KuppingerCole Report
Executive View
By Alexei Balaganski

Balabit Contextual Security Intelligence Platform

Contextual Security Intelligence is a new IT security concept, which states that additional levels of security controls restricting business performance should be avoided and replaced with more efficient monitoring tools. Balabit’s CSI Platform combines Log Management, Privileged Activity Monitoring, and User Behavior Analytics into an integrated real-time security intelligence platform.

1 Introduction

Balabit is an international information security vendor headquartered in Luxembourg. Founded in 2000 in Hungary, the company still maintains their research and development centers there; however, with multiple sales offices in Europe, US and Russia and a large partner network it has a strong global market presence. The company is widely known for their flagship product syslog-ng, a de-facto standard syslog server for various Unix-like platforms, which is used in over a million installations around the world. This impressive user base allows the company to expand into other areas of security intelligence with products like Shell Control Box, an activity monitoring appliance for controlling and recording privileged access to remote IT systems, and Blindspotter, a privileged user behavior analytics product.

With the number of mobile devices growing exponentially, increased adoption of managed services in the cloud and, of course, a broad number of new communications channels with business partners, external contractors and even customers emerging within the new connected enterprise, the traditional notion of corporate network perimeter is eroding. The focus of information security is thus from perimeter protection towards detection and defense against threats within corporate networks.

The number of external and internal attacks has also increased significantly. These attacks usually combine technical attack surfaces like vulnerability exploits with social engineering, and thus are completely invisible to traditional perimeter security tools. Arguably, user identities have now become the most critical component of a corporate security infrastructure. For the vast majority of recent high-profile data breaches, privileged user credentials have been the primary reason for data loss. Even more than accounts hijacked by hackers, legitimate privileged users such as IT administrators abusing their privileges can cause immense damage and then cover up their tracks by manipulating server logs.

Although Balabit, like a number of their competitors, offers several products to address these challenges, by now it should be clear that standalone solutions often cannot provide adequately quick detection and reliable mitigation for Advanced Persistent Threats, which usually involve multiple attack vectors and consist of several covert stages. An integrated platform capable of collecting intelligence information from multiple sources and then correlating both real-time and historical data is needed to withstand modern APT attacks. Such a platform must utilize Big Data and machine learning algorithms to reduce a huge number of detected security events to a small number of actionable alerts clearly ranked by their risk level.

KuppingerCole has been writing about this paradigm shift for years using the term “Real Time Security Intelligence” . Balabit has named their approach Contextual Security Intelligence (CSI), defined as a concept, which states that additional levels of security controls restricting business performance should be avoided and replaced with more efficient monitoring tools.

Both the concept and the company’s implementation of it in the form of Balabit CSI Platform align very strongly with KuppingerCole’s vision of the next-generation of security analytics solutions.

2 Product Description

Balabit’s Contextual Security Intelligence in its conceptual form is an approach towards improving information security through advanced monitoring ...

Login Get full Access

3 Strengths and Challenges

With their Contextual Security Intelligence concept, Balabit offers an interesting take on the next-generation real-time security analytics, which Kup ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.