ObserveIT vs Spector 360 (currently Veriato 360) vs Ekran System

 

User monitoring software is designed to provide full visibility into what specific users are doing, allowing to assess employee performance and clearly detect any malicious actions. There are many such solutions on the market, each with their own technical approach, feature set and licensing scheme, designed with a specific audience in mind.

 

In this product review we will compare three alternative solutions: Ekran System, ObserveIT and Spector 360 (currently Veriato 360), and try to determine the reasons to choose these solutions, their strong suits and drawbacks with the emphasis on highlighting differences between them. All three solutions are close competitors using the same technical approach, but each has a different feature set and licensing model that we will look into with more detail.

 

 

Ekran System

ObserveIT

Veriato 360

Overview

User action monitoring solution for companies of any size

Insider threat management solution for large enterprises

Employee monitoring and insider threat detection solution for SMB and large companies

Price

*

***

**

Recording functionality

  • Video recording of everything users sees on their screen
  • Extensive metadata collection to index video
  • Linux SSH session support

 

  • Video recording of everything users sees on their screen
  • Extensive metadata collection to index video
  • Linux SSH session support
  • Separated logs of various metadata: email, URL, file monitoring and other
  • Video recording of everything users sees on their screen

 

Incident response features

  • Customizable alerts and notifications
  • Pre-defined alerts
  • Forced user action acknowledgement
  • Manual user blocking
  • USB device blocking
  • Additional authentication for shared accounts

 

  • Customizable alerts and notifications
  • Behavior analytics
  • Forced user messaging
  • Manual session blocking
  • Additional authentication for shared accounts

 

  • Customizable alert system

Report generation

Advanced report generation system

 

Advanced report generation system

 

Advanced report generation system

 

Additional benefits

  • Flexible licensing scheme
  • Highly optimized performance and stability
  • Integration with SIEM and ticket systems
  • Access management functionality including two-factor authentication
  • Protected client
  • Free database support
  • Specifically catered to work in virtualization environment

 

  • Native integration with SIEM and ticket systems
  • Flexible licensing scheme
  • Native integration with SIEM systems

 

Recording functionality

 

Ekran System, OvserbeIT and Spector 360 are all using similar agent-based architecture. These solutions provide video recording of everything user sees on the screen without any limitations for any target endpoint where monitoring agent is installed. Resulting recording contains indexed video and searchable metadata, such as keystrokes, application titles, visited websites, etc.

 

The main difference between Spector 360 vs ObserveIT and Ekran System lies in the way that they treat their data streams. While Ekran System and ObserveIT present the video as a main data stream, accompanied by synchronized relevant metadata, Spector 360 presents all data equally, with video serving mainly as an illustration to a larger metadata.

 

Incident response features

 

Incident response functionality is significantly different between Ekran System and ObserveIT vs Spector 360. While Spector 360 features customizable alerts, allowing for efficient insider threat detection, it does not provide much in the form of incident response tools.

 

Ekran System and ObserveIT feature comparable alerts functionality, but they also allow you to clearly distinguish between users of shared accounts by employing additional authentication measures. Apart from that, Ekran System also provides extended access control functionality in the form of two-factor authentication and one-time passwords.

 

Moreover, Ekran System allows security personnel to manually block users if needed, stopping current session and preventing them from initiating a new one. It also features automatic USB blocking, which helps to protect from mass storage devices and malware distributed via USB sticks.

 

ObserveIT, on the other hand, developed its alert functionality further by creating a behavior analytics module that tries to automatically detect malicious actions without the need to customize your own alerts. While it may be convenient for large organizations, this approach also tends to produce false positives. When suspicious event is detected, ObserveIT also allows forcibly message the user and inform them that specific security policy was breached. Security personnel can also block this user’s session if they deem it necessary.

 

Pricing and deployment

 

ObserveIT is the most expensive among the three solutions in this comparison. Its licensing price is based on the number of monitored endpoints along with a fixed price for the management tool. High management tool fee makes deployment costly, which may spell some problems for smaller companies with medium and small-size deployments in terms of cost-effectiveness.

 

Ekran System provides two types of licenses, with the price of Standard license based only on the number of monitored endpoints, same as Spector 360. Additionally Ekran System provides an Enterprise license with a pricing scheme similar to ObserverIT with an additional fixed charge for management panel. This license offers additional functionality, specifically designed with large Enterprises in mind, such as SIEM and ticketing system integration, one-time passwords and high availability.

 

Thus, Ekran System is the most affordable between the three solutions. Both Ekran System and Spector 360 feature floating licensing distribution that allows to easily transfer licenses between different end-point.

 

Additionally, Ekran System allows for automatic licensing provision, which was specifically designed with virtualization environment in mind and allows to maximize the use of a single license by automatically transferring it upon virtual machine termination.

 

Conclusion

 

Each of the three competitor solutions in this comparison present different features and benefits with each vendor targeting slightly different audience. ObserveIT provides large companies with advanced insider threat detection tools, while its high price rating makes it cost prohibitive for smaller businesses.

 

Spector 360 is an affordable solution that focuses heavily on employee monitoring with an ability to review various employee performance data and detect insider threats, but it does not offer much in terms of incident response.

 

Ekran System, while lacking behavior analysis capabilities of ObserveIT, provides a robust and stable features set for a lower price than ObserveIT or Spector 360, which makes it an easy recommendation for both SMB and large companies alike.

 

 

Compare also: