Beruflich Dokumente
Kultur Dokumente
DA T A SH E E T
1
D ATASHE E T
Database name
Suspicious Application Data Access User identity Table name
Flags interactive (non-application) users that Client IP Data sensitivity
directly accesses sensitive application table Server IP Schema
data on a database. Client app SQL operation
SQL operation type
File operation
File path
Slow Rate File Access
User identity File name
Pinpoints users that access or copy a certain
User department Folder type
number of files at an unusually slow rate.
File share name
Operation response time
2
D ATASHE E T
the riskiest users, client CounterBreach Deception Tokens detect endpoints compromised by cybercriminals.
Once an endpoint is compromised, the threat moves directly from the outside to the
hosts and servers so inside of the organization. This deterministic identification of compromised endpoints
adds additional context to CounterBreach Behavior Analytics.
that security teams can
This patented deception technology lures attackers at the earliest stage of an attack
prioritize the most with fictitious information tokens that bad actors probe for upon gaining access to the
serious incidents. internal network. Deception tokens include fictitious database credentials, shortcuts to
seemingly enticing files and web browser cookies. Deception tokens – which are entirely
passive -- are planted on user workstations and appear authentic to the organization
Key Capabilities and to hackers. Once an attacker attempts to use a Deception Tokens to access data
repositories, CounterBreach flags the incident in real-time. The tokens are deterministic
• Detect critical data misuse
in nature, so security teams can ensure that the alerts generated are highly accurate and
• Accelerate incident response time
indicate deliberate intention to access and steal enterprise data.
• Simplify investigations
The CounterBreach dashboard aggregates threat indicators across all enterprise data.
3
D ATASHE E T
Simplify Investigations
Security teams can analyze the data access behavior of particular users with the user
dashboard. With a consolidated view into database, file and cloud app activity, security
analysts have a full picture of the user’s data access across the organization. Security
teams can investigate incidents and anomalies specific to the individual, and then drill
down to the behavior profile to the view baseline of typical user activity and compare
a given user with that user’s peer group.
The CounterBreach
incident screen shows
critical data access
anomalies prioritized from
critical to low severity.
The CounterBreach user screen provides an at-a-glance look at individual access to enterprise data
and highlights risky user behavior. 4
D ATASHE E T
Learn
Monitor Contain
and Detect
Databases and
File Servers
Users
Cloud-based Apps
Monitor
Imperva data protection solutions directly monitor all user access to data repositories
on-premise or in the cloud. SecureSphere provides visibility into which users access
database and file servers, giving IT organizations insight into the ‘who,’ ‘what’ and
CounterBreach integrates ‘when’ of access to sensitive information. Skyfence continuously monitors user uploads,
downloads and sharing of sensitive data within cloud-based apps such as Office 365,
with Imperva SecureSphere
Salesforce and Box.
and Imperva Skyfence to
Learn and Detect
pinpoint critical anomalies
CounterBreach combines Imperva expertise in monitoring and protecting data with
that indicate misuse of advanced machine learning to uncover dangerous user data access activity. Based on
enterprise data granular inputs from SecureSphere and Skyfence, CounterBreach develops a behavioral
baseline of typical user data access and then detects critical deviations from the norm.
CounterBreach proactively flags these dangerous actions for immediate investigation.
Contain
With the CounterBreach solution, security teams can contain potential data leaks before
they become major events. Once dangerous anomalies are detected, enterprises can
quickly quarantine risky users in order to proactively prevent or contain data breaches.
5
D ATASHE E T
Licensed
Windows
Deception
2 4 GB 40 GB 2012 R2 NTFS
Target Server3
Server
64bit
1
The Admin Server is required for Behavior Analytics and Deception Tokens. Imperva will deliver software on
pre-configured virtual appliances with the specifications shown above.
2
Imperva will deliver software on pre-configured virtual appliances with the specifications shown above.
3
Imperva will deliver Deception Target software to customers via an installer. A virtual machine with the
specifications show above must be provided by the customer.
Supported Platforms
© 2016, Imperva, Inc. All rights reserved. Imperva, the Imperva logo, SecureSphere, Incapsula, Skyfence, CounterBreach 6
and ThreatRadar are trademarks of Imperva, Inc. and its subsidiaries. All other brand or product names are trademarks
or registered trademarks of their respective holders. DS-CounterBreach_Overview-0316-rev1
imperva.com