The best aspect of the product is the ability to onboard devices. You can scan the IP subnets and onboard all the devices. You can then segregate them if it's a network device or a firewall. If it's a Windows server or a UNIX, you can basically scan your IT infrastructure and onboard the efforts, which should be managed. Once they have been onboarded, then the session management and password management are easy and nicely configurable. 

The session recording features are part of session management, and you can search for any keystrokes or mouse clicks. The analytics and reporting provide a very comprehensive view that shows all of the users who are using Password Safe, what servers they're using, with what access, what time, and for what reason. The analytics and reporting provide good auditing data.

Password Safe provides integrated password and session management in one solution. The session recording is quite important when you're safeguarding your privileged accounts. If the user knows the password, then you have to do some other actions like network changes, or else users will open the sessions directly. They will not use the session recording, or the session management part. They won't go to the PAM solution to access any servers. They'll directly open a Linux session or RDP session without being monitored if they have the password. If the password is compromised, then that's a problem. If the password is being rotated but there's no session recording, then it's like a password vault where you take out the password and use it.

For the duration of time that the password is not rotated, that password remains vulnerable. If you have a rotation policy of one week or one month, and then someone has taken out that password from the vault, that password remains vulnerable for one month. That's why session management and password management go hand-in-hand because the passwords are rotated regularly, nobody knows the password except the system itself, and the system opens up the sessions without telling you the password. It will just note down the entry that you have opened this session. Depending on the configuration, it will rotate the password in the back end, and it should be seamless. Nobody needs to know that there was a password, what the password was, and if it has been changed or not.

The Smart Rules feature is very helpful for management. If I have to do something manually, it will take me loads of time. There are chances that I make mistakes. It's a very painful task to onboard a managed system one by one. If you have 1,000 Linux servers that follow the same policy, you can manage them under one smart tool, which is a five-minute job. 

If there are 1,000 systems, I can onboard them in one day with smart tools. Without smart tools, it will take weeks.

I have used the solution's software development kit to create a plugin to support new applications. They have recently made some changes. It was a bit tricky when they were using AutoIt to do this, but recently they have made some changes. Now, it's quite easy to create new applications which you can use to open sessions.

The intuitiveness of the solution's user interface is much better. Before, it was using Flash content, which has been removed. Now, it's using HTML5, and the user experience has improved. There are two perspectives. One is administrator, for people like me who are managing the system, and one is for end users. For end users, it's quite simple and easy to use. The UI is very clean, so you don't have to go to multiple pages back and forth to reach the end goal, which is opening up your session. 

We use the team password feature to securely store credentials owned by small groups outside of traditional privileged users. The entire team can easily share passwords, and it provides an audit trail that shows who has added, deleted, viewed, or copied the passwords.

We use the solution to integrate Password Safe session management into existing business processes using existing tools, like Putty. With Putty, it's simple. There are some changes that need to be made in the registry, so the system knows what SSH tool you are going to open. For MobaXterm or WinSCP, it provides a link URL. You can use a connection string to open sessions like that if there are any thick or thin clients. Thick clients are applications that are downloaded on your machine. Thin clients are web applications.

When a PAM administrator creates an application and maps it to the smart groups, the users will see that there is a link and will open the session. There's an intermediary solution in between called a terminal server or Remote Desktop Server, RDS. That terminal server can be hardened, and that opens the application. It could be a web application like Splunk or a thick client, like Putty, Oracle, or MSSQL. It can open that user interface for you. It basically gives you a restricted user interface where you only see that application opening up for you, and you can do the tasks you need to do.

Some integrations are easy, and some are complex. It depends on the business application. If the application is simple and straightforward, then it is easy. If they need manual intervention, it's more difficult. In Password Safe, we see how someone is logging onto any business application, manually. Then we try to automate those things using SDKs, the AWS app, or AutoIt. It depends on how simple the login process is without the PAM solution.

We're able to integrate session management without disrupting business processes. We don't touch business processes in most cases. Usually, we try to replicate what the users are doing. Otherwise, the only thing we add is a layer in between.

I like the session recording feature. I also like the analytics and reports. You can pull up a report, and the UI is fantastic. The system is recording when nobody's there, so we have a record of what's happening.

The Smart Rules feature is one of the coolest features. It allows us to automatically onboard accounts based on the criteria instead of manually onboarding. It allows us to manage assets or accounts based on the criteria we search for in Smart Rules. 

The UI is cool. They have different symbols and icons. I think the UI is better and more informative than other solutions.

The customization features help me manage most assets, databases, and applications. It's more than sufficient for us. The default connectors and plugins are capable of managing the database in the server, units, and systems.

The ability to manage privileged account passwords is the most valuable feature. It gives us the capability of rotating passwords as soon as an event is triggered. Even if Password Safe protects the privileged account, like an admin account, we can request the password from the profile. As soon as it detects that we have the password and it's used for the first time, the password will automatically change so it can't be used again. The strength of the password will be the same.

Smart Rules were created to automatically assign the credentials that belong to each user and their profile. We use the Smart Rules feature for automated privileged account management.

The Password Safe user interface is simple and very intuitive. I would rate it as a four and a half out of five. It just shows us what we need to see.

The actual innovations offered by the vendor stand out to me. They are quick to respond to market demands and the changing environment of privileged access management. I see BeyondTrust Password Safe as an innovation leader compared to some of the other vendors in the market.

The vaulting features are valuable. 

It provides integrated password and session management in one solution, which is important for us because, from an auditing standpoint, we are accountable for the type of access being used. We need to ensure that accounts are securely stored and there is the right type of accountability around who is gaining the access. After gaining it, how they're using it, where they're using it, etc.

I like that I don't have to memorize passwords. The whole process is fully automated.

Advanced auditing and forensic features are great.

It simplifies your compliance and tracking to benchmark other credentials and analytics.

The solution can scale.

The RDP and SSH session recording is good. The associated UI is  pretty straightforward, and Direct Connect is a good feature.

Integration with Active Directory is a handy feature. 

The CI/CD and REST API are also satisfactory; the solution has a full PAM feature set and they all work well. 

Password Safe is relatively straightforward to run. 

We use PowerShell and Shell scripting using the solution's libraries. We also use the .NET library, where I worked with developers to create .NET extensions for use in solutions built in-house. We used the product's software development kit to develop plugins to some extent, and mainly we integrated with the REST API for our Azure-developed CI/CD pipeline. This capability is essential because DevSecOps becomes a requirement at some point. We're dealing with privileged accounts to do releases, which must be carefully managed and require password rotation. Thus, we need a source system for these release management pipelines to provide passwords, allowing the user to continue with the following deployment steps. Highly privileged accounts, by their nature, require regular password changes, which is a critical element in our DevOps.

It starts with discovery. Its number one feature is discovery. The discovery engine in BeyondTrust is off the charts. When they perform a discovery, you know everything there is about a server, including what software is installed. For example, if you want to group all of your database servers together, you can do that by using discovery and Smart Rules. If a server has Microsoft SQL installed, it gets put into a group based on a Smart Rule. It makes it very easy to determine what is what in your environment. As organizations grow or acquire other companies and merge, they lose track of what they have. BeyondTrust can help you throw a rope around it very rapidly.

Its user interface is really nice. It is very visual. When you first log in, based on your job role, you see what you have access to when you look at the screen. As an administrator, I see the configuration screen where I can go in and modify Active Directory and authentication connections. I can set up SAML, or I also have access to create Smart Rules. The access is based on the role that you have when you log in. I have six boxes or six categories of administration items, whereas when an admin user connects, he would only have one or two. So, based on your role, you see what you have access to. It is not like you click something and then it fails because you're not an administrator at that level. You actually see what you have access to, and BeyondTrust is very good at that.

BeyondTrust provides the ability to connect by using not just the web interface but also the admin tools such as MobaXterm, PuTTY, or a lengthy list of other types of tools. You can use the connection string and connect through BeyondTrust, and it will be session recorded, keystroke logged, and highly available. When you bring up MobaXterm, you probably bring up one of the most complex ones because MobaXterm has the ability to have two, three, or four concurrent connections, which makes BeyondTrust Password Safe ideal.

It is very easy to integrate session management into existing business processes. To make it easy for the engineers, we created templates of the connection strings and then used, believe it or not, Microsoft Excel to create custom strings for each of the engineers. We exported them to a text file that they could then import. In the case of PuTTY, because PuTTY stores the connections and the credentials in the registry, we had to do something different there, but the connection string is customizable enough to make the job fast and easily repeatable for all the other engineers. You don't have 20 or 30 engineers spending two or three days creating all these connection strings. I can create them in a matter of minutes with a Microsoft Excel spreadsheet and then save them to a text file or a CSV file. It is awesome.

We are able to integrate session management without disrupting business processes. One of the niceties about BeyondTrust is the ability to integrate it with ticketing systems. For example, as per Sarbanes-Oxley, we have to have a reason for why an administrator is performing something. The integration with a ticketing system is ideal rather than manually typing the reason in the reason field through the GUI where most engineers, after a while, end up just typing in Work. They don't put in enough data to make it clearly visible why they connected. The integration with the ticketing system is ideal for that. Ticket-driven access makes the work very quantifiable.

It is very easy to deploy. It's easy to use. That's the major thing I like about it.

The solution offers session monitoring and has a good connection profile. It directs users to specific commands that our organization needs.

The user interface is very nice.

The performance is good. It does depend on how much you are giving to the appliance, however, we've never had any issues.

It's quite interactive.

It's stable.

The solution can scale.

Technical support is helpful and responsive.

BeyondTrust Password Safe has good reporting and Smart Rules which makes it easy. Though Smart Rules are easy, those who do not have much experience with such things may find it difficult to understand how it works. Otherwise, I find Smart Rules very easy to work with.

Smart Rules is a nice feature in BeyondTrust. It is a unique feature that BeyondTrust has as compared to other vendors such as CyberArk. With Smart Rules, you can do automatic onboarding of accounts. There are a lot of options and features. For example, you can do onboarding based on different AD attributes. It is a nice feature in BeyondTrust that some of the other PAM vendors don't have. With other vendors, we have to create our own scripts, whereas, with BeyondTrust, we can just use the in-built Smart Rules.

In terms of the intuitiveness of the user interface, I find it to be pretty good as compared to the other products. It is user-friendly, and in terms of the looks and feel, it is one of the better ones.

Screen recording is valuable, and integration with applications is easy. We can customize whatever we want. We did a lot of application integration using scripting.

The sharing of intelligence gathered by scanning, and data warehouse cubes on the backend that gives us the ultimate visibility into our assets. 

I am impressed with the product's session-logging features. We can also do multi-factor authentication with the product. 

The solution protects organizations from internal and external threats. Everything's up to date. Whenever we need information, we find it.

Session recording, password rotation, and password vaulting are the most valuable features.

One of the most valuable features is that this is a product designed with enterprises in mind. 

BeyondTrust Password Safe is a good PAM tool.