• Overview
  • System Requirements
  • Supported Platforms
  • Uncover Malicious, Careless and Compromised Users

    Imperva CounterBreach protects enterprise data stored in databases, file shares and SaaS applications from the theft and loss caused by malicious, careless and compromised users. Accurately identifying potential data breaches requires deep contextual understanding of not just user activity, but the data users access and how they access it. With CounterBreach, security teams can quickly discern between malicious and normal data access events so they can immediately identify and act upon risky behavior.

    Detect and Mitigate Insider Threats with Imperva CounterBreach

    Key Features

    • Detect Dangerous User Data Access

      CounterBreach Behavior Analytics uses machine learning and peer group analytics to automatically uncover anomalous data access events. This establishes a full contextual baseline of typical user access to database tables, files stored in file shares and objects stored in cloud apps, and then detects and prioritizes anomalous activity. Combining an expert understanding of users and how they access data equips enterprises with the context and accuracy required to detect data breach incidents. Download the datasheet to learn more.

    • Pinpoint Compromised Endpoints

      CounterBreach Deception Tokens detect endpoints compromised by cybercriminals. This patented deception technology lures attackers at the earliest stage of an attack with fictitious information tokens that bad actors probe for upon gaining access to the internal network. Deception tokens include fictitious database credentials, shortcuts to seemingly enticing files, and web browser cookies. This deterministic identification of compromised endpoints adds additional context to CounterBreach Behavior Analytics.

    • Quickly Respond to Incidents
      Dashboard

      CounterBreach spotlights the riskiest users, client hosts and servers so that IT staff can prioritize the most serious data access incidents. Security teams can efficiently investigate the most worrisome data access events by filtering open incidents by severity, and then take a deeper look into a specific incident to view granular information about the user and the data that was accessed.

    • Get the Full Picture of User Data Access Across the Organization
      User Screen

      With CounterBreach, security teams can analyze the data access behavior of particular users with a consolidated view into database, file and cloud app activity. This allows security teams to investigate incidents and anomalies specific to the individual, view the baseline of typical user activity and compare a given user with that user's peer group.

  • CounterBreach Prerequisites

    CounterBreach requires a current version of one of the following Imperva products performing monitoring and containment functions: SecureSphere Database Activity Monitor, Database Firewall, File Activity Monitor and File Firewall. Additionally, Imperva Skyfence can be integrated with any CounterBreach deployment.

    CounterBreach Virtual Appliances

    CounterBreach is deployed as virtual appliances that are simple to deploy and do not interfere with existing SecureSphere or Skyfence implementations.

    Minimum Requirements per Physical Host
      Admin Server1 Analytics Server2 Deception Sensor Admin Server2 Deception Sensor Server2 Deception Target Server3
    Hypervisor Dual-core server Intel VTx or AMD-V
    Processor VMWare ESX/ESXi 4.x/5.x/6.x
    Minimum Requirements for each Guest Virtual Appliance
    CPU 2 4 2 2 2
    Memory 4 GB 16 GB 4 GB 4 GB 4 GB
    Disk Space 50 GB 500 GB 160 GB 40 GB 40 GB
    Operating System Windows 2012 R2 Server 64bit
    File System NTFS

    1 The Admin Server is required for Behavior Analytics and Deception Tokens. Imperva will deliver software on pre-configured virtual appliances with the specifications shown above.
    2 Imperva will deliver software on pre-configured virtual appliances with the specifications shown above.
    3 Imperva will deliver Deception Target software to customers via an installer. A virtual machine with the specifications show above must be provided by the customer.

  • Supported Platforms

    CounterBreach Behavior Analytics
    Database Platforms
    • Oracle
    • Microsoft SQL Server
    • DB2 for LUW
    File Systems
    • CIFS file storage systems
    • NAS devices
    File Operating Systems
    • Microsoft Windows Server
    Cloud applications
    • All apps supported by Skyfence including Office 365, AWS, Salesforce, Google Apps, Box, Dropbox, NetSuite, Workday, Microsoft Azure and more.
    SIEM
    • Splunk, ArcSight
    CounterBreach Deception Tokens
    Endpoint Operating Systems
    • Windows 7
    Software Distribution System
    • Microsoft SCCM
    SIEM
    • Splunk, ArcSight