Imperva SecureSphere Database Security Reviews

Most of our clients are banks and insurance and financial institutions that want to achieve compliance. They want to achieve auditing for their regulatory compliances as well. On the database side, that includes being able to monitor DBS and to block certain activities on the DVF. On the application side, it also has to be preventative and that's also part of compliance. This solution enables clients to achieve data security, whether on cloud or on prem. We offer support services and we are a service provider for database security through Imperva and also application security through Imperva to our clients. I'm a cyber security engineer and we are gold partners of SecureSphere DS. 

I would say the discovery module is the most valuable feature as it provides good visibility of the database environment to particular sites. It scans the entire front of the environment to detect any new databases found just to make sure there are not any malicious things going on. I think it's a very powerful tool in that sense. It also helps that the solution is able to block queries that are able to be run by given database administrators on databases and manages user rights. 

I've been part of various projects and also interact with clients because I do pre-sales. Most of the feedback I receive relates to clients wanting to see an improvement in the reporting. They like the ability and functionality of the solution but they feel the reporting is lacking. The general feeling is also that the GUI has been the same for a very long time and there is room for improvement there. It could look a little better and then if the reports are also improved that would make a big difference all round. 

From a basic implementation point of view, there are some features that are very technical, clients want everything very granular and they always say Imperva bundles everything. You do a signature, and ABC updates and you trust what the ABC is doing. I think if it were a little more granular and detailed in terms of how, for example, a query stream is being detected or something like that, rather than just blocking something, it would give the administrator a better view and understanding of what's happening. 

I've been using this solution for almost a year. 

The physical appliances are always very stable. In terms of CPU usage, things like the gateway load, payway load, they come with a little bit more capacity on that front. I think the issue always comes with the virtual appliances where you may run out of space, or maybe there are new versions of whichever hypervisor you are running that could change and maybe affect the virtual machines running on top. On the physical side, there's never an issue, it's stable. 

Database security is highly scalable because depending on the number of sites available, you're able to assume that you have the running agent. You can then access the IP for the gateway, you can log in your logs which are managed by the NX, so it's all fine. It's highly scalable for the database. I think even if you have branches all over the country, you can manage them centrally where you have agents monitoring whichever database is allocated to whichever site. We have deployed over 60 projects all over East Africa. I currently handle four, which are two application and two database.

Their technical support is good and the response is guaranteed until the problem is solved. I think when it comes to response time, it's always very quick. Maybe just one simple criticism would be that it's very hard to get a remote station with them and everything is always email and sending logs. I'd like to see more hands-on and direct contact with the environment. 

Complexity really depends on the client's environment, but I would say the initial set up for basic deployment of the components should take roughly six working days. It has to be integrated with everything. Installing links to all the other databases could take maybe another 10 work days, so around two weeks. I do the deployment. 

Customers are very, very satisfied with the licensing costs and there's not really anyone that competes with Imperva so the clients are very happy. Their requirements are covered. 

I would definitely recommend Imperva. I swear on it and try to pitch Imperva every time. I know its abilities, I know what you're going to get. I know how user friendly it is. It's easy to create policies. Reports are very okay. It's got various compatibilities, desk deployment, so Imperva is what I would recommend. 

I would rate this solution a nine out of 10. 

We primarily use the product for data security.  

The feature that I have found the most valuable is the firewall component.  

What I would like to see improved is Imperva making further development in terms of them going to the Cloud. Our business is moving to the cloud, so we want to have cloud availability as an option. Imperva can do the cloud database, but they are still working at building it out and it does not seem to me to be fully operational.  

We have been using Imperva for a little bit more than six years.  

We are experiencing good stability with this product. We have not had any crashes and no major problems navigating its management.  

I think that SecureSphere is very scalable. Across our whole company, everyone is using it. We are 50 people. Right now at this size, we only require two people for maintenance.   

The technical support for Imperva is super, super, super. They have a very experienced support team. They can diagnose all of our issues and are always very fast. They have very good documentation and knowledgebase resources that add to the depth of their support.  

I have previously used McAfee as a similar solution. We decided to switch because McAfee is a little bit tricky to get to work the way it should work. I had experience with their version 6.4 solution and it used a lot of resources and had too much overhead.  

The initial setup is moderately difficult. You have to understand the database and how the database communicates and also some knowledge about the platform. For example, if you have got the Unix environment you have got to understand how to work with that together with the product.  

Initially, SecureSphere was expensive but they have incentives on their packages now. They have introduced new price models, which makes the product more affordable now. It is now at a pricing level in the range where most people are looking for this type of solution.  

Before choosing Imperva, we did evaluate other options including IBM Guardian Data Protect and also Oracle Audit Vault. In the end, we finally made the choice to go with Imperva first of all because they are a company that is very much into digital security. Security is the central focus of their business, so that is one of their strong areas. Then their product support is one of the best. The solution is very advanced in terms of comparing their available resources and training to other companies. These resources make it a very complete solution.  

Imperva Security Sphere is something that I recommend any day, anytime because they are very much focused on security as a passion. So you find it has tons of capacity for scalability. It is focused on security. Even the solution's usability is very good.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product as a nine scored out of ten possible points.  

Features that I would like to see to make it to ten-out-of-ten means that they will need to add a few things. First, they need to onboard database encryption features. Then they need to add some of the other features which they do not have that other competitors already have. They can do more to offer a broader range of features and be more feature-rich.  

We primarily use the solution for auditing purposes so collecting and archiving of logs.

The solution is very good for auditing purposes, including collecting and archiving logs. 

We appreciate that we can use it on the DB server without harming the performance of the database is fantastic. It doesn't feel like it's lagging.

The initial setup is very simple. 

Overall it's a solid product.

The pricing is okay.

The support could be improved.

The product needs to perform better in extremely busy databases. It does not do really well where the DB is extremely, extremely busy. 

The updates could be better.

The UI can be improved. 

The ability to narrow down to the right environment could be helpful. They need to allow users to find an easy way to drill down to what's important.

I've been using the solution for three years now. 

The solution is solid. The stability is good.

The scalability is okay. However, if you're going to set up a redundancy, it needs to be in the same data center, as the manager that manages the entire system needs to share the data, and therefore they need to basically work in the area where they have direct connectivity between the sites. In our case, we have multiple data centers, and we distribute the connectivity and we can't achieve that. 

The solution's scalability isn't based on users. Even if you have one person using it, you might have 300 databases. It's not about the number of users, it's the number of databases.

The support isn't as good as it could be. We are not quite satisfied with it.

We previously used Oracle.

The solution is very simple and straightforward. It's not too difficult or complex. 

The solution isn't crazy-expensive. It's reasonable. 

We pay for the solution on a monthly basis.

I'm a customer and an end-user.

I'd recommend the solution to others. It's a very solid product. 

I'd rate the solution at an eight out of ten.

We use it for database activity monitoring. We use it to monitor all the traffic that comes to the database to know about the operations that are happening on the database. 

At the moment, it is on-premises, but we eventually would like to go to the cloud.

It serves as a way and means to see if any unauthorized person is trying to access the database. It helps to implement specific rules to ensure that only authenticated people have access to the database.

The beauty of it is that it provides segregation of duties. Typically, in the traditional environment, DBAs administer the database, and they have too much access. We are in the process of implementing other Oracle solutions, and it brings some kind of segregation. Just because someone is a DBA does not mean that he or she should have access to all of the data. Some of the data can be masked so that privacy and security are enhanced, especially when it is customer data for an institution like a bank.

It is quite expensive. I would prefer a lower price. 

In terms of features, I started using it this month. I need more time to explore it.

It has not been long. We implemented it this month. 

We are currently doing a PoC, and there are a few issues that we are trying to resolve. When all of those issues are sorted out, we can start measuring the stability of the solution.

We haven't scaled it yet.

We are working with their technical support. They have been good so far.

It is straightforward, but it depends on the organizational policies and rules in terms of the infrastructure. For example, when you deploy it in an environment like Oracle, it is probably fine, but in other environments like Cisco, there could be some issues that you have to troubleshoot. It is more of an infrastructural or environmental issue.

We started with the PoC. It was implemented within two days. We are now doing monitoring to ensure everything is still fine.

It is quite expensive. We wanted it in my former organization, but the price was very high. So, we couldn't purchase it. I moved to a different organization, and this organization has purchased it.

It is a fantastic solution. It is very good, but the only issue is that if you don't have enough money, you cannot use this solution.

I would rate it an eight out of 10 for now. After exploring it more, I might rate it higher.

The primary use case is for database monitoring. We are also using the blocking part, which is used for: 

• Any suspicious activities which are done, such as delete command and query command, outside the admin, the solution is supposed to block them.
• The blocking of compromised databases through cloning. Blocking will not allow the cloning.

We use it for blocking and auditing. Our job is monitoring. We are a government entity and provide services to other ministries. We use Imperva for its Database Activity Monitoring and File Integrity Monitoring tools. We have also enabled Database Firewall.

As we are very sensitive to financial impacts, this product provides great protection for our organization.

It enabled us to monitor the most critical DBA activities, and most critically helped us identify default accounts and passwords. Additionally, with this solution we were able to block an external attack on our Oracle DB.

• DB Activity Monitoring
• DB Firewall
• CounterBreach

Their web application firewall (WAF) is quite good.

They have to put more focus on the administrative part of the application, especially on upgrades. There are a lot of packages to download and install that you have to be knowledgeable on. For example, we tried to install a version, and it did not work. Then, support had to become involved.

They should add an application availability dashboard feature and should focus more on the alerting mechanism.

There is a problem with the integrations. I would also like to see improvement in the integration part of the tool. This should be an easy process. For example, I had an issue with the integration of a file server. 

Within the endpoints, the communication is breaking down most of the time. Sometimes, once the communication stops, it does not resume again.

They could approve monitoring in the next release. E.g., right now, we lack the ability to know when databases are down. This is something we could use monitoring to mitigate. 

The stability is good. Sometimes the gateways disconnect and connect again automatically.

We have a dedicated staff person for maintenance: alert, fine tuning, and adjustments.

The solution is scalable. I would rate the scalability as an nine out of ten. We have used this solution since 2014 but have not encountered any scalability issues so far.

Within our organization, we have around 500 users. Our site protects approximately 70,000 end users.

When the technical support is required, they assist us. I would rate them as seven out of ten because they are not so good due to the due to differing time zones. 

We managed by using the regional vendors. Overall, the support is effective.

We previously used IBM Guardium. Before 2015, it was bit complicated to use.

A bit complex, but following the instructions and the manual guide is enough for the initial setup. A little knowledge helps.

We used the Imperva Professional Services for the configuration in our environment. It is important to have experienced professionals do these changes.

The initial deployment for our team was a failure.

The implementation took one week. Afterwards, the configuration started, then the use case testing. Overall, it took for us around one month.

Our local partner is now supporting us. Gulf IT has very good experience in the Middle East. They are nice to work with and supporting us well.

We have seen ROI, as it protects our company from threats.

This tool helped us mitigate audit risks by 100 percent.

We have all the licenses, which we pay for annually. The price is a little high, but the product is good.

Yes, Guardium.

Identify the proper use cases, then implement it.

Resource overhead management is a good option. The OS chain option provides the real user behind the DB application user.

WAF is a great security layer to protect an organization from a wide spectrum of application attacks residing in OSI layer 7. The Imperva device relies on signature-based policies, as well as on a web correlation engine. In addition, the packet inspection can be enhanced with the aid of stream signature policies, which are policy items focused on the stream rather than the HTTP/HTTPS protocol. Imperva can easily match a web user to the requests launched from his client. While the default policy subset is very rich and covers different regulations (e.g., PCI, SOX), there is always an option to create custom policies addressing specific needs. Security alerts are comprehensive of all the necessary details for the analysis, such as connection details, signature triggered, alert type (e.g., Protocol, Profile), severity and followed action (e.g., syslog forward, IP monitoring).

DAM also provides great value to audits and again, the data monitoring policies by default are very rich.

If you don't know exactly what kind of data you store in-house, SecureSphere allows you to actively scan and classify your information, automatically providing you detailed status of the data, which can be further reviewed and finalised by analysts or DBAs. This is also valid for user rights on the data, understanding the level of privileges granted to users and suggesting countermeasures in detailed aggregated charts and reports.

Once under monitoring, the data can be reviewed with an intuitive interface that allows the analyst to drill down, quickly narrowing the scope in a few clicks and focusing the attention only on the relevant queries. Once the pattern is identified, it is even possible to quickly report a detailed status of the findings, as well as generate a report template for future uses. This is on the hot data, what we have available in the management database. The time span can be increased indeterminately with a good retention configuration, combined with a SAN that stores the cold data, partitioned in daily slices and ready to be loaded into a separate database space for archives.

This is brilliant if you think about scalability, for you can obtain a very big archive while preserving system resources and performance. However, to get this configuration, in-depth tuning is needed for several weeks in order to get all relevant metrics (e.g. data stored per day, data spikes, backup speed, link transfer capacity, etc.) and adopt the appropriate customizations.

Audit data can also be correlated with application users by obtaining a detailed match of the database queries executed according to a particular web user’s HTTP requests.

The FAM module allows organizations to continuously audit storages and network shares and keep a detailed record of every file operation across the company. Scans are available also in this context, providing user rights as well as access to the monitored files. A data classification is also possible with the FAM.

All of Imperva’s features are extremely powerful, while a certain degree of knowledge is required to have a solid understanding of the product.

Imperva helps you comply with data regulations such as SOX or PCI. It helps SOC analysts to enlarge the scope analysis, significantly providing great procedures to drill down into the audit or a customizable enrichment fed by several types of input, e.g. Active Directory or other external platforms, and even a layer 7 inspection. When fully integrated, the application user requests are bound with the queries executed, giving a comprehensive picture of how your web application interacts with the data layer highlighting all possible security flaws in the data management, code bugs or server misconfigurations. All this logical data collection is effectively arranged into detailed profiles from where it is possible to spot the unusual deviations or to create advanced conditions to trigger upon this baseline. Think about access to PCI data from users different to the ones allowed, such as DBAs, only from a certain subnet, let's say the external network, out of the business hours, like nights or weekends. This is one possibility of what Imperva can achieve in your organization to protect the data from unauthorised users.

To have the mind at ease with a security solution has been always a chimera. Even SecureSphere suffers from some limitations, which I believe will be handled in the near future. I see two main things to improve at this point:

• SSL tunnel support for z/OS agents
• Capability to retain live audit policy data for several months; sometimes, on certain installations, this is not feasible due to the big data streams involved in the scope.

I've been supporting the Imperva technology since version 8.x. I have a company that provides consultancy services and I support Imperva.

From versions 9.5 and later, the Imperva solution has reached an optimum level of stability. On every unusual state reported, I was always able to relate it to misconfigurations or other hardware limitations and never to major bugs or software problems.

Again, Imperva works great when you need to increase managed devices, add new gateways or even change the operational modes of the latter.

On a scale from 1-10 (1=worst, 10=best) I would say technical support is 9. Support is always guaranteed and every internal SE has been always competent and ready to assist.

I tested different audit and WAF solutions and the one I was always more comfortable with is Imperva.

Setup is actually complex due to the nature of the product and needs deep knowledge of the solution to get things working with minor effort. If you don't know exactly what kind of solution are you deploying or even the installation steps to get the environment fully working, you won't be able to install it easily.

I am a technician, so I am not very confident discussing this topic.

Doing the initial Imperva training before putting your hands on the product helps a lot. Getting assistance from Imperva during the initial stage of your new environment is highly recommended.

We primarily use the solution  just to monitor database activity on all the in-house databases.

I like almost everything about the solution. That includes sensitive data scanning, which is what is the most important. The data discovery is great as well. 

I like the activity monitoring. That was the main reason we purchased the tool.

The integration is great.

They do quite a lot of feature updates. 

The solution needs local support.

They need to do a little bit more knowledge-sharing with the tool. Knowledge-sharing is not what you normally get with Microsoft, Symantec, or any other tools that are leaders in their respective spaces. This is more of a closed-group type of solution only, whereby the information is only accessible to certain groups, or maybe in certain countries. It needs a broader, more accessible knowledge base. 

There could be more on the monitoring side of things. They need more monitoring tools within the tool itself. Although it does a good job monitoring databases, in terms of the health of its agent gateways to verify communication and all that, there are basically no utilities available within the tool.

I've used the solution for a little over three years. 

The stability is average. I'd rate it three and a half out of five in terms of stability. It's not too bad. 

This is a highly scalable product. I'd rate it four out of five in terms of its ability to scale. 

We have 15 people using the solution.

Local companies have limited exposure to the tool There's professional support and support from the providers, however, if they don't know too much about it, they cannot provide adequate help. 

Positive

While I didn't handle the initial deployment myself, from the training I have done, it is my understanding that the implementation process would not be that hard. 

I'm not sure how many people were involved in the deployment. 

I handle any maintenance myself with the sales provider. There might be six people available to maintain the product. There would be about three from the customer side and two from the service provider's side.

We did have a third party assist with the initial setup. They were from the vendor. 

I am not sure how much the licensing is exactly. that said, my understanding is that it is expensive. 

We're customers and end-users.

We are using the latest version of the solution. 

It's pretty good in terms of capabilities. I'd rate it eight out of ten. 

Database auditing has become simple and easy, releasing storage previously used for native database audit processes. We found new patterns of database users' behaviour and corrected some user authorisations.

Mainframe mappings/agents/optimization for CPU usage are areas with room for improvement.

Agent on z/OS does not have a limit for CPU usage like on other platforms. If
you specify filter too "wide", the agent would consume too much cpu so that
could cause more cost for your mainframe. Agents are a bit special for
configuration because the logic is different than the one on other
platforms.

That is because mainframe agents were originally from Tomium company that
was acquired by Imperva some time ago. They still run the same code, just
little improved.
At this point, my configuration does not collect what I expected, but that
could be due to bugs, that is expected to be solved in version 12 of the
SecureSphere.

You can say for sure that security audit costs money - in this case, your
mainframe CPU money.

I have been using it for 18 months.

We had a problem with mainframe DB2 mappings; incorrect results due to bug. A fix is expected in DAM (Database Activity Monitoring) version 12 in March 2017.

I have not encountered any stability issues. Only, you need to optimize the data/events you are receiving. If you have too much input, you will have a stability problem (in that case, lower event throughput and increase manager memory).

I have not encountered any scalability issues. It's flexible.

Customer service is excellent, 5/5.

We did not previously use a different solution. We had some pilot projects and chose this solution.

Initial setup was straightforward and it was simple/easy to install and customize.

A combination of in-house and local support teams implemented it. We are satisfied with their level of expertise.

ROI is good. We needed this system for getting ISO 27001.

Be careful if you have a mainframe. Calculate well...

Before choosing this product, we evaluated IBM InfoSphere Guardium.

We are very satisfied with this product. It's simple to use, customize and administer. Installation is simple and easy, even on mainframe.