Real-time user behavior analytics

Balabit’s Privileged Account Analytics, Blindspotter, integrates detailed data from Balabit's Privileged Session Management solution, Shell Control Box, as well as a variety of contextual data and processes them using unique sets of algorithms, generating behavior profiles that are continually adjusted using machine learning. It detects suspicious activity by identifying unusual and risky deviations to baseline activity, offering a wide range of outputs from risk-based alerts to automated session termination.

Schedule a call
Scaling to large networks with syslog-ng

Blindspotter vs. insider threat

Scaling to large networks with syslog-ng

Blindspotter - The real-time user behavior analytics solution


Rules-based security will fail to detect unknown attack methods used by external attackers or malicious insiders. Blindspotter tracks and visualizes user activity in real-time for a better understanding of what is really happening in your IT environment. It doesn’t require pre-defined correlation rules; it simply works with your existing data.


Using session data captured by Balabit’s Privileged Session Management such as keystrokes, mouse movements and commands executed, the Privileged Account Analytics engine can perform behavioral biometric analysis. This biometric analysis not only detects identity theft but provides continuous authentication by simply having users perform their tasks as usual.

usual, unusual activities


Privileged Account Analytics reduces alert noise by categorizing events by risk and deviation levels, highlighting the most suspicious events. Alerts can be sent to SIEMs or security analysts can view a prioritized list of events on the intuitive User Interface, enabling them to investigate the most serious events.