Machine learning counteracts insider threat

Imperva has introduced Imperva CounterBreach, a new multi-layered security solution that protects enterprise data from theft and loss due to compromised, malicious and careless users.

  • Wednesday, 18th November 2015 Posted 9 years ago in by Phil Alsop
CounterBreach uses machine learning to analyze how users access data in order to spotlight dangerous data access and use. CounterBreach complements machine learning with non-invasive deception technology to identify compromised end-point devices. By dynamically learning normal data access patterns and then finding anomolies, CounterBreach proactively alerts IT teams to dangerous behavior.  
According to the 2015 Verizon Breach report, over 45 percent of enterprise data breaches resulted from malicious or compromised inside users, and it is well understood that trusted internal users are typically the weakest link in any enterprise security posture. Enterprises must manage insider threats that originate from:
  • compromised users whose credentials are stolen, or who unknowingly introduce malware into the enterprise
  • malicious users who deliberately steal or destroy corporate assets; and
  • careless users who inadvertently put sensitive data at risk.
To address insider risk, CounterBreach provides a multi-layered solution that:
  • provides direct visibility into which users access what data, giving IT organizations insight into the ‘who,’ ‘what’ and ‘when’ of access to sensitive information;
  • combines Imperva expertise in monitoring and protecting data with advanced machine learning to spotlight dangerous user data access activity; and
  • applies non-invasive deception techniques to identify compromised end-points.
“Cyber criminals are ultimately after data, and are adept at exploiting people to get to it. CounterBreach, identifies dangerous and anomolous data access activity and traces it back to the associated insider,” said Amichai Shulman, Co-Founder and Chief Technology Officer at Imperva. “It combines machine learning on users and their actual data access patterns with the use of deception technology to identify risky user behavior. With this insight, security teams are able to identify and contain potential data leaks before they become major events.”