Our use case was allowing users to connect with their regular, non-privileged user ID and automatically connect to a designated privileged account for target systems or databases. This prevented users from using their regular account as a privileged account. Instead, it used a managed, dedicated account in BeyondTrust Password Safe that only that the user could use. For example, my account "Gary.Jolley" might have a domain admin account "dam-Gary.Jolley" that I'd automatically connect to.
The use cases are essentially the same as those for any PAM solution. Like addressing security compliance, securing the network against threats, and protecting all identities with intelligence and minimal concerns. It also includes cloud security management, handling different shifts, and addressing workforce access, passwords, and the likes of compiance. It simplifies analytics, reporting, and secret implementation. Additionally, it reduces servers while increasing stability in privileged access. These are the general use cases that apply to all PAM solutions.
We use BeyondTrust Password Safe for server and database management of the accounts noted. We will be moving ahead with application management as well.
Senior Specialist at a financial services firm with 1,001-5,000 employees
Real User
2022-10-24T19:29:00Z
Oct 24, 2022
I use Password Safe as a fully-fledged conventional PAM solution; for SSH and RDP brokering to servers, whether that's Linux or Windows, as well as SQL and Oracle. I also use the product to publish applications using a jump box server and as a vault for user credentials to provide normal use and REST API through CI/CD integration. We have active and passive appliances and an offsite cold spare.
We use Password Safe to protect privileged identities and privileged access. The difference between any PAM and IM is that IM is basically for all the identities and the users in the organization. PAM mainly focuses on privileged access. For example, it can be to any database, or a Windows machine where someone is an administrator, or on a Linux machine where someone is root or equivalent to root, or any other web-based application where someone is an administrator. The focus was that any user should log into the infrastructure using PAM. Every user, administrator, and developer who logged into IT infrastructure used BeyondTrust Password Safe. I used BeyondTrust in my previous organization. We used version 22. They recently changed their version number so it matches the year. For instance, in 2022, the version number is 2022. BeyondTrust Password Safe is used so that all the activities can be recorded and logged. Sessions can be monitored, and all of that data can be audited later if needed. Generally in organizations, IT departments, or teams, people find it difficult to rotate passwords. If it's an administrator account, the passwords are generally not rotated. They're either shared between teammates, or the passwords are written down somewhere. With BeyondTrust, you can automatically rotate the password, and set the complexity of the password, the letters, the characters, special characters, upper case, lower case, etc. You can choose when the password should be rotated, and if the password should be rotated every day, every month, or after every use. You can enforce your password policies on these privileged accounts, which previously were not rotated that much. There are so many breaches. Recently, there was a SolarWinds attack where the password was solarwinds123. The privileged accounts were not safeguarded, and the passwords weren't rotated. People knew the password. But with this solution, no one needs to know the passwords. If it is implemented in the perfect sense, the passwords will be rotated regularly. Administrators who are logging onto the system's servers and databases don't need to know the password because the session is proxied by Password Safe's solution directly. You will see the applications, and it helps enforce least privilege, which is one of the main principles. With least privilege, if you are allowed to have access to only two servers out of ten, then you will only be given access to those two servers. You click on the machine you want to log into, and you will get the link. If you want to do RDP or SSH, click on that and the session will be launched. You don't need to know the password, and passwords are automatically rotated. The solution is deployed on-premises. In my organization, there were hundreds of users. There were different teams. In other organizations, I have seen 1,000 users at different points. At any given time, there might be 400 or 500 users. They are mainly admins and end users. End users can vary a lot and have different roles. They are the people who log onto the servers, databases, network devices, and web applications. There are a few admins, developers, and network administrators. Administrators are also end users in any particular instance because they're also the users and consumers of that particular service.
It is used primarily to adhere to SOC compliance and to provide what we call user/administrator segregation. We are an MSP. We do manage services, but we also do a lot of other things. We implement as well as do ongoing managed services. We don't use it in our organization. We have it in our lab set up as a running service so that I can go there and test something just to see what'll happen because I can do a snapshot of my system and then revert if things go wrong. That's something that I don't want to experiment with in a client environment, even in a test or a dev environment. I just want to test something. I can do that in our lab, but our organization does not use Password Safe.
PAM Consultant at a insurance company with 10,001+ employees
Consultant
2022-07-28T09:21:00Z
Jul 28, 2022
The use case was to integrate BeyondTrust with the organization and onboard servers and accounts. We created Smart Rules and used other features for automatic onboarding and integrating BeyondTrust with various components in the organization, such as SNMP, SIEM, and AD.
Technical Lead at a financial services firm with 5,001-10,000 employees
Real User
2022-07-25T10:42:00Z
Jul 25, 2022
We use this solution for password management. It allows us to control and manage passwords in a safe and secure way, and it records sessions. The solution is deployed on-premises. It's being used extensively in my organization.
Cybersecurity Architect at a tech vendor with 1-10 employees
Real User
2021-12-24T10:30:00Z
Dec 24, 2021
There are a lot of customers, worldwide, who use this solution, especially in the education sector. This solution is so niche that it's not like TeamViewer. It's basically designed and developed with enterprises in mind—it's an enterprise solution. It's built for a highly privileged and secure environment. It starts with a virtual appliance and physical appliance and then, now, to what's basically a cloud-based type of access.
Our clients' primary use case for BeyondTrust Password Safe is managing Windows Privileged Accounts, Linux, and Fit client databases, and for accessing a different database, like Visual Studio, SQL Manager, and things like that. We usually deploy it in a double server, high availability with disaster recovery. It is the primary software architecture.
BeyondTrust replaced the leading password management solution, offered vulnerability management and gave me a third-party patch management that integrates with Microsoft. To me, that was a win-win.
Beyond Trust Password Safe is an automated solution that combines password and privileged session management into a single platform. Password Safe delivers secure access control, auditing, alerting, recording, and monitoring.
This free and open-source password manager supports Windows and Linux, and some ports are available for other platforms as well. Their proprietary algorithm, Twofish, is considered highly secure, with the advantage that it is not affiliated with NIST. The Twofish...
Our use case was allowing users to connect with their regular, non-privileged user ID and automatically connect to a designated privileged account for target systems or databases. This prevented users from using their regular account as a privileged account. Instead, it used a managed, dedicated account in BeyondTrust Password Safe that only that the user could use. For example, my account "Gary.Jolley" might have a domain admin account "dam-Gary.Jolley" that I'd automatically connect to.
The use cases are essentially the same as those for any PAM solution. Like addressing security compliance, securing the network against threats, and protecting all identities with intelligence and minimal concerns. It also includes cloud security management, handling different shifts, and addressing workforce access, passwords, and the likes of compiance. It simplifies analytics, reporting, and secret implementation. Additionally, it reduces servers while increasing stability in privileged access. These are the general use cases that apply to all PAM solutions.
The solution is used for password management. We can manage access to applications and systems in the organization.
We use the product for privilege account management and session management.
The solution was implemented to secure privileged access management in a large-scale corporate environment.
We use the solution to login through remote application solutions.
We primarily use the solution to keep passwords.
We use BeyondTrust Password Safe for server and database management of the accounts noted. We will be moving ahead with application management as well.
I use Password Safe as a fully-fledged conventional PAM solution; for SSH and RDP brokering to servers, whether that's Linux or Windows, as well as SQL and Oracle. I also use the product to publish applications using a jump box server and as a vault for user credentials to provide normal use and REST API through CI/CD integration. We have active and passive appliances and an offsite cold spare.
We use Password Safe to protect privileged identities and privileged access. The difference between any PAM and IM is that IM is basically for all the identities and the users in the organization. PAM mainly focuses on privileged access. For example, it can be to any database, or a Windows machine where someone is an administrator, or on a Linux machine where someone is root or equivalent to root, or any other web-based application where someone is an administrator. The focus was that any user should log into the infrastructure using PAM. Every user, administrator, and developer who logged into IT infrastructure used BeyondTrust Password Safe. I used BeyondTrust in my previous organization. We used version 22. They recently changed their version number so it matches the year. For instance, in 2022, the version number is 2022. BeyondTrust Password Safe is used so that all the activities can be recorded and logged. Sessions can be monitored, and all of that data can be audited later if needed. Generally in organizations, IT departments, or teams, people find it difficult to rotate passwords. If it's an administrator account, the passwords are generally not rotated. They're either shared between teammates, or the passwords are written down somewhere. With BeyondTrust, you can automatically rotate the password, and set the complexity of the password, the letters, the characters, special characters, upper case, lower case, etc. You can choose when the password should be rotated, and if the password should be rotated every day, every month, or after every use. You can enforce your password policies on these privileged accounts, which previously were not rotated that much. There are so many breaches. Recently, there was a SolarWinds attack where the password was solarwinds123. The privileged accounts were not safeguarded, and the passwords weren't rotated. People knew the password. But with this solution, no one needs to know the passwords. If it is implemented in the perfect sense, the passwords will be rotated regularly. Administrators who are logging onto the system's servers and databases don't need to know the password because the session is proxied by Password Safe's solution directly. You will see the applications, and it helps enforce least privilege, which is one of the main principles. With least privilege, if you are allowed to have access to only two servers out of ten, then you will only be given access to those two servers. You click on the machine you want to log into, and you will get the link. If you want to do RDP or SSH, click on that and the session will be launched. You don't need to know the password, and passwords are automatically rotated. The solution is deployed on-premises. In my organization, there were hundreds of users. There were different teams. In other organizations, I have seen 1,000 users at different points. At any given time, there might be 400 or 500 users. They are mainly admins and end users. End users can vary a lot and have different roles. They are the people who log onto the servers, databases, network devices, and web applications. There are a few admins, developers, and network administrators. Administrators are also end users in any particular instance because they're also the users and consumers of that particular service.
It is used primarily to adhere to SOC compliance and to provide what we call user/administrator segregation. We are an MSP. We do manage services, but we also do a lot of other things. We implement as well as do ongoing managed services. We don't use it in our organization. We have it in our lab set up as a running service so that I can go there and test something just to see what'll happen because I can do a snapshot of my system and then revert if things go wrong. That's something that I don't want to experiment with in a client environment, even in a test or a dev environment. I just want to test something. I can do that in our lab, but our organization does not use Password Safe.
The use case was to integrate BeyondTrust with the organization and onboard servers and accounts. We created Smart Rules and used other features for automatic onboarding and integrating BeyondTrust with various components in the organization, such as SNMP, SIEM, and AD.
We use this solution for password management. It allows us to control and manage passwords in a safe and secure way, and it records sessions. The solution is deployed on-premises. It's being used extensively in my organization.
There are a lot of customers, worldwide, who use this solution, especially in the education sector. This solution is so niche that it's not like TeamViewer. It's basically designed and developed with enterprises in mind—it's an enterprise solution. It's built for a highly privileged and secure environment. It starts with a virtual appliance and physical appliance and then, now, to what's basically a cloud-based type of access.
We are using it for vaulting and proxying the admin session. It is not yet implemented. We will implement it at the beginning of 2021.
Our clients' primary use case for BeyondTrust Password Safe is managing Windows Privileged Accounts, Linux, and Fit client databases, and for accessing a different database, like Visual Studio, SQL Manager, and things like that. We usually deploy it in a double server, high availability with disaster recovery. It is the primary software architecture.
BeyondTrust replaced the leading password management solution, offered vulnerability management and gave me a third-party patch management that integrates with Microsoft. To me, that was a win-win.