CYBERARK / OBSERVEIT COMPARISON
WHAT IS DIFFERENT ABOUT OBSERVEIT
OBSERVEIT RECORDS ALL PRIVILEGED USERS / NOT JUST ROUTED THROUGH
CYBERARK PROXY
Security audits must show all privileged user access— not limited to access via the ‘standard’ method.
ObserveIT records all user activity at the end point and cannot be bypassed. CyberArk only records
users that go through its proxy. It does not record accounts connecting directly to the servers.
CyberArk’s proxy can easily be bypassed by connecting directly to these servers using domain accounts
or creating local accounts. ObserveIT records all activity regardless of how a user connects and also
detects the creation of local accounts and alerts on such activity.
OBSERVEIT’S PRIVILEGED USER INTELLIGENCE IS REAL-TIME
Security investigations should be in real-time— not require hours of video playback from start to end.
ObserveIT provides real-time insight into the users putting your organization at risk – by monitoring and
alerting on field-level application activity, scoring users based on their imposed risk, and allowing you
to investigate your highest-risk privileged users. CyberArk only provides a video replay of the session
and keylogging. ObserveIT gives you much more intelligence, by generating a detailed metadata log of
all user activity. (Apps launched, file names, URL’s, window titles, system calls, resources affected
etc.) This position allows ObserveIT to alert on risky behavior in real-time and point to the exact place
in the recorded session and activity logs which provides certainty and reduces investigation time.
CyberArk is exposed to a very limited set of events that can be alerted on and indexed. ObserveIT is
more than just a ‘Dummy’ recorder.
OBSERVEIT DOES NOT IMPACT PRIVILEGED USER EXPERIENCE
Improving security shouldn’t be a burden on privileged users— and require long, painful deployments.
ObserveIT doesn't change how privileged users operate. It records the activity in the background and
allows the users to use their preferred tools. CyberArk forces the users to go through the proxy and
doesn't record the use of common administrative tools like VMWare vSphere, VDI etc. These
operational hurdles are important because they introduce barriers of adoption of the solution,
decreasing risk and security benefits and increasing deployment time.
OBSEREIT COVERS ALL USER ENVIRONMENTS
For complete coverage, security audits require monitoring Desktop and VDI Sessions.
ObserveIT provides a broad set of deployment options that ensure full coverage: Terminal servers, VDI,
Desktops, Servers running in public clouds (IaaS), etc. CyberArk only records sessions that go through
the proxy. Because CyberArk’s session recording is built atop their password vault, a new connector is
ObserveIT
1
CyberArk and ObserveIT Comparison Guide
required for every new type of application monitored. This is important because sensitive data is
accessed from all parts of the organization and cyber-ark cannot support the sensitive business
applications you need to monitor.
OBSERVEIT IS EASY TO INTEGRATE AND PROVIDES REAL TIME ALERTING
Privileged users session shouldn’t— Add privileged user intelligence into your security ecosystem.
ObserveIT integrates very well with leading SIEM’s (Arc Sight, Splunk, and QRadar) so that response
teams that already track log changes can filter through events and view session recording in the
context of SIEM incidents in real time. ObserveIT identifies the user action that relates to the change
giving context to the incident. This significantly reduces the time required to understand root cause
and get to a resolution. We also provide native integration with ticketing systems including Remedy
and Service Now allowing you to tie a ticket # to a particular recorded session.
OBSERVEIT DOES NOT INTRODUCE A SINGLE POINT OF FAILURE
ObserveIT is a software-only solution that does not require any network infrastructure changes.
Software agents can be installed on the desktops, servers and jump servers you want to monitor and
manage. CyberArk requires significant changes to your network infrastructure to ensure all IT users are
routed through their proxy. Only users that are routed through the proxy will be recorded. In addition
to these required changes, if this proxy goes down, your users will not be able to log in to perform
critical IT tasks.
OBSERVEIT IS DESIGNED FOR ENTERPRISE SCALABILITY
CyberArk stores video in flat-file pure video format. ObserveIT screen-shot delta format is stored in
standard SQL database. The storage requirements for video are extremely high, and difficult to
manage. ObserveIT’s storage requirements are much lower (by orders of magnitude). Furthermore,
ObserveIT inherits any corporate database management policies, meaning that backup and archiving
can be handled automatically.
FEATURE COMPARISON
Session Recording
Features
ObserveIT
Cyber
Ark
Comments
Application insight
Yes
No
ObserveIT captures user activity in dialogs and field
views. CyberArk’s proxy approach doesn’t allow
visibility into application usage.
Recording all type of
users
Yes
No
Cyber-Ark only records users that go through their
proxy. Cannot see user desktops and business
applications.
ObserveIT
2
CyberArk and ObserveIT Comparison Guide
Session Recording
Features
ObserveIT
Cyber
Ark
Comments
Keylogging
Yes
Partial
CyberArk cannot record nested/underlying
commands run in the background by scripts and
programs.
Application
independence
Yes
No
ObserveIT records any application running on the
machine. CyberArk needs to build a connector.
Real-time monitoring
Yes
Yes
CyberArk provides real-time monitoring through an
additional product “threat analytics”. ObserveIT
provides it natively.
Session Termination
Yes
Yes
Searchable details
Yes
Partial
ObservIT allows you to search on all text and key
words captured on the screen. CyberArk is tied to
privileged events with ‘point in time’ viewing within a
session recording.
Proxy Based
Yes
Yes
ObserveIT’s Secure Proxy configuration provides a
proxy option, However, the agent option provides
more insight.
Secure Proxy
Yes
Yes
ObserveIT Secure Proxy configuration available
SSH Proxy
Yes
Yes
ObserveIT Secure Proxy configuration available. Can
stand up a Unix jump server.
Tamper proof audit
Yes
Yes
OOTB Universal
Connector
N/A
Yes
ObserveIT
3
ObserveIT doesn't need to build a connector in order
to be able to access more applications or protocols.
Just install the agent on the workstation, desktop, or
application (Citrix/TS).
CyberArk and ObserveIT Comparison Guide