The CSI Suite actively protects organisations from the threats posed by the misuse of high risk and privileged accounts as these offer the highest potential for attack. Through deep understanding of user activities, and the impact of those activities on entities across the enterprise, potential security threats can be discovered before data is breached or destroyed.
“Businesses are drowning in security. In response to increasing attacks, organisations adopt a defensive strategy that relies on a cycle of ever stronger pre-defined security controls” says Zolt?n Gy?rk?, CEO at Balabit. “The result is that business is unduly constrained, productivity is reduced and security teams are overwhelmed with alerts and change orders. In many organisations this approach actually weakens security as controls are bypassed and security events go undetected.”
Balabit offers a complementary approach. Instead of hand-cuffing privileged users through default-deny and continuous authentication rules, the CSI Suite operates on the principle of trust, but verify. It continuously monitors privileged user activity and gathers data in real-time from across the enterprise on the circumstances surrounding that activity.
Machine-learning and advanced algorithms are used to maintain a profile of normal user behaviour, and to identify anomalies that are potential security threats. In this way previously unknown threats can be prioritised and investigated with deep visibility into the circumstances surrounding the threat.
“Controls based on rules and pre-defined patterns alone cannot prevent today’s intelligent attackers” continues Gy?rk?. “Instead, we must equip businesses with the ability to quickly discover, investigate and respond to these threats. Our solutions do this without imposing additional layers of security on individual users. They operate transparently within the existing user workflow.”
The CSI Suite includes advanced user interfaces that allow security teams to see the threat landscape at a glance and drill down into the riskiest activities. Forensic level visibility of threats is delivered, including full search and video replay of privileged user activities.
