Imperva Inc .has announced CounterBreach 2.0 with a new algorithm to automatically place individuals and their cross-functional peers into “virtual” working groups based on interactions with enterprise files in order to identify unusual user access patterns.
This new Dynamic Peer Group Analysis algorithm proves an intelligent approach to permissions management that helps protect data against insider threats.
The new machine learning algorithm in CounterBreach 2.0 automatically identifies ad-hoc and cross-functional working groups, assigning users into peer groups. CounterBreach then analyses user behaviour and flags risky file access from unrelated individuals, such as an engineering manager accessing a sensitive finance budget file or an engineering file not associated with his peer group, which he has rights to, but is not accessed by anyone in his virtual peer group.
The result is a dynamic approach to file security that allows employees to freely access data, yet saves IT teams time and enhances the security of file data.
“Traditionally, permissions management is manual, time consuming and often inaccurate or outdated, creating a gap in which data contained in files can be lost, stolen or misused by malicious, careless, or compromised users,” said Amichai Shulman, CTO and co-founder of Imperva.
“Detection and containment of insider threats requires an understanding of both users and how they use enterprise data. CounterBreach 2.0 leverages machine learning for an intelligent approach to permissions management that reduces the risk of insider threats, safeguards data and improves the overall security posture of the organisation.”
These improvements follow findings from the Imperva research team which published a Hacker Intelligence Initiative (HII) report to validate the need for a dynamic approach to permissions management. The HII report demonstrates that relying on access control alone broadens the risk surface and is not a sustainable method for securing enterprise files.
Primary research conducted by Imperva in customer environments finds that user permissions to files grow over time; while access is granted freely, it is rarely revoked. In fact, most employees use less than 1 percent of the files they are allowed to access. Furthermore, 99 percent of the files are used on a temporary basis as related to a specific project and rarely accessed again.
CounterBreach 2.0 also features workflow enhancements to streamline end-to-end incident investigations, new filtering options to quickly search for critical security events and broader coverage for on-premises databases.