ObserveIT Review

Good value, easy to use, and easy to deploy


What is our primary use case?

The biggest and strongest use case is to monitor the behavior patterns, in terms of any malicious activity, like downloading unauthorized files from the internet.

What is most valuable?

The most important feature is the expectation that the solution has to have a minimum of false positives. This depends both on the tool and its implementation. So the important features are the minimum false positives it produces and the accuracy of its reporting. Also, important is how easy it is to run.

What needs improvement?

In terms of what can be improved, that is a question I think the end users can tell you better. I'm not the end-user for this system. However, I can say that it needs to be more scalable.

I think they already have a good value proposition in terms of being a hybrid model, and the reporting is okay, as well. 

It could have better integration with other SIEMs, but this integration has to come from the SIEM side, not ObserveIT.

For how long have I used the solution?

I have been familiar with ObserveIT for six months.

What do I think about the scalability of the solution?

ObserveIT is not scalable and it's not for the medium to large corporations. It's for smaller environments. For the larger corporations, we have other scalable solutions, and at the moment I think the usual pattern to address the UEBA is defining or directing the use cases.

How are customer service and technical support?

I've never contacted technical support. It's directly from the vendor. 

How was the initial setup?

Installation is very straightforward. It's a small utility, it's not a big platform, like Securonix, where you need massive hardware and computing power to run it. It takes about three hours to deploy. Three hours for the installation, and then depending on the number of use cases you need to configure, two to three days max.

We work with ObserveIT on-prem, but they have a cloud option. ObserveIT supports both.

What about the implementation team?

A technical person involved with the deployment engineer came from the vendor itself to help. I did not do it myself.

What's my experience with pricing, setup cost, and licensing?

As for pricing, it's a vendor-based question and very confidential. 

But it's extremely cost-beneficial for you.

Which other solutions did I evaluate?

In contrast to the scalability of ObserveIT, Securonix, another platform for UEBA, has infinite scalability. It can scale depending on the number and amount of computing power you have and it does not work on the standard database but on the big data analytics platform. That brings with it the value of security analytics as well, regardless of any silos. Securonix is not only UEBA, but it's also an integrated platform, the next-gen SIEM UEBA, and it supports the security data link as well. So it is massive. It is appropriate for much, much larger organizations where you have 50,000 users or more who you need to monitor. There is no regular SIEM with such use cases. Securonix is particularly developed for large organizations where scalability is a challenge and there is a large number of users.

What other advice do I have?

ObserveIT is small, easy to use, easy to deploy, and is not complicated, so it's more generally suited for only SMBs. It's a good value at a cheaper price.

For the SMB industry, I would it rate seven or eight out of ten. That's because of its ease of use, it is very easy to deploy and administer, and it is affordable from a market perspective. Overall, it gives a consistent and really good return on investment.

But it's not for the larger corporations at all.

Which deployment model are you using for this solution?

On-premises
**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More ObserveIT reviews from users
...who compared it with Securonix UEBA
Add a Comment
Guest