Imperva SecureSphere Database Security Reviews

The most valuable feature of this product is vulnerability management since you don’t need to run different scans by logging into different databases. Everything can be done and monitored through the centralized console by a few clicks and without any hassle.

Also, the report generation option on a daily/weekly/monthly basis comes in very handy to the top management.

Some of the ways in which this product has helped our organization are:

• All the databases are being monitored.
• All the compliance requirements can be taken care of through a console.
• The daily and weekly reports are helpful in understanding the environment.

The stability and the ease of use of this product can be improved. I believe the product can be made more flexible and stable.

Additionally, it is very unlikely for a new professional to easily use this tool to its full potential. For this purpose, I believe a few more video tutorials can be uploaded for the newer versions.

I have been using this solution for one year.

We have encountered some stability issues. There were situations when sometimes the gateway didn’t work as expected. However, thanks to active-passive mode, none of the information was lost.

Every manager and gateway has a predefined capacity. It is very easy to scale up to that capacity. But, if that is exhausted you have to burn the midnight oil.

The technical support is good in terms of knowledge. However, the replies are not so frequent and hence can be frustrating sometimes.

I have not used any other solution before. I have only used Imperva SecureSphere 11.0.

The initial setup was straightforward. Each and every step is clearly mentioned in the manual. After the initial setup, it becomes a bit tricky.

Since this tool is far better than the competitors and manages a lot of compliance requirements, the pricing seems to be fine.

We had evaluated other solutions such as McAfee DAM and IBM Guardium.

You should follow both the guide and the tutorials. The tool is handy only if it is implemented properly. Implementation is a bit complicated; hence, it is advisable to create documentation alongside. It would be more beneficial to use the directory present on the Imperva site before logging for any issues.

The database activity monitoring module used for real time database monitoring and integrated into the security event and incident monitoring solution. Most importantly for our critical legacy databases that cannot be encrypted and require real time a activity monitoring.

It provides a more granular monitoring of database activity at the column and row level as opposed to high level database management system logs.

The professional services and customer training aspect needs to be improved.

I've used it for four years.

The first implementation was not tailored to our specific requirements and the system was basically an expensive log collector until the vendors came to capture our requirements and then made modifications. This was then followed up with training.

No issues encountered.

No issues encountered.

It's moderate.

It's moderate.

I used a different solution with a former employer.

We are a large organization with about 100 critical heterogeneous database servers. This means that one configuration does not fit all, and that made the implementation very complex. Combined with protection of sensitive information that could be logged by the solution.

We used a vendor and their level of expertise was between moderate and high.

The ROI based on the number of prevented, and detected, information security incidents can be classified as high.

We also looked at Sentrigo Hedgehog by McAfee.

Ensure the vendor clearly captures your specific database monitoring requirements and that might include importing the metadata of the database for proper monitoring. Training should be included in the implementation budget as this is a very complex solution with a wide range of capabilities.

We primarily use the solution  just to monitor database activity on all the in-house databases.

I like almost everything about the solution. That includes sensitive data scanning, which is what is the most important. The data discovery is great as well. 

I like the activity monitoring. That was the main reason we purchased the tool.

The integration is great.

They do quite a lot of feature updates. 

The solution needs local support.

They need to do a little bit more knowledge-sharing with the tool. Knowledge-sharing is not what you normally get with Microsoft, Symantec, or any other tools that are leaders in their respective spaces. This is more of a closed-group type of solution only, whereby the information is only accessible to certain groups, or maybe in certain countries. It needs a broader, more accessible knowledge base. 

There could be more on the monitoring side of things. They need more monitoring tools within the tool itself. Although it does a good job monitoring databases, in terms of the health of its agent gateways to verify communication and all that, there are basically no utilities available within the tool.

I've used the solution for a little over three years. 

The stability is average. I'd rate it three and a half out of five in terms of stability. It's not too bad. 

This is a highly scalable product. I'd rate it four out of five in terms of its ability to scale. 

We have 15 people using the solution.

Local companies have limited exposure to the tool There's professional support and support from the providers, however, if they don't know too much about it, they cannot provide adequate help. 

Positive

While I didn't handle the initial deployment myself, from the training I have done, it is my understanding that the implementation process would not be that hard. 

I'm not sure how many people were involved in the deployment. 

I handle any maintenance myself with the sales provider. There might be six people available to maintain the product. There would be about three from the customer side and two from the service provider's side.

We did have a third party assist with the initial setup. They were from the vendor. 

I am not sure how much the licensing is exactly. that said, my understanding is that it is expensive. 

We're customers and end-users.

We are using the latest version of the solution. 

It's pretty good in terms of capabilities. I'd rate it eight out of ten. 

Our primary use for this solution is securing banking web applications. It protects the web service of one of the big Internet banks in Iran.

This solution has helped secure our Internet-based services, protecting us against DoS and other types of web-based attacks.

The most valuable features include the compliance with standards for security in web applications, and the ability to detect vulnerabilities.

The GUI for this solution could use some improvement.

I would like to see better support for countries in the Middle East, and other places that do not have direct access to the vendor.

Stability is great. Immediately after we deployed it, we had a good feeling about security and performance.

The scalability of this solution is good. Compared to other products, this one is more scalable.

Currently, this solution is protecting approximately twenty thousand end-users.

We are deploying new web-based services and applications, so we expect the usage to increase.

Due to restrictions because of sanctions in Iran, we do not have support for this solution. For this reason, we have done everything ourselves. This can be challenging because sometimes we have troubles upgrading the device, or obtaining new signatures.

We did not use another solution prior to this one.

The initial setup and configuration for this solution were very simple and straightforward.

Deployment in our environment took approximately one week. We begin by deploying it in a test environment. After performing some tests, we moved it to the operational environment.

Two technical staff are required for deployment and maintenance, and we have about six people, in different roles, who manage this solution.

We handled the implementation and deployment ourselves.

Our ROI from the initial payment was realized in approximately two months.

This is an affordable solution. There is an annual licensing fee for upgrading the device.

After we undertook wide research and development, we found that this product is suitable for us. Two of the products that we looked at in addition to this one were FortiWeb and F5.

Imperva is a product leader in this line, and it is very good. In fact, I have experience with other products, and I would say that this solution is best-in-class. If we had support then this solution would be perfect.

I would rate this solution a nine out of ten.

The most valuable features are:

• DAM Module
• Third-party data source integration: Feeds automation
• Data enrichment: Provides better data quality and session handling
• API: Used for process automation

The solution has improved our organization as follows:

• Better agent performance compared to v9.5
• Gateways are much more stable
• Gateway cluster improves resource utilization and provides better resiliency
• Offers the option to manage cluster capacity without touching the agent configuration

BUGs, BUGs, BUGs. The product is under high development and the amount of bugs is bit disappointing. The product has lots of limitations which are not clearly documented. You can only find out the limitations by engaging the support

By using this product you can have only one type of date and time format which is US format. I’m EU citizen and I prefer different date format, same for time format. I would prefer 24Hour clock instead of AM/PM.

We have been used this solution for over three years.

There were stability issues in v9.5. There are no major stability issues in v10.5.

Stability is dependent on the infrastructure. If you use hypervisor, then you need to make sure to use resources and I/O settings that are optimal for SecureSphere. Otherwise, you will end up with stability and performance issues.

There are some scalability issues. There was a hardcoded limitation in the number of MXs you can connect to SOM. In addition, the bigger the infrastructure, the bigger challenge there is to create a single audit report file.

The technical support is OK. But they have big potential to do things better.

We had a previous solution. We switched because the new requirements couldn’t be accomplished with the old solution.

The installation was quite complex. We had to integrated lots of external systems in order to make it work right.

Give it a try. Write down your requirements as detailed as possible, and perform a PoC using this list. If you find gaps that require additional development, it could take some time until you actually get it.

We utilise the following components:

1. Database activity monitoring of Oracle/SQL/Sybase databases - we did have UDB running, but that was decommissioned
2. Assessment scans using mostly custom checks to check for security settings - we did expand this at one point to check for best practise, but this was discontinued

It hasn't really improved the way we function, but it has allowed us to meet several audit issues that were outstanding for many years. We tried another product, but we found it did not meet our requirements.

• Capacity management of application needs significant improvement
• Task management functionality is pretty basic, with not a lot of functionality
• I would also like to be able to replace IP addresses with DNS names for easier recognition of host machines
• The SOM feature could also be dramatically improved to allow central management of the entire feature set
• The ability to manage lifecycle of agents could be improved via central deployment of upgraded agents

I started using the database auditing/risk areas of the product in mid-2011. We use agents for monitoring database activity. We do not use the gateways for collecting data via the network.

We had several performance issues on high throughput applications due to outdated, old hardware/non-ideal settings in the agents. These were mostly on our end.

We had a few minor issues with stability, but it has not impacted our service. We did have an agent cause a reboot of a host server, but this was quickly fixed via an upgrade of the agent.

Capacity management is a major issue with the application. There is no easy way to identify when new hardware is required, or if a modification to the configuration could solve the issue. This may have been due to our method of deployment though.

We had a service provider in-between Imperva and our organisation. It did not make things easy. When dealing directly with Imperva I had good experiences with the vendor, and real issues were escalated quickly and getting access to the relevant engineering sections of the vendor was possible.

Technical support was hit and miss. Sometimes we received excellent support, and other times it was not so good. Sometimes convincing the engineering team that there was a real problem in the software was a bit harder than it should have been. Overall, compared to other vendors, support was good.

We previously used another solution, and that product was different depending on the DBMS that was being monitored. Technical expertise in DBMS technology with that vendor was poor, so we switched..

The initial setup was easy, but some of the specific requirements we had required some work. Deploying the hardware during the initial setup did not require and specific customisation for our organisation. The audit policies and assessments obviously did require customisation, but it was relatively simple. Later on, we did find some issues that were due to the setup of the site hierarchy that was not brought to our attention until one to two years later.

We used on-site vendor engineers to support the internal implementation. Their level of expertise was excellent.

This is not relevant to the production selection, as we were required to close off auditing items.

We compared IBM Guardium and Imperva SecureSphere via a POC process. We did a paper evaluation of other products to choose two products for the POC.

Go through the POC process and test all ITIL processes to ensure you understand what will be required for the entire lifecycle of implementation/support. Engage with DBA teams to provide DBA support and knowledge. If it's possible, ensure there are people who understand databases on the SecureSphere support team.

The solution helps us with monitoring the databases, servers, and activities.

Using the product is a good experience. Database reporting features are valuable to us.

The GUI is bad. The product must focus on improving its reporting features and the dashboard.

I have been using the solution for nine months.

I rate the tool’s stability a five or six out of ten. The glitches and errors have recently been quite high because they allow connection to databases without verifying or discovering the database. We have to keep in mind that we must monitor all the time.

The scalability is pretty good. I rate it a seven out of ten.

The setup can be a little complicated.

For the pricing that the solution provides, the return on investment is good for large companies. It's quite expensive for small to medium businesses.

Overheads like physical databases and servers can be a little bit expensive. The setup and license are quite expensive.

I would not recommend the product to small and medium businesses. Overall, I rate the tool a seven out of ten.

Most of our clients are banks and insurance and financial institutions that want to achieve compliance. They want to achieve auditing for their regulatory compliances as well. On the database side, that includes being able to monitor DBS and to block certain activities on the DVF. On the application side, it also has to be preventative and that's also part of compliance. This solution enables clients to achieve data security, whether on cloud or on prem. We offer support services and we are a service provider for database security through Imperva and also application security through Imperva to our clients. I'm a cyber security engineer and we are gold partners of SecureSphere DS. 

I would say the discovery module is the most valuable feature as it provides good visibility of the database environment to particular sites. It scans the entire front of the environment to detect any new databases found just to make sure there are not any malicious things going on. I think it's a very powerful tool in that sense. It also helps that the solution is able to block queries that are able to be run by given database administrators on databases and manages user rights. 

I've been part of various projects and also interact with clients because I do pre-sales. Most of the feedback I receive relates to clients wanting to see an improvement in the reporting. They like the ability and functionality of the solution but they feel the reporting is lacking. The general feeling is also that the GUI has been the same for a very long time and there is room for improvement there. It could look a little better and then if the reports are also improved that would make a big difference all round. 

From a basic implementation point of view, there are some features that are very technical, clients want everything very granular and they always say Imperva bundles everything. You do a signature, and ABC updates and you trust what the ABC is doing. I think if it were a little more granular and detailed in terms of how, for example, a query stream is being detected or something like that, rather than just blocking something, it would give the administrator a better view and understanding of what's happening. 

I've been using this solution for almost a year. 

The physical appliances are always very stable. In terms of CPU usage, things like the gateway load, payway load, they come with a little bit more capacity on that front. I think the issue always comes with the virtual appliances where you may run out of space, or maybe there are new versions of whichever hypervisor you are running that could change and maybe affect the virtual machines running on top. On the physical side, there's never an issue, it's stable. 

Database security is highly scalable because depending on the number of sites available, you're able to assume that you have the running agent. You can then access the IP for the gateway, you can log in your logs which are managed by the NX, so it's all fine. It's highly scalable for the database. I think even if you have branches all over the country, you can manage them centrally where you have agents monitoring whichever database is allocated to whichever site. We have deployed over 60 projects all over East Africa. I currently handle four, which are two application and two database.

Their technical support is good and the response is guaranteed until the problem is solved. I think when it comes to response time, it's always very quick. Maybe just one simple criticism would be that it's very hard to get a remote station with them and everything is always email and sending logs. I'd like to see more hands-on and direct contact with the environment. 

Complexity really depends on the client's environment, but I would say the initial set up for basic deployment of the components should take roughly six working days. It has to be integrated with everything. Installing links to all the other databases could take maybe another 10 work days, so around two weeks. I do the deployment. 

Customers are very, very satisfied with the licensing costs and there's not really anyone that competes with Imperva so the clients are very happy. Their requirements are covered. 

I would definitely recommend Imperva. I swear on it and try to pitch Imperva every time. I know its abilities, I know what you're going to get. I know how user friendly it is. It's easy to create policies. Reports are very okay. It's got various compatibilities, desk deployment, so Imperva is what I would recommend. 

I would rate this solution a nine out of 10.