Skip to main content
BeyondTrust Endpoint Privilege Management

BeyondTrust Endpoint Privilege Management


What is BeyondTrust Endpoint Privilege Management?

BeyondTrust Endpoint Privilege Management, powered by PowerBroker and Avecto reduces the risk of privilege abuse by eliminating unnecessary privileges, and can elevate rights to Windows, Mac, Unix, Linux and network devices without hindering productivity.

Read more
Recent Reviews

TrustRadius Insights

Snow automation has revolutionized policy management by streamlining the approval process and reducing the need for extensive rules. Users …
Continue reading

Tons of features for a PAM solution

10 out of 10
January 31, 2022
We needed a solution that would allow secure access to our OT/SCADA/DCS network for both internal users and vendors. We evaluated a few …
Continue reading
Read all reviews


Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Return to navigation

Product Demos

BeyondTrust Endpoint Privilege Management for Unix - demo


BeyondTrust Endpoint Privilege Management for Windows and Mac - demo

Return to navigation

Product Details

What is BeyondTrust Endpoint Privilege Management?

BeyondTrust Endpoint Privilege Management suite enables users to eliminate unnecessary privileges and elevate rights to Windows, Mac, Unix, Linux and network devices without hindering productivity.

BeyondTrust Endpoint Privilege Management Features

  • Supported: Least Privilege Enforcement: Elevate privileges for standard users across Windows, Mac, Linux, or Unix through fine-grained policy-based controls, providing just enough access to complete a task.
  • Supported: Audit User Activity: Correlate user behavior against security intelligence and access a complete audit trail of all user activity that speeds forensics and simplifies compliance.
  • Supported: Trusted Application Protection: Stop attacks that take advantage of email attachments, bad scripts, and malicious websites by securing Office, Adobe, and web browsers with built-in, context-based security controls.

BeyondTrust Endpoint Privilege Management Video

BeyondTrust Endpoint Privilege Management Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac
Mobile ApplicationNo
Supported CountriesWorldwide
Supported LanguagesEnglish
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings


Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Snow automation has revolutionized policy management by streamlining the approval process and reducing the need for extensive rules. Users have praised this feature, stating that it saves time and makes policies lightweight. With the ability to approve requests directly from the Snow platform, specific requests for individual users can now be easily addressed. This has been particularly useful in ensuring prompt approvals and enhancing user experience. Another significant use case of Snow automation is its ability to provide detailed insights into privilege levels for applications and processes on users' machines. This feature enables organizations to achieve the principle of least privilege, allowing users to install software or elevate their rights without requiring complete administrator access. Users have found this tool invaluable in managing appropriate privilege levels, thus improving security while maintaining productivity. One of the key challenges faced by organizations is controlling the use of licensed software and preventing the introduction of unlicensed or dangerous software into their environment. Snow automation effectively addresses this problem by monitoring and controlling licensed software usage. By doing so, it eliminates the need for staff to have local administrator permissions, ensuring productivity with security and earning clients' confidence. Granting admin rights to a large number of users can pose significant security risks. However, with Snow automation, the need to provide admin rights has been eliminated, creating a more secure environment. Users have acknowledged that BeyondTrust's tool has played a vital role in addressing this challenge while still enabling end-users to work efficiently. BeyondTrust's privileged access management solution has been widely embraced as an asset that provides comprehensive IT support comparable to having someone physically present. It has proven instrumental in various scenarios such as remote work setups, home offices, and traveling employees. Organizations have successfully utilized this tool to deliver virtual customer service, analyze the market, prepare staff, and manage department customers. Additionally, BeyondTrust helps protect organizations by ensuring compliance with regulations through preventing users from accessing prohibited sites. The Avecto Tools offered by BeyondTrust simplify elevated permission provisioning and access management for system administrators. By effectively preventing malware infections on users' machines, BeyondTrust's security measures have proven highly effective in safeguarding critical resources. Crafting specific rules for tricky applications and ensuring compatibility with new versions of the product or operating systems can pose challenges. However, users have commended BeyondTrust's support for their helpful assistance in addressing such issues and refining rule configurations. BeyondTrust's privileged account management solution has become a go-to choice for organizations aiming to address security concerns and prevent privilege abuse among developers and administrators with server access. Additionally, the Endpoint Privilege Management software has been deployed to all developers and administrators with access to servers, addressing security concerns and preventing privilege abuse. Furthermore, organizations have embraced BeyondTrust's Endpoint Privilege Management software to prevent the installation of malicious software on laptop workstations, bolstering cybersecurity within the enterprise. BeyondTrust PowerBroker has proven effective in auditing transactions from active Oracle Databases, offering tailored reporting for different audiences. This functionality provides organizations with valuable insights and helps ensure compliance with regulatory requirements. Moreover, BeyondTrust's solution has been chosen for secure access to OT/SCADA/DCS networks for both internal users and vendors. With a wide range of features at an optimal price point, it has been deployed globally across all mine sites. Organizations appreciate its ability to enhance network security while providing convenient and controlled access to critical systems. In summary, Snow automation and BeyondTrust's suite of tools have been pivotal in optimizing policy management, maintaining appropriate privilege levels, controlling licensed software usage, and safeguarding against security risks. These offerings have addressed various challenges faced by organizations, ranging from managing admin rights to supporting remote work setups. Users have praised their effectiveness in streamlining processes, enhancing security measures, and improving overall productivity.

Functionality of Smart Rules and Scripting: Several users have praised the functionality of smart rules and scripting in BeyindTrust, stating that it is very good for managing tasks before, during, and after execution. They appreciate the ability to perform tasks from the script without interfering with or affecting the user.

All Logs in One Place with Rule Creation: Many reviewers have mentioned that having all logs in one place and being able to create rules based on them has been extremely helpful. This feature has aided in identifying and fixing most issues, while also providing control over the applications used by their business.

Effective Radius and SNOW-Automation Features: Users have highlighted the effectiveness of the Radius and SNOW-Automation features in BeyindTrust. These features provide an additional layer of security, ensuring a robust system for managing privileges.


  1. Lack of Failover Option for Radius Setting: Some users have suggested that the Radius setting should have a failover option to add two addresses and route the traffic to the other if one is not working, enhancing reliability and ensuring uninterrupted service.
  2. Expensive Training Costs: Several reviewers find the training provided by the company to be very costly compared to other vendors, which may deter potential customers from investing in the necessary knowledge and skills required to effectively use the tool.
  3. Steep Learning Curve and Limited Support: Some users feel that the tool requires an intermediate to advanced level of knowledge of the Windows OS platform. They suggest complimentary training should be offered by the company to its paying customers. Additionally, getting an engineer from the product team to discuss and resolve issues can be difficult, indicating a need for improvement in technical support processes.

Attribute Ratings


(1-5 of 5)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
We needed a solution that would allow secure access to our OT/SCADA/DCS network for both internal users and vendors. We evaluated a few vendors but decided on BeyondTrust since their solution provided a wide variety of features at the optimal price point. We have it deployed globally at all mine sites using distributed environments.
  • Reporting capabilities for user activities, including complete session recordings
  • Integration with SAML for SSO and secure LDAP authentication
  • Jump point servers for central isolated access from outside the network
  • There is an extremely steep learning curve.
  • To set this up effectively, you will need their professional services.
  • Web Jump (HTTPS) is not included in the base license. This should have been included by default, as it is a standard remote access method.
If you need secure monitoring of access to an OT network, this is the solution for you. It tracks and records everything. This is not recommended for standard remote access VPN for end users, as there is a learning curve. I would only recommend it for access to networks that need to be fully secure.
  • RDP, SSH, and Web Jump
  • Session recordings
  • Approval for starting sessions
  • We are able to securely monitor activity from vendors accessing our network.
  • This meets our cybersecurity objectives of securing our OT networks.
  • The benefits far outweigh the initial cost of the software.
BeyondTrust Endpoint Privilege Management has more features than CyberArk and more detailed options for configurations. BeyondTrust Endpoint Privilege Management is more focused on setting up access-related endpoints, which requires some fine tuning and understanding for use cases where a single endpoint has to be shared with multiple vendors. CyberArk's setup is more geared to users' accounts and then endpoint management under the user accounts.
Score 8 out of 10
Vetted Review
Verified User
BeyondTrust PowerBroker is being used to audit transactions from a very active Oracle Database. BT offers reporting that can be tailored to the target audience.
  • Detailed reporting.
  • Stable operations.
  • Attentive support.
  • No recommendation, it has worked well for me.
Well suited for delivering detailed auditing data.
  • Auditing reports has allowed us to meet various requirements better.
The product performed to the level of our requirements.
Score 8 out of 10
Vetted Review
Verified User
The BeyondTrust Endpoint Privilege management software is being used across my entire project as a tool to prevent malicious software from being installed on our laptop workstations. The business problems it addresses is primarily cybersecurity within our devices that we use in enterprise. Our local technology support team primarily manages this product and it gives us the capability to do our work and install certain programs with elevated status as necessary.
  • security
  • endpoint protection
  • access management
  • design
  • user experience
  • software functionality
BeyondTrust is well suited to do the job in business environments where you need to have something working in the background to ensure users stay protected and malicious programs don't get installed. For scenarios where we've got developer environments, this software interferes more as it doesn't allow certain software and libraries to be installed.
  • security
  • access control
  • IT management
Score 10 out of 10
Vetted Review
Verified User
It is used as a privileged account management solution in our organization. It is being deployed to all developers and administrators who have access to our servers. It addresses our security concerns as well as potentially keeping the users from abusing privileges.
  • Password management and Secure access to servers
  • Ability to remotely log a session off
  • Administrators having the capability to view the changes made on a specific server through the recording mechanism
  • Integrates well with any servers both on-prem and on cloud
  • Difficult set-up process. Takes numerous iterations of setting up
  • GUI is not user-friendly. Hard to understand the options available and what they do unless you spend a lot of time working on it
  • Might be expensive depending on the licenses you purchase.
It is an absolute must in all organizations where security is taken seriously. For organizations where there is a tendency among the users' end to abuse access privileges, this tool comes in handy. It has features that would enable the administrator to look through video logs to see what was done by a specific user. Also has the capability to terminate or lock users/ user sessions.
  • Difficult set up
  • Difficult GUI
  • Hard to understand in the beginning
Score 9 out of 10
Vetted Review
Verified User
We have used PBW for several years now and have been overall pleased with the results. Our primary goal to rid users of needing local admin has been solved. Disclaimer: To be fair, we didn't take too much time to first compare with other vendors, but being that I personally had experience with the product, we landed right away on BT.

Only issues we have run into revolve around either crafting specific rules for applications that are tricky to write for. Also,new versions of the product or a new (Microsoft & MAC) OS, you need to be very careful to check for compatibility, as it's a kernel-mode filter driver! Their support have been quite helpful.
  • Solved our primary goal to rid users of needing local admin
  • Their support have been quite helpful
  • Better communication to customers on new release compatibility
  • Crowd-sourced rule logic for specific applications would be nice (I hear underway)
  • Technical support processes could be a bit improved
Goal of removal of local admin rights will be solved. Initial application rule logic a bit tough to get going, but sales engineering team are very helpful with this. Then, ongoing maintenance, other than worrying about new releases, should go smoothly without adding too much on-site support complexity. Best to keep app rule logic as simple as possible.
  • No user has local admin on their device, significantly lowering one's security attack surface.
  • none
n/a as we skipped doing a compare
Return to navigation