Promote this Nomination

Additional Info

Company size (employees)n/a
Type of solutionHybrid


Balabit’s “Blindspotter” real-time privileged user behavior analytics (UBA) solution monitors and analyzes users’ activities, and detects any unusual behavior. It does this by building up a baseline profile of each privileged user, collating their typical behaviors, including both meta-data (time, place, applications accessed, etc.) and detailed biometric characteristics such as typing speed or mouse movements, using sophisticated machine learning algorithms.

If a user acts oddly – either by exhibiting behaviors indicating a potentially malicious insider or intruder with stolen credentials – Blindspotter can detect these anomalies in real-time, and respond according to the organization’s priority list of security events.

Blindspotter improves the efficiency of security teams, by focusing on the highest-risk situations and activities. It helps companies prevent one of their worst nightmares: an extended, undetected attack.

Blindspotter can ingest data from multiple sources, including logs, but is optimized to work with Balabit’s Shell Control Box privileged user monitoring solution, which records every privileged user session as a high-fidelity recording.

Furthermore, custom connectors to proprietary APIs can be written, and out-of-the box integration with many commonly-used data sources is standard.

Lastly, Blindspotter’s advanced security analytics correlate the results of several Big Data models, ensuring that attackers will be detected and security teams aren’t overwhelmed by thousands of false alarms. It takes the risk exposure levels of individual users into account and prioritizes potential incidents.

How we are different

• Blindspotter can prevent data breaches and drives its ROI in several ways:
1) it dramatically cuts the likelihood of a costly data breach by ‘continuously authenticating users’ automatically through techniques including device interactions – without impacting business processes or eroding productivity;
2) it helps IT teams discover potentially dangerous and expensive mis-configurations or misuse of corporate resources; and
3) it provides the next layer of defence against Advanced Persistent Threats.

• Blindspotter visualizes security events and enriches them with contextual information. Balabit’s clear, compelling analytics facilitate analysis and investigation, and also gives CIOs and CISOs exceptional new clarity in communicating to C-suite executives. It demonstrates how IT systems and resources are actually used (and their full criticality to the organization’s well-being), enabling CISOs and CIOs to better cost-justify and strengthen budget recommendations.

• Blindspotter helps security teams – and Security Operation Centers - be more efficient by facilitating forensic analysis, by providing time-saving automatized responses and prioritized lists of suspicious activities, and providing immediate, highly relevant contextual information on critical situations.