Uncover Malicious, Careless and Compromised Users

System Requirements


CounterBreach Prerequisites

CounterBreach requires a current version of one of the following Imperva products performing monitoring and containment functions: SecureSphere Database Activity Monitor, Database Firewall, and File Firewall.


CounterBreach Virtual Appliances

CounterBreach is deployed as virtual appliances that are simple to deploy and do not interfere with existing SecureSphere implementations.

Supported Platforms

  • Imperva CounterBreach protects enterprise data stored in databases and file shares from the theft and loss caused by malicious, careless and compromised users. Accurately identifying potential data breaches requires deep contextual understanding of not just user activity, but the data users access and how they access it. With CounterBreach, security teams can quickly discern between malicious and normal data access events so they can immediately identify and act upon risky behavior.

    Detect and Mitigate Insider Threats with Imperva CounterBreach

    Key Features

    • Detect Dangerous User Data Access

      CounterBreach Behavior Analytics uses machine learning to automatically uncover anomalous data access events. This establishes a full contextual baseline of typical user access to database tables and files stored in file shares, and then detects and prioritizes anomalous activity. Combining an expert understanding of users and how they access data equips enterprises with the context and accuracy required to detect data breach incidents. Download the datasheet to learn more.

    • Quickly Respond to Incidents

      CounterBreach spotlights the riskiest users, client hosts and servers so that IT staff can prioritize the most serious data access incidents. Security teams can efficiently investigate the most worrisome data access events by filtering open incidents by severity, and then take a deeper look into a specific incident to view granular information about the user and the data that was accessed.

    • Get the Full Picture of User Data Access Across the Organization
      User Screen

      With CounterBreach, security teams can analyze the data access behavior of particular users with a consolidated view into database and file activity. This allows security teams to investigate incidents and anomalies specific to the individual, view the baseline of typical user activity and compare a given user with that user's peer group.

  • Minimum Requirements per Physical Host
      Admin Server1 Analytics Server2
    Hypervisor Dual-core server Intel VTx or AMD-V
    Processor VMWare ESX/ESXi 4.x/5.x/6.x
    Minimum Requirements for each Guest Virtual Appliance
    CPU 2 4
    Memory 4 GB 16 GB
    Disk Space 50 GB 1 TB

    1 The Admin Server is required for Behavior Analytics. Imperva will deliver software on pre-configured virtual appliances with the specifications shown above.
    2 Imperva will deliver software on pre-configured virtual appliances with the specifications shown above.

  • CounterBreach Behavior Analytics
    Database Platforms
    • Oracle
    • Microsoft SQL Server
    • DB2 for LUW
    • Sybase ASE
    File Systems
    • CIFS file storage systems
    • NAS devices
    File Operating Systems
    • Microsoft Windows Server
    Syslog Formats Supported
    • CEF
    • LEEF
    • Raw
    SIEM integration
    • Splunk, ArcSight