Privileged Identity Theft and Insider Threat Detection


Balabit’s Privileged Account Analytics’ machine learning algorithms analyze ingested data in real-time. Using the data collected, it establishes a profile for each user and continuously compares actual activity to baseline activity. Blindspotter does not rely on a single algorithm but utilizes several different ones and combines the results to create continuously adjusted behavior profiles.

Schedule a call
Continuous self-learning


Blindspotter doesn’t use pattern matching to detect "known bad" behavior. Using available data already being collected in your IT environment, it identifies "normal" behavior and detects deviations from that normal baseline by using various machine learning algorithms.


In most attack scenarios, the high-impact event is preceded by a reconnaissance phase. Detection and response during this phase is critical to preventing any further high-impact activity. Seamless integration with Balabit’s Privileged Session Management enables automated session termination if a highly suspicious event occurs.

Risk-based priority dashboard
Real-time insights on user behavior


Privileged Account Analytics categorizes events and highlights the most suspicious ones where both the risk and deviation levels are high. It provides a dashboard and an intuitive User Interface for security analysts to investigate these suspicious events in detail. This prioritization helps them to reduce the noise of security alerts.


Blindspotter analyzes the screen content of privileged sessions, recognizing issued commands and identifying typical user behavior to detect anomalies. This granular analysis facilitates detection of obvious signals of privilege misuse.

Risk-based priority dashboard


Due to its pluggable architecture it is easy to integrate custom data sources to supplement standard data sources such as log management systems, SIEMs, Privileged Identity Management solutions, LDAP or Active Directory. 


When performing identical actions, each user has their own idiosyncratic pattern of behavior regarding keystrokes and mouse movements. The algorithms built into Privileged Account Analytics are able to inspect these behavioral characteristics captured by Balabit's Privileged Session Management. Keystroke dynamics and mouse movement analysis not only help to identify breaches, but also serve as continuous, biometric authentication.