BeyondTrust Password Safe Room for Improvement

Vinay Dabas - PeerSpot reviewer
Senior Sales Engineer at ForgeRock

The database instance onboarding should be simplified. The problem is that you can scan the assets and databases inside a server, but you cannot onboard them or manage them with the smart tools. It has to be done manually. I think they should try to include more custom platforms.

With the databases, there were some issues. The databases are inside the servers, and it was a bit difficult to scan the databases. Apart from that, the rest of the assets were easy to scan and integrate. It's difficult to onboard the database. You can scan and find them, but you have to onboard the databases manually. You cannot onboard databases using Smart Rules databases. Database instances are difficult to onboard and must be done manually.

The applications should be more like in the SDK. They have good API support now.

View full review »
Adhiseshan Gunasekaran - PeerSpot reviewer
Technical Lead at a financial services firm with 5,001-10,000 employees

The banners could be improved because they aren't informative. For example, if something is not correct and I open the error notification, the dialogue box simply says, "This is an error." It would be great if they could provide some valuable comments about how to fix the errors. If I try to remove something, the error box says it cannot be removed, which isn't helpful. I have to wait for the account to check in, and then it will be removed. 

The information description in the logs and the error reporting could be improved. For someone who's inexperienced, it's hard to understand.

View full review »
Hartmann OLLIVIER De MONTAGUERE - PeerSpot reviewer
IT Messaging Collaboration L3 Consultant at ATLANSE (missioned at BNP Paribas CIB)

We weren't aware that the Password Safe virtual appliance runs on a Windows server. As part of our monthly patching process, we ran into an issue. BeyondTrust Password Safe wasn't compatible with the patching we used to put on our server.

We cannot download patches from the Microsoft Windows server and deploy them on the solution. The solution starts failing, and we run into incidents. This is a major issue that they need to fix. We have to wait for months for Microsoft to release security patches.

View full review »
Buyer's Guide
BeyondTrust Password Safe
March 2024
Learn what your peers think about BeyondTrust Password Safe. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Charles Newman - PeerSpot reviewer
Architect at a tech services company with 11-50 employees

Documentation is the primary area of improvement. Their documentation has improved over the last three to five years, but there's still room for improvement. A more intuitive search and not having disparate documentation categories would be helpful.  

While they are quick to market for improved features, there are still additional features that other vendors have that they don't have like a credential injection for the users' web browser extension.  

View full review »
HM
Cybersecurity Architect with self employed

In terms of intuitiveness, the UI for a generic user is good. I wouldn't call it great because, at times, some of the capabilities are difficult. While trying to get to the password itself or trying to find the asset itself, it sometimes gets difficult to narrow down or identify which asset you can get credentials for. There were some search features and the ability to have a favorite, but in a lot of cases for our user community, it wasn't very useful.

The RDP access needs to be improved. I wasn't very keen on that. It downloads an RDP file every time you want to access the solution. It builds up these sessions on your laptop. That was one of the pain points that a few of our administrators had talked about.

Named accounts don't work well in this solution. If you use named accounts for your administrative access, the way Smart Rules work is that it takes your SAM account name and matches it to the account name of your privileged ID, which creates limitations on size and how big those names can be because the directory has a 20-character limit. 

View full review »
ON
Security Engineer at Protego Trust Bank

Their support is not good.

The extensible API is the feature that I like to learn. However, we aren't using it at the moment. 

It has crashed on us in the past.

View full review »
Ahmad Sallam - PeerSpot reviewer
Senior Specialist at a financial services firm with 1,001-5,000 employees

I'm not too fond of the Smart Rules feature, mainly because too many features can cause complexity.

There is a limited capacity on the appliance, which I wasn't informed about when I purchased the product. I can have a maximum of 150 rules per appliance; any more than that and rule processing becomes very complex, especially regarding password revision. Hitting a capacity limit you don't know about can be problematic. Ideally, we would not have a limited capacity, allowing us to be in a completely managed state with password rotation for every service account, not just the highly privileged ones.

The solution does not indicate an issue, but when we hit the capacity limit, rules can become erratic, resulting in password resets during the middle of the day when they're in use. This can be an issue, especially as there is no performance counter so we can track how close we are to the limit, nor is there an indication of when we cross it. This is an element that could use a redesign.

Another feature that could be improved is the password rotation schedule; as a financial organization, that's very important to us. We sometimes require the maintenance window to be on a Saturday instead of during the week. The solution gives the option for the fifth day of the month, the tenth day of the month, the first day of the week etc., but not more specific. I want to be able to set the rule that password changes only happen on a Saturday, for example, and I can't do that.

To compensate, BeyondTrust tells us we can write scripts to set the password resets. This needs to be improved because it results in additional work for us, and they could fix the small scheduling gap in their product.

The MSA element of the solution is fine; there are no significant issues implementing MSA with the interface. However, the interface can be somewhat complicated for admins, though not for end users. Precisely, when troubleshooting user issues, we encountered strange errors. We needed to go into the appliance log to understand what was happening, and the UI needed to be more intuitive to help us.

We were late refreshing the UI, so it had pretty old components until about 2020, and we experienced browser issues. After 2020, the UI improved, but the look and feel of the application are still dated. I carried out POCs for CyberArk and SafeGuard, and both of their interfaces are much better than Password Safe's. I liken the solution to a Toyota; it's a good all-rounder, and it isn't bad though it has some issues.

We had an issue with the Team Passwords feature: the privilege concept needed to be improved. There was no differentiation between contributors of privileged information and the consumers of it. Additionally, until very recently, there was no REST API integration with Team Passwords, so we couldn't publish secrets using REST API. This could have been better, as it meant we needed a different team for CI/CD and Team Passwords, resulting in some cases of duplication.

View full review »
GJ
PAM Architect at a tech services company with 11-50 employees

If there was one thing, it would be having the documentation standardized. They should keep the documentation consistent. For example, when BeyondTrust updated one of their admin guides, they left out the information on the discovery account requirements, and then over a period of time, we ended up having to search multiple different documents to put together a string of information for a specific topic, which was problematic. It was minor, but it was problematic. Standardized documentation would be the one thing I would suggest.

View full review »
PO
Relationship Manager at Snapnet Ltd
The pricing is not cheap, but it could be better. View full review »
Ali Zeeshan Hasnain - PeerSpot reviewer
Associate Security Engineer at a security firm with 11-50 employees

We'd like to have incremental backups to ensure the solution's information is protected regularly.

View full review »
PN
Manager at a consultancy with 10,001+ employees

There are multiple features that have issues, although they could be specific to our environment. What we have seen is that whenever a user gets added to the authentication store, the sync between Password Safe and the authentication store, which is generally easy, takes a lot of time. It does not occur immediately.

This is persistent for Password Safe used by administrators who require immediate access. If immediate access is not possible, then access should be made possible at least within one hour or so. This does not happen in our environment. The access takes more than three to six hours to happen.

Whenever a new end user is provisioned for access, it would take twelve hours to twenty-four hours. Since they are end users, the time taken is fine. However, when we consider administrators, they might need access at different times. The three-hour time frame for the administrators in our environment is a lot of time.

View full review »
PN
PAM Consultant at a insurance company with 10,001+ employees

I find it a little bit confusing because you have the management console, and then within the management console, you have access to different admin consoles. There are probably two or three different ones. I wish they would place all those different types of consoles into one main one so that we don't have to access two or three different consoles to do the work.

When we deploy BeyondTrust, we have to deploy our own database on a SQL server. It doesn't deploy the database. I wish BeyondTrust packages the whole solution in one and includes the MySQL database so that when you deploy it, it deploys everything for you. BeyondTrust gives you the software, but you are in charge of setting up your own database. It is a single appliance just for the BeyondTrust portion but not the database. Unless that has changed in later releases, you have to set up your own database for BeyondTrust Password Safe. I find that part complex because we then need the expertise and help of the database team to set it up, which also increases the deployment time. If they can deploy the database, it will reduce the deployment time.

Their documentation is not very detailed and thorough. In case of any issues, a lot of times, we have to go through their professional service. They need to update their documentation and create a good knowledge base for us so that when we run into problems, we can go there and search for common issues or problems.

View full review »
SS
Sr Security Analyst at a tech services company with 51-200 employees

We don't have much control over the appliance. When anything happens in the backend, we have to depend on the support team. We need to raise a case so that they can update the appliance. If we have control over it, we would be able to troubleshoot easily. 

They can improve application integration. They can provide out-of-the-box connectors for common applications so that we don't need to do the customization and write scripts from scratch for lots of applications. They can provide an application catalog with pre-configured connectors.

View full review »
DT
Director Information Security at Coho Data

I would love if they integrated Bomgar's SSO with BeyondTrust for the session recording that we use for vendors. 

View full review »
HB
AD System Administrator at a government with 201-500 employees

We face screensaver timeout issues and problems with the server. I would like the product to include a server visibility feature. 

View full review »
BB
Network Engineer at Wire Speed Systems`

The integration with Secure Remote Access must be improved. It is in the process of being discontinued.

View full review »
SG
I.S. Architect at a insurance company with 10,001+ employees

Its documentation can be improved. Its documentation is currently complicated, and it is not good. It needs to be better.

Their technical support can also be improved. It is not bad, but it can be better.

View full review »
SH
Cybersecurity Architect at a tech vendor with 1-10 employees

I think that BeyondTrust Password Safe could be improved with more testing. In the beginning, they were practically using customers as beta testers. 

Maybe the product has evolved since I last used it, but if you look at PAM, privileged access management, whatever's out there has already been done. I don't see there being any other enhancements that are being made regarding PAM, except to support more cloud-based applications. 

View full review »
BP
Teaching Assistant at a university with 1,001-5,000 employees

The product needs to have better integration with SAP products. 

View full review »
Buyer's Guide
BeyondTrust Password Safe
March 2024
Learn what your peers think about BeyondTrust Password Safe. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.