• Overview
  • System Requirements
  • Supported Platforms
  • Uncover Malicious, Careless and Compromised Users

    Imperva CounterBreach protects enterprise data stored in databases, file shares and SaaS applications from the theft and loss caused by malicious, careless and compromised users. Accurately identifying potential data breaches requires deep contextual understanding of not just user activity, but the data users access and how they access it. With CounterBreach, security teams can quickly discern between malicious and normal data access events so they can immediately identify and act upon risky behavior.

    Detect and Mitigate Insider Threats with Imperva CounterBreach

    Key Features

    • Detect Dangerous User Data Access

      CounterBreach Behavior Analytics uses machine learning and peer group analytics to automatically uncover anomalous data access events. This establishes a full contextual baseline of typical user access to database tables, files stored in file shares and objects stored in cloud apps, and then detects and prioritizes anomalous activity. Combining an expert understanding of users and how they access data equips enterprises with the context and accuracy required to detect data breach incidents. Download the datasheet to learn more.

    • Quickly Respond to Incidents

      CounterBreach spotlights the riskiest users, client hosts and servers so that IT staff can prioritize the most serious data access incidents. Security teams can efficiently investigate the most worrisome data access events by filtering open incidents by severity, and then take a deeper look into a specific incident to view granular information about the user and the data that was accessed.

    • Get the Full Picture of User Data Access Across the Organization
      User Screen

      With CounterBreach, security teams can analyze the data access behavior of particular users with a consolidated view into database, file and cloud app activity. This allows security teams to investigate incidents and anomalies specific to the individual, view the baseline of typical user activity and compare a given user with that user's peer group.

  • CounterBreach Prerequisites

    CounterBreach requires a current version of one of the following Imperva products performing monitoring and containment functions: SecureSphere Database Activity Monitor, Database Firewall, File Activity Monitor and File Firewall. Additionally, Imperva Skyfence can be integrated with any CounterBreach deployment.

    CounterBreach Virtual Appliances

    CounterBreach is deployed as virtual appliances that are simple to deploy and do not interfere with existing SecureSphere or Skyfence implementations.

    Minimum Requirements per Physical Host
      Admin Server1 Analytics Server2
    Hypervisor Dual-core server Intel VTx or AMD-V
    Processor VMWare ESX/ESXi 4.x/5.x/6.x
    Minimum Requirements for each Guest Virtual Appliance
    CPU 2 4
    Memory 4 GB 16 GB
    Disk Space 50 GB 500 GB

    1 The Admin Server is required for Behavior Analytics. Imperva will deliver software on pre-configured virtual appliances with the specifications shown above.
    2 Imperva will deliver software on pre-configured virtual appliances with the specifications shown above.

  • Supported Platforms

    CounterBreach Behavior Analytics
    Database Platforms
    • Oracle
    • Microsoft SQL Server
    • DB2 for LUW
    File Systems
    • CIFS file storage systems
    • NAS devices
    File Operating Systems
    • Microsoft Windows Server
    Cloud applications
    • All apps supported by Skyfence including Office 365, AWS, Salesforce, Google Apps, Box, Dropbox, NetSuite, Workday, Microsoft Azure and more.
    • Splunk, ArcSight