Imperva Adds Active Attack Detection to its Data Security Platform

Protecting the data perimeter

Organizations are in constant pursuit of technology that provides rapid insight into threats. Early visibility, in combination with context-rich alerting and efficient incident response workflows, streamline threat containment and remediation efforts.

Identifying attacks more rapidly means real impact to businesses when you consider the statistics around the average breach: it takes an average of 280 days to detect data breaches, costing US$8.19M in fines, man-hours and lost reputation.

In response to the growing industry awareness of the data perimeter, a new signature-based attack detection capability was added to the Imperva data security platform. Imperva Data Risk Analytics version 4.2 working together with Imperva Sonar now detects active database attacks, including:

• Malware deployment, includes ransomware
• Audit tampering
• Credentials extraction
• Privilege escalation
• Database weaponization
• Data exfiltration

During an attack, minutes count. Combined with our behavioral analytics engine, which leverages machine learning algorithms to identify anomalous data access behaviors, this pivotal new Imperva technology brings a new level to data security. The two layers work together and significantly increases the probability of an active attack being detected.

Highly actionable alerts. No Tuning Required.

The last thing you need is another technology to tune and maintain.

The new capability leverages attack signatures that are built by the Imperva threat research team. Ongoing administrative maintenance isn’t required: once notifications are configured this is a “set and forget” feature. What’s more, the Imperva research team is continuously working behind the scenes studying database attack variants and looking for insights on new trends. Their work translates to new signatures and are automatically implemented into the new engine. Your databases are secured, your teams aren’t distracted and you have peace of mind with the added check point.

[For more information on database breaches see our report Lessons Learned from Analyzing 100 Data Breaches and the accompanying webinar.]

Built for Incident Response Teams

Operationally, alerts from this new engine come in as critical severity alerts, enabling your incident response teams early opportunity to tactically disrupt and block instead of recover.

Imperva has added new incident types that align with the new detections. Flexible and powerful, these alerts can be routed on a per incident type basis. Incident details reduce manual effort during triage and are customizable to match your organization’s needs.

Imperva’s signature-based detection, behavioral analysis, and database expertise are unmatched by endpoint, network, perimeter and cloud-native security technologies. Because all attacks eventually try to reach data, having a security control at the data perimeter is an effective way to prevent and detect breaches.

Break the Cyber Kill Chain at the most fundamental level – the Database

Cybercriminals continuously adjust their approach to achieve their goal. Attack techniques such as database weaponization, audit tampering, and credential extraction are common methods cybercriminals use to advance their attacks.

Our focus on pattern-matching attack techniques significantly reduces the opportunity for an attack to be successful. Alignment with techniques within the MITRE ATT&CK framework, the industry’s most complete, up-to-date catalog of cybersecurity attacks, allow your security teams to quickly understand the nature of the threat and respond appropriately. Here is an example from one attack as detailed in Imperva’s Lessons Learned from Analyzing 100 Data Breaches report:

Detect active database attacks with Imperva

If you are an Imperva Data Secure or Data360 user you can get started with this new capability today. This new functionality requires Imperva Sonar v4.5b, Data Risk Analytics v4.2 and either of the Imperva Data Secure and Imperva Data 360 packages.

If you are a new user to Imperva’s data security platform, reach out to the Imperva team to learn more and get a demo of it in action!

~~~

To learn more about Imperva’s approach to data protection, please contact your Imperva Account Representative.