KuppingerCole Report
Executive View
By Alexei Balaganski

Balabit Blindspotter

Blindspotter is a real-time analytics solution, which identifies external and internal security threats by detecting anomalies in user behavior.

1 Introduction

Balabit IT Security is an international information security vendor headquartered in Luxembourg. Founded in 2000 in Hungary, the company still maintains their research and development centers there; however, with multiple sales offices in Europe, US and Russia and a large partner network it has a strong global market presence. Above all, the company is widely known for their flagship product syslog-ng, the de-facto standard log management tool for Unix-like platforms, which is used in over a million installations around the world, as well as its commercial counterpart syslog-ng Premium Edition. Another key area of Balabit’s expertise is Privilege Management (PxM), and the company offers a specialized privileged activity monitoring solution called Shell Control Box.

Blindspotter is the latest addition to the company’s portfolio, released in 2015 as a solution for real-time user behavior analysis to help identify unknown threats and suspicious activities within corporate networks. This development logically follows the latest information security trends, as well as Balabit’s own CSI (contextual security intelligence) concept, which states that additional levels of security controls that restrict business performance should be avoided and more efficient monitoring tools should be deployed instead.

With eroding network perimeters and an ever growing number of sophisticated attacks combining vulnerability exploits with social engineering, users (or rather their identities) have become the most critical part of a company’s security infrastructure. Since traditional pattern-based security tools cannot provide protection against such threat vectors like phishing attacks or actions of malicious insiders, utilizing correlation analysis to look for anomalies in user behavior and thus detecting previously unknown suspicious activities remains the only feasible approach to this problem.

The initial release, which we reviewed back in September 2015, already demonstrated great potential. Its flexible and extensible architecture enables both high scalability and integration with a large number of third party security solutions. Pluggable connectors along with an API stack for custom development ensure that data from a large number of sources can be correlated, and an impressive number of supported analysis methods goes far beyond a typical product based on a commodity framework like Apache Hadoop.

The latest version, released in March 2016, has incorporated several new developments in the field of real-time security intelligence, such as detection of scripted activities to reveal accounts hijacked by malware or hacking tools, as well as biometric analysis of mouse movements and keystroke dynamics, and improved screen content analysis to analyze user activities in Windows environments.

Naturally, Blindspotter is tightly integrated with Balabit’s own Log Management and Privileged Monitoring solutions and additionally supports a large number of other data sources, such as leading IAM solutions, cloud applications or any other source via a standard API or custom-developed plugin. Thus, Blindspotter is a key component of the company’s Contextual Security Intelligence Suite, an integrated Real-time Security Intelligence Platform providing detection and protection from advanced persistent threats, VIP account misuse and data leaks.

2 Product Description

Balabit Blindspotter is a real-time analytics solution, which can identify external and internal security threats by detecting anomalies in user behav ...

Login Get full Access

3 Strengths and Challenges

By combining a flexible, extensible architecture with broad range of innovative user behavior analysis and correlation methods and relying on their ex ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.