BeyondTrust vs. Delinea: Which Is Best for Privileged Access Management? – Source: heimdalsecurity.com

BeyondTrust and Delinea are some of the most popular privileged access management (PAM) products on the market. They each offer a sophisticated range of tools for managing access, identities, and endpoints.

But like all security tools, they’re not for everybody. The right PAM solution for you will depend on your specific IT environment, budget, internal team, the size of your company – and a whole range of other factors.

So how do you know which tool to pick? And are there alternatives to BeyondTrust or Delinea that might be better for your business?

In short, probably. But first, let’s look at the pros and cons of each platform.

About BeyondTrust

BeyondTrust offers a range of cybersecurity products to some of the world’s largest enterprises. Generally, its customers are global companies with complex IT systems, spanning cloud, on-premises, and hybrid systems.

The suite of PAM solutions offers a range of features to help manage these complex environments:

1. Privileged Remote Access

BeyondTrust’s main PAM tool offers the standard privileged access and session management (PASM) functionality, including features to manage sessions, secure remote access, and authenticate users.

2. Password Safe

This includes tools to manage passwords and credentials, including keys, tokens, and other secrets.

3. Endpoint Privilege Manager

BeyondTrust’s privilege elevation and delegation management (PEDM) product offers the ability to dynamically elevate and rescind access based on contextual factors.

4. Cloud Privilege Broker

One of BeyondTrust’s newest products; this offers a range of tools to manage permissions and entitlements in complex multi-cloud environments. This is essentially the cloud infrastructure entitlements management (CIEM) offering.

The first two products on this list can be bundled together as part of BeyondTrust’s ‘Total PASM’ package. The last two will require additional subscriptions.

BeyondTrust: Pros

BeyondTrust is generally considered an effective tool to help manage privileged identities and permissions, for a few key reasons:

• Strong functionality – BeyondTrust offers a comprehensive and sophisticated range of features to help manage permissions and identities. However, clients will generally need several subscriptions to get the full coverage.
• Market responsiveness – The provider keeps good pace with market innovations, offering tools like PEDM and CIEM tools alongside the standard PASM package. This isn’t the case for all providers – Delinea, for example, doesn’t offer CIEM tools.
• Support – BeyondTrust’s products offer support for a wide range of operating systems and networks. This includes Windows, macOS, UNIX, and Linux, as well as cloud, hybrid, and on-premises environments. This is particularly useful for organizations with complex IT environments.

BeyondTrust: Cons

It has a somewhat clunky interface and some areas can accidentally be clicked, causing issues due to no pop-up warning.

BeyondTrust User Review, via TrustRadius

As an enterprise platform, BeyondTrust generally leads on functionality, scale, and innovation. But that focus comes with a few downsides as well, which means it’s not the right platform for everybody:

• Pricing – BeyondTrust’s products are some of the most expensive available. At the same time, customers will generally need to purchase three or four different subscriptions to get the full suite of modern PAM protections. This, crucially, doesn’t include other cybersecurity products like threat detection, vulnerability management, and more.
• User interface – The confusing and complex layout of BeyondTrust’s products is often raised as an issue by users and analysts. Generally, the platform is designed to be managed by a specialist security team. User reviews also mention that it’s difficult to manage and upgrade these products.
• No MFA – One key missing feature is a lack of multi-factor authentication. This is an increasingly popular security feature that is common among BeyondTrust’s competitors.
• Integrations – BeyondTrust’s PAM suite also lacks vital integrations, including DNS, antivirus & firewall, and ransomware encryption protection. Despite the generally advanced functionality of the product, this leaves important gaps in the overall cybersecurity coverage.

About Delinea

Delinea is another of the cybersecurity industry’s biggest names. Generally, the features it offers are aimed towards medium-sized businesses rather than global enterprises. Like Beyond Trust, it also offers a wide range of security features across several distinct products:

1. Delinea Secret Server

Delinea’s flagship PAM product. It includes standard PASM functionality such as access controls, automations, discovery, session monitoring, and more. This is roughly equivalent to BeyondTrust’s Privileged Remote Access product.

2. Privilege Manager

Offers PEDM functionality across macOS and Windows. These tools allow organizations to create conditional rules that allow dynamic elevation or limitation of access based on context. The product also features tools like PAM auditing and reporting, discovery, local security, and application control – creating significant crossover with Secret Server.

3. Privilege Control for Servers

Similar to Privilege Manager, this offers PEDM functionality for Unix/Linux devices.

4. DevOps Secret Vault

This offers a secure vault through which to store and manage credentials for applications, RPA workflows, databases, CI/CD tools, and services. Generally, these will come in the form of passwords, SSH keys, certificates, API keys, tokens, and other secrets.

While the functionality across the whole suite is extensive, it can often be difficult to understand which combination of products is right for your business.

Delinea: Pros

There are plenty of good reasons to consider Delinea for your PAM platform. Here are some of the most widely-liked features of the platform:

• Secrets management – These tools are among the best of their kind in the industry, according to the Gartner 2023 Magic Quadrant. However, users have to purchase the additional DevOps Secrets Vault product if they want full access.
• Smooth UI – Delinea’s marketing material puts a lot of emphasis on the ease of use and intuitive customer experience of their products. Generally, users agree, with these factors being among the most common benefits cited by users.
• PEDM – Delinea’s privilege elevation tools are some of the most effective in the industry, particularly for Linux and UNIX systems.

Delinea: Cons

There are also plenty of reasons why Delinea might not be the right product for you. Here are the issues that come up most often in user reviews and testimonials:

The license model is a little convoluted depending on the product. It can also be tedious to add/purchase additional seats outside of the annual renewal process.

Delinea User Review, via G2

• PowerShell – Delinea requires users to sometimes create PowerShell scripts in order to activate features that are common and simpler to use in other products. Examples of this include access controls and privilege elevation services.
• Licensing model – Delinea’s products are designed around a complex licensing model, where rates are charged depending on the number of workstations being authorized for privilege authentication and elevation. This is designed to make the subscriptions scalable, but it can often be confusing and unpredictable for the end user.
• SaaS first – Delinea takes a largely cloud-first approach, with most new capabilities being SaaS-only. This creates issues for organizations that still use on-premises or hybrid systems since the coverage and support here will be less effective.
• No CIEM – Unlike more advanced tools like BeyondTrust, Delinea doesn’t offer up-to-date cloud security functionality like cloud infrastructure entitlement management (CIEM). This is a more advanced way to manage identities and privileges in cloud environments, creating a key gap in Delinea’s product offering.
• Siloed products – Though Delinea products are generally designed to work together, there’s a significant crossover in the features offered from product to product. This can create confusion and redundant licenses, as well as increasing the overall cost required to achieve full coverage.
• Cost – Like BeyondTrust, Delinea’s products are among the most expensive in the market. Though the company doesn’t publish pricing information, user reviews suggest it’s roughly 22% more expensive than the market average.

BeyondTrust vs. Delinea: Reviews

While BeyondTrust and Delinea certainly have their fair share of satisfied customers, it’s important to be aware of the benefits and limitations of both platforms. To do that, we’ll look through the user reviews for both providers’ main PAM products: BeyondTrust’s Privileged Remote Access and Delinea’s Secret Server.

Here’s a quick overview of the main headline ratings across three major review sites:

Gartner:

• BeyondTrust – 4.5/5 stars (232 reviews total)
• Delinea  – 4.5/5 stars – (1214 reviews total)

G2:

• BeyondTrust – 4.4/5 stars – (30 reviews total)
• Delinea – 4.4/5 stars – (39 reviews total)

TrustRadius:

• BeyondTrust – 9.1/10 stars (29 reviews total)
• Delinea – 8.8/10 stars – (37 reviews total)

These headline reviews fit roughly within the expected range for a product of this type. Generally speaking, there’s not a great deal to choose between them. But it can be helpful to dig through some of the reviews themselves so we can understand what satisfied customers appreciate – and what common concerns are also often raised.

For BeyondTrust, much of the praise comes down to the strength and range of the functionality on offer. Customers generally agree that the product offers sophisticated tools to manage remote access, encryption, and auditing.

Our organization uses BeyondTrust Privileged Access Management Suite to secure, manage, and audit remote privileged access. It allows remote assist sessions to be logged and optionally monitored in real-time and recorded for a detailed audit trail. It is very helpful in our ISO 27001 strategy.

BeyondTrust User Review, via TrustRadius

But while customers were generally positive about the functionality on offer, there were also some common gripes. Generally, these come down to the price and complexity of the product. Many users mentioned that the need to train end users created unnecessary friction.

The hardest hurdle for our organization was training end users how to actually allow the support staff to utilize the remote access. They often times had trouble allowing users into their machine and allowing permissions to be elevated.

BeyondTrust User Review, via G2

For Delinea, the situation was also generally positive, with users drawing particular attention to the ease of use, decent feature set, and wide integrations. Reviews generally agreed that the platform combines a smooth interface and ease of use with a robust set of PAM features:

The user interface is intuitive and easy to navigate, making it simple to manage privileged accounts and access.

The tool also offers a range of features, including privileged session management, remote access, and credential management, which are essential for any organization looking to secure their sensitive data.

Delinea User Review, via G2

But like with BeyondTrust, Delinea’s comparatively high price point was a big drawback for many reviewers. Users particularly noted the disparity between on-premises and cloud-based versions of the products, as well as the opaque licensing model.

Great solution for on-prem or cloud but cloud can be costly. The on-premises solution works well and is reasonably priced. We tried migrating to the cloud but it was substantially more expensive.

Delinea User Review, via G2

In general, BeyondTrust leads on functionality and innovation but lags behind on ease of use, user interface, and a lack of integrations. Delinea is generally considered to be much easier to use but with a slightly narrower feature set and a confusing licensing model.

Both products are much more expensive than the market average.

But there’s also another drawback that both products share: They only focus on PAM features. Generally, that means organizations will need other products or licenses to get a complete cybersecurity solution – whether that’s endpoint detection, vulnerability management, or more. That creates more licenses, higher costs, and more confusion.

So what’s the solution?

Heimdal® XDR: One License, One Platform, One Integrated Security Approach

BeyondTrust and Delinea both split their suite of PAM features across four separate products. With Heimdal®, all our PAM features are available through a single privileged access management module. But it’s not just about privileged access management, Heimdal®’s Extended Detection and Response (XDR) solution offers much more.

Unlike BeyondTrust and Delinea, Heimdal® aims to offer a single, comprehensive security solution.

Most products in the cybersecurity scene are designed to do one job well. But here’s the issue with this approach; it generally requires multiple overlapping tools and licenses, often from different vendors. While each of these tools might be fantastic at a particular job, the result often ends up being a confusing and expensive cybersecurity solution, with siloed tools that don’t really communicate with each other.

With Heimdal®, you get access to a single integrated platform for all your security needs. Here’s what that includes:

• Network security;
• Endpoint security;
• Vulnerability management;
• Privileged access management;
• Email & collaboration security;
• Threat hunting;
• Unified endpoint management.

Our extended detection and response product features tools that span the entire spectrum of cybersecurity needs. One license, one platform, one unified approach.

Book a demo to find out more.

FAQs

Is Delinea the same as Thycotic?

Delinea was born out of the merger between Thycotic and Centrify. Both former companies are now referred to as Delinea.

Is BeyondTrust the same as Bomgar

BeyondTrust was founded in 2006 and was acquired by Symark in 2009. The resulting company was then acquired by Bomgar in 2018. In both cases, BeyondTrust was adopted as the main company name, making today’s company the modern development of both Bomgar and Symark.

What is BeyondTrust used for?

BeyondTrust is a specialist cybersecurity vendor offering privileged identity and access management products, largely for enterprises and global companies. Their products support Unix, Linux, Windows, and macOS operating systems.

What’s the difference between BeyondTrust and Delinea?

Generally, BeyondTrust caters to larger enterprises with more complex IT systems. Delinea’s products, however, are generally considered easier to use and offer sophisticated PEDM and secrets management functionality. Both products are significantly more expensive than the market average.