Imperva SecureSphere Database Security Reviews

We primarily use the product for data security.  

The feature that I have found the most valuable is the firewall component.  

What I would like to see improved is Imperva making further development in terms of them going to the Cloud. Our business is moving to the cloud, so we want to have cloud availability as an option. Imperva can do the cloud database, but they are still working at building it out and it does not seem to me to be fully operational.  

We have been using Imperva for a little bit more than six years.  

We are experiencing good stability with this product. We have not had any crashes and no major problems navigating its management.  

I think that SecureSphere is very scalable. Across our whole company, everyone is using it. We are 50 people. Right now at this size, we only require two people for maintenance.   

The technical support for Imperva is super, super, super. They have a very experienced support team. They can diagnose all of our issues and are always very fast. They have very good documentation and knowledgebase resources that add to the depth of their support.  

I have previously used McAfee as a similar solution. We decided to switch because McAfee is a little bit tricky to get to work the way it should work. I had experience with their version 6.4 solution and it used a lot of resources and had too much overhead.  

The initial setup is moderately difficult. You have to understand the database and how the database communicates and also some knowledge about the platform. For example, if you have got the Unix environment you have got to understand how to work with that together with the product.  

Initially, SecureSphere was expensive but they have incentives on their packages now. They have introduced new price models, which makes the product more affordable now. It is now at a pricing level in the range where most people are looking for this type of solution.  

Before choosing Imperva, we did evaluate other options including IBM Guardian Data Protect and also Oracle Audit Vault. In the end, we finally made the choice to go with Imperva first of all because they are a company that is very much into digital security. Security is the central focus of their business, so that is one of their strong areas. Then their product support is one of the best. The solution is very advanced in terms of comparing their available resources and training to other companies. These resources make it a very complete solution.  

Imperva Security Sphere is something that I recommend any day, anytime because they are very much focused on security as a passion. So you find it has tons of capacity for scalability. It is focused on security. Even the solution's usability is very good.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product as a nine scored out of ten possible points.  

Features that I would like to see to make it to ten-out-of-ten means that they will need to add a few things. First, they need to onboard database encryption features. Then they need to add some of the other features which they do not have that other competitors already have. They can do more to offer a broader range of features and be more feature-rich.  

We primarily use the solution for auditing purposes so collecting and archiving of logs.

The solution is very good for auditing purposes, including collecting and archiving logs. 

We appreciate that we can use it on the DB server without harming the performance of the database is fantastic. It doesn't feel like it's lagging.

The initial setup is very simple. 

Overall it's a solid product.

The pricing is okay.

The support could be improved.

The product needs to perform better in extremely busy databases. It does not do really well where the DB is extremely, extremely busy. 

The updates could be better.

The UI can be improved. 

The ability to narrow down to the right environment could be helpful. They need to allow users to find an easy way to drill down to what's important.

I've been using the solution for three years now. 

The solution is solid. The stability is good.

The scalability is okay. However, if you're going to set up a redundancy, it needs to be in the same data center, as the manager that manages the entire system needs to share the data, and therefore they need to basically work in the area where they have direct connectivity between the sites. In our case, we have multiple data centers, and we distribute the connectivity and we can't achieve that. 

The solution's scalability isn't based on users. Even if you have one person using it, you might have 300 databases. It's not about the number of users, it's the number of databases.

The support isn't as good as it could be. We are not quite satisfied with it.

We previously used Oracle.

The solution is very simple and straightforward. It's not too difficult or complex. 

The solution isn't crazy-expensive. It's reasonable. 

We pay for the solution on a monthly basis.

I'm a customer and an end-user.

I'd recommend the solution to others. It's a very solid product. 

I'd rate the solution at an eight out of ten.

We use it for database activity monitoring. We use it to monitor all the traffic that comes to the database to know about the operations that are happening on the database. 

At the moment, it is on-premises, but we eventually would like to go to the cloud.

It serves as a way and means to see if any unauthorized person is trying to access the database. It helps to implement specific rules to ensure that only authenticated people have access to the database.

The beauty of it is that it provides segregation of duties. Typically, in the traditional environment, DBAs administer the database, and they have too much access. We are in the process of implementing other Oracle solutions, and it brings some kind of segregation. Just because someone is a DBA does not mean that he or she should have access to all of the data. Some of the data can be masked so that privacy and security are enhanced, especially when it is customer data for an institution like a bank.

It is quite expensive. I would prefer a lower price. 

In terms of features, I started using it this month. I need more time to explore it.

It has not been long. We implemented it this month. 

We are currently doing a PoC, and there are a few issues that we are trying to resolve. When all of those issues are sorted out, we can start measuring the stability of the solution.

We haven't scaled it yet.

We are working with their technical support. They have been good so far.

It is straightforward, but it depends on the organizational policies and rules in terms of the infrastructure. For example, when you deploy it in an environment like Oracle, it is probably fine, but in other environments like Cisco, there could be some issues that you have to troubleshoot. It is more of an infrastructural or environmental issue.

We started with the PoC. It was implemented within two days. We are now doing monitoring to ensure everything is still fine.

It is quite expensive. We wanted it in my former organization, but the price was very high. So, we couldn't purchase it. I moved to a different organization, and this organization has purchased it.

It is a fantastic solution. It is very good, but the only issue is that if you don't have enough money, you cannot use this solution.

I would rate it an eight out of 10 for now. After exploring it more, I might rate it higher.

The primary use case is for database monitoring. We are also using the blocking part, which is used for: 

• Any suspicious activities which are done, such as delete command and query command, outside the admin, the solution is supposed to block them.
• The blocking of compromised databases through cloning. Blocking will not allow the cloning.

We use it for blocking and auditing. Our job is monitoring. We are a government entity and provide services to other ministries. We use Imperva for its Database Activity Monitoring and File Integrity Monitoring tools. We have also enabled Database Firewall.

As we are very sensitive to financial impacts, this product provides great protection for our organization.

It enabled us to monitor the most critical DBA activities, and most critically helped us identify default accounts and passwords. Additionally, with this solution we were able to block an external attack on our Oracle DB.

• DB Activity Monitoring
• DB Firewall
• CounterBreach

Their web application firewall (WAF) is quite good.

They have to put more focus on the administrative part of the application, especially on upgrades. There are a lot of packages to download and install that you have to be knowledgeable on. For example, we tried to install a version, and it did not work. Then, support had to become involved.

They should add an application availability dashboard feature and should focus more on the alerting mechanism.

There is a problem with the integrations. I would also like to see improvement in the integration part of the tool. This should be an easy process. For example, I had an issue with the integration of a file server. 

Within the endpoints, the communication is breaking down most of the time. Sometimes, once the communication stops, it does not resume again.

They could approve monitoring in the next release. E.g., right now, we lack the ability to know when databases are down. This is something we could use monitoring to mitigate. 

The stability is good. Sometimes the gateways disconnect and connect again automatically.

We have a dedicated staff person for maintenance: alert, fine tuning, and adjustments.

The solution is scalable. I would rate the scalability as an nine out of ten. We have used this solution since 2014 but have not encountered any scalability issues so far.

Within our organization, we have around 500 users. Our site protects approximately 70,000 end users.

When the technical support is required, they assist us. I would rate them as seven out of ten because they are not so good due to the due to differing time zones. 

We managed by using the regional vendors. Overall, the support is effective.

We previously used IBM Guardium. Before 2015, it was bit complicated to use.

A bit complex, but following the instructions and the manual guide is enough for the initial setup. A little knowledge helps.

We used the Imperva Professional Services for the configuration in our environment. It is important to have experienced professionals do these changes.

The initial deployment for our team was a failure.

The implementation took one week. Afterwards, the configuration started, then the use case testing. Overall, it took for us around one month.

Our local partner is now supporting us. Gulf IT has very good experience in the Middle East. They are nice to work with and supporting us well.

We have seen ROI, as it protects our company from threats.

This tool helped us mitigate audit risks by 100 percent.

We have all the licenses, which we pay for annually. The price is a little high, but the product is good.

Yes, Guardium.

Identify the proper use cases, then implement it.

Resource overhead management is a good option. The OS chain option provides the real user behind the DB application user.

WAF is a great security layer to protect an organization from a wide spectrum of application attacks residing in OSI layer 7. The Imperva device relies on signature-based policies, as well as on a web correlation engine. In addition, the packet inspection can be enhanced with the aid of stream signature policies, which are policy items focused on the stream rather than the HTTP/HTTPS protocol. Imperva can easily match a web user to the requests launched from his client. While the default policy subset is very rich and covers different regulations (e.g., PCI, SOX), there is always an option to create custom policies addressing specific needs. Security alerts are comprehensive of all the necessary details for the analysis, such as connection details, signature triggered, alert type (e.g., Protocol, Profile), severity and followed action (e.g., syslog forward, IP monitoring).

DAM also provides great value to audits and again, the data monitoring policies by default are very rich.

If you don't know exactly what kind of data you store in-house, SecureSphere allows you to actively scan and classify your information, automatically providing you detailed status of the data, which can be further reviewed and finalised by analysts or DBAs. This is also valid for user rights on the data, understanding the level of privileges granted to users and suggesting countermeasures in detailed aggregated charts and reports.

Once under monitoring, the data can be reviewed with an intuitive interface that allows the analyst to drill down, quickly narrowing the scope in a few clicks and focusing the attention only on the relevant queries. Once the pattern is identified, it is even possible to quickly report a detailed status of the findings, as well as generate a report template for future uses. This is on the hot data, what we have available in the management database. The time span can be increased indeterminately with a good retention configuration, combined with a SAN that stores the cold data, partitioned in daily slices and ready to be loaded into a separate database space for archives.

This is brilliant if you think about scalability, for you can obtain a very big archive while preserving system resources and performance. However, to get this configuration, in-depth tuning is needed for several weeks in order to get all relevant metrics (e.g. data stored per day, data spikes, backup speed, link transfer capacity, etc.) and adopt the appropriate customizations.

Audit data can also be correlated with application users by obtaining a detailed match of the database queries executed according to a particular web user’s HTTP requests.

The FAM module allows organizations to continuously audit storages and network shares and keep a detailed record of every file operation across the company. Scans are available also in this context, providing user rights as well as access to the monitored files. A data classification is also possible with the FAM.

All of Imperva’s features are extremely powerful, while a certain degree of knowledge is required to have a solid understanding of the product.

Imperva helps you comply with data regulations such as SOX or PCI. It helps SOC analysts to enlarge the scope analysis, significantly providing great procedures to drill down into the audit or a customizable enrichment fed by several types of input, e.g. Active Directory or other external platforms, and even a layer 7 inspection. When fully integrated, the application user requests are bound with the queries executed, giving a comprehensive picture of how your web application interacts with the data layer highlighting all possible security flaws in the data management, code bugs or server misconfigurations. All this logical data collection is effectively arranged into detailed profiles from where it is possible to spot the unusual deviations or to create advanced conditions to trigger upon this baseline. Think about access to PCI data from users different to the ones allowed, such as DBAs, only from a certain subnet, let's say the external network, out of the business hours, like nights or weekends. This is one possibility of what Imperva can achieve in your organization to protect the data from unauthorised users.

To have the mind at ease with a security solution has been always a chimera. Even SecureSphere suffers from some limitations, which I believe will be handled in the near future. I see two main things to improve at this point:

• SSL tunnel support for z/OS agents
• Capability to retain live audit policy data for several months; sometimes, on certain installations, this is not feasible due to the big data streams involved in the scope.

I've been supporting the Imperva technology since version 8.x. I have a company that provides consultancy services and I support Imperva.

From versions 9.5 and later, the Imperva solution has reached an optimum level of stability. On every unusual state reported, I was always able to relate it to misconfigurations or other hardware limitations and never to major bugs or software problems.

Again, Imperva works great when you need to increase managed devices, add new gateways or even change the operational modes of the latter.

On a scale from 1-10 (1=worst, 10=best) I would say technical support is 9. Support is always guaranteed and every internal SE has been always competent and ready to assist.

I tested different audit and WAF solutions and the one I was always more comfortable with is Imperva.

Setup is actually complex due to the nature of the product and needs deep knowledge of the solution to get things working with minor effort. If you don't know exactly what kind of solution are you deploying or even the installation steps to get the environment fully working, you won't be able to install it easily.

I am a technician, so I am not very confident discussing this topic.

Doing the initial Imperva training before putting your hands on the product helps a lot. Getting assistance from Imperva during the initial stage of your new environment is highly recommended.

Database auditing has become simple and easy, releasing storage previously used for native database audit processes. We found new patterns of database users' behaviour and corrected some user authorisations.

Mainframe mappings/agents/optimization for CPU usage are areas with room for improvement.

Agent on z/OS does not have a limit for CPU usage like on other platforms. If
you specify filter too "wide", the agent would consume too much cpu so that
could cause more cost for your mainframe. Agents are a bit special for
configuration because the logic is different than the one on other
platforms.

That is because mainframe agents were originally from Tomium company that
was acquired by Imperva some time ago. They still run the same code, just
little improved.
At this point, my configuration does not collect what I expected, but that
could be due to bugs, that is expected to be solved in version 12 of the
SecureSphere.

You can say for sure that security audit costs money - in this case, your
mainframe CPU money.

I have been using it for 18 months.

We had a problem with mainframe DB2 mappings; incorrect results due to bug. A fix is expected in DAM (Database Activity Monitoring) version 12 in March 2017.

I have not encountered any stability issues. Only, you need to optimize the data/events you are receiving. If you have too much input, you will have a stability problem (in that case, lower event throughput and increase manager memory).

I have not encountered any scalability issues. It's flexible.

Customer service is excellent, 5/5.

We did not previously use a different solution. We had some pilot projects and chose this solution.

Initial setup was straightforward and it was simple/easy to install and customize.

A combination of in-house and local support teams implemented it. We are satisfied with their level of expertise.

ROI is good. We needed this system for getting ISO 27001.

Be careful if you have a mainframe. Calculate well...

Before choosing this product, we evaluated IBM InfoSphere Guardium.

We are very satisfied with this product. It's simple to use, customize and administer. Installation is simple and easy, even on mainframe.

Web application security is pretty good. I have encountered very low false positives.

The correlated attack validation (CAV) is one of the unique aspects about the SecureSphere technology I like.

First of all, the product is useful for securing the websites of our company, which is basically preserving our brand value in the market.

Secondly, the product is very much competent with evolving threat vectors in cyberspace. Hence, this piece of security requires very few fine tuning efforts be put in place; everything falls right into its exact place.

The user interface is kind of a let-down. The graphics, tabs, and other various options are quite jumbled and confusing. My only complaint/suggestion: Improve the user interface.

I have been using it for 18 months.

I would like to talk about the upgrade scenario (deployment). First of all, it is complicated; secondly, many manual settings need to be done when you move from one version to another. They don’t automatically get replicated into the newer version, something which I encountered only in Imperva products. The boxes should have built-in scripts to reconfigure the settings and carry out a smooth migration.

I didn’t interact much with tech support. But from what I’ve heard, it’s on par with industry standards.

Imperva from the beginning!!

Initial setup was complex, but security is not that easy to be figured out in simple clicks, so I guess it’s okay.

We have resident engineers from Imperva and they are quite good at what they do.

Before implementing this product, get your hands dirty with the world wide web. The more you know about the internet, the more useful it is.

I'm the product manager for Imperva in Africa for a distributor. I manage it every day, but I don't personally use it. We sell Imperva to customers in 17 countries. 

Its deployment depends on the customer. Some customers have their databases in the cloud, and if they have them in the cloud, we give them the cloud database security of Imperva. If their database is on-premises, then we deploy it on-premises, and the reseller implements the solution on-premises.

There are three major main use cases of this solution. The first one is to fulfill compliance regulations. Customers—especially the banks, health sector, and manufacturing—need to comply with the regulations in different countries. They have to fulfill compliance regulations around the privacy of data. In order to fulfill those requirements, they're using Imperva. It helps them to fulfill these requirements, and they are not fined by the regulators. That is the first use case why people buy Imperva.

The second one is for security itself. They don't want a cybercriminal to have access to the data. Imperva is a security solution, and you can use it to block unauthorized access to your data. 

The third one is related to rightful access to the data. They want to know:

• Who has access to the data internally?
• What queries were being issued on the database?
• What time did they log in?
• What is going on within the environment?
• Who is touching the data?
• What are they doing with the data internally? 

Customers or organizations want to have access or have visibility into all these.

They can maybe look at its pricing model. Its pricing could be cheaper for the African countries or developing economies.

I have been using this solution for three years.

It is very scalable. If a customer wants it for five database servers, he gets licenses for five database servers. Tomorrow, if they want licenses for two extra databases, they can just buy the extra two licenses. It is very scalable and very straightforward.

Their support is fantastic. It is 24/7. You raise a ticket, and you get someone assigned to you immediately.

I would rate them a five out of five. In a worst-case scenario, it would be a four, but it's always very straightforward. We get a very quick response.

It is very easy and very straightforward. There are no complications.

Its pricing could be cheaper for the African countries or developing economies. The British pound is valued way more than the currency of most African countries. A better or cheaper pricing model for Nigerian and African customers would be better.

It has a per-year subscription model. You pay exactly for what you need. That's all. You don't have to buy what you don't need.

It is very straightforward. It is probably the best solution out there in terms of data security. About 90% to 95% of the banks in Nigeria use Imperva. When you have such a success story in Nigeria, Ghana, and of course, many other African countries, you can be sure that you are getting a very good solution. 

I would rate it a nine out of 10.