Blindspotter

Additional Info

CompanyBalabit Corp.
Websitehttp://www.balabit.com
Company size (employees)200+

Overview

Blindspotter is a real-time user behavior analytics (UBA) solution that monitors and analyzes users’ activities, and detects unusual behavior to help prevent theft. Blindspotter collects users’ “digital footprints,” builds a baseline of activities using advanced machine learning algorithms, and detects anomalies in real-time. Malicious insiders acting oddly or and the lateral movements of external attackers are revealed. Blindspotter creates a priority list of events to improve the efficiency of security teams as well. It prioritizes the riskiness of behaviors and focuses on potentially high-risk situations and activities.

Any analytics solution is only as good as the data that feeds it. Blindspotter leverages Balabit’s syslog-ng technology, which is proven and trusted in more than one million installations around the world. It also leverages Balabit’s Identity Access Management technology to analyze high-fidelity recordings of user activities such as screen recordings or command line interaction.

Blindspotter’s uniquely pluggable architecture enables analysis of other user data in addition to logs and IAM recordings. Custom connectors to proprietary APIs can be written within hours, and out-of-the box integration with many commonly-used data sources is standard.

Blindspotter combines the results of several big data models to ensure that attackers cannot fly under the radar, while ensuring that security teams are not overwhelmed by thousands of false alarms. It takes risk exposure levels of individual users into account and prioritizes potential incidents, allowing allows security teams to effectively optimize their efforts.
Blindspotter is the next layer of defense against APTs. Traditional pattern-based solutions or perimeter defenses fail to provide adequate defense against the most dangerous types of attacks.

The total cost of ownership for Blindspotter is relatively low as it does not require any manual pattern writing, rule definition or updates, and ecurity staff do not need to regularly maintain the solution.

How we are different

• Blindspotter improves enterprise security and enhances flexibility, without hindering business activities. It tracks users in environments where traditional control-based methods are infeasible or too annoying to users. It doesn’t continuously write and update patterns and rules of “known bad behavior”. Instead, Blindspotter links to previously independent data sources and automatically analyzes real-time and historic data to detect unusual behavior.
• In addition to automated responses, Blindspotter provides new insight for forensic analysis. Security staff can easily find all contextual information about an incident to quickly analyze it, further enhancing security team efficiency.
• Blindspotter is part of Balabit’s Contextual Security Intelligence (CSI) platform, which includes trusted log collection and data management and enriched insight from video-like activity records and user profiles, as well as Blindspotter’s user behavior analytics and risk assessment. This unified security system increases productivity and transparency of security processes, and also includes BalaBit’s syslog-ng and Shell Control Box products.