ObserveIT vs Cyberark vs Ekran System®
Insider threats have established themselves as an important issue in the field of cybersecurity. Many different solutions have arisen to combat the problem. However, these solutions often target different audiences and focus on different aspects of the problem, making it hard to choose the best one for a particular situation.
In this product review, we decided to compare our own Ekran System with two competitor solutions for insider threat detection and privileged access management: ObserveIT and CyberArk.
Our goal is to highlight the strengths and limitations of Ekran System vs ObserveIT vs CyberArk and help you better understand the situations where Ekran System would be the best choice.
Product Review: Summary
CyberArk is by far the weakest among the three products in this comparison when it comes to detecting and preventing insider threats.
It uses a bastion approach, which requires all connections to be routed through the bastion host which, while it can be convenient, brings its own set of problems. Such a host can serve as a performance bottleneck and a single point of failure and has limited recording capabilities, making it the least effective as a monitoring tool.
However, CyberArk brings strong privileged access management functionality to the table, which, in addition to its high price, makes it a good recommendation for large enterprises looking for a privileged identity management solution.
ObserveIT has a much tighter focus on user monitoring and insider threat detection, but its high price makes it viable only for large companies.
Ekran System has almost the same set of features but for a more affordable price, making it an easy recommendation for both SMBs and large enterprises.
Additionally, Ekran System provides a stable client with great performance, automatic client updates, privileged access management, and free database support, making for easy deployment and maintenance.
An Ekran System Enterprise license also provides a set of additional features designed specifically for large enterprises, such as SIEM and ticketing system integration, high availability, and multi-tenancy support.
Market and Focus Overview
|
Ekran System® |
ObserveIT |
CyberArk |
Description |
Insider threat protection platform |
Insider threat detection and user audit software |
Privileged account management, password protection, and user action audit features |
Target audience |
Businesses of all sizes |
Large enterprises |
Large companies with the need for extensive privilege access protection |
Technical approach |
Agent-based software |
Agent-based software |
Bastion-based solution |
Deployment |
|
|
|
Maintenance |
|
|
|
Price (based on average deployment cost) |
$ |
$$$ |
$$$$ |
Licensing |
|
|
|
*Note
ObserveIT pricing will change due to the acquisition of this product by Proofpoint, which has decided to replace the one-time license with a subscription. For now, there is no information on future ObserveIT pricing.
Licensing and Target Customers
Each of these solutions is designed with a different target audience and different purpose in mind, which is reflected in their prices and features.
ObserveIT vs CyberArk Pricing Comparison
Both ObserveIT and CyberArk are relatively expensive, targeting large enterprises. The cost of CyberArk is not flexible for smaller deployments.
While ObserveIT is focused on providing an insider threat management tool with capabilities for detection and prevention of insider attacks, CyberArk has much more robust privileged identity management capabilities with weaker monitoring capabilities. It’s primarily designed for auditing and maintaining a paper trail in case of an incident.
Ekran System vs ObserveIT Pricing and Licensing Comparison
Although Ekran System provides certain access management tools such as two-factor authentication, one-time passwords, and privileged account management, it’s most similar to ObserveIT though it’s ultimately much more affordable than either ObserveIT or CyberArk.
Ekran System is an all-in-one insider threat protection solution for companies of any size. It combines robust monitoring with privileged access and identity management functionalities. The flexible licensing scheme allows Ekran System to support swift small-scale and large-scale deployments, while automatic license provisioning makes it easy to maximize the use of a single license in a virtual environment.
Feature and Usage Scenario Overview
|
Ekran System® |
ObserveIT |
CyberArk |
Monitoring |
|
|
|
Reporting |
|
|
|
Incident response |
|
|
|
Access management |
|
|
|
Integrations |
|
|
|
Additional benefits |
|
|
|
Technical Approach Comparison
The main difference between CyberArk, ObserveIT, and Ekran System is the widely divergent technical approaches these solutions take to employee monitoring.
While ObserveIT and Ekran System employ agents that are installed at individual endpoints, CyberArk uses a separate virtual or physical appliance that acts as a bastion-type proxy server, capturing and recording all data that goes through it. Each of these approaches has its strengths and weaknesses.
The Cyberark bastion approach provides simplicity of deployment and some active protection, although with the added cost of hardware and maintenance for the appliance. Agent-based solutions are ultimately much better at monitoring user actions, as they can record all sessions and get much more data per session.
Ekran System provides simple deployment, with especially convenient Windows agent deployment features (remote installation with pre-defined or custom settings is available).
Ekran System and ObserveIT also support jump server deployment. You can install just one terminal server client on a jump server to monitor all sessions that come through it. If needed, Ekran System can also help manage access to endpoints within the protected perimeter using its PASM toolset.
Recording Capabilities
CyberArk
CyberArk has the most limited recording capabilities among the three solutions. It is capable of recording only user sessions routed through the bastion host with no way to record local sessions or any sessions, routed through other servers.
The solution collects the least amount of additional metadata, and, for example, is not able to monitor the content of running scripts in Linux sessions. According to some Cyberark reviews, users lack a way to easily search recordings, as they are stored as plain video files and take a lot of storage space.
All three solutions employ additional authentication features for target end-points, although, none of the considered CyberArk competitors can beat its sophisticated access management system based on a number of permissions.
ObserveIT and Ekran System
Both ObserveIT and Ekran System store their videos in an indexed searchable format coupled with large amounts of relevant metadata. Videos are easily searchable and take far less space.
Similar to ObserveIT, Ekran System provides great visibility into user actions, allowing you to fully record any session regardless of applications used or level of privilege that a user has. At the same time, CyberArk is not application agnostic and requires a specific connector to be installed for certain applications.
Additionally, Ekran System records audio input and output on each user endpoint.
Access Management and Incident Response
All three solutions have built-in session termination feature, allowing to stop the ongoing session if malicious actions are detected.
Ekran System
In order to detect malicious actions in the first place, Ekran System employs a robust customizable alert system that can be set up to best reflect the realities of a given organization and sent notifications to security personnel upon specific suspicious events.
Additionally, Ekran System can detect any USB devices on connection and optionally block them, preventing the use of mass storage devices and other potentially dangerous tools. This platform also uses an artificial intelligence module to analyze normal user behavior and detect suspicious actions.
With Ekran System, you can provide users with temporary RDP access to protected computers using privileged accounts whose credentials are stored in the secure password vault.
As an all-in-one solution, Ekran System also provides PAM functionality to secure access to critical data:
- Multi-factor authentication to positively identify a user trying to log in (even to a shared account)
- A privileged account and session management (PASM) toolset to monitor remote access to corporate resources
- One-time passwords to provide granular access to the most secure assets
- Password management to secure user credentials and other secrets
- Manual login approval
ObserveIT
ObserveIT has similar alert functionality. It also employs a built-in behavior analytics module designed to automatically recognize suspicious behavior without the need to manually create alerts. But with ObserveIT, this module also collects data for a dashboard.
Access management features aren’t ObserveIT’s strong suit. ObserveIT is equipped only with secondary authentication, which doesn’t ensure reliable access protection.
It also can detect USB storage devices and mobile phones and block them.
CyberArk
CyberArk, on the other hand, is focused on password protection. It has separate secure password storage with the ability to automatically change passwords and request a one-time password if needed.
This solution provides clients with almost the same monitoring toolset as Ekran System and ObserveIT: video recording, coupled with extensive metadata logging.
CyberArk also has a privileged threat analytics feature, similar to ObserveIT behavior analytics, that tries to detect threats automatically based on pre-programmed algorithms and also can suspend sessions automatically.
Compare also: