Extending CounterBreach Intelligence to Cloud Apps
Imperva CounterBreach protects enterprise data from theft and loss due to compromised, malicious, and careless users.
The integration of Forcepoint CASB with CounterBreach extends an organization's anomaly and threat detection capabilities to cloud applications—enabling detailed information on inappropriate or abusive cloud data access activity within CounterBreach.
Forcepoint CASB feeds cloud app access information to Imperva CounterBreach.
View All Anomalies at a Glance
View data access incidents of varying severity.
Forcepoint CASB highlights specific anomalies that warrant remediation, including:
- Anomalous account activity: User accesses non-typical application object using a non-typical endpoint from a non-typical location
- Brute force attack: Too many unsuccessful logins within a short time period from a single IP address to a user account
- Distributed brute force attack: Too many unsuccessful logins within a short time period from multiple IP addresses to a user account
- Session hijacking: Identical web session cookies were simultaneously used by two or more endpoints
- Suspicious data export size: Total volume of downloaded data within the configured timeframe exceeds the defined threshold
Accelerate Incident Response Time
See the details of specific incidents so you can choose the appropriate remediation measure.
Security teams can efficiently investigate high-risk cloud app access activity by filtering open incidents by date, severity, user, etc. Admins can then drill down into specific incidents to view information on:
- Account details (User type, Account name, Geographic location)
- User activity in question
- Endpoint device details (OS, device type, hostname, IP)
- Account name
- Service details (Cloud app accessed, Service location)
- Applicable Forcepoint CASB mitigation policy