Even with two-factor authentication, monitoring such privileged accounts is critical - ask Target or Home Depot what to meant to simply trust an account because it had been accessed using the correct credentials.
What marks BalaBit's design out from rivals is the idea that networks must move from a system of control based on static access approved by authentication events to one in which users - including admins themselves - can be kicked off if their actions breach certain thresholds. It's as if users are constantly authenticating themselves without ever achieving unconditional trust.
If this is the future, then it will be a world that comes with new complications of its own. Using behavioural monitoring and proxies offers the ability to monitor accounts in a global way rather than through the fragmented mess of systems used today. It still represents a major cultural change and requires admins to set the thresholds that won't generate an overload of false positives. There also has to be a model for response, be that termination of a user account or an immediate forensic investigation. Not everyone will find that easy to build into network control because it implies a lot of hands-on review.
Blindspotter is another example of the way machine learning is finding its way into more and more security products, usually to detect classes of anomaly that humans would either not be able to spot or would simply take too long to notice.
It also stands as a model of networks in which network users can never really be trusted at face value, no matter how much authentication is in place. Even the best authentication can be fooled but behaviour will always a final line of defence, the last moment before something changes from normal to abnormal. This is the world organisations must now adapt to or face the risk of becoming the next Target.
Source: CSO Australia
Sign up for CIO Asia eNewsletters.