The number and sophistication of attacks on enterprise networks, applications, and APIs has increased as intruders gain technical acumen and advanced tool kits. Many attackers are now able to maintain and sustain determined efforts to steal data and disrupt business. With such a high number of alerts being generated by today’s security systems, security professionals find themselves stretched too thin to respond to the avalanche of alerts, some of which are more critical than others.
So, how do IT professionals identify the alerts that require immediate attention?
It’s all about the patterns.
Security systems create alerts for countless abnormalities, but understanding when a suspicious alert is an actual threat is far more complex. Attack Analytics, by Imperva, is the key to understanding the alerts generated by your Web Application Firewall and prioritizing incidents that need investigation and remediation.
Imperva Attack Analytics has always leveraged machine learning algorithms to distill the millions of events taking place around the world. We’re now taking our expertise one step further with the introduction of Actionable Insights.
With Actionable Insights, Imperva ensures that we provide an additional layer of incident analysis plus recommended actions that improve your security posture. Actionable Insights take a unique approach to analyzing threats in the customer’s environment. We do this automatically, using machine learning algorithms that examine your WAF settings together with additional information gathered by our security research team and Imperva’s wider global customer base. Attack Analytics is uniquely positioned to generate such insights and provide you with recommended actions for blocking acute security holes in your WAF configuration.
How Attack Analytics Insights Work
Image 1: High-level diagram illustrating the wider community in parallel to user accounts to feed our machine learning algorithms that provide the actionable insights.
There are currently two significant ways in which Attack Analytics provides you with Actionable Insights.
Identification of Misalignment in a Site’s Configuration
This is often seen as a scenario in which the majority of your sites are configured to block threats, while a small portion are configured for alert only. Attack Analytics will identify when this has happened and correlate between the misconfiguration and an actual attack that was perpetrated on these sites. Based on this data, Attack Analytics then generates an insight to pin-point the misconfiguration in the attacked site and any additional sites with a similar misconfiguration that have not yet been attacked.
Image 2: Diagram illustrating the challenges of keeping a multitude of sites configured and aligned. Allowing our insight identification to take place with recommended actions.
Identification of Widely Open Whitelisted IP Ranges
When a customer whitelists a specific IP or range of IPs, they can inadvertently allow a malicious IP to penetrate the cloud WAF defense. Because IPs on the web are dynamically allocated to specific entities, an IP could be allocated to a malicious source or attacker taking over a legitimate entity. Whitelisting IPs without careful monitoring can expose you to risk. This is why we monitor our customers around the globe through crowdsourcing to ensure that we’re on top of attacks carried out elsewhere by hackers through the same IPs. When Attack Analytics detects this, we’ll alert you that this IP range needs further investigation and that your site could become compromised.
Image 3: This insight protects you, the customer, by warning about potentially dangerous whitelists that include known malicious IP addresses that should be excluded.
If you’re an existing Attack Analytics customer, log into your account today and check whether our system has identified any insights for you. If so, review the recommended suggestions from our experts and, if relevant, follow the recommendations. If you’re not currently an Imperva customer or would be interested in learning more, request a demo.
Take this opportunity to escape alert fatigue and join those around the world uncovering actionable ways to further protect their digital assets.