Imperva CounterBreach

Similar documents
Imperva Incapsula Website Security

Part 2: How to Detect Insider Threats

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

RSA NetWitness Suite Respond in Minutes, Not Months

CyberArk Privileged Threat Analytics

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Top 5 Database Security Threats WHITEPAPER

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Security Information & Event Management (SIEM)

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

RSA INCIDENT RESPONSE SERVICES

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Imperva SecureSphere Appliances

Integrated, Intelligence driven Cyber Threat Hunting

THE EVOLUTION OF SIEM

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

PROTECT AND AUDIT SENSITIVE DATA

ForeScout Extended Module for Splunk

Data Privacy and Protection GDPR Compliance for Databases

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Un SOC avanzato per una efficace risposta al cybercrime

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

RSA INCIDENT RESPONSE SERVICES

SIEMLESS THREAT DETECTION FOR AWS

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

Top 5 NetApp Filer Incidents You Need Visibility Into

Building Resilience in a Digital Enterprise

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

E-BOOK. Healthcare Cyber Security and Compliance Guide

SIEM Solutions from McAfee

Compare Security Analytics Solutions

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

CloudSOC and Security.cloud for Microsoft Office 365

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

RULES VERSUS MODELS IN YOUR SIEM

ForeScout ControlFabric TM Architecture

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

The Vectra App for Splunk. Table of Contents. Overview... 2 Getting started Setup... 4 Using the Vectra App for Splunk... 4

Symantec Advanced Threat Protection: Endpoint

Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

An All-Source Approach to Threat Intelligence Using Recorded Future

FOR FINANCIAL SERVICES ORGANIZATIONS

Part 1: Anatomy of an Insider Threat Attack

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Privileged Account Security: A Balanced Approach to Securing Unix Environments

The Claroty Difference

Part 3: Surprising Insider Threat Findings in Enterprise Environments

Automated, Real-Time Risk Analysis & Remediation

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

What s New in Netwrix Auditor 9.7

Business Context: Key for Successful Risk Management

McAfee Endpoint Threat Defense and Response Family

RSA Security Analytics

with Advanced Protection

MEETING ISO STANDARDS

Preventing Data Breaches without Constraining Business Beograd 2016

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

An Oracle White Paper June Oracle Audit Vault and Database Firewall

PALANTIR CYBERMESH INTRODUCTION

Top 10 use cases of HP ArcSight Logger

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

GDPR: An Opportunity to Transform Your Security Operations

<Partner Name> <Partner Product> RSA NETWITNESS Security Operations Implementation Guide. Gurucul Risk Analytics

RSA ADVANCED SOC SERVICES

Imperva Incapsula Load Balancer

McAfee Skyhigh Security Cloud for Citrix ShareFile

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

align security instill confidence

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Power of the Threat Detection Trinity

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

how dtex fights insider threats

MANAGED DETECTION AND RESPONSE

THE ACCENTURE CYBER DEFENSE SOLUTION

TRUE SECURITY-AS-A-SERVICE

Sponsored by Oracle. SANS Institute Product Review: Oracle Audit Vault. March A SANS Whitepaper. Written by: Tanya Baccam

SecureVue. SecureVue

Optimize Your Databases Using Foglight for Oracle s Performance Investigator

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

How Vectra Cognito enables the implementation of an adaptive security architecture

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

McAfee Investigator Product Guide

Security. Made Smarter.

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

ALIENVAULT USM FOR AWS SOLUTION GUIDE

AppDefense Getting Started. VMware AppDefense

CyberArk Privileged Account Security

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

AKAMAI CLOUD SECURITY SOLUTIONS

The Cognito automated threat detection and response platform

The McGill University Health Centre (MUHC)

Office 365 Buyers Guide: Best Practices for Securing Office 365

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Transcription:

Imperva CounterBreach DATASHEET Protect Your Data from Insider Threats The greatest threat to enterprise security is the people already on the payroll. To do their jobs, employees, contractors, consultants and vendors must have legitimate access to sensitive and valuable data stored in enterprise databases and file shares. However, when insiders abuse this access, or when insiders are exploited by outside attackers, enterprise data is exposed. Detection and containment of insider threats requires an expert understanding of both users and how they use enterprise data. Employees require access to information assets to perform their jobs, but malicious or ignorant abuse of authorized access is difficult to detect and high-risk. Imperva CounterBreach Imperva CounterBreach protects enterprise data stored in enterprise databases and file shares from the theft and loss caused by compromised, careless or malicious users. By dynamically learning users normal data access patterns and then identifying inappropriate or abusive access activity, CounterBreach proactively alerts IT teams to dangerous behavior. GARTNER, BEST PRACTICES FOR MANAGING INSIDER SECURITY THREATS, ANDREW WALLS, 17 JUNE, 2014 1

Information security strategies need to shift from a bottom-up device and network-centric strategy to a top-down, information-centric strategy focused on the information itself. GARTNER, PREVENTION IS FUTILE IN 2020: PROTECT INFORMATION VIA PERVASIVE MONITORING AND COLLECTIVE INTELLIGENCE, NEIL MACDONALD, 27 JANUARY, 2016 Detect Dangerous User Data Access CounterBreach detects potential breaches by pinpointing risky data access events and the user associated with the risky access event. CounterBreach Behavior Analytics CounterBreach Behavior Analytics uses machine learning and dynamic peer group analysis to automatically uncover anomalous data access events. This establishes a full contextual baseline of typical user access to database tables and files stored in file shares, and then detects and prioritizes anomalous activity. Combining an expert understanding of users and how they access data equips enterprises with the context and accuracy required to detect data breach incidents. With CounterBreach, security teams can quickly discern between malicious and normal activity so they can immediately identify and act upon risky behavior. Accurately identifying potential data breaches requires deep contextual understanding of not just user activity, but the data users access and how they access it. Without visibility into the data itself, and an understanding of the indicators of data abuse, one half of the equation is missing. The table below shows examples of common data abuse indicators, and the user and data details needed to do identify them. DATA ABUSE INDICATORS LEARNED USER DETAILS LEARNED DATA ACCESS DETAILS Suspicious Application Data Access Flags interactive (non-application) users that directly accesses sensitive application table data on a database. Excessive Database Record Access Uncovers users that access an unusually high number of database records, as compared to their typical behavior and the actions of their peer group. Client IP Server IP Client app User department Database name Table name Data sensitivity Schema SQL operation SQL operation type Database name Data sensitivity Table name Schema Number of rows involved in operation SQL operation Service Account Abuse Detects an interactive (non-application) user logs into a database using a service account. Slow Rate File Access Pinpoints users that access or copy a certain number of files at an unusually slow rate. Client IP Server IP Client app User department Database name Database table access patterns SQL operation patterns SQL operation type File operation File path File name Folder type File share name Operation response time Excessive File Access Flags users that access or copy an abnormally high number of files from their personal folder, department folder or network file share from multiple hosts. User department File operation File path File name File type File share name 2

CounterBreach spotlights the riskiest users, client hosts and servers so that security teams can prioritize the most serious incidents. CounterBreach Key Capabilities Detect Critical Data Misuse Incidents detected by Behavior Analytics are populated into an easy-to-navigate dashboard. CounterBreach spotlights the riskiest users, client hosts and servers so that IT staff can prioritize the most serious data access incidents. Security analysts can also drill down into a view of all open incidents and investigate all the details pertaining to an event. Key Capabilities Detect critical data misuse Accelerate incident response time Simplify investigations The CounterBreach dashboard aggregates threat indicators across all enterprise data. 3

Accelerate Incident Response Time Security teams can efficiently investigate the most risky data access events by filtering open incidents by severity as well as by a specific user, server or client host. Users can then drill deeper into a specific incident to review a detailed description of the event and view granular information about the use and the data that was accessed. From here, SOC staff can close the incident or whitelist behavior that is authorized or unable to be remediated right away. Simplify Investigations Security teams can analyze the data access behavior of particular users with the user dashboard. With a consolidated view into database and file activity, security analysts have a full picture of the user s data access across the organization. Security teams can investigate incidents and anomalies specific to the individual, and then drill down to the behavior profile to the view baseline of typical user activity and compare a given user with that user s peer group. The CounterBreach incident screen shows critical data access anomalies prioritized from critical to low severity. The CounterBreach user screen provides an at-a-glance look at individual access to enterprise data and highlights risky user behavior. 4

Prevent Data Breaches with Imperva To detect and contain data breaches, organizations need to have visibility into who is accessing enterprise data, understand if that access is legitimate and respond immediately if it s not. CounterBreach integrates with Imperva SecureSphere solutions to pinpoint critical anomalies that indicate misuse of enterprise data stored in databases and file servers. Monitor Learn and Detect Contain Users Databases and File Servers Monitor Imperva data protection solutions directly monitor all user access to on-prem data repositories. SecureSphere provides visibility into which users access database and file servers, giving IT organizations insight into the who, what and when of access to sensitive information. Learn and Detect CounterBreach integrates with Imperva SecureSphere to pinpoint critical anomalies that indicate misuse of enterprise data CounterBreach combines Imperva expertise in monitoring and protecting data with advanced machine learning to uncover dangerous user data access activity. Based on granular inputs from SecureSphere, CounterBreach develops a behavioral baseline of typical user data access and then detects critical deviations from the norm. CounterBreach proactively flags these dangerous actions for immediate investigation. Contain With the CounterBreach solution, security teams can contain potential data leaks before they become major events. Once dangerous anomalies are detected, enterprises can quickly quarantine risky users in order to proactively prevent or contain data breaches. 5

Imperva CounterBreach Cyber Security Imperva CounterBreach protects enterprise data stored in enterprise databases and file shares from the theft and loss caused by compromised, careless or malicious users. By dynamically learning users normal data access patterns and then identifying inappropriate or abusive access activity, CounterBreach proactively alerts IT teams to dangerous behavior. System Requirements CounterBreach Prerequisites CounterBreach requires one of the following Imperva products performing monitoring and containment functions: SecureSphere Database Activity Monitor, Database Firewall, and File Firewall. CounterBreach Virtual Appliances CounterBreach is deployed as virtual appliances that are simple to deploy and do not interfere with existing SecureSphere implementations. The minimum requirements per physical host and for each guest virtual appliance are shown below. PHYSICAL HOST GUEST VIRTUAL APPLIANCE 4 16 GB 1 TB Hypervisor Processor CPU Memory Disk Space CounterBreach Dual-core Admin Server 1 server Intel VMWare 2 4 GB 50 GB CounterBreach VTx or ESX/ESXi Analytics AMD-V 4.x/5.x/6.x Server 2 Operating System File System 1 The Admin Server is required for Behavior Analytics. Imperva will deliver software on pre-configured virtual appliances with the specifications shown above. Supported Platforms COUNTERBREACH BEHAVIOR ANALYTICS Database Platforms File Systems File Operating Systems SIEM Integration Oracle, Microsoft SQL Server, DB2 for LUW, Sybase ASE CIFS file storage systems, NAS devices Microsoft Windows Server Splunk, ArcSight Supported Syslog Formats CEF, LEEF, Raw 2017, Imperva, Inc. All rights reserved. Imperva, the Imperva logo, SecureSphere, Incapsula, Skyfence, CounterBreach and ThreatRadar are trademarks of Imperva, Inc. and its subsidiaries. All other brand or product names are trademarks or registered trademarks of their respective holders. DS-CounterBreach_Overview-0517-rev1 imperva.com 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback