ObserveIT vs Centrify vs Ekran System^®

Сentrify vs ObserveIT vs Ekran System

Privileged insider threat protection is one of the most critical components of modern security policies. It’s equally important from the standpoints of regulatory compliance and business protection.

There are different approaches to insider threat protection. The products we’re comparing provide detailed indexed video recordings of user sessions along with various incident response and privileged access management tools.

Product Review: Summary

Centrify Server Suite is good for enterprises with complex heterogeneous infrastructures looking for a privilege management unification system. Although not always easy to deploy, according to many reviews this product can help you build a customized and centralized PAM system.

ObserveIT is good for big enterprises looking for enhanced and detailed user monitoring and insider threat detection.

Ekran System is good for companies of any size looking for powerful yet flexible compliance, access management, and security monitoring tool. It’s also an interesting alternative for big enterprises in search of a stable and compatible privileged activity audit solution with some access management capabilities.

Market and Feature Overview

User session audit functionality is available in Centrify Server Suite starting from the Enterprise Edition. This solution is focused on server endpoints, while both ObserveIT and Ekran System deliver server and desktop endpoint monitoring. Also, Ekran System is equipped with comprehensive PAM functionality. All three products work with Windows, Linux, and Unix platforms.

	Ekran System^®	Centrify Server Suite	ObserveIT
Description	Insider threat protection platform	Unified privileged identity management and audit software	Insider threat management software
Target audience	Businesses of all sizes	Businesses of all sizes	Large enterprises
Technical approach	Agent-based software	Agent-based software	Agent-based software
Deployment	Agent-based deployment (Windows agents can be installed remotely) Jump server deployment Optimized for virtual environments	Agent-based deployment	Agent-based deployment Jump server deployment
Maintenance	Manual control panel updates Automatic client updates 24/7 updates	Manual control panel updates	Manual control panel updates
Price (based on average deployment cost)	$$	$	$$$
Licensing	Based on number of monitored endpoints Several licensing tiers	Base fee for control component in addition to fee based on number of monitored endpoints	Base fee for the system management component and monthly fee based on number of monitored endpoints*
Main functionality	Video and audio recording of user sessions Enhanced search and analysis tools Enhanced privileged access management rules Centralized privileged identity management Two-factor authentication One-time password functionality Forced user messaging Advanced reporting Event alerts Live session view Automatic and manual user blocking Automatic USB device blocking Multi-tenancy support	Enhanced privileged access management rules Centralized privileged identity management Video recording of user sessions Query-based search tools Advanced reporting User behavior analytics and access granting functionality Session locking	Video recording of user sessions Enhanced search and analysis tools Advanced reporting Event alerts Live session view and session locking Enhanced user messaging
Benefits	Flexible licensing Integration with SIEM and ticketing systems Access management capabilities Easy deployment and maintenance Stable and performance-optimized solution Virtualization-ready Comprehensive centralized PAM User behavior pattern analysis	Flexible licensing Comprehensive centralized PAM Advanced authentication and encryption options Compliance-focused assessment and reporting	Integrations with SIEM and ticketing systems Granular and pre-processed metadata User behavior pattern analysis

*Note

The current ObserveIT pricing model consists of two parts. However, Proofpoint, which has acquired ObserveIT, has declared their intention to change to a subscription pricing model.

Privileged Access Management

The privileged session recording and audit functionality is an addition to the identity consolidation and privileged access management delivered by Centrify Server Suite by means of Microsoft Active Directory integration.

Centrify Server Suite allows users to set centralized enhanced access rules and limitations in heterogeneous infrastructures as well as integrate with various multi-factor authentication and encryption tools.

While not considered direct Centrify alternatives, Ekran System and ObserveIT both include a set of access management features, in particular providing secondary authentication for shared accounts to unambiguously assign activities to a specific user.

Ekran System, being an all-in-one toolset, also provides:

A privileged account and session management (PASM) toolset to monitor remote access to corporate resources
One-time passwords to provide granular access to the most secure assets
Two-factor authentication to positively identify users trying to log in (even to a shared account)
Password management to secure user credentials and other secrets

Privileged Activity Monitoring

ObserveIT and Ekran System are, first and foremost, of all monitoring and audit solutions. These Centrify competitors provide more detailed metadata, enhanced search functionality, and easy-to-use analysis and session replay tools.

Ekran System, Centrify, and ObserveIT all provide alert features. They allow for real-time session viewing and manual session locking if problems are detected. Ekran System additionally allows for activity or user blocking, and prevents all subsequent login attempts by the blocked user.

Ekran System and ObserveIT provide real-time alerts on potentially risky user actions, notifying security personnel and delivering all essential event details together with a video episode.

In order to generate relevant alerts, Ekran System employs a user behavior analytics module. This module monitors baseline user behavior and alerts a security officer of suspicious actions. ObserveIT employs a similar module to gather statistical data for its dashboard.

Monitoring result - alerts

Virtualization-ready

Among these three products, Ekran System provides the easiest and most cost-saving license management for virtual endpoints.

For frequently changing virtual environments, Ekran System delivers automated license assignment for newly created virtual endpoints and enables easy license removal from virtual hosts that have been shut down for good. Unassigned licenses are returned to the pool for the next endpoints.

Licensing and Pricing

Both Ekran System and Centrify are targeted at business of all sizes and have several licensing schemes. ObserveIT targets the large enterprise market.

The main differentiator of Ekran System is its flexible licensing scheme, with different types of licenses with which different features are available. For a Standard license, the price is based only on the number of monitored endpoints.

One more SMB-friendly feature of Ekran System is the optional free embedded database support in addition to MS SQL support. Centrify and ObserveIT work only with commercial SQL databases.