OBSERVEIT VS EKRAN SYSTEM®

Privileged user activity auditing is one of the most important and critical
components of modern security policies. It’s equally important from the standpoints
of regulatory compliance and business protection.

There are different approaches to such an audit based on privileged session recording.

Product Review: Summary

Observeit is good for big enterprises looking for enhanced and detailed user
monitoring and insider threat detection.

Ekran System is good for companies of any size looking for a powerful yet flexible
compliance and security monitoring tool. It’s also an interesting alternative for big
enterprises in search of a stable and compatible privileged activity audit solution with
some access management capabilities.

Market and Feature Overview

Both Observeit and Ekran System deliver server and desktop endpoint monitoring. Both
products work with Windows, Linux, and Unix platforms.

Observeit Ekran System®

Insider threat management Insider threat protection

Description
software platform

Target audience Large enterprises Businesses of all sizes

Technical
Agent-based software Agent-based software
approach

 Agent-based deployment
Deployment
 Jump server deployment
 Agent-based deployment
(Windows agents can be
installed remotely)
 Jump server deployment
 Optimized for virtual
environments

 Manual control panel

 Manual control panel
Maintenance updates
updates
 Automatic client updates

Price (based on
average $$$ $$
deployment cost)

 Base fee for control

 Based on number of
component in addition to
Licensing monitored endpoints
fee based on number of
 Several licensing tiers
monitored endpoints

 Video recording of user  Video recording of user

sessions sessions
 Enhanced search and  Enhanced search and
analysis tools analysis tools
 Advanced reporting  Enhanced privileged
 Event alerts access management rules
 Live session view and  Centralized privileged
session locking identity management
 Enhanced user messaging  Two-factor authentication
Main functionality  One-time password
functionality
 Forced user messaging
 Advanced reporting
 Event alerts
 Live session view
 Automatic and manual
user blocking
 Automatic USB device
blocking
  Multi-tenancy support

 Integrations with SIEM and  Flexible licensing

ticketing systems  Integration with SIEM and
 Granular and pre-processed ticketing systems
metadata  Access management
 User behavior pattern capabilities
analysis  Easy deployment and
maintenance
Benefits
 Stable and performance-
optimized solution
 Virtualization-ready
 Comprehensive
centralized PAM
 User behavior pattern
analysis

Privileged Access Management

Ekran System and Observeit both include a set of access management features, in
particular providing secondary authentication for shared accounts to unambiguously
assign activity to a specific user. Apart from that, Ekran System also provides a privileged
account and session management toolset (PASM), one-time passwords, and two-factor
authentication functionality.

Privileged Activity Monitoring

Observeit and Ekran System are, first and foremost, of all monitoring and audit solutions.
They provide more detailed metadata, enhanced search functionality, and easy-to-use
analysis and session replay tools.

Ekran System and Observeit provide alert features. They allow for real-time session
viewing and manual session locking if problems are detected. Ekran System will
additionally prevent all subsequent login attempts by the blocked user.

Ekran System and Observeit provide real-time alerts on potentially risky user actions,
notifying security personnel and delivering all essential event details together with a video
episode.
Observeit couples alerting functionality with user behavior pattern analysis and risk
ratings.

Virtualization-ready
Ekran System provides the easiest and most cost-saving license management for virtual
endpoints.

For frequently changing virtual environments, Ekran System delivers automated

license assignment for newly created virtual endpoints and enables easy license
removal from virtual hosts that have been shut down for good. Unassigned licenses are
returned to the pool for the next endpoints.

Licensing and Pricing

Ekran System are targeted at business of all sizes and have correspondingly low prices.
ObserveIT targets the large enterprise market.

The main differentiator of Ekran System is its flexible licensing scheme, with different
types of licenses with which different features are available. For a Standard license, the
price is based only on the number of monitored endpoints.

One more SMB-friendly feature of Ekran System is the optional free embedded database
support in addition to MS SQL support. Observeit work only with commercial SQL
databases.