BeyondTrust Privileged Identity (Legacy) vs. Carbon Black App Control

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
BeyondTrust Privileged Identity
Score 9.9 out of 10
N/A
BeyondTrust Privileged Identity (formerly Bomgar Privileged Identity, an updated version of Lieberman RED) is an enterprise privileged credential management solution, password generator, featuring disconnected account management.N/A
Carbon Black App Control
Score 8.3 out of 10
N/A
Carbon Black App Control is an application control product, used to lock down servers and critical systems, prevent unwanted changes and ensure continuous compliance with regulatory mandates.N/A
Pricing
BeyondTrust Privileged Identity (Legacy)Carbon Black App Control
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
BeyondTrust Privileged IdentityCarbon Black App Control
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
BeyondTrust Privileged Identity (Legacy)Carbon Black App Control
Considered Both Products
BeyondTrust Privileged Identity
Chose BeyondTrust Privileged Identity
CyberARK is superior in every way. Lieberman RED was selected by upper management without consulting with technical employees.
Chose BeyondTrust Privileged Identity
CyberArk and ERPM are direct competitors. Great thing about ERPM is the ability to integrate with Sailpoint out of the box. Add to that the lower overall cost of the product.
Carbon Black App Control
Chose Carbon Black App Control
VMware Carbon Black EDR and VMware Carbon Black Endpoint
Chose Carbon Black App Control
VMware Carbon Black App Control [(formerly Cb Protection)] is just much more advanced and gives administrators much more insight into the security framework. The cost is higher but at the same time the features are much more advanced. It is also easy to move throughout the …
Chose Carbon Black App Control
The big difference between Protect and Barkly/AMP is how exactly it goes about what it's doing. Protect is application whitelisting and program reputation. So the way it's protecting you is using a proprietary reputation service, and hash values to identify applications, and …
Best Alternatives
BeyondTrust Privileged Identity (Legacy)Carbon Black App Control
Small Businesses
RoboForm
RoboForm
Score 9.9 out of 10
GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
1Password
1Password
Score 9.5 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
KeePass
KeePass
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
BeyondTrust Privileged Identity (Legacy)Carbon Black App Control
Likelihood to Recommend
3.0
(0 ratings)
10.0
(0 ratings)
User Testimonials
BeyondTrust Privileged Identity (Legacy)Carbon Black App Control
Likelihood to Recommend
It is very well suited to manage local passwords on machines. It fails at managing accounts located in the directory. It treats a directory as a "system" as a result of your settings for the "system" ends up being global. It makes for a very complicated rights structure. Rights have to be assigned on a per accounts basis.
Read full review
It is more suited to lock down critical systems and servers to prevent unwanted changes, although you can use it on daily basis on laptops and desktops, it needs constant attention and events analysis. For some scenarios i.e. financial institutions it is a must-have solution, as App Control now is a requirement 5 of PCI DSS.
Read full review
Pros
  • Manage local accounts of workstations and servers.
  • The web interface is easy for users of RED to use.
  • The shared password list is a very nice feature that allows users to store credentials that have to remain static.
Read full review
  • Device Control - you can view and allow/disallow the ability for certain devices to be used in your environment. Specifically we used this with USB drives. If you have one you want to use - whitelist the serial number. The rest can't be used. Simple and easy.
  • Software blocking. If you have an extremely dynamic software base (I doubt this is likely) this could get a bit annoying, but for most organizations like ours where we have specific applications that are required, and then the rest are a bit of an afterthought, it's easy to whitelist the correct applications that you want to be able to run in your environment. The rest can't run (in high enforcement). Users are able to easily request new applications, and you can set certain groups to be able to approve it on their own.
  • Solid platform - with few exceptions setting up new software was very easy (Dragon Medical was a bit tricky, but worked through it with support). Once you have your rules set up and the initial setup done, you tend not to have to do much of anything except to update on occasion and deal with a few requests for applications to be unblocked, or publishes approved.
Read full review
Cons
  • Not as slick as CyberArk
  • Training is free, but could use a lot of improvement
  • Documentation needs refinement
Read full review
  • More frequently updates of "Software Updaters".
  • Possibilities to tag within Yara rules.
  • Overall it is the best whitelisting solution I have used.
Read full review
Alternatives Considered
CyberArk and ERPM are direct competitors. Great thing about ERPM is the ability to integrate with Sailpoint out of the box. Add to that the lower overall cost of the product.
Read full review
The big difference between Protect and Barkly/AMP is how exactly it goes about what it's doing. Protect is application whitelisting and program reputation. So the way it's protecting you is using a proprietary reputation service, and hash values to identify applications, and then hitting a list of whitelisted programs to decide if you are able to run that or not, based on the policy you are in. There is a LOT of value in that. We actually are working on transitioning to Cisco Advanced Malware Protection (AMP). The main reason is cost (about the same cost as Cb Protect, but with (most of) the featureset of all 3 Carbon Black products for less than 1/3 of the total spend. AMP works differently, looking at a reputation service powered by Cisco's Talos cloud. You don't really have application whitelisting, but that also reduces how many "requests" you get for applications. So I'll have to find a different way to do whitelisting and USB blocking and the like, but I'm getting more visibility across my network and also built in antivirus (TETRA engine - ClamAV with some work). Barkly is an add that we are looking to put in as it looks at behavior of programs. So specifically it watches for privilege elevation and the like. Thus far all the big name problem children (WannaCry, other ransomware problems) have been caught natively in Barkly day 0.
Read full review
Return on Investment
  • Lower cost than competitors
  • Ease of usr means easy to get staff up to speed on the product
  • Very painless rollout, meaning less time troubleshooting issues
Read full review
  • Dashboards are easy to understand for management
  • We feel more secure than we were on our previous platform
Read full review
ScreenShots