BeyondTrust Privileged Remote Access Valuable Features

Sean Rall - PeerSpot reviewer
Lead Developer at a computer software company with 11-50 employees

In recent days, the most valuable feature would be the Vault. Overall, the most valuable feature would be that ability to do remote support.

Vault does a good job of providing visibility for domain accounts, endpoints, and local accounts associated with discovery jobs.

The report tools are very robust. I know they have their report tools that you can filter through, which also give you access to the data. So, if you ever want to just do a data dump and your own analytics on it, then you could, which is really nice. We also integrate with the API for reports, which is really nice as well.

View full review »
SteveJenovai - PeerSpot reviewer
Sr Technical Product Manager (Sr. Consultant at Computronix) at Computronix

I don't know if I could pin down the best features to just one aspect. In terms of our users that use the product, it's really the overall ease of use. It saves our team hundreds of hours every year.

We like that Privileged Remote Access does not require a VPN. I suspect at the end of the day, if I used a one to ten scale, I would give it an eight. It's pretty important. Not having to go through a VPN is a win.

The security provided by PRA when it comes to access for remote and privileged users has been outstanding. It has met all of our objectives, everything from password rotation to securing and allowing us to clamp down access to the auditing and monitoring features.

When deciding on this solution, it was somewhat important that PRA is available in multiple formats as a physical and virtual appliance or SAS. We certainly needed virtual appliances. Over the long run, we may go with SAS.

PRA has had an effect on our network security. What I would say in terms of the effect is there's a whole element of password management that no one in managed services really needs to take care of anymore. That in and of itself has been a huge time saver.

It is extremely important that, through the use of a PRA, there is no need to share passwords with users. That takes us right back to the NIST 800-53 requirements.

We do use the solution to provide access to third-party vendors, however, not in the way intended, as we don't really let vendors in. In terms of the customers who purchase our platform services, there are instances where they need to be able to have access to the environment that we create for them. We are using the vendor features to give them access.

It is very important that PRA offers us SSO authentication. We use that for all of our users.

View full review »
Lance Jones - PeerSpot reviewer
Information Technology Operations Manager at a educational organization with 5,001-10,000 employees

We can truly elevate our admin rights while we're in there to fully take control of a system and manage it as if it was sitting right here on our desk. Most of the organization has gone to remote work or work from home. With that being the case, this solution allows us to be able to still work with our end-users, even though they're not always sitting on our network.

View full review »
Buyer's Guide
BeyondTrust Privileged Remote Access
March 2024
Learn what your peers think about BeyondTrust Privileged Remote Access. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
KL
Sr Cyber Security Manager at Honeywell International Inc.

It has been semi-easy to configure.

The visibility of the solution's Vault works as it is supposed to: out-of-the-box for domain accounts, endpoints, and local accounts associated with discovery jobs.

It is important to us that PRA offers SSO authentication. Our strategic requirements for NIS control, CCMC, and other regulations want us to do multifactor and single sign-on. 

View full review »
Aaron Margerum - PeerSpot reviewer
Systems Engineer at NRC

I like all of it. You can access computers that are on a DMZ. You can access computers that are off the network and on the network. You pretty much have access to computers wherever they are. As long as they have the client on them, you can get to them. So, it is convenient, but its main feature is that you can use your smart card to elevate your privileges remotely. That's a great feature.

Another great feature of it is being able to use it on mobile phones as well. If it is an agency or a company that has a lot of BYOD devices or company-provided phones and tablets, you can provide support for them as well.

Their support is A+. I've spent many hours on the phone with them. They're very prompt. They call you right back. They follow up all the time, and they stick with you all the way until the issue is resolved. I've never had a problem where I was not able to contact anyone.

It works perfectly. I haven't had any issues with the service account or anything else. It is almost a set-it-and-forget-it solution. Things don't break that often. The way it is set up now, I have no issue with it. It is a good system.

It makes remote access highly secure. We don't have a fear that anyone is eavesdropping on a session. In that aspect, it has had a positive effect.

View full review »
Chase Cole - PeerSpot reviewer
Sr. Systems Administrator at Rayburn Country Electric Cooperative, Inc.

It is a real fortress. Its security is very strong. Multi-factor came as a feature out-of-the-box, which was big for us. That helps us meet another compliance requirement. It enforces encryption. Nobody can see what we are doing in our remote system if they happen to be listening for unencrypted traffic. That is its biggest strength.

Having a VPN just means maintenance. I have worked in the industry for around 10 years and have never enjoyed really working on anything requiring a VPN, either working over it or supporting it. As far as IT is concerned, it is no longer a great technology. We like how this solution uses a protocol that enforces encryption right away, like HTTPS. So, the solution is good to go and takes out one of the moving parts, since VPN can get quite complicated.

PRA is available in multiple formats: as a physical and virtual appliance, or as SaaS. We appreciate the flexibility, though we went with the physical in our deployment. We might go to the cloud or use a virtual appliance later. Therefore, I appreciate the flexibility. However, we went with the reliable physicals.

PRA offers SSO authentication, which adds to the encryption suite. You need to have it in order for the appliance to work. It makes compliance easier.

View full review »
PR
Lead consultant at Aujas cybersecurity

I like the enterprise credential manager. It's a connector that sits in PRA and tests the credentials for the end user with a process that will clean the password. This is one of PRA's primary features and simplifies user onboarding. There aren't many restrictions or complications. We can add the user while only opening one port, which is more than enough to access the PRA server. Every organization requires only four critical servers out of a hundred and some 50 production servers.

In PRA, it's easy to secure production and non-production environments. You can secure an organization's entire ecosystem. On a development server, we have privileged access and essential activities we will perform in production. The development server will be onboarded, and the consumed license will be less compact than other products.

Connecting to the target server takes at least 30 seconds with other tools. It is more straightforward in PRA, so the target connection takes five or ten seconds. Managing users, accounts, and services and upgrading the agents are all incredibly straightforward.

There are two methods of integration. We don't need to create accounts when it's onboarded to the PRA solution because the same server has already been onboarded to the process. You can initiate multiple sessions across the solution whenever your user wants. You can open the same server and various licenses. Users can unlock numerous servers and other products, features, and tasks. Users who don't want to access the server directly can initiate a connection without worrying about the desktop. 

Let's say I'm a user with access to the production server. I'll be using a privileged account with access to the development server. Usually, a PAM solution will try to secure one leader-created account so they don't need to worry about the development account. There is a single pane of glass so the user can be brought into the PRA solution in a fraction of a second. My area account will be given to the dynamic team to add some security groups, and the security group will be added to my PRA solution. If I'm in that security group, I'll be able to see all my servers easily.

Nobody can log in through my server without PRA access, so it maintains excellent access control. Even if I know the password, I cannot access the server because that is a restriction we can implement across the organization. We can ensure that any protocol—43, 00, SDP, 22, etc.—goes through PRA. This is a simple tool, and any access management person can easily handle it.

They can see the system information, including the voice operating system details. Everything will be flashed over there. There are two methods of connecting to PRA: jump client and jumpoint. The jumpoint method is agentless. If there's a critical server where the owner doesn't allow you to install an agent, you can still onboard that server into the PRA solution with the agentless method. 

Another great feature is built-in remote support. If an administrator needs help from the vendor, a third-party provider, or someone else within their organization, they can invite the person from within the PRA console. We can restrict the person's access to only what's necessary to provide support. With other tools, I would need to set up a video conference on WebEx or Teams and share my screen with them, and everything is in the picture. 

PRA lets you invite somebody immediately from within the console. There is a small tab on the right side. I can put the email address in and send an invitation to the other person's mailbox. They only need to launch the URL to join my session quickly.

This works on mobile devices. They can use their mobile phone to log into my session and access me. If they want to do mouse control, I can allow them to work on my screen. I can minimize my session and do other work. I can also see a complete recording of the third-party support's troubleshooting steps.  

I can provide direct access to the vendor through a separate app, but I have to open that domain. For example, if you are from XYZ domain, I can just add the domain to PRA and provide access, but creating an AD account for the vendor is a better option. However, most organizations will never give direct access to any third party. Instead, we'll create a dummy account that will be set up using my ID, and that account will be shared with you. I must access that secure area through my account whenever you want to log in. It's convenient for the third-party vendor, and the session is monitored, so you don't need to worry about complaints.

Third parties shouldn't have direct access, but maybe some guy also can log into the domain using this password. We create an account in our environment that provides access to the PRA control. They can easily access the solution using their account in my domain.

The vault functionality is straightforward. I have an account managed by Password Safe, which holds the password. Every password change is tracked in the vault, so I don't need to worry about that. I log into PRA and launch a server. Then it will prompt me for my service or local account. It's my only account. I can keep the service account, and this PRA solution will pull the service account's password from the vault. It is going to this credential over here when I log into the PRA solution, which works in this space.

BeyondTrust has multiple products, including Password Safe and PRA, integrated natively. Providing direct access to Password Safe might cause some issues, which is why PRA exists. We want to restrict the direct access to Password Safe for anyone except the password administrator. A user could be an administrator or end-user when they are onboarded to our service area, and the administrator will be onboarded for the accounts in Password Safe.

That's why we keep passwords in the vault and only provide access to the PRA solution. PRA will retrieve the passwords. If there is a server on which other services are running, PRA doesn't consider anything like it for the account. You can initiate the session and open the session server. You can see what services are running from there or whether the password has changed. 

Password Safe performs every job, and PRA is only an intermediary that takes the password from the person and opens the session. It's like a proxy server or a jump server.

View full review »
Temitope Popoola - PeerSpot reviewer
Specialist, Server Administration at IHS Towers

One of the features that I really like about it is the ability to set a start date, time, and end date for the access. For example, you can set the access for a person from tomorrow, Monday, or Tuesday and ending on a specific period of the day or a specific date. That's really quite helpful.

You can use the solution to access not just the Windows environment; you can also access your Linux devices and even your network devices. That's a very cool feature for us.

View full review »
Sorin Hrincu - PeerSpot reviewer
PAM SecOps Team Manager at a tech vendor with 5,001-10,000 employees

The auditing capabilities are valuable because of the fact that the Privileged Remote Access platform can track and record everything that happens within a session. The solution also has integration with authentication providers, which is critically important. It allows multiple-factor authentication and also allows us to configure access based on groups and organizational units.

One of the most critical features is that PRA eliminates the need for a VPN. The fact that PRA can establish secure encrypted connections and limit those connections only to certain protocols eliminates the need to have one or multiple VPNs and administer and manage all of them. 

Another critical feature of not needing to use VPNs is that it also reduces the number of individuals who would have access to critical information, like authentication for those VPNs. I rate the security provided by PRA when it comes to access for remote and privileged users a four out of five.

Lastly, managing access through PRA rather than VPN is much more convenient, much more granular, and more efficient.

View full review »
CJ
Security Analyst at Secland

I like the ability to have locks on every session and connection that happens on our system from the outside. So, we can do a review or investigation if something happens.

The proxy mode allows us to reproduce our attack surface.

It is really secure for remote and privileged users. It has helped us to go into detail on what someone can or cannot do on each system.

We can find real information that we need in terms of auditing and access using the Vault feature. In terms of visibility, we have all the information that we need.

PRA stands on its own as a full solution. This is important because it reduces the need to maintain a lot of different services. Also, the integration between those services are sometimes not easy to maintain. So, having a solution like BeyondTrust Privileged Remote Access reducing our workload gives us enough time to work on our other issues. The system just runs and does what it is supposed to do.

View full review »
PR
Lead consultant at Aujas cybersecurity

When it comes to the Privileged Remote Access (PRA) solution, instead of depending on a VPN client, from Cisco or any other vendor, we can directly use this product from the internet. It is very easy to do the implementation, and it is easy for every user to access the server from outside of their organization. They can open the URL and put their name and password, and it'll do the multi-factor authentication. They can easily access the server. Prior to this solution, the users had to log into the VPN, which is not required with BeyondTrust. Now, they can use their computer over the internet. In Privileged Access Management (PAM), the AD bridging feature where you can bring all your Linux boxes into the tool is an important feature.

View full review »
Anil Kumar 1 - PeerSpot reviewer
PAM Security Consultant at Cybersec Consulting

The solution has the best screen-sharing feature. We can invite external vendors without exposing any credentials or network access to them using it.

View full review »
RH
CEO at MICRODYN AG

It's one of the most secure products in the market. 

They have very good support. They have really have great support.

It's everything that we need. It's like a Swiss knife. We can do everything with that to produce what we need for Privileged Remote Access reasons. 

Every three to six months they bring new features like processes, access processes, and things like that, which are unique in the market. I have not seen other solutions offering what they offer.

The documentation is really great. It's cool. You can download all the documentation you need at any time. They've done it in a great way.

The API is great and we can automate anything that we need with the product.  

If you know what you are doing, it's not a difficult setup.

The solution is stable.

The scalability is excellent. 

The solution offers many great integrations.

View full review »
PD
IT Specialist at a comms service provider with 11-50 employees

We like the integration with Active Directory. It allows us to discover the endpoints and user accounts that need protection. It's a good way of securing our privileged access.

Another feature I like is the approach to jump points. Jump points are the external-facing proxies, which use the same outbound HTTPS connection method as the jump client but allow the initiation of RDP connections, et cetera, into the downstream networks. This feature was the key selling point for us in choosing BeyondTrust PRA. 

The security provided by the solution regarding remote and privileged access is about as good as we can get without completely locking down permissions. Going with PRA is the best step if a client is looking to lock down administrative access with a remote solution while applying the principle of least privilege. 

We used the solution's Vault to add not just service accounts but also the users' main administrative accounts discovered through Active Directory. We limited permissions, so users couldn't even review their account passwords. This was managed in the Vault and injected into each session. 

Compared to other products, PRA is one of the better ones. We need to start the discovery manually, but it's comprehensive and clear. It allows us to select what to import and has the automation behind it to manage endpoints and accounts, which is a valuable feature for any enterprise business.

The physical solution wasn't as important to us; our architecture strategy was SaaS first, virtual later. If BeyondTrust didn't have a SaaS offering, we would look at availability to install it in one of the public cloud offerings on the market. Having the SaaS option available, especially for medium-sized businesses, is very much something that gives BeyondTrust an edge in the market. 

The solution improved our network security. Especially regarding remote vendors, it allowed us to complete our network segregation goals. We could close down all external access to that network and leverage PRA as the single entry point. 

Not needing to share passwords is essential to us. We have peace of mind knowing nobody can view passwords, share credentials, and operate outside their defined context within the network unless they have explicit permissions. That helps us sleep at night.  

Previously, third parties had VPN access, and it was important for us to shut that down. Now that the entry point is closed, there is only one dimension for us to consider; which vendor has access to what. This makes management and the general security picture clearer.  

SSO authentication was one of our main requirements, so that integration was crucial. It allows us to provide quick access to the tool itself using the same credentials. 

The solution stands above its competitors in this regard. Using the team functionality allows us to create groups of users with a team leader who can monitor those sessions. This functionality works great, and PRA is at the top of the spectrum here. Having somebody at a physical station and someone remotely accessing the station works very well, especially for training purposes. The recording functionality is another nice feature; the video view is small but can be expanded to a larger view. 

View full review »
ES
It Manager

The project goal was to allow staff to run applications with admin privileges without being admins, which was the product's most important feature.

The company had distinct groups of staff with different requirements, which weren't fulfilled by giving them all admin rights. The solution's data granularity allowed us to define specific use cases and population types and categorize users based on that. This gave us good control over the system. 

Privileged Remote Access not needing a VPN was a requirement in this case, as the user didn't implement a VPN, nor did they want to. This feature was a plus for the customer. 

From what we observed the security provided by RPA is very good. 

The solution being available in multiple formats was necessary in this case, as the client was adamant that the solution needed to be SaaS; a requirement for their IT configuration. The ability to test issues was crucial to them. 

The solution has improved the security of the client's network. 

Not needing to share passwords was crucial to the client. They were hesitant about credential sharing because of the suffered cryptographic attack.

Having an all-in-one solution was vital in this case, as most of the users did not have technical expertise. This necessitated a solution that is easy to use and implement, and an all-in-one solution simplifies the process significantly. 

View full review »
AH
Presales manager at a security firm with 11-50 employees

The most valuable features of the solution are the seamless features that allow you to use the password without manually copying it while also providing it in a clear format. The solution's feature injects the password directly into the application you use.

View full review »
it_user843969 - PeerSpot reviewer
Head of Communications at Stadt Winterthur

The most valuable feature is that this solution can be implemented regardless of the operating system. It can be used with Microsoft, Linux, Unix, and Cisco, and we can use the same product to access every different service.

This solution is simple to use.

View full review »
SH
Cybersecurity Architect at a tech vendor with 1-10 employees

This product is very stable and scalable. This is an excellent platform. 

View full review »
JL
IAM Senior Solutions Architect at a tech services company with 1,001-5,000 employees

Its security, simplicity, and ease of deployment and maintenance are the most valuable. It is FIPS compliant, so it goes through severe penetration testing every one year or two years. They have to maintain this compliance. It is very safe.

Customers have been using it in the last eight years because of the simplicity of getting it deployed quickly. Most of the people using the solution had been hacked already, so they needed it quickly. As compared to the other solutions in the market, it can be turned on in production very quickly. You don't really need to have a server. It can be deployed very rapidly on VMware or Hyper-V, and you don't need to do an installation. It is a kind of an all-included package that you just deploy in a VM environment. It is basically a VM that is specifically built for a customer. The way the PRA data solutions work is that you need to build them for each customer because of being hard-coded with their SSL certificate, their web page name, and all that.

View full review »
Buyer's Guide
BeyondTrust Privileged Remote Access
March 2024
Learn what your peers think about BeyondTrust Privileged Remote Access. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.