IRM Solution Comparison
Ekran System vs Microsoft Purview Insider Risk Management vs DTEX InTERCEPT
Insider risks have become more prevalent due to the shift to remote work environments, the involvement of outsourcing companies, and other factors. The consequences of malicious or negligent insider activity are difficult to remediate, but you can mitigate these risks by using insider risk management (IRM) solutions.
The IRM software industry is constantly growing, giving rise to a wide range of solutions that share similarities yet significantly differ.
To help you choose an efficient solution that meets your organization’s needs, we’ve analyzed three popular IRM systems and created a comparison between DTEX InTERCEPT, Microsoft Purview Insider Risk Management, and Ekran System. We’ll focus our analysis on user activity monitoring, incident response, reporting, and access management features.
Read on to find out how each of these IRMs is unique.
Product review: Summary
DTEX InTERCEPT is an insider risk management solution with advanced data loss prevention (DLP) features and a focus on user behavior analytics. It doesn’t record user activity but rather collects metadata about user actions to detect signs of suspicious behavior.
DTEX is an agent-based solution for SBMs and larger enterprises that are looking for scalability.
Microsoft Purview Insider Risk Management, or Microsoft Purview, combines IRM with DLP in its classical meaning, as it classifies and categorizes data to define risks and prevent sensitive information from leaving your infrastructure. This solution is integrated into the Microsoft 365 environment, making it easy to maintain but limiting its use to one platform.
Microsoft Purview Insider Risk Management is a cloud solution for businesses of all sizes using Microsoft 365.
Ekran System is a universal platform that provides all essential components for efficient insider risk management. Ekran System ensures robust user activity monitoring (UAM), real-time incident response, advanced reporting, and more. Unlike other IRM solutions we’re comparing, Ekran System has built-in comprehensive identity and access management capabilities, helping you verify user identities and granularly control user access.
Ekran System’s flexible licensing and deployment options make it a perfect fit for companies of all sizes and varying IT infrastructure schemes.
General
Market and focus overview
When comparing DTEX InTERCEPT vs Microsoft Purview Insider Risk Management vs Ekran System, it’s worth noting that these solutions target slightly different audiences and use varying approaches to deploying and licensing of insider risk management software.
Microsoft Purview Insider Risk Management is mainly cloud-based and is designed to work with the Microsoft 365 ecosystem, while DTEX InTERCEPT and Ekran System are more complex agent-based solutions. Ekran System is the most flexible solution in terms of deployment and pricing.
Description
IRM solution with a focus on DLP and data governance
IRM solution with a focus on DLP and user behavior analytics
Full-cycle IRM platform with built-in comprehensive IAM features
Target audience
Businesses of all sizes using Microsoft 365 and related Microsoft products
Businesses of all sizes
Businesses of all sizes
Technical approach
Cloud integration with Microsoft 365 (requires agent installation for certain features)
Agent-based software
Agent-based software
Supported platforms
- Windows
- macOS
- Windows
- macOS
- Linux
- Windows
- macOS
- Linux
- Citrix
Maintenance
- Automated maintenance
- Need to configure policies
- Tier-based support
- Manual control panel updates
- Need to configure policies
- Tier-based support
- Manual control panel updates
- Automated software agent updates
- Free 24/7 support
Price
Subscription-based
Subscription-based
Subscription-based
Licensing
Per user
Per user
- Per endpoint
- Several licensing tiers
- Floating licenses
Ekran System and DTEX InTERCEPT are great for insider risk management in small, midsize, and large companies. Microsoft Purview Insider Risk Management, in contrast, might be inconvenient in terms of flexibility, as it is a cloud solution designed to work for companies using the Microsoft 365 ecosystem. DTEX InTERCEPT and Ekran System are more universal in this respect, supporting a wider number of operating systems. Ekran System is well-optimized for cloud, hybrid, and virtual environments.
As for licensing and pricing, Microsoft Purview and DTEX InTERCEPT charge for the number of users, whereas Ekran System requires a license for each monitored endpoint. Unlike its competitors, Ekran System offers floating licensing, which means you may dynamically reassign licenses from one endpoint to another.
Ekran System is easy to install and configure, taking about 20 minutes to deploy the platform. DTEX InTERCEPT and Microsoft Purview may require more time and resources to classify and categorize data as well as to set up the policies that govern the product’s DLP processes.
What makes Ekran System an absolute favorite of its customers is the free professional support available 24/7 to help with specific configurations or questions. Unlike Ekran System, the other two solutions offer paid tier-based support.
Functionality
Feature and usage scenario overview
Monitoring
Metadata monitoring with a focus on email, communications, and file movement in the Microsoft ecosystem
Metadata monitoring with a focus on email, communications, and file movement
- Full video recording of every local and remote user session
- Extensive collection of supplementary metadata
Incident response
- Near real-time alerts based on policies
- Post-incident investigation
- Real-time alerts based on policies
- Real-time automated and manual incident response
- UEBA
- Rule-based alerts on suspicious activity
- Real-time automated and manual incident response
- UEBA
Reporting
Limited incident reporting options
Limited incident reporting options
- Advanced built-in reporting engine
- Scheduled and ad hoc reports
Identity and access management
Basic features for Microsoft 365 admins
None
Robust identity and access management capabilities
Integrations
Microsoft 365 and other related Microsoft products
- Active Directory
- SIEM
- Active Directory
- Ticketing systems
- Microsoft Power BI
- SIEM
Additional benefits
- Advanced DLP and data governance features
- Tracking all actions with files – creation, modification, renaming, archiving, sending
- Collaboration over insider risk cases in the case management system
- Advanced DLP and data management features
- Tracking all actions with files – creation, modification, renaming, archiving, sending
- Stable agent with great performance
- Advanced driver-level agent protection
- Flexible licensing scheme
- Automated license provisioning for virtual environments
Access an Ekran System® demo now!
Clients from 70+ countries already use Ekran System
Monitoring
Session recording and monitoring
Video screen monitoring and recording
Metadata collection
File activity monitoring
Partial
Email monitoring
Audio records of input and output streams
Real-time playback of live sessions
Continuous monitoring / offline mode
User data anonymization
Data storage optimization
(highly optimized format for storing session recordings and metadata)
User activity monitoring (UAM) is the cornerstone of successful insider risk management. As for Ekran System vs DTEX InTERCEPT vs Microsoft Purview, each of the solutions has a different approach to UAM, with Ekran System having the most advanced capabilities.
Ekran System allows you to monitor the activity of all local and remote users on your organization’s endpoints. Each user session is recorded in a video format, allowing your security officers to watch live and recorded user activity from the user’s perspective via an intuitive YouTube-like player.
You can also search in a user session by key episodes, as Ekran System highlights alerted events and provides an array of helpful metadata that complements the video:
- Visited websites
- Opened applications
- Opened files and folders
- Keystrokes
- Connected USB devices
- Executed commands
- And more
Viewing a recorded user session in Ekran System
Microsoft Purview Insider Risk Management and DTEX InTERCEPT do not record user sessions like Ekran System does but do collect metadata about user activity. DTEX InTERCEPT explains that this is for reasons of privacy. To protect user privacy, Ekran System implements data anonymization.
DTEX InTERCEPT or Microsoft Purview are a good choice for companies that need advanced DLP features such as monitoring file movement, email activity, and communications. These products can help prevent sensitive data from leaving an organization’s environment by tracking actions such as file creation, modification, renaming, archiving, and sending.
Alerting and auditing
Incident response and reporting
Alerts
(predefined, based on customized policies)
(predefined, based on customized policies)
(predefined and highly customizable alert rules with multiple conditions)
Live session view
Real-time alerts
Near real-time
Manual incident response
Automated incident response
Warning messages for users
UEBA
(automatic analysis of human telemetry signals)
(automatic detection of unusual working hours)
USB device management
Reporting
- Several types of reports
- Microsoft Power BI report integration
Several types of reports
- Several types of reports
- Microsoft Power BI report integration
- Flexible licensing scheme
- Automated license provisioning for virtual environments
Time is money when it comes to incident response. The faster your organization can detect and stop suspicious user activity, the better the chance you’ll prevent an incident before it happens and causes damage.
Differences between Microsoft Purview and DTEX InTERCEPT lie in how they handle incidents. DTEX InTERCEPT and Ekran System offer more incident response capabilities than Microsoft Purview, as they both have user and entity behavior analytics (UEBA) and automated incident response functionality.
UEBA in DTEX InTERCEPT is complex, aimed at collecting telemetry data about users and taking context and behavior history into account. Ekran System has simpler UEBA capabilities that allow you to detect signs of account compromise or malicious insider activity, such as unusual working hours.
Like DTEX InTERCEPT, Ekran System allows for manual and automated incident response. Ekran System has a rule-based system of highly customizable alerts that you can configure to your organization’s unique needs. When an alert is triggered, Ekran System can block the user, kill the active application, or show the user a warning message. Notified security personnel can do the same manually.
Microsoft Purview Insider Risk Management also has alerts on suspicious user activity but doesn’t provide automated and real-time incident response capabilities. Incident response in DTEX InTERCEPT and Microsoft Purview is based on internal policies, some of which are predefined. Incident response decisions in DTEX are also made according to the user risk score that tells security officers whether an event is worth their attention.
Configuring an alert rule in Ekran System
As for reports, Ekran System generates a variety of customizable reports on user activity. Microsoft Purview and DTEX InTERCEPT offer fewer reporting capabilities. DTEX InTERCEPT is oriented at displaying real-time summarized data via dashboards and has informative single-page reports, while Microsoft Purview provides reports that allow for tracking your organization’s cybersecurity compliance.
Reporting in Ekran System can also be integrated with Microsoft Power BI. Additionally, Ekran System allows you to export a whole or partial user session in an immutable standalone format for forensic investigation. An exported user session contains all video recordings and metadata.
Access control
Identity and access management
Privileged session management
Complete session management and alerting
Privileged access management
Basic PAM features for Microsoft 365 admins
Advanced PAM functionality
Password management
- Stable agent with great performance
- Advanced driver-level agent protection
- Flexible licensing scheme
- Automated license provisioning for virtual environments
Secondary authentication
Multi-factor authentication
Two-factor authentication
Being able to efficiently secure and control access to your organization’s resources helps significantly reduce the risks coming from account-related security events. However, Microsoft Purview Insider Risk Management and DTEX InTERCEPT have little to no access management capabilities.
Ekran System has a built-in privileged access management (PAM) module, allowing you to manage access for all users connecting to your system, including privileged users and third parties. Ekran System’s PAM functionality provides you with:
- Two-factor authentication to verify user identities
- Access management to granularly choose the endpoints users can access
- Password management to generate, share, and rotate user passwords
- Passwordless authentication to secure account credentials
- One-time passwords and time-based secrets for access time restrictions
- Access request capabilities to manually grant access to sensitive resources
- Secondary authentication to distinguish among users of shared accounts
Configuring multi-factor authentication in Ekran System
Conclusion
As for Microsoft Purview vs DTEX InTERCEPT vs Ekran System, all three solutions are good at insider risk management but each targets a slightly different audience. DTEX InTERCEPT and Microsoft Purview are viable choices for organizations that want to leverage advanced DLP features, while Ekran System stands out as a complex all-in-one platform containing a wide range of functionalities covering multiple aspects of insider risk management.
Unlike its counterparts, Ekran System offers sophisticated features for multi-factor authentication, privileged access management, and password management.
Get more user activity monitoring and PAM solution comparisons
Let’s get the conversation started
Contact our team to learn how our insider risk management software can safeguard your organization’s data from any risks caused by human factors. Book a call with us at a time that suits you best, and let’s explore how we can help you achieve your security goals.
