Imperva SecureSphere Database Security Reviews

The database activity monitoring module used for real time database monitoring and integrated into the security event and incident monitoring solution. Most importantly for our critical legacy databases that cannot be encrypted and require real time a activity monitoring.

It provides a more granular monitoring of database activity at the column and row level as opposed to high level database management system logs.

The professional services and customer training aspect needs to be improved.

I've used it for four years.

The first implementation was not tailored to our specific requirements and the system was basically an expensive log collector until the vendors came to capture our requirements and then made modifications. This was then followed up with training.

No issues encountered.

No issues encountered.

It's moderate.

It's moderate.

I used a different solution with a former employer.

We are a large organization with about 100 critical heterogeneous database servers. This means that one configuration does not fit all, and that made the implementation very complex. Combined with protection of sensitive information that could be logged by the solution.

We used a vendor and their level of expertise was between moderate and high.

The ROI based on the number of prevented, and detected, information security incidents can be classified as high.

We also looked at Sentrigo Hedgehog by McAfee.

Ensure the vendor clearly captures your specific database monitoring requirements and that might include importing the metadata of the database for proper monitoring. Training should be included in the implementation budget as this is a very complex solution with a wide range of capabilities.

We are system integrators, so we mostly work on implementing projects. We don't handle maintenance or administration. Our focus is on implementation.

We use it for database security, vulnerability analysis, discovery, and handling requests from applications and users.

It's not just one feature because the whole process is important, starting from discovery to protection and prevention. If we use agent-based functionality instead of a gateway, the solution becomes more feature-rich.

Mostly in areas like data masking since they previously had a product called "camouflage," but it was dropped. It would be better to have something similar to that. 

Additionally, improvements can be made in data enrichment, aggregation of data from different perspectives, and enhancing the GUI (Graphical User Interface) for a better user experience.

We have experience in implementing the solution. It has been almost four years.

I would rate the stability of this solution a seven out of ten. There's some room for improvement in terms of stability.

I would rate the scalability of this solution as seven out of ten. It's scalable, but further implementation and development would make it even better.

We have been able to handle everything on our own. As partners, we are technical savvy.

The initial setup is actually quite easy. It's not something hard to do, but having some experience with the product is helpful.

If it's only the deployment, it takes around two to three days. But if we consider tuning and ongoing processes, the time for deployment varies.

ROI depends on the use case. Most companies use it for security and compliance. So, it varies based on the specific use cases.

It's not a cheap solution.

I would recommend considering Imperva. It's important to conduct a proof of concept (POC), include a list of potential different vendors or products, and make an informed decision.

Overall, I would rate the solution an eight out of ten. 

Our primary use for this solution is securing banking web applications. It protects the web service of one of the big Internet banks in Iran.

This solution has helped secure our Internet-based services, protecting us against DoS and other types of web-based attacks.

The most valuable features include the compliance with standards for security in web applications, and the ability to detect vulnerabilities.

The GUI for this solution could use some improvement.

I would like to see better support for countries in the Middle East, and other places that do not have direct access to the vendor.

Stability is great. Immediately after we deployed it, we had a good feeling about security and performance.

The scalability of this solution is good. Compared to other products, this one is more scalable.

Currently, this solution is protecting approximately twenty thousand end-users.

We are deploying new web-based services and applications, so we expect the usage to increase.

Due to restrictions because of sanctions in Iran, we do not have support for this solution. For this reason, we have done everything ourselves. This can be challenging because sometimes we have troubles upgrading the device, or obtaining new signatures.

We did not use another solution prior to this one.

The initial setup and configuration for this solution were very simple and straightforward.

Deployment in our environment took approximately one week. We begin by deploying it in a test environment. After performing some tests, we moved it to the operational environment.

Two technical staff are required for deployment and maintenance, and we have about six people, in different roles, who manage this solution.

We handled the implementation and deployment ourselves.

Our ROI from the initial payment was realized in approximately two months.

This is an affordable solution. There is an annual licensing fee for upgrading the device.

After we undertook wide research and development, we found that this product is suitable for us. Two of the products that we looked at in addition to this one were FortiWeb and F5.

Imperva is a product leader in this line, and it is very good. In fact, I have experience with other products, and I would say that this solution is best-in-class. If we had support then this solution would be perfect.

I would rate this solution a nine out of ten.

The primary use case is specific to database security through log auditing, to identify the actions performed by various users. That gets logged. Then policies are used to see whether any action performed by a database user is below a threshold or above a threshold; whether there should there be an alert because of it.

It is used by specific teams within our organization to monitor activity, to see whether there is any malicious activity or a user who's not supposed to be performing a certain action.

It helps us look into who's doing what, particularly on databases related to critical applications. That's the way we see it as useful. We've been using it for four or five years now, and it has been bringing in the value that we expected it to.

The tool happens to be very intelligent when it comes to processing policies and sounding alerts. It allows us to implement policies and measure actions against them, raising alerts accordingly. That is the best feature.

Comparing it with other products in the market, we definitely see that Imperva SecureSphere is head-to-head with the likes of McAfee, IBM Guardium, and others. It's definitely good. The only challenge I see is that SecureSphere is deployed on servers or databases which are held on physical infrastructure. However, there are databases which are hosted on cloud platforms and Imperva has a separate tool altogether for that, not SecureSphere. If an organization is monitoring databases which are on physical as well as virtual infrastructure, running two different tools can become a problem. If that could be merged together it would be an improvement.

Having read about Imperva, I couldn't get much detail as to what their roadmap is for the future, whether they would want to merge them or not. But as a customer, if I can have one tool for various landscapes, like the databases hosted on a physical landscape as well as the virtual ones, that makes it a lot easier.

The stability has been good. In our case, we've been using it through one of our suppliers so we don't directly manage it. It's our supplier who manages it for us. The supplier happens to manage the infrastructure on which the database application or databases are hosted as well.

We don't deal with it but, getting the reports that we have been getting from our supplier, it looks pretty good as far as stability is concerned. We haven't experienced many issues. Even if there were any, it would be our supplier's responsibility to make sure that they got resolved very quickly, so they rarely come to our notice.

When it comes to scalability, as I noted, there are two different tools, one for physical infrastructure and another for virtual infrastructure.

If I want to scale it up from a physical to a virtual platform, that's certainly not a feature at this point of time. That can be a drawback. You have to look for a separate tool from the same vendor because you already have an existing tool from that vendor which is doing well. And you cannot have tools from two different vendors running on two different platforms.

We have not used technical support. Our supplier manages the tool, so we don't get in touch with Imperva if there are any issues. Our supplier does that for us.

My advice is to go to IT CentralStation and download the report on database security tools.

In general, it's all about the policies that you put into the tool to get the output. The tool itself is pretty smart. As someone who is designing the policies or the outputs or the queries, it is like putting a query into a SQL database to get the results. The better or more optimized the query is, the better output you will receive, and so it goes with this solution.

When selecting a vendor, pricing, of course, is the most important thing to look at. Then, you look at the scalability options, at how good the tool is, that it suffices your functionality requirements, and that it provides interoperability.

I rate Imperva at eight out of ten across the various areas that I just mentioned, be it interoperability, scalability, cost, or ease of installation and setup. Measuring it on each of these aspects is how I came up with my rating.

I use SecureSphere to monitor our core databases and privilege operations by administrators, and to provide compliance reports.

In terms of regulatory compliance, one of the key requirements is to ensure that our core databases are monitored. SecureSphere allows us to generate details to prove that we're compliant with all requirements.

The most valuable feature is the automatic reports on new databases, which gives us up-to-date inventory management.

Sometimes the reports are cumbersome, and you have to drill down to get more information. SecureSphere also sometimes needs a lot of maintenance to keep the agents running on the database. In the next release, Imperva should include a preventative solution that will stop an attack before it happens or read the behavior of particular accounts and act on it. They should also make SecureSphere available on mobile so that if an administrator isn't on-prem, he can access the solution via the internet wherever he may be.

I've been using this solution for almost three years.

SecureSphere has been very stable until recently, due to the addition of new source databases causing performance issues.

SecureSphere is very scalable.

Imperva's technical support has been good. In the past, it sometimes took a long time to resolve an issue, but more recently, the responsiveness has been very impressive.

Neutral

Previously, we used Oracle Audit Vault, but its reports were a little complex, and their support was not so impressive.

The initial setup was straightforward, and the deployment took between one and two weeks.

Our deployment was done in-house.

SecureSphere has resulted in us receiving audit exceptions, especially from the final details, which is a big deal to my organization since we have to be compliant.

I would recommend SecureSphere to other users and advise making a dedicated team available to work on the solution and configure the correct set of policies so they can get value for their money. I'd give SecureSphere a rating of eight out of ten.

The most valuable features are:

• DAM Module
• Third-party data source integration: Feeds automation
• Data enrichment: Provides better data quality and session handling
• API: Used for process automation

The solution has improved our organization as follows:

• Better agent performance compared to v9.5
• Gateways are much more stable
• Gateway cluster improves resource utilization and provides better resiliency
• Offers the option to manage cluster capacity without touching the agent configuration

BUGs, BUGs, BUGs. The product is under high development and the amount of bugs is bit disappointing. The product has lots of limitations which are not clearly documented. You can only find out the limitations by engaging the support

By using this product you can have only one type of date and time format which is US format. I’m EU citizen and I prefer different date format, same for time format. I would prefer 24Hour clock instead of AM/PM.

We have been used this solution for over three years.

There were stability issues in v9.5. There are no major stability issues in v10.5.

Stability is dependent on the infrastructure. If you use hypervisor, then you need to make sure to use resources and I/O settings that are optimal for SecureSphere. Otherwise, you will end up with stability and performance issues.

There are some scalability issues. There was a hardcoded limitation in the number of MXs you can connect to SOM. In addition, the bigger the infrastructure, the bigger challenge there is to create a single audit report file.

The technical support is OK. But they have big potential to do things better.

We had a previous solution. We switched because the new requirements couldn’t be accomplished with the old solution.

The installation was quite complex. We had to integrated lots of external systems in order to make it work right.

Give it a try. Write down your requirements as detailed as possible, and perform a PoC using this list. If you find gaps that require additional development, it could take some time until you actually get it.

We utilise the following components:

1. Database activity monitoring of Oracle/SQL/Sybase databases - we did have UDB running, but that was decommissioned
2. Assessment scans using mostly custom checks to check for security settings - we did expand this at one point to check for best practise, but this was discontinued

It hasn't really improved the way we function, but it has allowed us to meet several audit issues that were outstanding for many years. We tried another product, but we found it did not meet our requirements.

• Capacity management of application needs significant improvement
• Task management functionality is pretty basic, with not a lot of functionality
• I would also like to be able to replace IP addresses with DNS names for easier recognition of host machines
• The SOM feature could also be dramatically improved to allow central management of the entire feature set
• The ability to manage lifecycle of agents could be improved via central deployment of upgraded agents

I started using the database auditing/risk areas of the product in mid-2011. We use agents for monitoring database activity. We do not use the gateways for collecting data via the network.

We had several performance issues on high throughput applications due to outdated, old hardware/non-ideal settings in the agents. These were mostly on our end.

We had a few minor issues with stability, but it has not impacted our service. We did have an agent cause a reboot of a host server, but this was quickly fixed via an upgrade of the agent.

Capacity management is a major issue with the application. There is no easy way to identify when new hardware is required, or if a modification to the configuration could solve the issue. This may have been due to our method of deployment though.

We had a service provider in-between Imperva and our organisation. It did not make things easy. When dealing directly with Imperva I had good experiences with the vendor, and real issues were escalated quickly and getting access to the relevant engineering sections of the vendor was possible.

Technical support was hit and miss. Sometimes we received excellent support, and other times it was not so good. Sometimes convincing the engineering team that there was a real problem in the software was a bit harder than it should have been. Overall, compared to other vendors, support was good.

We previously used another solution, and that product was different depending on the DBMS that was being monitored. Technical expertise in DBMS technology with that vendor was poor, so we switched..

The initial setup was easy, but some of the specific requirements we had required some work. Deploying the hardware during the initial setup did not require and specific customisation for our organisation. The audit policies and assessments obviously did require customisation, but it was relatively simple. Later on, we did find some issues that were due to the setup of the site hierarchy that was not brought to our attention until one to two years later.

We used on-site vendor engineers to support the internal implementation. Their level of expertise was excellent.

This is not relevant to the production selection, as we were required to close off auditing items.

We compared IBM Guardium and Imperva SecureSphere via a POC process. We did a paper evaluation of other products to choose two products for the POC.

Go through the POC process and test all ITIL processes to ensure you understand what will be required for the entire lifecycle of implementation/support. Engage with DBA teams to provide DBA support and knowledge. If it's possible, ensure there are people who understand databases on the SecureSphere support team.

We use this product to monitor database administrator events and activities on all services. We also use it for preventive measures. Some sensitive queries can be blocked in line before transactions occur.

It's great that we're able to send light event monitoring and administrative activities. SecureSephere has a robust recording system.

We have a lot of lost communication between the clients and the management server. This is a client-on-server solution and sometimes the agent stops communicating and it can take a lot of troubleshooting to solve the issue. It would also be helpful if they'd improve artificial intelligence. 

We've been using this solution for six years. 

The stability is pretty good. 

The scalability is good. 

The customer support is not very good. 

I don't recall the name of the previous solution but we switched to Imperva because it was less complex. 

The initial setup was reasonably straightforward. The deployment took about three months and we had some external assistance. 

This is an expensive solution. We pay an additional amount for support. 

Staff need training prior to using this product. 

I rate this solution nine out of 10.