Imperva SecureSphere Database Security Reviews

We use it for database activity monitoring. We use it to monitor all the traffic that comes to the database to know about the operations that are happening on the database. 

At the moment, it is on-premises, but we eventually would like to go to the cloud.

It serves as a way and means to see if any unauthorized person is trying to access the database. It helps to implement specific rules to ensure that only authenticated people have access to the database.

The beauty of it is that it provides segregation of duties. Typically, in the traditional environment, DBAs administer the database, and they have too much access. We are in the process of implementing other Oracle solutions, and it brings some kind of segregation. Just because someone is a DBA does not mean that he or she should have access to all of the data. Some of the data can be masked so that privacy and security are enhanced, especially when it is customer data for an institution like a bank.

It is quite expensive. I would prefer a lower price. 

In terms of features, I started using it this month. I need more time to explore it.

It has not been long. We implemented it this month. 

We are currently doing a PoC, and there are a few issues that we are trying to resolve. When all of those issues are sorted out, we can start measuring the stability of the solution.

We haven't scaled it yet.

We are working with their technical support. They have been good so far.

It is straightforward, but it depends on the organizational policies and rules in terms of the infrastructure. For example, when you deploy it in an environment like Oracle, it is probably fine, but in other environments like Cisco, there could be some issues that you have to troubleshoot. It is more of an infrastructural or environmental issue.

We started with the PoC. It was implemented within two days. We are now doing monitoring to ensure everything is still fine.

It is quite expensive. We wanted it in my former organization, but the price was very high. So, we couldn't purchase it. I moved to a different organization, and this organization has purchased it.

It is a fantastic solution. It is very good, but the only issue is that if you don't have enough money, you cannot use this solution.

I would rate it an eight out of 10 for now. After exploring it more, I might rate it higher.

We primarily use the solution for auditing purposes so collecting and archiving of logs.

The solution is very good for auditing purposes, including collecting and archiving logs. 

We appreciate that we can use it on the DB server without harming the performance of the database is fantastic. It doesn't feel like it's lagging.

The initial setup is very simple. 

Overall it's a solid product.

The pricing is okay.

The support could be improved.

The product needs to perform better in extremely busy databases. It does not do really well where the DB is extremely, extremely busy. 

The updates could be better.

The UI can be improved. 

The ability to narrow down to the right environment could be helpful. They need to allow users to find an easy way to drill down to what's important.

I've been using the solution for three years now. 

The solution is solid. The stability is good.

The scalability is okay. However, if you're going to set up a redundancy, it needs to be in the same data center, as the manager that manages the entire system needs to share the data, and therefore they need to basically work in the area where they have direct connectivity between the sites. In our case, we have multiple data centers, and we distribute the connectivity and we can't achieve that. 

The solution's scalability isn't based on users. Even if you have one person using it, you might have 300 databases. It's not about the number of users, it's the number of databases.

The support isn't as good as it could be. We are not quite satisfied with it.

We previously used Oracle.

The solution is very simple and straightforward. It's not too difficult or complex. 

The solution isn't crazy-expensive. It's reasonable. 

We pay for the solution on a monthly basis.

I'm a customer and an end-user.

I'd recommend the solution to others. It's a very solid product. 

I'd rate the solution at an eight out of ten.

Our use case for the solution is for monitoring, reporting and access management as well as looking for alerts in anomalies of behavior. I'm an information security analyst and we're a customer of Imperva. 

The integration with CounterBreach, which is the anomalous behavior detection feature, is the coolest thing and it's quite user friendly as far as the console goes. 

I think the biggest challenge with their product is the management of it. Not that it needs a lot of engineering, but it requires a lot of upkeep and deployment of a lot of servers that require regular updating. If you want to make any changes it's a lot of work to get things moving. I personally find it quite difficult to work with in that regard.

The product would be better with improvement to the database security from the access management perspective. A lot of it falls into content on the database and is difficult to retrieve. Also, looking into databases themselves, table sets and data sets and being able to retrieve that information.

I've been using this solution for a couple of months. 

I think it's a pretty stable product, but there's a lot you need to know about it. It's not like most fast products that you can just log in and get a feel for. You have to really get an understanding of how it was set up and the policies that are in place on it. 

The technical support is all right. They're not great, they're not terrible.

I would recommend including the entire team on the initial implementation because it's something that's not easy to pass along down the road. There's a lot to understand initially, and to upkeep it you have to know all that information.

I would rate this solution a seven out of 10. 

• SecureSphere Database Assessment
• SecureSphere Database Activity Monitoring

It was instrumental in scanning a large inventory of databases to identify sensitive data. Using Imperva Assessment scans, we were able to identify SHR, PII & confidential data sources in a large inventory of database systems.

This helped us classify our large inventory and apply additional security controls based on the data classification output.

I would like to see a better web management console; the UI is not very intuitive, unless you really know what you’re doing. And scan error details should be readable from the web console, instead of running Unix commands on the backend server to view detailed logs.

I would like to see improvements in setting custom device configuration (e.g., Server Name, TCP Port for connections). In a large inventory, it is a time-consuming process if you need to change any configuration.

The web management console UI, could be much more user friendly. The product is pretty powerful, but the management UI is not very intuitive, i.e. not very user friendly and can be improved to make it much better.

When the DAM scans contains errors, the web UI should have the ability to show detailed logs in the web console, instead of requiring an admin to query the back-end server via commands to retrieve scan error logs. This limited web functionality causes extra work when scanning a large inventory where sometimes some servers return scan errors.

I have used it for 3.5 years.

I have not encountered any deployment, stability or scalability issues.

While configuring custom strings for data classification, we did engage Imperva Support and they were very helpful in setting up custom hex strings to help with our data classification. The response time was good too.

As mentioned above, Imperva was already set up in our Enterprise environment and we only had to add on the Database Assessment module license to our setup.

It was implemented in-house.

During the evaluation phase of the project, many of the IT service providers we spoke to quoted figures ranging from half-a-million Australian dollars and up. This cost was inclusive of X people they proposed to get the job done. Imperva DAM was already included in our Enterprise licensing and until last year, we didn’t have a use-case for it. With this project, we had no second thoughts about adding this module license. Excellent ROI using the automated scans, especially comparing it to the manual method proposed by many vendors.

We did evaluate many software solutions & IT service providers, but none of them were close to meeting our project objective. We had a vast inventory of 5000+ databases, hosting data for thousands of applications, each having different schema & naming conventions. We did a Proof of Technology (PoT) in-house using the Imperva DAM module and, with a few tweaks, it met our project needs. Considering we were already using Imperva for different security assessments, it was an easy decision to add on the Database Assessment module and use that in our infrastructure.

Out of the box, Imperva comes with a lot of security modules & features that straight away add value to your organisation’s security objectives. That’s just the beginning in my opinion. There are enough customization options available for administrators to get Imperva to work for them the way they want it to. The ability to use custom scripts for scans and the ability to use TCP-level capture of database events are excellent features to use in an enterprise.

Web application security is pretty good. I have encountered very low false positives.

The correlated attack validation (CAV) is one of the unique aspects about the SecureSphere technology I like.

First of all, the product is useful for securing the websites of our company, which is basically preserving our brand value in the market.

Secondly, the product is very much competent with evolving threat vectors in cyberspace. Hence, this piece of security requires very few fine tuning efforts be put in place; everything falls right into its exact place.

The user interface is kind of a let-down. The graphics, tabs, and other various options are quite jumbled and confusing. My only complaint/suggestion: Improve the user interface.

I have been using it for 18 months.

I would like to talk about the upgrade scenario (deployment). First of all, it is complicated; secondly, many manual settings need to be done when you move from one version to another. They don’t automatically get replicated into the newer version, something which I encountered only in Imperva products. The boxes should have built-in scripts to reconfigure the settings and carry out a smooth migration.

I didn’t interact much with tech support. But from what I’ve heard, it’s on par with industry standards.

Imperva from the beginning!!

Initial setup was complex, but security is not that easy to be figured out in simple clicks, so I guess it’s okay.

We have resident engineers from Imperva and they are quite good at what they do.

Before implementing this product, get your hands dirty with the world wide web. The more you know about the internet, the more useful it is.

There are many features that are valuable, it depends on the purpose. If the purpose is compliance or auditing, the most valuable feature are the audit log system, as it helps you to secure an audit trail and from user to action even if the user are privileged and even if the user logs in on the physical server. If the purpose is security the most valuable feature are the way it can drop and prevent the access of sensitive table/data set by rules and policies. Lastly, if the purpose is availability, the most valuable feature is the way it can drop connections set by rules and policies.

If the purpose is compliance or auditing, ex PCI-DSS you need a system like this to pass part of the compliance. As I help customers with compliance, this is a great tool to make it all "simple" and the report part makes the lives easier for the users/auditors.

If it's used for security, this, or systems like this, are the last line of defence, and you will prevent incursions, or at least know what happened, and what was stolen.

If it is to be used to monitor availability, you will only know the real ROI if you are a victim of a large attack, then you can pat yourself on the back and say "Yay! We prevented that". This cannot be achieved solely on the Imperva system and you need the full suite of WAF.

This product needs a good team of UX people, because it's not always that understandable, and sometimes it's straight up confusing.

They did have some issues with HA and Clustered environments, but it is supposed to be fixed in v12, which I have not tested.

No issues encountered.

There are issues, but it is supposed to be fixed in v12, which I have not tested.

It's good, but it's a big company, so you need to know the paths to get the most out of it.

It's very good.

This is a complex system, and all other in the same league are just as complex. There are no workarounds to simplify it.

It's expensive, and their licensing is kind of strange, but it is what it is.

We also looked at IBM InfoSphere Guardium.

I am using Imperva in different projects for application defense.

This solution provides analytics using rules in the application. For example, it can report who most often uses certain queries.

The most valuable feature is the protection from Botnets. The DDoS attack is one of the things that it protects against.

The functionality is very useable and easy to understand. It is also easy to update if you follow the instructions.

It would be better to update the solution by using a GUI that guides me, rather than through a CLI. It would be best if it were simply updated automatically from an admin page.

I think that the stability is fine, although sometimes the server is down.

It is easy to scale. I use only universal appliances and I know exactly how they work.

Three people use this solution on a single server for a few services.

We have contacted technical support a few times, and the experience was ok.

We did not use another solution prior to this one.

The initial setup for this solution is very easy. Just start it up, log in, and the instructions are there. It is launched from an FTP server and takes four or five hours.

We handled the implementation in-house.

It is difficult to say because it has stopped some attacks, but I have nothing to compare against when the solution was not being used. It can protect against attacks, but I cannot say how much money it has saved.

Licensing fees are on a yearly basis, and it is a good value for the money.

I was not involved in the selection of the solution.

There are many functions in this solution that I do not use at this time.

This is a fine product, and one of the best. We needed it for DDoS protection and for Botnet protection, and all of this works fine.

I would rate this solution an eight out of ten.

I use this solution to discover missing data, and to find weaknesses or miscalculations in my database standards.

One example of how this has improved my organization is with respect to security. We previously had a default passcode in place, and this is discouraged by our password policy. I was able to find this problem and solve it.

The best feature of this solution is the integration between components. It has a lot of different components that cover the needs of our customers.

The pricing for support could be improved.

Integration with other databases or third-party products would be useful.

It is a stable solution.

I think that the product is scalable.

There are five users for this solution.

I have no experience with their technical support.

I did use other tools for a short span of time.

The initial setup for this solution is straightforward.

I am not using the entire solution, so the deployment time was very short. There were five people involved in the installation.

The cost of support for this solution is very expensive.

There are no costs in addition to the standard licensing fees.

I looked at several websites and read reviews. All of them said that Imperva is the best product in this area.

My advice is to do a POC before implementing this solution.

I would rate this solution an eight out of ten.