Strengths: Excellent reporting and analytics. Automation for dynamically managing systems as they are added to the environment
Weaknesses: None that we found.
Verdict: This heir to the original privileged account management tools is solidly worth your consideration. For its traditional BeyondTrust quality and complete integration into the BeyondTrust platform, we make this our Recommended product.
PowerBroker from BeyondTrust includes the privileged account management components that sit on top of the much larger BeyondInsight platform. Password Safe is one of those components, and allows for administrators to lock down access to privileged accounts and manage passwords through password change policy, but this platform also includes some other powerful features. Using PowerBroker components, system administrators can scan the entire network for systems and discover local privileged accounts on various types of systems and devices, including Windows, Mac and Linux among many others. After the accounts are discovered, they can easily be imported and managed automatically using various smart groups and smart rules that can be defined in the system.
Overall, use of the system is quite intuitive and deployment is easy and simple. Accounts and groups for users can be accessed directly through a connection to Active Directory or LDAP. Once users, groups and roles are defined using the granular and highly customizable policy controls, the system is pretty much ready to go. PowerBroker can manage systems without any agents necessary, but agents can be deployed to systems for more control and auditing capability. The system also comes preloaded with a few basic smart rules and groups, and custom ones can easily be created as well.
This system will allow users to directly access systems through a remote desktop client or putty terminal, request to view a password or directly access a specific application - all based on policy and without having to actually login as the privileged account. Privilege escalation on demand is an option as well. However, where this product shines is the vast reporting, auditing and modeling that the BeyondInsight platform offers. This system includes a powerful reporting engine that is based on mathematical analytics. The vast array of interactive dashboards, heat maps, logs, sessions recordings and dozens of other predefined reports are all accessible from within an easy to navigate interface. Further, the BeyondInsight platform allows for other BeyondTrust components - such as Retina Vulnerability Scanner - to be directly integrated with PowerBroker. This provides much greater depth and auditability to reports and security analytics.
Documentation included PDF user guides for PowerBroker and the overall BeyondInsight platform. All documentation submitted was clear and well-organized with screen shots and many step-by-step instructions.
BeyondTrust offers full 24/7/365 phone, email and chat technical support as well as access to an extensive online customer portal. The portal includes access to downloads, technical documentation, licenses and license keys, as well as many other helpful resources and a user forum. All product updates and patches are also included with support.
With pricing starting at just under $13,000 for the appliance, first year of maintenance and software, we find this tool to be an excellent overall value.Licensing for assets and agents does require an additional cost, but out of the box this BeyondInsight platform with PowerBroker includes a lot of functionality for the money.