Extending CounterBreach Intelligence to Cloud Apps

Imperva CounterBreach protects enterprise data from theft and loss due to compromised, malicious, and careless users.

The integration of Forcepoint CASB with CounterBreach extends an organization's anomaly and threat detection capabilities to cloud applications—enabling detailed information on inappropriate or abusive cloud data access activity within CounterBreach.

CounterBreach Dashboard
Forcepoint CASB feeds cloud app access information to Imperva CounterBreach.

Key Capabilities

  • View All Anomalies at a Glance
    CounterBreach Dashboard of Incidents
    View data access incidents of varying severity.

    Forcepoint CASB highlights specific anomalies that warrant remediation, including:

    • Anomalous account activity: User accesses non-typical application object using a non-typical endpoint from a non-typical location
    • Brute force attack: Too many unsuccessful logins within a short time period from a single IP address to a user account
    • Distributed brute force attack: Too many unsuccessful logins within a short time period from multiple IP addresses to a user account
    • Session hijacking: Identical web session cookies were simultaneously used by two or more endpoints
    • Suspicious data export size: Total volume of downloaded data within the configured timeframe exceeds the defined threshold
  • Accelerate Incident Response Time
    CounterBreach Dashboard Details of Incidents
    See the details of specific incidents so you can choose the appropriate remediation measure.

    Security teams can efficiently investigate high-risk cloud app access activity by filtering open incidents by date, severity, user, etc. Admins can then drill down into specific incidents to view information on:

    • Account details (User type, Account name, Geographic location)
    • User activity in question
    • Endpoint device details (OS, device type, hostname, IP)
    • Account name
    • Service details (Cloud app accessed, Service location)
    • Applicable Forcepoint CASB mitigation policy

    Learn more about the Forcepoint CASB.