BeyondTrust Password Safe Reviews

BeyondTrust replaced the leading password management solution, offered vulnerability management and gave me a third-party patch management that integrates with Microsoft. To me, that was a win-win. 

It improved our overall return on investment by at least two-fold and gave us more intelligence on our assets than we expected.  

The sharing of intelligence gathered by scanning, and data warehouse cubes on the backend that gives us the ultimate visibility into our assets. 

I would love if they integrated Bomgar's SSO with BeyondTrust for the session recording that we use for vendors. 

Less than one year.

It has no problems. It's very flexible.

It will scale and has a built-in capability to augment expansion via external databases. 

Support has been very very good. 

We used CyberArk, and we found for an SMB that the product required more FTEs than we could handle. CyberArk is really meant for 100K FTE enterprises and requires a serious.

It is a complex product that has a lot of capabilities and does take some learning. They recommend taking their foundations class to understand and get the most out of the product. 

Very good.  (A-, or B++).

Good

Talk to references, look at Gartner and the positive and negative comments. BeyondTrust has the least negative comments of all the products and ties vulnerability management, scanning, password management, session recording, inventory management, intelligence gathering on attached assets. And when you look at all this together and price out separate options, the TCO is easy to justify. 

CyberArk's password safe.

It is a steep learning curve, but once automated, it makes your life a lot easier. 

We deploy in client environments. It's not deployed in our environment. Generally, its deployment depends upon a client's environment. Sometimes, it's hybrid. Sometimes, it's on-prem, and sometimes, it's on a virtual hypervisor or VMware.

We are currently deploying it for one of our Indian clients. For this client, we are deploying SaaS-based Password Safe, which is purely on the cloud. They also have BeyondTrust Remote Support. We are integrating both of them. BeyondTrust Remote Support is for tech support for their teams, and Password Safe is for password rotation, screen recording, and monitoring of their employees.

It helps to automate password rotations and manage privileged accounts. If your employees are supposed to rotate passwords for some period of time but they are not doing that, you can automate that.

It provides ultimate security through automation and Smart Rules. You can enforce password policies and access policies. For example, you have local administrator accounts on local systems. If you didn't write any Smart Rules for the local administrators, any employee with administrator privilege can make an administrator account, but that account will not get detected in our system. With Smart Rules, Password Safe can detect that administrator account and onboard and manage that account through an automated process.

The database team of a client had scripted or hard-coded passwords for databases. We were able to use the API scripts provided with the BeyondTrust Password Safe to retrieve the passwords. The database team had already written a script for database login. So, anytime the database team wanted to log in using that script, the password was retrieved from BeyondTrust Password Safe vault.

They offer a jump server or terminal server where we can configure the databases or other applications. A lot of customers have in-house applications, and even products such as CyberArk or Saviynt CPAM do not provide connectors to those because they are not common. BeyondTrust provides some flexibility there for application integration. We can write our own scripts. We can do scripting in our way and integrate it with any application.

Its user interface is easy to use. I also work with other non-PAM solutions, such as SailPoint and Oracle, and as compared to those solutions, BeyondTrust has a very user-friendly interface, and everything is also very well documented.

Screen recording is valuable, and integration with applications is easy. We can customize whatever we want. We did a lot of application integration using scripting.

We don't have much control over the appliance. When anything happens in the backend, we have to depend on the support team. We need to raise a case so that they can update the appliance. If we have control over it, we would be able to troubleshoot easily. 

They can improve application integration. They can provide out-of-the-box connectors for common applications so that we don't need to do the customization and write scripts from scratch for lots of applications. They can provide an application catalog with pre-configured connectors.

It has been two and a half years.

It's pretty stable. From version 21 onward, it has been more stable.

It's scalable. We can add as many active-active appliances. If the number of users of a client increases, we can increase the active-active appliances anytime.

One of our clients from the Middle East has a big environment with almost 55,000 users. That's our biggest client. There are also small-sized and medium-sized clients.

Their support is pretty good. They are available for any issues. I would rate them an eight out of ten.

Positive

I used CyberArk and Saviynt CPAM, but BeyondTrust Password Safe is better than both of them. CyberArk is the leader, but BeyondTrust Password Safe can easily take the position of CyberArk.

BeyondTrust Password Safe provides flexibility for customized application integration. BeyondTrust also provides lots of other solutions for remote support and privilege management for Windows, Unix, and Linux. We can also manage Linux servers in the Active Directory domain by using BeyondTrust AD Bridge.

Saviynt also has good capabilities. They don't have a very mature product for privileged access management, but with IGA, they're providing privileged access management, which is a plus point for them. 

BeyondTrust provides a single appliance with everything we need to deploy in the cloud. Nowadays, they're providing UVM appliances, UVM20 and UVM50, which are user license-based. We just need to do network configuration and minimal appliance configuration, such as default settings, threshold settings, etc. Deployment is very quick and easy nowadays.

Generally, the deployment takes a week, but it also depends on a customer's requirements and environment, such as whether they have a high availability environment with two or three appliances, whether we need to open certain ports, and whether we need to integrate with a database for session recording storage. Configuration of a single appliance only takes one or two hours, but there could be some delay from the client side in taking care of all the dependencies, such as opening required ports. That's why we keep one week for deployment in our plan.

Our implementation strategy depends on the client's environment. It depends on how the client wants the environment and whether they want high availability.

I have not handled the process of migrating end-users to Password Safe, but a colleague of mine has handled migration from CyberArk to BeyondTrust Password Safe. It was not very difficult. They could easily do it.

One person can do the deployment and administration of basic things for a mid-scale or small-scale client. It also depends on a client's requirements. If a client wants it done in a short time, we would need another consultant, but generally, one person can easily do these tasks.

You can follow its documentation for implementation. BeyondTrust has documented everything very well. They have clearly mentioned the port requirements and system requirements. They have good training resources on their website. You can easily follow them.

I would rate BeyondTrust Password Safe a seven out of ten.

The solution is used for password management. We can manage access to applications and systems in the organization.

The solution protects organizations from internal and external threats. Everything's up to date. Whenever we need information, we find it.

The integration with Secure Remote Access must be improved. It is in the process of being discontinued.

I have been working with the product for one year.

I rate the tool’s stability a ten out of ten. The tool is rock solid.

We have less than 50 users. We provide support to our customers. We have about 10 to 20 engineers in our support team. I rate the tool’s scalability a ten out of ten.

Whenever we log a support ticket, the support persons respond very promptly. They are very quick.

Positive

The installation is straightforward. The deployment takes three to six hours. It depends on the requirements. Some customers do not have high-quality systems. Their systems and internet connections are slow. If everything is in place and the systems are good, the deployment is very quick.

We have seen benefits from the solution. Security is the most important thing. Once we have it deployed, we can rest assured that our organization is protected from insider and external threats.

The product is quite affordable. Considering the quality of the product, the pricing is pretty good. I rate the pricing an eight out of ten.

I recommend the solution to other users. I am happy with it. Overall, I rate the product a ten out of ten.

There are a lot of customers, worldwide, who use this solution, especially in the education sector. This solution is so niche that it's not like TeamViewer. It's basically designed and developed with enterprises in mind—it's an enterprise solution. It's built for a highly privileged and secure environment. It starts with a virtual appliance and physical appliance and then, now, to what's basically a cloud-based type of access. 

One of the most valuable features is that this is a product designed with enterprises in mind. 

I think that BeyondTrust Password Safe could be improved with more testing. In the beginning, they were practically using customers as beta testers. 

Maybe the product has evolved since I last used it, but if you look at PAM, privileged access management, whatever's out there has already been done. I don't see there being any other enhancements that are being made regarding PAM, except to support more cloud-based applications. 

I have been working with this solution for over 10 years. 

The early version of this solution was not stable. It was terrible, but I think they eventually got their act together and it's better now so that they can compete. I haven't tried a cloud version, but if you imagine a solution is 100% on-prem and suddenly turns to the cloud, you can imagine there will be a lot of testing and bugs and all that. I'm not saying the product isn't good, it's just that when you have a vendor that starts out on-premise and only turns to cloud in the past couple years, they have a long way to catch up to leaders such as Thycotic or Centrify. 

You've got to patch it every month, so how could that be stable? 

This solution isn't really scalable because it's Windows-based. How could any Windows solution be scalable? This is strictly my personal opinion, but I would believe that about 80% to 90% of people will agree with me. Windows platforms aren't scalable. 

I think that customers could see an ROI eventually. A lot of customers purchase the product because they have to get something implemented for GRC: governance, risk, and compliance reasons. So, if you don't buy any of them, then the auditor will say that you didn't pass the audit because you don't have that mechanism in place. This solution is expensive. Is it worth ROI? Yes and no. If they have to meet compliance and whatever standard requirements, I would advise the customer to at least look at two complete products first. This wouldn't be my first choice. 

This solution is not cheap—it's a very expensive solution. Very, very expensive compared to the features and functions that they offer. 

This solution is competing with Thycotic and Centrify, the leaders. Only in the past couple years did BeyondTrust turn from 100% on-prem and start offering cloud services, so of course they still have a long way to catch up with them. 

I rate this solution a five out of ten, to be neutral and in the middle. To those looking to implement this solution, I would advise them to fully test it out in their environment before even making the purchase. You've got to thoroughly test it—test everything, otherwise you might regret it. 

We use the solution to login through remote application solutions. 

The product has improved security and login due to the system recordings. In case, there is a doubt that someone has done something which they shouldn't have been doing, we can just go back and check what the user actually did. 

I am impressed with the product's session-logging features. We can also do multi-factor authentication with the product. 

We face screensaver timeout issues and problems with the server. I would like the product to include a server visibility feature. 

I have been using the solution for a year. 

I would rate the tool's stability a seven out of ten.

I would rate the tool's scalability a seven out of ten. If we need to add more users, then we need to add more servers to the environment. Around 500-600 users use the tool on a daily basis in my company. 

The technical support is through our vendor.

Neutral

The solution is difficult to setup due to settings. You need a specialist to configure the product. I would rate the solution's setup a five out of ten. We have two people involved in the tool's maintenance. 

I would rate the product a seven out of ten. 

We use the product for privilege account management and session management. 

BeyondTrust Password Safe is a good PAM tool. 

The product needs to have better integration with SAP products. 

I have been working with the solution for five to six years. 

BeyondTrust Password Safe is stable. 

The tool is scalable. 

I am totally satisfied with the product's tech support. 

Positive

BeyondTrust Password Safe's installation is easier on the latest OS. 

I rate the product a ten out of ten.