How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
We are a technical services company and this is one of the solutions that we provide for our clients. It is used to manage privileged access for our customers and their server resources. One of our customers had administrators that shared credentials to access some of their enterprise applications. We needed to remove those credentials because they were compromised at some point, leaving other people to access them and the organization was not able to keep track of who was logging in, or what they were doing at any particular point in time. Implementing this solution has allowed us to remove most of the credentials from those applications move them into a proper management facility.
At one point, our users shared credentials to access some enterprise applications within our environment. We had to take off user credentials because those credentials were getting compromised at one point. We also had trouble keeping track of who logged in or when people were doing work at any given period of time. With this solution, we're able to log the credentials from those applications and then move it into the facility for proper credential management.
Our primary use case of this solution is data access management. When you have a complex infrastructure you obviously need a solution that can monitor the activities that are going on in the infrastructure. The usernames, passwords, and activities have to be monitored, and this program helps you with that. So it is nothing but a monitoring and security tool that will monitor all the infrastructure activities and help you to manage the passwords of the infrastructure so that the passwords are not being exposed to the third parties or your users. These passwords will be secure in your infrastructure and be rotated as part of the compliance policies.
In terms of meeting compliance objectives of securing endpoints, this product is very useful. It works for things like ISO, PCI, DSS, and the CIA. BeyondTrust meets all of the technical requirements from the compliance perspective. The vault, remote access management, and VP enlisted VPNs will become very useful in terms of being able to manage and maintain infrastructure security without having the complexities of changing passwords all of the time. It also helps to maintain all of the compliance objectives with password complexity changes. All of those things get managed under one product tree.
The primary use case for BeyondTrust is for when one needs to control the administrative accesses on their critical assets, whether that be Windows, Linux, or UNIX servers, databases, and application servers.
There are multiple use cases for this solution. There is the auto-discovery option for PowerBroker Password Safe, which can discover all the local accounts on any of Windows, Linux, or Unix. It can work with Active Directory and onboard Active Directory accounts automatically, if the correct credentials have been provided for AD. When it comes to databases, it also governs and controls all of them. It can integrate with Oracle Database, SQL, Oracle Linux, or other database environments.
We use it for the password management (of privileged password management).
We use it to limit user privileges.