Skip to main content

Request SaaS Deployment

Contact Sales

Proofpoint vs Veriato vs Ekran System®

Insider threat detection software is designed to provide full visibility into what users are doing, allowing supervisors to assess employee performance and clearly detect any malicious actions. There are many such solutions on the market, each with its own technical approach, feature set, and licensing scheme designed with a specific audience in mind.

In this product review, we compare three alternatives: Ekran System, Veriato vs. Proofpoint. We try to determine reasons to choose these solutions, their strong suits, and their drawbacks with an emphasis on highlighting differences between them.

Product review: Summary

Each of the three solutions in this comparison presents different features and benefits, with each vendor targeting a slightly different audience.

Proofpoint provides large companies with an advanced insider threat detection toolset that includes monitoring and alerting tools. However, there are limited access management tools. Current Proofpoint pricing makes this system cost-prohibitive for smaller businesses, and plans to implement a subscription model have companies of all sizes looking for alternatives.

Veriato is an affordable solution that focuses on employee monitoring, performance review, and insider threat detection by employing user behavior analytics. But it doesn’t offer much in terms of incident response. Some Veriato reviewers also say it can have scalability issues with large deployments and that the product impacts server performance.

Ekran System provides a robust and stable feature set making it an easy recommendation for both SMBs and large companies. Its comprehensive user activity monitoring, identity and access management, multi-tenancy support, action logging, and incident response capabilities make Ekran System a strong Proofpoint and Veriato alternative for and insider threat protection.

At the end of 2019, Proofpoint was acquired by cybersecurity company Proofpoint. So far, Proofpoint has not declared plans to change the feature set of this product. However, Proofpoint has already announced a change to the Proofpoint pricing model from a lifelong license to a subscription.

Veriato has renamed Veriato 360 to Veriato in order to highlight its artificial intelligence tools for insider threat detection.

Market and Focus Overview

Proofpoint, Veriato, and Ekran System are close competitors using the similar technical approach. But each has a different feature set and licensing model that we’ll look at in more detail.

Description

Insider threat management platform

Insider threat management platform

Employee monitoring and insider threat detection platform

Target audience

Businesses of all sizes

Large enterprises

Businesses of all sizes

Technical approach

Agent-based software

Agent-based software

Agent-based software

Deployment

  • Agent-based deployment (Windows agents can be installed remotely)
  • Jump server deployment
  • Optimized for virtual environments
  • Agent-based deployment
  • Jump server deployment

Agent-based deployment

Maintenance

  • Remote installation/uninstallation of clients
  • Manual control panel updates
  • Centralized endpoint client updates
  • System health monitoring
  • Database cleanup
  • History archiving
  • Manual control panel updates
  • System health monitoring
  • Database cleanup
  • History archiving
  • Remote installation/uninstallation of clients
  • Manual control panel updates
  • Database cleanup

Price

$

$$$

$$

Licensing

  • Based on number of monitored endpoints
  • Several licensing tiers

Yearly subscription

Based on number of monitored endpoints

Pricing and Deployment

Proofpoint pricing

The Proofpoint price list is currently the most expensive of these three solutions. Since 2020, Proofpoint has charged a yearly subscription fee (instead of a one-time fee for a permanent license). The high subscription price makes the total cost of ownership too much for companies with small or medium-sized deployments.

Deploying Proofpoint may be tricky without online support of a product expert. Also, deploying and updating this product requires an internet connection. Once deployed, Proofpoint licenses live with agents.

Ekran System and Veriato Pricing

Ekran System provides two types of licenses, with the price of the Standard license based only on the number of monitored endpoints – the same as the Veriato pricing scheme.

The Ekran Enterprise license offers additional functionality that’s specifically designed with large enterprises in mind: a robust access management toolset, SIEM and ticketing system integration, multi-tenancy support, health monitoring dashboards and scheduling of automated maintenance tasks.

Both Ekran System and Veriato feature licensing distribution that allows users to easily transfer licenses between machines.

In addition to floating endpoint licenses, the Ekran System client can be added to a golden image. The software automates license provisioning via the license pool. As a virtual machine instance is shut down, its license is released and returned to the pool. This allows users to maximize the use of a single license by automatically transferring it upon termination of a virtual machine. Also, Ekran System floating licenses support non-persistent virtual desktop infrastructure monitoring.

Ekran System is also the easiest to deploy between these three solutions. Deployment can be performed in just a few simple steps. There’s also 24/7 technical support, and product updates can be done in one click and be performed offline.

Feature and Usage Scenario Overview

Monitoring

  • Video recording of everything users see on the screen
  • Audio recording
  • Extensive metadata collection to index video
  • Linux SSH session support
  • USB device connection logging
  • USB mass storage connection logging
  • File activity monitoring
  • Records protected from tampering
  • Advanced report generation system
  • User anonymization
  • Video recording of everything users see on the screen
  • Extensive metadata collection to index video
  • Linux SSH session support
  • USB mass storage connection logging
  • File activity monitoring
  • Records protected from tampering
  • Email monitoring
  • Advanced report generation system
  • User anonymization
  • Video recording of everything users sees on their screen
  • Separate logs of various metadata: email, URLs, file monitoring, etc.
  • USB mass storage connection logging
  • Advanced report generation system
  • Email monitoring

Incident response features

  • Real-time alerts
  • Custom alerts
  • Predefined alerts
  • Live session view
  • Forced user messaging
  • Kill process on alert / block user on alert
  • Automatic USB device blocking
  • User behavior analytics
  • Real-time alerts
  • Custom alerts
  • Rule-based behavior analysis
  • Live session view
  • Forced user messaging
  • Kill process on alert / block user on alert
  • Alerting on connection of a USB storage device or mobile phone
  • User behavior analytics and risk scoring
  • Customizable alert system
  • Language sentiment analysis
  • Live session view
  • Kill process on alert / block user on alert
  • User behavior analytics and risk scoring

Access management

  • Secondary authentication for identifying users of shared accounts
  • Access request functionality
  • Two-factor authentication
  • One-time passwords
  • Time-based user access restrictions
  • Privileged account and session management (PASM)
  • Password sharing

Secondary authentication for identifying users of shared accounts

Secondary authentication for identifying users of shared accounts

Integrations

  • Active Directory
  • SIEM
  • Ticketing systems
  • Active Directory
  • SIEM
  • Ticketing systems
  • Active Directory
  • SIEM

Additional benefits

  • Forensic export
  • Flexible endpoint licensing scheme
  • Highly optimized performance and stability
  • Support for MS SQL and PostgreSQL
  • Support for free and commercial databases
  • Specifically catered to work in virtual environments
  • Multi-tenancy support
  • Protected client
  • Driver-level uninstall protection
  • Forensic export
  • Support for MS SQL databases

Flexible licensing scheme

Access an Ekran System® demo now!

Clients from 70+ countries already use Ekran System

Access the Demo Portal

Recording Functionality

Ekran System, Proofpoint, and Veriato all use a similar agent-based architecture.

They provide video recordings of everything a user sees on the screen without any limitations for any target endpoint where the monitoring agent is installed. In addition, Ekran System records audio input and output.

The resulting recordings contain indexed video and searchable metadata including:

  • keystrokes
  • web pages and applications
  • executed commands and scripts
  • connected devices

The main difference between Veriato vs Proofpoint and Ekran System lies in how they treat their data streams. While Ekran System and Proofpoint present video as the main data stream – accompanied by relevant synchronized metadata – Veriato presents all data equally, with video serving mainly as an illustration of the larger metadata. Also, Veriato stores all recorded metadata in the form of separate logs.

All three solutions use different algorithms for data compression and storage. Ekran System can either save records with the original screen resolution or compress them. This efficiently uses storage space, as it allows for saving the master image and deltas. The records data structure is optimized to ensure fast insertion and deletion of records with any number of active sessions. Also, records of each session are encrypted with a unique session key.

Proofpoint saves disk space by dividing the screen into nine parts and storing those records independently. There’s no need to save recordings of static parts of the screen. However, such an approach slows down the deletion, transfer, and archiving of data because several records can refer to the same screenshot.

Veriato compresses screen records and stores them in a default format.

Incident Response Features

Incident response functionality differs significantly different between Ekran System and Proofpoint vs Veriato.

Alerting

While Veriato features customizable alerts, allowing for efficient insider threat detection, it does not provide much in the form of incident response tools.

Ekran System and Proofpoint, as Veriato alternatives, feature comparable alert functionality, including predefined sets of recommended alerts and functionality to develop custom rules.

All three solutions have UEBA modules for user behavior analytics. Proofpoint uses this feature to display statistics on the main dashboard. Ekran System detects abnormal user activity and alerts a security officer about it.

USB Management

Ekran System allows security personnel to automatically (when an alert about suspicious activity is generated) or manually block users, stop the current session, or block the current activity. It also features automatic USB blocking, which helps to protect from mass storage devices and malware distributed via USB sticks. Ekran System ensures thorough control of USB devices by establishing a manual approval procedure. When a device is connected, a user has to file an access request. A security officer may allow or deny the connection.

Proofpoint, on the other hand, can alert or show a message upon connection of a mobile phone or USB storage device. When a suspicious event is detected, Proofpoint can forcibly message the user and inform them that a specific security policy has been breached. Security personnel can also block a user’s session if necessary.

Access Management

Veriato, Proofpoint, and Ekran System all allow you to clearly distinguish between users of shared accounts by employing additional authentication measures.

Ekran System offers the most robust access management toolset:

  • Secondary authentication to positively identify users of shared accounts
  • Multi-factor authentication to prove the true identity of a person trying to log in by checking user credentials (knowledge factor) and sending an additional password to the user’s phone (possession factor)
  • One-time passwords to provide temporary access instead of escalating privileges
  • Access request functionality to manually provide access to the most critical resources
  • Time-based user access restrictions to limit interactions with critical resources
  • Password sharing to secure credentials management

Get more user activity monitoring and PAM solution comparisons

Microsoft Purview Insider Risk Management vs DTEX InTERCEPT vs Ekran System

Proofpoint ITM vs One Identity vs Wallix vs Ekran System

One Identity vs Wallix vs Ekran System

Let’s get the conversation started

Contact our team to learn how our insider risk management software can safeguard your organization’s data from any risks caused by human factors. Book a call with us at a time that suits you best, and let’s explore how we can help you achieve your security goals.

Get in Touch