Balabit, best known as “the creator of syslog-ng,” announced the release of Blindspotter version 2016.03 at the RSA Conference in San Francisco.
The new version of its User Behavior Analytics (UBA) solution features several new and unique machine learning algorithms that help security teams to quickly identify hijacked accounts or discover forbidden account sharing, thereby avoiding large-scale data breaches or compliance problems.
Blindspotter not only reveals previously unknown threats, but also precisely visualizes them, enabling organizations to dramatically reduce the time to discover, investigate and respond to insider and outsider threats.
Key new features:
Detection of system accounts used by humans and personal accounts used by scripts
System accounts used by humans, shared accounts and personal accounts used by scripts are typical red flags of potential security risks for the company. When an attacker gains access to stored credentials used by a script, particularly if those are the credentials of a privileged account, this can lead to a large-scale data breach. Blindspotter is able to distinguish between human and automated activity and allows the security team to discover the misuse of personal or service accounts.
Screen content analysis
Based on the technology of Shell Control Box, Balabit’s market leading activity monitoring solution, Blindspotter has already been able to analyze commands issued in SSH and Telnet administrative sessions and find potentially risky activities. In version 2016.03, this capability is extended to Windows users (including both privileged and business users) using the Remote Desktop Protocol (RDP). By analyzing the textual content seen in graphical protocols on the screen, hijacked accounts and malicious insiders can also be found in a mainly Windows-oriented environment.
Biometric analysis of user input
The way we interact with our computers is part of our digital fingerprint and the dynamics of our keystrokes and our mouse usage patterns identify us just as well as our signature does. With this latest version, Blindspotter is able to analyze keystroke and mouse movement patterns and identify cases when an account is used by someone else, other than the authenticated user. Biometric analysis provides a new way of authentication: on one hand, it relies on something the user is instead of something they know or something they have. Also, instead of a one-off authentication at the beginning of the session it provides a continuous verification of identity. The new features help security teams to quickly identify hijacked accounts or discover forbidden account sharing even if attackers managed to pass the first line authentication – thereby avoiding large-scale data breaches or compliance problems.
Blindspotter, a key component of Balabit’s Contextual Security IntelligenceTM (CSI) Suite Blindspotter is integrated with the company’s system and application Log Management and Privileged User Monitoring tools and is able to ingest data from various additional sources such as leading SIEM and IAM solutions, LDAP/AD information, cloud apps and other data sources.
Working in conjunction, the CSI Suite helps save costs, provides value for compliance audits and support business continuity by Security Risk Assessment and Policy Enforcement.
“Besides the existing set of several sophisticated machine learning algorithms, the new release of Blindspotter further improves behavior analysis by adding the capability of detecting scripted activity on accounts and by performing a biometric analysis of keystroke dynamics and mouse movements,” said Péter Gyöngyösi, Product Manager of Blindspotter at Balabit.
“Blindspotter enables CIOs and CSOs to get a comprehensive, unique visualization of their IT ecosystem. Gaining a better understanding on how IT services are used by specific users or user groups, IT professionals can get immediate, actionable and tangible insight. Overall, Blindspotter improves IT decisions, helps optimize IT resources and business efficiency.”
If you’re wondering why companies need User Behavior Analytics, find the answer here.