Balabit Blindspotter
1.00

Problems that solves

Unauthorized access to corporate IT systems and data

Risk or Leaks of confidential information

Employee personal use of corporate IT during working hours

Risk of attacks by hackers

Risk of data loss or damage

Risk of lost access to data and IT systems

Non-compliant with IT security requirements

Customer fraud

Values

Reduce Costs

Ensure Security and Business Continuity

Ensure Compliance

Balabit Blindspotter

Balabit Blindspotter is a monitoring tool that maps and profiles user behaviour to reveal human risk, also improves enterprise security and enhances flexibility, without hindering business activities.

Description

Blindspotter is a monitoring tool that maps and profiles user behaviour to reveal human risk. It integrates a variety of contextual information in addition to logs, processes them using a unique algorithm, and offers a wide range of outputs from warnings to automatic interventions. Blindspotter is an advanced component of the Contextual Security Intelligence Suite. It discovers previously unknown risks and guides the investigation of threats through CSI Risk. It improves enterprise security and enhances flexibility, without hindering business activities. Blindspotter is a real-time user behavior analytics (UBA) solution that monitors and analyzes users’ activities, and detects unusual behavior to help prevent theft. Blindspotter collects users’ “digital footprints,” builds a baseline of activities using advanced machine learning algorithms, and detects anomalies in real-time. Malicious insiders acting oddly or and the lateral movements of external attackers are revealed. Blindspotter creates a priority list of events to improve the efficiency of security teams as well. It prioritizes the riskiness of behaviors and focuses on potentially high-risk situations and activities. Any analytics solution is only as good as the data that feeds it. Blindspotter leverages Balabit’s syslog-ng technology, which is proven and trusted in more than one million installations around the world. It also leverages Balabit’s Identity Access Management technology to analyze high-fidelity recordings of user activities such as screen recordings or command line interaction. Blindspotter’s uniquely pluggable architecture enables analysis of other user data in addition to logs and IAM recordings. Custom connectors to proprietary APIs can be written within hours, and out-of-the box integration with many commonly-used data sources is standard. Blindspotter combines the results of several big data models to ensure that attackers cannot fly under the radar, while ensuring that security teams are not overwhelmed by thousands of false alarms. It takes risk exposure levels of individual users into account and prioritizes potential incidents, allowing allows security teams to effectively optimize their efforts. Blindspotter is the next layer of defense against APTs. Traditional pattern-based solutions or perimeter defenses fail to provide adequate defense against the most dangerous types of attacks. The total cost of ownership for Blindspotter is relatively low as it does not require any manual pattern writing, rule definition or updates, and ecurity staff do not need to regularly maintain the solution.