BeyondTrust works really well while looking to manage the privileged accounts distributed on various assets utilized in the organization. It is really good at scanning and fetching the asset details, which provides the descriptive details of all possible threat vectors and allowing the administrators to manage and mitigate the risks. Moreover, BeyondTrust's dependency on Flash is a major demerit which awfully affects the functionality and user experience for BeyondInsight.
It's great for any company that relies on active-directory as their primary source of user password authentication and other data. It's ability to integrate with a host of other tools such as Google Workspace, Azure AD (if you aren't using ADFS/DirSync/etc.), FreshService, Trello, etc. as well local apps like Postgres, i/AS400, and more make it a great middleware tool for SS.
PMP is great for sorting passwords into different groups depending on the category of application access. This makes it easy to find the password that you are looking for.
Application credentials can easily be saved to the clipboard to make it easier to copy and paste them into the appropriate log in screen.
Different types of credentials for the same application can be stored next to each other and are easy to distinguish by the icon next to the name. For example, SSH credentials, web credentials, and local root credentials are all easy to sort under one application group.
There is no flexibility in how accounts are grouped.
The implementation of lowest privilege means you cannot use groups for assigning role based security. If you give a team read access, and a limited subset of the team write access, the read access supersedes write.
Some versions have been fragile. There have been times where the server has stopped working and needed a restart daily/weekly. Read the issues resolved in updates. There have been some critical failures in security over the years (i.e. unauthorized access possible by URL manipulation).
BeyondTrust Support is available with maximum priority. The user is not required to provide an explanation and is not charged for the case raised. If required, BeyondTrust support is available for every possible requirement, which may differ from a requirement of some document or a hotfix availability. Also, BeyondTrust support takes every request with max priority.
CyberArk is following the bottom-up approach for the development of the Privileged Access Management solution, which provides a stable and more featured security solution. But everything for CyberArk comes with a cost. Meanwhile, everything for BeyondTrust is included in a single product, and Password safe comes up with vast options under a single utility with cost-effective implementation.
We evaluated one on-premise solution, Password Manager Pro, one cloud-based solution called Passwordstate to store all sensitive password information and also secure notes. The latter was licensed by users, so we knew as the team grew it would cost quite a lot more to maintain. We wanted access for various users within the information technology and systems department at a granular level to have separation of the various passwords into categories which we then give permission relevant for the right users.
