Organizations need advanced data risk analytics to eliminate the noise and help security staff gain actionable threat insights to accelerate risk mitigation and breach detection
Detect data threats before they become security incidents or breaches
Protecting sensitive data is challenging for enterprise security groups with limited resources and tools. Often it is the group's tools themselves that make data breach detection so difficult. Tools that cannot correctly contextualize alerts overwhelm security staff with an avalanche of mostly "false positives" making it very hard to know what to do or even where to begin. Organizations need advanced data risk analytics to eliminate all the noise and help security staff gain actionable threat insights to accelerate risk mitigation and breach detection.
Reduce false positives through data context
Imperva Data Risk Analytics, an essential capability of Imperva Data Security Fabric (DSF), helps identify data breach threats without all the noise. Typical User and Entity Behavior Analytics (UEBA) tools just focus on network or system access anomalies such as login and logout. Data Risk Analytics considers what data users access, the user’s roles, whether the data is sensitive or not, and what the user does with it. By correlating all of this event information, Data Risk Analytics contextually determines if an activity is simply an anomaly without risk or an actual serious threat to sensitive data before generating an alert. Correlation filters out false positives and enables security teams to act only on higher-risk incidents that need further investigation.
Key features and benefits
Insights based upon the synthesis of user behaviors, application & API access patterns, and data source context
Get clear summaries that explain complex issues in plain language
Faster problem resolution times
Categorize and prioritize by real risks rather than anomalies
Spot bad actors before they cause damage
Eliminate false positives, and enable SOC teams to focus on the critical issues
Top data security guidelines
Investigating data threats through the information that a typical UEBA solution (such as a SIEM) provides often requires pre-knowledge of the accessed data set or deep knowledge of data access languages like Structured Query Language (SQL) to know if any sensitive data has been misused or if users are accessing data inappropriately.
Lack of guidelines
Unaware of my unknowns. What rules should the security team establish?
Data prioritization
Unsure which data to monitor/audit. What data should the security team monitor?
Unintelligible data
SQL isn't the security team's forte. How does the security team interpret data activity events?
Too much data
Overwhelmed by system data flows. How does the security team handle so many data events?
Data security, unleashed
Imperva Data Risk Analytics elevates the security and compliance capabilities of IT and security staff by providing automation, filtering, and insights & actions in plain language that accelerate customers' paths to data security confidence.
Imperva Data Risk Analytics
Do more with less
Imperva Data Risk Analytics (DRA) identifies abnormal user behavior that can lead to bad practices, hostile intrusions, and data compromise. Imperva DRA translates complex technical events into plain language that IT operations teams and security staff members can immediately understand. Imperva DRA provides an intuitive dashboard that provides a prioritized incident summary of questionable events that anyone can click through, which in turn provides a complete description of the threat with actionable intelligence for remediation.
Purpose-built analytics using machine learning to detect suspicious data activities
Prioritize and group high-risk incidents to elevate team skills via machine learning
Interprets data store events and provides actionable insights to accelerate remediation
Reduces the count of events to investigate for efficiency and speed
Prioritize and group high-risk incidents to elevate team skills
Imperva Data Risk Analytics (DRA) prioritizes critical incidents by applying grouping and scoring algorithms that factor in variables such as sensitive data type, privileged account, amount of data involved, and more. Suppose multiple incidents are related (e.g., all associated with the same user account, or multiple users are abusing the same service account). In that case, Imperva DRA groups the incidents into one issue, prominently showing security staff the high-risk incident and suppressing false positive noise.
No configuration needed
Unsupervised learning transforms raw activity data into valuable information – without the need for a DBA
Fully automated
Events are prioritized based on best practices defined using pre-built or custom models – without the need for a data scientist
Unique triangulation
Insights based upon the synthesis of user behaviors, application & API access patterns, and data source context
Our model has been trained on petabytes of data, with algorithms refined over more than a decade
Leverage AI-driven Data Risk Analytics to quickly convert terabytes of raw data into actionable information
Given the explosion of raw data, Imperva Data Risk Analytics (DRA) has become a critical facility for transforming data into actionable insights. Many of today’s security and compliance tools provide little to no capability in this area and, as a result, often simply deliver the data downstream in the hopes that “other” tools may be able to discern behavioral patterns. While there is a clear benefit to enterprise-wide UEBA solutions, DRA enables you to bring significant added value by applying UEBA engines at the individual tool level to isolate anomalies more effectively earlier in the inspection process.
With Imperva Data Risk Analytics and ServiceNow, you can avoid burning out your cyber security employees
In today's world, CIOs and CISOs face a harsh reality regarding the security staff shortage. With the deflating economy, nationalism, cybercrime, and nation-led adversaries, the demand for security personnel has increased, making it challenging for organizations to find and retain skilled security staff.
Customers are also looking for solutions to offload tasks from their security staff, and this is where Imperva DSF Data Risk Analytics (DRA) comes in. With Imperva DSF DRA, most cases related to bad practices and insider threats can be handled and resolved by other non-security teams in the organization. Imperva DSF DRA, when integrated with ServiceNow, can automatically triage data risk incidents to different members or groups like data experts, access experts, direct managers, and database owners who can receive and resolve incidents directly and immediately without expensive human intervention, freeing security specialists to work on high stake data risk issues.
Active attack detection and data risk activities
Leveraging an analysis of exploits observed in large numbers of breaches performed by Imperva Labs, Imperva Data Risk Analytics recognizes known attack exploit behaviors and immediately triggers a critical alert to notify the security team. The types of exploits recognized include
We needed a data security platform that offers more than native scanning and audit logs of our databases. Imperva Data Security Fabric provides not only the essential monitoring and blocking capabilities, but also consolidates data risk insights to prevent potential threats across all of our databases.
Naoki Nishida Senior Manager Head of Operations Group
Data Risk Analytics in two minutes
Imperva Data Risk Analytics (DRA) protects enterprise data stored in enterprise databases and file shares from theft and loss caused by compromised, careless or malicious users. By dynamically learning users' standard data access patterns and then identifying inappropriate or abusive access activity, DRA proactively alerts IT teams to dangerous behavior.
How Data Risk Analytics works in Data Security Fabric
Imperva Data Risk Analytics (DRA) protects various user-related security threats via statistical models created and configured directly in Imperva Data Security Fabric (DSF). Imperva DRA User Entity and Behavior Analytics (UEBA) models in the platform detect and flag outlier activity within large datasets and generate automatic alerts as needed.
Preconfigured DRA UEBA models These detection models can be used to understand how to build automated logic that analyzes audit data from all sources across your data estate. It is possible to clone and customize these pre-configured models to detect user-related security events tailored to your organization. Each preconfigured DRA model represents a different threat vector.
Account abuse
This threat category refers to a broad spectrum of unexpected or suspicious activities by users within an organization, e.g., unusual login activity and unexpected data movement.
Account compromise
This threat category refers to a suspicious activity wherein a third party (inside or outside your company) attempts to gain control of machines within your organization using existing account credentials, e.g., brute force login attempts.
Insider threats
Detects attempts to create accounts with data access privileges to non-existent or unauthorized users.
Code injection
This threat category refers to activity related to the injection and execution of malicious code into an application.
Privilege misuse
This threat category refers to the misusing or abuse of a user account's privileges.
Enterprise coverage, speed, and scale
To mitigate the risk of data breaches enterprise-wide, you need to be able to detect threats across all your sensitive data repositories on-premises, in the cloud, or across multiple clouds. Human beings just can’t do it at the speed and scale required. Imperva Data Risk Analytics (DRA) seamlessly leverages the reach of Imperva Data Security Fabric (DSF) to access data everywhere. Through automation and machine learning, Imperva DRA uncovers suspicious data access and risky behavior across millions and billions of data access events daily across potentially thousands of databases in a large, data-driven organization. Over time, the analytics engine continuously learns who the users are, what they typically access, and how they usually use the data, employing this contextual behavior baseline to fine-tune its accuracy constantly.
Fast time to value
Imperva Data Risk Analytics (DRA) helps security teams detect and pinpoint critical threats to data, prioritizes what matters most, and provides actionable insights—allowing you to accelerate threat investigation and response—even if you don't know much about the data or are conversant in database languages. Imperva DRA does not require you to create policies before it can recognize non-compliant or risky behavior. Purpose-built threat recognition intelligence comes right out of the box, so you can start seeing the benefits and changes in days, not months. Then it continuously tunes and adapts to changing circumstances. Imperva DRA helps you spot and mitigate data breach risks before they become damaging incidents.
Imperva Data Security Fabric protects all data types with a single system that delivers multiple business capabilities
Imperva Data Security Fabric is the first data-centric solution that enables your organization's security and compliance teams to quickly and easily secure sensitive data, no matter where it resides, with an integrated, proactive approach to visibility and predictive analytics.
Imperva Data Security Fabric is composed of cutting-edge orchestrated technical capabilities that work in unison to protect your data across your entire organization:
Data Discovery & Classification
Discover ungoverned data, classify all data, and assess vulnerabilities.
Detect and report non-compliant, risky, or malicious data access behavior across all of your data repositories enterprise-wide to accelerate remediation.
