Type: Product - Service
Category: Security
Sub-categories: Security Monitoring, User Behaviour Analytics

Blindspotter: A real-time, user behaviour analytics tool that analyses user activities and identifies suspicious events occurring throughout IT systems.

The Problem
Many companies’ worst nightmare is already lurking inside what was previously thought to be its perimeter, a sophisticated external attacker or malicious insider. Nowadays, attackers are intelligent, wellfunded and their attacks are increasingly complex and well targeted. The common theme of recent, high-profile breaches is that they were carefully planned and went undetected for some time with the attackers moving freely inside the victim’s IT environment. Malicious insiders hold an advantage over a company’s primary security tools in that they are designed to protect against external threats, not against trusted employees. Targeted attacks by humans use a combination of IT vulnerabilities, social engineering and ordinary crime to gain unauthorized access. It means that the new perimeter, where you have to focus, is your users. They are the new focus of your security measures instead of the infrastructure

Solution (Value Proposition)
Blindspotter is a real-time, user behaviour analytics tool that analyses user activities and identifies suspicious events occurring throughout IT systems. It helps organisations mitigate the impact of advanced persistent threats or identify malicious internal activity and speed up the investigation process of any suspicious activities. Blindspotter tracks and visualises user activity in real-time to provide organisations with a better understanding of what is really happening on the network. The solution works by collecting and analysing user-related events and user session activities - digital footprints - in real-time or near real-time. It builds a baseline of user profiles from the gathered digital footprints then compares every action to these corresponding baseline of users and their peers to spot anomalies in their behaviour - such as an administrator logging in outside of their normal hours. Blindspotter is even capable of detecting abnormality on the level of issued commands as well, which means that in case a system administrator uses a command that is different from the generally used command set, Blindspotter would alert the security team. Once this has been detected, Blindspotter can automatically react to minimise the impact of any threat. It is designed to meet today’s key security challenges and alert organizations to key threats, for example: • Detection of hijacked user accounts • Detection of misuse of privileges • Detection of automated system account misuse • Screen Content Analysis (Used in conjunction with Shell Control Box – BalaBit’s privileged activity monitoring appliance – Blindspotter can also analyze screen content, including issued commands and applied software or any textual data that appears on the screen. This enables the detection of any anomalies, which are the obvious signs of an APT-attack or a serious misuse of privilege)

Key Differentiators
Firstly, any analytics solution is only as good as the data that feeds it. Blindspotter leverages BalaBit’s syslog-ng technology, which is proven and trusted by one million+ installations around the world. It also leverages BalaBit’s Identity Access Management technology to analyze high-fidelity recordings of user activities such as screen recordings or command line interaction.
Secondly, Blindspotter’s uniquely pluggable architecture enables analysis of other user data in addition to logs and IAM recordings. Custom connectors to proprietary APIs can be written within hours, and out-of-the box integration with many commonly-used data sources is standard. And lastly, Blindspotter combines the results of several unsupervised machine learning algorithms to ensure that attackers cannot fly under the radar, while ensuring that security teams are not overwhelmed by thousands of false alarms. It takes risk exposure levels of individual users into account and prioritizes potential incidents, allowing security teams to effectively optimize their efforts.

Supporting Technology (the 'magic')
Blindspotter integrates a variety of contextual information in addition to standard log data, processes them using unique sets of algorithms, and generates user behavior profiles that are continually adjusting using machine learning. It tracks and visualizes user activity in real-time for a better understanding of what is really happening on the network and offers a wide range of outputs from warnings to automatic interventions. It doesn’t require pre-defined correlation rules; it simply works with your existing data. The built-in algorithms have standard and unique parameters that allow you to fine-tune the output without being a skilled data scientist. Data is analyzed in multiple ways to adjust the risk and deviation level of each activity. Blindspotter reveals all new deviations from normal operation in a well-prioritized dashboard. With advanced monitoring across every aspect of an IT system, Blindspotter prevents sensitive and critical data from potential security breaches, from both internal and external attackers.

The solution works by collecting and analyzing user-related events and user session activity in real-time or near real-time. It then compares every action to the corresponding baseline of users and their peers to spot anomalies in their behavior – such as an administrator logging in outside of their normal hours. Blindspotter is even capable of detecting abnormality on the level of issued commands. This means that, if a system administrator uses a command that is different from the generally used command set, Blindspotter will alert the security team. Once this has been detected, Blindspotter can automatically react to minimize the impact of any threat.

Team Experience & Contact:

Balabit Zoltán Györkő

Zoltán Györkő, Co- founder and Chief Executive Officer
Zoltán Györkő (1976), co-founder of the company was named CEO of BalaBit on 1 September 2012. Györkő has been a member of the board since the company was founded twelve years ago, and has held the position of Business Development Director for the past six years. Györkő has extensive leadership experience and a deep knowledge of IT security market as he was responsible for developing BalaBit’s global partner network as well as the sales and marketing organization. Today BalaBit is active in 30 countries through its 80 partners. In 2006, the company opened its first international subsidiary in Germany, since then it has established local offices in France, Italy, Russia and in the USA. In 2009, BalaBit was included in the Deloitte Technology Fast 500 EMEA list of companies growing most rapidly in Europe, Middle-East and Africa, and in the Deloitte Technology Fast 50 Central Europe list in 2013, 2012, 2010 and 2009. Zoltán Györkő studied computer engineering at Pannonia University, Veszprém. He started his career as a system engineer, and was soon appointed project manager at BalaBit. Additionally, he had been the leader of the Hungarian Linux User Group for 3 years.

BalaBit Balázs Scheidler

Balázs Scheidler, Co- founder and CTO:
Balázs Scheidler (1977), co-founder and Development Director of the company and the inventor of BalaBit's leading technology products. Due to his development approach, the company’s whole product line is known as best-of-breed technology products world-wide. Scheidler playes an active role in the development of industry standards as a member of the IETF (Internet Engineering Task Force) logging working group. Balázs Scheilder held the position of CEO and Development Leader since he co-founded the company in 2000, and has been named Development Director to a newly created position on 1 September 2012 to increase his and the company’s focus on development and preserve BalaBit’s technology leadership in its core technologies. Balázs Scheidler earned a degree in computer engineering from Pannonia University, Veszprém. As the initiator of numerous Linux related projects, he is regarded by members of the open source community as subject matter expert. He is often invited to present at international events and conferences

BalaBit:
Balabit – headquartered in Luxembourg – is a European IT security innovator, specialized in advanced monitoring technologies. It is a global player of the development of privileged activity monitoring, trusted logging, proxy-based gateway and user behavior analytics technologies. BalaBit is a fast-growing IT security vendor that was founded in 2000. The company is widely-known for syslog-ng™, its open source log management solution, used by more than a million installations worldwide. This significant user base provides a solid ground for the business expansion which is fueled by Shell Control Box™, a pioneering development for the rapidly-growing niche of privileged activity monitoring market. BalaBit has customers all over the world including 23 Fortune 100 companies. Today, the company employs more than 200 people – 60% of them are developers and system engineers – but it is growing fast both in terms of employees and revenue. In 2014, we had around $15 million in total revenue. We have sales offices in France, Germany, Hungary, Russia, in the UK and the United States and partners in 40+ countries.The number of commercial customers is between 800-900 companies. Approximately half of them are SCB customers.

Contact for clients, partners and press:

Balabit Tongerloo

Yves van Tongerloo

Balabit Headquarters
5, Rue Heienhaff 2nd Floor (wing E)
L-1736 Senningerberg
•Tel: +352 284878 2047
•Fax: +352 284878 2000
•URL: www.balabit.com

Original Source: https://www.balabit.com/network-security/blindspotter

Getting Started

Which type of company are you? Choose one of the options below and get a head-start.

Framework Overview

Navigate through the different parts of the Framework

leeg