The most important factor is the ability to invoke least privilege, which is required under 27701 and GDPR.

We have used the solution to remove users' administrative rights and instead provide on-demand, token-based administrative rights. The latter is an option for a single, temporary increase in privileges for a trusted user for a specific time. We use it in a medical environment for HIPAA compliance or medical compliance in a GDPR case. For example, if you have a clinician who needs access to a specific piece of medical information, or if there is an administrator who needs to have administrator rights to a particular database for a limited period of time, we can give it and then revoke it. That's another reason the tool is useful.

Also, the fact that we are able to add events straight from event logs and/or the database is important for crisis management and rapid reaction. This ability helps us meet our SLA requirements.

In addition, we can elevate approved applications and actions without broad administrative rights. We can temporarily increase privilege based on tasks.
If someone puts in a ticket, we increase their privilege for that ticket. We then watch to see if that ticket has been resolved and then we decrease it.

Another feature of the platform is instant risk reduction solutions. We can do a risk metric with it, and we do that as part of our risk evaluation. We can increase and decrease privilege and we can actually show that in the ISO 13485 risk metric.

And it provides a single solution for managing endpoint security preferences. It does a good job of that.

The privileged access and the application control are helpful in making sure we have good, robust challenge responses. Blacklisting with trusted application protection is also beneficial for us.

I find the comprehensive Privilege Access Management features valuable, including automation, and the ability to integrate with applications and the Windows operating system.

I find the solution’s features like section management, password management, and analytics valuable.

The whitelisting feature is valuable. It is a good feature. My organization is using more than 10K applications, and we are using EPM to whitelist applications in our environment and allow those applications to provide some tokens and make them work. If users want to install an application on any device, instead of giving rights to them, we basically whitelist that application, and we provide the token to the application so that they don't prompt for elevation.

The logs are also good. Logs that get collected on the Privilege Management console from the agents are very good. They help us to identify the aspects from which we have to whitelist an application.

The most valuable features are the development tools. We use them for coding, such as VS Code, iTerm, and Brew. These activities often require sudo access to execute the code. So, we have granted sudo access to standard users through EPM.

One of the valuable features is the absence of any local user in a unique system. All users are defined in the AD; communication is only between Unix and AD. When you log in, there are no local users on any unique system you access.

Another valuable feature is privilege management, where only the command steps needed to be executed given to the user, and they cannot execute more than that.

The notable aspect is its ability to capture the application's behavior comprehensively and this thorough analysis is crucial for effective policy management. During troubleshooting, the event capture feature, known as PG capture, proves invaluable. By leveraging this functionality, administrators can quickly identify processes through Windows Event Viewer. The obtained insights from these events can be utilized for immediate problem resolution. Furthermore, the reporting feature facilitates the seamless addition of policies based on the gathered information, making it a standout and practical feature. In the event of attackers attempting to execute malicious files that require admin privileges, it intervenes at the initial stage, blocking such attempts outright. The incorporation of a chat feature and the adoption of BeyondTrust's Trusted Application Protection further enhance security measures. Organizations often opt for implementing policies from this application suite, safeguarding fundamental applications like Office, Adobe, and browsers.

The solution's least privilege enforcement has helped us ensure access is given to only the required people.

The solution's most valuable feature is its ability to publish the application remotely instead of logging into the server. You can just run the software from the remote server. 

It is straightforward. It is a good technology, and it is made to do one single thing.

The solution can do so much. It's quite flexible.

It's a great tool.

It's nice to have admission tools without having to remember the password. You just have to click on whatever you need to do and you get temporary access. 

The product is stable.

Technical support is good.

The solution can scale.

It's relatively straightforward to set up, especially if you are deploying to the cloud.

Technical support has gotten more responsive.

It elevates the user to perform admin tasks without the user being a part of an administrator group.

PowerBroker allows elevation of required actions or application and eliminates the need of user having full administrative access. There are immense security and administrative benefits associated with removing users administrative access on the workstation.

PowerBroker allows the elevation of certain actions based on different whitelisting abilities. This can range from restarting services, installing software and allowing applications that require administrative privileges to run.

It is very similar to the UAC components built into Windows but gives us a lot more control surrounding the elevation

I'm a BeyondTrust partner and I have multiple deployments, four or five banks right now. The features that give us quite an edge compared to what our competitors are offering - like IBM or Thycotic - are the Session Management, that is quite a big one; also the recording of keystrokes. In addition, there is the password vaulting and state-of-the-art Password Management, which I haven't seen in other products.

It also provides a granular approach through the Management Console and manages all the operations "from the inside out". It is easy to explain and easy to manage.

The tool is easy to use and deploy. It has PAM capabilities like privilege access. The solution helps with the management of third parties and vendors. It is an effective solution compared to other alternatives. 

What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. 

It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy.

I like that I can remove local admin privileges from developers.

I would say session management on the go is the most valuable feature. When the session is going on, you can stop the session without terminating it for justification. You can cancel it. The recording takes very little space. Those are some things that the customers are worried about when they talk about session recording.

The other valuable feature is out-of-box connectors. BeyondTrust has partnered with many well-known companies. Other PAM products are not there yet. The number of out-of-box connectors BeyondTrust has is really good.

The main areas of focus of BeyondTrust products is Privileged Access Management. Along with it, they've also bundled the PAM solutions with a Vulnerability Management solution. We all know Retina Network Security Scanner has been around for more than a decade now and anybody would agree with me that it has been a most comprehensive scanner. BeyondTrust bundles these two areas of security - PAM and VM - with an extremely rich reporting & analytics platform – BeyondInsight - which gives actionable intelligence to SMBs as well as large enterprises.

Along with PAM & VM, PBW allows implementing a strong workflow in the organization, with regards to accessing the most valued resources of the enterprise. The request-approval process along with session monitoring and recording, could prove a very strong deterrent security control for actors with malicious intent.

With all the other features, such as asset inventory, scanning, jobs scheduling, etc., BeyondInsight offers an intelligent platform for reporting and analysis of the collected information from the customer's environment. It presents the information in the form of heat maps, risk maps, ROI graphs which are very useful for presenting to your senior executives during your budget planning. Overall, it has proven very useful to all individuals from engineer to the 'C' class of the company.

The features related to application elevate is amazing. It helped the company to remove almost all admin local users.

The solution is very fast.

The solution offers good authentification. It makes managing passwords and access easy and ensures that access is granted only to respective people and/or organizations.

BeyondTrust has very good integrations with quite a lot of security vendors such as SailPoint, IBM, FortiGuard, Splunk, etc.

The privileged access management into sensitive systems is very valuable. That includes control from the endpoint all the way through to the managing of passwords and credentials that are used by the person to access the sensitive information. It's very useful because nobody ever really maintains passwords for those endpoint systems. It's maintained in the Dropbox password file.

The most valuable feature is the asset discovery, which makes it very easy to locate and identify assets and pull them into the manager.

The asset discovery feature is the solution's most valuable aspect. It's very easy to pull assets into the database of the solution manager.

Password management, as it is a core function; passwords are a frequent hacking point.

Privileged password management.