Imperva SecureSphere Database Security Reviews

WAF is a great security layer to protect an organization from a wide spectrum of application attacks residing in OSI layer 7. The Imperva device relies on signature-based policies, as well as on a web correlation engine. In addition, the packet inspection can be enhanced with the aid of stream signature policies, which are policy items focused on the stream rather than the HTTP/HTTPS protocol. Imperva can easily match a web user to the requests launched from his client. While the default policy subset is very rich and covers different regulations (e.g., PCI, SOX), there is always an option to create custom policies addressing specific needs. Security alerts are comprehensive of all the necessary details for the analysis, such as connection details, signature triggered, alert type (e.g., Protocol, Profile), severity and followed action (e.g., syslog forward, IP monitoring).

DAM also provides great value to audits and again, the data monitoring policies by default are very rich.

If you don't know exactly what kind of data you store in-house, SecureSphere allows you to actively scan and classify your information, automatically providing you detailed status of the data, which can be further reviewed and finalised by analysts or DBAs. This is also valid for user rights on the data, understanding the level of privileges granted to users and suggesting countermeasures in detailed aggregated charts and reports.

Once under monitoring, the data can be reviewed with an intuitive interface that allows the analyst to drill down, quickly narrowing the scope in a few clicks and focusing the attention only on the relevant queries. Once the pattern is identified, it is even possible to quickly report a detailed status of the findings, as well as generate a report template for future uses. This is on the hot data, what we have available in the management database. The time span can be increased indeterminately with a good retention configuration, combined with a SAN that stores the cold data, partitioned in daily slices and ready to be loaded into a separate database space for archives.

This is brilliant if you think about scalability, for you can obtain a very big archive while preserving system resources and performance. However, to get this configuration, in-depth tuning is needed for several weeks in order to get all relevant metrics (e.g. data stored per day, data spikes, backup speed, link transfer capacity, etc.) and adopt the appropriate customizations.

Audit data can also be correlated with application users by obtaining a detailed match of the database queries executed according to a particular web user’s HTTP requests.

The FAM module allows organizations to continuously audit storages and network shares and keep a detailed record of every file operation across the company. Scans are available also in this context, providing user rights as well as access to the monitored files. A data classification is also possible with the FAM.

All of Imperva’s features are extremely powerful, while a certain degree of knowledge is required to have a solid understanding of the product.

Imperva helps you comply with data regulations such as SOX or PCI. It helps SOC analysts to enlarge the scope analysis, significantly providing great procedures to drill down into the audit or a customizable enrichment fed by several types of input, e.g. Active Directory or other external platforms, and even a layer 7 inspection. When fully integrated, the application user requests are bound with the queries executed, giving a comprehensive picture of how your web application interacts with the data layer highlighting all possible security flaws in the data management, code bugs or server misconfigurations. All this logical data collection is effectively arranged into detailed profiles from where it is possible to spot the unusual deviations or to create advanced conditions to trigger upon this baseline. Think about access to PCI data from users different to the ones allowed, such as DBAs, only from a certain subnet, let's say the external network, out of the business hours, like nights or weekends. This is one possibility of what Imperva can achieve in your organization to protect the data from unauthorised users.

To have the mind at ease with a security solution has been always a chimera. Even SecureSphere suffers from some limitations, which I believe will be handled in the near future. I see two main things to improve at this point:

• SSL tunnel support for z/OS agents
• Capability to retain live audit policy data for several months; sometimes, on certain installations, this is not feasible due to the big data streams involved in the scope.

I've been supporting the Imperva technology since version 8.x. I have a company that provides consultancy services and I support Imperva.

From versions 9.5 and later, the Imperva solution has reached an optimum level of stability. On every unusual state reported, I was always able to relate it to misconfigurations or other hardware limitations and never to major bugs or software problems.

Again, Imperva works great when you need to increase managed devices, add new gateways or even change the operational modes of the latter.

On a scale from 1-10 (1=worst, 10=best) I would say technical support is 9. Support is always guaranteed and every internal SE has been always competent and ready to assist.

I tested different audit and WAF solutions and the one I was always more comfortable with is Imperva.

Setup is actually complex due to the nature of the product and needs deep knowledge of the solution to get things working with minor effort. If you don't know exactly what kind of solution are you deploying or even the installation steps to get the environment fully working, you won't be able to install it easily.

I am a technician, so I am not very confident discussing this topic.

Doing the initial Imperva training before putting your hands on the product helps a lot. Getting assistance from Imperva during the initial stage of your new environment is highly recommended.

Most of our clients are banks and insurance and financial institutions that want to achieve compliance. They want to achieve auditing for their regulatory compliances as well. On the database side, that includes being able to monitor DBS and to block certain activities on the DVF. On the application side, it also has to be preventative and that's also part of compliance. This solution enables clients to achieve data security, whether on cloud or on prem. We offer support services and we are a service provider for database security through Imperva and also application security through Imperva to our clients. I'm a cyber security engineer and we are gold partners of SecureSphere DS. 

I would say the discovery module is the most valuable feature as it provides good visibility of the database environment to particular sites. It scans the entire front of the environment to detect any new databases found just to make sure there are not any malicious things going on. I think it's a very powerful tool in that sense. It also helps that the solution is able to block queries that are able to be run by given database administrators on databases and manages user rights. 

I've been part of various projects and also interact with clients because I do pre-sales. Most of the feedback I receive relates to clients wanting to see an improvement in the reporting. They like the ability and functionality of the solution but they feel the reporting is lacking. The general feeling is also that the GUI has been the same for a very long time and there is room for improvement there. It could look a little better and then if the reports are also improved that would make a big difference all round. 

From a basic implementation point of view, there are some features that are very technical, clients want everything very granular and they always say Imperva bundles everything. You do a signature, and ABC updates and you trust what the ABC is doing. I think if it were a little more granular and detailed in terms of how, for example, a query stream is being detected or something like that, rather than just blocking something, it would give the administrator a better view and understanding of what's happening. 

I've been using this solution for almost a year. 

The physical appliances are always very stable. In terms of CPU usage, things like the gateway load, payway load, they come with a little bit more capacity on that front. I think the issue always comes with the virtual appliances where you may run out of space, or maybe there are new versions of whichever hypervisor you are running that could change and maybe affect the virtual machines running on top. On the physical side, there's never an issue, it's stable. 

Database security is highly scalable because depending on the number of sites available, you're able to assume that you have the running agent. You can then access the IP for the gateway, you can log in your logs which are managed by the NX, so it's all fine. It's highly scalable for the database. I think even if you have branches all over the country, you can manage them centrally where you have agents monitoring whichever database is allocated to whichever site. We have deployed over 60 projects all over East Africa. I currently handle four, which are two application and two database.

Their technical support is good and the response is guaranteed until the problem is solved. I think when it comes to response time, it's always very quick. Maybe just one simple criticism would be that it's very hard to get a remote station with them and everything is always email and sending logs. I'd like to see more hands-on and direct contact with the environment. 

Complexity really depends on the client's environment, but I would say the initial set up for basic deployment of the components should take roughly six working days. It has to be integrated with everything. Installing links to all the other databases could take maybe another 10 work days, so around two weeks. I do the deployment. 

Customers are very, very satisfied with the licensing costs and there's not really anyone that competes with Imperva so the clients are very happy. Their requirements are covered. 

I would definitely recommend Imperva. I swear on it and try to pitch Imperva every time. I know its abilities, I know what you're going to get. I know how user friendly it is. It's easy to create policies. Reports are very okay. It's got various compatibilities, desk deployment, so Imperva is what I would recommend. 

I would rate this solution a nine out of 10. 

We generally use Imperva as a database firewall and for activity monitoring. 

The solution has to fit the organization first. Once we know the product is a fit, we support in the creation of reports. We look at the core users (administrators, auditors, accountants, etc.) who need to get information and we look at the responsibility matrix. Our responsibility is the database and we try to implement the total solution for an organization. This means reports are created for the specific needs of, say, IT security administrators, top management, IT guys, etc. This shows each group or individual what they need to know. We try to make it so database administrators do not have to directly interface with the solution by creating report editors and report creators based on the unique assessment of the organization. 

Imperva is a high-end product and it doesn't come cheap. Most government agencies don't use it because of its expense. But those who use it, like it and it's on the wishlist of many organizations.

The ability to automate reports simplifies what an organization has to do. Even the in-built reports are quite useful. But customization can make the product experience very specific and efficient.

But besides that, clients like to compare industry benchmarks and establish best practices. Report analysis can help with that.

The reporting ends up being the most visible feature even though the protection and automated blocking are as valuable. The reporting is very flexible, and users can create any type of reports they want. It gives them insight into the information they need to be effective at what they are responsible for.

I think the support needs more improvement than the product. The support we get struggles a bit to provide solutions. They take additional time to respond to support requests.

The core of Imperva can sometimes be very slow. This mostly happens when you turn on many alerts, if a lot of people log-in, or if you turn on auditing. It can get noticeably slow. Performance under a heavy load is noticeably reduced.

That could be because of scalability, but most of my major issues have to do with performance. I think it's because they run an Oracle database at the backend. If they allowed the administrators to tune the back end database it might solve the issue. If the backend database is having trouble you have to call support and that takes time. It is not efficient.

Finally, they might consider reducing the licensing fee. It's a bit high compared to the competition. 

Imperva is very stable. I think because of the core on which it is built.

The Imperva solution is quite scalable. You can start by adding it to one device and then scale it to the whole organization. 

We've had instances where we added a gateway and the end user didn't notice. It scales fluidly.

There are different levels of support that you can contract for and it is supposed to be based on priority. In our region, the level of support — whether you have paid for premium or expanded support — you get the same level of support. There are no options for same day support or one hour support. You may still get a response within an hour no matter what level you pay for. That said, we normally pay for premium support and we have been satisfied with the service when we do that.

Most of the time, the customers I deal with pick products which have a particular reputation. That may lead to their decision to go with Imperva. 

The initial setup was straightforward. We normally use Imperva's professional services, so that makes it very easy to deploy. We build on the knowledge gained in previous deployments, which makes it easier still. 

In the deployment, we want to get up as soon as possible. We know that for a typical deployment that it is usually two weeks. 

We use Imperva's professional services for most of our deployments, but we work through a distributor data group. The services are always really good. They know the company, they know the market, they know the region where we operate from, and they know the language and the culture. The knowledge of the local environment makes everything easier in completing a proper implementation.

We don't do actual studies on return on investment. The key thing is for the product to do its job. The value of good security is practically limitless and it would be hard to define in hard dollar value.

Licenses are yearly. We normally try to negotiate a perpetual license but separate annual support and maintenance.

The pricing over-all depends on the entry level. For example, if support and maintenance are about $20,000 - $25,000, the initial cost can be five times more. It is less expensive for the company to maintain the client than to make the deployment.

There are some additional costs for add-ons and scaling.

Normally, in this region, clients look at McAfee and Oracle security solutions first because of recognition. Our suggestions are normally to compare Imperva and Oracle. Clients like the reputation of Oracle because it has a large footprint and is proven in areas like databases and applications. Sometimes clients try to build database security strictly around Oracle Technology without considering other options. They are often surprised what Imperva has to offer as the name is less familiar.

Imperva is a good product if you look at its core functionality and the way it's built. It's a newer product and very consistent. Oracle has been around a long time and may suffer from that legacy a little. If clients want a product which covers all database management systems, then Imperva can work out of the box. Ideally, you can deploy within a day or two of signing a contract. Implementation time with Imperva is much shorter than with Oracle. 

I think I would rate Imperva a nine out of ten, despite the occasional performance issues. It delivers on the core functionality. If it's running well you are assured you will get the value out of it in terms of the security assurance. 

Our primary use for this solution is securing banking web applications. It protects the web service of one of the big Internet banks in Iran.

This solution has helped secure our Internet-based services, protecting us against DoS and other types of web-based attacks.

The most valuable features include the compliance with standards for security in web applications, and the ability to detect vulnerabilities.

The GUI for this solution could use some improvement.

I would like to see better support for countries in the Middle East, and other places that do not have direct access to the vendor.

Stability is great. Immediately after we deployed it, we had a good feeling about security and performance.

The scalability of this solution is good. Compared to other products, this one is more scalable.

Currently, this solution is protecting approximately twenty thousand end-users.

We are deploying new web-based services and applications, so we expect the usage to increase.

Due to restrictions because of sanctions in Iran, we do not have support for this solution. For this reason, we have done everything ourselves. This can be challenging because sometimes we have troubles upgrading the device, or obtaining new signatures.

We did not use another solution prior to this one.

The initial setup and configuration for this solution were very simple and straightforward.

Deployment in our environment took approximately one week. We begin by deploying it in a test environment. After performing some tests, we moved it to the operational environment.

Two technical staff are required for deployment and maintenance, and we have about six people, in different roles, who manage this solution.

We handled the implementation and deployment ourselves.

Our ROI from the initial payment was realized in approximately two months.

This is an affordable solution. There is an annual licensing fee for upgrading the device.

After we undertook wide research and development, we found that this product is suitable for us. Two of the products that we looked at in addition to this one were FortiWeb and F5.

Imperva is a product leader in this line, and it is very good. In fact, I have experience with other products, and I would say that this solution is best-in-class. If we had support then this solution would be perfect.

I would rate this solution a nine out of ten.

I have worked with IBM before, and I prefer its ease of deployment and management. Imperva SecureSphere Database Security has tricky deployment, whereas IBM's deployment is straightforward because of the UI.

I have been using the solution for three years.

The tool's pricing is flexible and affordable for small and medium enterprises.

I rate the product an eight out of ten.

We are system integrators, so we mostly work on implementing projects. We don't handle maintenance or administration. Our focus is on implementation.

We use it for database security, vulnerability analysis, discovery, and handling requests from applications and users.

It's not just one feature because the whole process is important, starting from discovery to protection and prevention. If we use agent-based functionality instead of a gateway, the solution becomes more feature-rich.

Mostly in areas like data masking since they previously had a product called "camouflage," but it was dropped. It would be better to have something similar to that. 

Additionally, improvements can be made in data enrichment, aggregation of data from different perspectives, and enhancing the GUI (Graphical User Interface) for a better user experience.

We have experience in implementing the solution. It has been almost four years.

I would rate the stability of this solution a seven out of ten. There's some room for improvement in terms of stability.

I would rate the scalability of this solution as seven out of ten. It's scalable, but further implementation and development would make it even better.

We have been able to handle everything on our own. As partners, we are technical savvy.

The initial setup is actually quite easy. It's not something hard to do, but having some experience with the product is helpful.

If it's only the deployment, it takes around two to three days. But if we consider tuning and ongoing processes, the time for deployment varies.

ROI depends on the use case. Most companies use it for security and compliance. So, it varies based on the specific use cases.

It's not a cheap solution.

I would recommend considering Imperva. It's important to conduct a proof of concept (POC), include a list of potential different vendors or products, and make an informed decision.

Overall, I would rate the solution an eight out of ten. 

We use this product to monitor database administrator events and activities on all services. We also use it for preventive measures. Some sensitive queries can be blocked in line before transactions occur.

It's great that we're able to send light event monitoring and administrative activities. SecureSephere has a robust recording system.

We have a lot of lost communication between the clients and the management server. This is a client-on-server solution and sometimes the agent stops communicating and it can take a lot of troubleshooting to solve the issue. It would also be helpful if they'd improve artificial intelligence. 

We've been using this solution for six years. 

The stability is pretty good. 

The scalability is good. 

The customer support is not very good. 

I don't recall the name of the previous solution but we switched to Imperva because it was less complex. 

The initial setup was reasonably straightforward. The deployment took about three months and we had some external assistance. 

This is an expensive solution. We pay an additional amount for support. 

Staff need training prior to using this product. 

I rate this solution nine out of 10.

The primary use case is specific to database security through log auditing, to identify the actions performed by various users. That gets logged. Then policies are used to see whether any action performed by a database user is below a threshold or above a threshold; whether there should there be an alert because of it.

It is used by specific teams within our organization to monitor activity, to see whether there is any malicious activity or a user who's not supposed to be performing a certain action.

It helps us look into who's doing what, particularly on databases related to critical applications. That's the way we see it as useful. We've been using it for four or five years now, and it has been bringing in the value that we expected it to.

The tool happens to be very intelligent when it comes to processing policies and sounding alerts. It allows us to implement policies and measure actions against them, raising alerts accordingly. That is the best feature.

Comparing it with other products in the market, we definitely see that Imperva SecureSphere is head-to-head with the likes of McAfee, IBM Guardium, and others. It's definitely good. The only challenge I see is that SecureSphere is deployed on servers or databases which are held on physical infrastructure. However, there are databases which are hosted on cloud platforms and Imperva has a separate tool altogether for that, not SecureSphere. If an organization is monitoring databases which are on physical as well as virtual infrastructure, running two different tools can become a problem. If that could be merged together it would be an improvement.

Having read about Imperva, I couldn't get much detail as to what their roadmap is for the future, whether they would want to merge them or not. But as a customer, if I can have one tool for various landscapes, like the databases hosted on a physical landscape as well as the virtual ones, that makes it a lot easier.

The stability has been good. In our case, we've been using it through one of our suppliers so we don't directly manage it. It's our supplier who manages it for us. The supplier happens to manage the infrastructure on which the database application or databases are hosted as well.

We don't deal with it but, getting the reports that we have been getting from our supplier, it looks pretty good as far as stability is concerned. We haven't experienced many issues. Even if there were any, it would be our supplier's responsibility to make sure that they got resolved very quickly, so they rarely come to our notice.

When it comes to scalability, as I noted, there are two different tools, one for physical infrastructure and another for virtual infrastructure.

If I want to scale it up from a physical to a virtual platform, that's certainly not a feature at this point of time. That can be a drawback. You have to look for a separate tool from the same vendor because you already have an existing tool from that vendor which is doing well. And you cannot have tools from two different vendors running on two different platforms.

We have not used technical support. Our supplier manages the tool, so we don't get in touch with Imperva if there are any issues. Our supplier does that for us.

My advice is to go to IT CentralStation and download the report on database security tools.

In general, it's all about the policies that you put into the tool to get the output. The tool itself is pretty smart. As someone who is designing the policies or the outputs or the queries, it is like putting a query into a SQL database to get the results. The better or more optimized the query is, the better output you will receive, and so it goes with this solution.

When selecting a vendor, pricing, of course, is the most important thing to look at. Then, you look at the scalability options, at how good the tool is, that it suffices your functionality requirements, and that it provides interoperability.

I rate Imperva at eight out of ten across the various areas that I just mentioned, be it interoperability, scalability, cost, or ease of installation and setup. Measuring it on each of these aspects is how I came up with my rating.