BeyondTrust Password Safe Reviews

The use case was to integrate BeyondTrust with the organization and onboard servers and accounts. We created Smart Rules and used other features for automatic onboarding and integrating BeyondTrust with various components in the organization, such as SNMP, SIEM, and AD.

It reduces risks. Beyond Password Safe manages all privileged credentials. It takes care of the automatic rotation and connection to the target servers. It reduces a lot of risks of cyber attacks, malware, and ransomware.

It is very important to us that Password Safe provides integrated password and session management in one solution.

Its customization features help us to manage most assets, databases, and applications. With the plugins and customization features, we can connect to databases. We can also connect to Windows and Linux. When I worked with it in 2018, we also had to use one of the plugins to connect to a mainframe. It supports a lot of different platform connections.

The Direct Connect feature allows us to use existing tools such as MobaXterm, PuTTY, or SecureCRT. There is a feature that power users can use to connect to the log server every day. This way, they don't have to go through the web portal. They can just connect to their target server by using MobaXterm, PuTTY, or SecureCRT.

Smart Rules is a nice feature in BeyondTrust. It is a unique feature that BeyondTrust has as compared to other vendors such as CyberArk. With Smart Rules, you can do automatic onboarding of accounts. There are a lot of options and features. For example, you can do onboarding based on different AD attributes. It is a nice feature in BeyondTrust that some of the other PAM vendors don't have. With other vendors, we have to create our own scripts, whereas, with BeyondTrust, we can just use the in-built Smart Rules.

In terms of the intuitiveness of the user interface, I find it to be pretty good as compared to the other products. It is user-friendly, and in terms of the looks and feel, it is one of the better ones.

I find it a little bit confusing because you have the management console, and then within the management console, you have access to different admin consoles. There are probably two or three different ones. I wish they would place all those different types of consoles into one main one so that we don't have to access two or three different consoles to do the work.

When we deploy BeyondTrust, we have to deploy our own database on a SQL server. It doesn't deploy the database. I wish BeyondTrust packages the whole solution in one and includes the MySQL database so that when you deploy it, it deploys everything for you. BeyondTrust gives you the software, but you are in charge of setting up your own database. It is a single appliance just for the BeyondTrust portion but not the database. Unless that has changed in later releases, you have to set up your own database for BeyondTrust Password Safe. I find that part complex because we then need the expertise and help of the database team to set it up, which also increases the deployment time. If they can deploy the database, it will reduce the deployment time.

Their documentation is not very detailed and thorough. In case of any issues, a lot of times, we have to go through their professional service. They need to update their documentation and create a good knowledge base for us so that when we run into problems, we can go there and search for common issues or problems.

I have been working with this solution for about three years. I have used it on and off depending on the companies I worked for.

It is average because we did have issues with some parts of the solution.

Its scalability is good. It is very scalable. We didn't have too many users because we switched over to CyberArk after two years, but the plan was for 500 end users.

We don't have plans to increase its usage because we switched over to Cyborg earlier this year.

Their documentation is not very detailed. A lot of time, we have to go through their professional service. We do get really good people, but they should provide more and better documentation and knowledge base so that we can solve a lot of issues on our own instead of going through their professional service.

Their professional service or technical support is very good. When we opened a case, sometimes, they answered within a day, and sometimes, it took five days before someone answered the ticket, but when we do get someone, in general, I found most of them to be very good. I would rate them an eight out of ten.

Positive

We didn't use any other solution before BeyondTrust, but we recently switched over to CyberArk.

The process of migrating end users to Password Safe varies from organization to organization, but overall, if you have all the proper workflows, it isn't difficult. With PAM, half of the work is related to processes and policies, and the other half is related to technology. In terms of the technology, I found it to be pretty straightforward, but you need to have all the policies defined in advance.

It wasn't too difficult for us to integrate Session Management into existing business processes. You have to provide the connection strings. The difficulty level was average.

I was the integrator for one of the projects. As a part of their purchase, they also got a certain amount of hours of professional services from BeyondTrust.

We had a team of about five people for its deployment and maintenance. There were two DevOps and two BeyondTrust admins.

We didn't see a return on our investment.

The pricing of BeyondTrust is very good as compared to other products. That was the main reason we decided to go with BeyondTrust at first.

I wasn't involved in its procurement. They had to go through their due diligence. They probably had four PAM vendors, and they went through their procurement process.

Functionality-wise, it works. Everything works well, especially with using Smart Rules. There is a big learning curve to deploying and maintaining it because when you buy this solution, it doesn't come with a Password Safe database. You have to deploy that yourself. If they can package a database with Password Safe, it would be better and more user-friendly. It will cut down the deployment time. They should also improve their documentation, knowledge base, and support on their website. There is not a lot of good information.

I would rate it a six out of ten.

The solution is used for password management. We can manage access to applications and systems in the organization.

The solution protects organizations from internal and external threats. Everything's up to date. Whenever we need information, we find it.

The integration with Secure Remote Access must be improved. It is in the process of being discontinued.

I have been working with the product for one year.

I rate the tool’s stability a ten out of ten. The tool is rock solid.

We have less than 50 users. We provide support to our customers. We have about 10 to 20 engineers in our support team. I rate the tool’s scalability a ten out of ten.

Whenever we log a support ticket, the support persons respond very promptly. They are very quick.

Positive

The installation is straightforward. The deployment takes three to six hours. It depends on the requirements. Some customers do not have high-quality systems. Their systems and internet connections are slow. If everything is in place and the systems are good, the deployment is very quick.

We have seen benefits from the solution. Security is the most important thing. Once we have it deployed, we can rest assured that our organization is protected from insider and external threats.

The product is quite affordable. Considering the quality of the product, the pricing is pretty good. I rate the pricing an eight out of ten.

I recommend the solution to other users. I am happy with it. Overall, I rate the product a ten out of ten.

We are using it for vaulting and proxying the admin session. It is not yet implemented. We will implement it at the beginning of 2021.

Session recording, password rotation, and password vaulting are the most valuable features.

Its documentation can be improved. Its documentation is currently complicated, and it is not good. It needs to be better.

Their technical support can also be improved. It is not bad, but it can be better.

Its stability is pretty good.

It is very scalable. We started with three different sites to implement this product, and we, for sure, will implement it for the fourth site. It is easy to install any kind of component inside this environment.

Their technical support is not that bad, but it can be improved.

I use CyberArk and BeyondTrust. In terms of functionality and how they work, they are pretty close, but I prefer BeyondTrust. For vaulting, I like CyberArk a little bit more. For all other things, such as session recording and proxy, I like how BeyondTrust works. To proxy a session on Linux or Unix with CyberArk, you need to create an account each time on the remote site or the device to which you want to connect. BeyondTrust is different. You use a Windows machine, so you can connect with an AD account. It could be a functional account, a privilege account, or any other kind of account, but you use the same account instead of using a new one each time. Monitoring or auditing is easier with BeyondTrust than CyberArk. BeyondTrust is three times less expensive than CyberArk. 

It is complex, but it is not only about the product. You need to have good governance and guidelines for password management and session recording and for proxying all those sessions. The process before implementing the product involves more work than setting up the application. It took us one year to design and do some testing in a non-prod environment. We will start the projects and deployment at the beginning of 2021.

It has subscription-based licensing. BeyondTrust is three times less expensive than CyberArk.

You need to be very clear about how to implement vaulting or the session recording mechanism. If you don't go with an external partner to help you with that, it can very difficult to have a solid implementation of such solutions, whether it is CyberArk, Thycotic, BeyondTrust, or any other solution. Just because you installed these solutions doesn't mean that they would resolve 100% of your work. You need to have some processes for such applications, and you need to do some homework first. With the help of an external consulting company that knows how to implement such solutions, you can progress very fast.

I would rate BeyondTrust Password Safe an eight out of ten.

There are a lot of customers, worldwide, who use this solution, especially in the education sector. This solution is so niche that it's not like TeamViewer. It's basically designed and developed with enterprises in mind—it's an enterprise solution. It's built for a highly privileged and secure environment. It starts with a virtual appliance and physical appliance and then, now, to what's basically a cloud-based type of access. 

One of the most valuable features is that this is a product designed with enterprises in mind. 

I think that BeyondTrust Password Safe could be improved with more testing. In the beginning, they were practically using customers as beta testers. 

Maybe the product has evolved since I last used it, but if you look at PAM, privileged access management, whatever's out there has already been done. I don't see there being any other enhancements that are being made regarding PAM, except to support more cloud-based applications. 

I have been working with this solution for over 10 years. 

The early version of this solution was not stable. It was terrible, but I think they eventually got their act together and it's better now so that they can compete. I haven't tried a cloud version, but if you imagine a solution is 100% on-prem and suddenly turns to the cloud, you can imagine there will be a lot of testing and bugs and all that. I'm not saying the product isn't good, it's just that when you have a vendor that starts out on-premise and only turns to cloud in the past couple years, they have a long way to catch up to leaders such as Thycotic or Centrify. 

You've got to patch it every month, so how could that be stable? 

This solution isn't really scalable because it's Windows-based. How could any Windows solution be scalable? This is strictly my personal opinion, but I would believe that about 80% to 90% of people will agree with me. Windows platforms aren't scalable. 

I think that customers could see an ROI eventually. A lot of customers purchase the product because they have to get something implemented for GRC: governance, risk, and compliance reasons. So, if you don't buy any of them, then the auditor will say that you didn't pass the audit because you don't have that mechanism in place. This solution is expensive. Is it worth ROI? Yes and no. If they have to meet compliance and whatever standard requirements, I would advise the customer to at least look at two complete products first. This wouldn't be my first choice. 

This solution is not cheap—it's a very expensive solution. Very, very expensive compared to the features and functions that they offer. 

This solution is competing with Thycotic and Centrify, the leaders. Only in the past couple years did BeyondTrust turn from 100% on-prem and start offering cloud services, so of course they still have a long way to catch up with them. 

I rate this solution a five out of ten, to be neutral and in the middle. To those looking to implement this solution, I would advise them to fully test it out in their environment before even making the purchase. You've got to thoroughly test it—test everything, otherwise you might regret it. 

We use the solution to login through remote application solutions. 

The product has improved security and login due to the system recordings. In case, there is a doubt that someone has done something which they shouldn't have been doing, we can just go back and check what the user actually did. 

I am impressed with the product's session-logging features. We can also do multi-factor authentication with the product. 

We face screensaver timeout issues and problems with the server. I would like the product to include a server visibility feature. 

I have been using the solution for a year. 

I would rate the tool's stability a seven out of ten.

I would rate the tool's scalability a seven out of ten. If we need to add more users, then we need to add more servers to the environment. Around 500-600 users use the tool on a daily basis in my company. 

The technical support is through our vendor.

Neutral

The solution is difficult to setup due to settings. You need a specialist to configure the product. I would rate the solution's setup a five out of ten. We have two people involved in the tool's maintenance. 

I would rate the product a seven out of ten. 

We use the product for privilege account management and session management. 

BeyondTrust Password Safe is a good PAM tool. 

The product needs to have better integration with SAP products. 

I have been working with the solution for five to six years. 

BeyondTrust Password Safe is stable. 

The tool is scalable. 

I am totally satisfied with the product's tech support. 

Positive

BeyondTrust Password Safe's installation is easier on the latest OS. 

I rate the product a ten out of ten.