ObserveIT vs Centrify vs Ekran System®

Сentrify vs ObserveIT vs Ekran System

Privileged insider threat protection is one of the most critical components of modern security policies. It’s equally important from the standpoints of regulatory compliance and business protection.


There are different approaches to insider threat protection. The products we’re comparing provide detailed indexed video recordings of user sessions along with various incident response and privileged access management tools.


Product Review: Summary


Centrify Server Suite is good for enterprises with complex heterogeneous infrastructures looking for a privilege management unification system. Although not always easy to deploy, according to many reviews this product can help you build a customized and centralized PAM system.


ObserveIT is good for big enterprises looking for enhanced and detailed user monitoring and insider threat detection.


Ekran System is good for companies of any size looking for powerful yet flexible compliance, access management, and security monitoring tool. It’s also an interesting alternative for big enterprises in search of a stable and compatible privileged activity audit solution with some access management capabilities.



Market and Feature Overview


User session audit functionality is available in Centrify Server Suite starting from the Enterprise Edition. This solution is focused on server endpoints, while both ObserveIT and Ekran System deliver server and desktop endpoint monitoring. Also, Ekran System is equipped with comprehensive PAM functionality. All three products work with Windows, Linux, and Unix platforms.



Ekran System®

Centrify Server Suite



Insider threat protection platform

Unified privileged identity management and audit software

Insider threat management software

Target audience

Businesses of all sizes

Businesses of all sizes

Large enterprises

Technical approach

Agent-based software

Agent-based software

Agent-based software


  • Agent-based deployment (Windows agents can be installed remotely)
  • Jump server deployment
  • Optimized for virtual environments
  • Agent-based deployment
  • Agent-based deployment
  • Jump server deployment


  • Manual control panel updates
  • Automatic client updates
  • 24/7 updates
  • Manual control panel updates
  • Manual control panel updates

Price (based on average deployment cost)





  • Based on number of monitored endpoints
  • Several licensing tiers
  • Base fee for control component in addition to fee based on number of monitored endpoints
  • Base fee for the system management component and monthly fee based on number of monitored endpoints*

Main functionality

  • Video and audio recording of user sessions
  • Enhanced search and analysis tools
  • Enhanced privileged access management rules
  • Centralized privileged identity management
  • Two-factor authentication
  • One-time password functionality
  • Forced user messaging
  • Advanced reporting
  • Event alerts
  • Live session view
  • Automatic and manual user blocking
  • Automatic USB device blocking
  • Multi-tenancy support
  • Enhanced privileged access management rules
  • Centralized privileged identity management
  • Video recording of user sessions
  • Query-based search tools
  • Advanced reporting
  • User behavior analytics and access granting functionality
  • Session locking
  • Video recording of user sessions
  • Enhanced search and analysis tools
  • Advanced reporting
  • Event alerts
  • Live session view and session locking
  • Enhanced user messaging


  • Flexible licensing
  • Integration with SIEM and ticketing systems
  • Access management capabilities
  • Easy deployment and maintenance
  • Stable and performance-optimized solution
  • Virtualization-ready
  • Comprehensive centralized PAM
  • User behavior pattern analysis
  • Flexible licensing
  • Comprehensive centralized PAM
  • Advanced authentication and encryption options
  • Compliance-focused assessment and reporting
  • Integrations with SIEM and ticketing systems
  • Granular and pre-processed metadata
  • User behavior pattern analysis




The current ObserveIT pricing model consists of two parts. However, Proofpoint, which has acquired ObserveIT, has declared their intention to change to a subscription pricing model.

Privileged Access Management


The privileged session recording and audit functionality is an addition to the identity consolidation and privileged access management delivered by Centrify Server Suite by means of Microsoft Active Directory integration.


Centrify Server Suite allows users to set centralized enhanced access rules and limitations in heterogeneous infrastructures as well as integrate with various multi-factor authentication and encryption tools.


While not considered direct Centrify alternatives, Ekran System and ObserveIT both include a set of access management features, in particular providing secondary authentication for shared accounts to unambiguously assign activities to a specific user.

Ekran System, being an all-in-one toolset, also provides:


Privileged Activity Monitoring


ObserveIT and Ekran System are, first and foremost, of all monitoring and audit solutions. These Centrify competitors provide more detailed metadata, enhanced search functionality, and easy-to-use analysis and session replay tools.


Ekran System, Centrify, and ObserveIT all provide alert features. They allow for real-time session viewing and manual session locking if problems are detected. Ekran System additionally allows for activity or user blocking, and prevents all subsequent login attempts by the blocked user.


Ekran System and ObserveIT provide real-time alerts on potentially risky user actions, notifying security personnel and delivering all essential event details together with a video episode.


In order to generate relevant alerts, Ekran System employs a user behavior analytics module. This module monitors baseline user behavior and alerts a security officer of suspicious actions. ObserveIT employs a similar module to gather statistical data for its dashboard.

Monitoring result - alerts




Among these three products, Ekran System provides the easiest and most cost-saving license management for virtual endpoints.


For frequently changing virtual environments, Ekran System delivers automated license assignment for newly created virtual endpoints and enables easy license removal from virtual hosts that have been shut down for good. Unassigned licenses are returned to the pool for the next endpoints.


Licensing and Pricing


Both Ekran System and Centrify are targeted at business of all sizes and have several licensing schemes. ObserveIT targets the large enterprise market.


The main differentiator of Ekran System is its flexible licensing scheme, with different types of licenses with which different features are available. For a Standard license, the price is based only on the number of monitored endpoints.


One more SMB-friendly feature of Ekran System is the optional free embedded database support in addition to MS SQL support. Centrify and ObserveIT work only with commercial SQL databases.