Skip to main content

Veriato Cerebral Security review

Spyware for business

(Image: © Veriato)

Our Verdict

A very powerful tool that can track all aspects of a computers use and the time that an employee spends on it. Let down by the lack of support for Apple iOS devices and Chromebooks, and the legal uncertainties of spyware use.

For

  • Stealth mode
  • Comprehensive surveillance

Against

  • No Chromebook or iOS support
  • It’s Spyware
  • Lacks installable demo
  • Poor web security

Founded in 1998, Veriato was one of the very early names in computer monitoring.

It now has thousands of companies across the globe using its tools to track the activities of its employees and the computer platforms they use.

In this review, we’ll be looking at the Cerebral Security solution. Software built to monitor employees to enhance productivity and detecting unwanted employee activities in the workplace.

(Image credit: Veriato)

Features

The interesting aspect of Veriato Cerebral Security is that it has dual mechanisms to enhance its employee monitoring solution, one derived from the other.

Its first line of defence is an agent module that is installed on the computer to be tracked that captures almost everything that it does. That includes application activities, including Chat and IM apps, web sites visited, emails sent and received, any documents printed, and files transferred to USB sticks. There is also a keylogger component, allowing any typed content to be secured and analysed.

A strong feature of this tool is how the information is then collated after capture. It is possible to fast-forward through a computer’s working day in a video review, where all significant events are shown in chronological order.

From this data productivity tracking is available, and the system can also be primed to generate an alert should employees use specific words in their communications or copy a sensitive file, for example.

(Image credit: Veriato)

The extent of monitoring can be defined for groups or individuals, allowing an investigation level deployment to gather everything it can, where normal employees get a much less invasive overview.

All the data from this surveillance is either collected on the Cloud or a local SQL server, for reviewed by HR or other admin staff.

The agent can be put on Windows 7 and upwards computers, Mac OS X 10.10 or higher ore mobile devices running Android 5.0 up to 8.0 Oreo.

It also works on distributed solutions built around Microsoft Terminal Server/Citrix XenApp.

What isn’t supported is any Apple iOS devices or Chromebooks, unfortunately.

For most employee monitoring products, this would be sufficient, but Cerebral also has an Insider Threat Detection capability, where AI code is used to trawl the data and look for significant changes in activity, even down to geographically tracking where they’ve been.

As technologically impressive as this all sounds, some of the profiling that this tool is capable would tread heavily on the rights of individuals in some regions, and be illegal in many.

In most countries, employees are allowed private lives outside work hours and locations, even if they’re carrying a company-owned phone.

One noticeable aspect to Cerebral is that the server and recorder parts need to be at precisely the same level for the data to flow. If the server is updated, but the recorders are not, then no new information will be uploaded until an update re-synchronises the versioning.

After each upgrade, Veriato advises a long list of things you should check to make sure the configuration has not been reset and everything is operating as before.

The manual nature of these changes could soon become an annoyance to those tasked with maintaining the system, should a series of upgrades/fixes come through the system sequentially.

(Image credit: Veriato)

Interface

The web interface for Cerebral is simple, yet effective.

A left-side hierarchical menu expands content into a much larger right panel, and a few icons are accessible along the top edge.

It all has a unified appearance. Or, it does until you start clicking on certain options, like those to see a live computer desktop of a monitored system.

These generate borderless popup panels that don’t share a visual styling with the main interface. Some have borders, but you can’t expand or move them.

These quirks can be very annoying if the panel appears to be underneath a page banner, as it did with some, as you can only click it away and not see all the information.

Overall, it’s a bit of a mess and needs restyling for a more uniform experience. It’s not unusable, but it certainly needs rethinking in places.

(Image credit: Veriato)

Security

As a web-based solution, having an interface that doesn’t use SSL is disappointing.

Without that protection, if the tool is accessed via a compromised machine, the login and passwords for the administrators could be revealed, allowing the hacker access to everything on all the machines with the client components installed.

The locally installed solution uses SQL security, and because the interaction with the server is localised, that option is inherently safer. In theory.

Veriato should at least implement two-factor authentication for admin access at the very least, considering the importance that it gives to risk management on its website.

Plans and pricing

Veriato Cerebral Security pricing isn’t transparent, and therefore the unit cost entirely depends on the scale of the installation and how much Veriato wants your business.

That said, a response to an email request for information revealed that the starting cost is $95 per person per year, and as the volume increases, the price reduces.

The product is aimed primarily at businesses with more than 50 users, but Veriato is preparing an alternative solution for smaller operations very shortly.

At an average cost of $7.92 per month per seat, this isn’t the most expensive solution around, and it also isn’t the most expensive.

What we liked about the Veriato website is that it is packed with lots of information for those looking to employ surveillance software. These include some interesting statistics sourced from Vouchercloud about what employees do with their time.

For example; in an 8-hour working day, the average worker is productive for 2 hours and 53 minutes. That statement doesn’t explain the jobs those ‘average workers’ were doing, or how hard they needed to work when being productive.

But the message is clear that employees could be more productive if monitored.

Another quoted statistic is that 71% of U.S. Workers are so unhappy at work they are looking for a new job, according to the Mental Health America 2017 Survey. According to Veriato makes them prime candidates for being an insider threat, or ‘flight risks’ as the system likes to refer to them.

Again, almost everyone wants a more satisfying job, with more holidays and better pay, so this isn’t exactly news. The potential negative impact on employee morale of deploying spyware in the workplace is real and considering 71% of employees as a threat by default isn’t likely to reduce the number of potential ‘flight risks’.

What’s important to realise is that as a US-based company, Veriato presents what is considered acceptable in that country. And, in some of its documents, it even warns US companies employees in other countries might have greater legal rights, and that any acceptable use policy would need to be amended to reflect those differences.

In one white paper, it discusses the idea of deploying surveillance without informing staff. That’s unethical and illegal in most European countries as it flaunts the data protection act among other statutes.

Alongside taking legal advice, we’d advise any company using a surveillance product to consider the potentially corrosive impact on employee trust and morale, along with the ethical aspects. And, the negative ramifications on company reputation should surveillance tools be used inappropriately.

Final verdict

From a technical standpoint, this is a very impressive product that captures the activity of employees in minuscule detail and provides useful analytics.

However, its weaknesses are that it currently doesn’t support Chromebooks or any Apple devices. These platforms are increasingly common for business and need to be included.

Without those devices being included a complete picture of what employees are doing isn’t possible.