Insider Threat Protection

Universal software platform to manage user-based risks

We Help Detect, Investigate, And Protect From Insider Threats

After decades of investing into external threat protection, companies are now facing the fact that a number of attacks originate from internal risks. Insider attacks are much harder to detect and and if undetected can result in significant costs to any business: the average cost of an insider threat reaches $8.7 million*.

With the increasing complexity of todays insider threats, organizations must now begin to invest in specialized technologies and methodologies of detection and prevention.

of all attacks in 2017 were committed by an insider **

of insider and privilege misuse incidents took months or years to detect

*2018 Cost of Insider Threats: Global Organizations report by the Ponemon Institute
** 2017 U.S. State of Cybercrime Highlights by CERT


68% of all data breaches
in healthcare were driven
by internal actor.*

30% of all data breaches in education were driven
by internal actor.*

40% of all data breaches
in public administration
were driven by internal actor.*

58% of attacks on financial
service industry had insider
as a source.**

* According to Verizon 2017 Data Breach Investigation Report
** According to IBM X-Force Threat Intelligence Index 2017

Ekran system makes user activity controllable

Ekran System is a universal software platform that combines monitoring, recording and auditing of all user activity on critical endpoints, critical data and critical configurations with advanced detection and response capabilities. In-built access management toolset contributes to lowering user-based risks.

The platform has in its core a specific format to facilitate analysis and investigations. Each user session is recorded into a screen capture video augmented with a multi-layer synchronized index containing text information from application names and typed commands to connected devices and other data.

It creates an integrated activity log for each session, that can be easily audited, searched, exported, or passed to the central SIEM system.

Ekran System Function Highlights

Screen Video Recording

User screen capture is used to record each session in video format. Youtube-like player with FF and Live Session View options enables effortless analysis.

Multilayer Metadata

The product captures a number of additional logs used to index session video records, such as application names, URLs, Linux commands, keystrokes, and others.

Auto Alerts

Ekran System includes an advanced alert system capable of notifying you in real time about suspicious user actions. With it, you can investigate and respond immediately.

In-video Episode Search

Ekran System facilitates your investigations enabling search by keywords both within the current session and across all recorded sessions.

Access Management

The in-built access and session management toolset includes 2-factor authentication, one-time passwords, password vault, ticket system integration, and more.

Seamless Integration

Various endpoint types and architectures support allows fitting any infrastructure. Additional integrations with SIEM and ticketing systems embed Ekran System into your security ecosystem.

Why choose Ekran System

Get the best of both worlds

Being an agent-based platform, Ekran System provides clients for all kind of endpoints, including desktops, servers, and jump boxes supporting any combinations of them. It allows the platform to combine agent-based and gateway approaches to monitoring. With significant engineering work behind solution optimization, the platform works stably on deployments of tens of thousands of endpoints.

Enable projects of any size

Delivering flexible deployment and licensing options, Ekran System targets organizations and projects of all sizes, starting from just a couple of endpoints, staying cost-effective and performance-effective as the deployment grows.

Solve problems instead of creating them

Aiming at simplifying deployment and maintenance for client teams, the platform includes a bunch of elaborate installation, updating, configuration, archiving, and disaster recovery mechanisms. Our goal is to make the product usable and reliable for our clients, whatever big or small their team is.




They Chose Ekran System®


What is user activity monitoring?

User activity monitoring software allows you to track user activity within your corporate network, across devices, and throughout your entire IT infrastructure. With user activity tracking tools, you can identify which applications, sites, and data users access and how they interact with them.


With a user activity monitoring solution, you can strengthen your current cybersecurity, protect confidential data from malicious users, and enhance insider risk management.

Why do I need to monitor user activity in my organization?

The goal of implementing a user activity tracking application is to prevent insider threats. Using activity tracking software, you can identify suspicious activity and reduce the risk of a cybersecurity incident. You can also use such software to track employees’ active and idle time to monitor employee performance.


Main reasons to monitor user activities:


  • 1. Secure sensitive information
  • 2. Reduce the risk of insider threats
  • 3. Ensure that users stick to cybersecurity policies
  • 4. Increase employee productivity
  • 5. Comply with applicable cybersecurity standards, laws, and regulations

Is user activity monitoring legal?

Yes. Digital user monitoring is legal, but it’s regulated by legislation.


To know how to monitor user activity legally, you should check with applicable laws within your jurisdiction. Typically, legislation requires businesses to inform users of monitoring and receive their consent.


If your organization operates in the US, you should pay attention to both federal and state laws, as state laws can have their own requirements. For example, businesses that operate in Connecticut and Delaware don’t have to notify employees about email or internet monitoring. Meanwhile, employers in Colorado and Tennessee must create written email monitoring policies.

How does Ekran System monitor user activity?

Ekran System is a powerful insider threat management platform that ensures comprehensive user activity monitoring.

In particular, Ekran System monitors user activities in real time and makes video and audio recordings of user sessions so you can watch them later if needed. All records are searchable. Thus, you can find out whether a user has accessed certain data, launched specific applications, or visited particular websites during working hours.


Also, Ekran System continues monitoring user activity even if the internet connection goes down.

Does Ekran System interrupt employees’ work?

No. Ekran System does not influence the user experience. It monitors user activity smoothly without disturbing users.

However, Ekran may interrupt a user’s work if the user acts suspiciously. According to customizable rules, users can receive notifications explaining that a particular action violates cybersecurity policies. Also, your security admins can automatically or manually block suspicious sessions, users, and actions as needed.

How does Ekran System store collected data?

When monitoring user activity on an organization’s network, Ekran System gathers the necessary data and stores it securely using military-grade encryption. Ekran System doesn’t store passwords entered by monitored users.

What do I get from deploying Ekran System?

Ekran System offers more than just monitoring. Using this platform, you can:


  • 1. Know who accesses your sensitive data and how they handle it by arranging robust real-time user monitoring
  • 2. Prevent data leaks and breaches caused by insiders by detecting suspicious activity and instantly responding to it
  • 3. Enhance your cybersecurity by automatically sending notifications when users violate cybersecurity policies
  • 4. Evaluate employee efficiency by analyzing productivity reports
  • 5. Ensure compliance with various standards, laws, and regulations including GDPR, NIST, FISMA, HIPAA, and SWIFT


As a robust insider threat management platform, Ekran System can easily be adjusted to the specific needs of your organization.


For example, you can receive automatic custom reports on a convenient schedule. Also, in case an incident occurs, you can quickly export a full monitored session or a fragment of a session into an independent file.

How can I deploy Ekran System?

Ekran System is on-premise software that supports various deployment options. You can install Ekran System Client on each endpoint or install just one Ekran System Terminal Server Client on a jump server to ensure user activity monitoring of all sessions that come through your server.


Installation is easy and takes less than an hour. If you have any questions or doubts during the process, our 24/7 customer support team will be there for you.

More FAQ