Behavior Analytics

Detect risky data access behaviors. Stop data theft and loss caused by careless, compromised or malicious users. Protect your enterprise databases and file shares from insider threats with Imperva CounterBreach.

Automatically uncover dangerous user data access

Automatically uncover dangerous user data access

CounterBreach uses machine learning to automatically uncover unusual data activity, surfacing actual threats before they become breaches. How? It first establishes a baseline of typical user access to database tables and files, then detects, prioritizes, and alerts you to abnormal behavior.

See exactly what data your users touch

With CounterBreach, you can analyze the data access behavior of particular users with a consolidated view of their database and file activity. Investigate incidents and anomalies specific to the individual, view the baseline of typical user activity, and compare a given user with that user’s peer group.

Quickly assess the security of your data stores

CounterBreach spotlights highest risk users and assets so that you can prioritize the most serious data access incidents. Investigate events by filtering open incidents by severity, then take a deeper look into specific incident details about the user and the data that was accessed.

Detect careless, compromised, and malicious users

Detect careless, compromised, and malicious users

Detecting insider threats goes beyond users that are compromised. Users who are malicious or careless have legitimate access to enterprise data, and are difficult to identify without granular visibility into the exact data that users are accessing. Imperva CounterBreach identifies them.

Finds database vulnerabilities

Simplify and optimize your SIEM feed

Just a few moderate sized databases can generate terabytes of raw log data per day. Multiply this by 10s or 100s of databases and your costs to capture and store this info grow exponentially. CounterBreach automatically processes data access logs and sends only high priority incidents to your SIEM.

How CounterBreach Detects Risky User Behavior

User and data profiling

User and data profiling

CounterBreach detects careless, compromised and malicious insiders by independently profiling both users and data, rather than just user activity. By analyzing from both perspectives, CounterBreach detects the truly worrisome incidents that warrant your attention.

Dynamic peer group analysis

Sometimes you really do need to know what your peers are up to. To understand risky user behavior, it’s important to identify the true peer groups across the enterprise. Using Dynamic Peer Group Analysis technology, CounterBreach automatically learns how users across your organization access enterprise files and places them into “virtual” working groups. Once peer groups are identified, CounterBreach flags risky file access from unrelated individuals.

Data access domain expertise

Data access domain expertise

CounterBreach machine learning technology accurately identifies insider threats by leveraging algorithms that are tailored to identify abusive data access. The solution establishes a behavioral baseline by analyzing granular user-centric details (such as user identity and client IP) and data-centric details (such as table name and SQL operation).

Dimensionality reduction

Dimensionality reduction

To accurately identify breaches, every data access needs to be captured and analyzed. Imperva monitors every transaction with minimal impact to production databases, and uses dimensionality reduction techniques to process billions of events per day on a single CounterBreach server.


Specifications and System Requirements


Database Platforms
  • Oracle
  • Microsoft SQL Server
  • DB2 for LUW
  • Sybase ASE
File Systems
  • CIFS file storage systems
  • NAS devices
File Operating Systems
  • Microsoft Windows Server
Syslog Formats Supported
  • CEF
  • LEEF
  • Raw
SIEM integration
  • Splunk, ArcSight



CounterBreach Datasheet

Learn more about CounterBreach Behavior Analytics.

Read datasheet ›
Counterbreach video thumbnail

Data: The Missing Piece for Detecting Insider Threats

Listen to Amichai Shulman, CTO of Imperva, discuss how CounterBreach accurately identifies the most risky insider actions.

Watch video ›
White paper

Top 10 Indicators of Data Abuse

When it comes to detecting insider threats, do you know what behaviors to look for?

Read whitepaper ›