Enterprise Monitoring Software Comparison

 

This page will provide the detailed comparison of the user monitoring tools, in particular those, which use user session video recording as the main security data format.

 

Feature Ekran System ObserveIT Balabit Netwrix User Activity
Deployment mode agent-based software agent-based software hardware-based network proxy agent-based software
Licensing model and affordability
Scalable endpoint-based licensing + + - +
Free management components + - - -
Free embedded database support + - + -
Commercial database support + + - +
Monitored platforms
Windows XP / Server 2003 + - + +
Windows Vista and higher, up to Windows 10 / Server 2012 R2 + + + +
Linux / Unix (Telnet and Console sessions) + + + -
Infrastructure coverage
Record any session on terminal server (RDP, LogMeIn, radmin) + + + +
Record any local session + + - +
Record console sessions for Windows + + + +
Agnostic to network protocol and client application + + - +
User Experience
Internal User Authentication and Windows Integrated Authentication + + + +
Customizable user permissions + + + +
Remote installation/uninstallation of Clients + - - +
Management via Web console + + + -
View monitoring results via Web console + + - -
MSSQL database support + + - +
Embedded database support + - + -
Basic recording and incident response functionality
Video replay of every session + + + +
Real-time playback for live sessions + + + -
Multi-monitor recording  + + - -
Real-time alerts + + -
USB device blocking + - - -
User blocking + + -
Policy-based (selective) recording
By user name + + + +
By computer + + + +
By active windows title + + - +
By application name + + - +
By URL  + + - -
By events + + + -
By set frequency + + - +
Recording includes:
Mouse move + + + +
Keylogging + + + +
Index by Active window title + + - -
Index by Active application name + + - +
Host name + + + +
User name + + + +
Date/time + + + +
Visited URLs + + - -
IP associated with a host + + + -
Logging USB device connections + - - -
Logging USB mass storages connections + + - -
Magnifier option (zoom in screenshot regions) + + + -
Searching, Reports and Export
Search by metainfo + + + +
Basic activity reports + + + +
On-demand (manual) reports + + - -
Scheduled auto-generated reports with mailing + + + +
Interactive System Dashboards + + + -
Saving session in encrypted format (forensic) + + + -
Export screenshots to external formats + + -
Authorization and user messaging 
Secondary demand-response login + + + -
Deliver policy rules to the users by messaging + + - -
Solution work and security
Efficient data storage (minimal disk space utilization) + + + +
Encrypted network channel + + + +
Minimal agent CPU utilization + (<5%) +(<5%) + +(<10%)
Agent-server encryption + + + +
Watchdog mechanism + + not necessary +
Uninstall driver-level self-protection + - not necessary -
Agent auto-updating + - not necessary +
Audit trail for system users + + + -
SIEM system integration + + - -