- System Requirements
- Supported Platforms
Uncover Malicious, Careless and Compromised Users
Imperva CounterBreach protects enterprise data stored in databases, file shares and SaaS applications from the theft and loss caused by malicious, careless and compromised users. Accurately identifying potential data breaches requires deep contextual understanding of not just user activity, but the data users access and how they access it. With CounterBreach, security teams can quickly discern between malicious and normal data access events so they can immediately identify and act upon risky behavior.
Detect and Mitigate Insider Threats with Imperva CounterBreach
Detect Dangerous User Data Access
CounterBreach Behavior Analytics uses machine learning and peer group analytics to automatically uncover anomalous data access events. This establishes a full contextual baseline of typical user access to database tables, files stored in file shares and objects stored in cloud apps, and then detects and prioritizes anomalous activity. Combining an expert understanding of users and how they access data equips enterprises with the context and accuracy required to detect data breach incidents. Download the datasheet to learn more.
Pinpoint Compromised Endpoints
CounterBreach Deception Tokens detect endpoints compromised by cybercriminals. This patented deception technology lures attackers at the earliest stage of an attack with fictitious information tokens that bad actors probe for upon gaining access to the internal network. Deception tokens include fictitious database credentials, shortcuts to seemingly enticing files, and web browser cookies. This deterministic identification of compromised endpoints adds additional context to CounterBreach Behavior Analytics.
Quickly Respond to Incidents
CounterBreach spotlights the riskiest users, client hosts and servers so that IT staff can prioritize the most serious data access incidents. Security teams can efficiently investigate the most worrisome data access events by filtering open incidents by severity, and then take a deeper look into a specific incident to view granular information about the user and the data that was accessed.
Get the Full Picture of User Data Access Across the Organization
With CounterBreach, security teams can analyze the data access behavior of particular users with a consolidated view into database, file and cloud app activity. This allows security teams to investigate incidents and anomalies specific to the individual, view the baseline of typical user activity and compare a given user with that user's peer group.
CounterBreach requires a current version of one of the following Imperva products performing monitoring and containment functions: SecureSphere Database Activity Monitor, Database Firewall, File Activity Monitor and File Firewall. Additionally, Imperva Skyfence can be integrated with any CounterBreach deployment.
CounterBreach Virtual Appliances
CounterBreach is deployed as virtual appliances that are simple to deploy and do not interfere with existing SecureSphere or Skyfence implementations.
Minimum Requirements per Physical Host Admin Server1 Analytics Server2 Deception Sensor Admin Server2 Deception Sensor Server2 Deception Target Server3 Hypervisor Dual-core server Intel VTx or AMD-V Processor VMWare ESX/ESXi 4.x/5.x/6.x Minimum Requirements for each Guest Virtual Appliance CPU 2 4 2 2 2 Memory 4 GB 16 GB 4 GB 4 GB 4 GB Disk Space 50 GB 500 GB 160 GB 40 GB 40 GB Operating System Windows 2012 R2 Server 64bit File System NTFS
1 The Admin Server is required for Behavior Analytics and Deception Tokens. Imperva will deliver software on pre-configured virtual appliances with the specifications shown above.
2 Imperva will deliver software on pre-configured virtual appliances with the specifications shown above.
3 Imperva will deliver Deception Target software to customers via an installer. A virtual machine with the specifications show above must be provided by the customer.
CounterBreach Behavior Analytics Database Platforms
- Microsoft SQL Server
- DB2 for LUW
- CIFS file storage systems
- NAS devices
File Operating Systems
- Microsoft Windows Server
- All apps supported by Skyfence including Office 365, AWS, Salesforce, Google Apps, Box, Dropbox, NetSuite, Workday, Microsoft Azure and more.
- Splunk, ArcSight
CounterBreach Deception Tokens Endpoint Operating Systems
- Windows 7
Software Distribution System
- Microsoft SCCM
- Splunk, ArcSight