Proofpoint Insider Threat Management offers effective security by detecting and mitigating insider threats through advanced analytics and user behavior monitoring, addressing cybersecurity needs effectively.
| Product | Mindshare (%) |
|---|---|
| Proofpoint Insider Threat Management | 10.6% |
| Microsoft Purview Insider Risk Management | 12.5% |
| Varonis Platform | 11.0% |
| Other | 65.9% |
Proofpoint Insider Threat Management focuses on protecting organizations by providing visibility into insider activity. It identifies risky behaviors and anomalies, allowing for quick response. The technology uses robust analytics and tracking to safeguard data and intellectual property. It integrates with security infrastructures for a comprehensive approach, helping IT teams respond to potential threats in real-time.
What features define Proofpoint Insider Threat Management?Proofpoint Insider Threat Management is widely used in industries such as finance and healthcare due to its ability to secure sensitive data and ensure compliance with industry regulations. Its implementation helps these sectors safeguard confidential information while maintaining operational integrity.
Proofpoint Insider Threat Management was previously known as ObserveIT.
Coca Cola, Allianz, Premiere League, Xerox, AIG, Cigna, Starbucks, Revlon, Toshiba, Nissan and more.
| Author info | Rating | Review Summary |
|---|---|---|
| Cyber Security Leader at a tech services company with 201-500 employees | 4.0 | I find ObserveIT easy to deploy and use, offering good value and ROI for SMBs. However, its lack of scalability makes it unsuitable for medium to large corporations, which is a significant drawback. |
| ITSM & AntiFraud Consultant at a tech company with 51-200 employees | 4.5 | I consider ObserveIT the best for user activity capture, with excellent recording and audit features. My experience implementing it confirms its stability, scalability, easy setup, and superb technical support. Recording Unix X Server activity is my main suggested improvement. |
| IT Senior Director, IT Risk & Compliance at a insurance company with 1,001-5,000 employees | 4.0 | I found ObserveIT valuable for real-time policy infraction investigation and compliance assurance. Implementation was easy, and support excellent. I'd like to see OCR, Mainframe support, and enhanced workflow capabilities added. |
| Remote Service Tools (Support and R&D) Team Leader at a comms service provider with self employed | 3.5 | I've used the recording session solution for 7 years; it's valuable for auditing remote access, resolving security issues, and has great support. I'd like tunnel recording and correct Linux session slide counts. |
| Consultant with 51-200 employees | 4.0 | I've used this solution for two years, finding metadata search and alert generation valuable for compliance. Setup was straightforward, and support is good. While I recommend it, I believe ticketing and new feature training could be improved. |
| Security Expert at a tech services company with 501-1,000 employees | 5.0 | We value its small video files and intuitive management. Deployment and stability were issue-free, and setup was straightforward. We haven't used scalability or customer service, making direct ROI difficult for us to quantify. |
The biggest and strongest use case is to monitor the behavior patterns, in terms of any malicious activity, like downloading unauthorized files from the internet.
The most important feature is the expectation that the solution has to have a minimum of false positives. This depends both on the tool and its implementation. So the important features are the minimum false positives it produces and the accuracy of its reporting. Also, important is how easy it is to run.
In terms of what can be improved, that is a question I think the end users can tell you better. I'm not the end-user for this system. However, I can say that it needs to be more scalable.
I think they already have a good value proposition in terms of being a hybrid model, and the reporting is okay, as well.
It could have better integration with other SIEMs, but this integration has to come from the SIEM side, not ObserveIT.
I have been familiar with ObserveIT for six months.
ObserveIT is not scalable and it's not for the medium to large corporations. It's for smaller environments. For the larger corporations, we have other scalable solutions, and at the moment I think the usual pattern to address the UEBA is defining or directing the use cases.
I've never contacted technical support. It's directly from the vendor.
Installation is very straightforward. It's a small utility, it's not a big platform, like Securonix, where you need massive hardware and computing power to run it. It takes about three hours to deploy. Three hours for the installation, and then depending on the number of use cases you need to configure, two to three days max.
We work with ObserveIT on-prem, but they have a cloud option. ObserveIT supports both.
A technical person involved with the deployment engineer came from the vendor itself to help. I did not do it myself.
As for pricing, it's a vendor-based question and very confidential.
But it's extremely cost-beneficial for you.
In contrast to the scalability of ObserveIT, Securonix, another platform for UEBA, has infinite scalability. It can scale depending on the number and amount of computing power you have and it does not work on the standard database but on the big data analytics platform. That brings with it the value of security analytics as well, regardless of any silos. Securonix is not only UEBA, but it's also an integrated platform, the next-gen SIEM UEBA, and it supports the security data link as well. So it is massive. It is appropriate for much, much larger organizations where you have 50,000 users or more who you need to monitor. There is no regular SIEM with such use cases. Securonix is particularly developed for large organizations where scalability is a challenge and there is a large number of users.
ObserveIT is small, easy to use, easy to deploy, and is not complicated, so it's more generally suited for only SMBs. It's a good value at a cheaper price.
For the SMB industry, I would it rate seven or eight out of ten. That's because of its ease of use, it is very easy to deploy and administer, and it is affordable from a market perspective. Overall, it gives a consistent and really good return on investment.
But it's not for the larger corporations at all.
It is the best enterprise product that captures user activity. Its main advantage over its competitors is the way it records data. The most valuable features are the user recording, the textual log audit, and the ability to integrate with SIEM and ticketing systems.
All my clients are very pleased with this product as it helps them to keep track of what partners and employees are doing on the servers. Some of them are using ObserveIT to monitor the user activity on virtual desktops.
It would be nice to record user activity on Unix X Server.
I have two years experience of implementation of ObserveIT at six clients in Romania.
Until now we didn't have any issues with deployment reported. Most issues are related to the prerequisites not being installed.
This product is very stable. Some clients have version 5.6 and don't want to upgrade to a newer version because this version satisfies all their needs.
I didn't have any big scalability issue on production systems. I had some problems with an instance of ObserveIT in a Proof of Concept, when I installed ObserveIT with an SQL Express instance and the DB used all provisioned space. The solution was to use the DB to store metadata and keep the recordings on the file system.
We didn't use ObserveIT support too much, as we didn’t have problems with the product. We have used them only when we had an exotic environment, and we had some SSL agent integration problems.
Technical Support:The technical support is rated at 10/10 from my point of view.
ObserveIT was the first solution of its kind that I have used.
The initial setup is straightforward. As a beginner you can use the OneClick install, and read the logs to see where the problems are.
I have implemented this solution as an IT Consultant to clients. In our personal environment we have only used it for a Proof of Concept.
Always check the prerequisites, and provision the requested space for the storage or DB
Real time recording and investigation of suspected policy infractions. Ease of implementation and configuration. Knowledge, availability and responsiveness of ObserveIT technical team to support our implementation.
Has allowed us to provide level of assurance of compliance to complicated business policy.
OCR capability, support for Mainframe, Ticketing and Incident workflow.
Recently implemented at end of Q1/2015
No issues with ObserveIT but with our own network limitation requiring remediation.
No.
No.
The ObserveIT professional services team has been excellent, extremely engaged and genuinely concerned with our success.
Technical Support:Excellent.
We are using the recording session solution and this feature is the most valuable for us.
We installed the ObserveIT clients on Centralized Terminal Servers environment - our support teams go through this environment in order to use the remote access tools and connect to the customer, and support. The application provides us auditing and records of the remote access sessions. We are also using the ObserveIT client on LINUX to record remote access established via the LINUX servers (P2P VPN) to our customers.
It resolved security issues of the organization by providing audit reports and records to our customers.
The tool is still not providing records of tunnels established - we would like to see it in future versions.
The number of slides in the LINUX recorded sessions is incorrect.
7 years
Everything was clear and, in any case we received great support from the support team.
The customer service is great.
Technical Support:The technical support is great.
No
In-house
No
I'm a consultant who implements these for customers. Helps compliance regulations.
Ticketing and issue management. Based on the new system, one needs to go through the sales people. Also, maybe some training for new features.
I've used it for approximately two years.
No issues encountered.
No issues encountered.
I haven't tried to scale it.
Good - 8/10.
Technical Support:Good - 8/10.
No previous solution used.
It is straightforward.
Go for it.
No. We didn't have issues with deployment.
No. We didn't have issues with stability.
We didn't use the scalability.
We have not had the opportunity to work with customer service.
Technical Support:We have not had the opportunity to work with technical support.
No previous solution used.
The initial setup was straightforward, but we work with many solutions and have a lot of expertise.
We provide the solutions to customers, and I find it difficult to talk about ROI.
Yes, we also looked at Balabit solutions.
Customers must clearly understand what nodes need to be protected before buying and implementation.
