Try our new research platform with insights from 80,000+ expert users
it_user504735 - PeerSpot reviewer
Assistant lead - Security Operations at a comms service provider with 10,001+ employees
Real User
The technology includes unique correlated attack validation. My suggestion to Imperva: Improve the UI.

What is most valuable?

Web application security is pretty good. I have encountered very low false positives.

The correlated attack validation (CAV) is one of the unique aspects about the SecureSphere technology I like.

How has it helped my organization?

First of all, the product is useful for securing the websites of our company, which is basically preserving our brand value in the market.

Secondly, the product is very much competent with evolving threat vectors in cyberspace. Hence, this piece of security requires very few fine tuning efforts be put in place; everything falls right into its exact place.

What needs improvement?

The user interface is kind of a let-down. The graphics, tabs, and other various options are quite jumbled and confusing. My only complaint/suggestion: Improve the user interface.

For how long have I used the solution?

I have been using it for 18 months.

Buyer's Guide
Imperva SecureSphere Database Security
December 2024
Learn what your peers think about Imperva SecureSphere Database Security. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What was my experience with deployment of the solution?

I would like to talk about the upgrade scenario (deployment). First of all, it is complicated; secondly, many manual settings need to be done when you move from one version to another. They don’t automatically get replicated into the newer version, something which I encountered only in Imperva products. The boxes should have built-in scripts to reconfigure the settings and carry out a smooth migration.

How are customer service and support?

I didn’t interact much with tech support. But from what I’ve heard, it’s on par with industry standards.

Which solution did I use previously and why did I switch?

Imperva from the beginning!!

How was the initial setup?

Initial setup was complex, but security is not that easy to be figured out in simple clicks, so I guess it’s okay.

What about the implementation team?

We have resident engineers from Imperva and they are quite good at what they do.

What other advice do I have?

Before implementing this product, get your hands dirty with the world wide web. The more you know about the internet, the more useful it is.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1787367 - PeerSpot reviewer
Manager - IT Security
Real User
A straightforward solution for compliance, security, and visibility over data access
Pros and Cons
  • "There are three major main use cases of this solution. The first one is to fulfill compliance regulations. Customers—especially the banks, health sector, and manufacturing—need to comply with the regulations in different countries. They have to fulfill compliance regulations around the privacy of data. In order to fulfill those requirements, they're using Imperva. It helps them to fulfill these requirements, and they are not fined by the regulators. That is the first use case why people buy Imperva."
  • "They can maybe look at its pricing model. Its pricing could be cheaper for the African countries or developing economies."

What is our primary use case?

I'm the product manager for Imperva in Africa for a distributor. I manage it every day, but I don't personally use it. We sell Imperva to customers in 17 countries. 

Its deployment depends on the customer. Some customers have their databases in the cloud, and if they have them in the cloud, we give them the cloud database security of Imperva. If their database is on-premises, then we deploy it on-premises, and the reseller implements the solution on-premises.

What is most valuable?

There are three major main use cases of this solution. The first one is to fulfill compliance regulations. Customers—especially the banks, health sector, and manufacturing—need to comply with the regulations in different countries. They have to fulfill compliance regulations around the privacy of data. In order to fulfill those requirements, they're using Imperva. It helps them to fulfill these requirements, and they are not fined by the regulators. That is the first use case why people buy Imperva.

The second one is for security itself. They don't want a cybercriminal to have access to the data. Imperva is a security solution, and you can use it to block unauthorized access to your data. 

The third one is related to rightful access to the data. They want to know:

  • Who has access to the data internally?
  • What queries were being issued on the database?
  • What time did they log in?
  • What is going on within the environment?
  • Who is touching the data?
  • What are they doing with the data internally? 

Customers or organizations want to have access or have visibility into all these.

What needs improvement?

They can maybe look at its pricing model. Its pricing could be cheaper for the African countries or developing economies.

For how long have I used the solution?

I have been using this solution for three years.

What do I think about the scalability of the solution?

It is very scalable. If a customer wants it for five database servers, he gets licenses for five database servers. Tomorrow, if they want licenses for two extra databases, they can just buy the extra two licenses. It is very scalable and very straightforward.

How are customer service and support?

Their support is fantastic. It is 24/7. You raise a ticket, and you get someone assigned to you immediately.

I would rate them a five out of five. In a worst-case scenario, it would be a four, but it's always very straightforward. We get a very quick response.

How was the initial setup?

It is very easy and very straightforward. There are no complications.

What's my experience with pricing, setup cost, and licensing?

Its pricing could be cheaper for the African countries or developing economies. The British pound is valued way more than the currency of most African countries. A better or cheaper pricing model for Nigerian and African customers would be better.

It has a per-year subscription model. You pay exactly for what you need. That's all. You don't have to buy what you don't need.

What other advice do I have?

It is very straightforward. It is probably the best solution out there in terms of data security. About 90% to 95% of the banks in Nigeria use Imperva. When you have such a success story in Nigeria, Ghana, and of course, many other African countries, you can be sure that you are getting a very good solution. 

I would rate it a nine out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Buyer's Guide
Imperva SecureSphere Database Security
December 2024
Learn what your peers think about Imperva SecureSphere Database Security. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
it_user499686 - PeerSpot reviewer
Senior Database Administrator at a media company with 1,001-5,000 employees
Real User
It helped us classify our large inventory and apply additional security controls based on the data classification.

Valuable Features

  • SecureSphere Database Assessment
  • SecureSphere Database Activity Monitoring

Improvements to My Organization

It was instrumental in scanning a large inventory of databases to identify sensitive data. Using Imperva Assessment scans, we were able to identify SHR, PII & confidential data sources in a large inventory of database systems.

This helped us classify our large inventory and apply additional security controls based on the data classification output.

Room for Improvement

I would like to see a better web management console; the UI is not very intuitive, unless you really know what you’re doing. And scan error details should be readable from the web console, instead of running Unix commands on the backend server to view detailed logs.

I would like to see improvements in setting custom device configuration (e.g., Server Name, TCP Port for connections). In a large inventory, it is a time-consuming process if you need to change any configuration.

The web management console UI, could be much more user friendly. The product is pretty powerful, but the management UI is not very intuitive, i.e. not very user friendly and can be improved to make it much better.

When the DAM scans contains errors, the web UI should have the ability to show detailed logs in the web console, instead of requiring an admin to query the back-end server via commands to retrieve scan error logs. This limited web functionality causes extra work when scanning a large inventory where sometimes some servers return scan errors.

Use of Solution

I have used it for 3.5 years.

Deployment Issues

I have not encountered any deployment, stability or scalability issues.

Customer Service and Technical Support

While configuring custom strings for data classification, we did engage Imperva Support and they were very helpful in setting up custom hex strings to help with our data classification. The response time was good too.

Initial Setup

As mentioned above, Imperva was already set up in our Enterprise environment and we only had to add on the Database Assessment module license to our setup.

Implementation Team

It was implemented in-house.

ROI

During the evaluation phase of the project, many of the IT service providers we spoke to quoted figures ranging from half-a-million Australian dollars and up. This cost was inclusive of X people they proposed to get the job done. Imperva DAM was already included in our Enterprise licensing and until last year, we didn’t have a use-case for it. With this project, we had no second thoughts about adding this module license. Excellent ROI using the automated scans, especially comparing it to the manual method proposed by many vendors.

Other Solutions Considered

We did evaluate many software solutions & IT service providers, but none of them were close to meeting our project objective. We had a vast inventory of 5000+ databases, hosting data for thousands of applications, each having different schema & naming conventions. We did a Proof of Technology (PoT) in-house using the Imperva DAM module and, with a few tweaks, it met our project needs. Considering we were already using Imperva for different security assessments, it was an easy decision to add on the Database Assessment module and use that in our infrastructure.

Other Advice

Out of the box, Imperva comes with a lot of security modules & features that straight away add value to your organisation’s security objectives. That’s just the beginning in my opinion. There are enough customization options available for administrators to get Imperva to work for them the way they want it to. The ability to use custom scripts for scans and the ability to use TCP-level capture of database events are excellent features to use in an enterprise.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Arnab - PeerSpot reviewer
Data Analyst at a tech services company with 11-50 employees
Real User
Top 5Leaderboard
The tool has good database reporting features, but setup and licensing are quite expensive
Pros and Cons
  • "Database reporting features are valuable to us."
  • "The GUI is bad."

How has it helped my organization?

The solution helps us with monitoring the databases, servers, and activities.

What is most valuable?

Using the product is a good experience. Database reporting features are valuable to us.

What needs improvement?

The GUI is bad. The product must focus on improving its reporting features and the dashboard.

For how long have I used the solution?

I have been using the solution for nine months.

What do I think about the stability of the solution?

I rate the tool’s stability a five or six out of ten. The glitches and errors have recently been quite high because they allow connection to databases without verifying or discovering the database. We have to keep in mind that we must monitor all the time.

What do I think about the scalability of the solution?

The scalability is pretty good. I rate it a seven out of ten.

How was the initial setup?

The setup can be a little complicated.

What was our ROI?

For the pricing that the solution provides, the return on investment is good for large companies. It's quite expensive for small to medium businesses.

What's my experience with pricing, setup cost, and licensing?

Overheads like physical databases and servers can be a little bit expensive. The setup and license are quite expensive.

What other advice do I have?

I would not recommend the product to small and medium businesses. Overall, I rate the tool a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1370415 - PeerSpot reviewer
Information Security Analyst at a financial services firm with 501-1,000 employees
Real User
CounterBreach detection feature is a key benefit for us; management of the solution can be a challenge
Pros and Cons
  • "The integration with CounterBreach is great."
  • "Database security from the access management perspective could be better."

What is our primary use case?

Our use case for the solution is for monitoring, reporting and access management as well as looking for alerts in anomalies of behavior. I'm an information security analyst and we're a customer of Imperva. 

What is most valuable?

The integration with CounterBreach, which is the anomalous behavior detection feature, is the coolest thing and it's quite user friendly as far as the console goes. 

What needs improvement?

I think the biggest challenge with their product is the management of it. Not that it needs a lot of engineering, but it requires a lot of upkeep and deployment of a lot of servers that require regular updating. If you want to make any changes it's a lot of work to get things moving. I personally find it quite difficult to work with in that regard.

The product would be better with improvement to the database security from the access management perspective. A lot of it falls into content on the database and is difficult to retrieve. Also, looking into databases themselves, table sets and data sets and being able to retrieve that information.

For how long have I used the solution?

I've been using this solution for a couple of months. 

What do I think about the stability of the solution?

I think it's a pretty stable product, but there's a lot you need to know about it. It's not like most fast products that you can just log in and get a feel for. You have to really get an understanding of how it was set up and the policies that are in place on it. 

How are customer service and technical support?

The technical support is all right. They're not great, they're not terrible.

What other advice do I have?

I would recommend including the entire team on the initial implementation because it's something that's not easy to pass along down the road. There's a lot to understand initially, and to upkeep it you have to know all that information.

I would rate this solution a seven out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Security Professional with 501-1,000 employees
Consultant
Top 20
With the audit log system, it can secure an audit trail from privileged users with user logs on a physical server, but the UX is not great and sometimes confusing.

Valuable Features

There are many features that are valuable, it depends on the purpose. If the purpose is compliance or auditing, the most valuable feature are the audit log system, as it helps you to secure an audit trail and from user to action even if the user are privileged and even if the user logs in on the physical server. If the purpose is security the most valuable feature are the way it can drop and prevent the access of sensitive table/data set by rules and policies. Lastly, if the purpose is availability, the most valuable feature is the way it can drop connections set by rules and policies.

Improvements to My Organization

If the purpose is compliance or auditing, ex PCI-DSS you need a system like this to pass part of the compliance. As I help customers with compliance, this is a great tool to make it all "simple" and the report part makes the lives easier for the users/auditors.

If it's used for security, this, or systems like this, are the last line of defence, and you will prevent incursions, or at least know what happened, and what was stolen.

If it is to be used to monitor availability, you will only know the real ROI if you are a victim of a large attack, then you can pat yourself on the back and say "Yay! We prevented that". This cannot be achieved solely on the Imperva system and you need the full suite of WAF.

Room for Improvement

This product needs a good team of UX people, because it's not always that understandable, and sometimes it's straight up confusing.

Deployment Issues

They did have some issues with HA and Clustered environments, but it is supposed to be fixed in v12, which I have not tested.

Stability Issues

No issues encountered.

Scalability Issues

There are issues, but it is supposed to be fixed in v12, which I have not tested.

Customer Service and Technical Support

Customer Service:

It's good, but it's a big company, so you need to know the paths to get the most out of it.

Technical Support:

It's very good.

Initial Setup

This is a complex system, and all other in the same league are just as complex. There are no workarounds to simplify it.

Pricing, Setup Cost and Licensing

It's expensive, and their licensing is kind of strange, but it is what it is.

Other Solutions Considered

We also looked at IBM InfoSphere Guardium.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a partner/vendor.
PeerSpot user
it_user561654 - PeerSpot reviewer
IT Security Consultant at a tech company with 501-1,000 employees
Vendor
Blocks external and internal attacks on protected servers in real time.

What is most valuable?

Data discovery and classification: It gives you the ability to find your sensitive data where it exists, even though you may not have known it was there.

Vulnerability assessments: This feature helps you to know the possible vulnerabilities in your protected servers.

Database firewall: This is the most important feature. It provides you with the capability to block attacks (external or internal) in real time to your protected servers.

How has it helped my organization?

This product has helped us to protect the environment against malicious activities. We have detected some security violations and have taken actions against them.

What needs improvement?

Imperva must work on more features for z/OS.

For how long have I used the solution?

I’ve been using SecureSphere for four years.

What do I think about the stability of the solution?

We had some issues but they were attributed to bad administration.

What do I think about the scalability of the solution?

Scalability is one of the most powerful features of Imperva. We have grown easily, once it was necessary.

How are customer service and technical support?

Support is good. The Imperva engineers have excellent technical knowedge.

Which solution did I use previously and why did I switch?

We made a PoC with other solutions but Imperva was the best.

How was the initial setup?

The initial setup was really easy. This product has a friendly wizard and in a few simple steps, we implemented it without troubles.

What's my experience with pricing, setup cost, and licensing?

The product is not cheaper, but is one of the best options. Besides, the other options have more or less the same pricing.

Which other solutions did I evaluate?

We evaluated IBM Guardium.

What other advice do I have?

They must take into account that this solution, like others, must be sized correctly. If they do not size the solution correctly, they might have some issues.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a premium channel of this vendor.
PeerSpot user
it_user949830 - PeerSpot reviewer
IT Security at rmrf-tech
Real User
Provides us with the tools we need to defend against Botnets and DDoS attacks
Pros and Cons
  • "The functionality is very useable and easy to understand."
  • "It would be better to update the solution by using a GUI that guides me, rather than through a CLI."

What is our primary use case?

I am using Imperva in different projects for application defense.

How has it helped my organization?

This solution provides analytics using rules in the application. For example, it can report who most often uses certain queries.

What is most valuable?

The most valuable feature is the protection from Botnets. The DDoS attack is one of the things that it protects against.

The functionality is very useable and easy to understand. It is also easy to update if you follow the instructions.

What needs improvement?

It would be better to update the solution by using a GUI that guides me, rather than through a CLI. It would be best if it were simply updated automatically from an admin page.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

I think that the stability is fine, although sometimes the server is down.

What do I think about the scalability of the solution?

It is easy to scale. I use only universal appliances and I know exactly how they work.

Three people use this solution on a single server for a few services.

How are customer service and technical support?

We have contacted technical support a few times, and the experience was ok.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup for this solution is very easy. Just start it up, log in, and the instructions are there. It is launched from an FTP server and takes four or five hours.

What about the implementation team?

We handled the implementation in-house.

What was our ROI?

It is difficult to say because it has stopped some attacks, but I have nothing to compare against when the solution was not being used. It can protect against attacks, but I cannot say how much money it has saved.

What's my experience with pricing, setup cost, and licensing?

Licensing fees are on a yearly basis, and it is a good value for the money.

Which other solutions did I evaluate?

I was not involved in the selection of the solution.

What other advice do I have?

There are many functions in this solution that I do not use at this time.

This is a fine product, and one of the best. We needed it for DDoS protection and for Botnet protection, and all of this works fine.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Buyer's Guide
Download our free Imperva SecureSphere Database Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Product Categories
Database Security
Buyer's Guide
Download our free Imperva SecureSphere Database Security Report and get advice and tips from experienced pros sharing their opinions.