Use cases

Detection of misuse of privileges

Significantly decreases the chance of misuse of privileges. Malicious insiders also behave differently than normal employees. If a resigned employee wants to steal company data, Blindspotter is going to detect this strange activity and it will alert the security team for further investigation. This way the data breach or the serious misuse of privilege can be prevented.

Detection of hijacked accounts

Lowers the impact of potential breaches and provides an effective defense against APTs. Attackers, who are stealing valid user credentials behave differently than real users. Blindspotter is able to detect the level of deviation from normal user activity. If the deviation is high, it sends an alert to the Security Operation Center for further investigation. Suspicious activities can be confirmed by the user to detect identify thefts, which dramatically speeds up investigation and decreases false positives.

Detection of system accounts used by humans and personal accounts used by scripts

System accounts used by humans, shared accounts and personal accounts used by scripts are typical red flags and are potential security risks for the company. If an attacker finds a way to gain access to the stored credentials the script is using, he now gains access to all the services the script had access to. Blindspotter is able to distinguish between human and automated activity and notify the security team to take action before this security hole turns into a data breach.

Optimization of SIEM (Security Information and Event Management) coverage and detection capabilities

Increases the effectiveness of security teams, allowing them to see malicious activity happening "under the radar". Most of the SIEMs focus on failed logins while Blindspotter focuses on successful ones. The majority of SIEMs use pre-defined rules for detecting the known issues. Blindspotter analyzes application logs and other sources to find anomalies (a deeper level of understanding of real human activity) and suspicious activity.

Supporting security decisions by showing how administrators really use the system

In large organizations the phenomenon known as "privilege creep" is a big issue: the people, especially IT staff and managers get more and more privileges to be able to perform the new tasks they get over the time. That's a security issue and Blindspotter has to help by giving an overview of how different services are being used within the company and what kind of privileges should the individual users have.