Balabit’s Privileged Account Analytics, Blindspotter, integrates detailed data from Balabit's Privileged Session Management solution, Shell Control Box, as well as a variety of contextual data and processes them using unique sets of algorithms, generating behavior profiles that are continually adjusted using machine learning. It detects suspicious activity by identifying unusual and risky deviations to baseline activity, offering a wide range of outputs from risk-based alerts to automated session termination.

DETECT UNKNOWN THREATS IN REAL-TIME

Rules-based security will fail to detect unknown attack methods used by external attackers or malicious insiders. Blindspotter tracks and visualizes user activity in real-time for a better understanding of what is really happening in your IT environment. It doesn’t require pre-defined correlation rules; it simply works with your existing data.

DISTINGUISH FRIEND FROM FOE

Using session data captured by Balabit’s Privileged Session Management such as keystrokes, mouse movements and commands executed, the Privileged Account Analytics engine can perform behavioral biometric analysis. This biometric analysis not only detects identity theft but provides continuous authentication by simply having users perform their tasks as usual.

REDUCE ALERT NOISE

Privileged Account Analytics reduces alert noise by categorizing events by risk and deviation levels, highlighting the most suspicious events. Alerts can be sent to SIEMs or security analysts can view a prioritized list of events on the intuitive User Interface, enabling them to investigate the most serious events.

Features

Privileged Identity Theft and Insider Threat Detection

REAL-TIME INSIGHTS

Balabit’s Privileged Account Analytics’ machine learning algorithms analyze ingested data in real-time. Using the data collected, it establishes a profile for each user and continuously compares actual activity to baseline activity. Blindspotter does not rely on a single algorithm but utilizes several different ones and combines the results to create continuously adjusted behavior profiles.

PATTERN FREE OPERATION

Blindspotter doesn’t use pattern matching to detect "known bad" behavior. Using available data already being collected in your IT environment, it identifies "normal" behavior and detects deviations from that normal baseline by using various machine learning algorithms.

AUTOMATED RESPONSE

In most attack scenarios, the high-impact event is preceded by a reconnaissance phase. Detection and response during this phase is critical to preventing any further high-impact activity. Seamless integration with Balabit’s Privileged Session Management enables automated session termination if a highly suspicious event occurs.

RISK SCORING

Privileged Account Analytics categorizes events and highlights the most suspicious ones where both the risk and deviation levels are high. It provides a dashboard and an intuitive User Interface for security analysts to investigate these suspicious events in detail. This prioritization helps them to reduce the noise of security alerts.

SCREEN CONTENT ANALYSIS

Blindspotter analyzes the screen content of privileged sessions, recognizing issued commands and identifying typical user behavior to detect anomalies. This granular analysis facilitates detection of obvious signals of privilege misuse.

PLUGGABLE ARCHITECTURE

Due to its pluggable architecture it is easy to integrate custom data sources to supplement standard data sources such as log management systems, SIEMs, Privileged Identity Management solutions, LDAP or Active Directory.

BEHAVIORAL BIOMETRICS

When performing identical actions, each user has their own idiosyncratic pattern of behavior regarding keystrokes and mouse movements. The algorithms built into Privileged Account Analytics are able to inspect these behavioral characteristics captured by Balabit's Privileged Session Management. Keystroke dynamics and mouse movement analysis not only help to identify breaches, but also serve as continuous, biometric authentication.

Quick Navigation;