BeyondTrust Privileged Remote Access Reviews

Our company has been growing, and we have many audits as well as SOX compliance requirements. We have different SOX requirements, and we wanted to ensure that every activity is monitored. That was the main reason for deploying this solution into the environment.

We are using it like a VPN access for our external users, such as vendors, to allow them to access the resources within the organization. Instead of providing them the regular VPN access, we give them access to the privileged access solution so that we can monitor what they are doing, and we are able to view back the recordings of all the activities they've done.

We have not integrated Privileged Remote Access (PRA) with other solutions at the moment. We also have another solution of BeyondTrust. We have integrated that solution with other solutions, but we haven’t integrated PRA with other solutions. We just use it for remote access and credential injection.

It has put us at the forefront when it comes to security, auditing, and meeting SOX requirements. It is a top-notch solution for us in these aspects. Security is the key to fulfilling SOX requirements. Ever since we deployed it, we are able to provide external auditors, who audit the company, with recordings of who is in the environment. We are able to see what is happening. We are able to provide access durations and show who is accessing what and who has been given permission to access. It has really helped us in those aspects.

The fact that PRA does not require a VPN goes a long way for us because instead of our external users installing different VPN applications and having different user names and passwords for different applications, they can just make use of it via the web. They don't need to install an application, which is a very cool and nice feature for us.

In terms of security provided by PRA when it comes to access for remote and privileged users, the users get to access only what they are permitted to access. They can't go beyond what they're allowed to access. You don't have to give anybody the credentials to privilege accounts. The solution allows you to do account injection while you are using the solution, which is really good for us. So, you can do credential injection while accessing the solution, which is a top-notch security feature for us where you get to manage privileged credentials within the organization.

It is available in multiple formats. It is available as a physical and virtual appliance, or as SaaS. When we did the PoC, it was before COVID. We did the on-prem deployment for the PoC, but immediately after the PoC, COVID came, and we started to think of what will happen when we are not physically present. So, we had to go for the cloud solution, which is quite cool as well. It takes the burden away from IT admins, and we don't have to think of how many servers we have to manage.

It is important that through the use of PRA, there is no need to share passwords with users. We are able to do credential injection where you don't get to give users privileged user accounts. With the solution, we're able to do the privilege injection, which makes it perfect for us. Nobody gets to hold onto the privileged accounts. With the solution, we are able to inject it, which is good for us.

We are mainly using it to give access to third-party vendors. In order to ensure that we monitor the activities of what they're doing, we use PRA for their access. All our external users come in through PRA. For every internal user, we use the regular VPN. We are also looking into the cost of getting more PRA licenses if we are going to put every other user in the company on it.

We have integrated it with our Active Directory, which allows us to apply our Active Directory password policies. We don't need to create any other user account for whoever is coming in. We just get to create a user in Active Directory, and password policies are already applied. So, users come in by using the Active Directory credentials, which is another level of security as well.

One of the features that I really like about it is the ability to set a start date, time, and end date for the access. For example, you can set the access for a person from tomorrow, Monday, or Tuesday and ending on a specific period of the day or a specific date. That's really quite helpful.

You can use the solution to access not just the Windows environment; you can also access your Linux devices and even your network devices. That's a very cool feature for us.

At the moment, I don't see any major problems with it. If anything, they can just change the look and feel of the login screen because it looks too simple to me. It does not have so much information. When you get to the login screen of the solution, you should have more information. We also have BeyondTrust Remote Support, and the login page looks similar to BeyondTrust Privilege Remote Access. I would love to see more rich information on the login screen or landing page so that rather than having a regular sign-in screen or page where you just provide a username and password and get into the solution, you should have more insight into what the solution does. I've mentioned this to them every time I have had an opportunity.

It was deployed last year.

Its stability is good. It is top-notch. They are doing well because I can see the way they do release updates for the solution. They are also at the top in terms of security updates, vulnerability assessments, and other things that are currently happening. They are doing well in terms of updates, which are also helpful in stabilizing the solution. With regular updates, you get a stable solution and also more improvements and features.

We are using cloud deployment. When you have a cloud SaaS solution as compared to having it in your own cloud environment or on-prem, you do not get to have much say on scalability. If you have deployed it within your environment, you get to see how to scale it up or scale it down, but when it is a cloud solution, you don't get to see what happens on the provider side. However, you get to know that at least you have been provided what you have paid for, and it is working perfectly. So, for me, scalability comes into the picture if I am managing the infrastructure within my environment, but that doesn't mean you can't talk to your provider to tell them that you want to include other things in the solution.

Their technical support is good. At any point in time, when I needed support, they responded quickly. There was a time when the local vendor reached out to us that there is a new upgrade, but on logging onto the platform, we couldn't see the update available. We reached out to their support, and the support personnel who picked up the case told us to give him just five minutes, and he will ensure that the update is available. Their technical support is beyond cool. I would rate them a nine out of ten.

Positive

We didn't use any similar solution previously.

We went for the SaaS solution. They provided the platform and the access to the UI to the local vendor, who is a product partner. 

Three people were involved in its deployment. One engineer from the local vendor worked with two people from my end. One of them was from the server side, and the other one was from the networking side. 

We didn't evaluate any other solution. We were already using BeyondTrust Remote Support to support our client's computers. It was deployed during the COVID period. Initially, it was implemented because management was thinking about how IT would manage the situation when working from home. The users had no credentials. With remote support, we were able to do that perfectly, which also gave us assurance that BeyondTrust PRA would work well for us, and we won't have any issues with it. So, the management was able to sell PRA to the top management. There wasn’t much discussion about it because of the previous experience that we had with BeyondTrust Remote Support. It has already paved the way for PRA to come into the environment.

I would tell others to just go for it. If they are security conscious and are concerned about security within their environment, then just go for it.

I would rate this solution a nine out of ten.

One of my customers used old, poorly coded legacy applications, so programs required admin privileges to run. They wanted to give users the ability to run the applications without giving them admin rights.

The company wanted more secure desktops, and the solution provided that. Previously, everybody was an admin of the desktops, and they suffered a cryptographic lock attack. They recovered from this and implemented PRA to avoid repeating the scenario. They bought 500 licenses, the estimated number of staff using the legacy applications. They planned to upgrade to around 1000 licenses a few months later, realizing they had other applications that necessitated this kind of solution. 

The project goal was to allow staff to run applications with admin privileges without being admins, which was the product's most important feature.

The company had distinct groups of staff with different requirements, which weren't fulfilled by giving them all admin rights. The solution's data granularity allowed us to define specific use cases and population types and categorize users based on that. This gave us good control over the system. 

Privileged Remote Access not needing a VPN was a requirement in this case, as the user didn't implement a VPN, nor did they want to. This feature was a plus for the customer. 

From what we observed the security provided by RPA is very good. 

The solution being available in multiple formats was necessary in this case, as the client was adamant that the solution needed to be SaaS; a requirement for their IT configuration. The ability to test issues was crucial to them. 

The solution has improved the security of the client's network. 

Not needing to share passwords was crucial to the client. They were hesitant about credential sharing because of the suffered cryptographic attack.

Having an all-in-one solution was vital in this case, as most of the users did not have technical expertise. This necessitated a solution that is easy to use and implement, and an all-in-one solution simplifies the process significantly. 

The solution is very flexible, which is a plus, but I would say the implementation requires someone with knowledge and experience, as it can be easy to get lost in all the details. The implementation process could be streamlined and simplified. Though the complexity of the solution provides greater flexibility, it requires a lot of time to understand it fully.

The UI is somewhat basic, so that could use some work. It's okay; apart from that, it's an aesthetics issue.

I implemented the solution for one of my customers, which took three months, then I passed it over to them. 

The solution's stability is good. It's reliable and I didn't experience any bugs or glitches.

The product's scalability looks good. My client purchased 1000 licenses, maybe 10% for developers, and the rest for end-users. They need a functioning application without a complex IT setup and maintenance. 

Their customer support is very good. They are quick, knowledgeable, and helpful.

Positive

I carried out the deployment myself, and it was straightforward. I implemented it with Azure, and it took three months. One member of the security team is responsible for the maintenance. We had help from the publisher to set up the tool, and our strategy was to do an initial deployment for 100 users for proof of concept, then deploy for the remaining 400.

My client found the solution a bit expensive but considering their use case and requirements, they didn't have any other choice. As far as I know, implementation and licensing are the only costs. 

I would rate this solution a nine out of 10. 

It's essential to get to know the product in detail because it's very complex. It can do whatever you want, but it requires some effort. That's why it's important to have an implementation team who knows what they are doing. It's crucial to delegate responsibility for the solution to someone who understands it and can work with the publisher team to find the proper configuration.

We use the solution to give the network access to third-party vendors or remote basis employees. It helps us authenticate their credentials directly without a VPN connection.

The solution has the best screen-sharing feature. We can invite external vendors without exposing any credentials or network access to them using it.

The solution's access process for third-party vendors needs to be simplified. It should eliminate the process of installing client applications on users' machines for better security. Instead, we can publish a URL link for them. Also, its web interface needs enhancement as well.

We have been using the solution for four years.

It is a stable solution. I rate its stability an eight out of ten.

The solution's scalability is a five or six out of ten.

The solution's technical support is good. Whenever we raise any case, they try to solve it as soon as possible.

Positive

The solution's initial setup process is straightforward. It is developed and managed by BeyondTrust itself. They provide us with the virtual appliance, and we ask the customer to deploy that profile on their server. Once the appliance is deployed, we can access the URL and start with the initial configuration. Further, it integrates with the active directory and the customer's NTP server to configure two-factor authentication. The users can easily enable it for their IDs by scanning the QR code using any authenticator app or mobile device.

I advise others to use BeyondTrust if they have an existing PAM solution. It will help them with seamless access to privileged accounts and credentials. I rate the solution a seven out of ten.

My company uses BeyondTrust Privileged Remote Access for privileged access management to facilitate the management of RDP sessions and the rotation of credentials or passwords.

The most valuable features of the solution are the seamless features that allow you to use the password without manually copying it while also providing it in a clear format. The solution's feature injects the password directly into the application you use.

The integration of the solution with many platforms is a difficult area to manage and needs to be made easy. For example, I don't think BeyondTrust Privileged Remote Access works with products from Sophos.

I have been using BeyondTrust Privileged Remote Access for around three months. My company has a partnership with BeyondTrust.

It is a stable tool. Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution an eight to eight and a half out of ten.

In my company, there are less than ten users of the solution. I have dealt with my company's clients, with more than five hundred people working with the product.

The solution can be used in small and enterprise-sized businesses.

Based on the feedback from my colleagues who have never complained about the technical support, I would say that the product's support team is good.

BeyondTrust Privileged Remote Access is one of the easiest products to deploy.

The solution is deployed mainly on virtual appliances.

I rate the product's pricing a four on a scale of one to ten, where one is high, and ten is low. It is an expensive product.

I have only compared BeyondTrust Privileged Remote Access with Delinea Secret Server till now. From a technical standpoint, Delinea has more features. From a practical point of view, I think BeyondTrust Privileged Remote Access is easier to manage and deploy. I haven't worked with Delinea to be able to give an elaborate opinion about it.

I rate the overall solution an eight and a half to nine out of ten.

We primarily use the solution for Privileged Remote Access. The primary use case is to let the suppliers connect in a very, very secure way on privileged endpoints and internal privilege endpoints or internal operators, probably from Azure. They operate something in the Azure cloud, and that's a very secure way to connect to the Azure cloud.

It's one of the most secure products in the market. 

They have very good support. They have really have great support.

It's everything that we need. It's like a Swiss knife. We can do everything with that to produce what we need for Privileged Remote Access reasons. 

Every three to six months they bring new features like processes, access processes, and things like that, which are unique in the market. I have not seen other solutions offering what they offer.

The documentation is really great. It's cool. You can download all the documentation you need at any time. They've done it in a great way.

The API is great and we can automate anything that we need with the product.  

If you know what you are doing, it's not a difficult setup.

The solution is stable.

The scalability is excellent. 

The solution offers many great integrations.

I cannot say that the solution is lacking any features. It has everything we need right now.

They could probably integrate a wizard or something like that to add a new use case. It could be something that makes it easier to add a new use case. That's something they could probably improve. I'm not sure about this, however, as the direction is anyway going more and more in the direction of automation. That said, for a beginner customer who is starting from scratch, probably a wizard would be a good feature to add.

The on-premises version is not as easy to set up as a cloud deployment,

We've used the solution for about five years. We started using it pretty much from the moment it came out. We have worked with the solution for a while. We've benn BeyondTrust resellers, however, for 15 years.

It's got great stability. It's really great. In all the 15 years I used the remote support solution, and the five years we used the PRA solution, we never have seen an unstable situation with any of the components of the product. There are no bugs or glitches. It doesn't crash or freeze.

The solution is scalable. You can do a worldwide rollout of the product. This is an Enterprise product, and so the scalability allows you to expand over multiple countries, over multiple locations, with their technology. 

The company is best suited to enterprise level organizations - specifically medium and large ones. 

They have really great support. If you have to call, for example, someone at Microsoft, you need to wait in a queue about 30 minutes, or here in Switzerland, some companies, have outsourced the support to other countries. Then you have to wait in a queue and wait for a person which is helping you. At BeyondTrust in all these 15 years, normally you have a wait of one or two minutes, and almost immediately you have a person in the chat, which helps you, and a competent person. They are very quick and very responsive. 

This is an on-premise product. You cannot really compare with the other products from the cloud, which you just click and then work. There is a setup process, and you need an admin with a certification. It's not so easy, however, if you have the right guys in place, then it's no problem. 

Normally, anyway, this is an Enterprise product, and in the company, you have a person which is administrating this product. BeyondTrust is an Enterprise solution, and therefore, you have to do some kind of rollout as well.

Typically, users will see an ROI within about a year or so. It gives you the best tool to your employees they can have in that area. And therefore the return of investment comes very fast.

The pricing depends on the model you choose. You can have it as a cloud version or you can have it as an on-premise version and therefore the prices vary. The initial costs are normally a little bit higher than with other products, however, after two or three years, it's a bargain. It's just that the initial cost is a little bit higher. That said, due to the functionality it gives to your team, the return of investment comes very fast.

We are a reseller, not an end-user.

While we do use different deployment models, many of our clients are government-related and therefore we deal a lot with on-premises deployments. 

I'd rate the solution at a nine out of ten. It's definitely on the upper level, well above what else is available.

I would recommend that those considering using the solution do a certification course similar to when you install Windows server or something like that from Microsoft where you can become a Microsoft certified professional, and you can attend a class and then you can do an exam about the product. 

I recommend that a company which uses the product has also a certified admin. It makes it lot easier. That way, they can really profit from all the functionality the product has. The product has many functions however, you need to give it to a person with enough know-how. Otherwise, the company will not use all the features the product offers. 

The primary use case is for customers who are aware of RDP, remote desktop insecurity, and want to resolve this by deploying BeyondTrust Remote Access. There are so many features built into the system, and both cloud and on-premises deployment are offered. 

This product is very stable and scalable. This is an excellent platform. 

I can't think of any specific improvements because the product is already so rich. 

This solution is very stable. 

It's very scalable—horizontal, vertical, you name it. 

This product is backed up by excellent, very knowledgeable support. 

The company guarantees the best ROI, provided you take advantage of all the features. If you're buying a product, though, you shouldn't use only the basic function features anyway—use the advanced features. So the ROI is almost guaranteed when you invest in this product, but you need to find the right partner for deployment. You need a partner who will show you all the features you can take advantage of so that you benefit from the ROI, otherwise you're wasting it and you might as well buy something cheaper and more basic. 

The price is pretty expensive, but you get what you pay for and this is a great product. 

This product is the de facto standard, based on function features, installation, and customer base. There is a reason why so many well-known companies use it. 

I rate BeyondTrust Privileged Remote Access a nine out of ten, just because there's no such thing as a perfect product. 

I have a hundred different use cases. They're all different because every customer is different. One of the top use cases is where a third-party vendor needs to internally access one of the servers or applications. 

Its security, simplicity, and ease of deployment and maintenance are the most valuable. It is FIPS compliant, so it goes through severe penetration testing every one year or two years. They have to maintain this compliance. It is very safe.

Customers have been using it in the last eight years because of the simplicity of getting it deployed quickly. Most of the people using the solution had been hacked already, so they needed it quickly. As compared to the other solutions in the market, it can be turned on in production very quickly. You don't really need to have a server. It can be deployed very rapidly on VMware or Hyper-V, and you don't need to do an installation. It is a kind of an all-included package that you just deploy in a VM environment. It is basically a VM that is specifically built for a customer. The way the PRA data solutions work is that you need to build them for each customer because of being hard-coded with their SSL certificate, their web page name, and all that.

It would be very nice if it has an enterprise vault. Currently, it can interact with Password Safe, which is a separate solution and equivalent to Thycotic Secret Server. Instead of having Password Safe as a separate entity, they should combine it with BeyondTrust Privileged Remote Access. They have done it in some way, but it is not an enterprise tech solution.

I have been using this solution for eight years.

It is very stable. In eight years, I've never seen a bug.

Our clients are large businesses. 

I used to work there. I know this stuff by heart, so I don't need to call them. 

It is easy to set up. The complex part is to explain all the beneficial features and functionality to the customer because it can pretty much do everything. Discussing the environment and use cases is where you spend most of the time before you do the deployment.

Its deployment can be done very quickly. It can be deployed within 24 hours, which is useful if there is any hacking or breach. After that, you can add more complexity to it and configure it for a use case.

I would rate BeyondTrust Privileged Remote Access a nine out of ten.

We use this solution to provide remote authentication for a support system that we are providing. We have a data center with many different products that are based on Windows, Linux, and hardware appliances.

There are many different ways to configure this solution in order to provide what we need. Depending on the kind of system that we're supporting, we can directly access the server, and application, or even a web page.

The most valuable feature is that this solution can be implemented regardless of the operating system. It can be used with Microsoft, Linux, Unix, and Cisco, and we can use the same product to access every different service.

This solution is simple to use.

Changing your password should be simplified, and there should not be a charge for it. For every server that we are supporting, we have an administrator password to log in. This is for remote access and remote support, and we do not like to give this password to the local support people. I would like to be able to assign a dedicated password that can be used only for one day. There are other products that can do this.

We built this system with redundancy and we have never had a crash or any other problem with it.

We deal with a person from the vendor to handle our maintenance, and we never have to contact technical support directly. We are very happy with the support.

This initial setup of this solution is straightforward.

It is not very easy to implement because there are so many types of servers. It depends on the knowledge of the person. However, if it is properly defined then it is very simple to use.

The length of time for deployment depends on the implementation. If everything is known then it can take one to two hours. In other cases, it can take a week or two.

I would rate this solution a nine out of ten.