During my tenure at AlienVault, before the AT&T acquisition, I worked with several clients who were all using ObserveIT for their internal threat management. While AlienVault USM Anywhere would integrate with several other vendors, ObserveIT was not one of them.
I did some research on the solution, wrote a thorough report on it, and submitted it to the development team. Within a week, it was approved, and about 90 days later, the AlienApp for ObserveIT was released. This knocked down a few walls and helped me close several more opportunities than before the App was built.
Use Case for AlienApp Build
Purpose of AlienApp
To integrate with a third-party application that will provide deep granular information into user activity from multiple aspect across an enterprise network.
Why ObserveIT
Integration with ObserveIT would provide deep granular user movement and activity at a level that USM Anywhere currently does not have. The software employs similar traits to USM Anywhere in its simplicity of installation, speed of deployment, short-term/high-vale proposition and broad array of insider threat indicators. ObserveIT also provides visibility across a similar-platforms and utilizes similar architectures to achieve its end result.
Competitive Advantage
USM Anywhere does not currently have an integration that allows for a deep granular view of user activity and insider threat activity. Insider threats are an ever-increasing attack vector for criminal actors in today’s security landscape. An integration with ObserveIT would alleviate this shortcoming in the platform and further productize the USM Anywhere solution.
Drivers
There are daily requests via pre-sales demonstrations for deeper visibility into user activity through event log ingestion, behavioral analytics across the entire environment and actionable remediation procedures that would allow security staff and analysts to deter and react to insider threats carried out either by design or by third party threat actors.
USM Anywhere currently does not have plugins for syslog ingestion of this third-party vendors software.
An integration with ObserveIT would match and surpass the integrations with many direct competitors and further extend the competitive advantage of USM Anywhere by combining the speed of deployment and fast actionable data of USM Anywhere and the deep user activity visibility of ObserveIT. This combination would make for a very valuable integration that would make the decision to choose AlienVault easier than ever before.
Current Integrations
Splunk, LogRhythm, QRadar, Exabeam, ArcSight, Securonix, Lieberman Software, ServiceNow and RSA. ObserveIT also provides an Open API which enables extensible integration with a wide variety of tools.
ObserveIT is built to help large enterprises identify and eliminate insider threats.
With ultra-efficient data storage, ObserveIT uses SQL Server to store:
Use Case
Data doesn’t leave an organization on its own.
Employees, privileged users, and third parties may—intentionally or accidentally—move data to locations where it does not belong. Regardless of intent, data leakage can result in financial, legal and reputational trouble for your organization.
Users may attempt to exfiltrate data using:
Data leakage often happens on the endpoint without involving your broader network and can thus be quite difficult to identify and stop. This is where ObserveIT shines.
Our Approach
User Activity Monitoring
Your people are your greatest strength, but they can also be your greatest weakness. How will you prevent critical data and assets from being compromised by your users?
To stop insider threats in their tracks, your organization must continuously monitor all user activity.
Use Case
Employees are your business’s lifeblood, and they need access to critical systems and files to do their jobs. To remain secure and compliant, you need to ensure their actions stay within policy at all times, which requires the utmost in granular visibility.
Our Approach
ObserveIT monitors and audits all actions taken by employees on a company’s systems to protect data and reduce risk. ObserveIT identifies and eliminates insider threats from employees and guarantees that your organization has clear visibility into who is doing what, when, and why.
Third-Party Monitoring
Vendors, contractors, and partners can help support your business and create a strategic advantage. Yet, giving third parties access to confidential data and key systems drastically increases the risk of costly data breaches that impact your organization’s reputation.
Are you prepared to mitigate third-party risks?
Use Case
When you bring in third parties like vendors and contractors, you need to ensure their actions stay within policy so that you can remain secure and meet compliance mandates. Logging solutions can’t offer the necessary level of granular visibility.
Our Approach
ObserveIT monitors and audits all actions by third parties, such as vendors and contractors, on a company’s systems to protect data and reduce risk. In doing so, ObserveIT identifies and eliminates insider threats from third parties, including remote vendors, contractors, and partners.
Meet & Exceed Compliance Requirements
Meeting compliance framework and law requirements is a complex and challenging task, but failing can be incredibly costly and damaging to an organization’s reputation.
Continuous user monitoring and real-time incident investigation help your organization meet stringent compliance requirements and ensure sensitive data stays where it belongs – within the organization.
What steps are you taking to ensure compliance?
Use Case
Compliance mandates are non-negotiable for many businesses across a wide range of industries. Whether you are beholden to PCI-DSS, HIPAA, GDPR, or FERPA, you must carefully monitor and respond to insider threats to remain compliant.
Interested to see how ObserveIT can assist with GDPR compliance in particular?
Our Approach
Meet PCI, HIPAA, GDPR, or FERPA compliance requirements with one platform. ObserveIT helps companies protect data and reduce risk while ensuring they meet compliance requirements by offering unmatched visibility into user activity.
MORE USE CASES
Incident Response
When an insider threat incident occurs, your organization requires context to investigate and respond quickly and accurately.
Do you have the visibility and evidence necessary to resolve incidents before real damage is done?
Use Case
When an insider threat incident occurs, you need to know exactly where to get context about what happened. However, system, network, and log data can be difficult to sift through. Even with a SIEM tool, it’s challenging to parse data and get the context and visibility needed to respond to incidents effectively.
Our Approach
ObserveIT enables a quick and thorough response to insider threat incidents with complete visibility into user activity. It simplifies and streamlines the investigation process by providing detailed visual captures, precise activity trails, and metadata from your users.
OBSERVEIT VS VERIATO 360 VS EKRAN SYSTEM®
User monitoring software is designed to provide full visibility into what specific users are doing, allowing supervisors to assess employee performance and clearly detect any malicious actions. There are many such solutions on the market, each with its own technical approach, feature set, and licensing scheme designed with a specific audience in mind.
Ekran System® | ObserveIT | Veriato 360 | |
Description |
|
|
|
Target audience |
|
|
|
Technical approach |
|
|
|
|
|
|
|
Maintenance |
|
|
|
Price (based on average deployment cost) | $ | $$$ | $$ |
Licensing |
|
|
|
In this product review, we compare three alternatives: Ekran System, ObserveIT, and Veriato 360 (formerly Spector 360). We try to determine reasons to choose these solutions, their strong suits, and their drawbacks with an emphasis on highlighting differences between them.
Product Review: Summary
Each of the three solutions in this comparison presents different features and benefits, with each vendor targeting a slightly different audience.
ObserveIT provides large companies with advanced insider threat detection tools, while its high price makes it cost-prohibitive for smaller businesses.
Veriato 360 is an affordable solution that focuses heavily on employee monitoring with the ability to review employee performance data and detect insider threats. But it doesn’t offer much in terms of incident response. Some Veriato reviewers also say that it can have scalability issues with large deployments, and the product impacts server performance.
Ekran System provides a robust and stable feature set for a lower price than ObserveIT, making it an easy recommendation for SMBs and large companies. Its comprehensive user activity monitoring, PAM, multi-tenancy support, action logging, and incident response capabilities make Ekran System a strong Veriato 360 alternative for employee monitoring.
Market and Focus Overview
ObserveIT, Veriato, and Ekran System are close competitors using the same technical approach. However, each has a different feature set and licensing model that we’ll look at in more detail.
ObserveIT pricing
ObserveIT is the most expensive of these three solutions. Its price is based on the number of monitored endpoints and includes a fixed management tool fee. The high management tool fee makes deployments costly, which may pose problems for smaller companies with small or medium-sized deployments.
Ekran System and Veriato 360 Pricing
Ekran System provides two types of licenses. The price of the Standard license is based only on the number of monitored endpoints—the same as the Veriato 360 pricing scheme.
Additionally, Ekran System provides an Enterprise license with a pricing scheme similar to ObserveIT, with an additional fixed charge for the management panel. This license offers additional functionality specifically designed for large enterprises, such as SIEM and ticketing system integration, one-time passwords, high availability, and multi-tenancy support.
The Ekran System is the most affordable of the three solutions. Both Ekran System and Veriato 360 feature floating licensing distribution, which allows users to easily transfer licenses between different endpoints.
Additionally, the Ekran System allows for automatic licensing provision, which was specifically designed with virtualization environments in mind. This allows users to maximize the use of a single license by automatically transferring it upon termination of a virtual machine.
Feature and Usage Scenario Overview
Ekran System® | ObserveIT | Veriato 360 | |
Monitoring |
|
|
|
Incident response features |
|
|
|
Access management |
|
|
|
Integrations |
|
|
|
Additional benefits |
|
|
|
Recording Functionality
Ekran System, OvserbeIT, and Veriato 360 (formerly Spector 360) all use a similar agent-based architecture.
They provide video recordings of everything a user sees on the screen without any limitations for any target endpoint where the monitoring agent is installed.
The resulting recordings contain indexed video and searchable metadata, such as
The main difference between Veriato 360 vs ObserveIT and Ekran System lies in how they treat their data streams. While Ekran System and ObserveIT present video as the main data stream, accompanied by relevant synchronized metadata, Veriato 360 presents all data equally, with video serving mainly as an illustration of the larger metadata.
Incident Response Features
Incident response functionality differs significantly different between Ekran System and ObserveIT vs Veriato 360 (formerly Spector 360).
Alerting
While Veriato features customizable alerts, allowing for efficient insider threat detection, itn’t does not provide much in the form of incident response tools.
Ekran System and ObserveIT, as Veriato competitors, feature comparable alert functionality, including predefined sets of recommended alerts and functionality to develop custom rules.
USB Management
Moreover, Ekran System allows security personnel to automatically (as an alert about a suspicious activity is generated) or manually block users, stopping the current session and preventing them from initiating a new one. It also features automatic USB blocking, which helps to protect from mass storage devices and malware distributed via USB sticks.
ObserveIT, on the other hand, can alert or show a block messaging upon a connection of a mobile phone or USB storage device. When a suspicious event is detected, ObserveIT also allows forcibly message the user and informing them that a specific security policy has been breached. Security personnel can also block a user’s session if necessary.
Access Management
Veriato, ObserveIT, and Ekran System all allow you to clearly distinguish between users of shared accounts by employing additional authentication measures.
Ekran System offers multi-factor authentication. Additionally, it provides extended access control functionality in the form of one-time passwords and a privileged account and session management (PASM) module.