What is our primary use case?
There are three use cases that you can target. The first use case is the fact that some of your users may need admin rights for launching custom applications, such as Visual Studio, or they may want to install something on their machine on their own, or they may want to start, stop some services, change maybe system font, if the need arises, or install a custom font or change the driver, update the driver. Also, instead of giving full blanket admin rights, we can give selective admin rights using EPM in order to protect the company and the infrastructure from abuse. This is the first major use case.
The second use case is where we implement application blacklisting and whitelisting. If I don't want Adobe applications to run within my company, I can create a policy around that. Or, for example, if I have Adobe licenses, and those are only valid for version two to version three. Anything below two, I don't own and anything above three, I am not allowed to upgrade. Therefore, whitelisting based on version control also can be implemented.
The third use case, which not popular in my region, is where cyberattacks can be mitigated or zero-day attacks can be mitigated, by making sure we whitelist only the browser and only Outlook. If the browser tries to invoke a script or if Outlook launches say Excel or PDF as an attachment, and from there, if a script tries to launch, we will be able to block it. Therefore, making sure that the entry point of the malware itself is blocked is possible. That said, having said that, it has zero intelligence in checking whether the script is legitimate or bad. It's going to block everything. It blocks all and later you can enable it, if the need arises.
What is most valuable?
The solution can scale.
It's relatively straightforward to set up, especially if you are deploying to the cloud.
Technical support has gotten more responsive.
What needs improvement?
At the moment, they don't support Linux. For this EPM, they have a different product for EPM, for Linux.
The same company needs two different products for EPM. One works with Windows and Mac and the other solution is mainly created for Linux. They can try to merge these two and make one product. That would be an improvement. Being a policy administrator, I have to create, or maybe monitor, two different admin consoles for the policy due to the separation between the OS.
They have a troubleshooting utility or a quick start utility, a quick start policy. They need to come up with better integrative options which should be customer-centric. At the moment, it is from their point of view. A quick start policy is something that helps customers to remove admin rights on day one.
For how long have I used the solution?
I've been dealing with the solution for the last eight years.
What do I think about the scalability of the solution?
The solution is definitely stable. That's why within the last eight years, we are able to satisfy the most demanding customers in the world. It supports 10 users. It supports 10,000 users or even 100,000 users. It's scalable.
I'm not sure how many people collectively are using it in our company. I happen to have one specific area within my control. There are other technicians who will be implementing this from my own company.
How are customer service and support?
I've used technical support in the past.
The product was initially developed by Avecto. Then BeyondTrust purchased that company and they both merged together. Initially, the team was quite small. The company itself was small, and its support was not that good, in terms of response time. However, when they used to come online, their technical expertise was at par. It was way beyond our expectations. The only trouble was to bring them on a call, as the company was slightly small.
Fast forward six years, seven years. Now, the strength of BeyondTrust being a larger organization, we have better access to the technical team. Today, we raise a support ticket and someone will definitely assist by tomorrow. That's progress.
However, technical expertise becomes a challenge sometimes. Not always. Just sometimes. Any big organization will not assign an L3 person on day one. That's the architecture problem. Not the company's problem.
I may scream at the top of my lungs that I don't think this is something that an L1 can handle and they will not believe me. They would like to go through L1, and L2 and then eventually reach L3. That's the only issue with any big organization. It's an architectural problem.
How was the initial setup?
The ease of deployment depends on your requirement and your setup. If you are handling the cloud, then it's fairly easy. You simply download the agent and install the agent. The reporting is inbuilt. Policy management is inbuilt. If you consider other deployments, there is some friction, depending on the architecture.
What's my experience with pricing, setup cost, and licensing?
The licensing is paid on a yearly basis. I can't speak, however, to the actual cost of the solution.
What other advice do I have?
We are a partner and we sell and support this EPM solution to other customers.
We use both cloud and on-premises deployment options.
I'd suggest new users go slow. Instead of going bold. It's a powerful solution. If I create a beautiful policy, the product will behave beautifully. However, if I create an ugly policy, the product will show its ugly face to you, as it's just a brainless bull running around. You have to give it a direction. Otherwise, it can harm you.
Overall, I would rate the solution an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner