Blindspotter™ is a monitoring tool that maps and profiles user behavior to reveal human risk. It integrates a variety of contextual information in addition to logs, processes them using various unique algorithms, and offers a wide range of outputs from warnings to automatic interventions. Blindspotter™ is an advanced component of the Contextual Security Intelligence Suite. It discovers previously unknown risks and guides the investigation of threats through CSI.Risk.Schedule a call
Many companies’ worst nightmare is already lurking inside what was previously thought to be its perimeter, a sophisticated external attacker or malicious insider. Nowadays, attackers are intelligent, well-funded and their attacks are increasingly complex and well targeted. The common theme of recent, high-profile breaches is that they were carefully planned and went undetected for some time with the attackers moving freely inside the victim’s IT environment. Malicious insiders hold an advantage over a company’s primary security tools in that they are designed to protect against external threats, not against trusted employees. Targeted attacks by humans use a combination of IT vulnerabilities, social engineering and ordinary crime to gain unauthorized access. It means that the new perimeter, where you have to focus, is your users. They are the new focus of your security measures instead of the infrastructure. Blindspotter is the incarnation of this approach, the user focused IT security: it concentrates on what internal and external users are doing in the system.
Balabit is an IT security innovator for more than 15 years, which specialized in log management and advanced monitoring technologies, developed Blindspotter™, a next generation IT security tool that analyzes all user activity and reveals suspicious events occurring throughout IT systems. By detecting deviations from normal behavior and assigning a risk value, it helps companies focus their security resources on important events and also allows them to replace some controls, yielding greater business efficiency. Adding more tools that restrict users won’t make your company safer, it will just make your employees less productive.
Blindspotter™ integrates a variety of contextual information in addition to standard log data (like application logs, SIEM data, HR and CRM system inputs, LDAPs, etc.), processes them using unique sets of algorithms, and generates user behavior profiles that are continually adjusted using machine learning. It tracks and visualizes user activity in real-time for a better understanding of what is really happening inside the IT system and offers a wide range of outputs from a priority dashboard to automatic interventions. It doesn’t require pre-defined correlation rules; it simply works with your existing data. The built-in algorithms have customizable parameters that allow you to fine-tune the output without being a skilled data scientist. Data is analyzed in multiple ways to adjust the risk and deviation level of each activity. Blindspotter™ reveals all new deviations from normal operation in a well-prioritized dashboard. With advanced monitoring across every aspect of an IT system, Blindspotter™ prevents sensitive and critical data from potential security breaches, from both internal and external attackers.
"As Blindspotter™ is a revolutionary tool not only for monitoring but for prevention as well, it is capable of active intervention like requiring a mandatory run-on authentication, activating additional surveillance measures for suspicious activities or suspend or block access."
Zoltán Györkő, Chief Executive Officer of BalaBit