Behavior Analytics

Data breaches are difficult to detect because security team is often drowning in alerts. Imperva CounterBreach uses machine learning and analytics to identify suspicious data access and prioritize threats. By distilling millions of alerts, Imperva allows you to focus on high-risk incidents.

uncover dangerous user data access

Automatically uncover dangerous user data access

CounterBreach uses machine learning to automatically uncover unusual data activity, surfacing actual threats before they become breaches. How? It first establishes a baseline of typical user access to database tables and files, then detects, prioritizes, and alerts you to abnormal behavior.


See exactly what data your users touch

With CounterBreach, you can analyze the data access behavior of particular users with a consolidated view of their database and file activity. Investigate incidents and anomalies specific to the individual, view the baseline of typical user activity, and compare a given user with that user’s peer group.

CounterBreach data stores

Quickly assess the security of your data stores

CounterBreach spotlights highest risk users and assets so that you can prioritize the most serious data access incidents. Investigate events by filtering open incidents by severity, then take a deeper look into specific incident details about the user and the data that was accessed.

detect malicious users

Detect careless, compromised, and malicious users

Detecting insider threats goes beyond users that are compromised. Users who are malicious or careless have legitimate access to enterprise data, and are difficult to identify without granular visibility into the exact data that users are accessing. Imperva CounterBreach identifies them.

database vulnerabilities

Simplify and optimize your SIEM feed

Just a few moderate sized databases can generate terabytes of raw log data per day. Multiply this by 10s or 100s of databases and your costs to capture and store this info grow exponentially. CounterBreach automatically processes data access logs and sends only high priority incidents to your SIEM.

How CounterBreach Detects Risky User Behavior

data profiling

User and data profiling

CounterBreach detects careless, compromised and malicious insiders by independently profiling both users and data, rather than just user activity. By analyzing from both perspectives, CounterBreach detects the truly worrisome incidents that warrant your attention.

Dynamic peer group analysis

Dynamic peer group analysis

Sometimes you really do need to know what your peers are up to. To understand risky user behavior, it’s important to identify the true peer groups across the enterprise. Using Dynamic Peer Group Analysis technology, CounterBreach automatically learns how users across your organization access enterprise files and places them into “virtual” working groups. Once peer groups are identified, CounterBreach flags risky file access from unrelated individuals.

Data access

Data access domain expertise

CounterBreach machine learning technology accurately identifies insider threats by leveraging algorithms that are tailored to identify abusive data access. The solution establishes a behavioral baseline by analyzing granular user-centric details (such as user identity and client IP) and data-centric details (such as table name and SQL operation).

Dimensionality reduction

Dimensionality reduction

To accurately identify breaches, every data access needs to be captured and analyzed. Imperva monitors every transaction with minimal impact to production databases, and uses dimensionality reduction techniques to process billions of events per day on a single CounterBreach server.

Specifications and System Requirements

Database Platforms
  • Oracle
  • Microsoft SQL Server
  • DB2 for LUW
  • Sybase ASE
File Systems
  • CIFS file storage systems
  • NAS devices
File Operating Systems
  • Microsoft Windows Server
Syslog Formats Supported
  • CEF
  • LEEF
  • Raw
SIEM integration
  • Splunk, ArcSight


Related Content

Key Resources

Top 5 Database Security Threats

Top 10 Indicators of Data Abuse

White paper
Read paper ›

Challenges of Insider Threat Detection

Read Blog ›