Skip to main content

Teramind review

Behaviour analytics

(Image: © Teramind)

Our Verdict

Probably one of the best employee tracking tools available with powerful rule-based analysis. However, this is spyware and should be deployed with caution to avoid legal issues and a negative reaction from the workforce.


  • Complex analytics
  • Keylogger
  • Forensics level capture
  • Cloud and on-premise installs


  • It is spyware
  • No Linux, Chrome OS or mobile platforms

Based in Miami, Florida, Teramind was founded in 2014 and has since established itself as a global provider of employee monitoring, user behaviour analytics, insider threat detection, forensics and data loss prevention solutions.

Its products aren’t designed to find out who spends too much time on Facebook but are orientated to those industries with sensitive data that a rogue employee might be tempted to take, or strict compliance rules that need to be maintained.

Today, we’ll look specifically at Teramind Starter, but also mention its UAM and DLP platform on which this product is built.


Before we get into the features, we need to talk about the mechanics of how Teramind collates its data and then processes it to provide insightful information and timely warnings.

The rock-face of data acquisition is the Teramind Agent, a spyware module that is loaded on to every PC or Apple Mac to be monitored.

(Image credit: Teramind)

Once installed it tracks a wide range of activities on those devices.

As this software is spyware, Teramind has taken the time to have the code registered with all the major anti-virus vendors, so that it isn’t flagged and neutralised by these protections.

Windows 7 through to 10 are supported, Mac OS X 10.12 and upwards, and Virtual Windows installations on Citrix, VDI, VMWare Horizon and Terminal Server are all supported by the Agent.

That leaves Linux, Chrome OS (Chromebooks) and mobile platforms that are not covered by this solution.

At installation, the Agent can be ‘hidden’ or ‘revealed’, and in revealed mode the users can sign on and off the agent if they wish.

Data that is captured by the Agent can have multiple destinations. The default is a Cloud service run by Teramind, but it can also travel to a private cloud service or an on-premise server.

The on-premise option is provided by Teramind as an installable VM image, enabling it to be placed on any server using a hypervisor and then managed internally.

The exact features available depend on the plan used, as Teramind has three differently priced levels designated as Starter, UAM and DLP.

Starter provides basic monitoring of web pages and applications, instant messaging and social media. What it doesn’t offer is to track email or file movements.

The UAM plan adds email, console commends, has a keylogger, tracks the clipboard, captures printing and OCR. And, for those that need data loss protection, the DLP tier has a complex rue system designed to snag malicious activities like data exfiltration.

This top-level solution is designed to ensure regulatory compliance for those operating in a sector where PII, PHI/HIPAA or GDPR are mandated.

All the versions have user behaviour analytics designed to highlight insider threats, abusive behaviour, user anomaly detection and work patterns.

If you think that this level of scrutiny might not be legal in your region, as it isn’t in many. Then it is possible to deactivate features, like the keylogger, should that be deemed either inappropriate or counter to local laws.

However, these features aren’t locked out based on where Teramind is deployed, and it is down to the customer to make sure that they’re compliant with local laws and not contravening employee privacy rights.

(Image credit: Teramind)

What Teramind has provided is a couple of clever mechanisms to avoid an administrator leaking information gained through the system.

The access control system dictates what an admin can see, even if Teramind has captured more information that might be relevant in a criminal investigation. And, all the activities of the admin are logged within the system for others to review in the event of an issue.

As with any command structure, if the most senior people sanction inappropriate use then these controls might not work, but for most businesses, this granular approach where even admins have limits on what they can see is ideal.

(Image credit: Teramind)


Considering how much information can be collected by this type of system, the efficiency of the interface is more of a necessity than a nice-to-have.

For a web-based interface, Teramind is rather slick, as its designers have honed it to use screen space very wisely.

Where other interfaces struggle with long employee lists, Teramind has no problem making good use of a high-resolution display and presenting truckloads of additional information that admins can drill down through.

As an example of how to best use the web via a structured interface, Teramind shows the results that hard work and methodical thinking can achieve.

It’s approachable, easy to navigate and never tries to be excessively clever with the presentation of options or data.

(Image credit: Teramind)


Of the surveillance solutions we’ve reviewed recently, this product has one of the better security mechanisms, in both the access and the policy control of those administrating the system.

The recommended best practice is to give the Teramind server a DNS entry. Once this is in place, the advantages are that the web interface can use privately administered SSL certificates and keys.

That should keep the web administration free from prying eyes.

Agent removal is controlled by a unique password that’s separate from the admin access passwords, and this must be entered at the machine you want the agent taken off.

Data that the Teramind system collects can also be ringfenced so that managers can’t export it to any location, limiting it to a pre-defined domain.

If logically, the managers' machines are tracked by Teramind, as they should be, then information captured by the system can’t get outside the company without a paper trail.

These features make the system secure from external interference, but it also has a sophisticated mechanism to control precisely what those with access can do through defined policies.

Policies allow managers to have access to the reporting system and to monitor the staff under their direct control, but not have any view of staff that work for other managers.

Administration groups have specific privileges as to what data they can view on an employee, and employee data they can see.

By stratifying the system in this way only a small number of the admin staff can see all users, and only those that need live activity tracking, or other features, have it available to them.

Overall, the approach taken here is designed to mitigate inappropriate use of information gathered by the system and make a record of these events should it ever occur.

(Image credit: Teramind)

Plans and pricing

The cost of deploying Teramind is dependent on the level of functionality needed and if the server is Cloud or on-premise.

Cloud costs are $12 (£12) for Teramind Starter, $25 (£25) for Teramind UAM and $30 (£30) for Teramind DLP per user month. Those costs are based on monthly payments, and two free months are offered to those willing up to pay annually.

The minimum number of seats is five, and some reductions are available for those with 50 or more seats to track.

The on-premise deal is cheaper, since you are providing and maintain the server, and the cost is exactly 50% of the Cloud costs, with a minimum of 10 endpoints. Volume pricing kicks in at 250 endpoints, and again paying annually reduces the price further.

Compared with other solutions the on-premise deal is highly affordable, especially in a bigger company with the extra resources available to absorb the overheads. But the Cloud option is on the expensive side, especially if you need Teramind DLP.

Given how powerful Teramind is, and the potential legal bear-traps that a company deploying it might wander into, the advice provided is some of the best we’ve seen from any surveillance solution provider.

If others would like to understand the Teramind approach, then it might be worth them downloading its white paper on the subject, as it represents a best practice approach to software surveillance.

This document outlines the principles of monitoring, the rights of the employee and business owners, proportionality, employee consultation and regional differences.

The quality of this information doesn’t negate the possibility that this software can’t be used inappropriately by a customer. But conversely, Teramind can’t be accused of providing spyware without any guidance on its suitable deployment and ethical use.

Final verdict

If you work in an industry where information security is critical and deploying spyware considered proportionate to the risks, then Teramind is a very effective mitigation tool.

Unless that is, a large proportion of the workforce uses Linux, a Chromebook or mobile devices running iOS or Android.

Those platforms are a big hole in any security strategy until Teramind decides to plug it.

Once these systems are included, this will be one of the best surveillance products available, even if it is pricey for those that want all the features.