CyberArk vs Lieberman vs Ekran System®

CyberArk vs Lieberman vs Ekran System

With privileged access management being one of the most representative and important parts of an enterprise cybersecurity policy, we’ve decided to look closer at three products: CyberArk, Lieberman, and Ekran System.


We compare their features and effectiveness from the perspective of insider threat detection and prevention and give some recommendations to help you decide which product better suits your company’s profile and needs.


Product Review: Summary


CyberArk and Lieberman


CyberArk and Lieberman are direct competitors in the PAM market. Both provide solutions with broad privileged account discovery and credential management capabilities while including session recording as an additional feature.


The action audit of Lieberman ERPM and security intelligence of CyberArk are focused first of all on password management operations and detecting compromised credentials.


Both solutions target large enterprises with extensive infrastructure and compliance regulations.


Generally, Lieberman software is more affordable and its tools are easier to use, while the CyberArk Privileged Account Security Solution provides a feature-rich platform, advanced security intelligence, and multi-tenancy support.


Ekran System


At the same time, Ekran System is an all-in-one solution that provides user activity monitoring as well as privileged access and identity management. It spots any performed action from login to configuration changes to USB device connections and providing multi-tenancy support.


Together with non-intrusive deployment, floating licensing, and easy one-to-thousands scalability, Ekran System is the perfect choice for incident investigation and continuous insider threat detection.


Covering any existing infrastructure architecture, including already set up jump servers, Ekran System can be considered a CyberArk or Lieberman alternative.




Lieberman has been acquired by BeyondTrust and the product no longer exists.


Market and Feature Overview



Ekran System®

Lieberman RED – Rapid Enterprise Defense Identity Management

Cyberark Privileged Account Security Solution


Insider threat protection platform

Privileged credentials management platform with related activity audit and reporting features

Privileged Identity Management platform with user action audit and analysis features

Target audience

Businesses of all sizes

Large companies with the need for extensive privileged access management

Large companies with the need for extensive privileged access management






Agent-based solution supporting jump server deployment

Jump server solution

Jump server solution


  • Full session video recording for servers and workstations
  • Audio recording for workstations
  • Extensive collection of activity details
  • Advanced search, analysis, and reporting tools
  • Customizable and built-in real-time alerts
  • Automatic and manual user blocking
  • USB device usage management
  • User behavior analytics
  • Basic session recording
  • Compliance sound reporting
  • Built-in real-time alerts
  • Extensive collection of activity details
  • Session recording
  • Audit log search tools
  • Deterministic and behavior-based activity analysis
  • Real-time event alerts

Access management

  • Two-factor authentication and one-time password functionality
  • Secondary authentication for shared accounts
  • Password management
  • Automatic discovery and management of privileged accounts
  • Privileged credential management
  • Two-factor authentication
  • Automatic discovery and management of privileged accounts
  • Privileged credentials management
  • Two-factor authentication and one-time password functionality

Additional benefits

  • Stable agent with great performance
  • Multi-layer user activity details
  • Flexible licensing scheme for any deployment size
  • Automatic license provisioning for virtual environments
  • SIEM and ticketing system integration
  • Automated privileged identity discovery and tracking
  • Multiple integration options
  • SIEM and ticketing system integration
  • Multi-tenancy support
  • Built-in security intelligence with behavior analysis
  • Expandable platform with customizable feature set
  • Multi-tenancy support


Architecture and Deployment


When you choose Lieberman or CyberArk, you must accept that any deployment will require some time and some changes to your existing infrastructure access and interaction schemes.

CyberArk PAM Traditional Architecture

Both solutions use an agentless approach based on the jump server architecture with any privileged session first accessing a privileged access management jump server and then the destination endpoint.


Ekran System uses a different approach. It has a traditional server–agent architecture, with agents being installed on the target servers (to record all concurrent sessions) and, if required, on workstations (to record all local and remote sessions).


An Ekran System agent can be also installed on a jump server, thus recording all sessions redirected from it.

Jump server deployment scheme

Agent deployment options include remote agent installation and installation by means of a third-party server with automated agent provisioning available for virtual environments.


While an agent-based architecture is traditionally considered riskier in terms of performance, practice shows that a single access point of a jump server type can frequently become a performance bottleneck and thus require an access scheme redesign.


Being less architecture-intrusive, the agent-based Ekran System has built-in performance optimization features and transparently balances loads.


An agent-based deployment generally doesn’t have threshold limitations and is easily scalable as new controlled endpoints can be added in several clicks.


User Activity Monitoring


While Lieberman and CyberArk both focus first of all on credential management and privilege automation capabilities, offering session recording and activity audit as additional features, Ekran System combines user activity monitoring with access and identity management tools.


Thus, both CyberArk and Lieberman focus on identity-related, access-related, and credential-related operations.


The Lieberman ERPM delivers a set of specific event alerts and compliance-focused reports around privileged account credentials and account management.


Cyberark Privileged Account Security Solution includes a built-in set of self-learning algorithms – security intelligence – that continuously monitors infrastructure and network traffic to detect compromised accounts and other threats.


Ekran System equally monitors any user activity during a work session: configuration changes, data access, web activity, and work with devices.


Ekran System creates a multi-layer activity index to accompany session video recordings to facilitate search and analysis.


It includes a collection of built-in event alerts to detect popular signs of malicious activity and allows supervisors to set up custom alerts with associated risk ratings.


Also, Ekran System records audio input and output from user endpoints.


Monitoring result - alerts

All three solutions have broad reporting capabilities. While CyberArk and Lieberman deliver more formalized reports for compliance audits, Ekran System provides a range of universal reports (plus custom reports) aimed first of all at investigating pressing security issues and continuously monitoring user-based threats.


Access Management


Being specialized solutions, both Cyberark and Lieberman provide a rich set of industry-recognized privileged identity management tools and technologies, from automated least privilege enforcement to embedded application credentials.


Both Cyberark and Lieberman deliver comprehensive privileged account discovery for various infrastructure components, from endpoints to business software to cloud services.


At the same time, CyberArk provides a broader set of account control tools, while Lieberman is easier to work with and has a comprehensive set of out-of-the-box compatibility features.



Ekran System also has extensive PAM functionality:

  • Secondary authentication for shared logins
  • One-time passwords with manual supervisor approval for accessing critical endpoints
  • Two-factor authentication to strengthen login procedures
  • Password management for secure credential and secrets management
  • Privileged account and session management for granular remote access


CyberArk, Lieberman, and Ekran System can hardly be considered competitors, as CyberArk and Lieberman focus on enhanced privileged access toolsets and credential management. Ekran System combines PAM with a comprehensive set of tools to monitor, analyze, investigate, and respond to insider threats.