Skip to main content

Set a meeting with us at RSA Conference 2024

6-9 May 2024

|

Moscone Center

Meet With Us

IRM Solution Comparison

Ekran System vs Microsoft Purview Insider Risk Management vs DTEX InTERCEPT

Insider risks have become more prevalent due to the shift to remote work environments, the involvement of outsourcing companies, and other factors. The consequences of malicious or negligent insider activity are difficult to remediate, but you can mitigate these risks by using insider risk management (IRM) solutions.

The IRM software industry is constantly growing, giving rise to a wide range of solutions that share similarities yet significantly differ.

To help you choose an efficient solution that meets your organization’s needs, we’ve analyzed three popular IRM systems and created a comparison between DTEX InTERCEPT, Microsoft Purview Insider Risk Management, and Ekran System. We’ll focus our analysis on user activity monitoring, incident response, reporting, and access management features. 

Read on to find out how each of these IRMs is unique.

Product review: Summary

DTEX InTERCEPT is an insider risk management solution with advanced data loss prevention (DLP) features and a focus on user behavior analytics. It doesn’t record user activity but rather collects metadata about user actions to detect signs of suspicious behavior.

DTEX is an agent-based solution for SBMs and larger enterprises that are looking for scalability.

Microsoft Purview Insider Risk Management, or Microsoft Purview, combines IRM with DLP in its classical meaning, as it classifies and categorizes data to define risks and prevent sensitive information from leaving your infrastructure. This solution is integrated into the Microsoft 365 environment, making it easy to maintain but limiting its use to one platform.

Microsoft Purview Insider Risk Management is a cloud solution for businesses of all sizes using Microsoft 365.

Ekran System is a universal platform that provides all essential components for efficient insider risk management. Ekran System ensures robust user activity monitoring (UAM), real-time incident response, advanced reporting, and more. Unlike other IRM solutions we’re comparing, Ekran System has built-in comprehensive identity and access management capabilities, helping you verify user identities and granularly control user access.

Ekran System’s flexible licensing and deployment options make it a perfect fit for companies of all sizes and varying IT infrastructure schemes.

General


Market and focus overview

When comparing DTEX InTERCEPT vs Microsoft Purview Insider Risk Management vs Ekran System, it’s worth noting that these solutions target slightly different audiences and use varying approaches to deploying and licensing of insider risk management software.

Microsoft Purview Insider Risk Management is mainly cloud-based and is designed to work with the Microsoft 365 ecosystem, while DTEX InTERCEPT and Ekran System are more complex agent-based solutions. Ekran System is the most flexible solution in terms of deployment and pricing.

Description

IRM solution with a focus on DLP and data governance

IRM solution with a focus on DLP and user behavior analytics

Full-cycle IRM platform with built-in comprehensive IAM features

Target audience

Businesses of all sizes using Microsoft 365 and related Microsoft products

Businesses of all sizes

Businesses of all sizes

Technical approach

Cloud integration with Microsoft 365 (requires agent installation for certain features)

Agent-based software

Agent-based software

Supported platforms

  • Windows
  • macOS
  • Windows
  • macOS
  • Linux
  • Windows
  • macOS
  • Linux
  • Citrix

Maintenance

  • Automated maintenance
  • Need to configure policies
  • Tier-based support
  • Manual control panel updates
  • Need to configure policies
  • Tier-based support
  • Manual control panel updates
  • Automated software agent updates
  • Free 24/7 support

Price

Subscription-based

Subscription-based

Subscription-based

Licensing

Per user

Per user

  • Per endpoint
  • Several licensing tiers
  • Floating licenses

Ekran System and DTEX InTERCEPT are great for insider risk management in small, midsize, and large companies. Microsoft Purview Insider Risk Management, in contrast, might be inconvenient in terms of flexibility, as it is a cloud solution designed to work for companies using the Microsoft 365 ecosystem. DTEX InTERCEPT and Ekran System are more universal in this respect, supporting a wider number of operating systems. Ekran System is well-optimized for cloud, hybrid, and virtual environments.

As for licensing and pricing, Microsoft Purview and DTEX InTERCEPT charge for the number of users, whereas Ekran System requires a license for each monitored endpoint. Unlike its competitors, Ekran System offers floating licensing, which means you may dynamically reassign licenses from one endpoint to another.

Ekran System is easy to install and configure, taking about 20 minutes to deploy the platform. DTEX InTERCEPT and Microsoft Purview may require more time and resources to classify and categorize data as well as to set up the policies that govern the product’s DLP processes.

What makes Ekran System an absolute favorite of its customers is the free professional support available 24/7 to help with specific configurations or questions. Unlike Ekran System, the other two solutions offer paid tier-based support.

Functionality


Feature and usage scenario overview

Monitoring

Metadata monitoring with a focus on email, communications, and file movement in the Microsoft ecosystem

Metadata monitoring with a focus on email, communications, and file movement

  • Full video recording of every local and remote user session
  • Extensive collection of supplementary metadata

Incident response

  • Near real-time alerts based on policies
  • Post-incident investigation
  • Real-time alerts based on policies
  • Real-time automated and manual incident response
  • UEBA
  • Rule-based alerts on suspicious activity
  • Real-time automated and manual incident response
  • UEBA

Reporting

Limited incident reporting options

Limited incident reporting options

  • Advanced built-in reporting engine 
  • Scheduled and ad hoc reports

Identity and access management

Basic features for Microsoft 365 admins

None

Robust identity and access management capabilities

Integrations

Microsoft 365 and other related Microsoft products

  • Active Directory
  • SIEM
  • Active Directory
  • Ticketing systems
  • Microsoft Power BI
  • SIEM

Additional benefits

  • Advanced DLP and data governance features
  • Tracking all actions with files – creation, modification, renaming, archiving, sending
  • Collaboration over insider risk cases in the case management system
  • Advanced DLP and data management features 
  • Tracking all actions with files – creation, modification, renaming, archiving, sending
  • Stable agent with great performance
  • Advanced driver-level agent protection
  • Flexible licensing scheme
  • Automated license provisioning for virtual environments

Access an Ekran System® demo now!

Clients from 70+ countries already use Ekran System

Monitoring


Session recording and monitoring

Video screen monitoring and recording

Metadata collection

File activity monitoring

Partial

Email monitoring

Audio records of input and output streams