Imperva Cyber Community

Expand all | Collapse all

Use Cases for Counter Breach Machine Learning

  • 1.  Use Cases for Counter Breach Machine Learning

    Posted 21 days ago
    Hi Guys 

    can some one please help me share the use cases for Counter Breach Machine Learning . Thanks in advance.
    #DataRiskAnalytics(formerlyCounterBreach)

    ------------------------------
    Aleemuddin Mohammed
    Oracle Database Administrator
    ------------------------------


  • 2.  RE: Use Cases for Counter Breach Machine Learning

    Posted 19 days ago
    Hi,
    It is not a simple job.
    You have to know that CB is a machine learning system that analyzes the DB audit logs.
    It's impossible to write own policies as in DAM.
    CB has around 11 scenarios implemented, and these scenarios you can use as use cases.
    Every scenario is explained in CB help. You can read and use it as yours.

    So, please send all DB audit logs to the CB, and wait for the results.


    Incidents Summary
    CounterBreach has 11 built-in unique database use cases that it discovers. Below are definition as
    well as a chart to illustrate the threats that are associated with them.

    - Suspicious Application Data Access - An interactive (human) user is directly accessing
    business data that should normally only be accessed via an application.
    - Database Service Account Abuse - An interactive (human) user is using a service account to
    access the database.
    - Excessive Database Record Access - An individual has queried records in excess of what this
    individual, their peer group, and the organization normally query.
    - Database Access at Non-Standard Time - used to access the database at a time that is
    atypical for this user and their peer group.
    - Excessive Failed Logins (Human) - A user has failed to log in more times than typical for this
    particular account owner.
    - Excessive Failed Logins From Application Server - A user failed to log in to the database
    from an application server.
    - Machine Takeover - A machine typically used by a specific individual was used by a different
    individual to access the database.
    - Excessive Multiple Database Access – A user has attempted to access an abnormally high
    number of different databases over a short period of time.
    - Suspicious Database Command Execution – A user performed a command that is highly
    suspicious in nature in an abnormal way.
    - Suspicious Sensitive System Tables Scan – An interactive (human) user has scanned
    sensitive system tables on several databases over a relatively short period of time in an
    abnormal way.
    - Suspicious Dynamic SQL Activity – An interactive (human) user has queried a database
    using dynamic SQL queries in an abnormal way.









    ------------------------------
    Karol Gruszczynski
    IT SECURITY EXPERT
    Warsaw
    ------------------------------



  • 3.  RE: Use Cases for Counter Breach Machine Learning

    Posted 19 days ago
    Thanks Karol for sharing ur input . its very informative.

    ------------------------------
    Aleemuddin Mohammed
    Oracle Database Administrator
    ------------------------------



  • 4.  RE: Use Cases for Counter Breach Machine Learning

    Imperva Employee
    Posted 18 days ago
    As new incident types are added, you can see them in the Imperva online documentation.  See:
    https://docs.imperva.com/bundle/v4.1-data-risk-analytics-user-guide/page/63485.htm
    for the 4.1 version.

    Jim

    ------------------------------
    Jim Burtoft (Prm)
    SE
    Imperva
    State College PA
    ------------------------------



  • 5.  RE: Use Cases for Counter Breach Machine Learning

    Posted 18 days ago
    Thanks Jim

    ------------------------------
    Aleemuddin Mohammed
    Oracle Database Administrator
    ------------------------------