BlueCross BLueShield
EE logo black
uncover dangerous user data access

Automatically uncover dangerous user data access

Imperva Data Security uses machine learning to automatically uncover unusual data activity, surfacing actual threats before they become breaches. How? It first establishes a baseline of typical user access to database tables and files, then detects and alerts you to abnormal behavior.


Identify suspicious data access with peer group analysis

Analyze the data access behavior of particular users with a consolidated view of their database and file activity. Look into incidents and anomalies specific to the individual, view the baseline of typical user activity, and compare a given user with that user’s peer group.

CounterBreach data stores

Spotlight critical threats to your data

Pinpoint high-risk incidents and prioritize what matters the most, combining machine learning with grouping and scoring capabilities. Investigate events by filtering open incidents by severity, then take a deeper look into specific incident details about the user and the data accessed.

detect malicious users

Accelerate breach investigation and response

Interpret critical incidents in plain language. You don’t have to be a database expert to be able to carry out a successful investigation. Data risk analytics gives you granular visibility into how data is being used by whom and provides actionable insights so you can quickly contain a breach before damage happens.

database vulnerabilities

Simplify and optimize your SIEM feed

Just a few moderate sized databases can generate terabytes of raw log data per day. Multiply this by 10s or 100s of databases and your costs to capture and store this info grow exponentially. Imperva Data Security automatically processes data access logs and sends only high priority incidents to your SIEM.

How Data Risk Analytics Detects Risky User Behavior

data profiling

User and data profiling

Imperva Data Security applies data risk analytics to detect careless, compromised and malicious insiders independently profiling both users and data, rather than just user activity. By analyzing from both perspectives, we detect the truly worrisome incidents that warrant your attention.

Dynamic peer group analysis

Dynamic peer group analysis

Sometimes you really do need to know what your peers are up to. To understand risky user behavior, it’s important to identify the true peer groups across the enterprise. Using Dynamic Peer Group Analysis technology, data risk analytics automatically learns how users across your organization access enterprise files and places them into “virtual” working groups. Once peer groups are identified, we flag risky file access from unrelated individuals.

Data access

Data access domain expertise

Imperva machine learning technology accurately uncovers insider threats by leveraging algorithms tailored to identify abusive data access. The solution establishes a behavioral baseline by analyzing granular user-centric details (such as user identity and client IP) and data-centric details (such as table name and SQL operation).

Dimensionality reduction

Dimensionality reduction

To accurately identify breaches, every data access needs to be captured and analyzed. Imperva monitors every transaction with minimal impact to production databases, and uses dimensionality reduction techniques to process billions of events per day on a single analytics server.

Specifications and System Requirements

Database Platforms
  • Oracle
  • Microsoft SQL Server
  • DB2 for LUW
  • Sybase ASE
  • Teradata
File Systems
  • CIFS file storage systems
  • NAS devices
File Operating Systems
  • Microsoft Windows Server
Syslog Formats Supported
  • CEF
  • LEEF
  • Raw
SIEM integration
  • Splunk, ArcSight


Click here to see which Operating Systems and Databases each of our products supports.

Related Content

Key Resources

Top 5 Database Security Threats

Top 10 Indicators of Data Abuse

White paper
Read paper ›

Security Analytics: How to Identify True Risks to Your Data

Watch webinar ›