Competitive Conundrum
Nonsense Negation
Product Pandemonium
Frustration Flush
Objection Overload
100

A prospect has provided a chance to displace their remote access tool and has asked for BT to tell them why they should buy Remote Support instead; name one topic to kick the conversation off with?

  • One tool for all users’ devices and platforms. Attended, Unattended, and Mobile access. “One tool” means consolidated toolset results in standardized processes, better security, lower costs, more efficient
  • Built for the Service Desk with Granular Role-Based Permissions, Skills based routing, and robust group-based session management
  • Auditing and Reporting to an extreme degree
  • Secure by Design with a single tenant appliance-based architecture to help achieve auditing & Compliance
  • Secure TLS Encrypted Connections (with SSL certificate)
  • Secure Authentication with existing Identity Providers and 2FA
  • Best in class security provides a shrinking of the attack surface. Eliminate the open listing ports and closing risk based on connections in and out of the environment. Reduce the risk of lateral movement. Reduce administrative credentials.
  • Flexible Deployment Options with On-premises, cloud, and virtual.
  • Wide range of integrations (many ITSM) to enable cross platform collaboration and cohabitation.
100

What happened to the remains of the man who invented the frisbee?

As per Ed Headrick's wishes, his ashes were incorporated into a limited number of frisbees. "When we die, we don't go to purgatory," Headrick reportedly said shortly before his passing. "We just land up on the roof and lay there."

100

Name the individuals/groups that need to be tapped for Privilege Management Windows and Mac & Privilege Management Unix and Linux discussions.

  • Identify if the CISO is the right person *nix landscape is very different to desktops
  • Windows and Linux teams can be the same or different. System Admins, Development, Security, Compliance, Application teams are all potential targets and many more.
  • Call your existing PMWM customers. If a customer has PMWM, they are most likely also have Linux Servers or can lead us to those who manage them
100

What was the most notable war to be fought in the year 1932?

The Great Emu War. The war lasted just a month. The soldiers literally used machine guns to fight the birds, but when the gun jammed, the emus won a small victory.

100

Provide one objection to a customer with TeamViewer that has mentioned its low cost and minimalistic/easy interface/UI (User Interface) as reasons for renewing the solution. Bonus Question: Name the different Hypervisors that Remote Support can be deployed on virtually? 50 Points Each

  • TeamViewer pricing is based on concurrent connections rather than concurrent reps
  • This perception is driven by a lack of features not a minimal feature set and BT outperforms in this area with an abundance of automation tools and use cases for no extra cost
  • Feature sets to bring up are automations, skill based assignment and queueing, resource injection, session recording, attended/unattended access, chatbot and Microsoft Teams integrations, all with central management.
  • Deployment of our solutions has been perfected over decades to achieve simplicity from trials to production being available on-demand
  • BT user and queue management offers additionally capabilities that are necessary for any helpdesk environment
  • Purpose built tool with a focus on security and a reputation to back it
  • RS offers centralized management of session recordings versus them being stored on the representatives’ systems by default

Bonus: VMWare, Hyper-V, Nutanix

200

Name one of the primary competing products/product types for our AD Bridge solution or provide one of our AD Bridge solutions differentiators in the face of such competition. Bonus Question: Which BT product is AD Bridge usually tagged onto or associated with? 50 Points

Define – AD Bridge allows people to log onto Unix or Linux systems using their Active Directory (AD) usernames and passwords, without requiring additional infrastructure or password synchronization. This is normally not possible easily.

  • Competing Solutions
  • free solutions are the most common tools we see this compete against SSSD (System Security Services Daemon), SUDO (Superuser DO), FreeIPA, Root
  • paid solutions include the likes of Centrify/Thycotic who came together and are now Delinia
  • Differentiators
  • Utilize a single tool set, Active Directory, to access systems which don’t normally allow AD access (*nix)
  • provide a centralized view of authentication, which pretty gives an end user visibility into what machines they can access
  • auditing and tracking who does what through reporting
  • Native tools: Direct integration into AD native tools (ADUC, GPO
  • Manger/Editor) with no schema changes required.
  •  Simplify IAM: Enable Unix/Linux systems to participate as “full citizens” in AD (including Group Policy) without additional infrastructure or password synchronization while simplifying migrations from multiple authentication mechanisms, identities, and directories to a single AD-based infrastructure for all systems/users.
  • Auditing, alerting and change tracking: Including Unix information managed through AD including Group Policy.
  • Extensive platform support: 175+ systems are supported (AIX, Solaris, HP-UX, SuSE, RedHat, VMware)
  • Extensive AD support: Unix/Linux site awareness, support for nested groups, forests, sites, etc.

Bonus: Privilege Management for Unix & Linux

200

What sculpture is Actor James Franco most known for?

In 2011, an art collector paid $10,000 for a "non-visible" sculpture by Franco titled "Fresh Air" and billed as "an endless tank of oxygen".

200

Provide a use case for Password Safe and Privilege Remote Access as if a customer was looking at both. Bonus Question: What is the integration between Password Safe and Privilege Remote Access/Remote Support? 50 Points

Password Safe

  • Discovery for directories, servers (Windows and Unix), databases, network devices, applications and much more
  • Password/SSH key rotation across the board with the ability to configure conditions for the rotation
  • Propagation actions to windows services, scheduled tasks, IIS app pools and more
  • Automation of onboarding from discovery to access
  • Custom platforms

Privilege Remote Access

  • Discovery just for AD, Azure AD and local windows accounts with propagation to windows services
  • Password rotation – basic and cannot be configured by administrators and only applied to what can be discovered
  • Managed vendor access/onboarding
  • VPN-less access

Bonus: The integration allows for Password Safe managed credentials to be passed into the SRA platforms so they can be injected/checked out during sessions. This extends the abilities of what Password Safe can manage that SRA cannot into SRA for access.

200

What number do you get if you add up all the numbers on a roulette wheel?

666. Now, lets go do some devil worship.

200

During a QTR (Quarterly Technical Review) for a customer’s Endpoint Privilege Management and Password Safe solution, they advised BT that their new CISO has asked them to review Saviynt for their PAM initiatives. Provide one reason to position BT in the best possible light.

  • Saviyant does not have an EPM offering available
  • Secrets management is limited in nature and dependent on integrations with other tools
  • Historically weak on their session management/reporting/analytics which is considered one of the more important use cases for PAM
  • Lack specialized controls for common use cases
  • Performance and scalability have been a common pain point for Saviyant
300

Name one differentiator for Password Safe as it is related to Delinia's Secret Server solution.

  • Automations through smart rules and beyond. Not only does Delinia lack in this area but their customers are noted to not even use the rotation capabilities as a primary use case and simply use it for storage. Gartner MQ "lags behind in advanced credential management.
  • Offer more custom scripting capabilities and templates based on previous implementation.
300

 What animal can clean its own ear with its tongue?

An adult giraffe's tongue is about 21 inches long and super flexible. (A chameleon's tongue is twice as long as its body, but it doesn't have ear holes!)

300

Name one of the connectors for our Security Insights solution. Bonus Question: Does it support Password Safe On-Prem? 50 Points

  • AWS (Amazon Web Services)
  • Github
  • GCP (Google Cloud Platform)
  • Microsoft Azure
  • Okta
  • Password Safe Cloud
  • PingOne
  • Privilege Management Cloud
  • Privilege Remote Access
  • Remote Support
  • Insights

Bonus: Yes

300

Which animals are capable of laughing? 

Rats. Not funny, actually quite scary...

300

A current prospect is exploring security tools and has discussed speaking to CrowdStrike but is unsure. Object to this with a differentiator in favor of BeyondTrust Security Insights versus, the similar but not in direct competition of company, CrowdStrike’s Falcon. Bonus Question: In relation to a company like CrowdStrike, what does Security Insights NOT do? 100 Points

  • We offer better contextualization of data, mitigating alert fatigue
  • Primarily targeted toward on-prem AD
  • Need to pay extra for cloud visibility
  • Support costs extra, but poor customer support experience
  • One customer reported being directed to support reps in unsuitable time zones, requiring them to bring in C-level leadership to get sufficient support
  • Environment is highly unstable
  • Detections do not surface up to the identity view
  • Lots of false positives when it comes to detections
  • No granular settings for exclusion management
  • No ability to report on or even note false positives to improve detection accuracy
  • "I couldn't specifically address individual issues on individual accounts and mark them as [...] a known thing."

Bonus: Most companies in the ITDR space have a heavy focus on the R (Remediation) which is an area we do not focus on as a company. The roadmap does show items where integrations with our other solutions will offer actions to be taken within the bounds of those BT solutions. Example: Creation of new accounts identified by Insights are passed onto Password Safe to be onboarded and managed for compliance and security.

400

When discussing Endpoint Privilege Management in a competitive scenario; name one topic we want to layer into the discussion for Windows & Mac then name another topic for Unix & Linux. Bonus Question: What feature within Privilege Management for Windows allows for custom scripts to be executed prior to and after process launch? 100 Points

Windows & Mac

  • QuickStart templates offer the BT methodology and deployment plan for our customers in a point and click fashion.
  • One of the best and most advanced Mac offerings on the market. The capabilities and use cases we cover are second to none. example: CyberArk is limited to file and application execution and temporary elevation, unable to limit PowerShell commands. we also have a mac specific development team
  • Azure AD MFA Step up support / MFA offerings per message / per application at a granular level.
  • Range of application coverage far exceeds other organizations’ capabilities.
  • extremely scalable, easy to implement and easy to support over time / with updates.
  • offers application management AND privilege elevation together in a single solution. We also offer cloud and on-prem solutions which provide the same capabilities.

Unix & Linux

  • Correlates user behavior against asset vulnerability data and intelligence from best-of-breed security solutions.
  • one of the few on the market with a cloud solution
  • central auditing and session monitoring, no local logs to be manipulated, file monitoring and full recordings.
  • offers user/role-based policies as well as script based policies
  • supports a wide range of OS and offers one method for all of them. Unifies policy, management, reporting and analytics, upgrades and more across all privilege management systems.
  • decades of being the top contender in the space and was built from the ground up

Bonus: PowerRules extends the capabilities of our solution beyond application control and privilege management and enables the organization to leverage their own scripts to perform actions. Example: ServiceNow Integration

400

What is the closest living relative to the Tyrannosaurus Rex?

Scientists have at last uncovered the closest living relative of the mighty T-rex. For the first time, researchers have sequenced proteins from the long-extinct creature, and many of the molecules show a remarkable similarity to those of the humble chicken.

400

Name all the products in the BT portfolio which integrate with ServiceNow. Bonus Question: What are all the different types of integrations Remote Support has with ServiceNow? 50 Points Each

BT Products Integrated into ServiceNow

  • Secure Remote Access
  • Password Safe
  • Endpoint Privilege Management

Bonus: ServiceNow, ServiceNow Basic, ServiceNow CSM, ServiceNow ITSM Auto-Create

400

Ewan McGregor has a brother that was a member of the RAF. What was his callsign?   

Obi-Two

400

Ex-Thycotic and now Delinia customer is reviewing other solutions to replace their current deployment of Secret Server and Remote Access Service which they say is being developed aggressively and has a single pane of glass. Offer one shrubbery… Or one objection in favor of both Password Safe and Remote Support to be their replacement with outlooks for expansion into other products.

  • The instability and disruption that comes with a merge is real and has noticeably affected their abilities to grow from all angles but this is only a temporary state and more of an internal understanding or the unspoken art.
  • While it is true they have a single pane of glass that is only for these former Thycotic products and no others. Other within their portfolio have little to no integrations
  • RDP session management with keystrokes and metadata recording requires installation of local agents on target servers. We do not require this.
  • Support for advanced service account, credential management scenarios and management of local systems is limited with their vault.
  • Moving to a cloud only model is their roadmap
  • Not consistent offerings for form factors between solutions (on-premise, virtual, cloud or hybrids)
  • Dependent on native Microsoft functionality for their redundancy and scalability while not offering a break glass function when the console is unavailable.
  • Will require other tools within the Delinia portfolio like Secret Server (credential management + basic session mgmt), Connection Manager (add. session mgmt capabilities), DevOps Secrets Vault (secrets management), and Remote Access Service (vendor remote access)) which we cover with a combination of PWS and PRA.

Bonus:

- Strong offering for account onboarding and discovery but some of this relies on custom scripting by the client which can also present itself to be a negative

- Offers adaptable grouping within their Secrets Server solution which allows great personalization from a user prospective

500

Name a differentiator for CyberArk’s portfolio in their favor over BeyondTrust and then offer a counter for how BeyondTrust's portfolio can compete.

CyberArk’s Landmines for BT

  • CyberArk offers a superior secrets management tool (Conjure)
  • CyberArk offers drastic cuts in price to keep/steal business.
  • CyberArk has a large partner / technology alliance network and offers more integrations than BT.
  • CyberArk offers a more mature CIEM solution and boasts a single pane of glass.

BT's Landmines for CyberArk

  • Discovery and onboarding / the continuous process of it is lacking as compared to BT. Nor do they support scanning a wide range of databases (SQL only) with no support for SNMP or port scanning.
  • CyberArk’s Dynamic Privileges Access is limited to RDP and SSH protocols.
  • Difficult to implement, historically requires more tech/tools to deploy, and not using professional services can void support contracts.
  • Scalability even with the increase in their technology requirements has been historically difficult with sub optimal performance/constant issues with growth. This is also seen through their upgrade process.
  • BT is known to be faster and simpler to implement and this means a shorter time to value
  • PRA offers a wider range of technology and use cases which are not seen in their Privilege Access manager. This tool is also the most expensive on the market.
  • "Best in class for UNIX/Linux and macOS PEDM, and a top performer for Windows PEDM" with CyberArk as "average"
  • CyberArk’s Identity Security Intelligence tool is limited in its connectors and currently does not offer connections into IDPs, vastly limiting its capabilities as compared to BT.
  • PAM is PAM, there aren't a whole lot of differentiators to begin with and we need to understand this. We sometimes do need to rely on our ability to deploy the solution with a smaller footprint, quicker, and leverage our technology/methodology to ensure the success and ongoing health of the solution.
500

Which of the following has more chromosomes than a human? Potato | Egg | Ant | Skunk

Humans have a total of 46 chromosomes, while potatoes have 48. All hail our potato overlords!

500

Name one use case for both Privilege Remote Access and Remote Support for a customer trying to understand both.

Remote Support

  • Internal or Customer Facing Help/Support Desk
  • Ad-Hoc Support/Chat – Inbound session requests
  • Supporting end user machines
  • Preconfigured access – no approval/notification workflows
  • Mobile Device Support
  • Insight – Mobile Video Sharing
  • Concurrent User licensing

Privilege Remote Access

  • Security teams – Access for Internal or 3rd Party privileged users to privileged assets
  • Preconfigured access only
  • Approval or Notification workflows
  • Protect access to Cloud or IaaS infrastructure (Web Jump)
  • Time based restrictions
  • OIT/ICS Access
  • Endpoint licensing
500

What is Cap'n Crunch's rank?

Apparently, Cap'n Crunch has been exaggerating his Navy service for decades. He wears just three stripes on his uniform cuffs, which makes him a commander, not a captain.

500

Current CyberArk customer is required to evaluate other solutions as part of the renewal process every 3 years for their Privilege Access Manager and Endpoint Privilege Manager for Mac. Provide one objection to this renewal in favor of either our Password Safe or Privilege Management for Mac solutions. Bonus Question: Name the part of the technical sales process for Privilege Management for Unix & Linux, which we encourage prospects to get to for this product, that drastically increases the possibility of a Closed/Won.

Password Safe

  • Resource requirements for deployment and scalability are much larger and in turn more costly when compared to BT deployments. Example would include the number of appliances required for scaling. As such there are not suitable for smaller or resource starved teams
  • Difficulty in the overall management and configuration of the product often leaves it limited in its use
  • Disaster Recovery requires manual processes where we have automation built in
  • Known as being the most expensive on the market
  • Our solution has all features baked in except for Workforce Passwords while they have different gateways in place for functionality
  • Secrets Safe is now built into our Password Safe solution whereas their Conjure is a separate solution from their Privilege Access Manager
  • Cloud based software components are complex to maintain while our resource brokers are plug and play
  • Lots of complexity between their onboarding and management where this is defeated with out smart rules and continuous onboarding/scanning capabilities
  • PAM is PAM – we do a lot of the same things and again this should be acknowledged

Privilege Management for Mac

  • CyberArk has removed their on-premise EPM offering at the end of last year
  • MacOS functions are limited to file and application execution/temporary elevation
  • BT features to note are ensuring users can execute commands, control over both the installation and uninstallation of applications, custom messaging, and controls
  • User and technician interface for CyberArk is nonintuitive and unfriendly

Bonus: Getting a PMUL customer into a Proof of Concept has historically always increased the odds of winning the deal. Remember that these deals are slow burns that require technical handholding and support.

M
e
n
u