CyberArk vs Lieberman vs Ekran System

 

With privileged identity management being one of the most representative and important part of an enterprise cyber security policy, we decided to look closer to three products: Cyberark vs Lieberman vs Ekran System. We compare their features and effectiveness from the insider threat detection and prevention point of view and give some recommendations to help you decide which one better suits your company profile and needs.

 

 

Ekran System

Lieberman Enterprise Random Password Manager

Cyberark Privileged Account Security Solution

Overview

User activity monitoring solution for insider threat prevention

Privileged credentials management platform with related activity audit and reporting features

Privileged Identity Management platform with user action audit and analysis features

Target audience

SMB and large enterprises

Large companies with the need for extensive privilege access management

Large companies with the need for extensive privilege access management

Price

*

***

****

Architecture

Agent-based solution supporting jump server deployment

Jump server solution

Jump server solution

Feature set

  • Full session video recording for servers and workstations
  • Extensive collection of activity details
  • Advanced search, analysis, and reporting tools
  • Customizable and in-built real-time alerts
  • Basic server access control toolset
  • Two-factor authentication and one-time password functionality
  • SIEM and ticketing system integration
  • Manual user blocking
  • USB device usage management
  • Privileged accounts auto-discovery and management
  • Privileged credentials management
  • Basic session recording
  • Compliance-sound reporting
  • In-built real-time alerts
  • Privileged accounts auto-discovery and management
  • Privileged credentials management
  • Session recording
  • Audit log search tools
  • Deterministic and behavior-based activity analysis
  • Real-time alerts on events

Additional benefits

  • Stable agent with great performance
  • Multi-layer user activity details
  • Flexible licensing scheme for any deployment size
  • Automatic license provisioning for virtual environment
  • Compliance-sound privileged credentials management
  • Automated privileged identity discovery and tracking
  • Multiple integration options
    • Fully compliance-sound privileged credentials management
    • Automated privileged identity discovery
    • In-built security intelligence with behavior analysis
    • Expandable platform with customizable feature set

Product Review Summary

 

Cyberak and Lieberman vendors are direct competitors in the PIM market. Both provide solutions with broad privileged account discovery and credentials management capabilities, while including session recording as an additional feature. Action audit of Lieberman ERPM and security intelligence of Cyberark are focused first of all on the credentials compromise and password management operations.

 

In terms of the client profile, both solutions target large enterprises with extensive infrastructures and compliance regulations on the agenda. Generally, Lieberman ERPM is more affordable and easier in use, while Cyberark Privileged Account Security Solution provides expandable reach feature platform and advanced security intelligence.

 

At the same time, Ekran System’s primary focus is user activity monitoring with catching all details of any performed action, from login to configuration changes to USB device connections. Together with non-intrusive deployment, floating licensing, and easy ones-to-thousands scalability, it makes Ekran System a perfect choice for incident investigation and continuous insider threat detection tasks. This product would also be a good choice for SME users due to its cost-effective licensing schemes and in-built basic server access control tools.

 

Covering any existent infrastructure architecture, including already set up jump servers, Ekran System can be considered not only as an alternative but also as an additional solution for Lieberman or Cyberark to provide extended monitoring and session analysis capabilities.

 

Architecture and Deployment

 

When you choose Lieberman vs Cyberark, you must accept that any of this deployments will require some time and some changes in your existent infrastructure access and interaction schemes. Both solution use agentless approach based on the jump server architecture with any privileged session first accessing a privilege access management jump server and then destination end-point.

 

Ekran System uses a different approach. It has a traditional server-agent architecture with agents being installed on the target servers – to record all concurrent sessions there – and, if required, workstations – to record all local and remote sessions on them. Ekran System agent can be also installed on a jump server thus recording all sessions redirected from it. Agent deployment options include remote agent installation and installation by means of a third-party server with automated agent provisioning available for virtual environments.

 

While agent-based architecture is traditionally considered riskier in terms of performance problems, the practice shows that a single access point of a jump server type can frequently become a performance bottle-neck and thus require access scheme re-design. Being less architecture-intrusive, agent-based Ekran System has in-built performance optimization features and transparently balances loading.

 

Agent-based deployment generally does not have “threshold” limitations and is easily scalable as new controlled end-points can be added in several clicks.

 

User Activity Monitoring

 

While Lieberman vs Cyberark both focus first of all on the credentials management and privilege automation capabilities, having session recording and activity audit as additional features, Ekran System in this comparison is first of all user activity monitoring solution, delivering some in-built access management tools.

 

Thus, both Cyberark and Lieberman focus attention on the identity-related, access-related and credentials-related operations they assist with. Lieberman ERPM delivers a set of specific event alerts and compliance-focused reports around privileged account credentials and account management. Cyberark Privileged Account Security Solution includes in-built set of self-learning algorithms – security intelligence – that continuously monitors infrastructure and network traffic to detect compromised accounts and other threats.

 

Ekran System equally monitors any user activity during the working session, whether it is configuration changes, data access, web activity, or work with devices. The solution creates a multi-layer activity index to accompany session video-recording to facilitate search and analysis. Ekran System includes a collection of inbuilt alerts on events, which can be signed of a malicious activity, as well as a set of tools to create and customize specific user-defined alerts with associated risk rating.

 

All three solutions have broad reporting capabilities. While Cyberark or Lieberman deliver more formalized reports for compliance audits, Ekran System provides a range of universal reports aimed first of all on the pressing security issue investigation and continuous user-based threats monitoring.

 

Access Management

 

Being specialized solutions, both Cyberark and Lieberman tools provide a rich set of industry-recognized privileged identity management tools and technologies, from the automated least privilege enforcement to the embedded application credentials.

 

Both Cyberark and Lieberman deliver comprehensive privileged account discovery for various infrastructure components, from endpoints to business software to cloud services. At the same time, CyberArk provides broader set of account control tools, while Lieberman solution is easier to work to with and has a comprehensive set of out-of-the-box compatibility features.

 

Ekran System has several basic in-built access management capabilities such as secondary authentication for shared logins and one-time passwords with manual supervisor approve for accessing critical end-points, as well as two-factor authentication that can be used to strengthen protection of login procedure.

 

 

Compare also: