Behavior Analytics
Data breaches are difficult to detect because security team is often drowning in alerts. Imperva CounterBreach uses machine learning and analytics to identify suspicious data access and prioritize threats. By distilling millions of alerts, Imperva allows you to focus on high-risk incidents.
Automatically uncover dangerous user data access
CounterBreach uses machine learning to automatically uncover unusual data activity, surfacing actual threats before they become breaches. How? It first establishes a baseline of typical user access to database tables and files, then detects, prioritizes, and alerts you to abnormal behavior.
See exactly what data your users touch
With CounterBreach, you can analyze the data access behavior of particular users with a consolidated view of their database and file activity. Investigate incidents and anomalies specific to the individual, view the baseline of typical user activity, and compare a given user with that user’s peer group.
Quickly assess the security of your data stores
CounterBreach spotlights highest risk users and assets so that you can prioritize the most serious data access incidents. Investigate events by filtering open incidents by severity, then take a deeper look into specific incident details about the user and the data that was accessed.
Detect careless, compromised, and malicious users
Detecting insider threats goes beyond users that are compromised. Users who are malicious or careless have legitimate access to enterprise data, and are difficult to identify without granular visibility into the exact data that users are accessing. Imperva CounterBreach identifies them.
Simplify and optimize your SIEM feed
Just a few moderate sized databases can generate terabytes of raw log data per day. Multiply this by 10s or 100s of databases and your costs to capture and store this info grow exponentially. CounterBreach automatically processes data access logs and sends only high priority incidents to your SIEM.
How CounterBreach Detects Risky User Behavior
User and data profiling
CounterBreach detects careless, compromised and malicious insiders by independently profiling both users and data, rather than just user activity. By analyzing from both perspectives, CounterBreach detects the truly worrisome incidents that warrant your attention.
Dynamic peer group analysis
Sometimes you really do need to know what your peers are up to. To understand risky user behavior, it’s important to identify the true peer groups across the enterprise. Using Dynamic Peer Group Analysis technology, CounterBreach automatically learns how users across your organization access enterprise files and places them into “virtual” working groups. Once peer groups are identified, CounterBreach flags risky file access from unrelated individuals.
Data access domain expertise
CounterBreach machine learning technology accurately identifies insider threats by leveraging algorithms that are tailored to identify abusive data access. The solution establishes a behavioral baseline by analyzing granular user-centric details (such as user identity and client IP) and data-centric details (such as table name and SQL operation).
Dimensionality reduction
To accurately identify breaches, every data access needs to be captured and analyzed. Imperva monitors every transaction with minimal impact to production databases, and uses dimensionality reduction techniques to process billions of events per day on a single CounterBreach server.
Specifications and System Requirements
| COUNTERBREACH BEHAVIOR ANALYTICS | |
|---|---|
| Database Platforms |
|
| File Systems |
|
| File Operating Systems |
|
| Syslog Formats Supported |
|
| SIEM integration |
|
Related Content
Key Resources
-
Imperva CounterBreach
Read datasheet › -
Imperva Data Security
Read solution brief › -
Imperva FlexProtect
Read datasheet ›
