be able to install certain applications. You can also have a whitelist or a blacklist of things that they are allowed to install, which saves a boatload of money in calling the help desk. The other side is to rein in administrators so that they don't go too far or do something outside of the bounds. The help desk personnel would have different restrictions when they log into a workstation than regular users.

We use it to limit user privileges.

The primary use case for BeyondTrust is for when one needs to control the administrative accesses on their critical assets, whether that be Windows, Linux, or UNIX servers, databases, and application servers.

We primarily offer this solution to our clients. Our clients use it for access. For example, if there is a user who is not from their existing network and he's a contractor, they have to be able to give him the privilege to come inside, otherwise, that person can't access anything internally like a regular end user can. This solution allows them to offer separate privileged user access for specific users. 

In terms of meeting compliance objectives of securing endpoints, this product is very useful. It works for things like ISO, PCI, DSS, and the CIA. BeyondTrust meets all of the technical requirements from the compliance perspective. The vault, remote access management, and VP enlisted VPNs will become very useful in terms of being able to manage and maintain infrastructure security without having the complexities of changing passwords all of the time. It also helps to maintain all of the compliance objectives with password complexity changes. All of those things get managed under one product tree.

We are a technical services company and this is one of the solutions that we provide for our clients. It is used to manage privileged access for our customers and their server resources.

One of our customers had administrators that shared credentials to access some of their enterprise applications. We needed to remove those credentials because they were compromised at some point, leaving other people to access them and the organization was not able to keep track of who was logging in, or what they were doing at any particular point in time. Implementing this solution has allowed us to remove most of the credentials from those applications move them into a proper management facility.

At one point, our users shared credentials to access some enterprise applications within our environment. We had to take off user credentials because those credentials were getting compromised at one point. We also had trouble keeping track of who logged in or when people were doing work at any given period of time. With this solution, we're able to log the credentials from those applications and then move it into the facility for proper credential management.

Our primary use case of this solution is data access management. When you have a complex infrastructure you obviously need a solution that can monitor the activities that are going on in the infrastructure. The usernames, passwords, and activities have to be monitored, and this program helps you with that.

So it is nothing but a monitoring and security tool that will monitor all the infrastructure activities and help you to manage the passwords of the infrastructure so that the passwords are not being exposed to the third parties or your users. These passwords will be secure in your infrastructure and be rotated as part of the compliance policies.

We use it for the password management (of privileged password management).