Insider Threats: How Imperva CounterBreach is winning the war with data context

HII_Insider_Insight_Image-1

Insider Threats have been elusive for enterprises to detect and contain given the complex nature of the problem – employees need free access to data to be productive, but they can also put enterprise data in a risky position. To date it’s been difficult, if not impossible, to differentiate normal data access activity from potentially harmful actions. Imperva CounterBreach is a game changer. CounterBreach hones in on suspicious activity and bubbles up what matters without creating a “death by alerts” situation for InfoSec teams. The Imperva Defense Center has been working with customers to validate the effectiveness of our technology. Here is what the Defense Center team was able to conclude from their extensive findings:

  • Every enterprise that participated in the design had some form of insider threat
  • Data context was the single most important factor in eliminating false positives
  • A layered approach is the key factor to accurately detecting insider threats

The March Hacker Intelligence Initiative Report: “Insiders: The Threat is Already Within” examines each of the enterprise environments in great detail. The results are astounding and clearly highlight the value of not only understanding the user, but also the granular details about the data users are accessing. Applying machine learning (CounterBreach Behavior Analytics) within the context of who accessed data, when the data was accessed, what data was accessed, and insights into peer group activity helps set accurate baselines. From there, CounterBreach detects critical deviations from the norm. Combining the positive security model of CounterBreach Behavior Analytics with the negative security of CounterBreach Deception Tokens resulted in 100% of the alerts being false positive free.

Imperva CounterBreach now generally available

Imperva CounterBreach protects enterprise data stored in enterprise databases, file shares and SaaS applications from the theft and loss caused by compromised, careless or malicious users. By dynamically learning users’ normal data access patterns and then identifying inappropriate or abusive access activity, CounterBreach proactively alerts IT teams to dangerous behavior. CounterBreach also uses deception technology to identify deterministically end-point devices that have been compromised by external attackers, adding additional context to user data access learning.

CounterBreach integrates with Imperva SecureSphere and file security solutions and Imperva Skyfence cloud access security broker to combat insider threats.

More information about CounterBreach is available here.

To access the March Hacker Intelligence Initiative Report: “Insiders: The Threat is Already Within,” please visit here.