The launch of Imperva CounterBreach ushers in a new standard for anomaly and threat detection a la This is Spinal Tap.
In the vast, complex world of data security, there’s a clear need to protect the data itself, as opposed to focusing on endpoints or firewalls. Because data is moving inexorably to the cloud, it’s becoming more critical for IT to gain visibility and control.
Compounding matters is the threat of insider abuse. This specific threat substantially increases the chances of compromised data and underscores the value of a solution that can correlate user-centric anomalies across all organizational data– whether it resides on-premises or in the cloud.
There’s always a bad apple somewhere
Predicated on the notion that the user is the weakest link when it comes to security, the more user activity one can monitor and analyze, the better a security organization can identify who’s engaging in questionable activity and where. This includes more accurate threat data where correlation of anomalies from multiple assets reduces the false positive rate and more accurate risk scoring of users.
On the forensics front, security organizations get a unified view of all assets that can be accessed by compromised, malicious, or careless users. With this additional context, they can then craft the appropriate measures to remediate risk.
Imperva’s newest product, CounterBreach, helps IT admins accurately detect anomalies and threats to company data. Through the CounterBreach dashboard, an admin will be able to see the threats to an organization’s data wherever they occur, be it databases, files, or SaaS business applications like Office 365, Box, and Dropbox.
Imperva Skyfence “amplifies” threat and anomaly oversight in cloud app access
As this blog post’s focus is on the data in cloud apps, we turn our attention to Imperva Skyfence, a cloud access security broker (CASB) integrated with CounterBreach. It’s the only CASB that gives organizations a holistic view of threats and anomalies across all of an organization’s data sources, whether the source sits internally within the corporate perimeter or externally in the cloud. It’s an unparalled view amongst the CASB vendors.
Skyfence extends an organization’s anomaly and threat detection capabilities to cloud apps
Take anomaly detection to “11”
By using Skyfence to accurately detect anomalies in cloud app access, organizations are better able to mitigate security risks stemming from malicious, careless, or compromised users.
Anomalies can rear their heads in events like account takeovers, brute force attacks, suspicious data exports, and session hijackings. However the anomalies manifest themselves, the potential outcomes are universally negative. Catastrophic data loss, tarnished corporate reputation, and missed revenue targets are just a few of the scenarios that could play out if anomalies and threats are not expediently identified and dealt with.
Drill down into incidents
In addition to anomalies, Skyfence also provides details on incidents. Security teams can quickly investigate high-risk cloud app access activity by applying filters on open incidents by date, severity, user, cloud app accessed, etc. Admins can then drill down to view the incident details in order to choose the most effective remediation measure.
View data access incidents by severity.
See the details of a specific incident so you can choose the appropriate remediation measure.
In the movie, when Nigel Tufnel is asked by Marty DiBergi why not make “10” the highest setting, Nigel matter-of-factly states, “These go to eleven.” Nigel may have believed he was being progressive in his choice of amplifiers, but in reality, Spinal Tap didn’t pay attention to the warning signs or didn’t adapt quickly enough to stay relevant in the eyes of its fans (probably both at the end of the day).
Intelligent threat detection is the latest in the evolution of effectively protecting business-critical data. When it comes to malicious, careless, or compromised users, you should assess whether your current anomaly detection solutions are keeping pace with this rapidly evolving IT landscape. As more and more sensitive and regulated data is moving to the cloud, the value of a Skyfence-CounterBreach integration is unequivocally clear.
Learn more about the integration of Imperva Skyfence with CounterBreach to extend an organization’s anomaly and threat detection capabilities to cloud apps.