Many software and cybersecurity organizations provide a virtual appliance deployment option for their solutions. Benefits of virtual appliances over hardware include both lower upfront costs and longer-term maintenance costs, simpler configuration, and the ease for deployment across cloud platforms. Of course, in the COVID-19 era, anything that can be deployed virtually as software as opposed to installed onsite via a human is also a big plus.
Yet, virtual appliance benefits can be undermined if the module itself introduces vulnerabilities within the customer’s environment. And, surprisingly, virtual appliance vulnerabilities are rife—even for offerings from some of the most well-respected names in cybersecurity, according to Orca Security’s 2020 State of Virtual Appliance Security report.
The Orca research study evaluated 2,218 virtual appliance offerings across 540 vendors. Orca scanned known vulnerabilities as well as other risks to provide an objective assessment score and ranking. Orca uncovered an astonishing 401,571 vulnerabilities across all solutions assessed!
BeyondTrust is proud to be one of a small, rarefied sliver of vendors that stood tall in the Orca study. Our BeyondInsight virtual appliance for our privileged access management (PAM) platform earned an A+ grade, along with less than 8% of all offerings in the study. No security issues were found with the BeyondTrust virtual appliance. BeyondTrust was also one of a handful of vendors highlighted several times in the report for the security robustness of our virtual appliance offering. On the opposite side of the spectrum, 15% of vendors in the report received failing (F) grades, including some IT security industry heavyweights.
One positive development from the Orca research is that 287 products have been updated and at least 36,938 vulnerabilities have since been addressed.
BeyondTrust Physical and Virtual Appliances: Built Secure
BeyondInsight is a comprehensive privileged access management platform that provides unified management, reporting, and threat analytics for BeyondTrust solutions. It maximizes visibility, simplifies deployment, automates tasks, improves security, and reduces privilege-related risks. BeyondInsight allows you to maintain complete and ongoing visibility and control over all privileges in your environment with a centralized management, reporting and analytics console.
To meet the needs of our diverse customer base, BeyondTrust offers flexible deployment options, including on-premise, cloud, and virtual appliances. BeyondTrust privileged access management appliances provide multi-platform network discovery, automated password and session management, centralized policy enforcement, least privilege enforcement, automated risk assessment, and powerful reporting, compliance, and regulatory audit capabilities. Appliances can be deployed in just 15 minutes.
BeyondTrust ensures robust security for our physical and virtual appliances by:
- Hardening appliances to CIS standards
- Disallowing installation of unapproved third-party applications
- Enabling secure auto-updates via BeyondTrust Updater, which is embedded on the appliance
- Providing a monthly release of Security Update Package Installer (SUPI), which are pre-screened security updates
BeyondTrust solutions are built secure by design to protect and enable the most security-conscious organizations in the world. Contact us today to learn how BeyondTrust can help you secure every privileged account, session, and asset across your enterprise.

Matt Miller, Director, Content Marketing & SEO
Matt Miller is Director, Content Marketing at BeyondTrust. Prior to BeyondTrust, he developed and executed marketing strategies on cybersecurity, cloud technologies, and data governance in roles at Accelerite (a business unit of Persistent Systems), WatchGuard Technologies, and Microsoft. Earlier in his career Matt held various roles in IR, marketing, and corporate communications in the biotech / biopharmaceutical industry. His experience and interests traverse cybersecurity, cloud / virtualization, IoT, economics, information governance, and risk management. He is also an avid homebrewer (working toward his Black Belt in beer) and writer.