Balabit, now One Identity
Blindspotter from Balabit, now One Identity
Monitoring tool that uses real-time user behavior analytics for the identification of internal & external attackers
Most Anti-Virus and monitoring solutions can only detect events or attacks that they recognize. While heuristics can extend the capabilities of these security tools to detect polymorphic viruses or previously unseen attacks using similar patterns, it cannot address previously unknown attack techniques as it is not feasible or simply not possible to create heuristics, or “universal” patterns, for such cases
By utilizing different machine learning algorithms, Blindspotter detects unusual behavior, anomalies which have been previously unknown. Machine learning algorithms work autonomously and learn about user behavior. This way they can cover the blind spots of legacy technologies and not just identify anomalies, but also provide intelligence and reasoning why a spotted activity is considered an anomaly. Blindspotter collects user related events and user session activity in real-time or near real-time, it then compares each and every action to the corresponding baseline of users and their peers to spot anomalies in their behavior. Malicious user activity can appear completely normal when investigated from a certain point of view. Detecting the anomaly might require a particular point of view. By utilizing multiple algorithms, Blindspotter can view actions from many different perspectives and detect otherwise hidden anomalies.